Copy Link
Add to Bookmark
Report
Nations of Ulysses Issue 03
.. ,.. _ _ .. `/¿. `/l ;;ll Ù'^` ```' /
,Úg%ll$$$$SS@@%%¿¿,,. `'' '' '
,,¿¿\ill$$$$$$$$$$$$$$SSli/Ú,,.. ..,,ÚÚg\\¿,,\S/,
¿.,\S$$$$$SSSliiiilllSllliillSS$Sliii;;¿¿;illllSSSS$$$$Slll'
//llSSS$$$$SS@@@/aa,, ''Ù;;illS$$SllliiillllSSS$$$$$$$l`'`
``''Ù/lliii;;;ÀÀÀ- - `Ù;iiSS$$SSSlllSS$$$SSSSll\'` Can you grow
`` ___ `Ù/ÙÙ*S*ÙÙüø'^`` `` '
__ .Ú*ãÙüø^''üÙ/ /, ';iS. Úñ* , out of sense-
__```'Úg%/,._ ',d¯¿ ;l;. .,llS/ ` a db, less hate?
;il$$S/,`'üÙÙ** Ùý'.,,'Ù' _ ,\lS$$$$Sa¿. -ü'
;iS$$$$Sll$S@%%%@\*Ù'`.;;;\¿ ;S$'`Ù7$$PÙ7; ;;;ii;¿,.
';lS$$$SSlllS$$lli;;;;ii;;Ù`;,À$b¿, 7' ,d' ''` ``'' Improve your-
;lSSSS$$$SSSl³³l;;;;;/+Ù' \l$b,`ÙllllÙ'_ ;llSSSll;, self.. read,
/;ilS$$$$$$$$$$SS;;\' ,Ú\SSl$$$S/`;;$$$l.`/lS$$ll;;, exercise,
;;iilSSSS$$$$$Sll;` \llS$$$$$$$SS$$$$$$$,;lS$SSSll; enlighten your
;ilS$SSSSSS$$$$S\ ;;iillSS$$$$$$$$SSSlll;lllii;;ll; soul! Do it
';illliiiiilSl;;. ;;illSSSlllllSSSllliii,\lS$$ll;\ as soon as
.Úg\l$$SSlllSS;;; ,, \gga**ÙÙüü''^^''üÙÙ*/; ll///¿¿,,. possible; you
'` ,dlS$S*Ùü'^``' __,,..__ ;; `'/S$$, ``^' only live once!
.Úg%S$S*¿,. ,\ ' / \ \*ÙÙüüüÙÙÙ**/a¿,. ``^'Ù/ ,
Ù^` ..,;;;ii;;, . ,$P - Black Jack
.,ÚÚ , `/ ;;;iiill;S$$P /. Jeff Corcoran
Ù'` / 'Ù*aa\**ÙÙ' lS$
,Ú\ ;,. ` Ù * ,,¿llÙ' _.,Ú-- .
' '``' / , ' ^` `'Ù/, ll*Ùü' ' /
llSb, ' ' . ,,.
.`,.... ` ÙÙ*/
. $$$ _ ,;, Ú,. ll¿¿ \ _.,ÚÚ, `'¿. `
` $$P'` ll\Ù' ``'Ù \Ù'` **Ù'^` ` ' `/ .
.S` . Ù/ , _.,Ú \Ù'^`'Ù
;l '` `'Ù/ Ù/. /Ù'` .;l
/ ` '`
` `Ù /Ù'`
`
,ÚgiSSig¿, `
. \Ù'^``^'Ù/$b.
..., / ...,`³³l¿. 7$$/. ,...
'$$$; /, / $$$ .³³³³³ ;$$³³ l$$l.
$$$Ù/$$b, /$$$ ³³³lÙ`,d$$\ . ;$$$;
__ $$$ `/$$b, /$$ ,..,Úd$$P',d$ _ l$$$' _
. $$ $$$ ³, `/$$b,`$ S$$S*Ù'. $$$$$bÚ,..,Úd$$\' ;\` _
, ¿ $ $$ $$$ ³³³, `/$$b, ¿ .,¿*Ù' $$$''Ù*S\/S*Ù'` ,dP`,dP' \
'`` / ''` '`` Ù/*¿,,¿*\Ù '` '` ` `
/ NOU `^^`
.-.-. .-.-. .-.-. .-.-. .-.-. .-.-. .-.-. .-.
/ / \ \ / / NATIONS OF ULYSSES \ / ISSUE NO. 3\ / / \ \ / /
`-' `-`-' `-`-' `-`-' `-`-' `-`-' `-`-' `-`-'
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^
Introduction.......................................................lusta
SecurPBX using SecurID.........................................pbxphreak
ebnc.c............................................................enderX
The Battle of the Browsers.....................................ergophobe
asciigen.c......................................................Volatile
Guyz on IRC and their style........................................lusta
Axs Script Vulnerability...........................................f0bic
Using Wingates.................................................pbxphreak
What's nou without the traditional "make your own weapon" article!..phog
jellybelly.c....................................................Volatile
Basic Unix commands (for those new to linux)...................leprekaun
Intro to DHCP part 1..............................................spoofy
Example of CGI coding in win32 asm................................Jeremy
The Signal Game....................................................pablo
PC Based PBX Terms.............................................pbxphreak
A look at SMTP.....................................................lusta
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^
Another issue of Nations of Ulysses...I really want to thank everyone
that's participated. The items i recieve are so diverse, with such a wide
range of skill level. I'd have to say, that in this issue, representing
are a few people that i so admire and respect. For not only their skill,
but for also their friendship, support and patience with me. At the other
spectrum, the writers contributing to this issue, range from ages 12 to
30-something.
As I've said before, I spend a lot of time, reading other publications.
One thing I've noticed, is the lack of regard for writers, and for people
merely appreciating what's offered. As though, the importance is on an
amount of readers, or a certain show of 'eliteness'. Well, the directive
of nou is far from such, I hold high regard for the people that share their
endeavors and knowledge, or even just for taking a risk to make a
statement, or share something that might not be considered advanced
(however still helpful to some readers).
Anyways, I hope this issue is informative and maybe a bit inspiring. If
you choose to contribute to the zine, the email is nou@mail.com. Criticism,
or comments are always welcome. Thanks so much ;)
~ lusta
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^
SecurPBX using SecurID
by pbxphreak <chris@lod.com>
.---------------.
| | 037592 |
| `--------'
| SecureID |
`---------------'
SecurID Token:
-------------
The SecurID token provides an easy, one step process to positively identify
network and system users and prevent unauthorized access. Used in conjunction
with Security Dynamics Server software, the SecurID token generates a new
unpredictable access code every 60 seconds. SecurID technology offers
crackproof security for a wide range of platforms in one easy-to-use package.
Highlights:
----------
- Easy, one-step process for positive user authentication
- Prevents unauthorized access to information resources
- Authenticates users at network, system, application or transaction level
- Generates unpredictable, one-time- only access codes that auto- matically
change every 60 seconds
- No token reader required; can be used from any PC, laptop or work- station
ideal for remote access and Virtual Private Networks
- Works seamlessly with ACE/Agent for secure Web access
- Tamperproof
The Solution:
------------
For a sophisticated hacker or a determined insider, it doesnt take much to
compromise a users password and gain access to confidential resources. And
when an unauthorized user enters a supposedly secure system all privilege
definition and audit trail functions become virtually meaningless... in
essence, the damage is done. Single-factor identification a reusable password
is not enough.
To identify and authenticate an authorized system user, two factors are
necessary. Factor one is something secret only the user knows: a memorized
personal identification number (PIN) or password. The second factor is
something unique the user possesses: the SecurID token.
Carried by authorized system users, SecurID tokens available in three models
generate unique, one-time, unpredictable access codes every 60 seconds. To
gain access to a protected resource, a user simply enters his or her secret
PIN, followed by the current code displayed on the SecurID token.
Authentication is assured when the ACM recognizes the tokens unique code in
combination with the user's unique PIN. Patented technology synchronizes each
token with a hardware or software ACM. The ACM may reside at a host, operating
system, network/client resource or communications device - virtually any
information resource that needs security.
This simple, one-step login results in crackproof computer security that easy
to use and administer. The tokens require no card readers or time-consuming
challenge/response procedures. With SecurID tokens, reusable passwords can no
longer be compromised. Most importantly, access control remains in the hands
of management.
SECURID PINPAD:
--------------
An added level of security can be implemented with a SecurID PINPAD token.
The PINPAD token enables users accessing the network to login with an
encrypted combination of the PIN and SecurID token code. Using the keypad on
the face of the PINPAD token, a user enters his or her secret PIN directly
into the token, which generates an encrypted passcode. This additional level
of security is especially appropriate for users in application environments
who are concerned that a secret PIN might be compromised through electronic
eavesdropping.
