| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Mar 17 21:40:56 2006
From: nazijew at gmail.com (3 3)
Subject: FDRuin 0-Day Awesome 0day for ruining this
mailing LIST
To extract e-mails from helpful FD archives:
---extractor.php
<?php
$paren = array("(",")");
$dirhand = @opendir(".") or die("Unable to open this directory");
$db_hostport = "localhost";
$db_user = "user";
$db_pass = "pass";
$db = "fdmails";
function doQuery($query,$link) {
$ret = mysql_query ( $query, $link ) or die ('fail : ' . mysql_error());
if (mysql_fetch_row($ret)==false) { $return = false; }
else { $return = true;}
return $return;
}
$link = mysql_connect("{$db_hostport}", "{$db_user}", "{$db_pass}") or
die("Could not connect: " . mysql_error());
mysql_select_db($db, $link) or die ('Cant use database : ' . mysql_error());
while (false!==($file = readdir($dirhand))) {
if (stristr($file,".txt")) {
echo "<hr>Loading File: " . $file . "<br>";
$handle = @fopen($file, "r");
if ($handle) {
while (!feof($handle)) {
$buffer = fgets($handle, 4096);
if(strstr($buffer,"From:")&&(strstr($buffer," at
")||strstr($buffer,"@"))) {
$fd = explode(" ", $buffer);
if ($fd[2]=="at") {
$email= $fd[1] . "@" . $fd[3];
}
else if (stristr($fd[1],"@")) {
$email= $fd[1];
}
else {
continue;
}
$name = substr($buffer, strpos($buffer, "("));
$name = mysql_real_escape_string ( str_replace($paren,
"", $name), $link);
$query = "SELECT * FROM `fdmail` WHERE `Name` LIKE
'%$name%'";
if(!doQuery($query,$link)) {
$query = "INSERT INTO `fdmail` SET Name='$name',
Email='$email'";
echo "Query: " . $query . "<br>";
echo "Result: " . doQuery($query,$link) . "<br>";
}
else {
echo "Updating: $name <br>";
$query = "UPDATE `fdmail` SET `Name` =
'$name',`Email` = '$email' WHERE `Name` LIKE '%$name%' ";
echo "Query: " . $query . "<br>";
echo "Result: " . doQuery($query,$link) . "<br>";
}
}
}
fclose($handle);
}
}
}
closedir($dirhand);
?>
--End extractor.php
Where can I find these archives?
http://lists.grok.org.uk/pipermail/full-disclosure/
How can I spam the list?
Option A) Use badly coded FDRuin.php scripts! (Attached!)
Option B) Code your own in perl, using the equally bad generator code below!
--lol.pl
#!/usr/bin/perl
use warnings;
use strict;
use DBI;
use IO::Handle;
LOG->autoflush(1);
my %types;
my @types_array;
my %mails;
my @mails_array;
my %products;
my @products_array;
my $dbhandle = DBI->connect( "DBI:mysql:database=fdruin;host=localhost",
"user", "password", { 'RaiseError' => 1 } );
my $types_handle = $dbhandle->prepare("SELECT * FROM advisorytype");
my $mails_handle = $dbhandle->prepare("SELECT * FROM fdmail");
my $products_handle = $dbhandle->prepare("SELECT * FROM products");
$types_handle->execute();
while (my $row = $types_handle->fetchrow_hashref()) {
my $type = $row->{'type'};
my $desc = $row->{'desc'};
$types{"$type"} = $desc;
push(@types_array,$type);
}
$types_handle->finish();
$mails_handle->execute();
while (my $row = $mails_handle->fetchrow_hashref()) {
my $name = $row->{'Name'};
my $email = $row->{'Email'};
$mails{"$name"} = $email;
push(@mails_array,$name);
}
$mails_handle->finish();
$products_handle->execute();
while (my $row = $products_handle->fetchrow_hashref()) {
my $product = $row->{'product'};
my $website = $row->{'website'};
$products{"$product"} = $website;
push(@products_array,$product);
}
$products_handle->finish();
$dbhandle->disconnect();
open (LOG, ">>log.txt") or die "$!";
{
my $name = "$mails_array[int rand @mails_array]";
my $cvenum = int rand 9999;
my $email = "$mails{$name}";
my $product = "$products_array[int rand @products_array]";
my $URL = "$products{$product}";
my $type = "$types_array[int rand @types_array]";
my $desc = "$types{$type}";
$desc =~ s/\[product\]/$product/;
my $date = `date`;
chomp($date);
my $from = $email;
my $subject= "Advisory - $date - $type in $product";
my $message= "Advisory - $date - $type in $product\n\n\n";
$message=
gen_msg($date,$type,$product,$desc,$cvenum,$URL,$name,$email,$message);
print "$message\n\n";
#Mail Function HERE
}
close (LOG) or warn "$!";
sub gen_msg {
my ($date,$type,$product,$desc,$cvenum,$URL,$name,$email,$message) = @_;
#Entropy Generation.
