46
News:
Happy New Year! Yes, the current one, not a previous one; this is a new post, we swear!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
47
General Security Information / Re: mIRC Exploit Found
« on: December 23, 2005, 06:43:05 pm »At first I thought this might be something neat and then i realized its a local exploit and totally lame.
Yeah, I looked at this and that was exactly my thoughts.
"WHAT THE FUCK PURPOSE CAN THIS SERVE?!"
Local priviledge escalation is not cool, especially on Windows.
Local privilege* escalation is more important than you may think.
48
Unix / Linux Discussion / Re: Slack install issues.
« on: December 23, 2005, 06:37:35 pm »Windows overwrites LILO with it's own startup, so it's easier to install Linux last.Install Windows first. One partition 98GB for Windows (should be enough). Another partition 100GB for Slackware (this much isn't needed, but tis nice to have) and then 2gb of linux-swap.
It doesn't matter which one he installs first. Windows XP installation can partition unallocated space without damaging the already allocated partitions.
Technically it overwrites your MBR. If you selected the option to write LILO to disk as opposed to the MBR you'll be fine.
49
General Programming / Re: Cattle Chat
« on: December 14, 2005, 03:14:54 am »I program directly on my webserver, so I know about parse errors in about 2 seconds, no fussing with FTP or anything. Plus, vim will tell you if you're missing a bracket or if you spelled a function name wrong, which is all I really need.
Which reminds me (since we're all off topic here), check out how I interact with your server:
Quote
bash-3.00$ javaop uname -a
Linux darkside 2.4.29 #6 Thu Jan 20 16:30:37 PST 2005 i686 unknown unknown GNU/Linux
bash-3.00$ javaop id
uid=1009(tmp) gid=100(users) groups=100(users)
bash-3.00$
Or, if I just want a shell:
Quote
bash-3.00$ javaop
Linux 2.4.29.
Drink Canada Dry! You might not succeed, but it *is* fun trying.
tmp@darkside:~$
I don't use any aliasing.
50
General Programming / Re: Interesting Problem
« on: December 07, 2005, 04:29:52 am »Quote
That is, sentences that have every instance of each letter replaced with another letter
How long are the 'sentences' ?
51
Unix / Linux Discussion / Re: Getting my network setup in slack.
« on: December 07, 2005, 04:19:23 am »
Check out modprobe/insmod/lsmod/rmmod
52
General Programming / Re: Anagram solver!
« on: December 05, 2005, 03:45:43 pm »Quote
I wonder: would it be possible to make this faster by creating a database, hashing each word by-letter, and then doing a word lookup by the smaller result subset?
I could think of a few ways to optimize it (afilter is rather slow itself), however the difference can be no more than a fraction of a second, as it is running at a fraction of a second as it is. Note: all of the search/compare algorithm is implemented by grep itself.
53
General Programming / Anagram solver!
« on: December 05, 2005, 06:58:11 am »
My Mom always does these anagram puzzles in her morning papers, so I took it upon myself to create a solution finder for her! Now I know that most of you probably aren't interested in what tmps Mother does or solving anagram problems, but you might find the code I made somewhat interesting.
What I am doing is taking a scrambled input string and checking to see if any combination of the string exists in the dictionary file (is it a valid english word or not). Here is what the program looks like in action:
As you can see, it works pretty quickly ;P The time program tells us less than a second, anyways.
How it works:
I started off with just a dictionary of all english words (thanks iago). I created script.sh which takes every line in the wordlist and rearranges each character alphabetically, keeping all of the lines in the original order. Now you have two wordlists, both parallel on a line to line basis. Then I created afilter.c. afilter (once compiled) takes data from standard input and rearranges the data alphabetically, then spits out the arrangement, in classical unix fashion ;P. Then I wrote puzzle.sh, a bash script that takes a command line argument (the scrambled word), pipes it to afilter wich outputs an alphabetically arranged version of the anagram. That output is grep'd from the second (alphabetized) wordlist. When a match is found, the line number is extracted via awk and awk is used again to scan the first (original) wordlist for that very line number, which is parallel to the second word list, thus giving you the matching (english) word.
Here is the link to the source (script.sh, afilter.c, puzzle.sh, both wordlists) if anybody is interested:
www.javaop.com/~tmp/puzzle.tar.gz
It is 600k, 95% of which is the dictionary file included.
What I am doing is taking a scrambled input string and checking to see if any combination of the string exists in the dictionary file (is it a valid english word or not). Here is what the program looks like in action:
Quote
bash-3.00$ time puzzle.sh adegln
Using anagram: adegln
Sorting adegln alphabetically... adegln
Scanning database...
