大家想一下,如果把這個expliot放在一臺Server上,在向一個BBS論壇上發垃圾帖子,幾秒中一個論壇就會被上百個垃圾帖子貼滿.用戶也無法瀏覽了...下面這段代碼有點象，但需要改.我可不干,實在...實在...太.那個了?
【 原文由 Happy 所發表 】?
/* 這是一個向bbs自動發文章的程序,它可以把硬盤上的一篇文章發到bbs server的 */?
/* 某個版中,適合于網絡速度慢的情況下發表文章,減少等待時間 */?
/* 只是本程序依賴于具體的上站按鍵序列,自然要因bbs server的不同和你在 */?
/* bbs server上的ID的不同而加以修改 */?
/* 另外下面的字符 ^W的輸入方法如下: 左手按住Ctrl鍵不放,右手先按V,再按W */?
/* ^P的輸入方法相同. 為了不影響我發這篇文章,我把它們都改成了兩個字符,即 */?
/* ^W改為^和W,^P改為^和P,編譯之前需要改回來 */?
/* 不要把本程序用來干壞事,那不是本人所希望看到的 */?
/* 作者: Netguy 1998.1.3 */?
/* 本程序適用于UNIX系統,編譯方法為: */?
/* Linux: cc -lbsd -o post post.c */?
/* SunOS: cc -lsocket -lnsl -lucb -o post post.c */?

#include?
#include?
#include?
#include?
#include?
#include?
#include?
#include?
#include?

#define N 26?
#define M 5?
#define BOARD 19?
#define TITLE 23?
#define SIZE 1024?
#define TRUE -1?
#define FALSE 0?
#define NUM_OF_BOARD 105?

char *boardName[NUM_OF_BOARD]={?
"211", /* 1 */?
"Campus", /* 2 */?
"Education", /* 3 */?
"Endusers", /* 4 */?
"Schools", /* 5 */?
"Student", /* 6 */?
"Tsinghua", /* 7 */?
"UESTC", /* 8 */?
"Office12", /* 9 */?
"Office11", /* 10 */?
"Office13", /* 11 */?
"Office9", /* 12 */?
"Office5", /* 13 */?
"Office6", /* 14 */?
"Office4", /* 15 */?
"Office2", /* 16 */?
"Office15", /* 17 */?
"Office10", /* 18 */?
"Office1", /* 19 */?
"Office17", /* 20 */?
"Office16", /* 21 */?
"Office8", /* 22 */?
"Office3", /* 23 */?
"Office14", /* 24 */?
"AR", /* 25 */?
"Chemistry", /* 26 */?
"CS", /* 27 */?
"EE", /* 28 */?
"Graduate", /* 29 */?
"Material", /* 30 */?
"MBA", /* 31 */?
"Office7", /* 32 */?
"PPCenter", /* 33 */?
"Transportation", /* 34 */?
"3com", /* 35 */?
"AIX", /* 36 */?
"IBMNetwork", /* 37 */?
"IntelNetwork", /* 38 */?
"Modem", /* 39 */?
"Netscape", /* 40 */?
"Oracle", /* 41 */?
"Router", /* 42 */?
"Solaris", /* 43 */?
"Sybase", /* 44 */?
"Telecom", /* 45 */?
"3D", /* 46 */?
"Browser", /* 47 */?
"CAD", /* 48 */?
"Database", /* 49 */?
"Freeware", /* 50 */?
"Game", /* 51 */?
"Hacker", /* 52 */?
"Hardware", /* 53 */?
"iNet", /* 54 */?
"JAVA", /* 55 */?
"MultiMedia", /* 56 */?
"NetSoftware", /* 57 */?
"NetTech", /* 58 */?
"NT", /* 59 */?
"OS2", /* 60 */?
"Programming", /* 61 */?
"Unix", /* 62 */?
"Virus", /* 63 */?
"Visual", /* 64 */?
"Windows", /* 65 */?
"Astrology", /* 66 */?
"Automobile", /* 67 */?
"Chess", /* 68 */?
"Connoisseur", /* 69 */?
"Economy", /* 70 */?
"Feelings", /* 71 */?
"Film", /* 72 */?
"Friend", /* 73 */?
"Gathering", /* 74 */?
"IQ_park", /* 75 */?
"Joke", /* 76 */?
"Life", /* 77 */?
"Memory", /* 78 */?
"Military", /* 79 */?
"Photography", /* 80 */?
"Tour", /* 81 */?
"Digest", /* 82 */?
"Emprise", /* 83 */?
"Literature", /* 84 */?
"Music", /* 85 */?
"Poetry", /* 86 */?
"Reading", /* 87 */?
"Story", /* 88 */?
"Badminton", /* 89 */?
"Basketball", /* 90 */?
"Football", /* 91 */?
"Health", /* 92 */?
"Ping-pong", /* 93 */?
"Sports", /* 94 */?
"Tennis", /* 95 */?
"Progwork", /* 96 */?
"TipWorld", /* 97 */?
"English", /* 98 */?
"Mathematics", /* 99 */?
"Phylosophy", /* 100 */?
"Physics", /* 101 */?
"Advice", /* 102 */?
"Help", /* 103 */?
"sysop", /* 104 */?
"Test" /* 105 */?
};?

