remove old cruft

author: ericj <> 2002-02-19 22:25:26 +0000
committer: ericj <> 2002-02-19 22:25:26 +0000
commit: 4d66c8927e7163b848b6cc239cd530a030001e00 (patch)
tree: 16221f31f04dd295bb09602fb213e2fa8b4ad221 /src
parent: 0be1f7d80eff8e3e86b037958be3ab5217ce9b59 (diff)
download: openbsd-4d66c8927e7163b848b6cc239cd530a030001e00.tar.gz
openbsd-4d66c8927e7163b848b6cc239cd530a030001e00.tar.bz2
openbsd-4d66c8927e7163b848b6cc239cd530a030001e00.zip
12 files changed, 0 insertions, 831 deletions
diff --git a/src/usr.bin/nc/data/Makefile b/src/usr.bin/nc/data/Makefile
deleted file mode 100644
index 817cbabca9..0000000000
--- a/src/usr.bin/nc/data/Makefile
+++ /dev/null
@@ -1,12 +0,0 @@
-#       $OpenBSD: Makefile,v 1.2 2001/01/29 01:58:11 niklas Exp $
-all:    data rservice xor
-data:   data.c
-        cc -s -O -o data data.c
-rservice:       rservice.c
-        cc -s -O -o rservice rservice.c
-xor:    xor.c
-        cc -s -O -o xor xor.c
-clean:
-        rm -f *.o data rservice xor
diff --git a/src/usr.bin/nc/data/README b/src/usr.bin/nc/data/README
deleted file mode 100644
index 7e4b9fbf63..0000000000
--- a/src/usr.bin/nc/data/README
+++ /dev/null
@@ -1,9 +0,0 @@
-For now, read the header comments inside each of these for documentation.
-The programs are simple enough that they don't really need a Makefile any more
-complex than the one given; ymmv.  Data and xor may also be useful on DOS,
-which is why there are hooks for it in the code.
-data.c          a primitive atob / btoa byte generator
-*.d             example input to "data -g"
-rservice.c      a utility for scripting up rsh/rexec attacks
-xor.c           generic xor handler
diff --git a/src/usr.bin/nc/data/data.c b/src/usr.bin/nc/data/data.c
deleted file mode 100644
index e1936d538c..0000000000
--- a/src/usr.bin/nc/data/data.c
+++ /dev/null
@@ -1,276 +0,0 @@
-/*      $OpenBSD: data.c,v 1.4 2001/11/19 19:02:15 mpech Exp $  */
-/* primitive arbitrary-data frontend for netcat.  0.9 960226
-   only handles one value per ascii line, but at least parses 0xNN too
-   an input line containing "%r" during "-g" generates a random byte
-   todo:
-        make work on msloss jus' for kicks [workin' on it...]
-   syntax: data -X [limit]
-   where X is one of
-        d: dump raw bytes to ascii format
-        g: generate raw bytes from ascii input
-        c: generate ??? of value -- NOTYET
-        r: generate all random bytes
-   and limit is how many bytes to generate or dump [unspecified = infinite]
-   *Hobbit*, started 951004 or so and randomly screwed around with since */
-#include <stdio.h>
-#ifdef MSDOS                            /* for MSC only at the moment... */
-#include <fcntl.h>
-#else /* MSDOS */
-#include <sys/file.h>
-#define HAVE_RANDOM                     /* XXX: might have to change */
-#endif /* MSDOS */
-static char buf_in [128];
-static char buf_raw [8192];
-static char surveysez[] = "survey sez... XXX\n";
-/* fgetss :
-   wrapper for fgets, that yanks trailing newlines.  Doing the work ourselves
-   instead of calling strchr/strlen/whatever */
-char * fgetss (buf, len, from)
-  char * buf;
-  size_t len;
-  FILE * from;
-{
-  int x;
-  char * p, * q;
-  p = fgets (buf, len, from);           /* returns ptr to buf */
-  if (! p)
-    return (NULL);
-  q = p;
-  for (x = 0; x < len; x++) {
-    *p = (*p & 0x7f);                   /* rip parity, just in case */
-    switch (*p) {
-      case '\n':
-      case '\r':
-      case '\0':
-        *p = '\0';
-        return (q);
-    } /* switch */
-    p++;
-  } /* for */
-} /* fgetss */
-/* randint:
-   swiped from rndb.c.  Generates an INT, you have to mask down to char. */
-int randint()
-{
-  int q;
-  int x;
-#ifndef HAVE_RANDOM
-  q = rand();
-#else
-  q = random();
-#endif
-  x = ((q >> 8) & 0xff);        /* perturb low byte using some higher bits */
-  x = q ^ x;
-  return (x);
-}
-main (argc, argv)
-  int argc;
-  char ** argv;
-{
-  unsigned char * p;
-  char * q;
-  int x;
-  int bc = 0;
-  int limit = 0;                /* num to gen, or 0 = infinite */
-  int xlimit;                   /* running limit */
-  FILE * txt;                   /* line-by-line ascii file */
-  int raw;                      /* raw bytes fd */
-  int dumping = 0;              /* cmd flags ... */
-  int genning = 0;
-  int randing = 0;
-  memset (buf_in, 0, sizeof (buf_in));
-  memset (buf_raw, 0, sizeof (buf_raw));
-  xlimit = 1;                           /* doubles as "exit flag" */
-  bc = 1;                               /* preload, assuming "dump" */
-  x = getpid() + 687319;
-/* if your library doesnt have srandom/random, use srand/rand. [from rnd.c] */
-#ifndef HAVE_RANDOM
-  srand (time(0) + x);
-#else
-  srandom (time(0) + x);
-#endif
-#ifdef O_BINARY
-/* DOS stupidity */
-/* Aha: *here's* where that setmode() lib call conflict in ?BSD came from */
-  x = setmode (0, O_BINARY);            /* make stdin raw */
-  if (x < 0) {
-    fprintf (stderr, "stdin binary setmode oops: %d\n", x);
-    exit (1);
-  }
-  x = setmode (1, O_BINARY);            /* make stdout raw */
-  if (x < 0) {
-    fprintf (stderr, "stdout binary setmode oops: %d\n", x);
-    exit (1);
-  }
-#endif /* O_BINARY */
-  if (argv[1]) {
-    p = argv[1];                /* shit-simple single arg parser... */
-    if (*p == '-')              /* dash is optional, we'll deal */
-      p++;
-    if (*p == 'd')
-      dumping++;
-    if (*p == 'g')
-      genning++;
-    if (*p == 'r')
-      randing++;
-  } /* if argv 1 */
-/* optional second argument: limit # of bytes shoveled either way */
-  if (argv[2]) {
-    x = atoi (argv[2]);
-    if (x)
-      limit = x;
-    else
-      goto wrong;
-    xlimit = limit;
-  }
-/* Since this prog would likely best be written in assmbler, I'm gonna
-   write it *like* assembler.  So there. */
-  if (randing)
-    goto do_rand;
-nextbuf:                                /* loop sleaze */
