Full Disclosure mailing list archives
Re: FDRuin 0-Day Awesome 0day for ruining this mailing LIST
From: poo <skodliv () gmail com>
Date: Sat, 18 Mar 2006 02:46:02 +0100
GREAT TOOL !!!1!111 MUCH APPRECIATED WILL BE PUT TO GOOD USE!!111 all hail the lolhats!!!!111 On 3/17/06, 3 3 <nazijew () gmail com> wrote:
To extract e-mails from helpful FD archives: ---extractor.php <?php $paren = array("(",")"); $dirhand = @opendir(".") or die("Unable to open this directory"); $db_hostport = "localhost"; $db_user = "user"; $db_pass = "pass"; $db = "fdmails"; function doQuery($query,$link) { $ret = mysql_query ( $query, $link ) or die ('fail : ' . mysql_error()); if (mysql_fetch_row($ret)==false) { $return = false; } else { $return = true;} return $return; } $link = mysql_connect("{$db_hostport}", "{$db_user}", "{$db_pass}") or die("Could not connect: " . mysql_error()); mysql_select_db($db, $link) or die ('Cant use database : ' . mysql_error()); while (false!==($file = readdir($dirhand))) { if (stristr($file,".txt")) { echo "<hr>Loading File: " . $file . "<br>"; $handle = @fopen($file, "r"); if ($handle) { while (!feof($handle)) { $buffer = fgets($handle, 4096); if(strstr($buffer,"From:")&& (strstr($buffer," at ")||strstr($buffer,"@"))) { $fd = explode(" ", $buffer); if ($fd[2]=="at") { $email= $fd[1] . "@" . $fd[3]; } else if (stristr($fd[1],"@")) { $email= $fd[1]; } else { continue; } $name = substr($buffer, strpos($buffer, "(")); $name = mysql_real_escape_string ( str_replace($paren, "", $name), $link); $query = "SELECT * FROM `fdmail` WHERE `Name` LIKE '%$name%'"; if(!doQuery($query,$link)) { $query = "INSERT INTO `fdmail` SET Name='$name', Email='$email'"; echo "Query: " . $query . "<br>"; echo "Result: " . doQuery($query,$link) . "<br>"; } else { echo "Updating: $name <br>"; $query = "UPDATE `fdmail` SET `Name` = '$name',`Email` = '$email' WHERE `Name` LIKE '%$name%' "; echo "Query: " . $query . "<br>"; echo "Result: " . doQuery($query,$link) . "<br>"; } } } fclose($handle); } } } closedir($dirhand); ?> --End extractor.php Where can I find these archives? http://lists.grok.org.uk/pipermail/full-disclosure/ How can I spam the list? Option A) Use badly coded FDRuin.php scripts! (Attached!) Option B) Code your own in perl, using the equally bad generator code below! --lol.pl #!/usr/bin/perl use warnings; use strict; use DBI; use IO::Handle; LOG->autoflush(1); my %types; my @types_array; my %mails; my @mails_array; my %products; my @products_array; my $dbhandle = DBI->connect( "DBI:mysql:database=fdruin;host=localhost", "user", "password", { 'RaiseError' => 1 } ); my $types_handle = $dbhandle->prepare("SELECT * FROM advisorytype"); my $mails_handle = $dbhandle->prepare("SELECT * FROM fdmail"); my $products_handle = $dbhandle->prepare("SELECT * FROM products"); $types_handle->execute(); while (my $row = $types_handle->fetchrow_hashref()) { my $type = $row->{'type'}; my $desc = $row->{'desc'}; $types{"$type"} = $desc; push(@types_array,$type); } $types_handle->finish(); $mails_handle->execute(); while (my $row = $mails_handle->fetchrow_hashref()) { my $name = $row->{'Name'}; my $email = $row->{'Email'}; $mails{"$name"} = $email; push(@mails_array,$name); } $mails_handle->finish(); $products_handle->execute(); while (my $row = $products_handle->fetchrow_hashref()) { my $product = $row->{'product'}; my $website = $row->{'website'}; $products{"$product"} = $website; push(@products_array,$product); } $products_handle->finish(); $dbhandle->disconnect(); open (LOG, ">>log.txt") or die "$!"; { my $name = "$mails_array[int rand @mails_array]"; my $cvenum = int rand 