my $sepRand = int rand 5; # 0,1,2,3
my $numerRand = int rand 5;
my $rand_of_6 = int rand 6; # 0,1,2,3,4,5
#FDRUIN Gay Config.
my @certs = ("CISSP" , "GSAE" , "CCE" , "CEH" , "CSFA" , "GREM" ,
"SSP-CNSA" , "SSP-MPA" , "GIPS" , "GHTQ" , "GWAS" , "CAP" , "SSCP");
my $ucRand = int rand 2;
my $incBackg = int rand 2;
my $incDesc = int rand 2;
my $incHist = int rand 2;
my $incWork = int rand 2;
my $incVR = int rand 2;
my $incCVE = int rand 2;
my $incApA = int rand 2;
my $incApB = int rand 4; # Give it more of a chance.
my $incCont = int rand 4;
my $incSep2 = int rand 4; # Give it more of a chance.
#lol dont fuck with these
my $randCerts;
my $seperator;
my $contMail;
my $cert;
my @numerals;
#hylol you can change this / add entropiez
my $background = "Background";
my $description = "Description";
my $history = "History";
my $workaround = "Workaround";
my $vendor_response = "Vendor Response";
my $cve_information = "CVE Information";
my $appendix_a = "Appendix A Vendor Information";
my $appendix_b = "Appendix B References";
my $contact = "Contact";
if ($sepRand == 0) {
$seperator = "-" x ((rand 6 + 2) * 7);
$seperator .= "\n";
} elsif ($sepRand == 1) {
$seperator = "=" x ((rand 6 + 2) * 7);
$seperator .= "\n";
} elsif ($sepRand == 2) {
$seperator = "8";
$seperator .= "=" x (int((rand 6 + 1) * 5));
$seperator .= "D";
$seperator .= "~" x (int((rand 6 + 1) * 5));
$seperator .= "\n";
} elsif ($sepRand == 3) {
$seperator = "+" x ((rand 6 + 2) * 7);
$seperator .= "\n";
} else {
$seperator = "";
}
if ($numerRand == 0) {
@numerals = ("1.","2.","3.","4.","5.","6.");
} elsif ($numerRand == 1) {
@numerals = ("I.","II.","III.","IV.","V.","VI.");
} elsif ($numerRand == 2) {
@numerals = ("[+]","[+]","[+]","[+]","[+]","[+]");
} elsif ($numerRand == 3) {
@numerals = ("8===D","8===D","8===D","8===D","8===D","8===D");
} elsif ($numerRand == 4) {
@numerals = ("o/ ?","? \\o","o/ ?","? \\o","o/ ?","? \\o");
} else {
@numerals = ("-","-","-","-","-","-");
}
$contMail = "$email\n"
if ($ucRand != 0) {
$background = uc($background);
$description = uc($description);
$history = uc($history);
$workaround = uc($workaround);
$vendor_response = uc($vendor_response);
$cve_information = uc($cve_information);
$appendix_a = uc($appendix_a);
$appendix_b = uc($appendix_b);
$contact = uc($contact);
}
#generate certs
foreach $cert (@certs) {
if (int rand 2) {
$randCerts.= "$cert ";
}
}
if ($incBackg != 0) {
$message .= $seperator;
$message .= shift @numerals;
$message .= " $background\n";
if ($incSep2 != 0) {
$message .= $seperator;
}
my $backTemp = int rand 3;
if (int rand 2) {
$message.= "There ";
$backTemp = int rand 3;
if ($backTemp == 0) {
$message.= "is ";
} elsif ($backTemp == 1) {
$message.= "was ";
} elsif ($backTemp == 2) {
if (int rand 2) {
if (int rand 2) {
$message.= "has ";
} else {
$message.= "had ";
}
} else {
$message.= "has had ";
}
$message.= "been ";
}
} else {
$message.= "This ";
$backTemp = int rand 4;
if ($backTemp == 0) {
$message.= "issue ";
} elsif ($backTemp == 1) {
$message.= "vulnerability ";
} elsif ($backTemp == 2) {
$message.= "problem ";
} elsif ($backTemp == 3) {
$message.= "product ";
}
if (int rand 2) {
$message.= "has ";
} else {
$message.= "had ";
}
}
$message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ?
