/* http://members.xoom.com/i0wnu - code (c) Mixter
		   	wutest.c
   WUFTPd scanner that should detect any vulnerable
   WU-ftp academ servers. This program is a bit different
   in its usage but nevertheless reliable:

   cat nasa.gov.IP | while read ip ; do ./wutest $ip ; done | tee nasa.vuln

   Will read ips from nasa.gov.IP and print them to nasa.vuln
   FOR EDUCATIONAL / SECURITY PURPOSES ONLY. */

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <unistd.h>

int
main (int argc, char **argv)
{
  struct hostent *hp;
  struct in_addr addr;
  struct sockaddr_in s;
  char buf[280];
  int p;

  if (argc == 1)
    {
      printf ("Eat me.\n");
      exit (1);
    }

  hp = gethostbyname (argv[1]);
  if (!hp)
    exit (1);

  bcopy (hp->h_addr, &addr, sizeof (struct in_addr));
  p = socket (s.sin_family = AF_INET, 1, 0);
  s.sin_port = htons (21);
  s.sin_addr.s_addr = inet_addr (inet_ntoa (addr));
  connect (p, &s, sizeof (s));
  alarm (5);
  read (p, buf, 255);

  if (strstr (buf, "wu-2.4."))
    {
      if (strstr (buf, "BETA-1"))
	printf ("%s FTP vulnerable.\n", inet_ntoa (addr));
      if (strstr (buf, "VR"))
        printf ("%s FTP possible locally vulnerable.\n", inet_ntoa (addr));
    }
  write (p, "quit\n", 6);
  return 0;
}