9999; my $email = "$mails{$name}"; my $product = "$products_array[int rand @products_array]"; my $URL = "$products{$product}"; my $type = "$types_array[int rand @types_array]"; my $desc = "$types{$type}"; $desc =~ s/\[product\]/$product/; my $date = `date`; chomp($date); my $from = $email; my $subject= "Advisory - $date - $type in $product"; my $message= "Advisory - $date - $type in $product\n\n\n"; $message= gen_msg($date,$type,$product,$desc,$cvenum,$URL,$name,$email,$message); print "$message\n\n"; #Mail Function HERE } close (LOG) or warn "$!"; sub gen_msg { my ($date,$type,$product,$desc,$cvenum,$URL,$name,$email,$message) = @_; #Entropy Generation. my $sepRand = int rand 5; # 0,1,2,3 my $numerRand = int rand 5; my $rand_of_6 = int rand 6; # 0,1,2,3,4,5 #FDRUIN Gay Config. my @certs = ("CISSP" , "GSAE" , "CCE" , "CEH" , "CSFA" , "GREM" , "SSP-CNSA" , "SSP-MPA" , "GIPS" , "GHTQ" , "GWAS" , "CAP" , "SSCP"); my $ucRand = int rand 2; my $incBackg = int rand 2; my $incDesc = int rand 2; my $incHist = int rand 2; my $incWork = int rand 2; my $incVR = int rand 2; my $incCVE = int rand 2; my $incApA = int rand 2; my $incApB = int rand 4; # Give it more of a chance. my $incCont = int rand 4; my $incSep2 = int rand 4; # Give it more of a chance. #lol dont fuck with these my $randCerts; my $seperator; my $contMail; my $cert; my @numerals; #hylol you can change this / add entropiez my $background = "Background"; my $description = "Description"; my $history = "History"; my $workaround = "Workaround"; my $vendor_response = "Vendor Response"; my $cve_information = "CVE Information"; my $appendix_a = "Appendix A Vendor Information"; my $appendix_b = "Appendix B References"; my $contact = "Contact"; if ($sepRand == 0) { $seperator = "-" x ((rand 6 + 2) * 7); $seperator .= "\n"; } elsif ($sepRand == 1) { $seperator = "=" x ((rand 6 + 2) * 7); $seperator .= "\n"; } elsif ($sepRand == 2) { $seperator = "8"; $seperator .= "=" x (int((rand 6 + 1) * 5)); $seperator .= "D"; $seperator .= "~" x (int((rand 6 + 1) * 5)); $seperator .= "\n"; } elsif ($sepRand == 3) { $seperator = "+" x ((rand 6 + 2) * 7); $seperator .= "\n"; } else { $seperator = ""; } if ($numerRand == 0) { @numerals = ("1.","2.","3.","4.","5.","6."); } elsif ($numerRand == 1) { @numerals = ("I.","II.","III.","IV.","V.","VI."); } elsif ($numerRand == 2) { @numerals = ("[+]","[+]","[+]","[+]","[+]","[+]"); } elsif ($numerRand == 3) { @numerals = ("8===D","8===D","8===D","8===D","8===D","8===D"); } elsif ($numerRand == 4) { @numerals = ("o/ ?","? \\o","o/ ?","? \\o","o/ ?","? \\o"); } else { @numerals = ("-","-","-","-","-","-"); } $contMail = "$email\n" if ($ucRand != 0) { $background = uc($background); $description = uc($description); $history = uc($history); $workaround = uc($workaround); $vendor_response = uc($vendor_response); $cve_information = uc($cve_information); $appendix_a = uc($appendix_a); $appendix_b = uc($appendix_b); $contact = uc($contact); } #generate certs foreach $cert (@certs) { if (int rand 2) { $randCerts.= "$cert "; } } if ($incBackg != 0) { $message .= $seperator; $message .= shift @numerals; $message .= " $background\n"; if ($incSep2 != 0) { $message .= $seperator; } my $backTemp = int rand 3; if (int rand 2) { $message.= "There "; $backTemp = int rand 3; if ($backTemp == 0) { $message.= "is "; } elsif ($backTemp == 1) { $message.= "was "; } elsif ($backTemp == 2) { if (int rand 2) { if (int rand 2) { $message.= "has "; } else { $message.= "had "; } } else { $message.= "has had "; } $message.= "been "; } } else { $message.= "This "; $backTemp = int rand 4; if ($backTemp == 0) { $message.