To extract e-mails from helpful FD archives:<br>---extractor.php<br><?php<br>$paren = array("(",")");<br>$dirhand = @opendir(".") or die("Unable to open this directory");<br><br>$db_hostport = "localhost";
<br>$db_user = "user";<br>$db_pass = "pass";<br>$db = "fdmails";<br><br>function doQuery($query,$link) {<br> $ret = mysql_query ( $query, $link ) or die ('fail : ' . mysql_error());<br> if (mysql_fetch_row($ret)==false) { $return = false; }
<br> else { $return = true;}<br> return $return;<br>}<br><br>$link = mysql_connect("{$db_hostport}", "{$db_user}", "{$db_pass}") or die("Could not connect: " . mysql_error());
<br>mysql_select_db($db, $link) or die ('Cant use database : ' . mysql_error());<br><br>while (false!==($file = readdir($dirhand))) {<br> if (stristr($file,".txt")) {<br> echo "<hr>Loading File: " . $file . "<br>";
<br> $handle = @fopen($file, "r");<br> if ($handle) {<br> while (!feof($handle)) {<br> $buffer = fgets($handle, 4096);<br> if(strstr($buffer,"From:")&&
<div style="direction: ltr;">(strstr($buffer," at ")||strstr($buffer,"@"))) {
<br> $fd = explode(" ", $buffer);<br> if ($fd[2]=="at") {<br> $email= $fd[1] . "@" . $fd[3];<br> }<br> else if (stristr($fd[1],"@")) {
<br> $email= $fd[1];<br> }<br> else {<br> continue;<br> }<br> $name = substr($buffer, strpos($buffer, "("));
<br> $name = mysql_real_escape_string ( str_replace($paren, "", $name), $link);<br> $query = "SELECT * FROM `fdmail` WHERE `Name` LIKE '%$name%'";<br> if(!doQuery($query,$link)) {
<br> $query = "INSERT INTO `fdmail` SET Name='$name', Email='$email'";<br> echo "Query: " . $query . "<br>";<br> echo "Result: " . doQuery($query,$link) . "<br>";
<br> }<br> else {<br> echo "Updating: $name <br>";<br> $query = "UPDATE `fdmail` SET `Name` = '$name',`Email` = '$email' WHERE `Name` LIKE '%$name%' ";
<br> echo "Query: " . $query . "<br>";<br> echo "Result: " . doQuery($query,$link) . "<br>";<br> }<br> }
<br> }<br> fclose($handle);<br> }<br> }<br>}<br>closedir($dirhand);<br>?><br><br>--End extractor.php<br><br>Where can I find these archives?<br><br><a href="http://lists.grok.org.uk/pipermail/full-disclosure/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://lists.grok.org.uk/pipermail/full-disclosure/</a><br><br>How can I spam the list?<br> <br>Option A) Use badly coded FDRuin.php scripts! (Attached!)<br><br>Option B) Code your own in perl, using the equally bad generator code below!
<br><br>--lol.pl<br>#!/usr/bin/perl<br><br>use warnings;<br>use strict;<br>use DBI;<br>use IO::Handle;<br><br>LOG->autoflush(1);<br><br>my %types;<br>my @types_array;<br>my %mails;<br>my @mails_array;<br>my %products;
<br>
my @products_array;<br><br>my $dbhandle = DBI->connect( "DBI:mysql:database=fdruin;host=localhost", "user", "password", { 'RaiseError' => 1 } );<br>my $types_handle = $dbhandle->prepare("SELECT * FROM advisorytype");
<br>my $mails_handle = $dbhandle->prepare("SELECT * FROM fdmail");<br>my $products_handle = $dbhandle->prepare("SELECT * FROM products");<br><br>$types_handle->execute();<br>while (my $row = $types_handle->fetchrow_hashref()) {
