Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: FDRuin 0-Day Awesome 0day for ruining this mailing LIST
From: poo <skodliv () gmail com>
Date: Sat, 18 Mar 2006 02:46:02 +0100

GREAT TOOL !!!1!111 MUCH APPRECIATED WILL BE PUT TO GOOD USE!!111



all hail the lolhats!!!!111


On 3/17/06, 3 3 <nazijew () gmail com> wrote:

To extract e-mails from helpful FD archives:
---extractor.php
<?php
$paren = array("(",")");
$dirhand = @opendir(".") or die("Unable to open this directory");

$db_hostport = "localhost";
$db_user = "user";
$db_pass = "pass";
$db = "fdmails";

function doQuery($query,$link) {
    $ret = mysql_query ( $query, $link ) or die ('fail : ' .
mysql_error());
    if (mysql_fetch_row($ret)==false) { $return = false; }
    else { $return = true;}
    return $return;
}

$link = mysql_connect("{$db_hostport}", "{$db_user}", "{$db_pass}") or
die("Could not connect: " . mysql_error());
mysql_select_db($db, $link) or die ('Cant use database : ' .
mysql_error());

while (false!==($file = readdir($dirhand))) {
    if (stristr($file,".txt")) {
        echo "<hr>Loading File: " . $file . "<br>";
        $handle = @fopen($file, "r");
        if ($handle) {
            while (!feof($handle)) {
                $buffer = fgets($handle, 4096);
                if(strstr($buffer,"From:")&& (strstr($buffer," at
")||strstr($buffer,"@"))) {
                    $fd = explode(" ", $buffer);
                    if ($fd[2]=="at") {
                        $email= $fd[1] . "@" . $fd[3];
                    }
                    else if (stristr($fd[1],"@")) {
                        $email= $fd[1];
                    }
                    else {
                        continue;
                    }
                    $name = substr($buffer, strpos($buffer, "("));
                    $name = mysql_real_escape_string ( str_replace($paren,
"", $name), $link);
                    $query = "SELECT * FROM `fdmail` WHERE `Name` LIKE
'%$name%'";
                    if(!doQuery($query,$link)) {
                        $query = "INSERT INTO `fdmail` SET Name='$name',
Email='$email'";
                        echo "Query: " . $query . "<br>";
                        echo "Result: " . doQuery($query,$link) . "<br>";
                    }
                    else {
                        echo "Updating: $name <br>";
                        $query = "UPDATE `fdmail` SET `Name` =
'$name',`Email` = '$email' WHERE `Name` LIKE '%$name%' ";
                        echo "Query: " . $query . "<br>";
                        echo "Result: " . doQuery($query,$link) . "<br>";
                    }
                }
            }
            fclose($handle);
        }
    }
}
closedir($dirhand);
?>

--End extractor.php

Where can I find these archives?

http://lists.grok.org.uk/pipermail/full-disclosure/

How can I spam the list?

Option A) Use badly coded FDRuin.php scripts!  (Attached!)

Option B) Code your own in perl, using the equally bad generator code
below!

--lol.pl
#!/usr/bin/perl

use warnings;
use strict;
use DBI;
use IO::Handle;

LOG->autoflush(1);

my %types;
my @types_array;
my %mails;
my @mails_array;
my %products;
my @products_array;

my $dbhandle = DBI->connect( "DBI:mysql:database=fdruin;host=localhost",
"user", "password", { 'RaiseError' => 1 } );
my $types_handle = $dbhandle->prepare("SELECT * FROM advisorytype");
my $mails_handle = $dbhandle->prepare("SELECT * FROM fdmail");
my $products_handle = $dbhandle->prepare("SELECT * FROM products");

$types_handle->execute();
while (my $row = $types_handle->fetchrow_hashref()) {
    my $type = $row->{'type'};
    my $desc = $row->{'desc'};
    $types{"$type"} = $desc;
    push(@types_array,$type);
}
$types_handle->finish();