= "issue "; } elsif ($backTemp == 1) { $message.= "vulnerability "; } elsif ($backTemp == 2) { $message.= "problem "; } elsif ($backTemp == 3) { $message.= "product "; } if (int rand 2) { $message.= "has "; } else { $message.= "had "; } } $message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ? if (int rand 2) { $message.= "identified "; } $message.= "background";# Could be end. if (int rand 2) { #continue if (int rand 2) { $message.= " information "; } else { $message.= " commentary "; } $backTemp = int rand 3; if ($backTemp == 0) { $message.= "on "; } elsif ($backTemp == 1) { $message.= "about "; } elsif ($backTemp == 2) { $message.= "regarding "; } if (int rand 2) { $message.= "this "; } else { $message.= "the "; } $backTemp = int rand 4; if ($backTemp == 0) { $message.= "issue"; } elsif ($backTemp == 1) { $message.= "vulnerability"; } elsif ($backTemp == 2) { $message.= "problem"; } elsif ($backTemp == 3) { $message.= "product"; } $backTemp = int rand 4; if ($backTemp == 0) { $message.= " at hand"; } elsif ($backTemp == 1) { $message.= " indentified"; } elsif ($backTemp == 2) { $message.= " in question"; } } $message.= ".\n"; } if ($incDesc != 0) { $message .= $seperator; $message .= shift @numerals; $message .= " $description\n"; if ($incSep2 != 0) { $message .= $seperator; } $message .= "$desc\n\n"; } if ($incHist != 0) { $message .= $seperator; $message .= shift @numerals; $message .= " $history\n"; if ($incSep2 != 0) { $message .= $seperator; } my ($hSec,$hMin,$hHour,$hMday,$hMon,$hYear,$hWday,$hYday,$hIsdst) = localtime(time); my $hPDDate; my $hVNDate; my $hVRDate; my $hSep; $hMon++; $hYear+=1900; if (int rand 2) { if (int rand 2) { $hPDDate = "$hMday/$hMon/$hYear"; $hMday=int rand 30; $hMon--; $hVRDate = "$hMday/$hMon/$hYear"; $hMday=int rand 30; $hMon--; $hVNDate = "$hMday/$hMon/$hYear"; } else { $hPDDate = "$hMday-$hMon-$hYear"; $hMday=int rand 30; $hMon--; $hVRDate = "$hMday-$hMon-$hYear"; $hMday=int rand 30; $hMon--; $hVNDate = "$hMday-$hMon-$hYear"; } } else { if (int rand 2) { $hPDDate = "$hMon/$hMday/$hYear"; $hMday=int rand 30; $hMon--; $hVNDate = "$hMon/$hMday/$hYear"; $hMday=int rand 30; $hMon--; $hVRDate = "$hMon/$hMday/$hYear"; } else { $hPDDate = "$hMon-$hMday-$hYear"; $hMday=int rand 30; $hMon--; $hVNDate = "$hMon-$hMday-$hYear"; $hMday=int rand 30; $hMon--; $hVRDate = "$hMon-$hMday-$hYear"; } } if ($numerRand == 2) { $hSep = "[+]"; } elsif ($numerRand == 3) { $hSep = "8==D"; } elsif ($numerRand == 4) { $hSep = "o/"; } else { $hSep = "-"; } if (int rand 4) { $message.= "$hVNDate $hSep Vendor Notification.\n"; } if (int rand 2) { $message.= "$hVRDate $hSep Vendor Reply.\n"; } $message.= "$hPDDate $hSep Public Disclosure.\n"; } if ($incWork != 0) { $message .= $seperator; $message .= shift @numerals; $message .= " $workaround\n"; if ($incSep2 != 0) { $message .= $seperator; } my $backTemp = int rand 3; if (int rand 2) { $message.= "There "; $backTemp = int rand 3; if ($backTemp == 0) { $message.= "are "; } elsif ($backTemp == 1) { $message.= "was "; } elsif ($backTemp == 2) { if (int rand 2) { if (int rand 2) { $message.= "has "; } else { $message.= "had "; } } else { $message.= "has had "; } $message.= "been "; } } else { $message.= "This "; $backTemp = int rand 4; if ($backTemp == 0) { $message.= "issue "; } elsif ($backTemp == 1) { $message.= "vulnerability "; } elsif ($backTemp == 2) { $message.= "problem "; } elsif ($backTemp == 3) { $message.= "advisory "; } if (int rand 2) { $message.= "has "; } else { $message.= "had "; } } $message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ? if (int rand 2) { $message.