home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacks & Cracks
/
Hacks_and_Cracks.iso
/
hackersclub
/
km
/
library
/
hack
/
nntp.txt
< prev
next >
Wrap
Text File
|
1998-03-25
|
13KB
|
303 lines
############################################################################
############################## LEGIONS OF THE UNDERGROUND ##################
*********************************__ *********************_____ **** ____************
********************************/ /*********========***|___ /****/ ___/***********
*******************************/ /*********/ ___ /******/ /****/ /***************
******************************/ /*********/ / / /******/ /****/ /****************
*****************************/ /*********/ /__/ /******/ /****/ /*****************
****************************/ <______** / /******/ <____> /******************
***************************<__________| /_______/ *****(________/********************
(http://www.hackersclub.com/lou/)
by: PLaZma
Utilizing the NNTP port. Forging/reading/posting.
NNTP = Network News Transfer Protocol
Port 119
This assumes you have internet access, a telnet client, and about 2 ╜ brain
cells!
---------------------------------------------------------------------------
Newbie Note~
NNTP specifies a protocol for the distribution, inquiry, retrieval,
and posting of news articles using a reliable stream-based
transmission of news among the Internet community. NNTP is
designed so that news articles are stored in a central database
allowing a subscriber to select only those items he wishes to read.
-------------------------------------------------------------------------------------------------------------------------------------------
Their are two forms of NNTP, one is mailing lists, and the other is Usenet. We
will focus on USENET since forging to a mailing list can be done via port 25.
Unlike its mailing list companion Usenet is an efficient means of distributing
information quickly and reliably. Users view documents that have been
categorized / cross-referenced / sorted. Thus allowing the user to quickly
find the information that they are looking for, rather than going through
hundreds of emails directly to them searching for the one that pertains to
their person. This ends my brainless comparison since I don't really care if
it is efficient or not.
The good stuff! ~~
First off commands are not case sensitive, you don't have to worry about it.
Their are two types of responses: Text, and Status.
Text responses are preceded by a numeric status response line (We will get into
that soon). Simply, text is sent as a series of textual lines. The text input
will be terminated with a "." on a line by itself. To those who don't use
their brain....Its much like the hack we did on port 25, the SMTP port.
Now the Status response: Status response lines begin with a 3 digit numeric
code which is sufficient to distinguish all responses. Some of these may also
respond with a textual message. The first digit of the response broadly
indicates the success, failure, or progress of the previous command.
1xx - Informative message
2xx - Command ok
3xx - Command ok so far, send the rest of it.
4xx - Command was correct, but couldn't be performed for
some reason.
5xx - Command unimplemented, or incorrect, or a serious
program error occurred.
The next digit in the code indicates the function response category.
x0x - Connection, setup, and miscellaneous messages
x1x - Newsgroup selection
x2x - Article selection
x3x - Distribution functions
x4x - Posting
x8x - Nonstandard (private implementation) extensions
x9x - Debugging output
In general, 1xx codes may be ignored or displayed as desired; code
200 or 201 is sent upon initial connection to the NNTP server
depending upon posting permission; code 400 will be sent when the
NNTP server discontinues service (by operator request, for example);
and 5xx codes indicate that the command could not be performed for
some unusual reason.
Now, this is how you get to this. You can use some sort of windoze or linux or
whatever that is designed to be a usenet reader and you can read articles with
a simple point & click interface. Which is nice and easy, but not a good way
for hacking or a good way to learning about NNTP. Now, the way to really "Get
a feel" of the NNTP daemon is to use your favorite Telnet program and Telnet to
your news server ( e.g. Telnet News.Pacbell.Net) This will connect you to the
pacbell news server. Basically take your email address and chop off the front
leaving the last two, Joyschmoe@foobar.com is chopped to foobar.com . Then
you just add the News, so we have news.foobar.com. Now upon connect you should
have an idea of which group you would like to post to, if you don't....simply
give the LIST command and hold on to your hat for a LONG list of groups. If
you already have a group in mind Such as alt.warez or alt.2600 ...... in
which case you would enter the command : Group <alt.***>
The response should be something like this:
211 n f l s group selected
(n = estimated number of articles in group,
f = first article number in the group,
l = last article number in the group,
s = name of the group.)
411 no such news group
If successful this would then switch your "current article pointer", which is
internally maintained to the first article in the designated news group. It
will also return the article numbers of the first and last articles in the
group, as well as a estimate of the number of articles in that group. (Note:
These estimates are not always correct, it must only be the exact number or
greater than the amount of articles in the group)
Now we can do two things, Read or write an article. To read, if you know the
article number enter this command: ARTICLE [xxxxxx]
Where xxxxxx is the number of the article you would like to peruse. Or you can
use the message id in this fashion: ARTICLE <aaaaa>
Where aaaaa is the message id number. These both will display the header, a
blank line, followed by the body of the message. If you have any trouble with
the commands, simply do a HELP command and the news server will give you a list
of implemented commands. When Reading, I prefer to give a NEXT command which
will set my current article pointer to the next article, and giving me a text
reply which usually contains a SIX digit message number. Then I simply give
the command:
Body <xxxxxx>
Where the x's are the article number given by the NEXT command.
The LAST command will set your internally maintained "current article pointer"
to the last article in the mailing group.
