ADVISORY #1: NULL TERMINATING STRINGZ PROBLEM: EREBUS/HOLOGRAM/STRINGZ/CAPZLOCK/DMCA/PROPHET/BLACKFIST IS AN IDIOT SOLUTION: KILL HIM hi what is this black fist shit i think this is the stupidest bunch of crap ive ever seen in my life why was the black fist started? because dmca was cast out of #phrack.... isnt it funny that people with 0 skills that cant hack or code can only come up with a bunch of stupid rhetoric about implanting memes and threatening people? lets look at the history of stringz stringz started off as a young, neglected, and lonely boy who started ircing in #hackphreak on undernet.... there he would have chats with respected members of the security community such as robin of loxley, celeste, and the digital ebola of legions underground 2000 hacking he would share his expertise with WINDOWS VIRUS THEORY AND THE PORTABLE EXECUTABLE FORMAT with fellow hackers from brazil, brunei, and pakistan sometimes this "EREBUS," the self proclaimed "phreezer burner," the "codito ergo sum" if you will, in this clever adaptation of descarte's first meditations on philosophy, the "cannabis coder" would see cool people join #hackphreak from famous scene shellz and msg them asking to join their group or get a shell. unfortunately nobody liked him and he was condemned to irc from his ipt.aol.com nonsense host for eternity then things started to change with the anti-sec movement. erebus found a group of people he could latch on to, and began to live his life vicariously through the rantings of the anonymous paradox, antinsa, and abc123. he made a bunch of dumbass postings as EREBUS, was laughed at... but at least here on the antisec forum, cool people like DUGSONG and eugene spafford and plaguez read his posts. he aligned himself with antisecurity several times, then switched his affiliations, like the confused transexual genderbender that he is privately however, erebus was not an emotionally stable young boy he confessed that he wanted to support antisecurity in his heart but couldnt, since he was too stupid to code exploits for himself and too dumb to audit code to find holes, and since nobody liked him, he couldnt get 0day thus, if only young erebus could find 0day, he could support antisecurity, but alas, he could not.... keep a hold of this thought because it will resurface later in his turbulent psychological developments into a lamer erebus soon turned into hologram/stringz and started ircing on cooler networks from a real shell this began the true metamorphosis from erebus the reserved idiot to stringz, the loud village idiot sometime during this period, he renounced his former blackhat idols, and began calling them posers. after a brief stint with his most cleverly disguised site called signal-11.com, which he irc'ed from, and used to host his CAPZLOCK hacking advisory group to mimic gobbles (whom he incidentally now hates) and later denied involvement in capzlock, he published a scathing fake exploit called jizzy.c which he assigned to the names of 'ronin/jimjones' he used the same wonderful scorpion parable in this fake exploit that he did in his CAPZLOCK advisory, then denied the irrefutable link.... it is funny that the proponent of truth is unable to confess to his own actions now, other developments were occuring during this time tho i am not a 'stringz historian' and i can not accurately place the chronology of these events on a biographical timeline of his life, EREBUS/STRINGZ rejected his BLACKHAT Principlez to become an esteemed researcher for both fatelabs and snosoft, where he helped KF research local tru64 vulnerabilities on the compaq testbed network, and used his proficiency in the C programming language to optimize the boyer-moore string manipulation routines in the fatelabs in-house proprietary DOD endorsed ids system. he capped off his illustrious career of writing $50 snosoft exploits by publishing his brilliant artsd format bug to bugtraq under an assumed identity yet again (which he again denied). this bug has been used by malicious hackers to locally compromise 2 known desktop computers in the seoul national university computer science laboratories which were breached