$mails_handle->execute();
while (my $row = $mails_handle->fetchrow_hashref()) {
    my $name = $row->{'Name'};
    my $email = $row->{'Email'};
    $mails{"$name"} = $email;
    push(@mails_array,$name);
}
$mails_handle->finish();

$products_handle->execute();
while (my $row = $products_handle->fetchrow_hashref()) {
    my $product = $row->{'product'};
    my $website = $row->{'website'};
    $products{"$product"} = $website;
    push(@products_array,$product);
}
$products_handle->finish();

$dbhandle->disconnect();

open (LOG, ">>log.txt") or die "$!";
{
    my $name = "$mails_array[int rand @mails_array]";
    my $cvenum = int rand 9999;
    my $email = "$mails{$name}";
    my $product = "$products_array[int rand @products_array]";
    my $URL = "$products{$product}";
    my $type = "$types_array[int rand @types_array]";
    my $desc = "$types{$type}";
    $desc =~ s/\[product\]/$product/;
    my $date = `date`;
    chomp($date);
    my $from = $email;
    my $subject= "Advisory - $date - $type in $product";
    my $message= "Advisory - $date - $type in $product\n\n\n";
    $message=
gen_msg($date,$type,$product,$desc,$cvenum,$URL,$name,$email,$message);
    print "$message\n\n";

    #Mail Function HERE
}
close (LOG) or warn "$!";


sub gen_msg {
    my ($date,$type,$product,$desc,$cvenum,$URL,$name,$email,$message) =
@_;

    #Entropy Generation.
    my $sepRand = int rand 5; # 0,1,2,3
    my $numerRand = int rand 5;
    my $rand_of_6 = int rand 6; # 0,1,2,3,4,5

    #FDRUIN Gay Config.
    my @certs = ("CISSP" , "GSAE" , "CCE" ,  "CEH" , "CSFA" , "GREM" ,
"SSP-CNSA" , "SSP-MPA" , "GIPS" , "GHTQ" , "GWAS" , "CAP" , "SSCP");
    my $ucRand = int rand 2;
    my $incBackg = int rand 2;
    my $incDesc = int rand 2;
    my $incHist = int rand 2;
    my $incWork = int rand 2;
    my $incVR = int rand 2;
    my $incCVE = int rand 2;
    my $incApA = int rand 2;
    my $incApB = int rand 4; # Give it more of a chance.
    my $incCont = int rand 4;
    my $incSep2 = int rand 4; # Give it more of a chance.

    #lol dont fuck with these
    my $randCerts;
    my $seperator;
    my $contMail;
    my $cert;
    my @numerals;

    #hylol you can change this / add entropiez
    my $background = "Background";
    my $description = "Description";
    my $history = "History";
    my $workaround = "Workaround";
    my $vendor_response = "Vendor Response";
    my $cve_information = "CVE Information";
    my $appendix_a = "Appendix A Vendor Information";
    my $appendix_b = "Appendix B References";
    my $contact = "Contact";

    if ($sepRand == 0) {
        $seperator = "-" x ((rand 6 + 2) * 7);
        $seperator .= "\n";
    } elsif ($sepRand == 1) {
        $seperator = "=" x ((rand 6 + 2) * 7);
        $seperator .= "\n";
    } elsif ($sepRand == 2) {
        $seperator = "8";
        $seperator .= "=" x (int((rand 6 + 1) * 5));
        $seperator .= "D";
        $seperator .= "~" x (int((rand 6 + 1) * 5));
        $seperator .= "\n";
    } elsif ($sepRand == 3) {
        $seperator = "+" x ((rand 6 + 2) * 7);
        $seperator .= "\n";
    } else {
        $seperator = "";
    }

    if ($numerRand == 0) {
        @numerals = ("1.","2.","3.","4.","5.","6.");
    } elsif ($numerRand == 1) {
        @numerals = ("I.","II.","III.","IV.","V.","VI.");
    } elsif ($numerRand == 2) {
        @numerals = ("[+]","[+]","[+]","[+]","[+]","[+]");
    } elsif ($numerRand == 3) {
        @numerals = ("8===D","8===D","8===D","8===D","8===D","8===D");
    } elsif ($numerRand == 4) {
        @numerals = ("o/ ?","? \\o","o/ ?","? \\o","o/ ?","? \\o");
    } else {
        @numerals = ("-","-","-","-","-","-");
    }