= "identified "; } $message.= "workarounds";# Could be end. if (int rand 2) { #continue $backTemp = int rand 3; if ($backTemp == 0) { $message.= " for "; } elsif ($backTemp == 1) { $message.= " on "; } elsif ($backTemp == 2) { $message.= " regarding "; } if (int rand 2) { $message.= "this "; } else { $message.= "the "; } $backTemp = int rand 3; if ($backTemp == 0) { $message.= "issue"; } elsif ($backTemp == 1) { $message.= "vulnerability"; } elsif ($backTemp == 2) { $message.= "problem"; } $backTemp = int rand 4; if ($backTemp == 0) { $message.= " at hand"; } elsif ($backTemp == 1) { $message.= " indentified"; } elsif ($backTemp == 2) { $message.= " in question"; } } $message.= ".\n"; } if ($incVR != 0) { $message .= $seperator; $message .= shift @numerals; $message .= " $vendor_response\n"; if ($incSep2 != 0) { $message .= $seperator; } my $backTemp = int rand 3; if (int rand 2) { $message.= "$product "; $backTemp = int rand 3; if ($backTemp == 0) { $message.= "is "; } elsif ($backTemp == 1) { $message.= "was "; } elsif ($backTemp == 2) { if (int rand 2) { if (int rand 2) { $message.= "has "; } else { $message.= "had "; } } else { $message.= "has had "; } } } else { $message.= "$product "; if (int rand 2) { $message.= "has "; } else { $message.= "had "; } } $backTemp = int rand 3; if ($backTemp == 0) { $message.= "offered "; } elsif ($backTemp == 1) { $message.= "extended "; } elsif ($backTemp == 2) { $message.= "presented "; } $message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ? if (int rand 2) { $message.= "identified "; } $backTemp = int rand 3; if ($backTemp == 0) { $message.= "information"; } elsif ($backTemp == 1) { $message.= "commentary"; } elsif ($backTemp == 2) { $message.= "explanation"; } if (int rand 2) { #continue $backTemp = int rand 3; if ($backTemp == 0) { $message.= " on "; } elsif ($backTemp == 1) { $message.= " about "; } elsif ($backTemp == 2) { $message.= " regarding "; } if (int rand 2) { $message.= "this "; } else { $message.= "the "; } $backTemp = int rand 3; if ($backTemp == 0) { $message.= "issue"; } elsif ($backTemp == 1) { $message.= "vulnerability"; } elsif ($backTemp == 2) { $message.= "problem"; } $backTemp = int rand 4; if ($backTemp == 0) { $message.= " at hand"; } elsif ($backTemp == 1) { $message.= " indentified"; } elsif ($backTemp == 2) { $message.= " in question"; } } $message.= ".\n"; } if ($incCVE != 0) { $message .= $seperator; $message .= shift @numerals; $message .= " $cve_information\n"; if ($incSep2 != 0) { $message .= $seperator; } $message .= "The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-$cvenum to this issue\n\n"; } if ($incApA != 0) { $message .= $seperator; $message .= "$appendix_a\n"; if ($incSep2 != 0) { $message .= $seperator; } $message .= "$URL\n\n"; if ($incApB != 0) { $message .= $seperator; $message .= "$appendix_b\n"; if ($incSep2 != 0) { $message .= $seperator; } $message .= "RFC "; $message .= int rand 10000; } } if ($incCont != 0) { $message .= "\n\n"; $message .= $seperator; $message .= "$contact\n"; if ($incSep2 != 0) { $message .= $seperator; } $message .= "$name $contMail\n"; $message .= "$randCerts\n\n\n"; } return $message; } --END lol.pl That only generates and e-mail and prints it, add a mail() function for extra phun! Warmest Regards, -Bob Ban Haus Securities, Inc. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- smile tomorrow will be worse
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FDRuin 0-Day Awesome 0day for ruining this mailing LIST 3 3 (Mar 17)
- Re: FDRuin 0-Day Awesome 0day for ruining this mailing LIST poo (Mar 17)