832 lines
28 KiB
Diff
832 lines
28 KiB
Diff
|
--- netcat-openbsd-1.89.orig/debian/examples/websearch
|
||
|
+++ netcat-openbsd-1.89/debian/examples/websearch
|
||
|
@@ -0,0 +1,77 @@
|
||
|
+#! /bin/sh
|
||
|
+## Hit the major search engines. Hose the [large] output to a file!
|
||
|
+## autoconverts multiple arguments into the right format for given servers --
|
||
|
+## usually worda+wordb, with certain lame exceptions like dejanews.
|
||
|
+## Extracting and post-sorting the URLs is highly recommended...
|
||
|
+##
|
||
|
+## Altavista currently handled by a separate script; may merge at some point.
|
||
|
+##
|
||
|
+## _H* original 950824, updated 951218 and 960209
|
||
|
+
|
||
|
+test "${1}" = "" && echo 'Needs argument[s] to search for!' && exit 1
|
||
|
+PLUSARG="`echo $* | sed 's/ /+/g'`"
|
||
|
+PIPEARG="`echo ${PLUSARG} | sed 's/+/|/g'`"
|
||
|
+IFILE=/tmp/.webq.$$
|
||
|
+
|
||
|
+# Don't have "nc"? Get "netcat" from avian.org and add it to your toolkit.
|
||
|
+doquery () {
|
||
|
+ echo GET "$1" | nc -v -i 1 -w 30 "$2" "$3"
|
||
|
+}
|
||
|
+
|
||
|
+# changed since original: now supplying port numbers and separator lines...
|
||
|
+
|
||
|
+echo "=== Yahoo ==="
|
||
|
+doquery "/bin/search?p=${PLUSARG}&n=300&w=w&s=a" search.yahoo.com 80
|
||
|
+
|
||
|
+echo '' ; echo "=== Webcrawler ==="
|
||
|
+doquery "/cgi-bin/WebQuery?searchText=${PLUSARG}&maxHits=300" webcrawler.com 80
|
||
|
+
|
||
|
+# the infoseek lamers want "registration" before they do a real search, but...
|
||
|
+echo '' ; echo "=== Infoseek ==="
|
||
|
+echo " is broken."
|
||
|
+# doquery "WW/IS/Titles?qt=${PLUSARG}" www2.infoseek.com 80
|
||
|
+# ... which doesn't work cuz their lame server wants the extra newlines, WITH
|
||
|
+# CRLF pairs ferkrissake. Fuck 'em for now, they're hopelessly broken. If
|
||
|
+# you want to play, the basic idea and query formats follow.
|
||
|
+# echo "GET /WW/IS/Titles?qt=${PLUSARG}" > $IFILE
|
||
|
+# echo "" >> $IFILE
|
||
|
+# nc -v -w 30 guide-p.infoseek.com 80 < $IFILE
|
||
|
+
|
||
|
+# this is kinda flakey; might have to do twice??
|
||
|
+echo '' ; echo "=== Opentext ==="
|
||
|
+doquery "/omw/simplesearch?SearchFor=${PLUSARG}&mode=phrase" \
|
||
|
+ search.opentext.com 80
|
||
|
+
|
||
|
+# looks like inktomi will only take hits=100, or defaults back to 30
|
||
|
+# we try to suppress all the stupid rating dots here, too
|
||
|
+echo '' ; echo "=== Inktomi ==="
|
||
|
+doquery "/query/?query=${PLUSARG}&hits=100" ink3.cs.berkeley.edu 1234 | \
|
||
|
+ sed '/^<IMG ALT.*inktomi.*\.gif">$/d'
|
||
|
+
|
||
|
+#djnews lame shit limits hits to 120 and has nonstandard format
|
||
|
+echo '' ; echo "=== Dejanews ==="
|
||
|
+doquery "/cgi-bin/nph-dnquery?query=${PIPEARG}+maxhits=110+format=terse+defaultOp=AND" \
|
||
|
+ smithers.dejanews.com 80
|
||
|
+
|
||
|
+# OLD lycos: used to work until they fucking BROKE it...