SecurID tokens are ideal for any environment. The original SecurID token
conveniently fits into a wallet like a credit card. The SecurID key fob
offers a new dimension in convenience to those customers requiring high
levels of security in multiple environments, along with compact size and
durability. In addition to providing the same reliable performance in
generating random access codes as the original SecurID token, the SecurID key
fob comes in a small, light- weight format.
SecurPBX
--------
Ok. Plain and simple. SecurPBX is a product to protect PBX systems worldwide
and automated Help Desk functions.
SecurPBX provides remot access security for telephone lines, modem pools,
voicemail ports, internet access lines, and the maintenance port on PBX
systems. Used in conjunction with Security Dynamics SecurID, SecurPBX
protects valuable PBX resources from remote access by unautorized callers
without comprimising the conveniences of remote telephone and data access
to teleworking or traveling employees.
Callers dial specific numbers on the PBX for long distance services. As an
adjunct to the PBX and a client to the server, SecurPBX recieves the
callers request for resources. Functioning as a client, SecurPBX requires
remote callers to provide SecurID user authentication and an authorized
destination telephone number before being transfered to the desired resource.
SecurPBX transmits the credentials to the server for authentication
and simultaneously validates the telephone number by user specific
permissions and denials. SecurPBX integrates with the PBX to process the
call based on the validity of the caller via SecurID and the destination
number attemped.
.----------. |
| SERVER |---- -x- <-- Security
`----------' |
| |
| _-_
.--------------. |
| | 037592 | ,-----.
| `--------' ----- | PBX | ----- .-----------.
| SecureID | `-----' | SecurePBX |
`--------------' | Switch |
| `-----------'
|
--------------- Users
Each SecurID card is a visually readable credit card sized token or key which
is programmed with Security Dynamics powerful algorithm. Each card
automatically generates an unpredictable, one time access code every 60
seconds. The token is conveinent to carry and simple to use and is resistant
to being counterfeited or reversed engineered.
SecurPBX extends the secure working enviroment of an organization to remote
locations. SecurPBX applies user specific calling restrictions before any
call is completed to prevent unauthorized toll charges and misuse of PBX
resources. The time of day, volume of calls per user, destination telephone
numbers (restricted to NPA and NXX) and customizable classes of service add
a vital layer to access security without compromising the conveinience of
having remote access to telephone resources. SecurPBX logs all successful
and unseccessful attempts including the destination telephone number.
Caller ID/ANI if available also provides the origination telephone number,
pin pointing the location of the caller.
Highlights of SecurPBX:
----------------------
- Compatible with all major PBX vendor types.
- Cost effective remote access security for PBX resources.
- Prevents unauthorized access to valuable voice and data resources.
- Secures remote long distance, and alternative method for replacing
calling cards.
- Works in conjunction with each users SecurID card.
- Centralized network authentication and security administration.
- Easy to Use, voice prompting available in multiple languages.
- Audit trails and reporting assure true caller accountability.
- Caller ID/ANI option provides originating telephon number identifying
hacker locations.
SecurPBX operates in Microsoft Windows NT enviroment. Callers and data users
achieve seamless access to PBX resources with validation data gathered as
efficiently as using a calling card and/or attemping a standard logon
procedure. In many cases, SecurPBX can be a calling card replacement and
may also be used with cellular phones to combat calling card fraud.
Fraudulent or suspect callers are denied access before toll charges and
resources damage occur.
Typically, securing a PBX from unauthorized remote access has required
disabling remote access to the PBX. Using dynamic, two factor authentication
through the server and validation destination numbers dialed, SecurPBX
systematically locks out unauthorized callers preventing toll, voicemail,
and data fraud. This provides a secure access point for
teleworking resources.
SecurPBX uniquie voice identification:
-------------------------------------
SecurPBX is a unique indentification solution providing secure remote
access to all major PBX or Centrex telephone systems. Protected resources
included are:
- Long distance lines and trunks
- Voice mail access lines
- Call centers
- Interactive voice response systems and audio response units
Access is controlled through postive identification by their unique,
individual voice prins. SecurPBX uses SpeakEZ voice print speak
verification service tehcnology to efficiently allow access to authorized
callers while eliminating access to unauthorized callers. The SpeakEZ
voice print system is recognized as the best in the voice verification
industry today.
Significant investments in telephone resources simple cannot be protected
by traditional static passwords or PINs. When making a telephone call from
any telephone using your calling card number, the one condition verifiable
as certain by the PBX or phone company is that someone is making a call with
a known authorization code, however, it could be anyone. Casual calling by
unauthorized personnel, recognized as a major misuse of corporate telephone
resources, must be controlled if not eliminated. SecurPBX provides that
capability to your organization.
SecurPBX prodives reliable, independant two factor user identification and
authentication. Factor one is something the users knows: a memorized personal
identification number or password. The Second factor is something unique
the user possesses: his/her own voice print. Each caller is required to
merely speak his/her chosen password which is compared to a stored voice
print. The password can be in any language or dialect.
SecurPBX extends the unique user authentication provided by SpeakEZ voice
print to include user specific calling restrictions. Time of day, volume of
calls per user, destination telephone numbers which are restricted to NPA
and customizable classes of service add important layers of access security
without compromising the convenience of remote access to telephone resources.
Highlights:
----------
- Compatible with all major PBX vendor-types and Centrex
- Cost effective remote access security for PBX resources
- Prevents unauthorized access to valuable voice resources
- Secures remote long distance
- Non-intrusive security, callers are validated by their own voice prints
- Language independent passwords
- Centralized authentication and security administration
- Easy to use, voice prompting available in multiple languages
- Audit trails and reporting assure true caller accountability
- Multiple voice prints available per user
Remote Access Security Solution:
-------------------------------
Optionally, after authentication, SecurPBX administrators can manage user
permissions and denials on from either the same SecurPBX workstation or from
another workstation connected via a LAN or remotely by modem in a Windows
friendly environment.
Long distance callers achieve seamless access to PBX outbound trunks with
validation criteria gathered as efficiently as a calling card and as easily
as talking to a telephone attendant. Fraudulent or suspect callers are denied
access before any damaging toll charges can occur.
SecurPBX logs all calls, successful and unsuccessful, including the date and
time, user ID, and destination telephone number. Depending on the PBX type,
Calling Line Identification ANI may be used as part of the validation process
and in those cases, will also be logged. Log information can be exported to an
external spreadsheet application or displayed in reports generated by the
SecurPBX Administrator.
SpeakEZ Voice Print:
-------------------
SpeakEZ Voice Print Speaker Verification is a highly effective method of
confirming a caller's identity. The service is based on the fact that each
person's voice is uniquely different, and, as a means of identification, is
highly reliable. Speaker Verification is an application of the SpeakEZ Voice
Print technology which compares a digitized sample of a person's voice with
a stored model "voice print" of that individual's voice for verification.
- Authenticates the caller as opposed to information (i.e. PIN) or a piece
of equipment.
- Easy to use, language independent
- Safe: a voice print cannot be lost or stolen
- Cost-effective: does not require special hardware for the caller
- Virtually fraud-proof: a voice is difficult to forge
Applications of SecurPBX:
------------------------
- Secure Telecommuting (all valuable PBX resources)
- Call center user authentication
- Securing Interactive Voice Response (IVR) and Audio Response Units (ARUs)
- Help Yourself suite of products for help desk automation (ASAPTM -
ACE/Server Administration Program - PIN reset, SecurNT - Windows NT password
reset, E-Help Desk - Entrust/PKITM profile recovery)
Technical Requirements:
----------------------
Telephony platforms :
All major PBXs including Nortel, AT&T, Rolm and Mitel
Processor : 100% IBM compatible PC, Pentium 133 minimum
Disk requirement : Hard disk 1 gigabyte minimum, 32MB RAM for Switch I
nterface, Client software, 8 MB for Administrator
software, actual storage based on size of user
population
Capacity : An unlimited number of users may be administered and
issued SecurID Cards. 32 simultaneous voice channels
per Switch Interface
Configuration : Multiples of 4, 12 and 24 line telephone interfaces
Management : SecurPBX Administrator includes extensive
administrative menus in user-friendly Windows 3.1 and
95 environment, real time monitoring and management of
multiple PBX sites
Conclusion:
----------
SecurPBX is defiantely the way to go to prevent your data and PBX systems
from getting hacked and abused.
EOF
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~
Hello, this is a very simple bouncer that I wrote. Not only is it small and
reliable but it is also very portable. It has a lot smaller memory/cpu
footprint then the ever-popular BNC by Pharos and is generally more solid and
reliable. It makes use of nonblocking sockets which allows it to relay the
data quickly between the client and the server. It is very basic -- thats the
idea. Enjoy.
