.. ,.. _ _ .. `/¿. `/l ;;ll Ù'^` ```' / ,Úg%ll$$$$SS@@%%¿¿,,. `'' '' ' ,,¿¿\ill$$$$$$$$$$$$$$SSli/Ú,,.. ..,,ÚÚg\\¿,,\S/, ¿.,\S$$$$$SSSliiiilllSllliillSS$Sliii;;¿¿;illllSSSS$$$$Slll' //llSSS$$$$SS@@@/aa,, ''Ù;;illS$$SllliiillllSSS$$$$$$$l`'` ``''Ù/lliii;;;ÀÀÀ- - `Ù;iiSS$$SSSlllSS$$$SSSSll\'` Can you grow `` ___ `Ù/ÙÙ*S*ÙÙüø'^`` `` ' __ .Ú*ãÙüø^''üÙ/ /, ';iS. Úñ* , out of sense- __```'Úg%/,._ ',d¯¿ ;l;. .,llS/ ` a db, less hate? ;il$$S/,`'üÙÙ** Ùý'.,,'Ù' _ ,\lS$$$$Sa¿. -ü' ;iS$$$$Sll$S@%%%@\*Ù'`.;;;\¿ ;S$'`Ù7$$PÙ7; ;;;ii;¿,. ';lS$$$SSlllS$$lli;;;;ii;;Ù`;,À$b¿, 7' ,d' ''` ``'' Improve your- ;lSSSS$$$SSSl³³l;;;;;/+Ù' \l$b,`ÙllllÙ'_ ;llSSSll;, self.. read, /;ilS$$$$$$$$$$SS;;\' ,Ú\SSl$$$S/`;;$$$l.`/lS$$ll;;, exercise, ;;iilSSSS$$$$$Sll;` \llS$$$$$$$SS$$$$$$$,;lS$SSSll; enlighten your ;ilS$SSSSSS$$$$S\ ;;iillSS$$$$$$$$SSSlll;lllii;;ll; soul! Do it ';illliiiiilSl;;. ;;illSSSlllllSSSllliii,\lS$$ll;\ as soon as .Úg\l$$SSlllSS;;; ,, \gga**ÙÙüü''^^''üÙÙ*/; ll///¿¿,,. possible; you '` ,dlS$S*Ùü'^``' __,,..__ ;; `'/S$$, ``^' only live once! .Úg%S$S*¿,. ,\ ' / \ \*ÙÙüüüÙÙÙ**/a¿,. ``^'Ù/ , Ù^` ..,;;;ii;;, . ,$P - Black Jack .,ÚÚ , `/ ;;;iiill;S$$P /. Jeff Corcoran Ù'` / 'Ù*aa\**ÙÙ' lS$ ,Ú\ ;,. ` Ù * ,,¿llÙ' _.,Ú-- . ' '``' / , ' ^` `'Ù/, ll*Ùü' ' / llSb, ' ' . ,,. .`,.... ` ÙÙ*/ . $$$ _ ,;, Ú,. ll¿¿ \ _.,ÚÚ, `'¿. ` ` $$P'` ll\Ù' ``'Ù \Ù'` **Ù'^` ` ' `/ . .S` . Ù/ , _.,Ú \Ù'^`'Ù ;l '` `'Ù/ Ù/. /Ù'` .;l / ` '` ` `Ù /Ù'` ` ,ÚgiSSig¿, ` . \Ù'^``^'Ù/$b. ..., / ...,`³³l¿. 7$$/. ,... '$$$; /, / $$$ .³³³³³ ;$$³³ l$$l. $$$Ù/$$b, /$$$ ³³³lÙ`,d$$\ . ;$$$; __ $$$ `/$$b, /$$ ,..,Úd$$P',d$ _ l$$$' _ . $$ $$$ ³, `/$$b,`$ S$$S*Ù'. $$$$$bÚ,..,Úd$$\' ;\` _ , ¿ $ $$ $$$ ³³³, `/$$b, ¿ .,¿*Ù' $$$''Ù*S\/S*Ù'` ,dP`,dP' \ '`` / ''` '`` Ù/*¿,,¿*\Ù '` '` ` ` / NOU `^^` .-.-. .-.-. .-.-. .-.-. .-.-. .-.-. .-.-. .-. / / \ \ / / NATIONS OF ULYSSES \ / ISSUE NO. 3\ / / \ \ / / `-' `-`-' `-`-' `-`-' `-`-' `-`-' `-`-' `-`-' ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^ Introduction.......................................................lusta SecurPBX using SecurID.........................................pbxphreak ebnc.c............................................................enderX The Battle of the Browsers.....................................ergophobe asciigen.c......................................................Volatile Guyz on IRC and their style........................................lusta Axs Script Vulnerability...........................................f0bic Using Wingates.................................................pbxphreak What's nou without the traditional "make your own weapon" article!..phog jellybelly.c....................................................Volatile Basic Unix commands (for those new to linux)...................leprekaun Intro to DHCP part 1..............................................spoofy Example of CGI coding in win32 asm................................Jeremy The Signal Game....................................................pablo PC Based PBX Terms.............................................pbxphreak A look at SMTP.....................................................lusta ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^ Another issue of Nations of Ulysses...I really want to thank everyone that's participated. The items i recieve are so diverse, with such a wide range of skill level. I'd have to say, that in this issue, representing are a few people that i so admire and respect. For not only their skill, but for also their friendship, support and patience with me. At the other spectrum, the writers contributing to this issue, range from ages 12 to 30-something. As I've said before, I spend a lot of time, reading other publications. One thing I've noticed, is the lack of regard for writers, and for people merely appreciating what's offered. As though, the importance is on an amount of readers, or a certain show of 'eliteness'. Well, the directive of nou is far from such, I hold high regard for the people that share their endeavors and knowledge, or even just for taking a risk to make a statement, or share something that might not be considered advanced (however still helpful to some readers). Anyways, I hope this issue is informative and maybe a bit inspiring. If you choose to contribute to the zine, the email is nou@mail.com. Criticism, or comments are always welcome. Thanks so much ;) ~ lusta ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^ SecurPBX using SecurID by pbxphreak .---------------. | | 037592 | | `--------' | SecureID | `---------------' SecurID Token: ------------- The SecurID token provides an easy, one step process to positively identify network and system users and prevent unauthorized access. Used in conjunction with Security Dynamics Server software, the SecurID token generates a new unpredictable access code every 60 seconds. SecurID technology offers crackproof security for a wide range of platforms in one easy-to-use package. Highlights: ---------- - Easy, one-step process for positive user authentication - Prevents unauthorized access to information resources - Authenticates users at network, system, application or transaction level - Generates unpredictable, one-time- only access codes that auto- matically change every 60 seconds - No token reader required; can be used from any PC, laptop or work- station ideal for remote access and Virtual Private Networks - Works seamlessly with ACE/Agent for secure Web access - Tamperproof The Solution: ------------ For a sophisticated hacker or a determined insider, it doesnt take much to compromise a users password and gain access to confidential resources. And when an unauthorized user enters a supposedly secure system all privilege definition and audit trail functions become virtually meaningless... in essence, the damage is done. Single-factor identification a reusable password is not enough. To identify and authenticate an authorized system user, two factors are necessary. Factor one is something secret only the user knows: a memorized personal identification number (PIN) or password. The second factor is something unique the user possesses: the SecurID token. Carried by authorized system users, SecurID tokens available in three models generate unique, one-time, unpredictable access codes every 60 seconds. To gain access to a protected resource, a user simply enters his or her secret PIN, followed by the current code displayed on the SecurID token. Authentication is assured when the ACM recognizes the tokens unique code in combination with the user's unique PIN. Patented technology synchronizes each token with a hardware or software ACM. The ACM may reside at a host, operating system, network/client resource or communications device - virtually any information resource that needs security. This simple, one-step login results in crackproof computer security that easy to use and administer. The tokens require no card readers or time-consuming challenge/response procedures. With SecurID tokens, reusable passwords can no longer be compromised. Most importantly, access control remains in the hands of management. SECURID PINPAD: -------------- An added level of security can be implemented with a SecurID PINPAD token. The PINPAD token enables users accessing the network to login with an encrypted combination of the PIN and SecurID token code. Using the keypad on the face of the PINPAD token, a user enters his or her secret PIN directly into the token, which generates an encrypted passcode. This additional level of security is especially appropriate for users in application environments who are concerned that a secret PIN might be compromised through electronic eavesdropping. SecurID tokens are ideal for any environment. The original SecurID token conveniently fits into a wallet like a credit card. The SecurID key fob offers a new dimension in convenience to those customers requiring high levels of security in multiple environments, along with compact size and durability. In addition to providing the same reliable performance in generating random access codes as the original SecurID token, the SecurID key fob comes in a small, light- weight format. SecurPBX -------- Ok. Plain and simple. SecurPBX is a product to protect PBX systems worldwide and automated Help Desk functions. SecurPBX provides remot access security for telephone lines, modem pools, voicemail ports, internet access lines, and the maintenance port on PBX systems. Used in conjunction with Security Dynamics SecurID, SecurPBX protects valuable PBX resources from remote access by unautorized callers without comprimising the conveniences of remote telephone and data access to teleworking or traveling employees. Callers dial specific numbers on the PBX for long distance services. As an adjunct to the PBX and a client to the server, SecurPBX recieves the callers request for resources. Functioning as a client, SecurPBX requires remote callers to provide SecurID user authentication and an authorized destination telephone number before being transfered to the desired resource. SecurPBX transmits the credentials to the server for authentication and simultaneously validates the telephone number by user specific permissions and denials. SecurPBX integrates with the PBX to process the call based on the validity of the caller via SecurID and the destination number attemped. .