Re: Echo off in IO::Sockets

Sorry i've been away. I ment to say server not client. Anyway here it goes: No i'm not evil. Let me explain: I run a linux box and I have my fake telnet daemon running to give people a fake start. The see it says Zinc, The /best/ Unix. So they try root/root or gues/guest and i want them to think they are really getting somewhere. Anyway I also run FakeBo so they think it's a windows computer. THen i open 3103 or somethign like that the Macintosh FileSharing port. ( i think). I don't even go to college, i'm in high school. And at my school all the kids use telnet for is MUDs it's all novell/windows stuff (ikk). And as for stealing passwords like that why not just run a key logger. Trust me I'm not an evil hax0r. Theres some batch script called FakeTelnetd or some thing which is simalar but also shows the pass when typing it. Do you think it's for hacking passwords? Heres my full code, don't use it for bad, i never even thought of it:

#!/usr/bin/perl
use IO::Socket;
#use Net::hostent;
$port = 9539;
$0 = "Telmet \*Running\*";
$serv = IO::Socket::INET->new (
Proto => 'tcp',
LocalPort => $port,
Listen => 10,
Reuse => 1)
|| die "Can't create server: $!";

while ($client = $serv->accept()) {
eval {
$client->autoflush(1); # Always remember to flush!
$who = $client->peerhost;
print STDERR "Telmet2: Connection from $who\n";
print $client " Zincix 12.76\n";
print $client "The /ONLY/ Secure *Nix \n";
print $client "\n\n";
print $client "Nixel Login: ";
$usr = <$client>;
chomp $usr;
$usr =~ s/\W//g;
print STDERR "Telmet2: $who: User $usr\n";
die unless (length $usr < 20 && length $usr > 1);
print $client "Passwd: ";
$pass = <$client>;
chomp $pass;
die unless (length $pass < 20 && length $pass > 1);
print STDERR "Telmet2: $who: Pass $pass\n";
print $client "Incorrect Username or passwd!\n";
print $client "Remember it's case sensitive!\n";
};
close $client;
}

I'm about security not about stealing user passwords.

GoRN.8m.com, GoRN'z Cue Cat Reader & Decoder

Dunt Dunt Duh...
GoRN To The Rescue,
Yet Again...
zGoRNz@Yahoo.com
- GoRN Out -
^D
EOF
Check out GBNBot, /the/ Battle.Net Bot for *nix.

Comment on Re: Echo off in IO::Sockets

Replies are listed 'Best First'.
(Ovid - Security from Obscurity) RE(2): Echo off in IO::Sockets by Ovid (Cardinal) on Sep 03, 2000 at 23:39 UTC
I remember when I originally read this thread that I definitely agreed with those who felt you were trying to develop a cracking tool. They felt, on that basis, that it would be improper to answer your question. I can see from what you have written that you have stated a somewhat legitimate reason for your qustion, but I still feel that it would be improper to answer your question (to be fair, I haven't used IO::Sockets, so I couldn't answer the question even if I wanted to). Basically, what you are asking is for help creating security by obscurity. This is arguably the worst method of creating security. If, for some reason, a cracker wanted to take a run at your box, do you really believe that sending out signals suggesting your box is 3 different OSs is really going to fool anyone? If you have a moderately secure box, it might fool the casual user, but that's about it. Learn how to tighten down your box properly and you won't have to worry about useless tricks like this. Cheers, Ovid	[reply]
RE: (Ovid - Security from Obscurity) RE(2): Echo off in IO::Sockets by mischief (Hermit) on Sep 04, 2000 at 04:11 UTC
> I still feel that it would be improper to answer your question Personally, I think that at least in this case it would be much better to answer with an alternate solution to the problem rather than just not answering it because you feel that the questioner is asking the wrong question. Sometimes I spend ages figuring a particular problem out, only to find out later that what I've spent the last 4 hours scratching my head over is not what I'm looking for at all. That doesn't mean I've wasted the last hour; I'm still learning and every problem I solve is something learnt.	[reply]
RE (tilly) 2: (Ovid - Security from Obscurity) RE(2): Echo off in IO::Sockets by tilly (Archbishop) on Sep 04, 2000 at 05:56 UTC
Ovid did propose an alternate solution. He said to learn how to lock the box down properly and then don't bother with the fake telnet client. I second that and if the Linux box is Red Hat or a Red Hat derivative I can specifically recommend downloading and trying out Bastille Linux (a series of scripts to walk you through locking your own box down) to both improve your security and teach you what some of the issues are. (Alternately look at OpenBSD.)	[reply]