with guest:guest accounts. it is stringz who perfected the login:login username/password tuple method of penetration testing, as shown in ~el9.1 where does this leave us today? today stringz aka DMCA hates #phrack and everybody else in the scene simply because they hate him. he wants to expose everybody because he is the last true blackhat. he wants to kill gobbles because gobbles is actually funny, and his own failed pustule of a satyrical advisory group made him an internet laughing stock. what do we know about stringz? strings can not hack, or code. remember this... this is why 'RAPE/black fist' wants you to contribute exploits! is it any wonder why his ridiculous site has no proof or code or substance... only meaningless vitriol? whats even funnier is that in his attempts to become the next blackh@ cicero he simply embarrasses himself further by misspelling words, choosing adjectives poorly, and implementing poor subject-verb agreement. that's ok because stringz is a computer science student and you will know he is a computer science student when you see his code.... with lovely formatting, verbose headers and comments, and sharply defined funtion prototypes this, my friend, is the essence of CAPZLOCK, one danny dilber Phone: (573) 341-9671 Address: Mcanerney E/c,210b Univ. Of Missouri Rolla, MO 65401 Email Address: ddz54@umr.edu THIS IS STRINGZ STRINGZ IS A HACKER HE USES NMAP less anti-dmca.txt Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) Interesting ports on (208.201.249.8): (The 1545 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 79/tcp open finger 80/tcp open http 110/tcp open pop-3 443/tcp open https 587/tcp open submission Nmap run completed -- 1 IP address (1 host up) scanned in 10 seconds STRINGZ HAS BEEN KNOWN TO HACK IN THE UNIX ENVIRONMENT IN HIS RESTLESS PURSUIT TO BECOME ONE WITH THE COMPUTER less dtors.c #include void yo(void) __attribute__ ((destructor)); int main(void) { while(1) printf("."); return 0; } void yo(void) { printf("I EVADED KILL -9 !@#$%%!"); } vi kungf00.c /* kungf00 v3.1337 ]------------------------------------------------ */^M /* */^M /* 4u7h0r: DMCA */^M /* */^M /* syn0ps1s: kungf00 s17z 0n 4n 1RC ch4nn3l 4nd w1ll sc4n j01n1ng */^M SHIT I DONT HAVE DOS2UNIX ON THIS BOX LEMME TRY SOMETHING ELSE less kungf00.c /* kungf00 v3.1337 ]------------------------------------------------ */ /* */ /* 4u7h0r: DMCA */ /* */ /* syn0ps1s: kungf00 s17z 0n 4n 1RC ch4nn3l 4nd w1ll sc4n j01n1ng */ /* us3rz ph0r 4 vuln3r4bl3 v3rs10n 0f ap4ch3 7h47 c4n b3 */ /* expl0173d by ap4ch3-n0s3j0b. kungf00 7h3n m3ss4g3z 4 */ /* sp3c1f13d us3r 7h3 d3t41lz 4nd l0gz 1nf0. */ /* */ /* DO NOT DISTRIBUTE ! DO NOT DISTRIBUTE ! DO NOT DISTRIBUTE */ /* */ /* ----------------------------------------------------------------- */ /* KILL WHITEHATS. KILL WHITEHATS. KILL WHITEHATS. KILL WHITEHATS. */ /* */ /* INSTRUCTIONS: */ /* */ /* /msg bot_name -join #phrack // join a specific channel */ /* /msg bot_name -part #phrack // part a specific channel */ /* /msg bot_name -nick botname // change bot's nick */ /* */ /* KILL WHITEHATS. KILL WHITEHATS. KILL WHITEHATS. KILL WHITEHATS. */ #include #include #include #include #include #include #include #define NICK "kungf00" #define REGISTER "user kungf00 kungfo0 kungf0o :MY KUNGF00 0WNZ J00" #define QUITMSG "QUIT :1 w1ll 0wn 7h3 wh173h47z.\n" #define PORT 80 #define G "\033[1;32m" // GREEN #define W "\033[1;37m" // WHITE int sigshit(void); int usage(char *cmdname); void check(char *mesg, int sockfd); int audit(char *host); int main(int argc, char *argv[]) { int s; char buf[4096]; struct hostent *he; struct sockaddr_in sin; printf("\n[kungf00 v3.1337] by DMCA\n\n"); if(argc != 3) usage(argv[0]); signal(SIGINT, (void *) sigshit); signal(SIGTERM, (void *) sigshit); if((he = gethostbyname(argv[1])) == 0) { fprintf(stderr, "[-] Unable to resolve host (%s)\n", argv[1]); exit(EXIT_FAILURE); } sin.sin_family = AF_INET; sin.sin_port = strtoul(argv[2], NULL, 10); sin.sin_addr = *((struct in_addr *)he->h_addr); if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "[-] ERROR: fatal socket error\n\n"); exit(EXIT_FAILURE); } if(connect(s, (struct sockaddr *)&sin, sizeof(sin)) == -1) { fprintf(stderr, "[-] ERROR: unable to connect to host (%s:%s), argv[1], argv[2]); exit(EXIT_FAILURE); } buf[0] = '\0'; snprintf(buf, "%s\n", REGISTER); if((send(s, buf, sizeof(buf), 0)) == -1) { fprintf(stderr, "[-] ERROR: unable to send data\n\n"); exit(EXIT_FAILURE); } buf[0] = '\0'; : snprintf(buf, "NICK %s\n", NICK); if((send(s, buf, sizeof(buf), 0)) == -1) { fprintf(stderr, "[-] ERROR: unable to send data\n\n"); exit(EXIT_FAILURE); } buf[0] = '\0'; while(1) { for (i = 0; i < sizeof(buf); i++) buf[i] = '\0'; recv(sockfd, buf, sizeof(buf), 0); printf("%s%s", W, buf); check(buf, sockfd); } close(s); exit(EXIT_SUCCESS); } void check(char *mesg, int sockfd) { char *ptr, parse[1024]; int i = 0; int pid; int status; if(ptr = (char *) strstr(mesg, "PING :")) { strcpy(parse, "PONG "); strcat(parse, strstr(ptr, ":") + 1); strcat(parse, "\n"); send(sockfd, parse, strlen(parse), 0); } if(ptr = (char *) strstr(mesg, "-join ")) { strcpy(parse, "JOIN "); strcat(parse, strstr (ptr, " ") + 1); strcat(parse, "\n"); send(sockfd, parse, strlen(parse), 0); } if(ptr = (char *) strstr(mesg, "-part ")) { strcpy(parse, "PART "); strcat(parse, strstr (ptr, " ") + 1); strcat(parse, "\n"); send(sockfd, parse, strlen(parse), 0); } if(ptr = (char *) strstr(mesg, "-nick ")) { snprintf(parse, sizeof(parse), "NICK %s\n", strstr(ptr, " ") + 1); send(sockfd, parse, strlen(parse), 0); } if(ptr = (char *) strstr(mesg, "JOIN ")) { ptr = (char *) strstr(mesg, "@") + 1; while (ptr[i] != ' ') i++; ptr[i] = '\0'; pid = fork(); if(pid < 0) { fprintf(stderr, "\n[-] ERROR: fork() failure\n\n"); exit(EXIT_FAILURE); } else if(pid == 0) { audit(ptr); } else { wait(&status); } } } int audit(char *host) { int s; struct hostent *he; struct sockaddr_in sin; char buf[4096]; if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "[-] ERROR: fatal socket error\n"); return(-1); } target.sin_family = AF_INET; target.sin_port = htons(PORT); if((he = gethostbyname(host)) == 0) { fprintf(stderr, "[-] ERROR: Unable to resolve host\n", host); return(-1); } target.sin_addr = *((struct in_addr *)he->h_addr); if(connect(s, (struct sockaddr *)&target, sizeof(target)) == -1) { : fprintf(stderr, "[-] ERROR: unable to connect to host\n", host); return(-1); } if((send(s, "HEAD / HTTP/1.0\r\n\r\n", 19, 0)) == -1) { fprintf(stderr, "[-] ERROR: unable to send data\n"); return(-1); } else if((recv(s, buf, 4096, 0) == -1)) { fprintf(stderr, "[-] ERROR: unable to receive data\n"); return(-1); } else { if(strstr(buf, "1.3.12") { printf("%s : Apache v1.3.12 : NOSEJOB - NetBSD 1.5.2\n", host); } else if(strstr(buf, "1.3.20") { printf("%s : Apache v1.3.20 : NOSEJOB - NetBSD 1.5.2,\n" "\tOpenBSD 3.0, OpenBSD 3.1\n", host); } else if(strstr(buf, "1.3.22") { printf("%s : Apache v1.3.22 : NOSEJOB - NetBSD 1.5.2,\n" "\tOpenBSD 3.0\n", host); } else if(strstr(buf, "1.3.23") { printf("%s : Apache v1.3.23 : NOSEJOB - NetBSD 1.5.2,\n" "\tFreeBSD 4.5, OpenBSD 3.1\n", host); } else if(strstr(buf, "1.3.24") { printf("%s : Apache v1.3.24 : NOSEJOB - NetBSD 1.5.2,\n" "\tOpenBSD 3.0, OpenBSD 3.1\n", host); } else { return 0; } } return 0; } int sigshit(void) { printf ("\n%sBYE BYE !!!%s\n\n", G, W); send(sockfd, QUITMSG, strlen(QUITMSG), 0); exit(EXIT_SUCCESS); } int usage(char *cmdname) { printf("Usage: %s \n\n", cmdname); exit(EXIT_FAILURE); } (END) SOMEBODY IS OBSESSED WITH RONIN less ~holo/statdx2.c /** * *** statdx2 (the successor of statdx) * *** Linux rpc.statd remote root exploit * *** by ron1n * *** October 10, 2000 * *** * *** $ ./statdx2 -h * *** WHAT OTHER LAMENESS CAN WE DIG UP banscan.c -------------- /*-------------------------------------------------------------------*/ /* banscan v1.00 */ /* */ /* Author : hologram */ /* */ /* Synopsis : banscan will scan a file of IP addresses or */ /* hostnames for a user-supplied banner on a daemon */ /* listening on a specified port. The file should contain */ /* a hostname or an IP address, with each new host */ /* separated by a newline. banscan is a vital tool for */ /* those wishing to scan multiple hosts for new */ /* vulnerabilities each time a daemon becomes susceptible */ /* to attack. No key element is