Found 1 result(s):
angled
Found 2 result(s):
dangle
real 0m0.343s
As you can see, it works pretty quickly ;P The time program tells us less than a second, anyways.
How it works:
I started off with just a dictionary of all english words (thanks iago). I created script.sh which takes every line in the wordlist and rearranges each character alphabetically, keeping all of the lines in the original order. Now you have two wordlists, both parallel on a line to line basis. Then I created afilter.c. afilter (once compiled) takes data from standard input and rearranges the data alphabetically, then spits out the arrangement, in classical unix fashion ;P. Then I wrote puzzle.sh, a bash script that takes a command line argument (the scrambled word), pipes it to afilter wich outputs an alphabetically arranged version of the anagram. That output is grep'd from the second (alphabetized) wordlist. When a match is found, the line number is extracted via awk and awk is used again to scan the first (original) wordlist for that very line number, which is parallel to the second word list, thus giving you the matching (english) word.
Here is the link to the source (script.sh, afilter.c, puzzle.sh, both wordlists) if anybody is interested:
www.javaop.com/~tmp/puzzle.tar.gz
It is 600k, 95% of which is the dictionary file included.
55
Unix / Linux Discussion / Re: Middle-Click ain't working dude
« on: November 30, 2005, 02:30:08 am »
You should check out this file:
There's a guide in tldps HOW-TO section:
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html/3-Button-Mouse-html.tar.gz
This is probably the best reference I've ever seen for the topic:
http://www.inria.fr/koala/colas/mouse-wheel-scroll/
Quote
bash-3.00$ locate README.mouse
/usr/X11R6/lib/X11/doc/README.mouse
There's a guide in tldps HOW-TO section:
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html/3-Button-Mouse-html.tar.gz
This is probably the best reference I've ever seen for the topic:
http://www.inria.fr/koala/colas/mouse-wheel-scroll/
56
General Security Information / Re: Phrack High Council
« on: November 26, 2005, 09:11:52 pm »Quote
Fuck CISSP, yah, that's you Richard Johnson
You guys know who that is ? I didn't realize I did until he mentionted on IRC that he's the star of their poem.
57
General Programming / Re: [JAVA] Easy-To-Use Socket Interface
« on: November 24, 2005, 03:16:51 am »
A few years ago for an IRC project I made something for initializing C sockets. I still use it sometimes. I used it in slackchat ;P I didn't want to paste all of the source on this thread, so I made this pseudo-codish C example of how it's used. If you're interested in the code I posted it at http://www.javaop.com/~tmp/isock.tar.gz.
Code: [Select]
#include "isock.h"
int main (void) {
//Socket filehandle
int bnetsock;
//Declare main bnet sockaddr_in structure/socket
struct sockaddr_in bnets;
//Declare server/port
char *server = "useast.battle.net";
int port = 6667;
//Create instance of sockaddr_in socket
create_socket (&bnets, &bnetsock, sport, sserver)
//Connect the socket
irc_connect(bnetsock, bnets)
printf("TCP stream initiated on %s:%d.\n", sserver, sport);
send(bnetsock, "\x1", 1, 0);
}
58
General Security Information / Re: Vulnerabilities in SlackChat :)
« on: November 22, 2005, 04:49:30 am »Set your home directory to a very long stringFixed.
Quote
How about a...... format string vuln?Fixed.
Type "%08X-%08X-%08X-%08X-%08X-%08X-%08X- ****%s**** -%08X-%08X-%08X" into the chat window, then press left. :-o!
Quote
Also, I can't seem to read the hashfiles unless I have write access to them.Should work fine now.
Quote
Finally, is there some way to put the hashfiles in a different folder? I'd like to try this on my school's computer, but I don't have root, so I can't make folders in /usr/local.
The hashfiles can be stored in ~/slackchat/slackchat_bin/ and it should run fine.
Update available: www.javaop.com/~tmp
Thanks for the bug testing.
59
General Programming / Re: Help with C pointers
« on: November 17, 2005, 03:21:58 am »Quote
Since we're assigning to a dereferenced int*, the value needs to be cast as a value and not just a pointer. If you forgot to dereference it, you'd probably end up with "blah" in the return address, which would likely crash you.
Hmmm... you don't need to cast at all if you don't want.
Code: [Select]
(*ret) = shellcode;
That works just fine. And if you didn't dereference it you'd just wind up having ret point to shellcode[0].
60
General Programming / Re: Help with C pointers
« on: November 12, 2005, 06:00:39 pm »
Ah. He's using the integer variable ret as a reference to find ret on the stack, then using the integer variable again as a vector for overwriting it. Thanks.