-  if (dumping) {                        /* switch off to wherever */
-    if (genning)
-      goto wrong;
-    goto do_dump;
-  }
-  if (genning)
-    goto do_gen;
-wrong:
-  fprintf (stderr, "%s", surveysez);            /* if both or neither */
-  exit (1);
-do_gen:
-/* here if genning -- original functionality */
-  q = buf_raw;
-  bc = 0;
-/* suck up lines until eof or buf_raw is full */
-  while (1) {
-    p = fgetss (buf_in, 120, stdin);
-    if (! p)
-      break;                            /* EOF */
-/* super-primitive version first: one thingie per line */
-    if (*p == '#')                      /* comment */
-      continue;
-    if (*p == '\0')                     /* blank line */
-      continue;
-    if (*p == '%') {                    /* escape char? */
-      p++;
-      if (*p == 'r') {                  /* random byte */
-        x = randint();
-        goto stuff;
-      } /* %r */
-    } /* if "%" escape */
-    if (*p == '0')
-      if (*(p+1) == 'x')                /* 0x?? */
-        goto hex;
-    x = atoi (p);                       /* reg'lar decimal number */
-    goto stuff;
-hex:
-/* A 65   a 97 */
-/* xxx: use a conversion table for this or something.  Since we ripped the
-   parity bit, we only need a preset array of 128 with downconversion factors
-   loaded in *once*.   maybe look at scanf... */
-    p++; p++;                           /* point at hex-chars */
-    x = 0;
-    if ((*p > 96) && (*p < 123))        /* a-z */
-      *p = (*p - 32);                   /* this is massively clumsy */
-    if ((*p > 64) && (*p < 71))         /* A-F */
-      x = (*p - 55);
-    if ((*p > 47) && (*p < 58))         /* digits */
-      x = (*p - 48);
-    p++;
-    if (*p)                             /* another digit? */
-      x = (x << 4);                     /* shift to hi half */
-    if ((*p > 96) && (*p < 123))        /* a-z */
-      *p = (*p - 32);
-    if ((*p > 64) && (*p < 71))         /* A-F */
-      x = (x | (*p - 55));              /* lo half */
-    if ((*p > 47) && (*p < 58))         /* digits */
-      x = (x | (*p - 48));
-/* fall thru */
-stuff:                                  /* cvt to byte and add to buffer */
-    *q = (x & 0xff);
-    q++;
-    bc++;
-    if (limit) {
-      xlimit--;
-      if (xlimit == 0)                  /* max num reached */
-        break;
-    } /* limit */
-    if (bc >= sizeof (buf_raw))         /* buffer full */
-      break;
-  } /* while 1 */
-/* now in theory we have our buffer formed; shovel it out */
-  x = write (1, buf_raw, bc);
-  if (x <= 0) {
-    fprintf (stderr, "write oops: %d\n", x);
-    exit (1);
-  }
-  if (xlimit && p)
-    goto nextbuf;                       /* go get some more */
-  exit (0);
-do_dump:
-/* here if dumping raw stuff into an ascii file */
-/* gad, this is *so* much simpler!  can we say "don't rewrite printf"? */
-  x = read (0, buf_raw, 8192);
-  if (x <= 0)
-    exit (0);
-  q = buf_raw;
-  for ( ; x > 0; x--) {
-    p = q;
-    printf ("%-3.3d # 0x%-2.2x # ", *p, *p);
-    if ((*p > 31) && (*p < 127))
-      printf ("%c %d\n", *p, bc);
-    else
-      printf (". %d\n", bc);
-    q++;
-    bc++;
-    if (limit) {
-      xlimit--;
-      if (xlimit == 0) {
-        fflush (stdout);
-        exit (0);
-      }
-    } /* limit */
-  } /* for */
-  goto nextbuf;
-do_rand:
-/* here if generating all-random bytes.  Stays in this loop */
-  p = buf_raw;
-  while (1) {
-    *p = (randint() & 0xff);
-    write (1, p, 1);                    /* makes very slow! */
-    if (limit) {
-      xlimit--;
-      if (xlimit == 0)
-        break;
-    }
-  } /* while */
-  exit (0);
-} /* main */
diff --git a/src/usr.bin/nc/data/dns-any.d b/src/usr.bin/nc/data/dns-any.d
deleted file mode 100644
index 40ef3cba48..0000000000
--- a/src/usr.bin/nc/data/dns-any.d
+++ /dev/null
@@ -1,38 +0,0 @@
-#       $OpenBSD: dns-any.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
-# dns "any for ." query, to udp 53
-# if tcp: precede with 2 bytes of len:
-# 0
-# 17
-# you should get at least *one* record back out
-# HEADER:
-0       # query id = 2
-2
-1       # flags/opcodes = query, dorecurse
-0
-0       # qdcount, i.e. nqueries: 1
-1
-0       # ancount: answers, 0
-0
-0       # nscount: 0
-0
-0       # addl records: 0
-0
-# end of fixed header
-0       # name-len: 0 for ".", lenbyte plus name-bytes otherwise
-0       # type: any, 255
-0xff
-0       # class: IN
-1
-# i think that's it..
diff --git a/src/usr.bin/nc/data/nfs-0.d b/src/usr.bin/nc/data/nfs-0.d
deleted file mode 100644
index c6d51827b7..0000000000
--- a/src/usr.bin/nc/data/nfs-0.d
+++ /dev/null
@@ -1,61 +0,0 @@
-#       $OpenBSD: nfs-0.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
-# UDP NFS null-proc call; finds active NFS listeners on port 2049.
-# If you get *something* back, there's an NFS server there.
-000     # XID: 4 trash bytes
-001
-002
-003
-000     # CALL: 0
-000
-000
-000
-000     # RPC version: 2
-000
-000
-002
-000     # nfs: 100003
-001
-0x86
-0xa3
-000     # version: 1
-000
-000
-001
-000     # procedure number: 0
-000
-000
-000
-000     # port: junk
-000
-000
-000
-000     # auth trash
-000
-000
-000
-000     # auth trash
-000
-000
-000
-000     # auth trash
-000
-000
-000
-000     # extra auth trash?  probably not needed
-000
-000
-000
-# that's it!
diff --git a/src/usr.bin/nc/data/pm.d b/src/usr.bin/nc/data/pm.d
deleted file mode 100644
index 2d006a032f..0000000000
--- a/src/usr.bin/nc/data/pm.d
+++ /dev/null
@@ -1,10 +0,0 @@
-#       $OpenBSD: pm.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
-# obligatory duplicate of dr delete's Livingston portmaster crash, aka
-# telnet break.  Fire into its telnet listener.  An *old* bug by now, but
-# consider the small window one might obtain from a slightly out-of-rev PM
-# used as a firewall, that starts routing IP traffic BEFORE its filter sets
-# are fully loaded...