if (int rand 2) {
$message.= "identified ";
}
$message.= "background";# Could be end.
if (int rand 2) { #continue
if (int rand 2) {
$message.= " information ";
} else {
$message.= " commentary ";
}
$backTemp = int rand 3;
if ($backTemp == 0) {
$message.= "on ";
} elsif ($backTemp == 1) {
$message.= "about ";
} elsif ($backTemp == 2) {
$message.= "regarding ";
}
if (int rand 2) {
$message.= "this ";
} else {
$message.= "the ";
}
$backTemp = int rand 4;
if ($backTemp == 0) {
$message.= "issue";
} elsif ($backTemp == 1) {
$message.= "vulnerability";
} elsif ($backTemp == 2) {
$message.= "problem";
} elsif ($backTemp == 3) {
$message.= "product";
}
$backTemp = int rand 4;
if ($backTemp == 0) {
$message.= " at hand";
} elsif ($backTemp == 1) {
$message.= " indentified";
} elsif ($backTemp == 2) {
$message.= " in question";
}
}
$message.= ".\n";
}
if ($incDesc != 0) {
$message .= $seperator;
$message .= shift @numerals;
$message .= " $description\n";
if ($incSep2 != 0) {
$message .= $seperator;
}
$message .= "$desc\n\n";
}
if ($incHist != 0) {
$message .= $seperator;
$message .= shift @numerals;
$message .= " $history\n";
if ($incSep2 != 0) {
$message .= $seperator;
}
my ($hSec,$hMin,$hHour,$hMday,$hMon,$hYear,$hWday,$hYday,$hIsdst) =
localtime(time);
my $hPDDate;
my $hVNDate;
my $hVRDate;
my $hSep;
$hMon++;
$hYear+=1900;
if (int rand 2) {
if (int rand 2) {
$hPDDate = "$hMday/$hMon/$hYear";
$hMday=int rand 30;
$hMon--;
$hVRDate = "$hMday/$hMon/$hYear";
$hMday=int rand 30;
$hMon--;
$hVNDate = "$hMday/$hMon/$hYear";
} else {
$hPDDate = "$hMday-$hMon-$hYear";
$hMday=int rand 30;
$hMon--;
$hVRDate = "$hMday-$hMon-$hYear";
$hMday=int rand 30;
$hMon--;
$hVNDate = "$hMday-$hMon-$hYear";
}
} else {
if (int rand 2) {
$hPDDate = "$hMon/$hMday/$hYear";
$hMday=int rand 30;
$hMon--;
$hVNDate = "$hMon/$hMday/$hYear";
$hMday=int rand 30;
$hMon--;
$hVRDate = "$hMon/$hMday/$hYear";
} else {
$hPDDate = "$hMon-$hMday-$hYear";
$hMday=int rand 30;
$hMon--;
$hVNDate = "$hMon-$hMday-$hYear";
$hMday=int rand 30;
$hMon--;
$hVRDate = "$hMon-$hMday-$hYear";
}
}
if ($numerRand == 2) {
$hSep = "[+]";
} elsif ($numerRand == 3) {
$hSep = "8==D";
} elsif ($numerRand == 4) {
$hSep = "o/";
} else {
$hSep = "-";
}
if (int rand 4) {
$message.= "$hVNDate $hSep Vendor Notification.\n";
}
if (int rand 2) {
$message.= "$hVRDate $hSep Vendor Reply.\n";
}
$message.= "$hPDDate $hSep Public Disclosure.\n";
}
if ($incWork != 0) {
$message .= $seperator;
$message .= shift @numerals;
$message .= " $workaround\n";
if ($incSep2 != 0) {
$message .= $seperator;
}
my $backTemp = int rand 3;
if (int rand 2) {
$message.= "There ";
$backTemp = int rand 3;
if ($backTemp == 0) {
$message.= "are ";
} elsif ($backTemp == 1) {
$message.= "was ";
} elsif ($backTemp == 2) {
if (int rand 2) {
if (int rand 2) {
$message.= "has ";
} else {
$message.= "had ";
}
} else {
$message.= "has had ";
}
$message.= "been ";
}
} else {
$message.= "This ";
$backTemp = int rand 4;
if ($backTemp == 0) {
$message.= "issue ";
} elsif ($backTemp == 1) {
$message.= "vulnerability ";
} elsif ($backTemp == 2) {
$message.= "problem ";
} elsif ($backTemp == 3) {
$message.= "advisory ";
}
if (int rand 2) {
$message.= "has ";
} else {
$message.= "had ";
}
}
$message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ?
