Messages

12361

iago's forum / *laughs* @ WindowMaker

« on: October 25, 2004, 10:45:21 am »

I went to install a new version of WindowMaker using their script, and got this series of questions:

rbowes@celes:~/downloads/WindowMaker-CVS-20040723$ sudo ./Install
Password:

=========================
Window Maker Installation
=========================

NOTE: If this script fails, read the INSTALL file and
install by hand.

Please read the README, INSTALL and FAQ files before e-mailing
questions. We will IGNORE any questions that are already
answered in the documentation.

Type <Return> to continue

Did you read the INSTALL file?
<y/n> y
Are you sure?
<y/n> y
Are you lying?
<y/n> n
Do you *swear* that you really read the INSTALL file?
<y/n> y
Last chance. You will not get help if you have some problem
because you didn't read that file. Even if your computer explodes.
Do you *really* read it?
<y/n> y

Ok, you have been warned.

Type <Return> to continue

I laughed out loud (at work) when it said "Even if your computer explodes"

12362

Entertainment District / Team America

« on: October 24, 2004, 04:05:09 am »

Very funny, and amazing puppet work.  Trey Parker and Matt Stone have yet to let me down.

Apparently, Matt Damon can only say one thing, "Matt Damon!". 

12363

iago's forum / Re: Page hit statistics

« on: October 22, 2004, 06:59:01 pm »

Here's something else:

Code: [Select]

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep MSIE | wc -l
11785
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep Firefox | wc -l
11930

Makes me happy

12364

iago's forum / Re: Page hit statistics

« on: October 22, 2004, 06:41:13 pm »

Lmao at that shell coding newbie. :O

I'm pretty sure it was a worm, actually, there were too many of the same request sent by different hosts.

12365

iago's forum / Re: Page hit statistics

« on: October 22, 2004, 06:29:19 pm »

The thing is, you should never be sending a GET for "http://...", the GET is only the page, not the full site.  So that would be like, http://javaop.clan-e1.net/http://www.yahoo.com or something stupid.

<edit> that gives me:
192.168.1.1 - - [22/Oct/2004:17:35:46 -0500] "GET /http://www.yahoo.com HTTP/1.1" 404 302 "http://ix86.cold-chaos.net/forum/index.php?topic=59.0" "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10"

Which is close..

12366

iago's forum / Page hit statistics

« on: October 22, 2004, 12:01:12 pm »

Note that this is for every file/image/etc. that has been downloaded from my site (javaop.clan-e1.net) with a GET request on browsers that actually send a proper user-agent:

Code: [Select]

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep GET | wc -l
47220
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep Windows | wc -l
21892
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep Linux | wc -l
2366
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep Mac | wc -l
840
This is the number of times that somebody tried to exploit a WebDAV vulnerability (more on this at the bottom):

Code: [Select]

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep SEARCH | wc -l
233
This is the number of hits from googlebot:

Code: [Select]

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep -i googlebot | wc -l
45
This is the number of hits from msnbot:

Code: [Select]

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep -i msnbot | wc -l
657
And finally, this was some very stupid person trying to get Yahoo's site from my server with a very invalid request (you would never put http:// in a GET..):

Code: [Select]

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep -i yahoo         
220.170.88.36 - - [25/Aug/2004:19:50:04 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 3429 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
220.170.88.36 - - [02/Sep/2004:18:29:56 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 5146 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
220.170.88.36 - - [01/Oct/2004:15:27:52 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 7580 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
220.170.88.36 - - [09/Oct/2004:08:45:43 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 7580 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"


The entire inspiration for doing this is that SEARCH requests, though, which were the WebDAV exploit.  For anybody who cares, this is the full request (very long):
http://javaop.clan-e1.net/tmp/shellcode

12367

General Discussion / Re: What....?

« on: October 19, 2004, 08:28:01 am »

Actually, I powned it with my L33T H4x0r Skillz.  It got pooned.

12368

General Discussion / Re: Hiding Files in NTFS

« on: October 19, 2004, 08:11:43 am »

I've never tried deleting the original, but I would imagine it woulnd't work.

Incidentally, you can also hide files in folders.

12369

General Discussion / Re: clan-e1.net?

« on: October 18, 2004, 07:43:50 pm »

I had a feeling that's what happened.  Awesome

12370

General Discussion / clan-e1.net?

« on: October 18, 2004, 01:07:58 pm »

Anybody know what happened to it? It resolves to an ip, but there's nothing there.

12371

iago's forum / Re: Anybody know The-Fool?

« on: October 18, 2004, 09:43:51 am »

I understand now -- he wants nothing released (executable or source).

The thing is, I don't trust HIM, and he has no reason to trust ME.  That's why I like opensource -- if somebody doesn't trust JavaOp, they can validate it for themselves.

12372

iago's forum / Re: Anybody know The-Fool?

« on: October 17, 2004, 08:13:59 pm »

God_of_slayers: did you read my post? Keys can just as easily be stolen if it's closed source, so it's irrelevant.

Tuberload: My source isn't GNU or anything, it's public domain, so he can do what he wants with my code.  It's just nice if he releases it

12373

iago's forum / Re: Anybody know The-Fool?

« on: October 17, 2004, 04:50:48 pm »

Awesome

When you do, let me know.  I love you how you mimiced BNLS's protocol so you can use bots that require BNLS.  That's, like, totally sexy.

Good work, I'm glad to see my code going to good use

12374

iago's forum / Re: Anybody know The-Fool?

« on: October 17, 2004, 04:17:39 pm »

I don't plan on beta-testing it, or even using it.  But I'll tell people about it.

My only condition, like any projects I do, is that it's opensource.

If somebody backdoors it and runs it on their server, and you get caught, you're an idiot for trusting them.

If it's closed source and somebody is running it on their server, it would be easy with tcpdump, ethereal, iptables, and even a proxy program to steal the keys and passwords anyway, so somebody being able to reprogram it is hardly a reason.

The advantage if it's opensource is that people can verify that is isn't backdoored, and they can happily run it for themselves, or their clans, or whatever.

In any case, direct him to this thread if he wants me to advertise.  If he does, I'll put a sticky post on my forum and I'll put it on JavaOp's page somewhere.

12375

iago's forum / Anybody know The-Fool?

« on: October 17, 2004, 11:53:08 am »

If you do, tell him to get in touch with me.  I heard he made jbnls or jnls or something based on my code.  I'd be happy to promote it for him on my site, if he wants.