I am open to comments and suggestions, ender@325i.com
enderX
--
/*
EBNC.c v2 - enderX - 5 Sep 99
non-blocking, no bullshit bouncer
fully portable; has been tested on linux/irix/solaris, no reason it
should not work on all *nix OS's
- added quick hack for "dynamic" ident support with eidentd
(all this does is writes the username of the connecting user to IFILE)
- SPECIAL NOTE: BNC by Pharos sucks ass, just look at the code if you
don't believe me.
*/
#define PORT 6667
#define PASS "pass"
/*
change PORT and "pass" to suit you (leave the quotes around "pass")
*/
#ifdef IDENTD
#define IFILE "/etc/ident"
#endif
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <netdb.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#define S_NONE 0
#define S_PASS 1
#define S_CONN 2
#define S_DOWR 3
#define MAX_NLEN 16
#define MAX_ULEN 128
#define MAX_BUFFER 512
struct socket_t {
int csock, ssock;
char stat, nick[MAX_NLEN], user[MAX_ULEN];
struct socket_t *prev, *next;
};
struct socket_t *socketlist;
int s;
#ifdef IDENTD
void ident_update(char *buf)
{
int fd;
char *nbuf, *p;
fd = open(IFILE, (O_WRONLY|O_CREAT|O_TRUNC));
if (fd == -1)
return;
nbuf = (char *)malloc(MAX_ULEN);
memcpy((char *)nbuf, (char *)buf + 5, MAX_ULEN);
for (p = nbuf; *p != '\0'; *p++) {
if (*p == ' ') {
*p++ = '\n';
*p = '\0';
break;
}
}
write(fd, nbuf, p - nbuf);
close(fd);
}
#endif
void killsock(struct socket_t *ss)
{
struct socket_t *x;
close(ss->csock);
if (ss->stat == S_CONN)
close(ss->ssock);
x = ss;
x->prev->next = x->next;
x = x->next;
if (x != NULL)
x->prev = ss->prev;
free(ss);
}
void do_clean(int sig)
{
struct socket_t *ss, *x;
ss = socketlist;
while(ss->next != NULL) {
x = ss->next;
killsock(ss->next);
ss = x;
}
close(s);
exit(0);
}
int c_printf(struct socket_t *ss, char *str, ...)
{
int ret, len;
va_list ap;
char *string;
string = (char *)malloc(MAX_BUFFER);
memset((char *)string, 0, MAX_BUFFER);
va_start(ap, str);
len = vsprintf(string, str, ap);
va_end(ap);
ret = write(ss->csock, string, len);
if (ret == -1)
killsock(ss);
free(string);
return ret;
}
void parse_user(struct socket_t *ss, char *buf)
{
char *p = NULL;
struct sockaddr_in addr;
struct hostent *he;
int ret;
if (!strncasecmp(buf, "USER", 4)) {
p = buf + MAX_ULEN;
if (*p != '\0')
*p = '\0';
memcpy((char *)ss->user, (char *)buf, MAX_ULEN);
if (ss->nick[0] != '\0')
c_printf(ss, "NOTICE AUTH :Que paso puto?\n");
return;
}
if (!strncasecmp(buf, "NICK", 4)) {
p = buf + MAX_NLEN;
if (*p != '\0')
*p = '\0';
memcpy((char *)ss->nick, (char *)buf, MAX_NLEN);
if (ss->user[0] != '\0')
c_printf(ss, "NOTICE AUTH :Que paso puto?\n");
return;
}
if (!strncasecmp(buf, "PASS", 4)) {
for (p = buf + 5; *p; *p++)
if ((*p == '\r') || (*p == '\n'))
break;
*p = '\0';
if (!strcmp(buf + 5, PASS)) {
c_printf(ss, "NOTICE AUTH :Got pass, you may now do /quote conn\n");
ss->stat = S_PASS;
}
return;
}
if ((ss->stat != S_PASS) || (ss->user[0] == '\0') || (ss->nick[0] == '\0'))
return;
if (!strncasecmp(buf, "CONN", 4)) {
p = buf + 5;
if (p == NULL)
return;
for (; *p; *p++)
if ((*p == '\r') || (*p == '\n'))
break;
*p = '\0';
p = (buf + 5) + 128;
if (*p != '\0')
*p = '\0';
c_printf(ss, "NOTICE AUTH :Connecting to %s...\n", buf + 5);
addr.sin_family = AF_INET;
addr.sin_port = htons(6667);
addr.sin_addr.s_addr = inet_addr(buf + 5);
if (addr.sin_addr.s_addr == -1) {
he = gethostbyname(buf + 5);
if (he == NULL) {
c_printf(ss, "NOTICE AUTH :Unable to resolve %s!\n", buf + 5);
return;
}
memcpy(&addr.sin_addr, he->h_addr, he->h_length);
}
ss->ssock = socket(AF_INET, SOCK_STREAM, 0);
ret = fcntl(ss->ssock, F_GETFL, 0);
ret |= O_NONBLOCK;
fcntl(ss->ssock, F_SETFL, ret);
#ifdef IDENTD
ident_update(ss->user);
#endif
ret = connect(ss->ssock, (struct sockaddr *)&addr, sizeof(struct sockaddr));
if (ret == -1) {
if ((errno != EAGAIN) && (errno != EINPROGRESS)) {
c_printf(ss, "NOTICE AUTH :Connect failed!\n");
return;
}
}
ss->stat = S_DOWR;
}
}
int main()
{
int ret, fl, s;
struct sockaddr_in addr;
struct socket_t *ss;
fd_set fds, wfds;
char buf[MAX_BUFFER + 1];
s = socket(AF_INET, SOCK_STREAM, 0);
if (s == -1) {
perror("Unable to allocate socket");
exit(-1);
}
/* setup signal handling */
signal(SIGHUP, SIG_IGN);
signal(SIGINT, do_clean);
signal(SIGTERM, do_clean);
signal(SIGKILL, do_clean);
signal(SIGQUIT, do_clean);
socketlist = (struct socket_t *)malloc(sizeof(struct socket_t));
socketlist->next = NULL;
socketlist->prev = NULL;
fl = 1;
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &fl, sizeof(int));
ret = fcntl(s, F_GETFL, 0);
ret |= O_NONBLOCK;
fcntl(s, F_SETFL, ret);
memset((struct sockaddr_in *)&addr, 0, sizeof(struct sockaddr_in));
addr.sin_family = AF_INET;
addr.sin_port = htons(PORT);
ret = bind(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_in));
if (ret < 0) {
perror("Unable to bind port");
exit(-1);
}
fl = sizeof(addr);
getsockname(s, (struct sockaddr *)&addr, &fl);
ret = listen(s, 10);
if (ret < 0) {
perror("Listen failed");
exit(-1);
}
fl = sizeof(struct sockaddr_in);
ret = fork();
if (ret == -1) {
perror("Unable to fork");
exit(-1);
}
if (ret > 0) {
printf("EBNC v2 by enderX -- started in background. [pid: %d]\n", ret);
exit(0);
}
while (1) {
FD_ZERO(&wfds);
FD_ZERO(&fds);
FD_SET(s, &fds);
ss = socketlist;
while (ss->next != NULL) {
FD_SET(ss->next->csock, &fds);
if (ss->next->stat == S_CONN)
FD_SET(ss->next->ssock, &fds);
if (ss->next->stat == S_DOWR) {
FD_SET(ss->next->ssock, &wfds);
FD_SET(ss->next->ssock, &fds);
}
ss = ss->next;
}
select(FD_SETSIZE, &fds, &wfds, NULL, NULL);
if (FD_ISSET(s, &fds)) {
ret = accept(s, (struct sockaddr *)&addr, &fl);
ss = socketlist;
while (ss->next != NULL)
ss = ss->next;
ss->next = (struct socket_t *)malloc(sizeof(struct socket_t));
memset((struct socket_t *)ss->next, 0, sizeof(struct socket_t));
ss->next->next = NULL;
ss->next->prev = ss;
ss->next->csock = ret;
ss->next->stat = S_NONE;
ret = fcntl(ss->next->csock, F_GETFL, 0);
ret |= O_NONBLOCK;
fcntl(ss->next->csock, F_SETFL, ret);
continue;
}
ss = socketlist;
while (ss->next != NULL) {
if (FD_ISSET(ss->next->csock, &fds)) {
memset((char *)buf, 0, MAX_BUFFER + 1);
ret = read(ss->next->csock, buf, MAX_BUFFER);
if (ret == -1) {
if ((errno != EAGAIN) && (errno != EINTR)) {
killsock(ss->next);
continue;
}
}
if (ret == 0) {
killsock(ss->next);
continue;
}
fl = ret;
if ((ss->next->stat == S_NONE) || (ss->next->stat == S_PASS))
parse_user(ss->next, buf);
else {
ret = write(ss->next->ssock, buf, fl);
if (ret == -1) {
killsock(ss->next);
continue;
}
}
}
if ((ss->next->stat == S_DOWR) && (FD_ISSET(ss->next->ssock, &wfds))) {
write(ss->next->ssock, ss->next->user, strlen(ss->next->user));
ret = write(ss->next->ssock, ss->next->nick, strlen(ss->next->nick));
if (ret == -1) {
c_printf(ss->next, "NOTICE AUTH :Connection failed!\n");
ss->next->stat = S_PASS;
} else {
c_printf(ss->next, "NOTICE AUTH :Connection suceeded\n");
ss->next->stat = S_CONN;
}
}
if ((ss->next->stat == S_CONN) && (FD_ISSET(ss->next->ssock, &fds))) {
memset((char *)buf, 0, MAX_BUFFER + 1);
ret = read(ss->next->ssock, buf, MAX_BUFFER);
if (ret == -1) {
if ((errno != EAGAIN) && (errno != EINTR)) {
killsock(ss->next);
continue;
}
}
if (ret == 0) {
killsock(ss->next);
continue;
}
fl = ret;
ret = write(ss->next->csock, buf, fl);
if (ret == -1) {
killsock(ss->next);
continue;
}
}
ss = ss->next;
}
}
}
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^
±±±±±±±±±±±±±±±±±±±±| THE BATTLE OF THE BROWSERS |±±±±±±±±±±±±±±±±±±±±
±±±±±±±±±±±±±±±±±±±±| .:By ergophobe:. |±±±±±±±±±±±±±±±±±±±±
This article isn't a "How To..." article, nor is it explaining how anybody
who knows less than me is a 'L4MeR' (like so much of the stuff in 'zines
is right now). Just something to make you think a bit about the reason that
Microsoft are supposedly putting Netscape out of business, but Netscape
still seems to be alive and well.