|
||
|
+# doquery "/cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=1" \
|
||
|
+# query5.lycos.cs.cmu.edu 80
|
||
|
+# NEW lycos: wants the User-agent field present in query or it returns nothing
|
||
|
+# 960206: webmaster@lycos duly bitched at
|
||
|
+# 960208: reply received; here's how we will now handle it:
|
||
|
+echo \
|
||
|
+"GET /cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=terse&matchmode=and&minscore=.5 HTTP/1.x" \
|
||
|
+ > $IFILE
|
||
|
+echo "User-agent: *FUCK OFF*" >> $IFILE
|
||
|
+echo "Why: go ask todd@pointcom.com (Todd Whitney)" >> $IFILE
|
||
|
+echo '' >> $IFILE
|
||
|
+echo '' ; echo "=== Lycos ==="
|
||
|
+nc -v -i 1 -w 30 twelve.srv.lycos.com 80 < $IFILE
|
||
|
+
|
||
|
+rm -f $IFILE
|
||
|
+exit 0
|
||
|
+
|
||
|
+# CURRENTLY BROKEN [?]
|
||
|
+# infoseek
|
||
|
+
|
||
|
+# some args need to be redone to ensure whatever "and" mode applies
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/webrelay
|
||
|
+++ netcat-openbsd-1.89/debian/examples/webrelay
|
||
|
@@ -0,0 +1,44 @@
|
||
|
+#! /bin/sh
|
||
|
+## web relay -- a degenerate version of webproxy, usable with browsers that
|
||
|
+## don't understand proxies. This just forwards connections to a given server.
|
||
|
+## No query logging, no access control [although you can add it to XNC for
|
||
|
+## your own run], and full-URL links will undoubtedly confuse the browser
|
||
|
+## if it can't reach the server directly. This was actually written before
|
||
|
+## the full proxy was, and it shows.
|
||
|
+## The arguments in this case are the destination server and optional port.
|
||
|
+## Please flame pinheads who use self-referential absolute links.
|
||
|
+
|
||
|
+# set these as you wish: proxy port...
|
||
|
+PORT=8000
|
||
|
+# any extra args to the listening "nc", for instance "-s inside-net-addr"
|
||
|
+XNC=''
|
||
|
+
|
||
|
+# functionality switch, which has to be done fast to start the next listener
|
||
|
+case "${1}${RDEST}" in
|
||
|
+ "")
|
||
|
+ echo needs hostname
|
||
|
+ exit 1
|
||
|
+ ;;
|
||
|
+esac
|
||
|
+
|
||
|
+case "${1}" in
|
||
|
+ "")
|
||
|
+# no args: fire off new relayer process NOW. Will hang around for 10 minutes
|
||
|
+ nc -w 600 -l -n -p $PORT -e "$0" $XNC < /dev/null > /dev/null 2>&1 &
|
||
|
+# and handle this request, which will simply fail if vars not set yet.
|
||
|
+ exec nc -w 15 $RDEST $RPORT
|
||
|
+ ;;
|
||
|
+esac
|
||
|
+
|
||
|
+# Fall here for setup; this can now be slower.
|
||
|
+RDEST="$1"
|
||
|
+RPORT="$2"
|
||
|
+test "$RPORT" || RPORT=80
|
||
|
+export RDEST RPORT
|
||
|
+
|
||
|
+# Launch the first relayer same as above, but let its error msgs show up
|
||
|
+# will hang around for a minute, and exit if no new connections arrive.
|
||
|
+nc -v -w 600 -l -p $PORT -e "$0" $XNC < /dev/null > /dev/null &
|
||
|
+echo \
|
||
|
+ "Relay to ${RDEST}:${RPORT} running -- point your browser here on port $PORT"
|
||
|
+exit 0
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/webproxy
|
||
|
+++ netcat-openbsd-1.89/debian/examples/webproxy
|
||
|
@@ -0,0 +1,141 @@
|
||
|
+#! /bin/sh
|
||
|
+## Web proxy, following the grand tradition of Web things being handled by
|
||
|
+## gross scripts. Uses netcat to listen on a high port [default 8000],
|
||
|
+## picks apart requests and sends them on to the right place. Point this
|
||
|
+## at the browser client machine you'll be coming from [to limit access to
|
||
|
+## only it], and point the browser's concept of an HTTP proxy to the
|
||
|
+## machine running this. Takes a single argument of the client that will
|
||
|
+## be using it, and rejects connections from elsewhere. LOGS the queries
|
||
|
+## to a configurable logfile, which can be an interesting read later on!
|
||
|
+## If the argument is "reset", the listener and logfile are cleaned up.
|
||
|
+##
|
||
|
+## This works surprisingly fast and well, for a shell script, although may
|
||
|
+## randomly fail when hammered by a browser that tries to open several
|
||
|
+## connections at once. Drop the "maximum connections" in your browser if
|
||
|
+## this is a problem.
