/***********************************************
* released under (E) licensing ... *
***********************************************/
/* contact ahuger@securityfocus.com for full license */
/* code copyrighted by ~el8 -- don't infringe! */
/*
* l4m3r l1zt3r v1.0 by uncle m4v1s
* th1z 1z a s1mple t00l th@ ~el8 haz been uzing 4 several ye4rz,
* ever s1nce pr0ject m4yh3m wuz 1st st4rt3d.
* 1tz a 1-use t00l, juzt run th1z on any 0ne of the k-l4m3
* s1tez upd8d by secur1tyf0cus.com on the1r ml-p0rtal, &
* u n0w h4ve a l1zt 0f ret4rdz 2 hack and st34l "0day" from.
* th1zt skr1pt g0ez back s3v3ral ye4rz s0 u get the ch4nc3 2
* ch3ck 0ut r34l b0xez th@ were uz3d be4 the gr34t p4n-l4m3r
* 3ff0rt 2 get sc3n3 sh3llz 2 h1de the1r 1dent1t3z.
* by t4rg3tt1ng p0stz by p0l1te sekur1ty pr0fess10nalz &
* 0wn1ng the1r `sh1t` and r4v4g1ng th3 kn0wn_h0stz 0n the ab0ve
* b0x3z, we n0t1c3d the subtl3 c0rrel4t10n betw33n m4n & myth,
* 4nd st4rt3d 2 rek0gn1z3 the k0rrel4t10n betw33n REAL PEOPLE &
* the 0nl1ne 1dent1t3z they assum3d. 4 example, 0wn 4ll russ14n
* bugtraq p0st3rz s1nce 1997 and u w1ll n0t1c3 4t l34zt 0ne 0f
* th3m l0gg1ng 1nt0 z0l0.fr33lsd.n3t/c4nn4b1z.dataf0rce.net (hi str!)
* 4nyh0w, 4z rule #2 of pr0jekt m4yh3m g0ez, if u c4nt st34l w4r3z
* 0r sn1ff, rm the fukrz!
* h4ppy hunt1ng
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <string.h>
#include <ctype.h>
#include <netinet/in.h>
#include <netdb.h>
#define PREFIX "GET http://online.securityfocus.com"
#define BASE_CMD "GET http://online.securityfocus.com/archive/1"
struct sockaddr_in sinz;
struct target{
char *lamercode;
char *url;
} targets[] =
{ {"ARIS USERZ","GET http://online.securityfocus.com/archive/114"},
{"bugtraq[lol]","GET http://online.securityfocus.com/archive/1"},
{"bugtraq-es (bugtraq in spain jajaja)",
"GET http://online.securityfocus.com/archive/80"},
{"bugtraq-jp & shadowpenguin friendz",
"GET http://online.securityfocus.com/archive/79"},
{"cisspstudy [inspired by dr. crispin cowin]",
"GET http://online.securityfocus.com/archive/99"},
{"focus-ids [cant sekure a b0x so they use ids]",
"GET http://online.securityfocus.com/archive/96"},
{"choose this if u have linux 0day",
"GET http://online.securityfocus.com/archive/91"},
{"choose this if u have win32 0day",
"GET http://online.securityfocus.com/archive/88"},
{"choose this if u have solaris 0day",
"GET http://online.securityfocus.com/archive/92"},
{"scan here for bo2k",
"GET http://online.securityfocus.com/archive/100"},
{"forensics (prolly not worth it, they r already 0wned)",
"GET http://online.securityfocus.com/archive/104"},
{"honeynet [leave burneye encrypted kopiez"
" of nmap 4 lance sp1tzner here]",
"GET http://online.securityfocus.com/archive/119"},
{"incidents [see how well pr0ject m4yh3m is d0ing",
"GET http://online.securityfocus.com/archive/75"},
{"pen-test [people like s1 here hehe]",
"GET http://online.securityfocus.com/archive/101"},