----------. | | SERVER |---- -x- <-- Security `----------' | | | | _-_ .--------------. | | | 037592 | ,-----. | `--------' ----- | PBX | ----- .-----------. | SecureID | `-----' | SecurePBX | `--------------' | Switch | | `-----------' | --------------- Users Each SecurID card is a visually readable credit card sized token or key which is programmed with Security Dynamics powerful algorithm. Each card automatically generates an unpredictable, one time access code every 60 seconds. The token is conveinent to carry and simple to use and is resistant to being counterfeited or reversed engineered. SecurPBX extends the secure working enviroment of an organization to remote locations. SecurPBX applies user specific calling restrictions before any call is completed to prevent unauthorized toll charges and misuse of PBX resources. The time of day, volume of calls per user, destination telephone numbers (restricted to NPA and NXX) and customizable classes of service add a vital layer to access security without compromising the conveinience of having remote access to telephone resources. SecurPBX logs all successful and unseccessful attempts including the destination telephone number. Caller ID/ANI if available also provides the origination telephone number, pin pointing the location of the caller. Highlights of SecurPBX: ---------------------- - Compatible with all major PBX vendor types. - Cost effective remote access security for PBX resources. - Prevents unauthorized access to valuable voice and data resources. - Secures remote long distance, and alternative method for replacing calling cards. - Works in conjunction with each users SecurID card. - Centralized network authentication and security administration. - Easy to Use, voice prompting available in multiple languages. - Audit trails and reporting assure true caller accountability. - Caller ID/ANI option provides originating telephon number identifying hacker locations. SecurPBX operates in Microsoft Windows NT enviroment. Callers and data users achieve seamless access to PBX resources with validation data gathered as efficiently as using a calling card and/or attemping a standard logon procedure. In many cases, SecurPBX can be a calling card replacement and may also be used with cellular phones to combat calling card fraud. Fraudulent or suspect callers are denied access before toll charges and resources damage occur. Typically, securing a PBX from unauthorized remote access has required disabling remote access to the PBX. Using dynamic, two factor authentication through the server and validation destination numbers dialed, SecurPBX systematically locks out unauthorized callers preventing toll, voicemail, and data fraud. This provides a secure access point for teleworking resources. SecurPBX uniquie voice identification: ------------------------------------- SecurPBX is a unique indentification solution providing secure remote access to all major PBX or Centrex telephone systems. Protected resources included are: - Long distance lines and trunks - Voice mail access lines - Call centers - Interactive voice response systems and audio response units Access is controlled through postive identification by their unique, individual voice prins. SecurPBX uses SpeakEZ voice print speak verification service tehcnology to efficiently allow access to authorized callers while eliminating access to unauthorized callers. The SpeakEZ voice print system is recognized as the best in the voice verification industry today. Significant investments in telephone resources simple cannot be protected by traditional static passwords or PINs. When making a telephone call from any telephone using your calling card number, the one condition verifiable as certain by the PBX or phone company is that someone is making a call with a known authorization code, however, it could be anyone. Casual calling by unauthorized personnel, recognized as a major misuse of corporate telephone resources, must be controlled if not eliminated. SecurPBX provides that capability to your organization. SecurPBX prodives reliable, independant two factor user identification and authentication. Factor one is something the users knows: a memorized personal identification number or password. The Second factor is something unique the user possesses: his/her own voice print. Each caller is required to merely speak his/her chosen password which is compared to a stored voice print. The password can be in any language or dialect. SecurPBX extends the unique user authentication provided by SpeakEZ voice print to include user specific calling restrictions. Time of day, volume of calls per user, destination telephone numbers which are restricted to NPA and customizable classes of service add important layers of access security without compromising the convenience of remote access to telephone resources. Highlights: ---------- - Compatible with all major PBX vendor-types and Centrex - Cost effective remote access security for PBX resources - Prevents unauthorized access to valuable voice resources - Secures remote long distance - Non-intrusive security, callers are validated by their own voice prints - Language independent passwords - Centralized authentication and security administration - Easy to use, voice prompting available in multiple languages - Audit trails and reporting assure true caller accountability - Multiple voice prints available per user Remote Access Security Solution: ------------------------------- Optionally, after authentication, SecurPBX administrators can manage user permissions and denials on from either the same SecurPBX workstation or from another workstation connected via a LAN or remotely by modem in a Windows friendly environment. Long distance callers achieve seamless access to PBX outbound trunks with validation criteria gathered as efficiently as a calling card and as easily as talking to a telephone attendant. Fraudulent or suspect callers are denied access before any damaging toll charges can occur. SecurPBX logs all calls, successful and unsuccessful, including the date and time, user ID, and destination telephone number. Depending on the PBX type, Calling Line Identification ANI may be used as part of the validation process and in those cases, will also be logged. Log information can be exported to an external spreadsheet application or displayed in reports generated by the SecurPBX Administrator. SpeakEZ Voice Print: ------------------- SpeakEZ Voice Print Speaker Verification is a highly effective method of confirming a caller's identity. The service is based on the fact that each person's voice is uniquely different, and, as a means of identification, is highly reliable. Speaker Verification is an application of the SpeakEZ Voice Print technology which compares a digitized sample of a person's voice with a stored model "voice print" of that individual's voice for verification. - Authenticates the caller as opposed to information (i.e. PIN) or a piece of equipment. - Easy to use, language independent - Safe: a voice print cannot be lost or stolen - Cost-effective: does not require special hardware for the caller - Virtually fraud-proof: a voice is difficult to forge Applications of SecurPBX: ------------------------ - Secure Telecommuting (all valuable PBX resources) - Call center user authentication - Securing Interactive Voice Response (IVR) and Audio Response Units (ARUs) - Help Yourself suite of products for help desk automation (ASAPTM - ACE/Server Administration Program - PIN reset, SecurNT - Windows NT password reset, E-Help Desk - Entrust/PKITM profile recovery) Technical Requirements: ---------------------- Telephony platforms : All major PBXs including Nortel, AT&T, Rolm and Mitel Processor : 100% IBM compatible PC, Pentium 133 minimum Disk requirement : Hard disk 1 gigabyte minimum, 32MB RAM for Switch I nterface, Client software, 8 MB for Administrator software, actual storage based on size of user population Capacity : An unlimited number of users may be administered and issued SecurID Cards. 