    $contMail = "$email\n"


    if ($ucRand != 0) {
        $background = uc($background);
        $description = uc($description);
        $history = uc($history);
        $workaround = uc($workaround);
        $vendor_response = uc($vendor_response);
        $cve_information = uc($cve_information);
        $appendix_a = uc($appendix_a);
        $appendix_b = uc($appendix_b);
        $contact = uc($contact);
    }

    #generate certs

    foreach $cert (@certs) {
        if (int rand 2) {
            $randCerts.= "$cert ";
        }
    }
    if ($incBackg != 0) {
        $message .= $seperator;
        $message .= shift @numerals;
        $message .= " $background\n";

        if ($incSep2 != 0) {
            $message .= $seperator;
        }
        my $backTemp = int rand 3;
        if (int rand 2) {
            $message.= "There ";
            $backTemp = int rand 3;
            if ($backTemp == 0) {
                $message.= "is ";
            } elsif ($backTemp == 1) {
                $message.= "was ";
            } elsif ($backTemp == 2) {
                if (int rand 2)  {
                    if (int rand 2)  {
                        $message.= "has ";
                    } else {
                        $message.= "had ";
                    }
                } else {
                    $message.= "has had ";
                }
                $message.= "been ";
            }
        } else {
            $message.= "This ";
            $backTemp = int rand 4;
            if ($backTemp == 0) {
                $message.= "issue ";
            } elsif ($backTemp == 1) {
                $message.= "vulnerability ";
            } elsif ($backTemp == 2) {
                $message.= "problem ";
            } elsif ($backTemp == 3) {
                $message.= "product ";
            }
            if (int rand 2)  {
                $message.= "has ";
            } else {
                $message.= "had ";
            }

        }
        $message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ?
        if (int rand 2)  {
            $message.= "identified ";
        }
        $message.= "background";# Could be end.

        if (int rand 2)  { #continue
            if (int rand 2)  {
                $message.= " information ";
            } else {
                $message.= " commentary ";
            }
            $backTemp = int rand 3;
            if ($backTemp == 0) {
                $message.= "on ";
            } elsif ($backTemp == 1) {
                $message.= "about ";
            } elsif ($backTemp == 2) {
                $message.= "regarding ";
            }

            if (int rand 2)  {
                $message.= "this ";
            } else {
                $message.= "the ";
            }

            $backTemp = int rand 4;
            if ($backTemp == 0) {
                $message.= "issue";
            } elsif ($backTemp == 1) {
                $message.= "vulnerability";
            } elsif ($backTemp == 2) {
                $message.= "problem";
            } elsif ($backTemp == 3) {
                $message.= "product";
            }

            $backTemp = int rand 4;
            if ($backTemp == 0) {
                $message.= " at hand";
            } elsif ($backTemp == 1) {
                $message.= " indentified";
            } elsif ($backTemp == 2) {
                $message.= " in question";
            }
        }
        $message.= ".\n";

    }
    if ($incDesc != 0) {
        $message .= $seperator;
        $message .= shift @numerals;
        $message .= " $description\n";

        if ($incSep2 != 0) {
            $message .= $seperator;
        }

        $message .= "$desc\n\n";
    }
    if ($incHist != 0) {
        $message .= $seperator;
        $message .= shift @numerals;
        $message .= " $history\n";

        if ($incSep2 != 0) {
            $message .= $seperator;
        }
        my ($hSec,$hMin,$hHour,$hMday,$hMon,$hYear,$hWday,$hYday,$hIsdst)
= localtime(time);
        my $hPDDate;
        my $hVNDate;
        my $hVRDate;
        my $hSep;
        $hMon++;
        $hYear+=1900;