First, a little background information: Initially, Netscape had to be paid
for and licenced in the same way as most software for home use. Although
Netscape has always been free for educational establishments. It was based
on the source code for the Mozaic browser. Then, along came Microsoft's
Internet Explorer, which was free and also based on the Mozaic source code.
Nobody wanted to buy from Netscape what they could get free from Microsoft,
so Netscape were forced to follow suit and make their browser free as well.
Unsurprisingly, Netscape began to make huge losses, and are now owned by
AOL (who incidentally still distribute Internet Explorer with their dial up
software). Microsoft was also taken to court over the intergration of IE4
into Windows 98. Nothing came of this action, and Win 98 was released as
planned.
Several surveys have shown that those who have been working with computers for
a long time are more likely to use a Netscape browser. The point that this is
demonstrating is that more advanced users tend to go for Netscape, and those
who have been using the internet since before there was an alternetive to
Netscape are more familiar with it. There's also those people who just don't
like Microsoft. Even withstanding the fact that Internet Explorer is noticibly
faster at handling JAVA and supports more JAVA functions. It is also less prone
to choke on large numbers of tables, forms and pictures. Things which tend to
bring even the proverbial 'Ninja PC' to a standstill in Netscape.
But surely there is more to it than force of habit and hatred for Microsoft.
Of course there is. For a start, the more advanced users among us are more
likely to use a unix/linux/BSD OS. A *nix version of Internet Explorer isn't
quite as stupid as it might sound at first. After all, on a standard
installation of Windows 9x you would probably expect to find a copy of Apple
QuickTime. And AT&T (inventors of Unix) have released various mail programs for
Windows. So why not a *nix version of Internet Explorer?
Sticking to the battle within the Windows OS though, Netscape does have one HUGE
advantage over IE. User profiles. With Netscape, you can let each user have
seperate preferences, different cache folders, mail settings and more. Very
useful on computers which are used by a lot of people. IE however lacks this
feature.
The other thing which a lot of people find particularly irritating is the way
that IE insists on integrating itslef into Windows. It can be quite irritating
having all the sites you have visited logged in lots of strange places, a cache
which you can't delete through DOS (you try it), and the desktop 'enhancements'.
Desktop annoyances would be more appropriate. Perhaps I'm being strange, but I
prefer to be able to tinker about with stuff when I install a program, and it
helps if its all in the same place. A full install of IE4 which takes up about
70Mb (don't really know about IE5) places 1.4Mb of data in the folder you
specify, and scatters the other 98.6Mb of it merrily around various bits of
your Windows folder and installs all its little spinoff applications (frontpage,
outlook etc) in various locations in 'program files'. Whereas Netscape's
installation is pretty logical (well mostly. It does tend to keep cache folders
from old versions). It actually installs it where you tell it to and its smaller
too. I must say that I prefer the Outlook email client to Netscape's Messenger,
but on balance, the suite of programs that accompany the browser is better with
Netscape too.
If Microsoft were to sort their act out, and include user profiles and make a
nicer less messy installation, then perhaps more of the 'advanced' users would
use it, or if Netscape would sort its handling of JAVA and large page content,
maybe more of the newbies would use it. To be honest, the second looks more
likely, but for now, I'm sticking to Netscape.
Of course, we are completely forgetting Opera. It still doesn't have support for
JAVA or CSS (style sheets),but its fast, customisable, user friendly and it has
a pretty small intallation. And no crappy desktop 'enhancements'. This looks
like the one to watch. Unfortunately, you have to pay £22 for it (or crack it
if you are an evil and socially irresponsable person).
visit http://www.operasoftware.com for details.
ergophobe's shouts:
Erebus, psi, Pyr0-Pr0xy, CrossFire, linealtap, everybody I forgot and
'The New York Bagel co.' (food of the gods).
And if anybody wants to get in contact with me, send all your comments/feedback
/fan mail/gratuitous abuse to ergophobe@dial.pipex.com
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^
/*
-Volatile <vol@inter7.com> was here.
Somewhat slow way to generate all possible string combinations
between MIN and MAX at N characters long.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MIN 33 /* Low character */
#define MAX 126 /* High character */
int main(int argc, char *argv[])
{
unsigned char *buf = NULL;
int num = 0, i = 0, k = 0, l = 0;
num = 1;
if (argc > 1) {
num = atoi(argv[1]);
if (num < 1) {
printf("Invalid number.\n");
return 1;
}
}
buf = (unsigned char *)malloc(num);
if (buf == NULL) {
printf("Not enough memory.\n");
return 1;
}
memset((unsigned char *)buf, 0, num);
i = 0; k = 0; l = 0;
buf[0] = MIN;
while(1) {
printf("%s\n", buf);
if (buf[k] < MAX)
buf[k]++;
else if (buf[k] == MAX) {
for (l = k;;l--) {
if (buf[l] < MAX)
break;
if (l == -1)
break;
}
if (l == -1) {
k++;
if (k == num)
break;
for (l = 0; l < (k + 1); l++)
buf[l] = MIN;
}
else {
for (i = k; i > l; i--)
buf[i] = MIN;
buf[l]++;
}
}
}
free(buf);
return 0;
}
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^
Who said this zine had to be technical hehe
Guyz on IRC, and their style ;P
by lusta
Alright, I decided to write an article on style, since it's something I'm
familiar with hehe. Style being defined as "fashion", or a certain appearance
or demeanor. Since the certain stereotype of guys online, seems to be a
somewhat undesireable one, I figured I'd find out, and if that being the case
offer suggestion and 'pointers'. I could easily make this about what I like, or
appreciate fashionwise, for a guy, but I didn't want to do that. So included
females in the survey, to get their likes/dislikes. After taking a survey of
about 40 people on irc, I was able to create some assumptions to base this
article on. The people i surveyed generally ranged in age and location,
from like age 15 to 25.
The first thing i noticed, after doing the survey, was that the style that
guys online express seems to be influenced by their location, age, music
preference, and yes...even by irc (or I should say, the habits that irc offers).
One of the questions in the survey, asked if the subject felt as they could
be considered 'stylish'. The answers ranged, some guys were confident
about their style, could describe it; some, thought they had style, but
couldn't really give it a name or 'type'; and of course, there were a few
guys that claimed to be without style. So for those guys, that feel as though
they're lacking style...we're gonna give you some direction today, take it as
you like.
Guys online seem to have different ideas of what girls like and dislike. The
overall response from the girls is that, they appreciate cleanliness, a sort of
'laidback look', and no...that personal sweaty smell, that you consider
'fragrance' isn't much of a turn on. So, I guess, here's a few ideas, of what
to look for...maybe some do's and don'ts might be helpful.
