lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Mar 23 15:16:07 2006
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: Re: Re: Links to Google's cache
	of626FrSIRTexploits

nocfed wrote:
> Really, do you ``hackers'' really not know howto at least read the
> manpage for wget?
>
> There is no need for any script, only a few switches to wget.
>
> Hint: -e robots=off

  Wow!  j00 R so 1337!  Hint:  -e clue=on

  Seriously, I truly phj33r your 4w3s0Me!!!one!1 man-page reading skills, 
but how could you imagine that switch could possibly make the slightest 
difference?  robots.txt is enforced (or ignored) by the client.  If a server 
returns a 403 or doesn't, depending on what UserAgent you specified, then 
how could making the client ignore robots.txt somehow magically make the 
server not return a 403 when you try to fetch a page?

  If you think that a switch that makes no difference to the data going over 
the wire could affect the response given to an otherwise identical protocol 
request sent back by the server, you must think they're using IP over ESP as 
a transport layer.  Which rfc was that again?

  Or perhaps you just don't understand the first thing about the 
client-server model of system architecture.  In which case you're in no 
position to go around calling other people hackers in sarcastic quote 
marks[*].

  Anyway, this is a great illustration of the dangers of posting smartarse 
replies without actually having TRIED what you claim will work.  Let me 
*prove* it: here's what happens if you try and wget the list of cached page, 
first with no switches, then with -e but no -U, then with -U but no -e.

---------------------------------------<no 
options>---------------------------------------

dk@...nbow /artimi/haxx0r/frsirt/test> wget -i list.txt
--14:53:56--  
http://72.14.203.104/search?q=cache:HG1c4HzNGuYJ:www.frsirt.com/exploits/20050621.p33r-b33r.c.php+site:frsirt.com+p33r&hl=en&ct=clnk&cd=2
           => 
`search@...ache%3AHG1c4HzNGuYJ%3Awww.frsirt.com%2Fexploits%2F20050621.p33r-b33r.c.php+site%3Afrsirt.com+p33r&hl=en&ct=clnk&cd=2'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
14:53:57 ERROR 403: Forbidden.

--14:53:57--  
http://72.14.203.104/search?q=cache:mI8fMz47MSQJ:www.frsirt.com/exploits/20060226.sco-root-exploit.c.php+site:frsirt.com+prdelka&hl=en&ct=clnk&cd=1
           => 
`search@...ache%3AmI8fMz47MSQJ%3Awww.frsirt.com%2Fexploits%2F20060226.sco-root-exploit.c.php+site%3Afrsirt.com+prdelka&hl=en&ct=clnk&cd=1'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
14:53:59 ERROR 403: Forbidden.

--14:53:59--  
http://72.14.203.104/search?q=cache:http://www.frsirt.com/exploits/20060307.revilloc.pl.php
           => 
`search@...ache%3Ahttp%3A%2F%2Fwww.frsirt.com%2Fexploits%2F20060307.revilloc.pl.php'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
14:54:00 ERROR 403: Forbidden.

--14:54:00--  
http://72.14.203.104/search?q=cache:http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.php
           => 
`search@...ache%3Ahttp%3A%2F%2Fwww.frsirt.com%2Fexploits%2F20060305.ms-visual-dbp.c.php'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
14:54:01 ERROR 403: Forbidden.
^C
---------------------------------------<-e>---------------------------------------

dk@...nbow /artimi/haxx0r/frsirt/test> wget -i list.txt -e robots=off
--14:54:12--  
http://72.14.203.104/search?q=cache:HG1c4HzNGuYJ:www.frsirt.com/exploits/20050621.p33r-b33r.c.php+site:frsirt.com+p33r&hl=en&ct=clnk&cd=2
           => 
`search@...ache%3AHG1c4HzNGuYJ%3Awww.frsirt.com%2Fexploits%2F20050621.p33r-b33r.c.php+site%3Afrsirt.com+p33r&hl=en&ct=clnk&cd=2'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
14:54:13 ERROR 403: Forbidden.

--14:54:13--  
http://72.14.203.104/search?q=cache:mI8fMz47MSQJ:www.frsirt.com/exploits/20060226.sco-root-exploit.c.php+site:frsirt.com+prdelka&hl=en&ct=clnk&cd=1
           => 
`search@...ache%3AmI8fMz47MSQJ%3Awww.frsirt.com%2Fexploits%2F20060226.sco-root-exploit.c.php+site%3Afrsirt.com+prdelka&hl=en&ct=clnk&cd=1'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
14:54:15 ERROR 403: Forbidden.

