Topics

Very funny, and amazing puppet work.  Trey Parker and Matt Stone have yet to let me down.

Apparently, Matt Damon can only say one thing, "Matt Damon!". 

Note that this is for every file/image/etc. that has been downloaded from my site (javaop.clan-e1.net) with a GET request on browsers that actually send a proper user-agent:

Code Select Expand

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep GET | wc -l
47220
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep Windows | wc -l
21892
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep Linux | wc -l
2366
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep Mac | wc -l
840

This is the number of times that somebody tried to exploit a WebDAV vulnerability (more on this at the bottom):

Code Select Expand

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep SEARCH | wc -l
233

This is the number of hits from googlebot:

Code Select Expand

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep -i googlebot | wc -l
45

This is the number of hits from msnbot:

Code Select Expand

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep -i msnbot | wc -l
657

And finally, this was some very stupid person trying to get Yahoo's site from my server with a very invalid request (you would never put http:// in a GET..):

Code Select Expand

iago@darkside:/usr/local/apache2/logs$ cat access_log | grep -i yahoo         
220.170.88.36 - - [25/Aug/2004:19:50:04 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 3429 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
220.170.88.36 - - [02/Sep/2004:18:29:56 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 5146 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
220.170.88.36 - - [01/Oct/2004:15:27:52 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 7580 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
220.170.88.36 - - [09/Oct/2004:08:45:43 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 7580 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"



The entire inspiration for doing this is that SEARCH requests, though, which were the WebDAV exploit.  For anybody who cares, this is the full request (very long):
http://javaop.clan-e1.net/tmp/shellcode

Anybody know what happened to it? It resolves to an ip, but there's nothing there.

If you do, tell him to get in touch with me.  I heard he made jbnls or jnls or something based on my code.  I'd be happy to promote it for him on my site, if he wants.

This is a really cool feature of NTFS that very few people know about.  Basically, you can hide any number of files (or "streams"), inside another file.  Open a command prompt, and go to your desktop (or where ever), do do the following:

Code Select Expand

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Ron> echo "This is an empty file, trust me!" > file.txt

C:\Documents and Settings\Ron> type C:\windows\system32\sol.exe > file.txt:hidden1.exe

C:\Documents and Settings\Ron> C:\windows\system32\winmine.exe > file.txt:hidden2.txt

C:\Documents and Settings\Ron> type C:\windows\system32\winmine.exe > file.txt:hidden2.exe

C:\Documents and Settings\Ron> start .\file.txt:hidden1.exe

C:\Documents and Settings\Ron> start .\file.txt:hidden2.exe

The "echo" simply creates an empty file.
The two "type" lines embed two different .exe's inside file.txt.  No matter what you do to file.txt, you'll never be able to see them.
The next two lines run the two different hidden programs. You can run these like this at any time.

Note that this _won't_ work across a network or if you put it in a zip or anything else, since this is a feature of ntfs.

http://www.valhallalegends.com/iago/tiger1.jpg
http://www.valhallalegends.com/iago/tiger2.jpg

Yup, that's me. 

I'd like to make a forum here specifically for JavaOp, and leave this one for my day-to-day rantings and whatnot. 

Anybody suggest a name/category for it, and who wants to moderate it?

They put me in charge of figuring out how to use the digital camera this morning, so I thought some of you might like to see my desk!

http://www.valhallalegends.com/iago/work1.jpg
http://www.valhallalegends.com/iago/work2.jpg
http://www.valhallalegends.com/iago/work3.jpg
http://www.valhallalegends.com/iago/work4.jpg

And of course...

http://www.valhallalegends.com/iago/work.avi


You can't help but love my keyboard/mouse for Windows -- The keyboard is sitting on an open drawer, and the mouse is on a binder jammed into my desk.  It's sexy.

In case you couldn't tell, write monitor/case are linux, and the black monitor/tower are Windows.

[Newby]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Figurehead:
Newby *

Leaders:
Chavo ^%
iago *
Sidoh *

Active Members:
AntiVirus
Armin ^{& !}
Blaze *^&
c0ld
dark_drake*
deadly7
Ender
Ergot
Hitmen *
Joe ⁺
krazed *
Lead
muffin
MyndFyre *
Quik *
rabbit
RoMi
Rule
Towelie
Tuberload *
while1
Wires

Inactive Members:
Darkness
Lobo
Mythix *
StAiN
Sty

Former Members:
CrAz3D (voted out of clan)
darkxir (resigned)
Ersan (voted out of clan)
GameSnake (voted out of clan)
Networks (resigned)
Warrior * (voted out of clan)
xex (resigned)
Zorm (voted out of clan)


Member Count: 30 (24 active)

Key:

Anyone in bold was an original member.
* indicates that the member has been a clan leader and/or figurehead.
⁺ indicates that the member had been voted out and since reinstated.
^& indicates that the member has resigned and since been reinstated.
^% indicates that the member previously used the handle "unTactical".
^! indicates that the member previously used the handle "Metal Militia".

Any discussion on this should be taken here.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=