Do Don't
--------------------------------------------------------------------------------
Wear a light fragrance, something Wear the same smelly stuff your
that smells clean and soft. grandpa wears, or that your aunt
bought...and when you do find the
right fragrance, don't use too
much.
Keep your hair trimmed, even if you The damaged/deadend, bleached,
like to wear your hair long. Use bigass hair look went out wif guns
decent haircare products, just as you and roses in the 80's.
guys appreciate a girl's hair to be
soft and healthy, we appreciate the
same.
Loose and laidback clothes look nice Do not think that girls like that
and casual. Be comfortable, and look it. tight jean look. You think we
Although, keep your pants on, too wanna see what's underneath...
baggy, can look sloppy. WELL YOU'RE WRONG! ugh repulsive..
Keep your skin nice...do you realize I guess some girls are into that
what us girls go through, to keep our gotic look, which is fine. I
skin looking nice? For you guys, it's didn't come across any in the
much easier..simply clean your skin survey, but I'm not going to
using facial cleansor in the before disregard what they like. So, for
shower, and before bed. you guys that do wear makeup
don't leave it on when you go to
bed.
Ok, now to undies hehehe...boxers or Don't insist on inheriting your
like, those boxer briefs (usually dad's trend in undergarments.
made by calvin klein) are preferred. Give up those Fruit of the Loom
We like boxers, so why not wear em? ;P your mom always bought. Do NOT
wear repulsive bikini underwear..
think they're sexy? well, they're
not.
Shoes...girls aren't extremely picky Just stay away from anything
about shoes, as long as you're wearing labeled "Hightops", and you'll be
the right kind of shoe, for the right fine hehe.
occasion.
I guess the main thing, is to be comfortable with what you do choose to be your
particular style. Just, take care of yourself. I must admit that I enjoyed
writing this article. The personalities of the people online surely offer a
certain 'style' that is appealing. Obviously, one's personality plays a huge
part in their appearance...with that in consideration, it's apparent to me, why
I luv you guyz so much. ;P
Thanks for your time, and help with the surveys...
~lusta
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~
Axs script vul
nerability
written by f0bic
f0bic@deadprotocol.org
Brief Description
The AXS webserver script by Fluid Dynamics(www.xav.com) allows unauthorized
third party users to make use of the ax-admin Administration/Configuration
module and remotely edit and/or delete log files and overwriting files on the
system. System resources compromization might also be one of the effects of
this vulnerability.
Vulnerable Platforms
Any operating system AXS is compatible with.
ie.
Unix Operating Systems (AXS cgi set)
WindowsNT Operating System (AXS perl set)
Vulnerability Description
The AXS Script, which is a cgi or perl script that keeps track of the number,
the source locations, the clientinfo of visitors to your http port(80). It
writes this data to an output file, named log.txt by default (but it can easily
be relocated). This log.txt is normally located in the cgi-bin directory of the
server, allowing write access to this directory.
The AXS cgi script contains two .cgi appended files; axs.cgi and ax-admin.cgi
respectively. The axs.cgi file is the one that actually "grabs" the info about
the visitors and then writes them to log.txt (or wherever you relocated this
too). The ax-admin.cgi is the the configuration file for the axs.cgi script.
The ax-admin.cgi is default passworded by "IronMan" and sometimes is even left
blank. Due to this weak access security it is very easy to gain "configuration
access" to the axs.cgi script, allowing you to reconfigure it, delete the log
files, change the location of the logs.
The default location for the AXS script is:
http://www.server.com/cgi-bin/ax.cgi.
The default location for the AXS Admin script is:
http://www.server.com/cgi-bin/ax-admin.cgi.
To obtain access to the ax-admin.cgi module by default you get a password
screen issued, Ironman being the default password. The password is determined
by the characters in the $password="*" field of the ax-admin.cgi hardcode ("*"
being a the default/chosen password or a blank). Most of the time I have seen
the password field to be left blank or defaulted. If the password is left blank
you will not be prompted for a login screen, instead it will automatically drop
you into the ax-admin configuration page. From this point on you can alter files
on the server system, possibly resulting in Denial-of-Service attacks against
the system's resources.
Solution
The AXS problems relate to a lack of resources that could suffice for secure
business applications. The AXS script on the other hand has been developed for
ease of use, not for trouble of security; this is one of the mistakes that
Fluid Dynamics has made. The easy way is not to run with none or default
password on the ax-admin.cgi module. I have informed Fluid Dynamics about the
fact that I have seen servers where the ax-admin password was the same as the
one for a valid shell account on that system. Fluid Dynamics has also gone
through no trouble at all to encrypt any of the passwords used in the ax-admin
verification.
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~
_.-._ ..-.. _.-._
(_-.-_) /|'.'|\ (_'.'_)
.\-/. \)\-/(/ ,-.-.
__/ /-. \__ __/ ' ' \__ __/'-'-'\__
( (___/___) ) ( (_/-._\_) ) ( (_/ \_) )
'.Oo___oO.' '.Oo___oO.' '.Oo___oO.'
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~
Using Wingates
by pbxphreak <chris@lod.com>
Using Wingates for IRC!
Wingates, Wingates, Wingates. What to do with them? Well simple. You can
either use it to bounce off IRC with. First off. You need to find a
WinGate. There are several scanning programs out there mostly for
windows. Since I dont use windows, I cant help you there. I have included
a program below that verifies ip address that are wingates. It checks
ips.in (which an ip address on a serate line) and verifies the wingate if
its valid or not. There is a program for Linux called z0ne. What you can
do with z0ne is tell it to scan all of a domain. For example ./z0ne
uunet.ca > uunet.ca.log That would simply write to a file, every single
ip address uunet.ca uses. Which is alot :) You can find z0ne somewhere on
the net. It works with Linux, if you need it you can email me and I can
send it to you. I use a combination of 2 programs. I use the wingate
checker to verify the wingate and also a scanner that scans for a
certain port on a classb or classc (which I cant give you because its a
private program). So from there i just verify the file with the ips, so
its pretty easy.
Once you found some Wingates you can use them now. If you want to use them
on IRC you have to do the following:
- load up yer irc program. may it be ircII, ScrollZ, BX, mIRC, Pirch etc.
do /server wingate addy 23 (this connects to the wingate on port 23)
do /quote irc.prison.et 6667 (this connects to prison irc server)
do /quote NICK ircboy (this sets your nick to ircboy)
do /quote USER ircboy 0 0: ircgeek
- (this would set yer user name to ircboy and real name to ircboy in
the night)
You now should be connected. The hard things about using wingates on irc
is, you need to find a irc server that will let you connect :)
Below is the wingate verifier. Remember to have a file called ips.in which
contains an ip address per line and this will be verified and resule will
be stored in ips.out
------------------- SNIP ---------------------
/* wgcheck.c
* cc -o wgcheck wgcheck.c
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <netdb.h>
#include <fcntl.h>
#include <errno.h>
#include <signal.h>
#include <stdio.h>
#include <time.h>
#include <stdarg.h>
#include <ctype.h>
#include <arpa/inet.h>
extern int hexstr;
static int sockfd2;
static int sockfd;
static int gatenum = 0;
static int toscan = 0;
#define DEF_FILE "ips.in"
#define OUT_FILE "ips.out"
#define socktimeout 10
#define longtime 3000
#define getthetime() time((void *)0)
int sigalrm_handler(int sig)
{
close(sockfd);
return;
}
int main()
{
FILE *in;
FILE *server_file;
int i;
time_t ct;
char *sockfile;
char sockip[1024];
sockfile = DEF_FILE;
printf("wgcheck\n");
printf("\n");
in = fopen(sockfile,"r");
while(fgets(sockip,80,in))
{
if(sockip[0] == '\0')
{
fclose(in);
exit(1);
}
sockip[strlen(sockip) -1] = '\0';
toscan++;
}
fclose(in);
printf("Loaded %i gates to scan\n",toscan);
printf("\n");
in = fopen(sockfile,"r");
while(fgets(sockip,80,in))
{
if(sockip[0] == '\0')
{
fclose(in);
exit(1);
}
sockip[strlen(sockip) -1] = '\0';
signal(SIGALRM, sigalrm_handler);
alarm(socktimeout);
toscan--;
printf("Scanning %s (%i more to go)\r",sockip,toscan);
fflush(stdout);
printf(" \r");
wingate(sockip);
signal(SIGALRM, sigalrm_handler);
alarm(longtime);
}
printf("Done checking!\n");
printf("%i wingates found\n",gatenum);
fclose(in);
exit(1);
}
int wingate(char *host)
{
int wgsock;
int e;
int d;
FILE *ips;
int numbytes;
char buf[1024];
struct in_addr MyHostAddr;
struct hostent *he;
struct sockaddr_in sin;
fd_set gateset;
struct timeval tv;
sockfd = socket(AF_INET, SOCK_STREAM, 0);
sin.sin_family = AF_INET;
sin.sin_port = htons(23);
sin.sin_addr.s_addr = inet_addr(host);
if(sin.sin_addr.s_addr == INADDR_NONE)
{
he = gethostbyname(host);
if(!he)
{
close(sockfd);
return;
}
memcpy(&sin.sin_addr, he->h_addr, he->h_length);
}
e = connect(sockfd, (struct sockaddr *)&sin, sizeof(sin));
if (e < 0)
{
close(sockfd);
return;
}
FD_ZERO(&gateset);
FD_SET(sockfd, &gateset);
tv.tv_sec = 10;
tv.tv_usec = 0;
d = select(sockfd+4, NULL, &gateset, NULL, &tv);
if(d == 0)
{
close(sockfd);
return;
}
numbytes = read(sockfd, buf, sizeof(buf));
buf[numbytes] = '\0';
if(numbytes == 9) {
numbytes = read(sockfd, buf, sizeof(buf));
buf[numbytes] = '\0';
if (strcmp(buf, "WinGate>") == 0) {
close(sockfd);
gatenum++;
printf("Open wingate server found on %s (gate #%i) (%i left to scan)\n",host,gatenum,toscan);
ips = fopen(OUT_FILE,"a");
fputs(host, ips);
fputs("\n", ips);
fclose(ips);
return;
}
}
}
Here are some gates to get you started:
dns.yoshinomasa.co.jp
ns.joban-power.co.jp
ns.sanshusha.co.jp
ns.sunshine.co.jp
uni.eltron.ee
Well, here comes the end to another one of my articles. Well hope you had
fun, try it out, and have some fun. CYA!