hard-coded, thus banscan */ /* can repeatedly scan for varying daemons. */ /* */ /* This code compiles on Windows and UNIX variants. */ /* */ /* Usage : banscan "banner" */ /* */ /*-------------------------------------------------------------------*/ #include #include #include #include #ifndef WIN32 #include #include #include #include #define closesocket close #else #include #define snprintf _snprintf #pragma comment(lib, "ws2_32") #endif int usage(char *cmdname); int main(int argc, char *argv[]) { FILE *fp; char line[1024]; char host[256]; char buf[4096]; char *token; int s; unsigned short p; struct hostent *he; struct sockaddr_in target; #ifdef WIN32 WSADATA wsd; #endif printf("\n[banscan v1.00]\n"); printf("[By]: hologram \n\n"); if(argc != 4) usage(argv[0]); p = atoi(argv[3]); #ifdef WIN32 if(WSAStartup(MAKEWORD(1,1), &wsd) != 0) { fprintf(stderr, "[-] Failed to load Winsock\n"); WSACleanup(); exit(EXIT_FAILURE); } #endif target.sin_family = AF_INET; target.sin_port = htons(p); if((fp = fopen(argv[1], "r")) == NULL) { fprintf(stderr, "\n[-] Error: problem opening hostfile (%s)\n", argv[1]); exit(EXIT_FAILRE); } printf("[+] Now scanning...\n\n"); while(fgets(line, sizeof(line), fp) != NULL) { token = strtok(line, "\n"); snprintf(host, sizeof(host), "%s", token); if((he = gethostbyname(host)) == 0) { fprintf(stderr, "[-] Unable to resolve host (%s)\n", host); exit(EXIT_FAILURE); } if(he) { target.sin_addr = *((struct in_addr *)he->h_addr); if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "\n[-] Fatal socket error\n"); exit(EXIT_FAILURE); } if(connect(s, (struct sockaddr *)&target, sizeof(target)) != -1) { if((recv(s, buf, 4096, 0) == -1)) { fprintf(stderr, "\n[-] Unable to receive data\n"); exit(EXIT_FAILURE); } else { if(strstr(buf, argv[2])) { printf(" %s : FOUND (%s)\n", host, argv[2]); } else { printf(" %s : NOT FOUND\n", host); } } } closesocket(s); buf[0] = '\0'; } host[0] = '\0'; } printf("\n[+] Finished\n\n"); exit(EXIT_SUCCESS); } int usage(char *cmdname) { printf("[Purpose]: banscan will scan a file of IP addresses or\n"); printf(" hostnames for a user-supplied banner on a\n"); printf(" daemon listening on a specified port.\n"); printf("\n[Usage]:\n"); printf("\n%s \"banner\" \n\n", cmdname); printf(" : File containing list of hosts to scan. The\n"); printf(" file should contain a hostname or an IP address,\n"); printf(" with each new host separated by a newline.\n"); printf(" \"banner\" : Banner to search for. Please place in\n"); printf(" quotation marks, if necessary.\n"); printf(" : The default port of the listening TCP daemon\n"); printf(" to be scanned.\n"); exit(EXIT_FAILURE); } -------------- r2i.c -------------- /*-------------------------------------------------------------------*/ /* range2ipfile [r2i] v1.00 */ /* */ /* Author : hologram */ /* */ /* Synopsis : r2i will intake a user-supplied IP address range and */ /* create a file containing all of the IP addresses. */ /* range2ipfile was created for use in programs reading */ /* hosts from a file. */ /* */ /* The code compiles on Windows and UNIX variants. */ /* */ /* Usage : r2i */ /* */ /*-------------------------------------------------------------------*/ #include #ifdef WIN32 #include #pragma comment (lib, "ws2_32") #else #include #include #endif int usage(char *progname); int main(int argc, char *argv[]) { FILE *ipFile; unsigned long startIP, endIP, counter; struct sockaddr_in sin; #ifdef WIN32 WSADATA wsd; #endif printf("\n[range2ipfile v1.00]\n"); printf("[By]: hologram \n\n"); if(argc != 4) usage(argv[0]); #ifdef WIN32 if(WSAStartup(MAKEWORD(1,1), &wsd) != 0) { fprintf(stderr, "[-] Failed to load Winsock\n\n"); WSACleanup(); exit(EXIT_FAILURE); } #endif if((startIP = inet_addr(argv[1])) == INADDR_NONE) { fprintf(stderr, "[-] (%s) is an invalid IP Address\n\n", argv[1]); exit(EXIT_FAILURE); } if((endIP = inet_addr(argv[2])) == INADDR_NONE) { fprintf(stderr, "[-] (%s) is an invalid IP Address\n\n", argv[2]); exit(EXIT_FAILURE); } if((ipFile = fopen(argv[3], "w")) == NULL) { fprintf(stderr, "[-] Error opening ipFile (%s)\n\n", argv[3]); exit(EXIT_FAILURE); } printf("[+] Now processing...