-255 # 0xff # . 1
-243 # 0xf3 # . 2
diff --git a/src/usr.bin/nc/data/pmap-dump.d b/src/usr.bin/nc/data/pmap-dump.d
deleted file mode 100644
index 98d6142001..0000000000
--- a/src/usr.bin/nc/data/pmap-dump.d
+++ /dev/null
@@ -1,62 +0,0 @@
-#       $OpenBSD: pmap-dump.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
-# portmap dump request: like "rpcinfo -p" but via UDP instead
-# send to UDP 111 and hope it's not a logging portmapper!
-# split into longwords, since rpc apparently only deals with them
-001 # 0x01 # .  # XID: 4 trash bytes
-002 # 0x02 # .
-003 # 0x03 # .
-004 # 0x04 # .
-000 # 0x00 # .  # MSG: int 0=call, 1=reply
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .  # pmap call body: rpc version=2
-000 # 0x00 # .
-000 # 0x00 # .
-002 # 0x02 # .
-000 # 0x00 # .  # pmap call body: prog=PMAP, 100000
-001 # 0x01 # .
-134 # 0x86 # .
-160 # 0xa0 # .
-000 # 0x00 # .  # pmap call body: progversion=2
-000 # 0x00 # .
-000 # 0x00 # .
-002 # 0x02 # .
-000 # 0x00 # .  # pmap call body: proc=DUMP, 4
-000 # 0x00 # .
-000 # 0x00 # .
-004 # 0x04 # .
-# with AUTH_NONE, there are 4 zero integers [16 bytes] here
-000 # 0x00 # .  # auth junk: cb_cred: auth_unix = 1; NONE = 0
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .  # auth junk
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .  # auth junk
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .  # auth junk
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-# The reply you get back contains your XID, int 1 if "accepted", and
-# a whole mess of gobbledygook containing program numbers, versions,
-# and ports that rpcinfo knows how to decode.  For the moment, you get
-# to wade through it yourself...
diff --git a/src/usr.bin/nc/data/pmap-mnt.d b/src/usr.bin/nc/data/pmap-mnt.d
deleted file mode 100644
index 0dc3ffc55e..0000000000
--- a/src/usr.bin/nc/data/pmap-mnt.d
+++ /dev/null
@@ -1,80 +0,0 @@
-#       $OpenBSD: pmap-mnt.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
-# portmap request for mountd [or whatever; see where prog=MOUNT]
-# send to UDP 111 and hope it's not a logging portmapper!
-# split into longwords, since rpc apparently only deals with them
-001 # 0x01 # .  # XID: 4 trash bytes
-002 # 0x02 # .
-003 # 0x03 # .
-004 # 0x04 # .
-000 # 0x00 # .  # MSG: int 0=call, 1=reply
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .  # pmap call body: rpc version=2
-000 # 0x00 # .
-000 # 0x00 # .
-002 # 0x02 # .
-000 # 0x00 # .  # pmap call body: prog=PMAP, 100000
-001 # 0x01 # .
-134 # 0x86 # .
-160 # 0xa0 # .
-000 # 0x00 # .  # pmap call body: progversion=2
-000 # 0x00 # .
-000 # 0x00 # .
-002 # 0x02 # .
-000 # 0x00 # .  # pmap call body: proc=GETPORT, 3
-000 # 0x00 # .
-000 # 0x00 # .
-003 # 0x03 # .
-# with AUTH_NONE, there are 4 zero integers [16 bytes] here
-000 # 0x00 # .  # auth junk: cb_cred: auth_unix = 1; NONE = 0
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .  # auth junk
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .  # auth junk
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .  # auth junk
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .  # prog=MOUNT, 100005
-001 # 0x01 # .
-134 # 0x86 # .
-165 # 0xa5 # .
-000 # 0x00 # .  # progversion=1
-000 # 0x00 # .
-000 # 0x00 # .
-001 # 0x01 # .
-000 # 0x00 # .  # protocol=udp, 17
-000 # 0x00 # .
-000 # 0x00 # .
-017 # 0x11 # .
-000 # 0x00 # .  # proc num = junk
-000 # 0x00 # .
-000 # 0x00 # .
-000 # 0x00 # .
-# The reply you get back contains your XID, int 1 if "accepted", and
-# mountd's port number at the end or 0 if not registered.
diff --git a/src/usr.bin/nc/data/rip.d b/src/usr.bin/nc/data/rip.d
deleted file mode 100644
index 51be878454..0000000000
--- a/src/usr.bin/nc/data/rip.d
+++ /dev/null
@@ -1,54 +0,0 @@
-#       $OpenBSD: rip.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
-# struct netinfo {
-#       struct  sockaddr rip_dst;       /* destination net/host */
-#       int     rip_metric;             /* cost of route */
-# };
-# struct rip {
-#       u_char  rip_cmd;                /* request/response */
-#       u_char  rip_vers;               /* protocol version # */
-#       u_char  rip_res1[2];            /* pad to 32-bit boundary */
-#       union {
-#               struct  netinfo ru_nets[1];     /* variable length... */
-#               char    ru_tracefile[1];        /* ditto ... */
-#       } ripun;
-#define rip_nets        ripun.ru_nets
-#define rip_tracefile   ripun.ru_tracefile
-#define RIPCMD_REQUEST          1       /* want info */
-#define RIPCMD_RESPONSE         2       /* responding to request */
-#define RIPCMD_TRACEON          3       /* turn tracing on */
-#define RIPCMD_TRACEOFF         4       /* turn it off */
-#define HOPCNT_INFINITY         16      /* per Xerox NS */
-#define MAXPACKETSIZE           512     /* max broadcast size */
-### RIP packet redux
-### UDP send FROM clued-rtr/520 to target/520
-2       # RIPCMD_RESPONSE
-1       # version
-0       # padding
-0
-# sockaddr-plus-metric  structs begin, as many as necessary...
-0       # len
-2       # AF_INET
-0       # port
-0
-# addr bytes:
-X
-Y
-Z
-Q
-0       # filler, out to 16 bytes [sizeof (sockaddr)] ...
-0
-0
-0
-0
-0
-0
-0
-0       # metric: net-order integer
-0
-0
-1
-## that's it
diff --git a/src/usr.bin/nc/data/rservice.c b/src/usr.bin/nc/data/rservice.c
deleted file mode 100644
index 83c935537b..0000000000
--- a/src/usr.bin/nc/data/rservice.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*      $OpenBSD: rservice.c,v 1.3 2001/11/19 19:02:15 mpech Exp $      */
-/* generate ^@string1^@string2^@cmd^@ input to netcat, for scripting up
-   rsh/rexec attacks.  Needs to be a prog because shells strip out nulls.
-   args:
-        locuser remuser [cmd]
-        remuser passwd [cmd]
-   cmd defaults to "pwd".