--14:54:15--  
http://72.14.203.104/search?q=cache:http://www.frsirt.com/exploits/20060307.revilloc.pl.php
           => 
`search@...ache%3Ahttp%3A%2F%2Fwww.frsirt.com%2Fexploits%2F20060307.revilloc.pl.php'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
14:54:16 ERROR 403: Forbidden.

--14:54:16--  
http://72.14.203.104/search?q=cache:http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.php
           => 
`search@...ache%3Ahttp%3A%2F%2Fwww.frsirt.com%2Fexploits%2F20060305.ms-visual-dbp.c.php'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
14:54:17 ERROR 403: Forbidden.

--14:54:17--  
http://72.14.203.104/search?q=cache:http://www.frsirt.com/exploits/20060305.libtiff_exploit.c.php
           => 
`search@...ache%3Ahttp%3A%2F%2Fwww.frsirt.com%2Fexploits%2F20060305.libtiff_exploit.c.php'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
14:54:18 ERROR 403: Forbidden.
^C
---------------------------------------<-U>---------------------------------------

dk@...nbow /artimi/haxx0r/frsirt/test> wget -i list.txt -U 'nocfed is 
talking a steaming great heap of n3td3v LOL LOL LOL'
--15:04:32--  
http://72.14.203.104/search?q=cache:HG1c4HzNGuYJ:www.frsirt.com/exploits/20050621.p33r-b33r.c.php+site:frsirt.com+p33r&hl=en&ct=clnk&cd=2
           => 
`search@...ache%3AHG1c4HzNGuYJ%3Awww.frsirt.com%2Fexploits%2F20050621.p33r-b33r.c.php+site%3Afrsirt.com+p33r&hl=en&ct=clnk&cd=2'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    [   <=>                               ] 25,213        49.24K/s

15:04:33 (49.24 KB/s) - 
`search@...ache%3AHG1c4HzNGuYJ%3Awww.frsirt.com%2Fexploits%2F20050621.p33r-b33r.c.php+site%3Afrsirt.com+p33r&hl=en&ct=clnk&cd=2' 
saved [25213]

--15:04:33--  
http://72.14.203.104/search?q=cache:mI8fMz47MSQJ:www.frsirt.com/exploits/20060226.sco-root-exploit.c.php+site:frsirt.com+prdelka&hl=en&ct=clnk&cd=1
           => 
`search@...ache%3AmI8fMz47MSQJ%3Awww.frsirt.com%2Fexploits%2F20060226.sco-root-exploit.c.php+site%3Afrsirt.com+prdelka&hl=en&ct=clnk&cd=1'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    [ <=>                                 ] 5,294         --.--K/s

15:04:34 (36.93 KB/s) - 
`search@...ache%3AmI8fMz47MSQJ%3Awww.frsirt.com%2Fexploits%2F20060226.sco-root-exploit.c.php+site%3Afrsirt.com+prdelka&hl=en&ct=clnk&cd=1' 
saved [5294]

--15:04:34--  
http://72.14.203.104/search?q=cache:http://www.frsirt.com/exploits/20060307.revilloc.pl.php
           => 
`search@...ache%3Ahttp%3A%2F%2Fwww.frsirt.com%2Fexploits%2F20060307.revilloc.pl.php'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    [   <=>                               ] 24,847        45.70K/s

15:04:35 (45.70 KB/s) - 
`search@...ache%3Ahttp%3A%2F%2Fwww.frsirt.com%2Fexploits%2F20060307.revilloc.pl.php' 
saved [24847]

--15:04:35--  
http://72.14.203.104/search?q=cache:http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.php
           => 
`search@...ache%3Ahttp%3A%2F%2Fwww.frsirt.com%2Fexploits%2F20060305.ms-visual-dbp.c.php'
Connecting to 72.14.203.104:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    [   <=>                               ] 25,855        40.40K/s
^C
---------------------------------------<snip>---------------------------------------

    cheers,
      DaveK

[*] - What a perfect example this is of the difference between sarcasm and 
irony:
-  nocfed calling us ``hackers" in scare-quotes - that's sarcasm.
-  nocfed getting /everything/ so massively wrong in his sarcastic response: 
*that's* irony.
-- 
Can't think of a witty .sigline today....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