Use this command to have the server give you all the news it has obtained since
your designated date timeà
NEWNEWS newsgroups date time [GMT] [<distribution>]
Here are two examples of server client conversations:
Example 1 - relative access with NEXT
S: (listens at TCP port 119)
C: (requests connection on TCP port 119)
S: 200 wombatvax news server ready - posting ok
(client asks for a current newsgroup list)
C: LIST
S: 215 list of newsgroups follows
S: net.wombats 00543 00501 y
S: net.unix-wizards 10125 10011 y
(more information here)
S: net.idiots 00100 00001 n
S: .
(client selects a newsgroup)
C: GROUP net.unix-wizards
S: 211 104 10011 10125 net.unix-wizards group selected
(there are 104 articles on file, from 10011 to 10125)
(client selects an article to read)
C: STAT 10110
S: 223 10110 <23445@sdcsvax.ARPA> article retrieved - statistics
only (article 10110 selected, its message-id is
<23445@sdcsvax.ARPA>)
(client examines the header)
C: HEAD
S: 221 10110 <23445@sdcsvax.ARPA> article retrieved - head
follows (text of the header appears here)
S: .
(client wants to see the text body of the article)
C: BODY
S: 222 10110 <23445@sdcsvax.ARPA> article retrieved - body
follows (body text here)
S: .
(client selects next article in group)
C: NEXT
S: 223 10113 <21495@nudebch.uucp> article retrieved - statistics
only (article 10113 was next in group)
(client finishes session)
C: QUIT
S: 205 goodbye.
#2
Example 2 - absolute article access with ARTICLE
S: (listens at TCP port 119)
C: (requests connection on TCP port 119)
S: 201 UCB-VAX netnews server ready -- no posting allowed
C: GROUP msgs
S: 211 103 402 504 msgs Your new group is msgs
(there are 103 articles, from 402 to 504)
C: ARTICLE 401
S: 423 No such article in this newsgroup
C: ARTICLE 402
S: 220 402 <4105@ucbvax.ARPA> Article retrieved, text follows
S: (article header and body follow)
S: .
C: HEAD 403
S: 221 403 <3108@mcvax.UUCP> Article retrieved, header follows
S: (article header follows)
S: .
C: QUIT
S: 205 UCB-VAX news server closing connection. Goodbye.
Now the POST command. The POST command is subject to some scrutiny in my
opinion. The RFC says that their are headers that are essential and headers
that are voluntary. However, upon experimentation I have found that some of
the ones they say are ESSENTIAL really aren't. I got away with posting a
message with only a from/subject/news-group/body line! Anyway, that's no big
deal. I logged on to my news server and gave the POST command. I will show
you our conversation.
S: 200 NNTP blah blah blah ready
C: post
S: post
OK!
C: From: plahzma@geocities.com
Subject: This is kewl.
NewsGroups: alt.cracks, alt.2600.warez
This is a test to see if I can negotiate a deal with my news server
through telnet!
.
S: Article Posted.
C: Quit
S: Connection closed by host. Goodbye!
Okay, that was easy now wasn't it!? Notice how the server responded with a 200
stat response, if this had been a 201, that would mean that I could not post!
So pay attention to the stat responses! The "From:" line can be whatever email
address you want! That makes it a lot better for us since a lot of times when
you post to a news-group and ask a stupid question you get flamed, email
bombed, Spammedà. And this way any direct replies are sent to that great big
trash bin in the sky! Also Notice that on the Newsgroups: line I have put the
cracks news-group followed by the 2600 warez news-group, separated by a comma.
This tells the Daemon to post your message to cracks AND warez. Notice that
the HEADER section has been separated from the BODY section by a blank line.
Now, also when I read the RFC it did not mention anything about a "." at the
end to send the post. But if theirs something else were supposed to do then
o-well because the "." at the end worked. Now I will get into more advanced
Features!
The preceding Text was how to post with the BARE minimum! Their are all sorts
of other headers to fool around with. Actually anything you put in the header
section will be transferred unchanged to the next server/client unless it
contains a KEYWORD, the keywords are immediately used by the news host. The
following is a list of HEADER KeyWords, and the format that you should use
them. I have omitted the boring ones, these are just extras for you.
Relay-Version This header line shows the version
of the program responsible for the transmission of this
article over the immediate link.
For example, the header line might contain:
Relay-Version: version B 2.10 2/13/83; site cbosgd.UUCP
Posting-Version This header identifies the
software responsible for entering this message into the
network. It has the same format as Relay Version.
>From The from line will be an internet address, with a full name (optional)
following contained in parenthesis.
For example, the header line might contain
From: JoeBlow@Boringisp.com (JoeBlow)
The date will be given by using this line:
Date: Weekday, DD-Mon-YY HH:MM:SS TIMEZONE American Timezones are PST, PDT,
MST, MDT, CST, CDT, EST, EDT
(e.g. Fri, 19-Jul-97 05:36:04 PST)
The Subject line should be some sort of suggestion of the contained text, but
if it is in reply to something, the subject line should be:
"Re: (Reference)"
Where reference is the article subject you are replying too, aduhhhh
Path The path command specifies where the article has been, when
the HOST computer receives the message, it will add its name to it, and then
sends it to another host/slave and it ands its anem to the path and the next
and the next and the nextà
The names in the path are separated by punctuation marks.
For example: cbosgd!mhuxj!mhuxt"
Means the letter has gone From mhuxt then to mhuxj then to cbosgd where it now
stays. However this is not always true, the right most could also be the NAME
of the sender.
Reply-To This line is in the same form as the From line. All letters
replied to this post will be sent to this address, not to the specified FROM
address.
Publication by: PlaZma