-   ... whatever.  _H*/
-#include <stdio.h>
-/* change if you like; "id" is a good one for figuring out if you won too */
-static char cmd[] = "pwd";
-static char buf [256];
-main(argc, argv)
-  int argc;
-  char * argv[];
-{
-  int x;
-  int y;
-  char * p;
-  char * q;
-  p = buf;
-  memset (buf, 0, 256);
-  p++;                          /* first null */
-  y = 1;
-  if (! argv[1])
-    goto wrong;
-  x = strlen (argv[1]);
-  memcpy (p, argv[1], x);       /* first arg plus another null */
-  x++;
-  p += x;
-  y += x;
-  if (! argv[2])
-    goto wrong;
-  x = strlen (argv[2]);
-  memcpy (p, argv[2], x);       /* second arg plus null */
-  x++;
-  p += x;
-  y += x;
-  q = cmd;
-  if (argv[3])
-    q = argv[3];
-  x = strlen (q);               /* not checked -- bfd */
-  memcpy (p, q, x);             /* the command, plus final null */
-  x++;
-  p += x;
-  y += x;
-  memcpy (p, "\n", 1);          /* and a newline, so it goes */
-  y++;
-  write (1, buf, y);            /* zot! */
-  exit (0);
-wrong:
-  fprintf (stderr, "wrong!  needs 2 or more args.\n");
-  exit (1);
-}
diff --git a/src/usr.bin/nc/data/showmount.d b/src/usr.bin/nc/data/showmount.d
deleted file mode 100644
index 77700a70ce..0000000000
--- a/src/usr.bin/nc/data/showmount.d
+++ /dev/null
@@ -1,65 +0,0 @@
-#       $OpenBSD: showmount.d,v 1.2 2001/01/29 01:58:12 niklas Exp $
-# UDP mountd call.  Use as input to find mount daemons and avoid portmap.
-# Useful proc numbers are 2, 5, and 6.
-# UDP-scan around between 600-800 to find most mount daemons.
-# Using this with "2", plugged into "nc -u -v -w 2 victim X-Y" will
-# directly scan *and* dump the current exports when mountd is hit.
-# combine stdout *and* stderr thru "strings" or something to clean it up
-000     # XID: 4 trash bytes
-001
-002
-003
-000     # CALL: 0
-000
-000
-000
-000     # RPC version: 2
-000
-000
-002
-000     # mount: 100005
-001
-0x86
-0xa5
-000     # mount version: 1
-000
-000
-001
-000     # procedure number -- put what you need here:
-000     #       2 = dump  [showmount -e]
-000     #       5 = exportlist [showmount -a]
-xxx     # "sed s/xxx/$1/ | data -g | nc ..."  or some such...
-000     # port: junk
-000
-000
-000
-000     # auth trash
-000
-000
-000
-000     # auth trash
-000
-000
-000
-000     # auth trash
-000
-000
-000
-000     # extra auth trash?  probably not needed
-000
-000
-000
-# that's it!
diff --git a/src/usr.bin/nc/data/xor.c b/src/usr.bin/nc/data/xor.c
deleted file mode 100644
index 2fed291173..0000000000
--- a/src/usr.bin/nc/data/xor.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*      $OpenBSD: xor.c,v 1.3 2001/11/19 19:02:15 mpech Exp $   */
-/* Generic xor handler.
-   With no args, xors stdin against 0xFF to stdout.  A single argument is a
-   file to read xor-bytes out of.  Any zero in the xor-bytes array is treated
-   as the end; if you need to xor against a string that *includes* zeros,
-   you're on your own.
-   The indirect file can be generated easily with data.c.
-   Written because there are so many lame schemes for "masking" plaintext
-   passwords and the like floating around, and it's handy to just run an
-   obscure binary-format configuration file through this and look for strings.
-   *Hobbit*, 960208 */
-#include <stdio.h>
-#include <fcntl.h>
-char buf[8192];
-char bytes[256];
-char * py;
-/* do the xor, in place.  Uses global ptr "py" to maintain "bytes" state */
-xorb (buf, len)
-  char * buf;
-  int len;
-{
-  int x;
-  char * pb;
-  pb = buf;
-  x = len;
-  while (x > 0) {
-    *pb = (*pb ^ *py);
-    pb++;
-    py++;
-    if (! *py)
-      py = bytes;
-    x--;
-  }
-} /* xorb */
-/* blah */
-main (argc, argv)
-  int argc;
-  char ** argv;
-{
-  int x = 0;
-  int y;
-/* manually preload; xor-with-0xFF is all too common */
-  memset (bytes, 0, sizeof (bytes));
-  bytes[0] = 0xff;
-/* if file named in any arg, reload from that */
-#ifdef O_BINARY                         /* DOS shit... */
-  x = setmode (0, O_BINARY);            /* make stdin raw */
-  if (x < 0) {
-    fprintf (stderr, "stdin binary setmode oops: %d\n", x);
-    exit (1);
-  }
-  x = setmode (1, O_BINARY);            /* make stdout raw */
-  if (x < 0) {
-    fprintf (stderr, "stdout binary setmode oops: %d\n", x);
-    exit (1);
-  }
-#endif /* O_BINARY */
-  
-  if (argv[1])
-#ifdef O_BINARY
-    x = open (argv[1], O_RDONLY | O_BINARY);
-#else
-    x = open (argv[1], O_RDONLY);
-#endif
-  if (x > 0) {
-    read (x, bytes, 250);               /* nothin' fancy here */
-    close (x);
-  }
-  py = bytes;
-  x = 1;
-  while (x > 0) {
-    x = read (0, buf, sizeof (buf));
-    if (x <= 0)
-      break;
-    xorb (buf, x);
-    y = write (1, buf, x);
-    if (y <= 0)
-      exit (1);
-  }
-  exit (0);
-}
author	ericj <>	2002-02-19 22:25:26 +0000
committer	ericj <>	2002-02-19 22:25:26 +0000
commit	4d66c8927e7163b848b6cc239cd530a030001e00 (patch)
tree	16221f31f04dd295bb09602fb213e2fa8b4ad221 /src
parent	0be1f7d80eff8e3e86b037958be3ab5217ce9b59 (diff)
download	openbsd-4d66c8927e7163b848b6cc239cd530a030001e00.tar.gz openbsd-4d66c8927e7163b848b6cc239cd530a030001e00.tar.bz2 openbsd-4d66c8927e7163b848b6cc239cd530a030001e00.zip

diff --git a/src/usr.bin/nc/data/Makefile b/src/usr.bin/nc/data/Makefile deleted file mode 100644 index 817cbabca9..0000000000 --- a/src/usr.bin/nc/data/Makefile +++ /dev/null
@@ -1,12 +0,0 @@
1	# $OpenBSD: Makefile,v 1.2 2001/01/29 01:58:11 niklas Exp $
2
3	all: data rservice xor
4
5	data: data.c
6	cc -s -O -o data data.c
7	rservice: rservice.c
8	cc -s -O -o rservice rservice.c
9	xor: xor.c
10	cc -s -O -o xor xor.c
11	clean:
12	rm -f *.o data rservice xor


diff --git a/src/usr.bin/nc/data/README b/src/usr.bin/nc/data/README deleted file mode 100644 index 7e4b9fbf63..0000000000 --- a/src/usr.bin/nc/data/README +++ /dev/null
@@ -1,9 +0,0 @@
1	For now, read the header comments inside each of these for documentation.
2	The programs are simple enough that they don't really need a Makefile any more
3	complex than the one given; ymmv. Data and xor may also be useful on DOS,
4	which is why there are hooks for it in the code.
