This commit was manufactured by cvs2git to create tag 'OPENBSD_2_4_BASE'.OPENBSD_2_4_BASE

author: cvs2svn <admin@example.com> 1998-10-19 21:47:12 +0000
committer: cvs2svn <admin@example.com> 1998-10-19 21:47:12 +0000
commit: 5170039cf1df2194faa85741f0733977525cd5c0 (patch)
tree: c667406046ddb1efca5ed4316b02e43494241660 /src/usr.bin/nc/data/rservice.c
parent: 536c76cbb863bab152f19842ab88772c01e922c7 (diff)
download: openbsd-OPENBSD_2_4_BASE.tar.gz
openbsd-OPENBSD_2_4_BASE.tar.bz2
openbsd-OPENBSD_2_4_BASE.zip
1 files changed, 68 insertions, 0 deletions
diff --git a/src/usr.bin/nc/data/rservice.c b/src/usr.bin/nc/data/rservice.c
new file mode 100644
index 0000000000..1085d9cb78
--- /dev/null
+++ b/src/usr.bin/nc/data/rservice.c
@@ -0,0 +1,68 @@
+/* generate ^@string1^@string2^@cmd^@ input to netcat, for scripting up
+   rsh/rexec attacks.  Needs to be a prog because shells strip out nulls.
+   args:
+        locuser remuser [cmd]
+        remuser passwd [cmd]
+   cmd defaults to "pwd".
+   ... whatever.  _H*/
+#include <stdio.h>
+/* change if you like; "id" is a good one for figuring out if you won too */
+static char cmd[] = "pwd";
+static char buf [256];
+main(argc, argv)
+  int argc;
+  char * argv[];
+{
+  register int x;
+  register int y;
+  char * p;
+  char * q;
+  p = buf;
+  memset (buf, 0, 256);
+  p++;                          /* first null */
+  y = 1;
+  if (! argv[1])
+    goto wrong;
+  x = strlen (argv[1]);
+  memcpy (p, argv[1], x);       /* first arg plus another null */
+  x++;
+  p += x;
+  y += x;
+  if (! argv[2])
+    goto wrong;
+  x = strlen (argv[2]);
+  memcpy (p, argv[2], x);       /* second arg plus null */
+  x++;
+  p += x;
+  y += x;
+  q = cmd;
+  if (argv[3])
+    q = argv[3];
+  x = strlen (q);               /* not checked -- bfd */
+  memcpy (p, q, x);             /* the command, plus final null */
+  x++;
+  p += x;
+  y += x;
+  memcpy (p, "\n", 1);          /* and a newline, so it goes */
+  y++;
+  write (1, buf, y);            /* zot! */
+  exit (0);
+wrong:
+  fprintf (stderr, "wrong!  needs 2 or more args.\n");
+  exit (1);
+}
author	cvs2svn <admin@example.com>	1998-10-19 21:47:12 +0000
committer	cvs2svn <admin@example.com>	1998-10-19 21:47:12 +0000
commit	5170039cf1df2194faa85741f0733977525cd5c0 (patch)
tree	c667406046ddb1efca5ed4316b02e43494241660 /src/usr.bin/nc/data/rservice.c
parent	536c76cbb863bab152f19842ab88772c01e922c7 (diff)
download	openbsd-OPENBSD_2_4_BASE.tar.gz openbsd-OPENBSD_2_4_BASE.tar.bz2 openbsd-OPENBSD_2_4_BASE.zip

diff --git a/src/usr.bin/nc/data/rservice.c b/src/usr.bin/nc/data/rservice.c new file mode 100644 index 0000000000..1085d9cb78 --- /dev/null +++ b/src/usr.bin/nc/data/rservice.c
@@ -0,0 +1,68 @@
	1	/* generate ^@string1^@string2^@cmd^@ input to netcat, for scripting up
	2	rsh/rexec attacks. Needs to be a prog because shells strip out nulls.
	3
	4	args:
	5	locuser remuser [cmd]
	6	remuser passwd [cmd]
	7
	8	cmd defaults to "pwd".
	9
	10	... whatever. _H*/
	11
	12	#include <stdio.h>
	13
	14	/* change if you like; "id" is a good one for figuring out if you won too */
	15	static char cmd[] = "pwd";
	16
	17	static char buf [256];
	18
	19	main(argc, argv)
	20	int argc;
	21	char * argv[];
	22	{
	23	register int x;
	24	register int y;
	25	char * p;
	26	char * q;
	27
	28	p = buf;
	29	memset (buf, 0, 256);
	30
	31	p++; /* first null */
	32	y = 1;
	33
	34	if (! argv[1])
	35	goto wrong;
	36	x = strlen (argv[1]);
	37	memcpy (p, argv[1], x); /* first arg plus another null */
	38	x++;
	39	p += x;
	40	y += x;
	41
	42	if (! argv[2])
	43	goto wrong;
	44	x = strlen (argv[2]);
	45	memcpy (p, argv[2], x); /* second arg plus null */
	46	x++;
	47	p += x;
	48	y += x;
	49
	50	q = cmd;
	51	if (argv[3])
	52	q = argv[3];
	53	x = strlen (q); /* not checked -- bfd */
	54	memcpy (p, q, x); /* the command, plus final null */
	55	x++;
	56	p += x;
	57	y += x;
	58
	59	memcpy (p, "\n", 1); /* and a newline, so it goes */
	60	y++;
	61
	62	write (1, buf, y); /* zot! */
	63	exit (0);
	64
	65	wrong:
	66	fprintf (stderr, "wrong! needs 2 or more args.\n");
	67	exit (1);
	68	}