example


[ Комментарии ] [ Добавить комментарий ] [ Доска объявлений HackZone ]

Отправитель: lun, October 11, 1998, 02:09:33:

В ответ на: Да......кроме БО тут помоему уже ничего не обсуждают! (отправитель: ZaK, October 11, 1998, 00:49:08):

Тебе для чего? Ниже кусок кода для юниксов, если устроит и захочется большего слей сырцы mail-a и посмотри что к чему
---------------------
/* $Id: log_email.c,v 1.9 1998/06/22 18:21:27 dps Exp $ */
/* Send email to the nominated people */

#include "config.h"
#include
#ifdef HAVE_SYSLOG_H
#include
#endif /* HAVE_SYSLOG_H */
#ifdef HAVE_SETJMP_H
#include
#endif /* HAVE_SETJMP_H */
#ifdef HAVE_SIGNAL_H
#include
#endif /* HAVE_SIGNAL_H */
#ifdef HAVE_TIME_H
#include
#endif /* HAVE_TIME_H */
#ifdef HAVE_ARPA_INET_H
#include
#endif /* HAVE_ARPA_INET_H */
#ifdef HAVE_SYS_TYPES_H
#include
#endif /* HAVE_SYS_TYPES_H */
#ifdef HAVE_SYS_SOCKET_H
#include
#endif /* HAVE_SYS_SOCKET_H */
#ifdef HAVE_NETINET_IN_H
#include
#endif /* HAVE_NETINET_IN_H */
#include "config.h"
#include "cfg_smtp.h"
#include "prog.h"

/* Do **NOT** delete this test. It is here to ensure that you set the
* proper detials in cfg_smtp.h. This program is a security item and
* getting the configuration and code right is CRITICAL, not optional! */
#ifndef SENDER
#error Before building you **MUST** edit cfg_smtp.h. Do it now.
#endif /* SENDER */
#ifndef SUBJECT
#error Before building you **MUST** edit cfg_smtp.h. Do it now.
#endif /* SUBJECT */
#ifndef MACHINE
#error Before building you **MUST** edit cfg_smtp.h. Do it now.
#endif /* MACHINE */

#ifndef USE_GETHOST
#ifndef ADDR
#error Before building you **MUST** edit cfg_smtp.h. Do it now.
#endif /* ADDR */
#else /* USE_GETHOST */
#ifndef SMTP_MACHINE
#error Before building you **MUST** edit cfg_smtp.h. Do it now.
#endif /* SMTP_MACHINE */
/* Warning for those who use this option. */
#ifdef WARNING_SUPPORT
#warning The attacker probably has root if this program triggers.
#warning This makes the author think gethostbyname is a mistake. The resolver
#warning configuration and /etc/hosts may be hacked in evil ways.Are you
#warning absolutely 100% sure you do not want to use IP numbers instead?
#endif /* WARNING_SUPPORT */
#endif /* USE_GETHOST */



static jmp_buf await_timeout;
static RETSIGTYPE (*old_alarm)(int);

/* This handles an alarm during await */
static RETSIGTYPE alarm_fire(int sig)
{
sig=sig; /* Avoid compiler warning */
alarm(0); /* Disable alarm */
signal(SIGALRM, old_alarm); /* Restore old action */
longjmp(await_timeout, 1); /* Return 0 from await */
/* NOT REACHED */
}

/* This fucntions handles information from the server */
static int await(int code, FILE *sock)
{
enum { AWAIT_CODE_START, AWAIT_CODE, AWAIT_NL, AWAIT_NL_CONT } state;
int rcode, c;
old_alarm=signal(SIGALRM, SIG_IGN);
if (setjmp(await_timeout)!=0)
return 0; /* Failed */

alarm(0); /* Disable alarm */
signal(SIGALRM, alarm_fire); /* Set signal handler */
alarm(TIMEOUT); /* Arrange for alarm */

state=AWAIT_CODE_START;

while (!feof(sock) && !ferror(sock))
{
if ((c=fgetc(sock))==EOF)
return 0; /* Paranoia */

switch(state)
{
case AWAIT_CODE_START:
if (isspace(c))
break; /* Skip white space */
if (!isdigit(c))
return 0; /* Oops! No leading number */
rcode=c-'0';
state=AWAIT_CODE;
break;

case AWAIT_CODE:
if (isdigit(c))
{
rcode=rcode*10+c-'0';
break;
}
#ifdef DEBUG
fprintf(stderr, "Code %d/%d, %c\n", rcode, code, c);
#endif
state=(c=='-') ? AWAIT_NL_CONT : AWAIT_NL; /* See RFC 821 */
break;

case AWAIT_NL:
#ifdef DEBUG
fputc(c, stderr);
#endif
if (c!='\n')
break;
alarm(0); /* Disable alarm */
signal(SIGALRM, old_alarm); /* Reset handler */
#ifdef DEBUG
fprintf(stderr, "Return %d/%d\n", rcode, code);
#endif
/* Note: RFC 1123 says only use the first digit */
return ((int) (rcode/100)==(int) (code/100)) ? 1 : 0;
/* NOT REACHED */

case AWAIT_NL_CONT:
if (c=='\n')
state=AWAIT_CODE_START; /* There is a continuation line */
break;

default:
/* Critical and hopefully impossible */
syslog(LOG_ERR, "await entered impossible state %d", state);
return 0;
}
}
return 0; /* Failed, EOF or error on socket */
}