        if (int rand 2) {
            if (int rand 2) {
                $hPDDate = "$hMday/$hMon/$hYear";
                $hMday=int rand 30;
                $hMon--;
                $hVRDate = "$hMday/$hMon/$hYear";
                $hMday=int rand 30;
                $hMon--;
                $hVNDate = "$hMday/$hMon/$hYear";
            } else {
                $hPDDate = "$hMday-$hMon-$hYear";
                $hMday=int rand 30;
                $hMon--;
                $hVRDate = "$hMday-$hMon-$hYear";
                $hMday=int rand 30;
                $hMon--;
                $hVNDate = "$hMday-$hMon-$hYear";
            }
        } else {
            if (int rand 2) {
                $hPDDate = "$hMon/$hMday/$hYear";
                $hMday=int rand 30;
                $hMon--;
                $hVNDate = "$hMon/$hMday/$hYear";
                $hMday=int rand 30;
                $hMon--;
                $hVRDate = "$hMon/$hMday/$hYear";
            } else {
                $hPDDate = "$hMon-$hMday-$hYear";
                $hMday=int rand 30;
                $hMon--;
                $hVNDate = "$hMon-$hMday-$hYear";
                $hMday=int rand 30;
                $hMon--;
                $hVRDate = "$hMon-$hMday-$hYear";
            }
        }

        if ($numerRand == 2) {
            $hSep = "[+]";
        } elsif ($numerRand == 3) {
            $hSep = "8==D";
        } elsif ($numerRand == 4) {
            $hSep = "o/";
        } else {
            $hSep = "-";
        }

        if (int rand 4) {
            $message.= "$hVNDate $hSep Vendor Notification.\n";
        }
        if (int rand 2) {
            $message.= "$hVRDate $hSep Vendor Reply.\n";
        }
        $message.= "$hPDDate $hSep Public Disclosure.\n";
    }
    if ($incWork != 0) {
        $message .= $seperator;
        $message .= shift @numerals;
        $message .= " $workaround\n";

        if ($incSep2 != 0) {
            $message .= $seperator;
        }

        my $backTemp = int rand 3;
        if (int rand 2) {
            $message.= "There ";
            $backTemp = int rand 3;
            if ($backTemp == 0) {
                $message.= "are ";
            } elsif ($backTemp == 1) {
                $message.= "was ";
            } elsif ($backTemp == 2) {
                if (int rand 2)  {
                    if (int rand 2)  {
                        $message.= "has ";
                    } else {
                        $message.= "had ";
                    }
                } else {
                    $message.= "has had ";
                }
                $message.= "been ";
            }
        } else {
            $message.= "This ";
            $backTemp = int rand 4;
            if ($backTemp == 0) {
                $message.= "issue ";
            } elsif ($backTemp == 1) {
                $message.= "vulnerability ";
            } elsif ($backTemp == 2) {
                $message.= "problem ";
            } elsif ($backTemp == 3) {
                $message.= "advisory ";
            }
            if (int rand 2)  {
                $message.= "has ";
            } else {
                $message.= "had ";
            }

        }
        $message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ?
        if (int rand 2)  {
            $message.= "identified ";
        }
        $message.= "workarounds";# Could be end.

        if (int rand 2)  { #continue
            $backTemp = int rand 3;
            if ($backTemp == 0) {
                $message.= " for ";
            } elsif ($backTemp == 1) {
                $message.= " on ";
            } elsif ($backTemp == 2) {
                $message.= " regarding ";
            }

            if (int rand 2)  {
                $message.= "this ";
            } else {
                $message.= "the ";
            }

            $backTemp = int rand 3;
            if ($backTemp == 0) {
                $message.= "issue";
            } elsif ($backTemp == 1) {
                $message.= "vulnerability";
            } elsif ($backTemp == 2) {
                $message.= "problem";
            }