if (int rand 2) {
$message.= "identified ";
}
$message.= "workarounds";# Could be end.
if (int rand 2) { #continue
$backTemp = int rand 3;
if ($backTemp == 0) {
$message.= " for ";
} elsif ($backTemp == 1) {
$message.= " on ";
} elsif ($backTemp == 2) {
$message.= " regarding ";
}
if (int rand 2) {
$message.= "this ";
} else {
$message.= "the ";
}
$backTemp = int rand 3;
if ($backTemp == 0) {
$message.= "issue";
} elsif ($backTemp == 1) {
$message.= "vulnerability";
} elsif ($backTemp == 2) {
$message.= "problem";
}
$backTemp = int rand 4;
if ($backTemp == 0) {
$message.= " at hand";
} elsif ($backTemp == 1) {
$message.= " indentified";
} elsif ($backTemp == 2) {
$message.= " in question";
}
}
$message.= ".\n";
}
if ($incVR != 0) {
$message .= $seperator;
$message .= shift @numerals;
$message .= " $vendor_response\n";
if ($incSep2 != 0) {
$message .= $seperator;
}
my $backTemp = int rand 3;
if (int rand 2) {
$message.= "$product ";
$backTemp = int rand 3;
if ($backTemp == 0) {
$message.= "is ";
} elsif ($backTemp == 1) {
$message.= "was ";
} elsif ($backTemp == 2) {
if (int rand 2) {
if (int rand 2) {
$message.= "has ";
} else {
$message.= "had ";
}
} else {
$message.= "has had ";
}
}
} else {
$message.= "$product ";
if (int rand 2) {
$message.= "has ";
} else {
$message.= "had ";
}
}
$backTemp = int rand 3;
if ($backTemp == 0) {
$message.= "offered ";
} elsif ($backTemp == 1) {
$message.= "extended ";
} elsif ($backTemp == 2) {
$message.= "presented ";
}
$message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ?
if (int rand 2) {
$message.= "identified ";
}
$backTemp = int rand 3;
if ($backTemp == 0) {
$message.= "information";
} elsif ($backTemp == 1) {
$message.= "commentary";
} elsif ($backTemp == 2) {
$message.= "explanation";
}
if (int rand 2) { #continue
$backTemp = int rand 3;
if ($backTemp == 0) {
$message.= " on ";
} elsif ($backTemp == 1) {
$message.= " about ";
} elsif ($backTemp == 2) {
$message.= " regarding ";
}
if (int rand 2) {
$message.= "this ";
} else {
$message.= "the ";
}
$backTemp = int rand 3;
if ($backTemp == 0) {
$message.= "issue";
} elsif ($backTemp == 1) {
$message.= "vulnerability";
} elsif ($backTemp == 2) {
$message.= "problem";
}
$backTemp = int rand 4;
if ($backTemp == 0) {
$message.= " at hand";
} elsif ($backTemp == 1) {
$message.= " indentified";
} elsif ($backTemp == 2) {
$message.= " in question";
}
}
$message.= ".\n";
}
if ($incCVE != 0) {
$message .= $seperator;
$message .= shift @numerals;
$message .= " $cve_information\n";
if ($incSep2 != 0) {
$message .= $seperator;
}
$message .= "The Common Vulnerabilities and Exposures (CVE) project
has assigned the name CVE-2006-$cvenum to this issue\n\n";
}
if ($incApA != 0) {
$message .= $seperator;
$message .= "$appendix_a\n";
if ($incSep2 != 0) {
$message .= $seperator;
}
$message .= "$URL\n\n";
if ($incApB != 0) {
$message .= $seperator;
$message .= "$appendix_b\n";
if ($incSep2 != 0) {
$message .= $seperator;
}
$message .= "RFC ";
$message .= int rand 10000;
}
}
if ($incCont != 0) {
$message .= "\n\n";
$message .= $seperator;
$message .= "$contact\n";
if ($incSep2 != 0) {
$message .= $seperator;
}
$message .= "$name $contMail\n";
$message .= "$randCerts\n\n\n";
}
return $message;
}
--END lol.pl
That only generates and e-mail and prints it, add a mail() function for
extra phun!
Warmest Regards,
-Bob
Ban Haus Securities, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060317/ec327dc7/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: release.zip
Type: application/zip
Size: 19158 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060317/ec327dc7/release-0001.zip
Powered by blists - more mailing lists