32 simultaneous voice channels per Switch Interface Configuration : Multiples of 4, 12 and 24 line telephone interfaces Management : SecurPBX Administrator includes extensive administrative menus in user-friendly Windows 3.1 and 95 environment, real time monitoring and management of multiple PBX sites Conclusion: ---------- SecurPBX is defiantely the way to go to prevent your data and PBX systems from getting hacked and abused. EOF ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~ Hello, this is a very simple bouncer that I wrote. Not only is it small and reliable but it is also very portable. It has a lot smaller memory/cpu footprint then the ever-popular BNC by Pharos and is generally more solid and reliable. It makes use of nonblocking sockets which allows it to relay the data quickly between the client and the server. It is very basic -- thats the idea. Enjoy. I am open to comments and suggestions, ender@325i.com enderX -- /* EBNC.c v2 - enderX - 5 Sep 99 non-blocking, no bullshit bouncer fully portable; has been tested on linux/irix/solaris, no reason it should not work on all *nix OS's - added quick hack for "dynamic" ident support with eidentd (all this does is writes the username of the connecting user to IFILE) - SPECIAL NOTE: BNC by Pharos sucks ass, just look at the code if you don't believe me. */ #define PORT 6667 #define PASS "pass" /* change PORT and "pass" to suit you (leave the quotes around "pass") */ #ifdef IDENTD #define IFILE "/etc/ident" #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define S_NONE 0 #define S_PASS 1 #define S_CONN 2 #define S_DOWR 3 #define MAX_NLEN 16 #define MAX_ULEN 128 #define MAX_BUFFER 512 struct socket_t { int csock, ssock; char stat, nick[MAX_NLEN], user[MAX_ULEN]; struct socket_t *prev, *next; }; struct socket_t *socketlist; int s; #ifdef IDENTD void ident_update(char *buf) { int fd; char *nbuf, *p; fd = open(IFILE, (O_WRONLY|O_CREAT|O_TRUNC)); if (fd == -1) return; nbuf = (char *)malloc(MAX_ULEN); memcpy((char *)nbuf, (char *)buf + 5, MAX_ULEN); for (p = nbuf; *p != '\0'; *p++) { if (*p == ' ') { *p++ = '\n'; *p = '\0'; break; } } write(fd, nbuf, p - nbuf); close(fd); } #endif void killsock(struct socket_t *ss) { struct socket_t *x; close(ss->csock); if (ss->stat == S_CONN) close(ss->ssock); x = ss; x->prev->next = x->next; x = x->next; if (x != NULL) x->prev = ss->prev; free(ss); } void do_clean(int sig) { struct socket_t *ss, *x; ss = socketlist; while(ss->next != NULL) { x = ss->next; killsock(ss->next); ss = x; } close(s); exit(0); } int c_printf(struct socket_t *ss, char *str, ...) { int ret, len; va_list ap; char *string; string = (char *)malloc(MAX_BUFFER); memset((char *)string, 0, MAX_BUFFER); va_start(ap, str); len = vsprintf(string, str, ap); va_end(ap); ret = write(ss->csock, string, len); if (ret == -1) killsock(ss); free(string); return ret; } void parse_user(struct socket_t *ss, char *buf) { char *p = NULL; struct sockaddr_in addr; struct hostent *he; int ret; if (!strncasecmp(buf, "USER", 4)) { p = buf + MAX_ULEN; if (*p != '\0') *p = '\0'; memcpy((char *)ss->user, (char *)buf, MAX_ULEN); if (ss->nick[0] != '\0') c_printf(ss, "NOTICE AUTH :Que paso puto?\n"); return; } if (!strncasecmp(buf, "NICK", 4)) { p = buf + MAX_NLEN; if (*p != '\0') *p = '\0'; memcpy((char *)ss->nick, (char *)buf, MAX_NLEN); if (ss->user[0] != '\0') c_printf(ss, "NOTICE AUTH :Que paso puto?\n"); return; } if (!strncasecmp(buf, "PASS", 4)) { for (p = buf + 5; *p; *p++) if ((*p == '\r') || (*p == '\n')) break; *p = '\0'; if (!strcmp(buf + 5, PASS)) { c_printf(ss, "NOTICE AUTH :Got pass, you may now do /quote conn\n"); ss->stat = S_PASS; } return; } if ((ss->stat != S_PASS) || (ss->user[0] == '\0') || (ss->nick[0] == '\0')) return; if (!strncasecmp(buf, "CONN", 4)) { p = buf + 5; if (p == NULL) return; for (; *p; *p++) if ((*p == '\r') || (*p == '\n')) break; *p = '\0'; p = (buf + 5) + 128; if (*p != '\0') *p = '\0'; c_printf(ss, "NOTICE AUTH :Connecting to %s...\n", buf + 5); addr.sin_family = AF_INET; addr.sin_port = htons(6667); addr.sin_addr.s_addr = inet_addr(buf + 5); if (addr.sin_addr.s_addr == -1) { he = gethostbyname(buf + 5); if (he == NULL) { c_printf(ss, "NOTICE AUTH :Unable to resolve %s!\n", buf + 5); return; } memcpy(&addr.sin_addr, he->h_addr, he->h_length); } ss->ssock = socket(AF_INET, SOCK_STREAM, 0); ret = fcntl(ss->ssock, F_GETFL, 0); ret |= O_NONBLOCK; fcntl(ss->ssock, F_SETFL, ret); #ifdef IDENTD ident_update(ss->user); #endif ret = connect(ss->ssock, (struct sockaddr *)&addr, sizeof(struct sockaddr)); if (ret == -1) { if ((errno != EAGAIN) && (errno != EINPROGRESS)) { c_printf(ss, "NOTICE AUTH :Connect failed!\n"); return; } } ss->stat = S_DOWR; } } int main() { int ret, fl, s; struct sockaddr_in addr; struct socket_t *ss; fd_set fds, wfds; char buf[MAX_BUFFER + 1]; s = socket(AF_INET, SOCK_STREAM, 0); if (s == -1) { perror("Unable to allocate socket"); exit(-1); } /* setup signal handling */ signal(SIGHUP, SIG_IGN); signal(SIGINT, do_clean); signal(SIGTERM, do_clean); signal(SIGKILL, do_clean); signal(SIGQUIT, do_clean); socketlist = (struct socket_t *)malloc(sizeof(struct socket_t)); socketlist->next = NULL; socketlist->prev = NULL; fl = 1; setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &fl, sizeof(int)); ret = fcntl(s, F_GETFL, 0); ret |= O_NONBLOCK; fcntl(s, F_SETFL, ret); memset((struct sockaddr_in *)&addr, 0, sizeof(struct sockaddr_in)); addr.sin_family = AF_INET; addr.sin_port = htons(PORT); ret = bind(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)); if (ret < 0) { perror("Unable to bind port"); exit(-1); } fl = sizeof(addr); getsockname(s, (struct sockaddr *)&addr, &fl); ret = listen(s, 10); if (ret < 0) { perror("Listen failed"); exit(-1); } fl = sizeof(struct sockaddr_in); ret = fork(); if (ret == -1) { perror("Unable to fork"); exit(-1); } if (ret > 0) { printf("EBNC v2 by enderX -- started in background. [pid: %d]\n", ret); exit(0); } while (1) { FD_ZERO(&wfds); FD_ZERO(&fds); FD_SET(s, &fds); ss = socketlist; while (ss->next != NULL) { FD_SET(ss->next->csock, &fds); if (ss->next->stat == S_CONN) FD_SET(ss->next->ssock, &fds); if (ss->next->stat == S_DOWR) { FD_SET(ss->next->ssock, &wfds); FD_SET(ss->next->ssock, &fds); } ss = ss->next; } select(FD_SETSIZE, &fds, &wfds, NULL, NULL); if (FD_ISSET(s, &fds)) { ret = accept(s, (struct sockaddr *)&addr, &fl); ss = socketlist; while (ss->next != NULL) ss = ss->next; ss->next = (struct socket_t *)malloc(sizeof(struct socket_t)); memset((struct socket_t *)ss->next, 0, sizeof(struct socket_t)); ss->next->next = NULL; ss->next->prev = ss; ss->next->csock = ret; ss->next->stat = S_NONE; ret = fcntl(ss->next->csock, F_GETFL, 0); ret |= O_NONBLOCK; fcntl(ss->next->csock, F_SETFL, ret); continue; } ss = socketlist; while (ss->next != NULL) { if (FD_ISSET(ss->next->csock, &fds)) { memset((char *)buf, 0, MAX_BUFFER + 1); ret = read(ss->next->csock, buf, MAX_BUFFER); if (ret == -1) { if ((errno != EAGAIN) && (errno != EINTR)) { killsock(ss->next); continue; } } if (ret == 0) { killsock(ss->next); continue; } fl = ret; if ((ss->next->stat == S_NONE) || (ss->next->stat == S_PASS)) parse_user(ss->next, buf); else { ret = write(ss->next->ssock, buf, fl); if (ret == -1) { killsock(ss->next); continue; } } } if ((ss->next->stat == S_DOWR) && (FD_ISSET(ss->next->ssock, &wfds))) { write(ss->next->ssock, ss->next->user, strlen(ss->next->user)); ret = write(ss->next->ssock, ss->next->nick, strlen(ss->next->nick)); if (ret == -1) { c_printf(ss->next, "NOTICE AUTH :Connection failed!