/* 下面的字符串就是你自己上bbs站時的按鍵序列,需要修改以符合自己的情況 */?
/* 左邊的一列是server傳過來的,右邊的一列是需要自己從鍵盤輸入的 */?
char command1[ N ][80]={?
"login:", "bbs\r\n", /* 以bbs登錄 */?
"):", "yourID\r\n", /* 自己的bbs ID */?
":", "passWord\r\n", /* 密碼 */?
"", "\r\n", /* server要你按回車鍵*/?
" ..", "\r\n", /*按任何鍵繼續.. */?
" ..", "\r\n", /*按任何鍵繼續.. */?
" ..", "\r\n", /*按任何鍵繼續.. */?
"G)oodBye", "e\r\n", /*主菜單下按e鍵 */?
"E)xit", "b\r\n", /*分類討論區菜單下按b*/?
"[h]", ",", /* 版名 */?
"[h]", "^P", /* 按^P發文章 */?
"]", " ", /* 文章題目 */?
"T", "\r\n" /*確定 */?
};?
/* 下面的字符是文章輸入完之后的情況 */?
/* 左邊的一列是需要自己從鍵盤輸入的,右邊的一列是server傳過來的 */?
char command2[ M ][20]={?
"^W", "]:", /*文章輸完后按Ctrl-W存盤*/?
"s\r\n", "[h]", /*按s轉信 */?
"!\r\n" /*旋風離站 */?
};?
int sockfd=-1; /*管套描述符 */?
void waitString(char *string); /*等待一個特定字符串 */?

unsigned char receiveChar(void) //從socket讀取server發來的一個字節?
{ char tmp;?
if(read(sockfd,& tmp,1)<=0 ) { printf("read socket error.\n"); exit(-1);}?
return tmp;?
}?

void sendChar(char ch) //從socket向server發送一個字節?
{?
if( write(sockfd,& ch,1)<0 ) { printf("write socket error.\n"); exit(-1); }?
}?

void sendString(char p[]) //從socket向server發送一個字符串?
{?
if(write(sockfd,p,strlen(p))<0) { printf("write socket error.\n"); exit(-1); };?
}?

void killHandle(void) //信號處理函數?
{?
close(sockfd);?
exit(0);?
}?
/*===========================================================================*/?
main(int argc,char **argv)?
{?
struct sockaddr_in host;?
struct hostent *hp;?
int commandCounter;?
int status;?
int f,k;?
char fileBuf[SIZE];?

if( argc<4) { printf("Usage: %s fileName boardName title\n",argv[0]);?
exit(0);?
}?

f=open(argv[1],O_RDONLY); /*打開本地磁盤文件 */?
if( f< 0) { printf("open file error\n"); exit(-1); }?

for(k=0; k< NUM_OF_BOARD; k++)?
{?
if( strcmp(argv[2],boardName[k])==0)?
{ sprintf(& (command1[BOARD][0]),"%d\r\n\r\n",k+1);?
break;?
}?
}?
if(k>=NUM_OF_BOARD) { printf("Bad boardName: %s\n",argv[2]);?
exit(0);?
}?