<br> my $type = $row->{'type'};<br> my $desc = $row->{'desc'};<br> $types{"$type"} = $desc;<br> push(@types_array,$type);<br>}<br>$types_handle->finish();<br><br>$mails_handle->execute();
<br>while (my $row = $mails_handle->fetchrow_hashref()) {<br> my $name = $row->{'Name'};<br> my $email = $row->{'Email'};<br> $mails{"$name"} = $email;<br> push(@mails_array,$name);<br>}<br>
$mails_handle->finish();<br><br>$products_handle->execute();<br>while (my $row = $products_handle->fetchrow_hashref()) {<br> my $product = $row->{'product'};<br> my $website = $row->{'website'};<br> $products{"$product"} = $website;
<br> push(@products_array,$product);<br>}<br>$products_handle->finish();<br><br>$dbhandle->disconnect();<br><br>open (LOG, ">>log.txt") or die "$!";<br>{<br> my $name = "$mails_array[int rand @mails_array]";
<br> my $cvenum = int rand 9999;<br> my $email = "$mails{$name}";<br> my $product = "$products_array[int rand @products_array]";<br> my $URL = "$products{$product}";<br> my $type = "$types_array[int rand @types_array]";
<br> my $desc = "$types{$type}";<br> $desc =~ s/\[product\]/$product/;<br> my $date = `date`;<br> chomp($date);<br> my $from = $email;<br> my $subject= "Advisory - $date - $type in $product";
<br> my $message= "Advisory - $date - $type in $product\n\n\n";<br> $message= gen_msg($date,$type,$product,$desc,$cvenum,$URL,$name,$email,$message);<br> print "$message\n\n";<br><br> #Mail Function HERE
<br>}<br>close (LOG) or warn "$!";<br><br><br>sub gen_msg {<br> my ($date,$type,$product,$desc,$cvenum,$URL,$name,$email,$message) = @_;<br> <br> #Entropy Generation.<br> my $sepRand = int rand 5; # 0,1,2,3
<br> my $numerRand = int rand 5;<br> my $rand_of_6 = int rand 6; # 0,1,2,3,4,5<br> <br> #FDRUIN Gay Config.<br>
my @certs = ("CISSP" , "GSAE" , "CCE" , "CEH" , "CSFA" , "GREM" ,
"SSP-CNSA" , "SSP-MPA" , "GIPS" , "GHTQ" , "GWAS" , "CAP" , "SSCP");
<br> my $ucRand = int rand 2;<br> my $incBackg = int rand 2;<br> my $incDesc = int rand 2;<br> my $incHist = int rand 2;<br> my $incWork = int rand 2;<br> my $incVR = int rand 2;<br> my $incCVE = int rand 2;
<br> my $incApA = int rand 2;<br> my $incApB = int rand 4; # Give it more of a chance.<br> my $incCont = int rand 4;<br> my $incSep2 = int rand 4; # Give it more of a chance.<br> <br> #lol dont fuck with these
<br> my $randCerts;<br> my $seperator;<br> my $contMail;<br> my $cert;<br> my @numerals;<br> <br> #hylol you can change this / add entropiez<br> my $background = "Background";<br> my $description = "Description";
<br> my $history = "History";<br> my $workaround = "Workaround";<br> my $vendor_response = "Vendor Response";<br> my $cve_information = "CVE Information";<br> my $appendix_a = "Appendix A Vendor Information";
<br> my $appendix_b = "Appendix B References";<br> my $contact = "Contact";<br> <br> if ($sepRand == 0) {<br> $seperator = "-" x ((rand 6 + 2) * 7);<br> $seperator .= "\n";
<br> } elsif ($sepRand == 1) {<br> $seperator = "=" x ((rand 6 + 2) * 7);<br> $seperator .= "\n";<br> } elsif ($sepRand == 2) {<br> $seperator = "8";<br> $seperator .= "=" x (int((rand 6 + 1) * 5));
<br> $seperator .= "D";<br> $seperator .= "~" x (int((rand 6 + 1) * 5));<br> $seperator .= "\n";<br> } elsif ($sepRand == 3) {<br> $seperator = "+" x ((rand 6 + 2) * 7);