\n"); ss->next->stat = S_PASS; } else { c_printf(ss->next, "NOTICE AUTH :Connection suceeded\n"); ss->next->stat = S_CONN; } } if ((ss->next->stat == S_CONN) && (FD_ISSET(ss->next->ssock, &fds))) { memset((char *)buf, 0, MAX_BUFFER + 1); ret = read(ss->next->ssock, buf, MAX_BUFFER); if (ret == -1) { if ((errno != EAGAIN) && (errno != EINTR)) { killsock(ss->next); continue; } } if (ret == 0) { killsock(ss->next); continue; } fl = ret; ret = write(ss->next->csock, buf, fl); if (ret == -1) { killsock(ss->next); continue; } } ss = ss->next; } } } ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^ ±±±±±±±±±±±±±±±±±±±±| THE BATTLE OF THE BROWSERS |±±±±±±±±±±±±±±±±±±±± ±±±±±±±±±±±±±±±±±±±±| .:By ergophobe:. |±±±±±±±±±±±±±±±±±±±± This article isn't a "How To..." article, nor is it explaining how anybody who knows less than me is a 'L4MeR' (like so much of the stuff in 'zines is right now). Just something to make you think a bit about the reason that Microsoft are supposedly putting Netscape out of business, but Netscape still seems to be alive and well. First, a little background information: Initially, Netscape had to be paid for and licenced in the same way as most software for home use. Although Netscape has always been free for educational establishments. It was based on the source code for the Mozaic browser. Then, along came Microsoft's Internet Explorer, which was free and also based on the Mozaic source code. Nobody wanted to buy from Netscape what they could get free from Microsoft, so Netscape were forced to follow suit and make their browser free as well. Unsurprisingly, Netscape began to make huge losses, and are now owned by AOL (who incidentally still distribute Internet Explorer with their dial up software). Microsoft was also taken to court over the intergration of IE4 into Windows 98. Nothing came of this action, and Win 98 was released as planned. Several surveys have shown that those who have been working with computers for a long time are more likely to use a Netscape browser. The point that this is demonstrating is that more advanced users tend to go for Netscape, and those who have been using the internet since before there was an alternetive to Netscape are more familiar with it. There's also those people who just don't like Microsoft. Even withstanding the fact that Internet Explorer is noticibly faster at handling JAVA and supports more JAVA functions. It is also less prone to choke on large numbers of tables, forms and pictures. Things which tend to bring even the proverbial 'Ninja PC' to a standstill in Netscape. But surely there is more to it than force of habit and hatred for Microsoft. Of course there is. For a start, the more advanced users among us are more likely to use a unix/linux/BSD OS. A *nix version of Internet Explorer isn't quite as stupid as it might sound at first. After all, on a standard installation of Windows 9x you would probably expect to find a copy of Apple QuickTime. And AT&T (inventors of Unix) have released various mail programs for Windows. So why not a *nix version of Internet Explorer? Sticking to the battle within the Windows OS though, Netscape does have one HUGE advantage over IE. User profiles. With Netscape, you can let each user have seperate preferences, different cache folders, mail settings and more. Very useful on computers which are used by a lot of people. IE however lacks this feature. The other thing which a lot of people find particularly irritating is the way that IE insists on integrating itslef into Windows. It can be quite irritating having all the sites you have visited logged in lots of strange places, a cache which you can't delete through DOS (you try it), and the desktop 'enhancements'. Desktop annoyances would be more appropriate. Perhaps I'm being strange, but I prefer to be able to tinker about with stuff when I install a program, and it helps if its all in the same place. A full install of IE4 which takes up about 70Mb (don't really know about IE5) places 1.4Mb of data in the folder you specify, and scatters the other 98.6Mb of it merrily around various bits of your Windows folder and installs all its little spinoff applications (frontpage, outlook etc) in various locations in 'program files'. Whereas Netscape's installation is pretty logical (well mostly. It does tend to keep cache folders from old versions). It actually installs it where you tell it to and its smaller too. I must say that I prefer the Outlook email client to Netscape's Messenger, but on balance, the suite of programs that accompany the browser is better with Netscape too. If Microsoft were to sort their act out, and include user profiles and make a nicer less messy installation, then perhaps more of the 'advanced' users would use it, or if Netscape would sort its handling of JAVA and large page content, maybe more of the newbies would use it. To be honest, the second looks more likely, but for now, I'm sticking to Netscape. Of course, we are completely forgetting Opera. It still doesn't have support for JAVA or CSS (style sheets),but its fast, customisable, user friendly and it has a pretty small intallation. And no crappy desktop 'enhancements'. This looks like the one to watch. Unfortunately, you have to pay £22 for it (or crack it if you are an evil and socially irresponsable person). visit http://www.operasoftware.com for details. ergophobe's shouts: Erebus, psi, Pyr0-Pr0xy, CrossFire, linealtap, everybody I forgot and 'The New York Bagel co.' (food of the gods). And if anybody wants to get in contact with me, send all your comments/feedback /fan mail/gratuitous abuse to ergophobe@dial.pipex.com ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^ /* -Volatile was here. Somewhat slow way to generate all possible string combinations between MIN and MAX at N characters long. */ #include #include #include #define MIN 33 /* Low character */ #define MAX 126 /* High character */ int main(int argc, char *argv[]) { unsigned char *buf = NULL; int num = 0, i = 0, k = 0, l = 0; num = 1; if (argc > 1) { num = atoi(argv[1]); if (num < 1) { printf("Invalid number.\n"); return 1; } } buf = (unsigned char *)malloc(num); if (buf == NULL) { printf("Not enough memory.\n"); return 1; } memset((unsigned char *)buf, 0, num); i = 0; k = 0; l = 0; buf[0] = MIN; while(1) { printf("%s\n", buf); if (buf[k] < MAX) buf[k]++; else if (buf[k] == MAX) { for (l = k;;l--) { if (buf[l] < MAX) break; if (l == -1) break; } if (l == -1) { k++; if (k == num) break; for (l = 0; l < (k + 1); l++) buf[l] = MIN; } else { for (i = k; i > l; i--) buf[i] = MIN; buf[l]++; } } } free(buf); return 0; } ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^ Who said this zine had to be technical hehe Guyz on IRC, and their style ;P by lusta Alright, I decided to write an article on style, since it's something I'm familiar with hehe. Style being defined as "fashion", or a certain appearance or demeanor. Since the certain stereotype of guys online, seems to be a somewhat undesireable one, I figured I'd find out, and if that being the case offer suggestion and 'pointers'. I could easily make this about what I like, or appreciate fashionwise, for a guy, but I didn't want to do that. So included females in the survey, to get their likes/dislikes. After taking a survey of about 40 people on irc, I was able to create some assumptions to base this article on. The people i surveyed generally ranged in age and location, from like age 15 to 25. The first thing i noticed, after doing the survey, was that the style that guys online express seems to be influenced by their location, age, music preference, and yes...even by irc (or I should say, the habits that irc offers). One of the questions in the survey, asked if the subject felt as they could be considered 'stylish'. The answers ranged, some guys were confident about their style, could describe it; some, thought they had style, but couldn't really give it a name or 'type'; and of course, there were a few guys that claimed to be without style. So for those guys, that feel as though they're lacking style...we're gonna give you some direction today, take it as you like. Guys online seem to have different ideas of what girls like and dislike. The overall response from the girls is that, they appreciate cleanliness, a sort of 'laidback look', and no...that personal sweaty smell, that you consider 'fragrance' isn't much of a turn on. So, I guess, here's a few ideas, of what to look for...maybe some do's and don'ts might be helpful. Do Don't -------------------------------------------------------------------------------- Wear a light fragrance, something Wear the same smelly stuff your that smells clean and soft. grandpa wears, or that your aunt bought...and when you do find the right fragrance, don't use too much. Keep your hair trimmed, even if you The