5
6	data.c a primitive atob / btoa byte generator
7	*.d example input to "data -g"
8	rservice.c a utility for scripting up rsh/rexec attacks
9	xor.c generic xor handler


diff --git a/src/usr.bin/nc/data/data.c b/src/usr.bin/nc/data/data.c deleted file mode 100644 index e1936d538c..0000000000 --- a/src/usr.bin/nc/data/data.c +++ /dev/null
@@ -1,276 +0,0 @@
1	/* $OpenBSD: data.c,v 1.4 2001/11/19 19:02:15 mpech Exp $ */
2
3	/* primitive arbitrary-data frontend for netcat. 0.9 960226
4	only handles one value per ascii line, but at least parses 0xNN too
5	an input line containing "%r" during "-g" generates a random byte
6
7	todo:
8	make work on msloss jus' for kicks [workin' on it...]
9
10	syntax: data -X [limit]
11	where X is one of
12	d: dump raw bytes to ascii format
13	g: generate raw bytes from ascii input
14	c: generate ??? of value -- NOTYET
15	r: generate all random bytes
16	and limit is how many bytes to generate or dump [unspecified = infinite]
17
18	Hobbit, started 951004 or so and randomly screwed around with since */
19
20	#include <stdio.h>
21
22	#ifdef MSDOS /* for MSC only at the moment... */
23	#include <fcntl.h>
24	#else /* MSDOS */
25	#include <sys/file.h>
26	#define HAVE_RANDOM /* XXX: might have to change */
27	#endif /* MSDOS */
28
29	static char buf_in [128];
30	static char buf_raw [8192];
31	static char surveysez[] = "survey sez... XXX\n";
32
33	/* fgetss :
34	wrapper for fgets, that yanks trailing newlines. Doing the work ourselves
35	instead of calling strchr/strlen/whatever */
36	char * fgetss (buf, len, from)
37	char * buf;
38	size_t len;
39	FILE * from;
40	{
41	int x;
42	char * p, * q;
43	p = fgets (buf, len, from); /* returns ptr to buf */
44	if (! p)
45	return (NULL);
46	q = p;
47	for (x = 0; x < len; x++) {
48	p = (p & 0x7f); /* rip parity, just in case */
49	switch (*p) {
50	case '\n':
51	case '\r':
52	case '\0':
53	*p = '\0';
54	return (q);
55	} /* switch */
56	p++;
57	} /* for */
58	} /* fgetss */
59
60	/* randint:
61	swiped from rndb.c. Generates an INT, you have to mask down to char. */
62	int randint()
63	{
64	int q;
65	int x;
66
67	#ifndef HAVE_RANDOM
68	q = rand();
69	#else
70	q = random();
71	#endif
72	x = ((q >> 8) & 0xff); /* perturb low byte using some higher bits */
73	x = q ^ x;
74	return (x);
75	}
76
77	main (argc, argv)
78	int argc;
79	char ** argv;
80	{
81	unsigned char * p;
82	char * q;
83	int x;
84	int bc = 0;
85	int limit = 0; /* num to gen, or 0 = infinite */
86	int xlimit; /* running limit */
87	FILE * txt; /* line-by-line ascii file */
88	int raw; /* raw bytes fd */
89	int dumping = 0; /* cmd flags ... */
90	int genning = 0;
91	int randing = 0;
92
93	memset (buf_in, 0, sizeof (buf_in));
94	memset (buf_raw, 0, sizeof (buf_raw));
95
96	xlimit = 1; /* doubles as "exit flag" */
97	bc = 1; /* preload, assuming "dump" */
98	x = getpid() + 687319;
99	/* if your library doesnt have srandom/random, use srand/rand. [from rnd.c] */
100	#ifndef HAVE_RANDOM
101	srand (time(0) + x);
102	#else
103	srandom (time(0) + x);
104	#endif
105
106	#ifdef O_BINARY
107	/* DOS stupidity */
108	/* Aha: here's where that setmode() lib call conflict in ?BSD came from */
109	x = setmode (0, O_BINARY); /* make stdin raw */
110	if (x < 0) {
111	fprintf (stderr, "stdin binary setmode oops: %d\n", x);
112	exit (1);
113	}
114	x = setmode (1, O_BINARY); /* make stdout raw */
115	if (x < 0) {
116	fprintf (stderr, "stdout binary setmode oops: %d\n", x);
117	exit (1);
118	}
119	#endif /* O_BINARY */
120
121	if (argv[1]) {
122	p = argv[1]; /* shit-simple single arg parser... */
123	if (p == '-') / dash is optional, we'll deal */
124	p++;
125	if (*p == 'd')
126	dumping++;
127	if (*p == 'g')
128	genning++;
129	if (*p == 'r')
130	randing++;
131	} /* if argv 1 */
132
133	/* optional second argument: limit # of bytes shoveled either way */
134	if (argv[2]) {
135	x = atoi (argv[2]);
136	if (x)
137	limit = x;
138	else
139	goto wrong;
140	xlimit = limit;
141	}
142
143	/* Since this prog would likely best be written in assmbler, I'm gonna
144	write it like assembler. So there. */
145
146	if (randing)
147	goto do_rand;
148
149	nextbuf: /* loop sleaze */
150
151	if (dumping) { /* switch off to wherever */
152	if (genning)
153	goto wrong;
154	goto do_dump;
155	}
156	if (genning)
157	goto do_gen;
158	wrong:
159	fprintf (stderr, "%s", surveysez); /* if both or neither */
160	exit (1);
161
162	do_gen:
163	/* here if genning -- original functionality */
164	q = buf_raw;
165	bc = 0;
166	/* suck up lines until eof or buf_raw is full */
167	while (1) {
168	p = fgetss (buf_in, 120, stdin);
169	if (! p)
170	break; /* EOF */
171	/* super-primitive version first: one thingie per line */
172	if (p == '#') / comment */
173	continue;
174	if (p == '\0') / blank line */
175	continue;
176	if (p == '%') { / escape char? */
177	p++;
178	if (p == 'r') { / random byte */
179	x = randint();
180	goto stuff;
181	} /* %r */
182	} /* if "%" escape */
183	if (*p == '0')
184	if ((p+1) == 'x') / 0x?? */
185	goto hex;
186	x = atoi (p); /* reg'lar decimal number */
187	goto stuff;
188
189	hex:
190	/* A 65 a 97 */
191	/* xxx: use a conversion table for this or something. Since we ripped the