|
||
|
+##
|
||
|
+## A more degenerate case of this, or preferably a small C program that
|
||
|
+## does the same thing under inetd, could handle a small site's worth of
|
||
|
+## proxy queries. Given the way browsers are evolving, proxies like this
|
||
|
+## can play an important role in protecting your own privacy.
|
||
|
+##
|
||
|
+## If you grabbed this in ASCII mode, search down for "eew" and make sure
|
||
|
+## the embedded-CR check is intact, or requests might hang.
|
||
|
+##
|
||
|
+## Doesn't handle POST forms. Who cares, if you're just watching HTTV?
|
||
|
+## Dumbness here has a highly desirable side effect: it only sends the first
|
||
|
+## GET line, since that's all you really ever need to send, and suppresses
|
||
|
+## the other somewhat revealing trash that most browsers insist on sending.
|
||
|
+##
|
||
|
+## To use the proxy, export `http_proxy' in your environment, e.g.
|
||
|
+## `http_proxy=http://localhost:8000'.
|
||
|
+
|
||
|
+# set these as you wish: proxy port...
|
||
|
+PORT=8000
|
||
|
+# logfile spec: a real file or /dev/null if you don't care
|
||
|
+LFILE=${0}.log
|
||
|
+# optional: where to dump connect info, so you can see if anything went wrong
|
||
|
+# CFILE=${0}.conn
|
||
|
+# optional extra args to the listener "nc", for instance "-s inside-net-addr"
|
||
|
+# XNC=''
|
||
|
+
|
||
|
+# functionality switch has to be done fast, so the next listener can start
|
||
|
+# prelaunch check: if no current client and no args, bail.
|
||
|
+case "${1}${CLIENT}" in
|
||
|
+ "")
|
||
|
+ echo needs client hostname
|
||
|
+ exit 1
|
||
|
+ ;;
|
||
|
+esac
|
||
|
+
|
||
|
+case "${1}" in
|
||
|
+ "")
|
||
|
+# Make like inetd, and run the next relayer process NOW. All the redirection
|
||
|
+# is necessary so this shell has NO remaining channel open to the net.
|
||
|
+# This will hang around for 10 minutes, and exit if no new connections arrive.
|
||
|
+# Using -n for speed, avoiding any DNS/port lookups.
|
||
|
+ nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \
|
||
|
+ 2> $CFILE &
|
||
|
+ ;;
|
||
|
+esac
|
||
|
+
|
||
|
+# no client yet and had an arg, this checking can be much slower now
|
||
|
+umask 077
|
||
|
+
|
||
|
+if test "$1" ; then
|
||
|
+# if magic arg, just clean up and then hit our own port to cause server exit
|
||
|
+ if test "$1" = "reset" ; then
|
||
|
+ rm -f $LFILE
|
||
|
+ test -f "$CFILE" && rm -f $CFILE
|
||
|
+ nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1
|
||
|
+ exit 0
|
||
|
+ fi
|
||
|
+# find our ass with both hands
|
||
|
+ test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1
|
||
|
+# correct launch: set up client access control, passed along thru environment.
|
||
|
+ CLIENT="$1"
|
||
|
+ export CLIENT
|
||
|
+ test "$CFILE" || CFILE=/dev/null
|
||
|
+ export CFILE
|
||
|
+ touch "$CFILE"
|
||
|
+# tell us what happened during the last run, if possible
|
||
|
+ if test -f "$CFILE" ; then
|
||
|
+ echo "Last connection results:"
|
||
|
+ cat $CFILE
|
||
|
+ fi
|
||
|
+
|
||
|
+# ping client machine and get its bare IP address
|
||
|
+ CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'`
|
||
|
+ test ! "$CLIENT" && echo "Can't find address of $1" && exit 1
|
||
|
+
|
||
|
+# if this was an initial launch, be informative about it
|
||
|
+ echo "=== Launch: $CLIENT" >> $LFILE
|
||
|
+ echo "Proxy running -- will accept connections on $PORT from $CLIENT"
|
||
|
+ echo " Logging queries to $LFILE"
|
||
|
+ test -f "$CFILE" && echo " and connection fuckups to $CFILE"
|
||
|
+
|
||
|
+# and run the first listener, showing us output just for the first hit
|
||
|
+ nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" &
|
||
|
+ exit 0
|
||
|
+fi
|
||
|
+
|
||
|
+# Fall here to handle a page.
