FOCK MAIL PASSOWORD CCC CURL EXPLOIT.
#include <string.h>
#include <stream.h>
#include <iostream.h>
#include <ctime.h>
#include <algorithm.h>
#include <random.h>
#include <curl/curl.h>
class EmailAddress
{
public:
EmailAddress(const char *email)
: email_{std::string(email)}
{
}
EmailAddress(const std::string &email)
: email_{email.size() ? "<" + email + ">" : ""}
{
}
EmailAddress(const std::string &email, const std::string &displayName)
: email_{email.size() ? "<" + email + ">" : ""},
name_{"\"" + displayName + "\""}
{
}
std::string domain() const
{
return email_.substr(email_.find('@') + 1);
}
explicit operator const char *() const
{
return email_.c_str();
}
friend std::ostream &operator<<(std::ostream &out, const EmailAddress &email)
{
return out << email.name_ << " " << email.email_;
}
private:
std::string email_;
std::string name_;
};
typedef std::vector<EmailAddress> EmailAddresses;
std::ostream &operator<<(std::ostream &out, const EmailAddresses &emailAddresses);
class Email
{
public:
Email(const EmailAddress &from,
const EmailAddress &to,
const std::string &subject,
const std::string &body,
const EmailAddresses &cc = EmailAddresses())
: from_{from}
, to_{ to }
, cc_{cc.empty() ? EmailAddresses(1, to) : cc}
, subject_{subject}
, body_{body}
{
}
CURLcode send(const std::string &url,
const std::string &userName,
const std::string &password);
private:
struct StringData {
std::string msg;
size_t bytesLeft;
StringData(std::string &&m) : msg{m}, bytesLeft{msg.size()} {}
StringData(std::string &m) = delete;
};
static std::string dateTimeNow_();
static size_t payloadSource_(void *ptr, size_t size, size_t nmemb, void *userp);
std::string generateMessageId_() const;
std::string setPayloadText_();
EmailAddress from_, to_;
EmailAddresses cc_;
std::string subject_, body_;
};
CURLcode Email::send(const std::string &url,
const std::string &userName,
const std::string &password)
{
CURLcode ret = CURLE_OK;
struct curl_slist *recipients = NULL;
CURL *curl = curl_easy_init();
StringData textData { setPayloadText_() };
if (curl) {
std::ostringstream cc;
cc << cc_;
curl_easy_setopt(curl, CURLOPT_USERNAME, userName.c_str());
curl_easy_setopt(curl, CURLOPT_PASSWORD, password.c_str());
curl_easy_setopt(curl, CURLOPT_URL, url .c_str());
curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
//curl_easy_setopt(curl, CURLOPT_CAINFO, "/path/to/certificate.pem");
curl_easy_setopt(curl, CURLOPT_MAIL_FROM, (const char *)from_);
recipients = curl_slist_append(recipients, (const char *)to_);
recipients = curl_slist_append(recipients, cc.str().c_str());
curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
curl_easy_setopt(curl, CURLOPT_READFUNCTION, payloadSource_);
curl_easy_setopt(curl, CURLOPT_READDATA, &textData);
curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
ret = curl_easy_perform(curl);
if (ret != CURLE_OK) {
std::cerr << "curl_easy_perform() failed: "
<< curl_easy_strerror(ret)
<< std::endl;
}
curl_slist_free_all(recipients);
curl_easy_cleanup(curl);
}
return ret;
}
std::string Email::dateTimeNow_()
{
const int RFC5322_TIME_LEN = 32;
std::string ret;
ret.resize(RFC5322_TIME_LEN);
time_t tt;
#ifdef _MSC_VER
time(&tt);
tm *t = localtime(&tt);
#else
tm tv, *t = &tv;
tt = time(&tt);
localtime_r(&tt, t);
#endif
strftime(&ret[0], RFC5322_TIME_LEN, "%a, %d %b %Y %H:%M:%S %z", t);
return ret;
}
std::string Email::generateMessageId_() const
{
const size_t MESSAGE_ID_LEN = 37;
tm t;
time_t tt;
time(&tt);
#ifdef _MSC_VER
gmtime_s(&t, &tt);
#else
gmtime_r(&tt, &t);
#endif
std::string ret;
ret.resize(MESSAGE_ID_LEN);
size_t dateLen = std::strftime(&ret[0], MESSAGE_ID_LEN, "%Y%m%d%H%M%S", &t);
static const std::string alphaNum {
"0123456789"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz" };
std::mt19937 gen;
std::uniform_int_distribution<> distr(0, alphaNum.length() - 1);
std::generate_n(ret.begin() + dateLen,
MESSAGE_ID_LEN - dateLen,
[&]() { return alphaNum[distr(gen)]; });
return ret;
}
size_t Email::payloadSource_(void *ptr, size_t size, size_t nmemb, void *userp)
{
StringData *text = reinterpret_cast<StringData *>(userp);
if ((size == 0) || (nmemb == 0) || ((size*nmemb) < 1) || (text->bytesLeft == 0)) {
return 0;
}
if ((nmemb * size) >= text->msg.size()) {
text->bytesLeft = 0;
return text->msg.copy(reinterpret_cast<char *>(ptr), text->msg.size());
}
return 0;
}
std::string Email::setPayloadText_()
{
std::string ret = "Date: " + dateTimeNow_() + "\r\n";
std::ostringstream oss;
oss << "To: " << to_ << "\r\n"
"From: " << from_ << "\r\n"
"Cc: " << cc_ << "\r\n";
ret += oss.str();
ret +=
"Message-ID: <" + generateMessageId_() + "@" + from_.domain() + ">\r\n"
"Subject: " + subject_ + "\r\n"
"\r\n" +
body_ + "\r\n"
"\r\n";
return ret;
}
std::ostream &operator<<(std::ostream &out, const EmailAddresses &emailAddresses)
{
if (!emailAddresses.empty()) {
auto &it = emailAddresses.begin();
out << *it;
while (++it != emailAddresses.end()) {
out << "," << *it;
}
}
return out;
}
int main()
{
Email email({ "from@email.x", "FromName" },
"to@email.x",
"Subject",
"Body" );
email.send ( "smtp://smtp.email.x:25",
"UserName",
"Password" );
}
CURL CODIGO HACKER...
#include <stdio.h>
#include <curl/curl.h>
size_t write_callback(char *ptr, size_t size, size_t nmemb, void *userdata) {
printf("%s", ptr);
return size * nmemb;
}
void make_request(const char *url) {
CURL *curl;
CURLcode res;
curl = curl_easy_init();
if (curl) {
curl_easy_setopt(curl, CURLOPT_URL, url);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback);
res = curl_easy_perform(curl);
if (res != CURLE_OK)
fprintf(stderr, "Erro na requisição: %s\n", curl_easy_strerror(res));
curl_easy_cleanup(curl);
}
}
int main() {
const char *url = "https://www.exemplo.com";
make_request(url);
return 0;
}