<br> $seperator .= "\n";<br> } else {<br> $seperator = "";<br> }<br><br> if ($numerRand == 0) {<br> @numerals = ("1.","2.","3.","4.","5.","6.");
<br> } elsif ($numerRand == 1) {<br> @numerals = ("I.","II.","III.","IV.","V.","VI.");<br> } elsif ($numerRand == 2) {<br> @numerals = ("[+]","[+]","[+]","[+]","[+]","[+]");
<br> } elsif ($numerRand == 3) {<br> @numerals = ("8===D","8===D","8===D","8===D","8===D","8===D");<br> } elsif ($numerRand == 4) {<br> @numerals = ("o/ ?","? \\o","o/ ?","? \\o","o/ ?","? \\o");
<br> } else {<br> @numerals = ("-","-","-","-","-","-");<br> }<br> <br><br> $contMail = "$email\n"<br><br> <br> if ($ucRand != 0) {
<br> $background = uc($background);<br> $description = uc($description);<br> $history = uc($history);<br> $workaround = uc($workaround);<br> $vendor_response = uc($vendor_response);<br>
$cve_information = uc($cve_information);
<br> $appendix_a = uc($appendix_a);<br> $appendix_b = uc($appendix_b);<br> $contact = uc($contact);<br> }<br> <br> #generate certs<br> <br> foreach $cert (@certs) {<br> if (int rand 2) {
<br> $randCerts.= "$cert "; <br> }<br> }<br> if ($incBackg != 0) { <br> $message .= $seperator;<br> $message .= shift @numerals;<br> $message .= " $background\n";
<br> <br> if ($incSep2 != 0) {<br> $message .= $seperator;<br> }<br> my $backTemp = int rand 3;<br> if (int rand 2) {<br> $message.= "There "; <br> $backTemp = int rand 3;
<br> if ($backTemp == 0) {<br> $message.= "is ";<br> } elsif ($backTemp == 1) {<br> $message.= "was ";<br> } elsif ($backTemp == 2) {<br>
if (int rand 2) {
<br> if (int rand 2) {<br> $message.= "has ";<br> } else {<br> $message.= "had ";<br> }<br> } else {
<br> $message.= "has had ";<br> }<br> $message.= "been ";<br> }<br> } else {<br> $message.= "This ";<br> $backTemp = int rand 4;
<br> if ($backTemp == 0) {<br> $message.= "issue ";<br> } elsif ($backTemp == 1) {<br> $message.= "vulnerability ";<br> } elsif ($backTemp == 2) {
<br> $message.= "problem ";<br> } elsif ($backTemp == 3) {<br> $message.= "product ";<br> }<br> if (int rand 2) {<br> $message.= "has ";
<br> } else {<br> $message.= "had ";<br> }<br> <br> }<br> $message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ?<br> if (int rand 2) {
<br> $message.= "identified ";<br> }<br> $message.= "background";# Could be end.<br> <br> if (int rand 2) { #continue<br> if (int rand 2) {<br> $message.= " information ";
<br> } else {<br> $message.= " commentary ";<br> } <br> $backTemp = int rand 3;<br> if ($backTemp == 0) {<br> $message.= "on ";
<br> } elsif ($backTemp == 1) {<br> $message.= "about ";<br> } elsif ($backTemp == 2) {<br> $message.= "regarding ";<br> }<br>
<br> if (int rand 2) {<br> $message.= "this ";<br> } else {<br> $message.= "the ";<br> }<br> <br> $backTemp = int rand 4;
<br> if ($backTemp == 0) {<br> $message.= "issue";<br> } elsif ($backTemp == 1) {<br> $message.= "vulnerability";<br> } elsif ($backTemp == 2) {
<br> $message.= "problem";<br> } elsif ($backTemp == 3) {<br> $message.= "product";<br> }<br> <br> $backTemp = int rand 4;<br>
if ($backTemp == 0) {
