Re: WEB SECURITY: fyi!!

To: dpk <dpk@egr.msu.edu>
Cc: debian-user@lists.debian.org
Subject: Re: WEB SECURITY: fyi!!
From: Jason Costomiris <jcostom@sjis.com>
Date: Tue, 22 Apr 1997 19:34:24 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.3.96.970422192916.10467G-100000@dogbert.sjis.com>
Reply-to: Jason Costomiris <jcostom@sjis.com>
In-reply-to: <[🔎] Pine.SOL.3.91.970422130619.12154H-100000@krycek>

With respect to the dreadfully OLD phf problem, I've implemented a
"unique" solution.  Here's what I use in place of the old phf...  It gives
fun replies to "id", "uname" and "passwd" (as in /bin/cat%20/etc/passwd).

For example, it generates a unique passwd file each time at random.
Interesting lusernames^H^H^H^H^H^H^H^Husernames too.

Here, try:

http://www.sjis.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
http://www.sjis.com/cgi-bin/phf?Qalias=x%0a/usr/bin/id
http://www.sjis.com/cgi-bin/phf?Qalias=x%0a/bin/uname%20-a
http://www.sjis.com/cgi-bin/phf

Here it is, I move that it be incorporated into the cgi-scripts package...
It requires perl 5.0x and CGI.pm.

---chop here----
#!/usr/bin/perl

# phf buster
# They want a passwd file to crack?  Let's give them one.

srand(time^$$);

# Don't ask about the goofy order.  For some reason, perl outputs the
# members of the hash in a seemingly random order.  Larry?

%lusers = ( bin => 'been',
	daemon => 'try',
	operator => 'time',
	adm => 'dork',
	lp => 'for',
	uucp => 'year',
	news => 'a',
	lart => 'would',
	duh => 'Why',
	bill => 'you',
	hillary => 'holes',
	dork => 'a',
	beavis => 'known',
	hank => 'are',
	bubba => 'over',
	dale => 'that',
	harvey => 'Only',
	dreck => 'your',
	slappy => 'have',
	dweeb => 'wasting',
	smack => 'time');

@shells = ('/bin/sh','/bin/csh','/usr/bin/ksh','/usr/local/bin/tcsh','/usr/local/bin/bash');

use CGI;
$query = new CGI;

$qs = $query->query_string;

if ( $qs =~ /id/i ) {
	print $query->header('text/plain');
	print "uid=65534(nobody) gid=65535 groups=65535\n";
	print "Did you really think httpd would be running as root?  Come on.\n";
} elsif ( $qs =~ /passwd/i ) {
	print $query->header('text/plain');
	$rootpw = &crypt_it('dork');
	print "root:$rootpw:0:0:root:/:/bin/sh\n";
	$uid = 5;
	$gid = 100;
	foreach $luser (keys %lusers) {
		$home = '/home/' . $luser;
		$shell = $shells[rand($#shells)];
		$pw = &crypt_it($lusers{$luser});
		$line = join(':', $luser, $pw, $uid, $gid, $luser, $home, $shell);
		print "$line\n";
		$uid++;
	}
} elsif ( $qs =~ /uname/i ) {
	print $query->header('text/plain');
	print "Hamilton97 beaver 4.0 #1 Thu Feb 18 11:19:54 EST 1997 cray\n";
} else {
	print $query->header('text/plain');
	print "We don\'t run phf here.  Go away.\n";
}

sub crypt_it {
  local($user,$pass)=@_;
  local($nslat,$week,$now,$pert1,$pert2);
  local(@salt_set)=('a'..'z','A'..'Z','0'..'9','.','/');
  $now=time;
  ($pert1,$per2) = unpack("C2",$user);
  $week = $now / (60*60*24*7) + $pert1 + $pert2;
  $nsalt = $salt_set[$week % 64] . $salt_set[$now %64];
  return crypt($pass,$nsalt);
}
-----chop here------

Jason Costomiris                 | Finger for PGP 2.6.2 Public Key
jcostom@sjis.com                 | "There is a fine line between idiocy
My employers like me, but not	 | and genius.  We aim to erase that line"
enough to let me speak for them. |			--Unknown

	        	http://www.jasons.org/~jcostom



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- WEB SECURITY: fyi!!
  - From: dpk <dpk@egr.msu.edu>

Prev by Date: Re: fvwm2 menus burned
Next by Date: Re: Dial up PPP
Previous by thread: WEB SECURITY: fyi!!
Next by thread: Dial up PPP
Index(es):
- Date
- Thread