            $backTemp = int rand 4;
            if ($backTemp == 0) {
                $message.= " at hand";
            } elsif ($backTemp == 1) {
                $message.= " indentified";
            } elsif ($backTemp == 2) {
                $message.= " in question";
            }
        }
        $message.= ".\n";
    }
    if ($incVR != 0) {
        $message .= $seperator;
        $message .= shift @numerals;
        $message .= " $vendor_response\n";

        if ($incSep2 != 0) {
            $message .= $seperator;
        }

        my $backTemp = int rand 3;
        if (int rand 2) {
            $message.= "$product ";
            $backTemp = int rand 3;
            if ($backTemp == 0) {
                $message.= "is ";
            } elsif ($backTemp == 1) {
                $message.= "was ";
            } elsif ($backTemp == 2) {
                if (int rand 2)  {
                    if (int rand 2)  {
                        $message.= "has ";
                    } else {
                        $message.= "had ";
                    }
                } else {
                    $message.= "has had ";
                }
            }
        } else {
            $message.= "$product ";
            if (int rand 2)  {
                $message.= "has ";
            } else {
                $message.= "had ";
            }

        }
        $backTemp = int rand 3;
        if ($backTemp == 0) {
            $message.= "offered ";
        } elsif ($backTemp == 1) {
            $message.= "extended ";
        } elsif ($backTemp == 2) {
            $message.= "presented ";
        }
        $message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ?
        if (int rand 2)  {
            $message.= "identified ";
        }
        $backTemp = int rand 3;
        if ($backTemp == 0) {
            $message.= "information";
        } elsif ($backTemp == 1) {
            $message.= "commentary";
        } elsif ($backTemp == 2) {
            $message.= "explanation";
        }
        if (int rand 2)  { #continue
            $backTemp = int rand 3;
            if ($backTemp == 0) {
                $message.= " on ";
            } elsif ($backTemp == 1) {
                $message.= " about ";
            } elsif ($backTemp == 2) {
                $message.= " regarding ";
            }

            if (int rand 2)  {
                $message.= "this ";
            } else {
                $message.= "the ";
            }

            $backTemp = int rand 3;
            if ($backTemp == 0) {
                $message.= "issue";
            } elsif ($backTemp == 1) {
                $message.= "vulnerability";
            } elsif ($backTemp == 2) {
                $message.= "problem";
            }

            $backTemp = int rand 4;
            if ($backTemp == 0) {
                $message.= " at hand";
            } elsif ($backTemp == 1) {
                $message.= " indentified";
            } elsif ($backTemp == 2) {
                $message.= " in question";
            }
        }
        $message.= ".\n";

    }
    if ($incCVE != 0) {
        $message .= $seperator;
        $message .= shift @numerals;
        $message .= " $cve_information\n";

        if ($incSep2 != 0) {
            $message .= $seperator;
        }

        $message .= "The Common Vulnerabilities and Exposures (CVE)
project has assigned the name CVE-2006-$cvenum to this issue\n\n";
    }
    if ($incApA != 0) {
        $message .= $seperator;
        $message .= "$appendix_a\n";

        if ($incSep2 != 0) {
            $message .= $seperator;
        }

        $message .= "$URL\n\n";
        if ($incApB != 0) {
            $message .= $seperator;
            $message .= "$appendix_b\n";

            if ($incSep2 != 0) {
                $message .= $seperator;
            }

            $message .= "RFC ";
            $message .= int rand 10000;
        }
    }
    if ($incCont != 0) {
        $message .= "\n\n";
        $message .= $seperator;
        $message .= "$contact\n";

        if ($incSep2 != 0) {
            $message .= $seperator;
        }

        $message .= "$name $contMail\n";
        $message .= "$randCerts\n\n\n";
    }
    return $message;
}
--END lol.pl

That only generates and e-mail and prints it, add a mail() function for
extra phun!

Warmest Regards,

-Bob
Ban Haus Securities, Inc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
smile tomorrow will be worse
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]