<br> $message.= " at hand";<br> } elsif ($backTemp == 1) {<br> $message.= " indentified";<br> } elsif ($backTemp == 2) {<br> $message.= " in question";
<br> }<br> }<br> $message.= ".\n";<br> <br> }<br> if ($incDesc != 0) {<br> $message .= $seperator;<br> $message .= shift @numerals;<br> $message .= " $description\n";
<br> <br> if ($incSep2 != 0) {<br> $message .= $seperator;<br> }<br> <br> $message .= "$desc\n\n";<br> }<br> if ($incHist != 0) {<br> $message .= $seperator;
<br> $message .= shift @numerals;<br> $message .= " $history\n";<br> <br> if ($incSep2 != 0) {<br> $message .= $seperator;<br> }<br> my ($hSec,$hMin,$hHour,$hMday,$hMon,$hYear,$hWday,$hYday,$hIsdst) = localtime(time);
<br> my $hPDDate;<br> my $hVNDate;<br> my $hVRDate;<br> my $hSep;<br> $hMon++;<br> $hYear+=1900;<br> <br> if (int rand 2) {<br> if (int rand 2) {<br> $hPDDate = "$hMday/$hMon/$hYear";
<br> $hMday=int rand 30;<br> $hMon--;<br> $hVRDate = "$hMday/$hMon/$hYear";<br> $hMday=int rand 30;<br> $hMon--;<br> $hVNDate = "$hMday/$hMon/$hYear";
<br> } else {<br> $hPDDate = "$hMday-$hMon-$hYear";<br> $hMday=int rand 30;<br> $hMon--;<br> $hVRDate = "$hMday-$hMon-$hYear";<br>
$hMday=int rand 30;<br> $hMon--;<br> $hVNDate = "$hMday-$hMon-$hYear";<br> }<br> } else {<br> if (int rand 2) {<br> $hPDDate = "$hMon/$hMday/$hYear";
<br> $hMday=int rand 30;<br> $hMon--;<br> $hVNDate = "$hMon/$hMday/$hYear";<br> $hMday=int rand 30;<br> $hMon--;<br> $hVRDate = "$hMon/$hMday/$hYear";
<br> } else {<br> $hPDDate = "$hMon-$hMday-$hYear";<br> $hMday=int rand 30;<br> $hMon--;<br> $hVNDate = "$hMon-$hMday-$hYear";<br>
$hMday=int rand 30;<br> $hMon--;<br> $hVRDate = "$hMon-$hMday-$hYear";<br> }<br> }<br> <br> if ($numerRand == 2) {<br> $hSep = "[+]";
<br> } elsif ($numerRand == 3) {<br> $hSep = "8==D";<br> } elsif ($numerRand == 4) {<br> $hSep = "o/";<br> } else {<br> $hSep = "-";<br>
}
<br> <br> if (int rand 4) {<br> $message.= "$hVNDate $hSep Vendor Notification.\n";<br> }<br> if (int rand 2) {<br> $message.= "$hVRDate $hSep Vendor Reply.\n";
<br> }<br> $message.= "$hPDDate $hSep Public Disclosure.\n";<br> }<br> if ($incWork != 0) {<br> $message .= $seperator;<br> $message .= shift @numerals;<br> $message .= " $workaround\n";
<br> <br> if ($incSep2 != 0) {<br> $message .= $seperator;<br> }<br> <br> my $backTemp = int rand 3;<br> if (int rand 2) {<br> $message.= "There ";
<br> $backTemp = int rand 3;<br> if ($backTemp == 0) {<br> $message.= "are ";<br> } elsif ($backTemp == 1) {<br> $message.= "was ";<br> } elsif ($backTemp == 2) {
<br> if (int rand 2) {<br> if (int rand 2) {<br> $message.= "has ";<br> } else {<br> $message.= "had ";
<br> }<br> } else {<br> $message.= "has had ";<br> }<br> $message.= "been ";<br> }<br> } else {<br>
$message.= "This ";
<br> $backTemp = int rand 4;<br> if ($backTemp == 0) {<br> $message.= "issue ";<br> } elsif ($backTemp == 1) {<br> $message.= "vulnerability ";
<br> } elsif ($backTemp == 2) {<br> $message.= "problem ";<br> } elsif ($backTemp == 3) {<br> $message.= "advisory ";<br> }<br> if (int rand 2) {
<br> $message.= "has ";<br> } else {<br> $message.= "had ";<br> }<br> <br> }<br> $message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ?
