diff options
Diffstat (limited to 'data/rservice.c')
-rw-r--r-- | data/rservice.c | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/data/rservice.c b/data/rservice.c new file mode 100644 index 0000000..1085d9c --- /dev/null +++ b/data/rservice.c @@ -0,0 +1,68 @@ +/* generate ^@string1^@string2^@cmd^@ input to netcat, for scripting up + rsh/rexec attacks. Needs to be a prog because shells strip out nulls. + + args: + locuser remuser [cmd] + remuser passwd [cmd] + + cmd defaults to "pwd". + + ... whatever. _H*/ + +#include <stdio.h> + +/* change if you like; "id" is a good one for figuring out if you won too */ +static char cmd[] = "pwd"; + +static char buf [256]; + +main(argc, argv) + int argc; + char * argv[]; +{ + register int x; + register int y; + char * p; + char * q; + + p = buf; + memset (buf, 0, 256); + + p++; /* first null */ + y = 1; + + if (! argv[1]) + goto wrong; + x = strlen (argv[1]); + memcpy (p, argv[1], x); /* first arg plus another null */ + x++; + p += x; + y += x; + + if (! argv[2]) + goto wrong; + x = strlen (argv[2]); + memcpy (p, argv[2], x); /* second arg plus null */ + x++; + p += x; + y += x; + + q = cmd; + if (argv[3]) + q = argv[3]; + x = strlen (q); /* not checked -- bfd */ + memcpy (p, q, x); /* the command, plus final null */ + x++; + p += x; + y += x; + + memcpy (p, "\n", 1); /* and a newline, so it goes */ + y++; + + write (1, buf, y); /* zot! */ + exit (0); + +wrong: + fprintf (stderr, "wrong! needs 2 or more args.\n"); + exit (1); +} |