192	parity bit, we only need a preset array of 128 with downconversion factors
193	loaded in once. maybe look at scanf... */
194	p++; p++; /* point at hex-chars */
195	x = 0;
196	if ((p > 96) && (p < 123)) /* a-z */
197	p = (p - 32); /* this is massively clumsy */
198	if ((p > 64) && (p < 71)) /* A-F */
199	x = (*p - 55);
200	if ((p > 47) && (p < 58)) /* digits */
201	x = (*p - 48);
202	p++;
203	if (p) / another digit? */
204	x = (x << 4); /* shift to hi half */
205	if ((p > 96) && (p < 123)) /* a-z */
206	p = (p - 32);
207	if ((p > 64) && (p < 71)) /* A-F */
208	x = (x \| (p - 55)); / lo half */
209	if ((p > 47) && (p < 58)) /* digits */
210	x = (x \| (*p - 48));
211
212	/* fall thru */
213	stuff: /* cvt to byte and add to buffer */
214	*q = (x & 0xff);
215	q++;
216	bc++;
217	if (limit) {
218	xlimit--;
219	if (xlimit == 0) /* max num reached */
220	break;
221	} /* limit */
222	if (bc >= sizeof (buf_raw)) /* buffer full */
223	break;
224	} /* while 1 */
225
226	/* now in theory we have our buffer formed; shovel it out */
227	x = write (1, buf_raw, bc);
228	if (x <= 0) {
229	fprintf (stderr, "write oops: %d\n", x);
230	exit (1);
231	}
232	if (xlimit && p)
233	goto nextbuf; /* go get some more */
234	exit (0);
235
236	do_dump:
237	/* here if dumping raw stuff into an ascii file */
238	/* gad, this is so much simpler! can we say "don't rewrite printf"? */
239	x = read (0, buf_raw, 8192);
240	if (x <= 0)
241	exit (0);
242	q = buf_raw;
243	for ( ; x > 0; x--) {
244	p = q;
245	printf ("%-3.3d # 0x%-2.2x # ", p, p);
246	if ((p > 31) && (p < 127))
247	printf ("%c %d\n", *p, bc);
248	else
249	printf (". %d\n", bc);
250	q++;
251	bc++;
252	if (limit) {
253	xlimit--;
254	if (xlimit == 0) {
255	fflush (stdout);
256	exit (0);
257	}
258	} /* limit */
259	} /* for */
260	goto nextbuf;
261
262	do_rand:
263	/* here if generating all-random bytes. Stays in this loop */
264	p = buf_raw;
265	while (1) {
266	*p = (randint() & 0xff);
267	write (1, p, 1); /* makes very slow! */
268	if (limit) {
269	xlimit--;
270	if (xlimit == 0)
271	break;
272	}
273	} /* while */
274	exit (0);
275
276	} /* main */


diff --git a/src/usr.bin/nc/data/dns-any.d b/src/usr.bin/nc/data/dns-any.d deleted file mode 100644 index 40ef3cba48..0000000000 --- a/src/usr.bin/nc/data/dns-any.d +++ /dev/null
@@ -1,38 +0,0 @@
1	# $OpenBSD: dns-any.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
2
3	# dns "any for ." query, to udp 53
4	# if tcp: precede with 2 bytes of len:
5	# 0
6	# 17
7	# you should get at least one record back out
8
9	# HEADER:
10	0 # query id = 2
11	2
12
13	1 # flags/opcodes = query, dorecurse
14	0
15
16	0 # qdcount, i.e. nqueries: 1
17	1
18
19	0 # ancount: answers, 0
20	0
21
22	0 # nscount: 0
23	0
24
25	0 # addl records: 0
26	0
27
28	# end of fixed header
29
30	0 # name-len: 0 for ".", lenbyte plus name-bytes otherwise
31
32	0 # type: any, 255
33	0xff
34
35	0 # class: IN
36	1
37
38	# i think that's it..


diff --git a/src/usr.bin/nc/data/nfs-0.d b/src/usr.bin/nc/data/nfs-0.d deleted file mode 100644 index c6d51827b7..0000000000 --- a/src/usr.bin/nc/data/nfs-0.d +++ /dev/null
@@ -1,61 +0,0 @@
1	# $OpenBSD: nfs-0.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
2
3	# UDP NFS null-proc call; finds active NFS listeners on port 2049.
4	# If you get something back, there's an NFS server there.
5
6	000 # XID: 4 trash bytes
7	001
8	002
9	003
10
11	000 # CALL: 0
12	000
13	000
14	000
15
16	000 # RPC version: 2
17	000
18	000
19	002
20
21	000 # nfs: 100003
22	001
23	0x86
24	0xa3
25
26	000 # version: 1
27	000
28	000
29	001
30
31	000 # procedure number: 0
32	000
33	000
34	000
35
36	000 # port: junk
37	000
38	000
39	000
40
41	000 # auth trash
42	000
43	000
44	000
45
46	000 # auth trash
47	000
48	000
49	000
50
51	000 # auth trash
52	000
53	000
54	000
55
56	000 # extra auth trash? probably not needed
57	000
58	000
59	000
60
61	# that's it!


diff --git a/src/usr.bin/nc/data/pm.d b/src/usr.bin/nc/data/pm.d deleted file mode 100644 index 2d006a032f..0000000000 --- a/src/usr.bin/nc/data/pm.d +++ /dev/null
@@ -1,10 +0,0 @@
1	# $OpenBSD: pm.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
2
3	# obligatory duplicate of dr delete's Livingston portmaster crash, aka
4	# telnet break. Fire into its telnet listener. An old bug by now, but
5	# consider the small window one might obtain from a slightly out-of-rev PM
6	# used as a firewall, that starts routing IP traffic BEFORE its filter sets
7	# are fully loaded...
8
9	255 # 0xff # . 1
10	243 # 0xf3 # . 2


diff --git a/src/usr.bin/nc/data/pmap-dump.d b/src/usr.bin/nc/data/pmap-dump.d deleted file mode 100644 index 98d6142001..0000000000 --- a/src/usr.bin/nc/data/pmap-dump.d +++ /dev/null
@@ -1,62 +0,0 @@
1	# $OpenBSD: pmap-dump.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
2
3	# portmap dump request: like "rpcinfo -p" but via UDP instead
4	# send to UDP 111 and hope it's not a logging portmapper!
5	# split into longwords, since rpc apparently only deals with them
6
7	001 # 0x01 # . # XID: 4 trash bytes
8	002 # 0x02 # .
9	003 # 0x03 # .
10	004 # 0x04 # .
11
12	000 # 0x00 # . # MSG: int 0=call, 1=reply
13	000 # 0x00 # .
