// JavaScript Trivial Classic Web Vulnerability Emulator // Version 0.1 written by Marco "Kiko" Carnut function initPage() { if (check_cookie()) return; var n; var to,msg,subj,cmd_output,lang; var qs=location.search.slice(1); var fields=qs.split("&"); for (n=0;n= 0) { var max; var cmd = to.slice(i+1); var old = cmd; for (max=0;max<50;max++) { cmd = cmd.replace(/ /g," "); if (cmd == old) { break; } old = cmd; } while (cmd.substr(0,1) == " ") { cmd=cmd.slice(1); } //window.alert(cmd); //cmd_output = do_cmd(cmd); //if (cmd_output != undefined) { // window.alert(cmd_output); //} to = to.substr(0,i); } } if (name == "msg") { msg = value; } if (name == "subj") { subj = value; } if (name == "lang") { lang = value; } } if (to != undefined && msg != undefined && subj != undefined) { if (cmd != undefined) { cmd_output = do_cmd(cmd); } if (cmd_output == undefined) { cmd_output = ""; } var text; if (lang == "pt-br") { text = "

"
            text = text + "     De: boletim@postcogito.org\n";
            text = text + "   Para: "+to+cmd_output+"\n";
            text = text + "Assunto: "+subj+"\n\n";
            text = text + "

\n" text = text + ""+msg+"\n"; } else { text = "

"
            text = text + "   From: newsflash@postcogito.org\n";
            text = text + "     To: "+to+cmd_output+"\n";
            text = text + "Subject: "+subj+"\n\n";
            text = text + "

\n" text = text + ""+msg+"\n"; } //window.alert(text); document.writeln(text); } } function do_cmd(cmd) { if (cmd == "cat /etc/passwd") { return "root:x:0:0:root:/root:/bin/bash\n"+ "daemon:x:1:1:daemon:/usr/sbin:/bin/sh\n"+ "bin:x:2:2:bin:/bin:/bin/sh\n"+ "sys:x:3:3:sys:/dev:/bin/sh\n"+ "sync:x:4:65534:sync:/bin:/bin/sync\n"+ "games:x:5:60:games:/usr/games:/bin/sh\n"+ "man:x:6:12:man:/var/cache/man:/bin/sh\n"+ "lp:x:7:7:lp:/var/spool/lpd:/bin/sh\n"+ "mail:x:8:8:mail:/var/mail:/bin/sh\n"+ "news:x:9:9:news:/var/spool/news:/bin/sh\n"+ "uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh\n"+ "proxy:x:13:13:proxy:/bin:/bin/sh\n"+ "www-data:x:33:33:Test webserver:/var/www:/bin/sh\n"+ "backup:x:34:34:backup:/var/backups:/bin/sh\n"+ "list:x:38:38:Mailing List Manager:/var/list:/bin/sh\n"+ "irc:x:39:39:ircd:/var/run/ircd:/bin/sh\n"+ "nobody:x:65534:65534:nobody:/nonexistent:/bin/sh\n"+ "Debian-exim:x:102:102::/var/spool/exim4:/bin/false\n"+ "kiko:x:1000:1000:Marco Carnut:/home/kiko:/bin/bash\n"+ "sshd:x:100:65534::/var/run/sshd:/bin/false\n"+ "identd:x:101:65534::/var/run/identd:/bin/false\n"+ "messagebus:x:103:104::/var/run/dbus:/bin/false\n"+ "hal:x:106:106:Hardware abstraction layer,,,:/var/run/hal:/bin/false\n"+ "saned:x:107:107::/home/saned:/bin/false\n"+ "gdm:x:104:110:Gnome Display Manager:/var/lib/gdm:/bin/false\n"+ "distccd:x:105:65534::/:/bin/false\n"+ "ap:x:1001:1001:Ana Paula,,,:/home/ana:/bin/bash\n"+ "vh:x:1002:1002:Victor Hora,,,:/home/victor:/bin/bash\n"+ "rc:x:1003:1003:Rodrigo Costa,,,:/home/rodrigo:/bin/bash\n"; } if (cmd.substr(0,4) == "echo") { var i = cmd.indexOf(">"); if (i >= 0) { var text = cmd.substring(5,i); if (text.substr(-1,1) == " ") { text = text.substring(0,text.length-1); } var filename = cmd.slice(i+1).replace(/ /g,""); var cookie = filename + "=" + text; //window.alert("Setting cookie: "+cookie); document.cookie = cookie; return undefined; } else { return cmd.slice(5); } } if (cmd == "uname") { return "Linux"; } if (cmd == "uname -a") { var txt="Linux kepler 2.6.17.14-grsec2.1.9-vs2.0.2.1 #1 Mon Feb 12 "; txt = txt +"16:35:17 BRT 2007 i686 GNU/Linux"; return txt; } } function check_cookie() { //window.alert("cookie="+document.cookie); if (document.cookie != undefined) { var n; var sections = document.cookie.split(";");a for (n=0;n"; document.write("

"); document.write("Click "+a+"here to \"unhack\" the site and continue reading the text.
"); document.write("Clique "+a+"aqui para \"deshackear\" o site e continuar lendo o texto.
"); document.write(""); return true; } } } return false; }