From: Simple Nomad Subject: Re: Hello NMRC. (fwd) A stringz/dmca/danny sighting you might enjoy. BTW keep up the entertaining work. - Simple Nomad - negotium - - thegnome@nmrc.org - perambulans - - thegnome@razor.bindview.com - in tenebris - ---------- Forwarded message ---------- Date: Mon, 9 Dec 2002 11:26:08 -0600 (CST) From: Simple Nomad To: "reject [ @witty.com ]" Subject: Re: Hello NMRC. Danny, I am sorry, but since your email contains code that was written by someone else (see http://phrack.efnet.ru/diestringz.txt), we cannot accept you. Also, since this particular email comes from a dialup account at umr.edu (the originating IP address from the mail header was 131.151.31.204), we do understand the possibility that you ARE in fact the author. But since you have not been up front with us about it, and you seem to have some type of identity crisis where you keep changing online names, I strongly recommend some serious downtime to rethink this entire hacker thing instead of trying to hook up with existing hacker groups. Either way NMRC does not accept memberships from anybody who asks. We ask them. I suggest you come clean with both the blackhat and whitehat communities you seem to be trying to impress, and start over, or just give up and concentrate on what you will be doing with your career after you leave the University of Missouri-Rolla. - Simple Nomad - negotium - - thegnome@nmrc.org - perambulans - - thegnome@razor.bindview.com - in tenebris - On Thu, 5 Dec 2002, reject [ @witty.com ] wrote: > Hello, > > I am reject. I am interesting in becoming a possible member of NMRC (how > many request of this do you guys get, I wonder?!?!). Anyways, I am mainly > UNIX/Windows coder and audit code routinely. I have a number of ideas for > future developments (including time analysis projects revolving around the > Windows line of server OSes). I also am planning on a new UNIX parasite > technique that should be quite interesting for playful hackers in the wild. > > At the end of this e-mail is some examples of my (very) old code... they're > very simplistic but show the nature of my programs, albeit these are poor > samples of my current calibur. I also have several bugs I've posted to > various mailing lists, though, I usually don't release exploits or vuln.info > of any nature anymore (semi-non-disclosure)... I am willing just to release > tools for information gathering, etc. and code demonstrating new techniques > in hackerdom... but direct exploitation is USUALLY not something I would be > willing to participate in (but NMRC can still have my goodies, if kept > private!). I also have pieces of code included in a book, title "Maximum > Windows 2000 Security." :) > > I also am a very political person and am usually engulfed watching news > about government affairs. > > I am a big fan of NMRC and love the motto of being a hacker anywhere, always > pushing thoughts further... bringing the spirit of the hacker away from the > terminal. > > I am looking for membership primarily to seek a team of individuals to > bounce ideas from and exchange favors with (team coding, etc.). > > I hope you can reply soon. > > Thanks, > > reject > > > -------------------------------------------------------------------- > > /*-------------------------------------------------------------------*/ > /* banscan v1.00 */ > /* */ > /* Author : reject */ > /* */ > /* Synopsis : banscan will scan a file of IP addresses or */ > /* hostnames for a user-supplied banner on a daemon */ > /* listening on a specified port. The file should contain */ > /* a hostname or an IP address, with each new host */ > /* separated by a newline. banscan is a vital tool for */ > /* those wishing to scan multiple hosts for new */ > /* vulnerabilities each time a daemon becomes susceptible */ > /* to attack. No key element is hard-coded, thus banscan */ > /* can repeatedly scan for varying daemons. */ > /* */ > /* This code compiles on Windows and UNIX variants. */ > /* */ > /* Usage : banscan "banner" */ > /* */ > /*-------------------------------------------------------------------*/ > > #include > #include > #include > #include > #ifndef WIN32 > #include > #include > #include > #include > #define closesocket close > #else > #include > #define snprintf _snprintf > #pragma comment(lib, "ws2_32") > #endif > > int usage(char *cmdname); > > int main(int argc, char *argv[]) > { > > FILE *fp; > > char line[1024]; > char host[256]; > char buf[4096]; > > char *token; > > int s; > unsigned short p; > > struct hostent *he; > struct sockaddr_in target; > > #ifdef WIN32 > WSADATA wsd; > #endif > > printf("\n[banscan v1.00]\n"); > printf("[By]: reject\n\n"); > > if(argc != 4) > usage(argv[0]); > > p = atoi(argv[3]); > > #ifdef WIN32 > if(WSAStartup(MAKEWORD(1,1), &wsd) != 0) > { > fprintf(stderr, "[-] Failed to load Winsock\n"); > WSACleanup(); > exit(EXIT_FAILURE); > } > #endif > > target.sin_family = AF_INET; > target.sin_port = htons(p); > > if((fp = fopen(argv[1], "r")) == NULL) > { > fprintf(stderr, "\n[-] Error: problem opening hostfile (%s)\n", argv[1]); > exit(EXIT_FAILRE); > } > > printf("[+] Now scanning...\n\n"); > > while(fgets(line, sizeof(line), fp) != NULL) > { > > token = strtok(line, "\n"); > > snprintf(host, sizeof(host), "%s", token); > > if((he = gethostbyname(host)) == 0) > { > fprintf(stderr, "[-] Unable to resolve host (%s)\n", host); > exit(EXIT_FAILURE); > } > > if(he) > { > > target.sin_addr = *((struct in_addr *)he->h_addr); > > if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) > { > fprintf(stderr, "\n[-] Fatal socket error\n"); > exit(EXIT_FAILURE); > } > > if(connect(s, (struct sockaddr *)&target, sizeof(target)) != -1) > { > > if((recv(s, buf, 4096, 0) == -1)) > { > fprintf(stderr, "\n[-] Unable to receive data\n"); > exit(EXIT_FAILURE); > } > else > { > if(strstr(buf, argv[2])) > { > printf(" %s : FOUND (%s)\n", host, argv[2]); > } > else > { > printf(" %s : NOT FOUND\n", host); > } > } > } > > closesocket(s); > buf[0] = '\0'; > > } > > host[0] = '\0'; > > } > > printf("\n[+] Finished\n\n"); > > exit(EXIT_SUCCESS); > > } > > int usage(char *cmdname) > { > > printf("[Purpose]: banscan will scan a file of IP addresses or\n"); > printf(" hostnames for a user-supplied banner on a\n"); > printf(" daemon listening on a specified port.\n"); > printf("\n[Usage]:\n"); > printf("\n%s \"banner\" \n\n", cmdname); > printf(" : File containing list of hosts to scan. The\n"); > printf(" file should contain a hostname or an IP address,\n"); > printf(" with each new host separated by a newline.\n"); > printf(" \"banner\" : Banner to search for. Please place in\n"); > printf(" quotation marks, if necessary.