|
||
|
+# GET type://host.name:80/file/path HTTP/1.0
|
||
|
+# Additional: trash
|
||
|
+# More: trash
|
||
|
+# <newline>
|
||
|
+
|
||
|
+read x1 x2 x3 x4
|
||
|
+echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE
|
||
|
+test "$x4" && echo "extra junk after request: $x4" && exit 0
|
||
|
+# nuke questionable characters and split up the request
|
||
|
+hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'`
|
||
|
+# echo massaged hurl: $hurl >> $LFILE
|
||
|
+hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"`
|
||
|
+hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"`
|
||
|
+test "$hp" = "$hh" && hp=80
|
||
|
+hf=`echo "$hurl" | sed -e "s+[^/]*++"`
|
||
|
+# echo total split: $hh : $hp : $hf >> $LFILE
|
||
|
+# suck in and log the entire request, because we're curious
|
||
|
+# Fails on multipart stuff like forms; oh well...
|
||
|
+if test "$x3" ; then
|
||
|
+ while read xx ; do
|
||
|
+ echo "${xx}" >> $LFILE
|
||
|
+ test "${xx}" || break
|
||
|
+# eew, buried returns, gross but necessary for DOS stupidity:
|
||
|
+ test "${xx}" = "
" && break
|
||
|
+ done
|
||
|
+fi
|
||
|
+# check for non-GET *after* we log the query...
|
||
|
+test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0
|
||
|
+# no, you can *not* phone home, you miserable piece of shit
|
||
|
+test "`echo $hh | fgrep -i netscap`" && \
|
||
|
+ echo "access to Netscam's servers <b>DENIED.</b>" && exit 0
|
||
|
+# Do it. 30 sec net-wait time oughta be *plenty*...
|
||
|
+# Some braindead servers have forgotten how to handle the simple-query syntax.
|
||
|
+# If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc...
|
||
|
+echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \
|
||
|
+ echo "oops, can't get to $hh : $hp".
|
||
|
+echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE
|
||
|
+exit 0
|
||
|
+
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/web
|
||
|
+++ netcat-openbsd-1.89/debian/examples/web
|
||
|
@@ -0,0 +1,148 @@
|
||
|
+#! /bin/sh
|
||
|
+## The web sucks. It is a mighty dismal kludge built out of a thousand
|
||
|
+## tiny dismal kludges all band-aided together, and now these bottom-line
|
||
|
+## clueless pinheads who never heard of "TCP handshake" want to run
|
||
|
+## *commerce* over the damn thing. Ye godz. Welcome to TV of the next
|
||
|
+## century -- six million channels of worthless shit to choose from, and
|
||
|
+## about as much security as today's cable industry!
|
||
|
+##
|
||
|
+## Having grown mightily tired of pain in the ass browsers, I decided
|
||
|
+## to build the minimalist client. It doesn't handle POST, just GETs, but
|
||
|
+## the majority of cgi forms handlers apparently ignore the method anyway.
|
||
|
+## A distinct advantage is that it *doesn't* pass on any other information
|
||
|
+## to the server, like Referer: or info about your local machine such as
|
||
|
+## Netscum tries to!
|
||
|
+##
|
||
|
+## Since the first version, this has become the *almost*-minimalist client,
|
||
|
+## but it saves a lot of typing now. And with netcat as its backend, it's
|
||
|
+## totally the balls. Don't have netcat? Get it here in /src/hacks!
|
||
|
+## _H* 950824, updated 951009 et seq.
|
||
|
+##
|
||
|
+## args: hostname [port]. You feed it the filename-parts of URLs.
|
||
|
+## In the loop, HOST, PORT, and SAVE do the right things; a null line
|
||
|
+## gets the previous spec again [useful for initial timeouts]; EOF to exit.
|
||
|
+## Relative URLs behave like a "cd" to wherever the last slash appears, or
|
||
|
+## just use the last component with the saved preceding "directory" part.
|
||
|
+## "\" clears the "filename" part and asks for just the "directory", and
|
||
|
+## ".." goes up one "directory" level while retaining the "filename" part.
|
||
|
+## Play around; you'll get used to it.
|
||
|
+
|
||
|
+if test "$1" = "" ; then
|
||
|
+ echo Needs hostname arg.