/* This function talks sender SMTP to the server and writes the mail */
static int send_mail(const char *const *to, const char *msg, FILE *conn)
{
int nrcpt=0, flg;
const char *const *scan;
char datebuf[1024]; /* Lots */
struct tm *time_p;
time_t tim;

#ifdef DEBUG
fprintf(stderr, "Await greeting\n");
#endif
/* Say hello */
if (!await(220, conn))
return 0;
fputs("HELO " quote(MACHINE) "\r\n", conn);
fflush(conn);
if (!await(250, conn))
return 0;
#ifdef DEBUG
fprintf(stderr, "HELO\n");
#endif

/* Tell the remote server the sender */
fputs("MAIL FROM:\r\n", conn); /* Sender */
fflush(conn);
if (!await(250, conn))
return 0;
#ifdef DEBUG
fprintf(stderr, "MAIL FROM:\n");
#endif
/* Tell the remote server who we want to send the mail to */
scan=to;
while (*scan!=NULL)
{
fprintf(conn, "RCPT TO:\r\n", *scan); /* Recipient */
fflush(conn);
#ifdef DEBUG
fprintf(stderr, "RCPT TO:\n", *scan);
#endif
if (await(250, conn))
nrcpt++;
scan++;
}
if (nrcpt==0)
return 0;

#ifdef DEBUG
fprintf(stderr, "DATA\n");
#endif

/* Send the message */
fputs("DATA\n", conn); /* Data */
fflush(conn);
if (!await(354, conn))
return 0;

/* Start with standard stuff, nothing too obvious to show in case the
* mail gets into the local logs. Something like ROOT COMPRISE WARNING
* would stand out like a sure thumb^3. (The fact that is accirate does
* not make it good to inform the world that the admin has been mailed
* and now would be a good time to nab the message before the admin
* sees it and gets wind of the attack....) */
tim=time(NULL); /* Get time */
if ((time_p=localtime(&tim))==NULL)
strcpy(datebuf, ""); /* Known to fit */
else
strftime(datebuf, sizeof(datebuf)-1, "%a, %B %d %Y %H:%M:%S (%Z)",
time_p);

fprintf(conn,
"From: \r\n"
"Subject: " quote(SUBJECT) "\r\n"
"Date: %s\r\n"
"Proirity: Urgent\r\n",
datebuf);

/* Now add the recipients */
scan=to;
fprintf(conn,"To: \r\n", *scan);
if (*(++scan)!=NULL)
{
flg=0;
fputs("Cc:", conn);
while(*scan)
{
fprintf(conn, "%s", (flg==0) ? " " : ", ", *scan);
flg=1;
scan++;
}
fputs("\r\n", conn);
}

/* Start the body with a standard preamble. */
fputs("\r\n"
"The ps checker detected a problem, suggesting that somebody\r\n"
"has *compromised the root account* and installed a version of\r\n"
"ps modified to hide the attacker's processes (hopefully now\r\n"
"all killed). The information logged was:\r\n\r\n",
conn); /* Start message body */
fputs(msg, conn); /* Send message */
fputs("\r\n.\r\n", conn); /* End message, see RFC 821 */
fflush(conn);
if (!await(250, conn))
return 0;
fputs("QUIT\r\n",conn); /* Exit nicely */
return 1;
}


/* This is a front-end that connects to the machine */
int smtp_send(const char *const *to, const char *message)
{
FILE *conn;
int fd;
struct sockaddr_in serv;

/* Heavy preprocessor stuff to bomb out if no acceptable function is
* around, even if this affects nobody... I can not imagine it does! */
#ifdef USE_GETHOST

#ifdef HAVE_GETHOSTBYNAME
struct hostent *hent;
if ((hent=gethostbyname(quote(SMTP_MACHINE)))==NULL)
return 0;
serv.sin_addr=*(hent->h_addr); /* Less paranoid about compile time stuff */
#else /* not HAVE_GETHOSTBYNAME */
#error USE_GETHOST not supported if you do not have GETHOSTBYNAME
#endif /* HAVE_GETHOSTBYNAME */

#else
struct in_addr addr;

#ifdef HAVE_INET_ATON
if (!inet_aton(quote(ADDR), &addr)) /* How do I avoid the string? */
return 0;
#elif defined(HAVE_INET_ADDR)
if ((addr.s_addr = inet_addr(quote(ADDR))) == -1)
#else /* neither HAVE_INET_ATON nor HAVE_INET_ADDR */
#error I need either inet_aton or inet_addr
#endif /* HAVE_INET_ATON */
serv.sin_addr=addr;
#endif
serv.sin_family=AF_INET;
serv.sin_port=htons(SMTP_PORT);

if ((fd=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP))==-1)
return 0;
if ((conn=fdopen(fd, "r+"))==NULL)
{
close(fd);
return 0;
}

#ifdef DEBUG
fprintf(stderr, "Sending some email\n");
#endif
if (connect(fd, (struct sockaddr *) &serv, sizeof(serv)))
{
fclose(conn);
return 0;
}

#ifdef DEBUG
fprintf(stderr, "Connected\n");
#endif
if (!send_mail(to, message, conn))
{
fclose(conn);
return 0;
}
fclose(conn);
return 1;
}


Комментарии:


Цитировать сообщение


[ Комментарии ] [ Доска объявлений HackZone ]