\n"); > printf(" : The default port of the listening TCP daemon\n"); > printf(" to be scanned.\n"); > > exit(EXIT_FAILURE); > > } > -------------- > r2i.c > -------------- > /*-------------------------------------------------------------------*/ > /* range2ipfile [r2i] v1.00 */ > /* */ > /* Author : reject */ > /* */ > /* Synopsis : r2i will intake a user-supplied IP address range and */ > /* create a file containing all of the IP addresses. */ > /* range2ipfile was created for use in programs reading */ > /* hosts from a file. */ > /* */ > /* The code compiles on Windows and UNIX variants. */ > /* */ > /* Usage : r2i */ > /* */ > /*-------------------------------------------------------------------*/ > > #include > #ifdef WIN32 > #include > #pragma comment (lib, "ws2_32") > #else > #include > #include > #endif > > int usage(char *progname); > > int main(int argc, char *argv[]) > { > > FILE *ipFile; > > unsigned long startIP, endIP, counter; > > struct sockaddr_in sin; > > #ifdef WIN32 > WSADATA wsd; > #endif > > printf("\n[range2ipfile v1.00]\n"); > printf("[By]: reject\n\n"); > > if(argc != 4) > usage(argv[0]); > > #ifdef WIN32 > if(WSAStartup(MAKEWORD(1,1), &wsd) != 0) > { > fprintf(stderr, "[-] Failed to load Winsock\n\n"); > WSACleanup(); > exit(EXIT_FAILURE); > } > #endif > > if((startIP = inet_addr(argv[1])) == INADDR_NONE) > { > fprintf(stderr, "[-] (%s) is an invalid IP Address\n\n", argv[1]); > exit(EXIT_FAILURE); > } > > if((endIP = inet_addr(argv[2])) == INADDR_NONE) > { > fprintf(stderr, "[-] (%s) is an invalid IP Address\n\n", argv[2]); > exit(EXIT_FAILURE); > } > > if((ipFile = fopen(argv[3], "w")) == NULL) > { > fprintf(stderr, "[-] Error opening ipFile (%s)\n\n", argv[3]); > exit(EXIT_FAILURE); > } > > printf("[+] Now processing...\n\n"); > > for(counter = ntohl(startIP); counter <= ntohl(endIP); counter++) > { > memset(&sin, 0, sizeof(sin)); > sin.sin_addr.s_addr = htonl(counter); > fprintf(ipFile, "%s\n", inet_ntoa(sin.sin_addr)); > } > > printf("[+] Finished\n\n"); > > fclose(ipFile); > > exit(EXIT_SUCCESS); > > } > > int usage(char *progname) > { > > printf("[Purpose]: r2i will intake a user-supplied IP address range\n"); > printf(" and create a file containing all of the IP\n"); > printf(" addresses.\n\n"); > printf("[Usage]: %s \n\n", progname); > > exit(EXIT_FAILURE); > > }-------------- > shatcmd.c > -------------- > /*-------------------------------------------------------------------*/ > /* shatcmd v1.00 */ > /* */ > /* Author : reject */ > /* */ > /* Synopsis : shatcmd will use a wordlist to attempt to find all */ > /* subdomains of a particular hostname. This is useful */ > /* for occurences of where zone transfers (axfr) are */ > /* unavailable. */ > /* */ > /* This code compiles on Windows and UNIX variants. */ > /* */ > /* Usage : shat [ wordlist ] */ > /* */ > /*-------------------------------------------------------------------*/ > > #include > #ifdef WIN32 > #include > #pragma comment (lib, "ws2_32") > #define snprintf _snprintf > #else > #include > #include > #include > #include > #endif > #include > > int usage(char *progname); > > int main(int argc, char *argv[]) > { > > FILE *fp; > struct hostent *he; > > char host[256]; > char line[1024]; > > char *token; > > #ifdef WIN32 > WSADATA wsd; > #endif > > printf("\n[shatcmd v1.00]\n"); > printf("[By]: reject\n\n"); > > if((argc != 2) && (argc != 3)) > usage(argv[0]); > > #ifdef