Beruflich Dokumente
Kultur Dokumente
######
## ,-------, ,-----,
## | _____| |__, | ,--,
## | | ,_______, | | |__|
## | | ,-, |_______| | | ,--, ,-------, ,-------,
## | |___| | | | | | | ,-, | | ___|
## |_______| |__| |__| |__| |__| |______|
## -=[ zine ]=-
######
G-line was actually embarrassed to put out this issue, the code is so poor.
But hey, life goes on, eh? Sadly, this was far too easy...
##
# Note: Our comments have been inserted in this format
##
1.
Name: WarBot (Xchat Exploiter)
His notes: RippaWallet found a BOF for Xchat 2.6.4-1 so i wrote a quick bot to
exploit it.
Code:
use IO::Socket;
##
# No sh-bang line?
# No warnings?
# No lexical variables?
##
my $message;
my $server = "irc.enigmagroup.org"; #server
my $nick = "WarBot";#Bot Nick
my $port = "6667";#Port
my $channel = "#enigmagroup";#Channel
my $victim = "#Locus7s"; #Set this to the channel name to display it in the
main convo - Set it to the victim name to make it private
my $sock = new IO::Socket::INET(PeerAddr => $server,
PeerPort => $port,
Proto => 'tcp');
##
# No error checking for the socket?
##
##
# If you think the bracing style is bad now, just wait until later
##
##
# Again with the quoting...
##
print $sock "PRIVMSG $channel :I've had enough of you losers. I'm
leaving.\r\n";
print $sock "QUIT\r\n";
die();
##
# This is great. Anyone can make the bot leave. Nice job.
# Also, die() is typically used when something has gone wrong.
# Your usage of it earlier (setting up the nicks) was appropriate.
# For this, I suggest you use exit().
# http://www.sunsite.ualberta.ca/Documentation/Misc/perl-
5.6.1/pod/perlfunc/exit.html
# And as always, DON'T QUOTE THE SCALARS!
##
}else{
##
# Really, }else{...
# I haven't seen that since I read coding tutorials form the 1990's..
# Also, TAB YOUR CODE!
##
##
# No need for the if() statement.
# just:
# print $sock "PRIVMSG ", $victim, " :xxxxxxxxxxxxx\n");
# Quit quoting the scalars!
##
if($input =~ "has quit\r\n") { #Verification that the target has been 'taken
care of' :)
print $sock "PRIVMSG $channel :TARGET DESTROYED\r\n";
print $sock "PRIVMSG $channel :DISCONNECTING..\r\n"; #Leaves
die();
##
# This should be exit.
# Your quoting of variables was horrible.
# Your tabbing was horrible.
# Your regexes were clumsy and poorly written.
##
}
}
}
EOF
2.
Name: WebGrab.pl
His notes: This is a simple little script to snatch a websites source code :)
Code:
#WebGrab.pl
#By Ethernet
#Ver 1.3
use Net::HTTP;
##
# Again, no sh-bang line?
# What are you, a Windows user?
# No warnings?
# No lexical vaiables?
# Allow me to explain something to you.
# It's a little pragma called strict. Strict is used for lexical variables.
# These are varaiables that must be declared in scope. Not only does it keep
# the code neater, but it also makes it faster, and forces you to use better
# practices.
##
##
# chomp(my $site = <STDIN>);
# Or, we can even get it from the command line:
# my $site = shift || die qq(Usage: $0 <website>\n);
##
##
# Again with the quoting of the scalars...
##
##
# Hmm.. this looks familair...
# $ man Net::HTTP
# Net::HTTP(3) User Contributed Perl Documentation Net::HTTP(3)
#
# NAME
# Net::HTTP - Low-level HTTP client connection
#
# NOTE
# This module is experimental. Details of its interface is likely to
# change in the future.
#
# SYNOPSIS
# use Net::HTTP;
# my $s = Net::HTTP->new(Host => "www.perl.com) || die $@;
# $s->write_request(GET => "/", 'User-Agent' => "Mozilla/5.0");
# my($code, $mess, %h) = $s->read_response_headers;
#
# while (1) {
# my $buf;
# my $n = $s->read_entity_body($buf, 1024);
# last unless $n;
# print $buf;
# }
##
##
# Good job, you can rip code from man pages.
##
print "\nConnected.";
print "\nAccessing HTML code...\n";
while (1) {
my $buf;
my $n = $s->read_entity_body($buf, 1024);
die "read failed: $!" unless defined $n;
##
# Well, at least you can change one line.
# Also, you can clearly see where the ripped code starts.
# The variables are suddenly declared with 'my' and they're not quoted.
##
last unless $n;
print $buf; #Display the source code
}
##
# exit;
##
EOF
3.
Name: PortScanner
His notes: Xendz has one too but mines different :)
Code:
#!/usr/bin/perl
#My first port scanner
#By Ethernet
#Ver. 1.2
##
# Wow, will you look at that! An sh-bang line!
# Too bad there's still no warnings or lexical variables though.
##
use IO::Socket;
##
# You appear to be declaring the variables with 'my'.
# Why not 'use strict;' ?
##
##
# Typically we type global constants in all caps.
# my is not for global variables, but it doesn't matter in your case,
# as you're not using them.
# Learn to put things in context.
##
##
# Am I beginning to see an addiction to parantheses?
# & is a cheap hack.
# Also allow me to introduce you to our little friend called shift.
# shift pulls the indexes off of an array, starting at 0.
# my $server = shift || usage();
###
##
# Wow, that was long and unneeded.
# my ($server, $begin, $maxport) = @ARGV;
##
##
# Ah, writing getopts() style routines by hand without knowing the
# language or using regexes. Good job.
##
$begin = (1);
$maxport = (3000);
##
# Why are you placing parantheses all over the place?
##
##
# Again, what's up with the quoting?
##
for ($port=$begin;$port<=$maxport;$port++) {
##
# In Perl, we have a nice little loop called foreach().
# foreach my $port ($begin...$maxport) {
# Go back to PHP.
##
##
# Ever hear of tabbing, or not quoting vars needlessly?
# You may also want to set the Timeout value so tthe scan doesn't take years...
##
if ($sock) {
print "::$port [OPEN]::\n"; #Display if the port is open or closed
##
# There's an interesting little condition that can occur when you have too
# many filehandles open on your system. It will deny you any more (the max is
# usually around 1024). Now, under most circumstances, the sockets will
# eventually close themselves. However, some protocols (such as FTP) do not
# time out very quickly. Therefore, the sockets will remain open longer,
# take up unneeded filehandles, and consume bandwidth.
# Never fear, there is a solution. It's called close().
# Read about it at:
# http://www.sunsite.ualberta.ca/Documentation/Misc/perl-
5.6.1/pod/perlfunc/close.html
# close $sock;
##
} else {
print "-$port [Closed]-\n";
##
# What's up with the quoting?
##
}
} # End for
sub usage { #How to use information below
##
# Wow, you've figured out subroutines.
##
##
# In Perl, exit() automatically exits witha status of 0.
# exit;
##
EOF
Sadly, that's all the code that we were able to find. There was another IRC
bot, but it was so similar to the one that we already examined that we didn't
bother to put it in the zine.
Ethernet, learn Perl before you try and code. Go back to PHP.
##
# EOF
##
[root@localhost ~]#