|
||
|
+ exit 1
|
||
|
+fi
|
||
|
+umask 022
|
||
|
+
|
||
|
+# optional PATH fixup
|
||
|
+# PATH=${HOME}:${PATH} ; export PATH
|
||
|
+
|
||
|
+test "${PAGER}" || PAGER=more
|
||
|
+BACKEND="nc -v -w 15"
|
||
|
+TMPAGE=/tmp/web$$
|
||
|
+host="$1"
|
||
|
+port="80"
|
||
|
+if test "$2" != "" ; then
|
||
|
+ port="$2"
|
||
|
+fi
|
||
|
+
|
||
|
+spec="/"
|
||
|
+specD="/"
|
||
|
+specF=''
|
||
|
+saving=''
|
||
|
+
|
||
|
+# be vaguely smart about temp file usage. Use your own homedir if you're
|
||
|
+# paranoid about someone symlink-racing your shell script, jeez.
|
||
|
+rm -f ${TMPAGE}
|
||
|
+test -f ${TMPAGE} && echo "Can't use ${TMPAGE}" && exit 1
|
||
|
+
|
||
|
+# get loopy. Yes, I know "echo -n" aint portable. Everything echoed would
|
||
|
+# need "\c" tacked onto the end in an SV universe, which you can fix yourself.
|
||
|
+while echo -n "${specD}${specF} " && read spec ; do
|
||
|
+ case $spec in
|
||
|
+ HOST)
|
||
|
+ echo -n 'New host: '
|
||
|
+ read host
|
||
|
+ continue
|
||
|
+ ;;
|
||
|
+ PORT)
|
||
|
+ echo -n 'New port: '
|
||
|
+ read port
|
||
|
+ continue
|
||
|
+ ;;
|
||
|
+ SAVE)
|
||
|
+ echo -n 'Save file: '
|
||
|
+ read saving
|
||
|
+# if we've already got a page, save it
|
||
|
+ test "${saving}" && test -f ${TMPAGE} &&
|
||
|
+ echo "=== ${host}:${specD}${specF} ===" >> $saving &&
|
||
|
+ cat ${TMPAGE} >> $saving && echo '' >> $saving
|
||
|
+ continue
|
||
|
+ ;;
|
||
|
+# changing the logic a bit here. Keep a state-concept of "current dir"
|
||
|
+# and "current file". Dir is /foo/bar/ ; file is "baz" or null.
|
||
|
+# leading slash: create whole new state.
|
||
|
+ /*)
|
||
|
+ specF=`echo "${spec}" | sed 's|.*/||'`
|
||
|
+ specD=`echo "${spec}" | sed 's|\(.*/\).*|\1|'`
|
||
|
+ spec="${specD}${specF}"
|
||
|
+ ;;
|
||
|
+# embedded slash: adding to the path. "file" part can be blank, too
|
||
|
+ */*)
|
||
|
+ specF=`echo "${spec}" | sed 's|.*/||'`
|
||
|
+ specD=`echo "${specD}${spec}" | sed 's|\(.*/\).*|\1|'`
|
||
|
+ ;;
|
||
|
+# dotdot: jump "up" one level and just reprompt [confirms what it did...]
|
||
|
+ ..)
|
||
|
+ specD=`echo "${specD}" | sed 's|\(.*/\)..*/|\1|'`
|
||
|
+ continue
|
||
|
+ ;;
|
||
|
+# blank line: do nothing, which will re-get the current one
|
||
|
+ '')
|
||
|
+ ;;
|
||
|
+# hack-quoted blank line: "\" means just zero out "file" part
|
||
|
+ '\')
|
||
|
+ specF=''
|
||
|
+ ;;
|
||
|
+# sigh
|
||
|
+ '?')
|
||
|
+ echo Help yourself. Read the script fer krissake.
|
||
|
+ continue
|
||
|
+ ;;
|
||
|
+# anything else is taken as a "file" part
|
||
|
+ *)
|
||
|
+ specF=${spec}
|
||
|
+ ;;
|
||
|
+ esac
|
||
|
+
|
||
|
+# now put it together and stuff it down a connection. Some lame non-unix
|
||
|
+# http servers assume they'll never get simple-query format, and wait till
|
||
|
+# an extra newline arrives. If you're up against one of these, change
|
||
|
+# below to (echo GET "$spec" ; echo '') | $BACKEND ...