WIN32 > if(WSAStartup(MAKEWORD(1,1), &wsd) != 0) > { > fprintf(stderr, "[-] Failed to load Winsock\n\n"); > WSACleanup(); > exit(EXIT_FAILURE); > } > #endif > > if(argc == 3) > { > if((fp = fopen(argv[2], "r")) == NULL) > { > fprintf(stderr, "[-] Problem opening wordlist (%s)\n\n", argv[2]); > exit(EXIT_FAILURE); > } > } > else > { > if((fp = fopen("hosts.txt", "r")) == NULL) > { > fprintf(stderr, "[-] Problem opening wordlist (hosts.txt)\n\n"); > exit(EXIT_FAILURE); > } > } > > printf("[+] Now processing...\n\n"); > > while(fgets(line, sizeof(line), fp) != NULL) > { > > token = strtok(line, "\n"); > > snprintf(host, sizeof(host), "%s.%s", token, argv[1]); > > if(he = gethostbyname(host)) > printf(" %s : FOUND\n", host); > > memset(host, 0, 256); > > } > > printf("\n[+] Finished\n\n"); > > exit(EXIT_SUCCESS); > > } > > int usage(char *progname) > { > > printf("Purpose: shatcmd will use a wordlist to attempt to find\n"); > printf(" all subdomains of a particular hostname. If no\n"); > printf(" wordlist is supplied, the file \"hosts.txt\" will\n"); > printf(" be used, if possible.\n\n"); > printf("Usage: %s [ wordlist ]\n\n", progname); > > exit(EXIT_FAILURE); > > } > > -------------- > tildee.c > -------------- > /*-------------------------------------------------------------------*/ > /* tildee v1.00 */ > /* */ > /* Author : reject */ > /* */ > /* Synopsis : tildee will connect to a HTTP daemon and will use a */ > /* wordlist to brute force accounts by requesting for */ > /* [target]/~[username]. The concept is that many users */ > /* have web serving capabilities in the /home/[username] */ > /* directory (typically in /home/[username]/public_html), */ > /* and by checking for their web presence, it is possible */ > /* to attain a list of user accounts. */ > /* */ > /* This code compiles on Windows and UNIX variants. */ > /* */ > /* Usage : tildee */ > /* */ > /*-------------------------------------------------------------------*/ > > #include > #ifdef WIN32 > #include > #pragma comment (lib, "ws2_32") > #define snprintf _snprintf > #define close closesocket > #else > #include > #include > #include > #include > #define SOCKET int > #endif > #include > > #define PORT 80 > > int usage(char *progname); > > int main(int argc, char *argv[]) > { > > char buf[4096]; > char line[256]; > char request[1024]; > > SOCKET s; > FILE *fp; > > char *username; > > struct hostent *he; > struct sockaddr_in target; > > #ifdef WIN32 > WSADATA wsd; > #endif > > printf("\n[tildee v1.00]\n"); > printf("[By]: reject\n\n"); > > if(argc != 3) > usage(argv[0]); > > #ifdef WIN32 > if(WSAStartup(MAKEWORD(1,1), &wsd) != 0) > { > fprintf(stderr, "[-] Failed to load Winsock\n\n"); > WSACleanup(); > exit(EXIT_FAILURE); > } > #endif > > target.sin_family = AF_INET; > target.sin_port = htons(PORT); > > if((he = gethostbyname(argv[1])) == 0) > { > fprintf(stderr, "[-] Unable to resolve host (%s)\n\n", argv[1]); > exit(EXIT_FAILURE); > } > > target.sin_addr = *((struct in_addr *)he->h_addr); > > if((fp = fopen(argv[2], "r")) == NULL) > { > fprintf(stderr, "[-] Problem opening wordlist (%s)\n\n", argv[2]); > exit(EXIT_FAILURE); > } > > if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) > { > fprintf(stderr, "[-] Fatal socket error\n\n"); > exit(EXIT_FAILURE); > } > > if((connect(s, (struct sockaddr *)&target, sizeof(target))) == -1) > { > fprintf(stderr, "[-] Unable to connect to host (%s:%s)\n\n", argv[1], PORT); > exit(EXIT_FAILURE); > } > > close(s); > > printf("[+] Now auditing...