\n\n"); for(counter = ntohl(startIP); counter <= ntohl(endIP); counter++) { memset(&sin, 0, sizeof(sin)); sin.sin_addr.s_addr = htonl(counter); fprintf(ipFile, "%s\n", inet_ntoa(sin.sin_addr)); } printf("[+] Finished\n\n"); fclose(ipFile); exit(EXIT_SUCCESS); } int usage(char *progname) { printf("[Purpose]: r2i will intake a user-supplied IP address range\n"); printf(" and create a file containing all of the IP\n"); printf(" addresses.\n\n"); printf("[Usage]: %s \n\n", progname); exit(EXIT_FAILURE); }-------------- shatcmd.c -------------- /*-------------------------------------------------------------------*/ /* shatcmd v1.00 */ /* */ /* Author : hologram */ /* */ /* Synopsis : shatcmd will use a wordlist to attempt to find all */ /* subdomains of a particular hostname. This is useful */ /* for occurences of where zone transfers (axfr) are */ /* unavailable. */ /* */ /* This code compiles on Windows and UNIX variants. */ /* */ /* Usage : shat [ wordlist ] */ /* */ /*-------------------------------------------------------------------*/ #include #ifdef WIN32 #include #pragma comment (lib, "ws2_32") #define snprintf _snprintf #else #include #include #include #include #endif #include int usage(char *progname); int main(int argc, char *argv[]) { FILE *fp; struct hostent *he; char host[256]; char line[1024]; char *token; #ifdef WIN32 WSADATA wsd; #endif printf("\n[shatcmd v1.00]\n"); printf("[By]: hologram \n\n"); if((argc != 2) && (argc != 3)) usage(argv[0]); #ifdef WIN32 if(WSAStartup(MAKEWORD(1,1), &wsd) != 0) { fprintf(stderr, "[-] Failed to load Winsock\n\n"); WSACleanup(); exit(EXIT_FAILURE); } #endif if(argc == 3) { if((fp = fopen(argv[2], "r")) == NULL) { fprintf(stderr, "[-] Problem opening wordlist (%s)\n\n", argv[2]); exit(EXIT_FAILURE); } } else { if((fp = fopen("hosts.txt", "r")) == NULL) { fprintf(stderr, "[-] Problem opening wordlist (hosts.txt)\n\n"); exit(EXIT_FAILURE); } } printf("[+] Now processing...\n\n"); while(fgets(line, sizeof(line), fp) != NULL) { token = strtok(line, "\n"); snprintf(host, sizeof(host), "%s.%s", token, argv[1]); if(he = gethostbyname(host)) printf(" %s : FOUND\n", host); memset(host, 0, 256); } printf("\n[+] Finished\n\n"); exit(EXIT_SUCCESS); } int usage(char *progname) { printf("Purpose: shatcmd will use a wordlist to attempt to find\n"); printf(" all subdomains of a particular hostname. If no\n"); printf(" wordlist is supplied, the file \"hosts.txt\" will\n"); printf(" be used, if possible.\n\n"); printf("Usage: %s [ wordlist ]\n\n", progname); exit(EXIT_FAILURE); } -------------- tildee.c -------------- /*-------------------------------------------------------------------*/ /* tildee v1.00 */ /* */ /* Author : hologram */ /* */ /* Synopsis : tildee will connect to a HTTP daemon and will use a */ /* wordlist to brute force accounts by requesting for */ /* [target]/~[username]. The concept is that many users */ /* have web serving capabilities in the /home/[username] */ /* directory (typically in /home/[username]/public_html), */ /* and by checking for their web presence, it is possible */ /* to attain a list of user accounts. */ /* */ /* This code compiles on Windows and UNIX variants. */ /* */ /* Usage : tildee */ /* */ /*-------------------------------------------------------------------*/ #include #ifdef WIN32 #include #pragma comment (lib, "ws2_32") #define snprintf _snprintf #define close closesocket #else #include #include #include #include #define SOCKET int #endif #include #define PORT 80 int usage(char *progname); int main(int argc, char *argv[]) { char buf[4096]; char line[256]; char request[1024]; SOCKET s; FILE *fp; char *username; struct hostent *he; struct sockaddr_in target; #ifdef WIN32 WSADATA wsd; #endif printf("\n[tildee v1.00]\n"); printf("[By]: hologram \n\n"); if(argc != 3) usage(argv[0]); #ifdef WIN32 if(WSAStartup(MAKEWORD(1,1), &wsd) != 0) { fprintf(stderr, "[-] Failed to load Winsock\n\n"); WSACleanup(); exit(EXIT_FAILURE); } #endif target.sin_family = AF_INET; target.sin_port = htons(PORT); if((he = gethostbyname(argv[1])) == 0) { fprintf(stderr, "[-] Unable to resolve host (%s)\n\n", argv[1]); exit(EXIT_FAILURE); } target.sin_addr = *((struct in_addr *)he->h_addr); if((fp = fopen(argv[2], "r")) == NULL) { fprintf(stderr, "[-] Problem opening wordlist (%s)\n\n", argv[2]); exit(EXIT_FAILURE); } if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "[-] Fatal socket error\n\n"); exit(EXIT_FAILURE); } if((connect(s, (struct sockaddr *)&target, sizeof(target))) == -1) { fprintf(stderr, "[-] Unable to connect to host (%s:%s)\n\n", argv[1], PORT); exit(EXIT_FAILURE); } close(s); printf("[+] Now auditing...