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~
Make your own weapon!@ We know you look forward to this in every issue :/
Aight, you know i gotta go old skewl for this one, from the secret philes of
Jolly Roger hehe. Tennis Ball bomb, everybody loves this one. It's simple and
very entertaining. Werd, so here it is...tennis ball bomb...
Equipment:
----------
strike anywhere matches
tennis ball...hence the name ;-/
duct tape
sharp knife or something that could cut into the ball
Instructions:
-------------
Break a ton of the strike anywhere matchheads off. Then cut a tiny hole
in the tennis ball. Pack all of the matchheads into the ball, until you
it's all full.Then tape over the hole with duct tape. The match head have
to be VERY tight together, so that it can spark as soon as it makes contact.
Then wen you see that lame hax0r walking down the street give him a nice ball
in the arm to let him know your presence hehe...
,odOO"bo,
,dOOOP'dOOOb,
,O3OP'dOO3OO33,
P",ad33O333O3Ob
?833O338333P",d <~ LOOKS KINDA LIKE THIS! HEH!@
`88383838P,d38'
`Y8888P,d88P'
`"?8,8P"'
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-phog-
br1ng1ng b4ck the 0ld skewl trickz
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^
/*
jellybelly.c by Volatile <vol@inter7.com> [30 Minutes]
This is only useful if you're a US resident.
Every three months you're allowed to fill out a survey at
http://www.jellybelly.com, and they send you a free jellybean
sample with like 10-15 random jellybeans. The trick is,
the survey opens randomly each day, and allows for the first
500 people who fill out the survey.
This program monitors the status of the survey and tells you
when it is open, and when it has closed, etc. The program
does not shut down when the survey opens and then closes,
it continues to report the status of the survey until you
kill the process.
Usage: jellybelly [-n]
By default the program goes into the background and logs to
syslog, the -n option removes going into the background,
and prints to the screen instead. You can change how it
logs to syslog with the SYSLOG_* definitions.
gcc -o jellybelly jellybelly.c
If in the event your system doesnt like the syslog code:
gcc -o jellybelly jellybelly.c -DNO_SYSLOG
If you are not logging to syslog, and NOISY_CONSOLE is defined,
when the survey opens, 100 beeps (2 per second), will be sent
to notify you.
*/
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#ifndef NO_SYSLOG
#include <syslog.h>
#include <varargs.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#define HOST "205.158.47.41"
#define PORT 80
#define DELAY 1
#define NOISY_CONSOLE
#ifndef NO_SYSLOG
#define SYSLOG_OPT LOG_PID
#define SYSLOG_FAC LOG_USER
#define SYSLOG_PRI LOG_INFO
#endif
#define S_OPEN 0
#define S_EARLY 1
#define S_LATE 2
#define MAX_BUFFER 100
#define QUERY "GET /SurveyStartUS.cgi?cache=no HTTP/1.0\n\n"
int s = 0;
char status = 0, z0t = 0, lstatus = 0, lz0t = 0;
#ifndef NO_SYSLOG
char syslogn = 0;
#endif
int query_server(void);
void parse_server(void);
void sig_alrm(int);
void outuser(char *);
#ifdef NOISY_CONSOLE
void beepit(void);
#endif
int main(int argc, char *argv[])
{
int ret = 0, pid = 0;
#ifndef NO_SYSLOG
syslogn = 1;
#endif
status = 0; z0t = 0; lstatus = 0; lz0t = 0;
printf("---------------------------------------------------------\n" \
"jellybelly.c v1.0a by Volatile <vol@inter7.com> (9/13/99)\n" \
" www.jellybelly.com \n" \
"---------------------------------------------------------\n");
#ifndef NO_SYSLOG
if (argc > 1) {
if (!(strcmp(argv[1], "-n")))
syslogn = 0;
}
if (syslogn) {
openlog("jellybelly", SYSLOG_OPT, SYSLOG_FAC);
pid = fork();
if (pid) {
printf("[PID: %d] (Logging to syslog)\n", pid);
exit(0);
}
}
#endif
signal(SIGALRM, sig_alrm);
signal(SIGPIPE, SIG_IGN);
while(1) {
ret = query_server();
if (ret)
parse_server();
sleep(DELAY);
}
}
int query_server(void)
{
int ret = 0;
struct sockaddr_in addr;
memset((struct sockaddr_in *)&addr, 0, sizeof(struct sockaddr_in));
addr.sin_family = AF_INET;
addr.sin_port = htons(PORT);
addr.sin_addr.s_addr = inet_addr(HOST);
s = socket(AF_INET, SOCK_STREAM, 0);
if (s == -1)
return 0;
alarm(10);
ret = connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_in));
alarm(0);
if (ret == -1) {
close(s);
return 0;
}
ret = write(s, QUERY, strlen(QUERY));
if (ret < (strlen(QUERY))) {
close(s);
return 0;
}
return 1;
}
void parse_server(void)
{
int ret = 0, inc = 0, linc = 0;
char *h = NULL, *t = NULL, in[MAX_BUFFER];
inc = 0;
memset((char *)in, 0, MAX_BUFFER);
z0t = S_OPEN;
while(1) {
if (!(MAX_BUFFER - inc))
break;
alarm(10);
ret = read(s, (in + inc), (MAX_BUFFER - inc));
alarm(0);
if (ret < 1)
break;
inc += ret;
for (ret = 0, linc = 0, t = h = in; h < (in + inc); *h++) {
if ((*h == '\n') || (*h == '\r')) {
*h = '\0';
if ((*t != '\n') || (*t != '\r')) {
if (!(strncasecmp(t, "Location: ", 10))) {
if (lz0t == S_OPEN) {
if (status)
outuser("The survey has closed");
status = 0;
}
z0t = S_EARLY;
t += 10;
if (!(strcmp(t, "http://205.158.47.41/early_US.html"))) {
z0t = S_EARLY;
if (z0t == lz0t) {
if (!status)
outuser("Too early");
}
else {
if (lz0t == S_LATE)
outuser("The survey has been reset");
outuser("Too early");
}
}
else if (!(strcmp(t, "http://205.158.47.41/sorry_US.html"))) {
z0t = S_LATE;
if (z0t == lz0t) {
if (!status)
outuser("Too late");
}
else
outuser("Too late");
}
else {
outuser("Unknown redirection [EXITING]");
#ifndef NO_SYSLOG
if (syslogn)
closelog();
#endif
exit(0);
}
status = 1;
}
}
linc += (strlen(t) + 1);
*h++;
if ((*h == '\n') || (*h == '\r')) {
*h++;
linc++;
}
t = h;
}
}
ret = (inc - linc);
memcpy((char *)in, (char *)(in + linc), (MAX_BUFFER - ret));
memset((char *)(in + ret), 0, (MAX_BUFFER - ret));
inc = ret;
}
close(s);
if (!z0t) {
if (!status) {
outuser("\007****************************");
outuser("\007The survey is currently open");
outuser("\007****************************");
status = 1;
#ifdef NOISY_CONSOLE
beepit();
#endif
}
else {
if (lz0t) {
outuser("\007*********************");
outuser("\007The survey has opened");
outuser("\007*********************");
#ifdef NOISY_CONSOLE
beepit();
#endif
}
}
}
lz0t = z0t; lstatus = status;
}
void sig_alrm(int x)
{
signal(SIGALRM, sig_alrm);
}
void outuser(char *msg)
{
#ifndef NO_SYSLOG
if (!syslogn) {
printf("%s\n", msg);
return;
}
syslog(SYSLOG_PRI, *msg == '\007' ? (msg + 1) : msg);
#else
printf("%s\n", msg);
#endif
}
#ifdef NOISY_CONSOLE
void beepit(void)
{
int i = 0;
#ifndef NO_SYSLOG
if (!syslogn) {
#endif
for (i = 0; i < 100; i++) {
putchar('\007');
fflush(stdout);
usleep(500);
}
#ifndef NO_SYSLOG
}
#endif
}
#endif
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~
-Basic UNIX Commands And What They Are Used For-
by: leprekaun (magnum40@lanmine.net)
*note* This article is written for those who are getting started in a UNIX
environment. Some of these commands are the very most basic and some of them
are quite intermediate. Below you will find a list of basic UNIX commands
and what they are used for. All of you UNIX guru's that read this article
don't send me e-mails flaming me for how lame I am, because these are BASIC
commands for UNIX NEWBIES. I hope you enjoy this article as much as I enjoyed
writing it.