<br> if (int rand 2) {<br> $message.= "identified ";<br> }<br> $message.= "workarounds";# Could be end.<br> <br> if (int rand 2) { #continue<br> $backTemp = int rand 3;
<br> if ($backTemp == 0) {<br> $message.= " for ";<br> } elsif ($backTemp == 1) {<br> $message.= " on ";<br> } elsif ($backTemp == 2) {<br>
$message.= " regarding ";<br> }<br> <br> if (int rand 2) {<br> $message.= "this ";<br> } else {<br> $message.= "the ";
<br> }<br> <br> $backTemp = int rand 3;<br> if ($backTemp == 0) {<br> $message.= "issue";<br> } elsif ($backTemp == 1) {<br> $message.= "vulnerability";
<br> } elsif ($backTemp == 2) {<br> $message.= "problem";<br> }<br> <br> $backTemp = int rand 4;<br> if ($backTemp == 0) {<br> $message.= " at hand";
<br> } elsif ($backTemp == 1) {<br> $message.= " indentified";<br> } elsif ($backTemp == 2) {<br> $message.= " in question";<br> }<br> }
<br> $message.= ".\n";<br> }<br> if ($incVR != 0) {<br> $message .= $seperator;<br> $message .= shift @numerals;<br> $message .= " $vendor_response\n";<br> <br>
if ($incSep2 != 0) {<br> $message .= $seperator;<br> }<br> <br> my $backTemp = int rand 3;<br> if (int rand 2) {<br> $message.= "$product "; <br> $backTemp = int rand 3;
<br> if ($backTemp == 0) {<br> $message.= "is ";<br> } elsif ($backTemp == 1) {<br> $message.= "was ";<br> } elsif ($backTemp == 2) {<br>
if (int rand 2) {
<br> if (int rand 2) {<br> $message.= "has ";<br> } else {<br> $message.= "had ";<br> }<br> } else {
<br> $message.= "has had ";<br> }<br> }<br> } else {<br> $message.= "$product ";<br> if (int rand 2) {<br> $message.= "has ";
<br> } else {<br> $message.= "had ";<br> }<br> <br> }<br> $backTemp = int rand 3;<br> if ($backTemp == 0) {<br> $message.= "offered ";
<br> } elsif ($backTemp == 1) {<br> $message.= "extended ";<br> } elsif ($backTemp == 2) {<br> $message.= "presented ";<br> }<br> $message.= "no "; #entropy 'plenty' ? entropy 'fuckton' ?
<br> if (int rand 2) {<br> $message.= "identified ";<br> } <br> $backTemp = int rand 3;<br> if ($backTemp == 0) {<br> $message.= "information";<br>
} elsif ($backTemp == 1) {<br> $message.= "commentary";<br> } elsif ($backTemp == 2) {<br> $message.= "explanation";<br> }<br> if (int rand 2) { #continue
<br> $backTemp = int rand 3;<br> if ($backTemp == 0) {<br> $message.= " on ";<br> } elsif ($backTemp == 1) {<br> $message.= " about ";<br>
} elsif ($backTemp == 2) {<br> $message.= " regarding ";<br> }<br> <br> if (int rand 2) {<br> $message.= "this ";<br> } else {
<br> $message.= "the ";<br> }<br> <br> $backTemp = int rand 3;<br> if ($backTemp == 0) {<br> $message.= "issue";<br> } elsif ($backTemp == 1) {
<br> $message.= "vulnerability";<br> } elsif ($backTemp == 2) {<br> $message.= "problem";<br> } <br> <br> $backTemp = int rand 4;
<br> if ($backTemp == 0) {<br> $message.= " at hand";<br> } elsif ($backTemp == 1) {<br> $message.= " indentified";<br> } elsif ($backTemp == 2) {
<br> $message.= " in question";<br> }<br> }<br> $message.= ".\n";<br> <br> }<br> if ($incCVE != 0) {<br> $message .= $seperator;<br> $message .= shift @numerals;
<br> $message .= " $cve_information\n";<br> <br> if ($incSep2 != 0) {<br> $message .= $seperator;<br> }<br> <br>
$message .= "The Common Vulnerabilities and Exposures (CVE) project
has assigned the name CVE-2006-$cvenum to this issue\n\n";
<br> }<br> if ($incApA != 0) {<br> $message .= $seperator;<br> $message .= "$appendix_a\n";<br> <br> if ($incSep2 != 0) {<br> $message .= $seperator;<br> }<br>
<br> $message .= "$URL\n\n";<br> if ($incApB != 0) {<br> $message .= $seperator;<br> $message .= "$appendix_b\n";<br> <br> if ($incSep2 != 0) {
<br> $message .= $seperator;<br> }<br> <br> $message .= "RFC ";<br> $message .= int rand 10000;<br> }<br> }<br> if ($incCont != 0) {<br> $message .= "\n\n";
<br> $message .= $seperator;<br> $message .= "$contact\n";<br><br> if ($incSep2 != 0) {<br> $message .= $seperator;<br> }<br> <br> $message .= "$name $contMail\n";
<br> $message .= "$randCerts\n\n\n";<br> }<br> return $message;<br>}<br>--END lol.pl<br><br>That only generates and e-mail and prints it, add a mail() function for extra phun!<br><br>Warmest Regards,
<br><br>-Bob<br>Ban Haus Securities, Inc.</div>