\n\n"); while(fgets(line, sizeof(line), fp) != NULL) { username = strtok(line, "\n"); snprintf(request, sizeof(request), "GET /~%s HTTP/1.0\r\n\r\n", username); if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "[-] Fatal socket error\n\n"); exit(EXIT_FAILURE); } if((connect(s, (struct sockaddr *)&target, sizeof(target))) == -1) { fprintf(stderr, "[-] Unable to connect to host (%s:%s)\n\n", argv[1], PORT); exit(EXIT_FAILURE); } if(send(s, request, strlen(request), 0) == -1) { fprintf(stderr, "[-] Unable to send data\n\n"); exit(EXIT_FAILURE); } else if((recv(s, buf, 4096, 0) == -1)) { fprintf(stderr, "[-] Unable to receive data\n\n"); exit(EXIT_FAILURE); } else { if(!strstr(buf, "404")) { printf(" %s : VERIFIED\n", username); } memset(buf, 0, 4096); memset(request, 0, 256); close(s); } } printf("\n[+] Finished\n\n"); exit(EXIT_SUCCESS); } int usage(char *progname) { printf("[Purpose]: tildee will connect to a HTTP daemon and will\n"); printf(" use a wordlist to brute force accounts by\n"); printf(" requesting for http://[target]/~[username].\n\n"); printf("[Usage]: %s \n\n", progname); exit(EXIT_FAILURE); } -------------- towhom.c -------------- /*--------------------------------------------------------------------*/ /* towhom v1.0 */ /* */ /* Author : hologram */ /* */ /* Purpose : towhom is an interface to ARIN, RIPE, and APNIC whois */ /* databases. It performs reverse IP address and keyword */ /* lookups to determine ownership of IPv4 address spaces. */ /* */ /* This code compiles on Windows and UNIX variants. */ /* */ /* Usage : towhom [ server ] */ /* */ /*--------------------------------------------------------------------*/ #include #ifdef WIN32 #include #pragma comment (lib, "ws2_32") #define close closesocket #define snprintf _snprintf #else #include #include #include #include #define SOCKET int #endif #include #define WPORT 43 #define ARIN "whois.arin.net" #define RIPE "whois.ripe.net" #define APNIC "whois.apnic.net" #pragma comment(lib, "ws2_32") int usage(char *cmdname); int stdwhois(char *keyword, char *host); int main(int argc, char *argv[]) { #ifdef WIN32 WSADATA wsd; #endif if((argc != 2) && (argc != 3)) usage(argv[0]); #ifdef WIN32 if(WSAStartup(MAKEWORD(1,1), &wsd) != 0) { printf("\n[-] Failed to load Winsock\n"); WSACleanup(); exit(EXIT_FAILURE); } #endif if(argc == 2) stdwhois(argv[1], NULL); if(argc == 3) stdwhois(argv[1], argv[2]); return 0; } int usage(char *cmdname) { printf("\n[ToWhom v1.00]\n"); printf("[By]: hologram \n\n"); printf("[Usage]: %s [ server ]\n", cmdname); exit(EXIT_FAILURE); } int stdwhois(char *keyword, char *host) { SOCKET s; struct hostent *he; struct sockaddr_in sin; char buf[256]; char recvbuf[4096]; snprintf(buf, sizeof(buf), "%s\r\n\r\n", keyword); sin.sin_family = AF_INET; sin.sin_port = htons(WPORT); if(host == NULL) { if((he = gethostbyname(ARIN)) == 0) { fprintf(stderr, "\n[-] Unable to resolve host (%s)\n", host); exit(EXIT_FAILURE); } if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "\n[-] Fatal socket error\n"); exit(EXIT_FAILURE); } sin.sin_addr = *((struct in_addr *)he->h_addr); if((connect(s, (struct sockaddr *)&sin, sizeof(sin))) == -1) { fprintf(stderr, "\n[-] Unable to connect to host (%s)\n", host); exit(EXIT_FAILURE); } if((send(s, buf, strlen(buf), 0)) == -1) { fprintf(stderr, "\n[-] Unable to send data\n"); exit(EXIT_FAILURE); } memset(recvbuf, 0, 4096); while(recv(s, recvbuf, 4096, 0) > 0) { if(strstr(recvbuf, "European Regional Internet Registry/RIPE NCC")) { if((he = gethostbyname(RIPE)) == 0) { fprintf(stderr, "\n[-] Unable to resolve host (%s)\n", RIPE); exit(EXIT_FAILURE); } if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "\n[-] Fatal socket error\n"); exit(EXIT_FAILURE); } sin.sin_addr = *((struct in_addr *)he->h_addr); if((connect(s, (struct sockaddr *)&sin, sizeof(sin))) == -1) { fprintf(stderr, "\n[-] Unable to connect to host (%s)\n", RIPE); exit(EXIT_FAILURE); } if((send(s, buf, strlen(buf), 0)) == -1) { fprintf(stderr, "\n[-] Unable to send data\n"); exit(EXIT_FAILURE); } memset(recvbuf, 0, 4096); while(recv(s,recvbuf, 4096,0)>0) { printf("\n%s", recvbuf); } close(s); } else if(strstr(recvbuf, "Asia Pacific Network Information Center")) { if((he = gethostbyname(APNIC)) == 0) { fprintf(stderr, "\n[-] Unable to resolve host (%s)\n", APNIC); exit(EXIT_FAILURE); } if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "\n[-] Fatal socket error\n"); exit(EXIT_FAILURE); } sin.sin_addr = *((struct in_addr *)he->h_addr); if((connect(s, (struct sockaddr *)&sin, sizeof(sin))) == -1) { fprintf(stderr, "\n[-] Unable to connect to host (%s)\n", APNIC); exit(EXIT_FAILURE); } if((send(s, buf, strlen(buf), 0)) == -1) { fprintf(stderr, "\n[-] Unable to send data\n"); exit(EXIT_FAILURE); } memset(recvbuf, 0, 4096); while(recv(s, recvbuf, 4096, 0) > 0) { printf("\n%s", recvbuf); } close(s); } else { printf("\n%s", recvbuf); } } close(s); } else { if((he = gethostbyname(host)) == 0) { fprintf(stderr, "\n[-] Unable to resolve host (%s)\n", host); exit(EXIT_FAILURE); } if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "\n[-] Fatal socket error\n"); exit(EXIT_FAILURE); } sin.sin_addr = *((struct in_addr *)he->h_addr); if((connect(s, (struct sockaddr *)&sin, sizeof(sin))) == -1) { fprintf(stderr, "\n[-] Unable to connect to host (%s)\n", host); exit(EXIT_FAILURE); } if((send(s, buf, strlen(buf), 0)) == -1) { fprintf(stderr, "\n[-] Unable to send data\n"); exit(EXIT_FAILURE); } memset(recvbuf, 0, 4096); while(recv(s, recvbuf, 4096, 0) > 0) { printf("\n%s", recvbuf); } close(s); } exit(EXIT_SUCCESS); } -------------- NOTE TO STRINGZ: YOU WORSHIP GAYH1TLER AND ~EL8 GAYH1TLER AND ~EL8 HATE YOU YOU SHOULD COMMIT SUICIDE ok heres some more funny shit that i am using as an addendum to this GAYSTRINGZ report the following are excerpts of email correspondences which took place between stringz and GOBBLES! From: "D. Dilber" To: gobbles@hushmail.com Subject: Re: [VulnWatch] Recent NTOP Advisory Cc: hey hey gobbles, yeah, i was using a private exploit for some time before i released the advisory, too. dude, if you want any help, i can audit src code pretty well and will code any 'tool' you may have in mind (I can code C) seriously, I'd be willing to contribute anything, but i'd prefer to take an anonymous handle. later ronin...err... :) *************************************************************************** yes, we can see that you can code quite well judging by your brilliant network applications, such as your whois client, which removes the need of telnetting to port 43 and entering "search term" followed by enter! and of course your sharp eye which catches even the most obscure format bugz in artsdwrapper *************************************************************************** From: "D. Dilber" To: gobbles@hushmail.com Subject: hey gobbles Cc: yo gobbles, i found this bug already, check out https://brained.org/~holo/advisories/H20020304.txt WHITEHAT P0W3R 4 L1F3 .... umm.. no. yeah, zen-parse is a fag and so is the teso clan + everyone else... but i'm not sure if you're still antisec or what.. but good work. - hologram / stringz / Erebus *************************************************************************** hehe "WHITEHAT POWER" (nervous laugh)... uhh yeah ok faggot *************************************************************************** From: "D. Dilber" To: gobbles@hushmail.com Subject: GOBBLES: URGENT: C-BASED OVERFLOWS IN CGI SCRIPTS Cc: I have some overflows in a C-based CGI script package ... contact me ASAP for info. - Danny p.s. make sure to tell no one I am really Erebus, please.. i want any support i give to GOBBLES to be private. *************************************************************************** that's funny, you didnt want your criticism of GOBBLES to be private! hehehehehehheheheheheheheheh :PPPpPPpP:PPPpPpP *************************************************************************** From: "D. Dilber" To: gobbles@hushmail.com Subject: Re: cockadoodledoo Cc: hmmm.... Now me am confused!