damaged/deadend, bleached, like to wear your hair long. Use bigass hair look went out wif guns decent haircare products, just as you and roses in the 80's. guys appreciate a girl's hair to be soft and healthy, we appreciate the same. Loose and laidback clothes look nice Do not think that girls like that and casual. Be comfortable, and look it. tight jean look. You think we Although, keep your pants on, too wanna see what's underneath... baggy, can look sloppy. WELL YOU'RE WRONG! ugh repulsive.. Keep your skin nice...do you realize I guess some girls are into that what us girls go through, to keep our gotic look, which is fine. I skin looking nice? For you guys, it's didn't come across any in the much easier..simply clean your skin survey, but I'm not going to using facial cleansor in the before disregard what they like. So, for shower, and before bed. you guys that do wear makeup don't leave it on when you go to bed. Ok, now to undies hehehe...boxers or Don't insist on inheriting your like, those boxer briefs (usually dad's trend in undergarments. made by calvin klein) are preferred. Give up those Fruit of the Loom We like boxers, so why not wear em? ;P your mom always bought. Do NOT wear repulsive bikini underwear.. think they're sexy? well, they're not. Shoes...girls aren't extremely picky Just stay away from anything about shoes, as long as you're wearing labeled "Hightops", and you'll be the right kind of shoe, for the right fine hehe. occasion. I guess the main thing, is to be comfortable with what you do choose to be your particular style. Just, take care of yourself. I must admit that I enjoyed writing this article. The personalities of the people online surely offer a certain 'style' that is appealing. Obviously, one's personality plays a huge part in their appearance...with that in consideration, it's apparent to me, why I luv you guyz so much. ;P Thanks for your time, and help with the surveys... ~lusta ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~ Axs script vul nerability written by f0bic f0bic@deadprotocol.org Brief Description The AXS webserver script by Fluid Dynamics(www.xav.com) allows unauthorized third party users to make use of the ax-admin Administration/Configuration module and remotely edit and/or delete log files and overwriting files on the system. System resources compromization might also be one of the effects of this vulnerability. Vulnerable Platforms Any operating system AXS is compatible with. ie. Unix Operating Systems (AXS cgi set) WindowsNT Operating System (AXS perl set) Vulnerability Description The AXS Script, which is a cgi or perl script that keeps track of the number, the source locations, the clientinfo of visitors to your http port(80). It writes this data to an output file, named log.txt by default (but it can easily be relocated). This log.txt is normally located in the cgi-bin directory of the server, allowing write access to this directory. The AXS cgi script contains two .cgi appended files; axs.cgi and ax-admin.cgi respectively. The axs.cgi file is the one that actually "grabs" the info about the visitors and then writes them to log.txt (or wherever you relocated this too). The ax-admin.cgi is the the configuration file for the axs.cgi script. The ax-admin.cgi is default passworded by "IronMan" and sometimes is even left blank. Due to this weak access security it is very easy to gain "configuration access" to the axs.cgi script, allowing you to reconfigure it, delete the log files, change the location of the logs. The default location for the AXS script is: http://www.server.com/cgi-bin/ax.cgi. The default location for the AXS Admin script is: http://www.server.com/cgi-bin/ax-admin.cgi. To obtain access to the ax-admin.cgi module by default you get a password screen issued, Ironman being the default password. The password is determined by the characters in the $password="*" field of the ax-admin.cgi hardcode ("*" being a the default/chosen password or a blank). Most of the time I have seen the password field to be left blank or defaulted. If the password is left blank you will not be prompted for a login screen, instead it will automatically drop you into the ax-admin configuration page. From this point on you can alter files on the server system, possibly resulting in Denial-of-Service attacks against the system's resources. Solution The AXS problems relate to a lack of resources that could suffice for secure business applications. The AXS script on the other hand has been developed for ease of use, not for trouble of security; this is one of the mistakes that Fluid Dynamics has made. The easy way is not to run with none or default password on the ax-admin.cgi module. I have informed Fluid Dynamics about the fact that I have seen servers where the ax-admin password was the same as the one for a valid shell account on that system. Fluid Dynamics has also gone through no trouble at all to encrypt any of the passwords used in the ax-admin verification. ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~ _.-._ ..-.. _.-._ (_-.-_) /|'.'|\ (_'.'_) .\-/. \)\-/(/ ,-.-. __/ /-. \__ __/ ' ' \__ __/'-'-'\__ ( (___/___) ) ( (_/-._\_) ) ( (_/ \_) ) '.Oo___oO.' '.Oo___oO.' '.Oo___oO.' ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~ Using Wingates by pbxphreak Using Wingates for IRC! Wingates, Wingates, Wingates. What to do with them? Well simple. You can either use it to bounce off IRC with. First off. You need to find a WinGate. There are several scanning programs out there mostly for windows. Since I dont use windows, I cant help you there. I have included a program below that verifies ip address that are wingates. It checks ips.in (which an ip address on a serate line) and verifies the wingate if its valid or not. There is a program for Linux called z0ne. What you can do with z0ne is tell it to scan all of a domain. For example ./z0ne uunet.ca > uunet.ca.log That would simply write to a file, every single ip address uunet.ca uses. Which is alot :) You can find z0ne somewhere on the net. It works with Linux, if you need it you can email me and I can send it to you. I use a combination of 2 programs. I use the wingate checker to verify the wingate and also a scanner that scans for a certain port on a classb or classc (which I cant give you because its a private program). So from there i just verify the file with the ips, so its pretty easy. Once you found some Wingates you can use them now. If you want to use them on IRC you have to do the following: - load up yer irc program. may it be ircII, ScrollZ, BX, mIRC, Pirch etc. do /server wingate addy 23 (this connects to the wingate on port 23) do /quote irc.prison.et 6667 (this connects to prison irc server) do /quote NICK ircboy (this sets your nick to ircboy) do /quote USER ircboy 0 0: ircgeek - (this would set yer user name to ircboy and real name to ircboy in the night) You now should be connected. The hard things about using wingates on irc is, you need to find a irc server that will let you connect :) Below is the wingate verifier. Remember to have a file called ips.in which contains an ip address per line and this will be verified and resule will be stored in ips.out ------------------- SNIP --------------------- /* wgcheck.c * cc -o wgcheck wgcheck.c */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include extern int hexstr; static int sockfd2; static int sockfd; static int gatenum = 0; static int toscan = 0; #define DEF_FILE "ips.in" #define OUT_FILE "ips.out" #define socktimeout 10 #define longtime 3000 #define getthetime() time((void *)0) int sigalrm_handler(int sig) { close(sockfd); return; } int main() { FILE *in; FILE *server_file; int i; time_t ct; char *sockfile; char sockip[1024]; sockfile = DEF_FILE; printf("wgcheck\n"); printf("\n"); in = fopen(sockfile,"r"); while(fgets(sockip,80,in)) { if(sockip[0] == '\0') { fclose(in); exit(1); } sockip[strlen(sockip) -1] = '\0'; toscan++; } fclose(in); printf("Loaded %i gates to scan\n",toscan); printf("\n"); in = fopen(sockfile,"r"); while(fgets(sockip,80,in)) { if(sockip[0] == '\0') { fclose(in); exit(1); } sockip[strlen(sockip) -1] = '\0'; signal(SIGALRM, sigalrm_handler); alarm(socktimeout); toscan--; printf("Scanning %s (%i more to go)\r",sockip,toscan); fflush(stdout); printf(" \r"); wingate(sockip); signal(SIGALRM, sigalrm_handler); alarm(longtime); } printf("Done checking!