COMMAND------------------------------PURPOSE
ls-----------------list files in current directory.
whoami-------------your identity (username).
who----------------users currently logged into computer.
pwd----------------shows current directory.
man (command)------basically tells you how to use a command.
vi-----------------text editor.
gcc----------------unix C compiler (more intermediate than anything).
cd-----------------change directory, cd alone returns to home directory.
rm (filename)------remove, or delete file.
rmdir--------------remove directory.
tar -cvf (file.tar) (file/dir)-tar a file.
tar -xvf (filename)-untar a file.
echo (words)-------echoes what you type.
mkdir--------------makes directory.
date---------------tells you the current date.
chmod--------------change file permissions.
lynx---------------web browser.
cp-----------------copy.
mv-----------------move, or rename.
more, cat----------list a file.
passwd-------------change password.
kill---------------kills a process.
logout, exit-------logoff.
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~
Introduction to DHCP part: 1
by spoofy
spoofy@713.org
http://sgoat.mathnet.org/0code.htm/
This is the first in a set of 3 documents explaining dhcp and how it works.
Part 1 will simply provide an introduction to dhcp. It may have spelling and
other errors ..if it does feel free to run spell check on it ...trust me i dont
mind :)
Dhcp stands for Dynamic Host Configuration Protocol. DHCP is used on most
local area networks. It allows computers on a IP network to get their config
from a server. This server is of course the DHCP server. DHCP is based greatly
on a client/server model. This makes it easy as hell to have a large network
setup and add computers. Just enable a dhcp client and plug it into the network
and you are ready to go. When they start up they will have a IP address
assigned to them (static or dynamic) and all the configuration needed to access
the network. Just about any idiot can configure a dhcp client. When configuring
a dhcp client you do not have to enter a server IP address. The client will
broadcast packets until the server assigns it a ip address. If it sounds a lot
like BOOTP then you are right. DHCP was based on BOOTP with a few changes.
There is no DNS type system setup for DHCP with dhcp you have nothing but IP
addresses unless you have a speical setup going. If you have over 300 computers
networked via dhcp you wouldnt want only 1 server to handle all those machines.
A DHCP server can be backed by another DHCP server. But this is not done
through the DHCP protocol. It is done via the "server to server protocol" (read
about that somewhere else :P ).
The ideas behind DHCP are great, it makes it easy to setup a large local area
network quickly. But if you need DNS on the local area network or if you are
worried about 1 server handling 300 machines then DHCP may not be for you. DHCP
does have some security flaws. It is open to spoofing attacks and I will
explain that in the next article and maybe have some source code. In part 2 I
will go into more detail on DHCP and in part 3 cover possible exploits and ways
to improve the protocol. If I have said something that may be inaccurate feel
free to email me with documentation backing your idea or if you simply feel i
should include something let me know.
spoofy
References :
The DHCP FAQ
http://outland.cyberwar.com/~matrix/data/dhcp-faq.txt
RFC 1541
http://www.cis.ohio-state.edu/htbin/rfc/rfc1541.html
^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
; Super Simple example of CGI coding in win32 assembly language.
; (c)1999 by Jeremy Collake
; http://webpages.charter.net
; collake@charter.net
; ---------------------------------------------------------------
;
; This little program demonstrates CGI implementation in win32asm.
; It simply dumps the value of all filled CGI environment variables
; to the requesting agent.
;
;
extrn ExitProcess:PROC
extrn WriteConsoleA:PROC
extrn GetStdHandle:PROC
extrn WriteFile:PROC
extrn ExpandEnvironmentStringsA:PROC
extrn lstrcmp:PROC
extrn lstrlen:PROC
extrn GlobalAlloc:PROC
extrn GlobalFree:PROC
.486p
locals
jumps
.model flat,STDCALL
.data
cr equ 0dh
lf equ 0ah
hstdo dd 0
hMem dd 0
byteswrote dd 0
htmlstart db 'Content-Type: text/html', cr,lf,cr,lf
html_pre db '<HTML><BODY bgcolor="black"><FONT color="blue">Jeremy''s CGI Environment Variable Dumper<BR></FONT><FONT color="white">',0
Separator db ' = ',0
Post db '<BR>',0
htmlends db '</FONT></BODY></HTML>',0
EnvVariablePointers:
dd offset e1
dd offset e2
dd offset e3
dd offset e4
dd offset e5
dd offset e6
dd offset e7
dd offset e8
dd offset e9
dd offset ea
dd offset eb
dd offset ec
dd offset ed
dd offset ee
dd offset ef
dd offset e10
dd offset e11
dd offset e12
dd offset e13
dd 0
EnvVariables:
e1 db '%SERVER_SOFTWARE%',0
e2 db '%SERVER_NAME%',0
e3 db '%GATEWAY_INTERFACE%',0
e4 db '%SERVER_PROTOCOL%',0
e5 db '%SERVER_PORT%',0
e6 db '%REQUEST_METHOD%',0
e7 db '%PATH_INFO%',0
e8 db '%PATH_TRANSLATED%',0
e9 db '%SCRIPT_NAME%',0
ea db '%QUERY_STRING%',0
eb db '%REMOTE_HOST%',0
ec db '%REMOTE_ADDR%',0
ed db '%AUTH_TYPE%',0
ee db '%REMOTE_USER%',0
ef db '%REMOTE_IDENT%',0
e10 db '%CONTENT_TYPE%',0
e11 db '%CONTENT_LENGTH%',0
e12 db '%HTTP_ACCEPT%',0
e13 db '%HTTP_USER_AGENT%',0
.code
start:
call GetStdHandle,-11
mov hstdo,eax
call WriteString,offset htmlstart
lea esi,EnvVariablePointers
jmp mEnvLoop
EnvLoop:
call GlobalFree,hMem
mEnvLoop:
lodsd
or eax,eax
jz EnvLoopEnds
mov edi,eax
call GlobalAlloc,64,101h
mov hMem,eax
call ExpandEnvironmentStringsA, edi, eax, 100h
call lstrcmp,hMem,dword ptr [esi-4]
jz EnvLoop
call WriteString,dword ptr [esi-4]
call WriteString,offset Separator
call WriteString,hMem
call WriteString,offset Post
jmp EnvLoop
EnvLoopEnds:
call WriteString,offset htmlends
call ExitProcess,0
GetSHandle proc
ret
GetSHandle endp
WriteString proc pString:DWORD
call lstrlen,pString
call WriteFile,hstdo,pString,eax,offset byteswrote,0
ret
WriteString endp
end start
ends
^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
[the signal game]
small guide on how to handle
signals sent to your program, in C.
written and produced by: pablo
This was written due to my lack of time for a decent project. Hopefully,
next time I'll have a project to share with you all. Let it be known that
this was written in Linux. Since I wrote this with little thought, it
was meant to be read by a unix neophyte.
WARNING: This is *not* in-depth. Novices may not be educated.
* what the hell is a signal?