{"sec-papers [4 the literary inkl1n3d like warzael zarcae",
"GET http://online.securityfocus.com/archive/112"},
{"security-basics PAHAHAHAHAHA n3wb13z ripe 4 the picking",
"GET http://online.securityfocus.com/archive/105"},
{"security-certification [l4m3rz who have subskr1b3d"
" 2 security-basics longer than 2 weekz",
"GET http://online.securityfocus.com/archive/106"},
{
"security-jobs [own theze fuckerz quick, they r desperately"
" trying 2 publish 0day]"
,"GET http://online.securityfocus.com/archive/77"},
{"vpn [hehe launch pptphack here]",
"GET http://online.securityfocus.com/archive/50"},
{"vuln-dev <- th3 m0ther l4m3r sh1p h4z l4nd3d",
"GET http://online.securityfocus.com/archive/82"},
{"choose this if u have shopping kart cgi po1z0n byte warez",
"GET http://online.securityfocus.com/archive/107"}
};
void printdates(char *url)
{
char *ptr;
int bday,bmonth,byear,eday,emonth,eyear,num;
#define MAGIC "/archive/1/"
ptr=strstr(url,MAGIC);
if(ptr==NULL) return;
num=sscanf(url, "/archive/1/%d-%d-%d/%d-%d-%d/"
,&byear,&bmonth,&bday,&eyear,&emonth,&eday);
printf("LAMER CHRONOLOGY: ");
if(num!=6)
printf("ERROR IN PARSING BUT WH0 KAREZ\n");
else
printf ("%d/%d/%d to %d/%d/%d\n",
bmonth,bday,byear,emonth,eday,eyear);
fflush(stdout);
}
char *makeurl(char *end)
{
char *r;
int size=strlen(PREFIX)+strlen(end)+4;
r=malloc(size);
if(r==NULL){
fprintf(stderr,"hmm out 0f memory... might be 4 f0rq b0mb!\n");
system("ps -u cr");
exit(-1);
}
memset(r,0,size);
strcpy(r,PREFIX);
if(*end!='/')
strcat(r,"/");
strcat(r,end);
strcat(r,"\r\n");
return r;
}
void sendcmd(int fd,char *cmd)
{
write(fd,cmd,strlen(cmd));
write(fd,"\r\n\r\n",2);
}
int connecthost(void)
{
int fd;
fd=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if(fd<0){
fprintf(stderr,"out of socketz... weird\n");
system("ps aux|egrep tron|mixter|felix");
exit(-1);
}
if(connect(fd,(struct sockaddr*)&sinz,sizeof(sinz))<0){
fprintf(stderr,
"cant connect to online.securityfocus.com...project mayhem successfully accomplished!\n");
exit(-1);
}
return fd;
}
/*f-fgetz*/
char* readline(int fd)
{
static char buf[8192];
char yo;
int i = 0;
memset(buf,0,sizeof(buf));
for(i=0;i<sizeof(buf)-1;i++){
if(read(fd,&yo,1)!=1)
return NULL;
buf[i]=yo;
if(buf[i]=='\r'||buf[i]=='\n')
{
while(1){
yo=recv(fd,&yo,1,MSG_PEEK);
if(yo!='\r'&&yo!='\n')
break;
}
return buf;
}
}
return buf;
}
/*grab d0x from postz*/
void checkpost(char *name)
{
int fd=connecthost();
char *l,*req,*ptr,*startemail,*startname,*startbox;
/*YO*///printf("DEBUG: CHECKING POST\n");
req=makeurl(name);
sendcmd(fd,req);
free(req);
l=readline(fd);
while(l!=NULL){
ptr=strstr(l,">Message-ID:<");
if(ptr==NULL) goto checkauthor;
ptr+=13;
ptr=strchr(ptr,'>');
if(ptr==NULL) goto checkauthor;
ptr++;
ptr=strchr(ptr,'>');
if(ptr==NULL) goto checkauthor;
while(*ptr&&*ptr!='@')
ptr++;
if(!*ptr) goto checkauthor;
ptr++;
startbox=ptr;
while(*ptr&&(isalnum(*ptr)||*ptr=='.'))