14	000 # 0x00 # .
15	000 # 0x00 # .
16
17	000 # 0x00 # . # pmap call body: rpc version=2
18	000 # 0x00 # .
19	000 # 0x00 # .
20	002 # 0x02 # .
21
22	000 # 0x00 # . # pmap call body: prog=PMAP, 100000
23	001 # 0x01 # .
24	134 # 0x86 # .
25	160 # 0xa0 # .
26
27	000 # 0x00 # . # pmap call body: progversion=2
28	000 # 0x00 # .
29	000 # 0x00 # .
30	002 # 0x02 # .
31
32	000 # 0x00 # . # pmap call body: proc=DUMP, 4
33	000 # 0x00 # .
34	000 # 0x00 # .
35	004 # 0x04 # .
36
37	# with AUTH_NONE, there are 4 zero integers [16 bytes] here
38
39	000 # 0x00 # . # auth junk: cb_cred: auth_unix = 1; NONE = 0
40	000 # 0x00 # .
41	000 # 0x00 # .
42	000 # 0x00 # .
43
44	000 # 0x00 # . # auth junk
45	000 # 0x00 # .
46	000 # 0x00 # .
47	000 # 0x00 # .
48
49	000 # 0x00 # . # auth junk
50	000 # 0x00 # .
51	000 # 0x00 # .
52	000 # 0x00 # .
53
54	000 # 0x00 # . # auth junk
55	000 # 0x00 # .
56	000 # 0x00 # .
57	000 # 0x00 # .
58
59	# The reply you get back contains your XID, int 1 if "accepted", and
60	# a whole mess of gobbledygook containing program numbers, versions,
61	# and ports that rpcinfo knows how to decode. For the moment, you get
62	# to wade through it yourself...


diff --git a/src/usr.bin/nc/data/pmap-mnt.d b/src/usr.bin/nc/data/pmap-mnt.d deleted file mode 100644 index 0dc3ffc55e..0000000000 --- a/src/usr.bin/nc/data/pmap-mnt.d +++ /dev/null
@@ -1,80 +0,0 @@
1	# $OpenBSD: pmap-mnt.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
2
3	# portmap request for mountd [or whatever; see where prog=MOUNT]
4	# send to UDP 111 and hope it's not a logging portmapper!
5	# split into longwords, since rpc apparently only deals with them
6
7	001 # 0x01 # . # XID: 4 trash bytes
8	002 # 0x02 # .
9	003 # 0x03 # .
10	004 # 0x04 # .
11
12	000 # 0x00 # . # MSG: int 0=call, 1=reply
13	000 # 0x00 # .
14	000 # 0x00 # .
15	000 # 0x00 # .
16
17	000 # 0x00 # . # pmap call body: rpc version=2
18	000 # 0x00 # .
19	000 # 0x00 # .
20	002 # 0x02 # .
21
22	000 # 0x00 # . # pmap call body: prog=PMAP, 100000
23	001 # 0x01 # .
24	134 # 0x86 # .
25	160 # 0xa0 # .
26
27	000 # 0x00 # . # pmap call body: progversion=2
28	000 # 0x00 # .
29	000 # 0x00 # .
30	002 # 0x02 # .
31
32	000 # 0x00 # . # pmap call body: proc=GETPORT, 3
33	000 # 0x00 # .
34	000 # 0x00 # .
35	003 # 0x03 # .
36
37	# with AUTH_NONE, there are 4 zero integers [16 bytes] here
38
39	000 # 0x00 # . # auth junk: cb_cred: auth_unix = 1; NONE = 0
40	000 # 0x00 # .
41	000 # 0x00 # .
42	000 # 0x00 # .
43
44	000 # 0x00 # . # auth junk
45	000 # 0x00 # .
46	000 # 0x00 # .
47	000 # 0x00 # .
48
49	000 # 0x00 # . # auth junk
50	000 # 0x00 # .
51	000 # 0x00 # .
52	000 # 0x00 # .
53
54	000 # 0x00 # . # auth junk
55	000 # 0x00 # .
56	000 # 0x00 # .
57	000 # 0x00 # .
58
59	000 # 0x00 # . # prog=MOUNT, 100005
60	001 # 0x01 # .
61	134 # 0x86 # .
62	165 # 0xa5 # .
63
64	000 # 0x00 # . # progversion=1
65	000 # 0x00 # .
66	000 # 0x00 # .
67	001 # 0x01 # .
68
69	000 # 0x00 # . # protocol=udp, 17
70	000 # 0x00 # .
71	000 # 0x00 # .
72	017 # 0x11 # .
73
74	000 # 0x00 # . # proc num = junk
75	000 # 0x00 # .
76	000 # 0x00 # .
77	000 # 0x00 # .
78
79	# The reply you get back contains your XID, int 1 if "accepted", and
80	# mountd's port number at the end or 0 if not registered.


diff --git a/src/usr.bin/nc/data/rip.d b/src/usr.bin/nc/data/rip.d deleted file mode 100644 index 51be878454..0000000000 --- a/src/usr.bin/nc/data/rip.d +++ /dev/null
@@ -1,54 +0,0 @@
1	# $OpenBSD: rip.d,v 1.2 2001/01/29 01:58:11 niklas Exp $
2
3	# struct netinfo {
4	# struct sockaddr rip_dst; /* destination net/host */
5	# int rip_metric; /* cost of route */
6	# };
7	# struct rip {
8	# u_char rip_cmd; /* request/response */
9	# u_char rip_vers; /* protocol version # */
10	# u_char rip_res1[2]; /* pad to 32-bit boundary */
11	# union {
12	# struct netinfo ru_nets[1]; /* variable length... */
13	# char ru_tracefile[1]; /* ditto ... */
14	# } ripun;
15	#define rip_nets ripun.ru_nets
16	#define rip_tracefile ripun.ru_tracefile
17	#define RIPCMD_REQUEST 1 /* want info */
18	#define RIPCMD_RESPONSE 2 /* responding to request */
19	#define RIPCMD_TRACEON 3 /* turn tracing on */
20	#define RIPCMD_TRACEOFF 4 /* turn it off */
21	#define HOPCNT_INFINITY 16 /* per Xerox NS */
22	#define MAXPACKETSIZE 512 /* max broadcast size */
23
24	### RIP packet redux
25	### UDP send FROM clued-rtr/520 to target/520
26	2 # RIPCMD_RESPONSE
27	1 # version
28	0 # padding
29	0
30
31	# sockaddr-plus-metric structs begin, as many as necessary...
32	0 # len
33	2 # AF_INET
34	0 # port
35	0
36	# addr bytes:
37	X
38	Y
39	Z
40	Q
41	0 # filler, out to 16 bytes [sizeof (sockaddr)] ...