Lets start out with a small example:
[/home/presonic] # ps uax | grep named
root 342 0.0 0.9 1004 612 ? S 15:23 0:00 named
[/home/presonic] # kill -9 342
I'm sure anyone thats spent over 24 hours in a Unix environment has done
this before. I just signal number 9 to the PID (process ID) 342. Well
what is signal number 9? Lookie here:
[/home/presonic] $ grep -w 9 /usr/include/signum.h
#define SIGKILL 9 /* Kill, unblockable (POSIX). */
So, we see here, that signal 9 is the KILL signal. This KILL signal is
unblockable by the process. This is both a good thing, and a bad thing.
The advantage, obviously, is to stop someone or something from creating an
unkillable process. The disadvantage would come when this signal is sent
while sensitive data is being written or handled, which could lead to
corruption. Now lets take a look at some more signals.
#define SIGSEGV 11 /* Segmentation violation (ANSI). */
I'm sure you've seen this one. This is a signal that would be sent by the
kernel when the process has done something wrong. For example, buffer
overflows. When a program overflows a string, the kernel tells it by sending
signal 11 (SIGSEGV) to the processes PID.
#define SIGWINCH 28 /* Window size change (4.3 BSD, Sun). */
Though you might not know it, this signal is sent everytime you change the
size of your xterm (this is only an example). This lets the proper process
(pine, pico) reorganize itself so it looks good no matter how many times the
window size is changed.
#define SIGINT 2 /* Interrupt (ANSI). */
You send this signal everytime you ^C out of a program. (Linux)
Now should understand a little better what a signal is and how very important
it is to every UNIX variant. Please refer to /usr/include/signum.h for more
signals.
* playing the signal game.
Now its time to code.
Keep in mind that you can stop/ignore all signals *except* for SIGKILL and
SIGSTOP. If you *could* block all signals, then it would be possible to make
a process that couldn't be killed (this would be bad).
Be default, most programs don't need to worry about signals. Your program
will respond to the signals that matter. Some signals just terminate your
process. Some terminate with a core dump. With signals you can actually
pause a process, and resume it later. When you exit a program with a ^Z
(again, Linux) you are actually pausing it. The signal SIGSTOP is sent, and
the program stops dead in its tracks. You can then resume the program by
sending a SIGCONT (signal continue). Resuming something that is ^Z'd could
either be done by fg, or bg, depending on the action you want to have take
place (other commands can STOP/RESUME PID'S, but that isn't what I'm here to
write about).
NOTE: Signal catching is also important for gui applications. When a window
manager trys to kill a process, a signal is sent, and by default the application
quits. Some gui applications would need to catch the signal to save
configuration files and such before exiting.
In order to catch a signal, we must specify to the kernel which function
we want to be called. Consider this "binding" a signal to a function.
Now. Lets write an example program that catches the SIGINT signal.
/******************** CUT HERE ********************/
/*
signal.c
example signal handling
gcc -o signal signal.c
*/
#include <stdio.h>
#include <signal.h> /* needed for all signal handling. */
static void sig_stop(int);
int main()
{
if(signal(SIGINT, sig_stop) == SIG_ERR)
perror("error catching signal"); /* in case signal() fails */
getchar();
}
static void sig_stop(int sig_number) /* sig_number would be the 0 number */
{
printf("j00 c4n n0t st0p m3. (signal number: %d)\n",sig_number);
perror("signal");
}
/******************** CUT HERE ********************/
Compile that. Run it. Then try to interrupt it (^C). As you can see,
the interrupt signal (SIGINT) was caught, and our function was called instead
of having the default action take place (normally it terminates).
* the end.
You've heard me babble enough. You've seen the light. For more
information:
man signal
man sigaction/sigprocmask/sigpending/sigsuspend
advanced unix programming by w. richard stevens. (ISBN 0-201-56317-7)
bye.
EOF
^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
PC Based PBX Terms
by pbxphreak <chris@lod.com>
ACD - automatic call distribution systems distribute incoming calls among
banks of call handling agents. They manage queues of on-hold callers
and use flexible call balancing algorithms to determine which agent
recieves each call
Automated Attendant - auto-attendant is a software module that lets you
create voice menus to handle incoming calls.
Auto-attendants provide a large selection of
call-routing and notification options, as well as
the ability to create complex multilevel menu
systems.
Caller ID popups - are floating windows that appear on the user's screen
when an incoming call arrives. Using Caller ID and
stored database records to identify the caller, they
let users screen incoming calls and define caller
specific greetings and routing procedures.
Call notification - is a phone-system feature that sends an automatic alert
via pager, by fax, or to an internal or external phone
number when a user receives voice mail.
Console programs - are applications that let administrators, operators and
users manage calls with a mouse or keyboard but without
using a telephone touch pad. Calls may appear in pop-up
windows, in drop-down lists, or in any of the ways that
windows applications can display information. Better
phone systems include remotecontrol console applications
accessible through a connection to the Internet.
Extensions - are virtual phone numbers assigned to a PBX's internal
lines. In most cases, each user's telephone handset has
a unique extension number.
IVR - interactive voice response systems add database
functionality to a standard auto attendant. They can
be used to create sophisticated voice applications that
report bank account balances or look up credit card
transactions.
Operator - is a live person who manually receives and transfers
calls, sets up conference calls, and performs other
call-handling operations. Most PBX systems can be run
with an operator, an auto attendant, or both.
PBX - private branch exchange is an in-house phone system
that uses switching functions to share a relatively
small bank of trunk lines among a larger number of
extensions. Modern PBXs also include extensive
selections of call-handling, routing, and notification
features.
PBX administrator - person who manages the phone system, performing tasks
such as adding and moving extensions, configuring
features, training users, and resolving hardware and
software problems. In smaller businesses, the
administrator may act merely as a liaison to
manufacturers and service organizations that perform
these tasks.
Port - is a physical interface that can be connected to either
a trunk line or a telephone extension. In a PC PBX,
ports are provided by add-in telephony cards.
PSTN - public switched telephone network is a public telephone
system.
T1 line - is a high-speed 1.5-Mbps phone line that can carry 24
analog phone calls at a time. Most carriers offer T1
trunks for a fraction of the cost of 24 single-channel
lines.
Toll quality - is the quality of sound produced by traditional analog
telephone systems.
Trunk lines - are external phone lines leased from your local phone
company.
^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
A look at SMTP by lusta...
Simple Mail Transfer Protocol (SMTP) is to transfer's mail.SMTP is
independent of the transmission subsystem and requires an ordered data
stream channel. Maybe this will offer a kind of insight to the process
of mail transfer.
SMTP is capable of relaying mail across transport service environments.
A transport service provides an interprocess communication environment (IPCE).
An IPCE may cover one network, several networks, or a subset of a network.
A process can communicate directly with another process through any known IPCE.
Mail can be communicated between processes in different IPCEs by relaying
through a process connected to two (or more) IPCEs. More specifically, mail
can be relayed between hosts on different transport systems by a host on both
transport systems.
As the result of a user mail request, the sender establishes a two-way
transmission channel to a receiver. The receiver may be either the ultimate
destination or an intermediate. SMTP commands are generated by the sender
and sent to the receiver. SMTP replies are sent from the receiver to the sender
in response to the commands.
Once the transmission channel is established, the sender sends a command
indicating the sender of the mail. If the receiver can accept mail it responds
with an OK reply. The sender then sends a RCPT command identifying a recipient
of the mail. If the receiver can accept mail for that recipient it responds
with an OK reply; if not, it responds with a reply rejecting that recipient
(but not the whole mail transaction). The dialog is purposely one-at-a-time.
-------------------------------------------------------------
+----------+ +----------+
+------+ | | | |
| User | | | SMTP |
+------+____| Sender- |Commands/Replies| Receiver-| _______
+------+ | SMTP |----------------| |----|SMTP |
| File | | | | & Mail | | || File |
|System| | | | | |System|
+------+ +----------+ +----------+ +------+
Sender Receiver
To be able to provide the relay the server must be supplied with the name
of the ultimate destination host as well as the destination mailbox name.
The argument to the mail command is a reverse-path, which specifies
who the mail is from. The argument to the RCPT command is a
forward-path, which specifies who the mail is to. The forward-path
is a source route, while the reverse-path is a return route.
There are three steps to SMTP mail transactions. The transaction
is started with a mail command which gives the sender identification.
A series of one or more RCPT commands follows giving the receiver information.
Then a command gives the mail data. And finally, data indicator confirms
the transaction.
I hope this offers a little insight on the process of SMTP, as email
has become almost a necessity for performance in even common personal and
professional communication and file transfer.
~lusta
^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
That's it for this issue...
__
Special thanks to everyone contributing. w c(..)o (
\__(-) __)
Much love to b4b0, 9x, phrack, and /\ (
alpha. ;) /(_)___)
w /|
| \
m m