ptr++;
if(!*ptr) goto checkauthor;
*ptr=0;
/*s4n1tych3ck*/
if(strchr(startbox,'.')==NULL) goto heh;
printf("\t\tLAMER BOX: %s\n",startbox);
goto heh;
checkauthor:
ptr=strstr(l,">Author:<");
if(ptr==NULL) goto heh;
ptr+=10;
ptr=strstr(ptr,"mailto:");
if(ptr==NULL) goto heh;
ptr+=7;
startemail=ptr;
ptr=strchr(ptr,'"');
if(ptr==NULL) goto heh;
*ptr++=0;
ptr=strchr(ptr,'>');
if(ptr==NULL) goto heh;
startname=++ptr;
ptr=strchr(ptr,'<');
if(ptr==NULL) goto heh;
*ptr=0;
printf("\tLAMER: %s",startemail);
if(strlen(startname))
printf(" (%s)",startname);
printf("\n");
fflush(stdout);
heh:
l=readline(fd);
}
close(fd);
}
/*cykle thru ind3z p4g3z*/
char *letitrip(int fd)
{
char *l=readline(fd);
char *ptr,*start=NULL,*nexturl=NULL,*lamerpost;
while(l!=NULL){
/*YO*///printf("line = %s\n",l);
/*try p0stz first*/
#define SEKRETKEY "<td><div style="
ptr=strstr(l,SEKRETKEY);
if(ptr==NULL) goto nexttest;
ptr+=strlen(SEKRETKEY);
ptr=strchr(ptr,'>');
if(ptr==NULL) goto nexttest;
ptr=strstr(ptr,"href");
if(ptr==NULL) goto nexttest;
ptr+=4;
while (isspace(*ptr))ptr++;
if(*ptr!='=') goto nexttest;
ptr=strchr(ptr,'"');
if(ptr==NULL) goto nexttest;
ptr++;
lamerpost=ptr;
while (*ptr&&*ptr!='"')ptr++;
if(*ptr!='"') goto nexttest;
*ptr=0;
/*2 urlz 4 top1c, dont pick wrong 0ne*/
if(strstr(lamerpost,"threads")) goto nexttest;
checkpost(lamerpost);
goto heh;
nexttest:
/*or iz it the previ0us week*/
ptr=strstr(l,"<a href=");
if(ptr==NULL) goto heh;
ptr=strchr(ptr,'"');
if(ptr==NULL) goto heh;
ptr++;
start=ptr;
ptr=strchr(ptr,'"');
if(ptr==NULL) goto heh;
*ptr++=0;
ptr=strchr(ptr,'>');
if(ptr==NULL) goto heh;
ptr++;
if(strstr(ptr,"prev Week")==NULL) goto heh;
/*w0rd here iz the previ0uz week*/
if(nexturl==NULL)
nexturl=strdup(start);
heh:
l=readline(fd);
}
return nexturl;
}
int main (int argc,char **argv)
{
struct hostent *he;
int fd;
char *newurl,*startpoint;
if((argc>2)||((argc==2)&&(!strcmp(argv[1],"-h")))){
int i;
fprintf(stderr,
"l4m3rl1zt3r usage: %s <#>\nwhere # is a l4m3r k4t3g0ry,
defaultz 2 bugtraq\n\n",argv[0]);
fprintf(stderr,"l4m3r k4t3g0r1ez:\n");
fprintf(stderr,"-----------------\n");
for(i=0;i<sizeof(targets)/sizeof(struct target);i++)
fprintf(stderr,"%d\t%s\n",i,targets[i].lamercode);
exit(0);
}
if(argc==2){
int choice=atoi(argv[1]);
if(choice>=(sizeof(targets)/sizeof(struct target))){
fprintf(stderr,"s0rry kouldnt find specif1ed l4m3r...\n");
fprintf(stderr,
"there r many more lam3rz, ~el8 iz working ar0und"
" the cl0q 2 upd8 thiz program with the necessary 2385915 entriez.\n");
fprintf(stderr,"try a valid # tho\n");
exit(-1);
}
startpoint=targets[choice].url;
}
else
startpoint=BASE_CMD;
fprintf(stderr,"l4m3rl1zt3r v1.0\n");
fprintf(stderr,"by uncle m4v1s\n");
fprintf(stderr,"k0pyright (K) 2002 ~el8 research labz\n");
fprintf(stderr,"for help, try -h\n\n");
he = gethostbyname("online.securityfocus.com");
if(he==NULL){
fprintf(stderr,"cant resolve online."
"securityfocus.com...project mayhem successfully accomplished!\n");
exit(-1);
}
memset(&sinz,0,sizeof(sinz));
sinz.sin_family=AF_INET;
sinz.sin_port = htons(80);
memcpy(&sinz.sin_addr,he->h_addr,4);
fprintf(stderr,"acquiring t4rget l1zt...!\n");
fprintf(stderr,"begin l4m3r l1st tr4nsm1ss10n!\n");
printf("------------------------------\n");
fd=connecthost();
sendcmd(fd,startpoint);
printf("LAMER CHRONOLOGY: CURRENT\n");
fflush(stdout);
newurl=letitrip(fd);
close(fd);
if(newurl==NULL){
fprintf(stderr,"weird..some un3xpekt3d sh1t happened!\n");
exit(-1);
}
while(newurl!=NULL)
{
char*req;
fd=connecthost();
req=makeurl(newurl);
sendcmd(fd,req);
printdates(newurl);
free(newurl);
free(req);
newurl=letitrip(fd);
close(fd);
}
printf("-------------------------------------\n");
fprintf(stderr,"we h4v3 d3t3kt3d 4ll p0ss1bl3 l4m3rz!\n");
fprintf(stderr,"n0thing l3ft 2 d0..m4ybe ch3ck #!el8.\n");
fprintf(stderr,"-------------------------------------\n");
return 0;
}
syntax highlighted by Code2HTML, v. 0.9.1