@#$%! Am I really member of GOBBLES or is this just funny hax0r joke? Please tell me IRC channel to talk to you for I am very happy if this be true. LONG LIVE FULL -DISCLOSURE! - Erebus in all seriousness though, I do have some good tools and exploits and stuff.. and i really feel like i understand what GOBBLES is all about *************************************************************************** does this blurb even need my comment? can somebody explain to me how the lawfully evil erebus reconciles this with his conception of honorable truth? danny dilber is officially banned from the ethics panel for life *************************************************************************** ----- Original Message ----- From: To: D. Dilber Sent: Friday, December 21, 2001 3:16 PM Subject: Re: cockadoodledoo > > -----BEGIN PGP SIGNED MESSAGE----- > > Hi, Friend! > > On Fri, 14 Dec 2001 16:36:53 -0600, 'D. Dilber' wrote: > >May I be eleet hax0r in GOBBLES?!?!?!??!?!?! > > Erebus may be in GOBBLES if willing to do good hard work! > > >Me against full-disclosure and kiddiez in my leet scene!?!?!?!?!? > >hehehe.... > > GOBBLES is official full-disclosure group, not sure what you can do if not willing to be full disclosure advisories and expliot development? > > >I c0d3r1ze3 hax0r utils in C... plus, i can udit src code... just look > >at this... > > > >int main(v0id) > >{ > > char buf[5]; > > strcpy(buf, argv[1]); // UH OH! I JUST FOUND A BUG!!!! > > exit(EXIT_SUCCESS); > >} > > Hehehe you right, you good at spotting bugs in code, most penetrator would miss that bug! > > >I used to be antisec, but now i want to hax0r the world and secure many > >boxen and let security penetrators make profit off my hard work and > >dedication!!!!!!!! hehehehe FIGHT THE MAN. > > Oh you have GOBBLES confused from earlier statement in email. GOBBLES happy to see you now soldier of full disclosure too. GOBBLES Labs say you are very welcome addition to GOBBLES Security. To join in full disclosure movement with GOBBLES you may submit research and exploits and things for publication to GOBBLES at this email address then will be published in name of GOBBLES Labs. Full credit for research is always to be given to whichever GOBBLES Security researcher so it will look like Erebus [GOBBLES] on advisory, or another name if you are afraid of social rejection from peers who still think antisec is good philosophy. > > >- Erebus > > GOBBLES very pleased to have meet you, if you still interested in volunteering as GOBBLES Research please let us know sometime. ;) > > LOVE, > > GOBBLES > GOBBLES@hushmail.com > > -----BEGIN PGP SIGNATURE----- > Version: Hush 2.1 > Note: This signature can be verified at https://www.hushtools.com > > wlwEARECABwFAjwj0XkVHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAP4BkA > oIn1stmONJxHM+yPQh+xKHxdrMUlAJ9n8flQgH8+Nmy6BlpS3eGzFBq/xQ== > =3gaj > -----END PGP SIGNATURE----- > > *************************************************************************** closing statements: this document has been longer overdue, and i apologize for its delayed release unfortunately i havent been able to come online much lately due to these severe back injuries i incurred while practicing autofellatio there will be more to come, theres a 300KB text file called 'ideas.txt' in which STRINGZ charts his plans for the upcoming war on whitehats/phc and even logs some funny irc conversations! however, there is so much patently stupid shit in here that i feel compelled to reorganize it into a presentable format before releasing it! the only way i will stop my revelation of the "REAL TRUTH" is if danny dilber commits suicide. and no i hope you dont think im fucking joking... i have your real name danny, if i see your obituary in a few reputable newspapers i give you my word of honour that i will not posthumously shame you. dont even think of faking your own death, if i read an article online about your suicide and i find out its a defaced webserver on an iis 4.0 box you will curse the day you were born.