\n"); printf("%i wingates found\n",gatenum); fclose(in); exit(1); } int wingate(char *host) { int wgsock; int e; int d; FILE *ips; int numbytes; char buf[1024]; struct in_addr MyHostAddr; struct hostent *he; struct sockaddr_in sin; fd_set gateset; struct timeval tv; sockfd = socket(AF_INET, SOCK_STREAM, 0); sin.sin_family = AF_INET; sin.sin_port = htons(23); sin.sin_addr.s_addr = inet_addr(host); if(sin.sin_addr.s_addr == INADDR_NONE) { he = gethostbyname(host); if(!he) { close(sockfd); return; } memcpy(&sin.sin_addr, he->h_addr, he->h_length); } e = connect(sockfd, (struct sockaddr *)&sin, sizeof(sin)); if (e < 0) { close(sockfd); return; } FD_ZERO(&gateset); FD_SET(sockfd, &gateset); tv.tv_sec = 10; tv.tv_usec = 0; d = select(sockfd+4, NULL, &gateset, NULL, &tv); if(d == 0) { close(sockfd); return; } numbytes = read(sockfd, buf, sizeof(buf)); buf[numbytes] = '\0'; if(numbytes == 9) { numbytes = read(sockfd, buf, sizeof(buf)); buf[numbytes] = '\0'; if (strcmp(buf, "WinGate>") == 0) { close(sockfd); gatenum++; printf("Open wingate server found on %s (gate #%i) (%i left to scan)\n",host,gatenum,toscan); ips = fopen(OUT_FILE,"a"); fputs(host, ips); fputs("\n", ips); fclose(ips); return; } } } Here are some gates to get you started: dns.yoshinomasa.co.jp ns.joban-power.co.jp ns.sanshusha.co.jp ns.sunshine.co.jp uni.eltron.ee Well, here comes the end to another one of my articles. Well hope you had fun, try it out, and have some fun. CYA! ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~ Make your own weapon!@ We know you look forward to this in every issue :/ Aight, you know i gotta go old skewl for this one, from the secret philes of Jolly Roger hehe. Tennis Ball bomb, everybody loves this one. It's simple and very entertaining. Werd, so here it is...tennis ball bomb... Equipment: ---------- strike anywhere matches tennis ball...hence the name ;-/ duct tape sharp knife or something that could cut into the ball Instructions: ------------- Break a ton of the strike anywhere matchheads off. Then cut a tiny hole in the tennis ball. Pack all of the matchheads into the ball, until you it's all full.Then tape over the hole with duct tape. The match head have to be VERY tight together, so that it can spark as soon as it makes contact. Then wen you see that lame hax0r walking down the street give him a nice ball in the arm to let him know your presence hehe... ,odOO"bo, ,dOOOP'dOOOb, ,O3OP'dOO3OO33, P",ad33O333O3Ob ?833O338333P",d <~ LOOKS KINDA LIKE THIS! HEH!@ `88383838P,d38' `Y8888P,d88P' `"?8,8P"' =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -phog- br1ng1ng b4ck the 0ld skewl trickz =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^ /* jellybelly.c by Volatile [30 Minutes] This is only useful if you're a US resident. Every three months you're allowed to fill out a survey at http://www.jellybelly.com, and they send you a free jellybean sample with like 10-15 random jellybeans. The trick is, the survey opens randomly each day, and allows for the first 500 people who fill out the survey. This program monitors the status of the survey and tells you when it is open, and when it has closed, etc. The program does not shut down when the survey opens and then closes, it continues to report the status of the survey until you kill the process. Usage: jellybelly [-n] By default the program goes into the background and logs to syslog, the -n option removes going into the background, and prints to the screen instead. You can change how it logs to syslog with the SYSLOG_* definitions. gcc -o jellybelly jellybelly.c If in the event your system doesnt like the syslog code: gcc -o jellybelly jellybelly.c -DNO_SYSLOG If you are not logging to syslog, and NOISY_CONSOLE is defined, when the survey opens, 100 beeps (2 per second), will be sent to notify you. */ #include #include #include #include #ifndef NO_SYSLOG #include #include #endif #include #include #include #include #include #include #define HOST "205.158.47.41" #define PORT 80 #define DELAY 1 #define NOISY_CONSOLE #ifndef NO_SYSLOG #define SYSLOG_OPT LOG_PID #define SYSLOG_FAC LOG_USER #define SYSLOG_PRI LOG_INFO #endif #define S_OPEN 0 #define S_EARLY 1 #define S_LATE 2 #define MAX_BUFFER 100 #define QUERY "GET /SurveyStartUS.cgi?cache=no HTTP/1.0\n\n" int s = 0; char status = 0, z0t = 0, lstatus = 0, lz0t = 0; #ifndef NO_SYSLOG char syslogn = 0; #endif int query_server(void); void parse_server(void); void sig_alrm(int); void outuser(char *); #ifdef NOISY_CONSOLE void beepit(void); #endif int main(int argc, char *argv[]) { int ret = 0, pid = 0; #ifndef NO_SYSLOG syslogn = 1; #endif status = 0; z0t = 0; lstatus = 0; lz0t = 0; printf("---------------------------------------------------------\n" \ "jellybelly.c v1.0a by Volatile (9/13/99)\n" \ " www.jellybelly.com \n" \ "---------------------------------------------------------\n"); #ifndef NO_SYSLOG if (argc > 1) { if (!(strcmp(argv[1], "-n"))) syslogn = 0; } if (syslogn) { openlog("jellybelly", SYSLOG_OPT, SYSLOG_FAC); pid = fork(); if (pid) { printf("[PID: %d] (Logging to syslog)\n", pid); exit(0); } } #endif signal(SIGALRM, sig_alrm); signal(SIGPIPE, SIG_IGN); while(1) { ret = query_server(); if (ret) parse_server(); sleep(DELAY); } } int query_server(void) { int ret = 0; struct sockaddr_in addr; memset((struct sockaddr_in *)&addr, 0, sizeof(struct sockaddr_in)); addr.sin_family = AF_INET; addr.sin_port = htons(PORT); addr.sin_addr.s_addr = inet_addr(HOST); s = socket(AF_INET, SOCK_STREAM, 0); if (s == -1) return 0; alarm(10); ret = connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)); alarm(0); if (ret == -1) { close(s); return 0; } ret = write(s, QUERY, strlen(QUERY)); if (ret < (strlen(QUERY))) { close(s); return 0; } return 1; } void parse_server(void) { int ret = 0, inc = 0, linc = 0; char *h = NULL, *t = NULL, in[MAX_BUFFER]; inc = 0; memset((char *)in, 0, MAX_BUFFER); z0t = S_OPEN; while(1) { if (!(MAX_BUFFER - inc)) break; alarm(10); ret = read(s, (in + inc), (MAX_BUFFER - inc)); alarm(0); if (ret < 1) break; inc += ret; for (ret = 0, linc = 0, t = h = in; h < (in + inc); *h++) { if ((*h == '\n') || (*h == '\r')) { *h = '\0'; if ((*t != '\n') || (*t != '\r')) { if (!(strncasecmp(t, "Location: ", 10))) { if (lz0t == S_OPEN) { if (status) outuser("The survey has closed"); status = 0; } z0t = S_EARLY; t += 10; if (!(strcmp(t, "http://205.158.47.41/early_US.html"))) { z0t = S_EARLY; if (z0t == lz0t) { if (!status) outuser("Too early"); } else { if (lz0t == S_LATE) outuser("The survey has been reset"); outuser("Too early"); } } else if (!(strcmp(t, "http://205.158.47.41/sorry_US.html"))) { z0t = S_LATE; if (z0t == lz0t) { if (!status) outuser("Too late"); } else outuser("Too late"); } else { outuser("Unknown redirection [EXITING]"); #ifndef NO_SYSLOG if (syslogn) closelog(); #endif exit(0); } status = 1; } } linc += (strlen(t) + 1); *h++; if ((*h == '\n') || (*h == '\r')) { *h++; linc++; } t = h; } } ret = (inc - linc); memcpy((char *)in, (char *)(in + linc), (MAX_BUFFER - ret)); memset((char *)(in + ret), 0, (MAX_BUFFER - ret)); inc = ret; } close(s); if (!z0t) { if (!status) { outuser("\007****************************"); outuser("\007The survey is currently open"); outuser("\007****************************"); status = 1; #ifdef NOISY_CONSOLE beepit(); #endif } else { if (lz0t) { outuser("\007*********************"); outuser("\007The survey has opened"); outuser("\007*********************"); #ifdef NOISY_CONSOLE beepit(); #endif } } } lz0t = z0t; lstatus = status; } void sig_alrm(int x) { signal(SIGALRM, sig_alrm); } void outuser(char *msg) { #ifndef NO_SYSLOG if (!syslogn) { printf("%s\n", msg); return; } syslog(SYSLOG_PRI, *msg == '\007' ? (msg + 1) : msg); #else printf("%s\n", msg); #endif } #ifdef NOISY_CONSOLE void beepit(void) { int i = 0; #ifndef NO_SYSLOG if (!syslogn) { #endif for (i = 0; i < 100; i++) { putchar('\007'); fflush(stdout); usleep(500); } #ifndef NO_SYSLOG } #endif } #endif ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~ -Basic UNIX Commands And What They Are Used For- by: leprekaun (magnum40@lanmine.net) *note* This article is written for those who are getting started in a UNIX environment. Some of these commands are the very most basic and some of them are quite intermediate. Below you will find a list of basic UNIX commands and what they are used for. All of you UNIX guru's that read this article don't send me e-mails flaming me for how lame I am, because these are BASIC commands for UNIX NEWBIES. I hope you enjoy this article as much as I enjoyed writing it. COMMAND------------------------------PURPOSE ls-----------------list files in current directory. whoami-------------your identity (username). who----------------users currently logged into computer. pwd----------------shows current directory. man (command)------basically tells you how to use a command. vi-----------------text editor. gcc----------------unix C compiler (more intermediate than anything). cd-----------------change directory, cd alone returns to home directory. rm (filename)------remove, or delete file. rmdir--------------remove directory. tar -cvf (file.tar) (file/dir)-tar a file. tar -xvf (filename)-untar a file. echo (words)-------echoes what you type. mkdir--------------makes directory. date---------------tells you the current date. chmod--------------change file permissions. lynx---------------web browser. cp-----------------copy. mv-----------------move, or rename. more, cat----------list a file. passwd-------------change password. kill---------------kills a process. logout, exit-------logoff. ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~ Introduction to DHCP part: 1 by spoofy spoofy@713.org http://sgoat.mathnet.org/0code.htm/ This is the first in a set of 3 documents explaining dhcp and how it works. Part 1 will simply provide an introduction to dhcp. It may have spelling and other errors ..if it does feel free to run spell check on it ...trust me i dont mind :) Dhcp stands for Dynamic Host Configuration Protocol. DHCP is used on most local area networks. It allows computers on a IP network to get their config from a server. This server is of course the DHCP server. DHCP is based greatly on a client/server model. This makes it easy as hell to have a large network setup and add computers. Just enable a dhcp client and plug it into the network and you are ready to go. When they start up they will have a IP address assigned to them (static or dynamic) and all the configuration needed to access the network. Just about any idiot can configure a dhcp client. When configuring a dhcp client you do not have to enter a server IP address. The client will broadcast packets until the server assigns it a ip address. If it sounds a lot like BOOTP then you are right. DHCP was based on BOOTP with a few changes. There is no DNS type system setup for DHCP with dhcp you have nothing but IP addresses unless you have a speical setup going. If you have over 300 computers networked via dhcp you wouldnt want only 1 server to handle all those machines. A DHCP server can be backed by another DHCP server. But this is not done through the DHCP protocol. It is done via the "server to server protocol" (read about that somewhere else :P ). The ideas behind DHCP are great, it makes it easy to setup a large local area network quickly. But if you need DNS on the local area network or if you are worried about 1 server handling 300 machines then DHCP may not be for you. DHCP does have some security flaws. It is open to spoofing attacks and I will explain that in the next article and maybe have some source code. In part 2 I will go into more detail on DHCP and in part 3 cover possible exploits and ways to improve the protocol. If I have said something that may be inaccurate feel free to email me with documentation backing your idea or if you simply feel i should include something let me know. spoofy References : The DHCP FAQ http://outland.cyberwar.com/~matrix/data/dhcp-faq.txt RFC 1541 http://www.cis.ohio-state.edu/htbin/rfc/rfc1541.html ^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~ ; Super Simple example of CGI coding in win32 assembly language. ; (c)1999 by Jeremy Collake ; http://webpages.charter.net ; collake@charter.net ; --------------------------------------------------------------- ; ; This little program demonstrates CGI implementation in win32asm. ; It simply dumps the value of all filled CGI environment variables ; to the requesting agent. ; ; extrn ExitProcess:PROC extrn WriteConsoleA:PROC extrn GetStdHandle:PROC extrn WriteFile:PROC extrn ExpandEnvironmentStringsA:PROC extrn lstrcmp:PROC extrn lstrlen:PROC extrn GlobalAlloc:PROC extrn GlobalFree:PROC .486p locals jumps .model flat,STDCALL .data cr equ 0dh lf equ 0ah hstdo dd 0 hMem dd 0 byteswrote dd 0 htmlstart db 'Content-Type: text/html', cr,lf,cr,lf html_pre db 'Jeremy''s CGI Environment Variable Dumper
',0 Separator db ' = ',0 Post db '
',0 htmlends db '',0 EnvVariablePointers: dd offset e1 dd offset e2 dd offset e3 dd offset e4 dd offset e5 dd offset e6 dd offset e7 dd offset e8 dd offset e9 dd offset ea dd offset eb dd offset ec dd offset ed dd offset ee dd offset ef dd offset e10 dd offset e11 dd offset e12 dd offset e13 dd 0 EnvVariables: e1 db '%SERVER_SOFTWARE%',0 e2 db '%SERVER_NAME%',0 e3 db '%GATEWAY_INTERFACE%',0 e4 db '%SERVER_PROTOCOL%',0 e5 db '%SERVER_PORT%',0 e6 db '%REQUEST_METHOD%',0 e7 db '%PATH_INFO%',0 e8 db '%PATH_TRANSLATED%',0 e9 db '%SCRIPT_NAME%',0 ea db '%QUERY_STRING%',0 eb db '%REMOTE_HOST%',0 ec db '%REMOTE_ADDR%',0 ed db '%AUTH_TYPE%',0 ee db '%REMOTE_USER%',0 ef db '%REMOTE_IDENT%',0 e10 db '%CONTENT_TYPE%',0 e11 db '%CONTENT_LENGTH%',0 e12 db '%HTTP_ACCEPT%',0 e13 db '%HTTP_USER_AGENT%',0 .code start: call GetStdHandle,-11 mov hstdo,eax call WriteString,offset htmlstart lea esi,EnvVariablePointers jmp mEnvLoop EnvLoop: call GlobalFree,hMem mEnvLoop: lodsd or eax,eax jz EnvLoopEnds mov edi,eax call GlobalAlloc,64,101h mov hMem,eax call ExpandEnvironmentStringsA, edi, eax, 100h call lstrcmp,hMem,dword ptr [esi-4] jz EnvLoop call WriteString,dword ptr [esi-4] call WriteString,offset Separator call WriteString,hMem call WriteString,offset Post jmp EnvLoop EnvLoopEnds: call WriteString,offset htmlends call ExitProcess,0 GetSHandle proc ret GetSHandle endp WriteString proc pString:DWORD call lstrlen,pString call WriteFile,hstdo,pString,eax,offset byteswrote,0 ret WriteString endp end start ends ^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~ [the signal game] small guide on how to handle signals sent to your program, in C. written and produced by: pablo This was written due to my lack of time for a decent project. Hopefully, next time I'll have a project to share with you all. Let it be known that this was written in Linux. Since I wrote this with little thought, it was meant to be read by a unix neophyte. WARNING: This is *not* in-depth. Novices may not be educated. * what the hell is a signal? Lets start out with a small example: [/home/presonic] # ps uax | grep named root 342 0.0 0.9 1004 612 ? S 15:23 0:00 named [/home/presonic] # kill -9 342 I'm sure anyone thats spent over 24 hours in a Unix environment has done this before. I just signal number 9 to the PID (process ID) 342. Well what is signal number 9? Lookie here: [/home/presonic] $ grep -w 9 /usr/include/signum.h #define SIGKILL 9 /* Kill, unblockable (POSIX). */ So, we see here, that signal 9 is the KILL signal. This KILL signal is unblockable by the process. This is both a good thing, and a bad thing. The advantage, obviously, is to stop someone or something from creating an unkillable process. The disadvantage would come when this signal is sent while sensitive data is being written or handled, which could lead to corruption. Now lets take a look at some more signals. #define SIGSEGV 11 /* Segmentation violation (ANSI). */ I'm sure you've seen this one. This is a signal that would be sent by the kernel when the process has done something wrong. For example, buffer overflows. When a program overflows a string, the kernel tells it by sending signal 11 (SIGSEGV) to the processes PID. #define SIGWINCH 28 /* Window size change (4.3 BSD, Sun). */ Though you might not know it, this signal is sent everytime you change the size of your xterm (this is only an example). This lets the proper process (pine, pico) reorganize itself so it looks good no matter how many times the window size is changed. #define SIGINT 2 /* Interrupt (ANSI). */ You send this signal everytime you ^C out of a program. (Linux) Now should understand a little better what a signal is and how very important it is to every UNIX variant. Please refer to /usr/include/signum.h for more signals. * playing the signal game. Now its time to code. Keep in mind that you can stop/ignore all signals *except* for SIGKILL and SIGSTOP. If you *could* block all signals, then it would be possible to make a process that couldn't be killed (this would be bad). Be default, most