42	0
43	0
44	0
45	0
46	0
47	0
48	0
49	0 # metric: net-order integer
50	0
51	0
52	1
53
54	## that's it


diff --git a/src/usr.bin/nc/data/rservice.c b/src/usr.bin/nc/data/rservice.c deleted file mode 100644 index 83c935537b..0000000000 --- a/src/usr.bin/nc/data/rservice.c +++ /dev/null
@@ -1,70 +0,0 @@
1	/* $OpenBSD: rservice.c,v 1.3 2001/11/19 19:02:15 mpech Exp $ */
2
3	/* generate ^@string1^@string2^@cmd^@ input to netcat, for scripting up
4	rsh/rexec attacks. Needs to be a prog because shells strip out nulls.
5
6	args:
7	locuser remuser [cmd]
8	remuser passwd [cmd]
9
10	cmd defaults to "pwd".
11
12	... whatever. _H*/
13
14	#include <stdio.h>
15
16	/* change if you like; "id" is a good one for figuring out if you won too */
17	static char cmd[] = "pwd";
18
19	static char buf [256];
20
21	main(argc, argv)
22	int argc;
23	char * argv[];
24	{
25	int x;
26	int y;
27	char * p;
28	char * q;
29
30	p = buf;
31	memset (buf, 0, 256);
32
33	p++; /* first null */
34	y = 1;
35
36	if (! argv[1])
37	goto wrong;
38	x = strlen (argv[1]);
39	memcpy (p, argv[1], x); /* first arg plus another null */
40	x++;
41	p += x;
42	y += x;
43
44	if (! argv[2])
45	goto wrong;
46	x = strlen (argv[2]);
47	memcpy (p, argv[2], x); /* second arg plus null */
48	x++;
49	p += x;
50	y += x;
51
52	q = cmd;
53	if (argv[3])
54	q = argv[3];
55	x = strlen (q); /* not checked -- bfd */
56	memcpy (p, q, x); /* the command, plus final null */
57	x++;
58	p += x;
59	y += x;
60
61	memcpy (p, "\n", 1); /* and a newline, so it goes */
62	y++;
63
64	write (1, buf, y); /* zot! */
65	exit (0);
66
67	wrong:
68	fprintf (stderr, "wrong! needs 2 or more args.\n");
69	exit (1);
70	}


diff --git a/src/usr.bin/nc/data/showmount.d b/src/usr.bin/nc/data/showmount.d deleted file mode 100644 index 77700a70ce..0000000000 --- a/src/usr.bin/nc/data/showmount.d +++ /dev/null
@@ -1,65 +0,0 @@
1	# $OpenBSD: showmount.d,v 1.2 2001/01/29 01:58:12 niklas Exp $
2
3	# UDP mountd call. Use as input to find mount daemons and avoid portmap.
4	# Useful proc numbers are 2, 5, and 6.
5	# UDP-scan around between 600-800 to find most mount daemons.
6	# Using this with "2", plugged into "nc -u -v -w 2 victim X-Y" will
7	# directly scan and dump the current exports when mountd is hit.
8	# combine stdout and stderr thru "strings" or something to clean it up
9
10	000 # XID: 4 trash bytes
11	001
12	002
13	003
14
15	000 # CALL: 0
16	000
17	000
18	000
19
20	000 # RPC version: 2
21	000
22	000
23	002
24
25	000 # mount: 100005
26	001
27	0x86
28	0xa5
29
30	000 # mount version: 1
31	000
32	000
33	001
34
35	000 # procedure number -- put what you need here:
36	000 # 2 = dump [showmount -e]
37	000 # 5 = exportlist [showmount -a]
38	xxx # "sed s/xxx/$1/ \| data -g \| nc ..." or some such...
39
40	000 # port: junk
41	000
42	000
43	000
44
45	000 # auth trash
46	000
47	000
48	000
49
50	000 # auth trash
51	000
52	000
53	000
54
55	000 # auth trash
56	000
57	000
58	000
59
60	000 # extra auth trash? probably not needed
61	000
62	000
63	000
64
65	# that's it!


diff --git a/src/usr.bin/nc/data/xor.c b/src/usr.bin/nc/data/xor.c deleted file mode 100644 index 2fed291173..0000000000 --- a/src/usr.bin/nc/data/xor.c +++ /dev/null
@@ -1,94 +0,0 @@
1	/* $OpenBSD: xor.c,v 1.3 2001/11/19 19:02:15 mpech Exp $ */
2
3	/* Generic xor handler.
4
5	With no args, xors stdin against 0xFF to stdout. A single argument is a
6	file to read xor-bytes out of. Any zero in the xor-bytes array is treated
7	as the end; if you need to xor against a string that includes zeros,
8	you're on your own.
9
10	The indirect file can be generated easily with data.c.
11
12	Written because there are so many lame schemes for "masking" plaintext
13	passwords and the like floating around, and it's handy to just run an
14	obscure binary-format configuration file through this and look for strings.
15
16	Hobbit, 960208 */
17
18	#include <stdio.h>
19	#include <fcntl.h>
20
21	char buf[8192];
22	char bytes[256];
23	char * py;
24
25	/* do the xor, in place. Uses global ptr "py" to maintain "bytes" state */
26	xorb (buf, len)
27	char * buf;
28	int len;
29	{
30	int x;
31	char * pb;
32
33	pb = buf;
34	x = len;
35	while (x > 0) {
36	pb = (pb ^ *py);
37	pb++;
38	py++;
39	if (! *py)
40	py = bytes;
41	x--;
42	}
43	} /* xorb */
44
45	/* blah */
46	main (argc, argv)
47	int argc;
48	char ** argv;
49	{
50	int x = 0;
51	int y;
52
53	/* manually preload; xor-with-0xFF is all too common */
54	memset (bytes, 0, sizeof (bytes));
55	bytes[0] = 0xff;
56
57	/* if file named in any arg, reload from that */
58	#ifdef O_BINARY /* DOS shit... */
59	x = setmode (0, O_BINARY); /* make stdin raw */
60	if (x < 0) {
61	fprintf (stderr, "stdin binary setmode oops: %d\n", x);
62	exit (1);
63	}
64	x = setmode (1, O_BINARY); /* make stdout raw */
65	if (x < 0) {
66	fprintf (stderr, "stdout binary setmode oops: %d\n", x);
67	exit (1);
68	}
69	#endif /* O_BINARY */
70
71	if (argv[1])
72	#ifdef O_BINARY
73	x = open (argv[1], O_RDONLY \| O_BINARY);
74	#else
75	x = open (argv[1], O_RDONLY);
76	#endif
77	if (x > 0) {
78	read (x, bytes, 250); /* nothin' fancy here */
79	close (x);
80	}
81	py = bytes;
82	x = 1;
83	while (x > 0) {
84	x = read (0, buf, sizeof (buf));
85	if (x <= 0)
86	break;
87	xorb (buf, x);
88	y = write (1, buf, x);
89	if (y <= 0)
90	exit (1);
91	}
92	exit (0);
93	}
94