\n\n"); > > while(fgets(line, sizeof(line), fp) != NULL) > { > > username = strtok(line, "\n"); > > snprintf(request, sizeof(request), "GET /~%s HTTP/1.0\r\n\r\n", username); > > if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) > { > fprintf(stderr, "[-] Fatal socket error\n\n"); > exit(EXIT_FAILURE); > } > > if((connect(s, (struct sockaddr *)&target, sizeof(target))) == -1) > { > fprintf(stderr, "[-] Unable to connect to host (%s:%s)\n\n", argv[1], PORT); > exit(EXIT_FAILURE); > } > > if(send(s, request, strlen(request), 0) == -1) > { > fprintf(stderr, "[-] Unable to send data\n\n"); > exit(EXIT_FAILURE); > } > else if((recv(s, buf, 4096, 0) == -1)) > { > fprintf(stderr, "[-] Unable to receive data\n\n"); > exit(EXIT_FAILURE); > } > else > { > if(!strstr(buf, "404")) > { > printf(" %s : VERIFIED\n", username); > } > > memset(buf, 0, 4096); > memset(request, 0, 256); > > close(s); > } > > } > > printf("\n[+] Finished\n\n"); > > exit(EXIT_SUCCESS); > > } > > int usage(char *progname) > { > > printf("[Purpose]: tildee will connect to a HTTP daemon and will\n"); > printf(" use a wordlist to brute force accounts by\n"); > printf(" requesting for http://[target]/~[username].\n\n"); > printf("[Usage]: %s \n\n", progname); > > exit(EXIT_FAILURE); > > } > > -------------- > towhom.c > -------------- > /*--------------------------------------------------------------------*/ > /* towhom v1.0 */ > /* */ > /* Author : reject */ > /* */ > /* Purpose : towhom is an interface to ARIN, RIPE, and APNIC whois */ > /* databases. It performs reverse IP address and keyword */ > /* lookups to determine ownership of IPv4 address spaces. */ > /* */ > /* This code compiles on Windows and UNIX variants. */ > /* */ > /* Usage : towhom [ server ] */ > /* */ > /*--------------------------------------------------------------------*/ > > #include > #ifdef WIN32 > #include > #pragma comment (lib, "ws2_32") > #define close closesocket > #define snprintf _snprintf > #else > #include > #include > #include > #include > #define SOCKET int > #endif > #include > > #define WPORT 43 > > #define ARIN "whois.arin.net" > #define RIPE "whois.ripe.net" > #define APNIC "whois.apnic.net" > > #pragma comment(lib, "ws2_32") > > int usage(char *cmdname); > int stdwhois(char *keyword, char *host); > > int main(int argc, char *argv[]) > { > > #ifdef WIN32 > WSADATA wsd; > #endif > > if((argc != 2) && (argc != 3)) > usage(argv[0]); > > #ifdef WIN32 > if(WSAStartup(MAKEWORD(1,1), &wsd) != 0) > { > printf("\n[-] Failed to load Winsock\n"); > WSACleanup(); > exit(EXIT_FAILURE); > } > #endif > > if(argc == 2) > stdwhois(argv[1], NULL); > > if(argc == 3) > stdwhois(argv[1], argv[2]); > > return 0; > > } > > int usage(char *cmdname) > { > printf("\n[ToWhom v1.00]\n"); > printf("[By]: reject\n\n"); > printf("[Usage]: %s [ server ]\n", cmdname); > exit(EXIT_FAILURE); > } > > int stdwhois(char *keyword, char *host) > { > > SOCKET s; > struct hostent *he; > struct sockaddr_in sin; > > char buf[256]; > char recvbuf[4096]; > > snprintf(buf, sizeof(buf), "%s\r\n\r\n", keyword); > > sin.sin_family = AF_INET; > sin.sin_port = htons(WPORT); > > if(host == NULL) > { > > if((he = gethostbyname(ARIN)) == 