programs don't need to worry about signals. Your program will respond to the signals that matter. Some signals just terminate your process. Some terminate with a core dump. With signals you can actually pause a process, and resume it later. When you exit a program with a ^Z (again, Linux) you are actually pausing it. The signal SIGSTOP is sent, and the program stops dead in its tracks. You can then resume the program by sending a SIGCONT (signal continue). Resuming something that is ^Z'd could either be done by fg, or bg, depending on the action you want to have take place (other commands can STOP/RESUME PID'S, but that isn't what I'm here to write about). NOTE: Signal catching is also important for gui applications. When a window manager trys to kill a process, a signal is sent, and by default the application quits. Some gui applications would need to catch the signal to save configuration files and such before exiting. In order to catch a signal, we must specify to the kernel which function we want to be called. Consider this "binding" a signal to a function. Now. Lets write an example program that catches the SIGINT signal. /******************** CUT HERE ********************/ /* signal.c example signal handling gcc -o signal signal.c */ #include #include /* needed for all signal handling. */ static void sig_stop(int); int main() { if(signal(SIGINT, sig_stop) == SIG_ERR) perror("error catching signal"); /* in case signal() fails */ getchar(); } static void sig_stop(int sig_number) /* sig_number would be the 0 number */ { printf("j00 c4n n0t st0p m3. (signal number: %d)\n",sig_number); perror("signal"); } /******************** CUT HERE ********************/ Compile that. Run it. Then try to interrupt it (^C). As you can see, the interrupt signal (SIGINT) was caught, and our function was called instead of having the default action take place (normally it terminates). * the end. You've heard me babble enough. You've seen the light. For more information: man signal man sigaction/sigprocmask/sigpending/sigsuspend advanced unix programming by w. richard stevens. (ISBN 0-201-56317-7) bye. EOF ^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~ PC Based PBX Terms by pbxphreak ACD - automatic call distribution systems distribute incoming calls among banks of call handling agents. They manage queues of on-hold callers and use flexible call balancing algorithms to determine which agent recieves each call Automated Attendant - auto-attendant is a software module that lets you create voice menus to handle incoming calls. Auto-attendants provide a large selection of call-routing and notification options, as well as the ability to create complex multilevel menu systems. Caller ID popups - are floating windows that appear on the user's screen when an incoming call arrives. Using Caller ID and stored database records to identify the caller, they let users screen incoming calls and define caller specific greetings and routing procedures. Call notification - is a phone-system feature that sends an automatic alert via pager, by fax, or to an internal or external phone number when a user receives voice mail. Console programs - are applications that let administrators, operators and users manage calls with a mouse or keyboard but without using a telephone touch pad. Calls may appear in pop-up windows, in drop-down lists, or in any of the ways that windows applications can display information. Better phone systems include remotecontrol console applications accessible through a connection to the Internet. Extensions - are virtual phone numbers assigned to a PBX's internal lines. In most cases, each user's telephone handset has a unique extension number. IVR - interactive voice response systems add database functionality to a standard auto attendant. They can be used to create sophisticated voice applications that report bank account balances or look up credit card transactions. Operator - is a live person who manually receives and transfers calls, sets up conference calls, and performs other call-handling operations. Most PBX systems can be run with an operator, an auto attendant, or both. PBX - private branch exchange is an in-house phone system that uses switching functions to share a relatively small bank of trunk lines among a larger number of extensions. Modern PBXs also include extensive selections of call-handling, routing, and notification features. PBX administrator - person who manages the phone system, performing tasks such as adding and moving extensions, configuring features, training users, and resolving hardware and software problems. In smaller businesses, the administrator may act merely as a liaison to manufacturers and service organizations that perform these tasks. Port - is a physical interface that can be connected to either a trunk line or a telephone extension. In a PC PBX, ports are provided by add-in telephony cards. PSTN - public switched telephone network is a public telephone system. T1 line - is a high-speed 1.5-Mbps phone line that can carry 24 analog phone calls at a time. Most carriers offer T1 trunks for a fraction of the cost of 24 single-channel lines. Toll quality - is the quality of sound produced by traditional analog telephone systems. Trunk lines - are external phone lines leased from your local phone company. ^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~ A look at SMTP by lusta... Simple Mail Transfer Protocol (SMTP) is to transfer's mail.SMTP is independent of the transmission subsystem and requires an ordered data stream channel. Maybe this will offer a kind of insight to the process of mail transfer. SMTP is capable of relaying mail across transport service environments. A transport service provides an interprocess communication environment (IPCE). An IPCE may cover one network, several networks, or a subset of a network. A process can communicate directly with another process through any known IPCE. Mail can be communicated between processes in different IPCEs by relaying through a process connected to two (or more) IPCEs. More specifically, mail can be relayed between hosts on different transport systems by a host on both transport systems. As the result of a user mail request, the sender establishes a two-way transmission channel to a receiver. The receiver may be either the ultimate destination or an intermediate. SMTP commands are generated by the sender and sent to the receiver. SMTP replies are sent from the receiver to the sender in response to the commands. Once the transmission channel is established, the sender sends a command indicating the sender of the mail. If the receiver can accept mail it responds with an OK reply. The sender then sends a RCPT command identifying a recipient of the mail. If the receiver can accept mail for that recipient it responds with an OK reply; if not, it responds with a reply rejecting that recipient (but not the whole mail transaction). The dialog is purposely one-at-a-time. ------------------------------------------------------------- +----------+ +----------+ +------+ | | | | | User | | | SMTP | +------+____| Sender- |Commands/Replies| Receiver-| _______ +------+ | SMTP |----------------| |----|SMTP | | File | | | | & Mail | | || File | |System| | | | | |System| +------+ +----------+ +----------+ +------+ Sender Receiver To be able to provide the relay the server must be supplied with the name of the ultimate destination host as well as the destination mailbox name. The argument to the mail command is a reverse-path, which specifies who the mail is from. The argument to the RCPT command is a forward-path, which specifies who the mail is to. The forward-path is a source route, while the reverse-path is a return route. There are three steps to SMTP mail transactions. The transaction is started with a mail command which gives the sender identification. A series of one or more RCPT commands follows giving the receiver information. Then a command gives the mail data. And finally, data indicator confirms the transaction. I hope this offers a little insight on the process of SMTP, as email has become almost a necessity for performance in even common personal and professional communication and file transfer. ~lusta ^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~ That's it for this issue... __ Special thanks to everyone contributing. w c(..)o ( \__(-) __) Much love to b4b0, 9x, phrack, and /\ ( alpha. ;) /(_)___) w /| | \ m m