strcpy(& (command1[TITLE][0]),argv[3]);?
strcat(& (command1[TITLE][0]),"\r\n");?

signal(SIGTERM,killHandle); /* 設回調函數 */?
signal(SIGINT,killHandle);?

hp = gethostbyname("bbs.gznet.edu.cn"); /* bbs服務器的名字 */?
if(hp==NULL) { printf("Unkonwn host\n"); exit(-1); }?
bzero((char *)& host,sizeof(host));?
bcopy(hp->h_addr,(char *)& host.sin_addr,hp->h_length);?
host.sin_family=AF_INET;?
host.sin_port=htons(23); /*telnet標準端口 */?
if ( (sockfd=socket(AF_INET,SOCK_STREAM,0))<0 ) /* 阻塞式socket */?
{ printf(" Error open socket\n");?
exit(-1);?
}?
status=connect(sockfd,(struct sockaddr *)& host,sizeof(host));/*連接*/?
if(status<0) { printf("Connect error\n"); exit(-1); }?

for(commandCounter=0; commandCounter< N; ) /*登錄進bbs站 */?
{ waitString( command1[commandCounter ++] );?
sendString( command1[commandCounter ++] );?
}?

while( (status=read(f,fileBuf,SIZE) )>0 ) /*把文件內容發往bbs */?
{ for(k=0; k< status; k++)?
{ write(sockfd,&(fileBuf[k]),1);?
if( fileBuf[k]==0x0A ) write(sockfd,"\0x0D",1);?
}?
}?
sleep(1);?
close(f);?

for(commandCounter=0; commandCounter< M -1; ) /* 存盤離站 */?
{ sendString( command2[ commandCounter ++] );?
waitString( command2[ commandCounter ++ ]);?
}?
sendString(command2[M-1] );?
sleep(1);?
close(sockfd);?
printf("\npost ok.\n");?
}?
/*===========================================================================*/?
void waitString( char *string) /*從server發來的字節流中匹配特定串,找到就返回 */?
{?
int m,n;?
int len;?
char equal;?
char term[]="dumb"; /* 終端類型: 啞終端 */?
int status;?
struct timeval timeout;?
struct fd_set mask;?
unsigned char c,cmd,opt;?

len=strlen(string); /* 欲匹配的串的長度 */?
m=0; /* 串中的當前匹配位置 */?
equal=FALSE; /* 布爾變量 */?
for(;;)?
{ n=read(sockfd,& c,1); /* 讀取一個字節 */?
if( n<=0 ) { printf("socket read error.\n"); exit(-1); }?
if (c == 255) // IAC字符,后跟telnet命令和協商選項?
{?
cmd = receiveChar(); //讀入命令?
opt = receiveChar(); //讀入選項?

switch(opt) {?
case 1: // echo協商選項,本程序未處理?
break;?

case 3: // supress go-ahead(抑制向前選項)?
break;?

case 24: // terminal type(終端類型選項)?
if (cmd == 253) {?
// IAC WILL terminal-type 將告訴server終端類型?
sendChar((char)255);?
sendChar((char)251);?
sendChar((char)24);?
// IAC SB terminal-type IS IAC SE?
sendChar((char)255); //傳送終端類型字符串?
sendChar((char)250);?
sendChar((char)24);?
sendChar((char)0);?
sendString(term);?
sendChar((char)255);?
sendChar((char)240);?
}?
else if (cmd == 250) { //SB和SE要配對出現?
while(receiveChar() != 240)?
;?
}?
break;?

default: // some other command1?
if (cmd == 253) {?
// IAC DONT whatever?
sendChar((char)255); //其它的協商選項均不同意?
sendChar((char)252);?
sendChar((char)opt);?
}?
}?
}?
else //處理字符數據?
{ putchar(c);?
if( *(string+m)==c ) { m++; equal=TRUE; } //相等則匹配下一字符?
else { m=0; equal=FALSE; }//不等則從頭再來?
if(equal==TRUE && m>=len) return; //找到期待的字符串就返回?
}?
}?
}

轉載于:https://blog.51cto.com/userli/66638

總結

以上是生活随笔為你收集整理的BBS的无敌杀手的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。