0) > { > fprintf(stderr, "\n[-] Unable to resolve host (%s)\n", host); > exit(EXIT_FAILURE); > } > > if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) > { > fprintf(stderr, "\n[-] Fatal socket error\n"); > exit(EXIT_FAILURE); > } > > sin.sin_addr = *((struct in_addr *)he->h_addr); > > if((connect(s, (struct sockaddr *)&sin, sizeof(sin))) == -1) > { > fprintf(stderr, "\n[-] Unable to connect to host (%s)\n", host); > exit(EXIT_FAILURE); > } > > if((send(s, buf, strlen(buf), 0)) == -1) > { > fprintf(stderr, "\n[-] Unable to send data\n"); > exit(EXIT_FAILURE); > } > > memset(recvbuf, 0, 4096); > > while(recv(s, recvbuf, 4096, 0) > 0) > { > > if(strstr(recvbuf, "European Regional Internet Registry/RIPE NCC")) > { > > if((he = gethostbyname(RIPE)) == 0) > { > fprintf(stderr, "\n[-] Unable to resolve host (%s)\n", RIPE); > exit(EXIT_FAILURE); > } > > if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) > { > fprintf(stderr, "\n[-] Fatal socket error\n"); > exit(EXIT_FAILURE); > } > > sin.sin_addr = *((struct in_addr *)he->h_addr); > > if((connect(s, (struct sockaddr *)&sin, sizeof(sin))) == -1) > { > fprintf(stderr, "\n[-] Unable to connect to host (%s)\n", RIPE); > exit(EXIT_FAILURE); > } > > if((send(s, buf, strlen(buf), 0)) == -1) > { > fprintf(stderr, "\n[-] Unable to send data\n"); > exit(EXIT_FAILURE); > } > > memset(recvbuf, 0, 4096); > > while(recv(s,recvbuf, 4096,0)>0) > { > > printf("\n%s", recvbuf); > > } > > close(s); > > } > else if(strstr(recvbuf, "Asia Pacific Network Information Center")) > { > > if((he = gethostbyname(APNIC)) == 0) > { > fprintf(stderr, "\n[-] Unable to resolve host (%s)\n", APNIC); > exit(EXIT_FAILURE); > } > > if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) > { > fprintf(stderr, "\n[-] Fatal socket error\n"); > exit(EXIT_FAILURE); > } > > sin.sin_addr = *((struct in_addr *)he->h_addr); > > if((connect(s, (struct sockaddr *)&sin, sizeof(sin))) == -1) > { > fprintf(stderr, "\n[-] Unable to connect to host (%s)\n", APNIC); > exit(EXIT_FAILURE); > } > > if((send(s, buf, strlen(buf), 0)) == -1) > { > fprintf(stderr, "\n[-] Unable to send data\n"); > exit(EXIT_FAILURE); > } > > memset(recvbuf, 0, 4096); > > while(recv(s, recvbuf, 4096, 0) > 0) > { > printf("\n%s", recvbuf); > } > > close(s); > } > else > { > printf("\n%s", recvbuf); > } > } > > close(s); > } > else > { > > if((he = gethostbyname(host)) == 0) > { > fprintf(stderr, "\n[-] Unable to resolve host (%s)\n", host); > exit(EXIT_FAILURE); > } > > if((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) > { > fprintf(stderr, "\n[-] Fatal socket error\n"); > exit(EXIT_FAILURE); > } > > sin.sin_addr = *((struct in_addr *)he->h_addr); > > if((connect(s, (struct sockaddr *)&sin, sizeof(sin))) == -1) > { > fprintf(stderr, "\n[-] Unable to connect to host (%s)\n", host); > exit(EXIT_FAILURE); > } > > if((send(s, buf, strlen(buf), 0)) == -1) > { > fprintf(stderr, "\n[-] Unable to send data\n"); > exit(EXIT_FAILURE); > } > > memset(recvbuf, 0, 4096); > > while(recv(s, recvbuf, 4096, 0) > 0) > { > printf("\n%s", recvbuf); > } > > close(s); > > } > > exit(EXIT_SUCCESS); > > } > > -- > __________________________________________________________ > Sign-up for your own FREE Personalized E-mail at Mail.com > http://www.mail.com/?sr=signup > > One click access to the Top Search Engines > http://www.exactsearchbar.com/mailcom >