|
||
|
+ spec="${specD}${specF}"
|
||
|
+ echo GET "${spec}" | $BACKEND $host $port > ${TMPAGE}
|
||
|
+ ${PAGER} ${TMPAGE}
|
||
|
+
|
||
|
+# save in a format that still shows the URLs we hit after a de-html run
|
||
|
+ if test "${saving}" ; then
|
||
|
+ echo "=== ${host}:${spec} ===" >> $saving
|
||
|
+ cat ${TMPAGE} >> $saving
|
||
|
+ echo '' >> $saving
|
||
|
+ fi
|
||
|
+done
|
||
|
+rm -f ${TMPAGE}
|
||
|
+exit 0
|
||
|
+
|
||
|
+#######
|
||
|
+# Encoding notes, finally from RFC 1738:
|
||
|
+# %XX -- hex-encode of special chars
|
||
|
+# allowed alphas in a URL: $_-.+!*'(),
|
||
|
+# relative names *not* described, but obviously used all over the place
|
||
|
+# transport://user:pass@host:port/path/name?query-string
|
||
|
+# wais: port 210, //host:port/database?search or /database/type/file?
|
||
|
+# cgi-bin/script?arg1=foo&arg2=bar&... scripts have to parse xxx&yyy&zzz
|
||
|
+# ISMAP imagemap stuff: /bin/foobar.map?xxx,yyy -- have to guess at coords!
|
||
|
+# local access-ctl files: ncsa: .htaccess ; cern: .www_acl
|
||
|
+#######
|
||
|
+# SEARCH ENGINES: fortunately, all are GET forms or at least work that way...
|
||
|
+# multi-word args for most cases: foo+bar
|
||
|
+# See 'websearch' for concise results of this research...
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/probe
|
||
|
+++ netcat-openbsd-1.89/debian/examples/probe
|
||
|
@@ -0,0 +1,50 @@
|
||
|
+#! /bin/sh
|
||
|
+## launch a whole buncha shit at yon victim in no particular order; capture
|
||
|
+## stderr+stdout in one place. Run as root for rservice and low -p to work.
|
||
|
+## Fairly thorough example of using netcat to collect a lot of host info.
|
||
|
+## Will set off every intrusion alarm in existence on a paranoid machine!
|
||
|
+
|
||
|
+# where .d files are kept; "." if nothing else
|
||
|
+DDIR=../data
|
||
|
+# address of some well-connected router that groks LSRR
|
||
|
+GATE=192.157.69.11
|
||
|
+
|
||
|
+# might conceivably wanna change this for different run styles
|
||
|
+UCMD='nc -v -w 8'
|
||
|
+
|
||
|
+test ! "$1" && echo Needs victim arg && exit 1
|
||
|
+
|
||
|
+echo '' | $UCMD -w 9 -r "$1" 13 79 6667 2>&1
|
||
|
+echo '0' | $UCMD "$1" 79 2>&1
|
||
|
+# if LSRR was passed thru, should get refusal here:
|
||
|
+$UCMD -z -r -g $GATE "$1" 6473 2>&1
|
||
|
+$UCMD -r -z "$1" 6000 4000-4004 111 53 2105 137-140 1-20 540-550 95 87 2>&1
|
||
|
+# -s `hostname` may be wrong for some multihomed machines
|
||
|
+echo 'UDP echoecho!' | nc -u -p 7 -s `hostname` -w 3 "$1" 7 19 2>&1
|
||
|
+echo '113,10158' | $UCMD -p 10158 "$1" 113 2>&1
|
||
|
+rservice bin bin | $UCMD -p 1019 "$1" shell 2>&1
|
||
|
+echo QUIT | $UCMD -w 8 -r "$1" 25 158 159 119 110 109 1109 142-144 220 23 2>&1
|
||
|
+# newline after any telnet trash
|
||
|
+echo ''
|
||
|
+echo PASV | $UCMD -r "$1" 21 2>&1
|
||
|
+echo 'GET /' | $UCMD -w 10 "$1" 80 81 210 70 2>&1
|
||
|
+# sometimes contains useful directory info:
|
||
|
+echo 'GET /robots.txt' | $UCMD -w 10 "$1" 80 2>&1
|
||
|
+# now the big red lights go on
|
||
|
+rservice bin bin 9600/9600 | $UCMD -p 1020 "$1" login 2>&1
|
||
|
+rservice root root | $UCMD -r "$1" exec 2>&1
|
||
|
+echo 'BEGIN big udp -- everything may look "open" if packet-filtered'
|
||
|
+data -g < ${DDIR}/nfs-0.d | $UCMD -i 1 -u "$1" 2049 | od -x 2>&1
|
||
|
+# no wait-time, uses RTT hack
|
||
|
+nc -v -z -u -r "$1" 111 66-70 88 53 87 161-164 121-123 213 49 2>&1
|
||
|
+nc -v -z -u -r "$1" 137-140 694-712 747-770 175-180 2103 510-530 2>&1
|
||
|
+echo 'END big udp'
|
||
|
+$UCMD -r -z "$1" 175-180 2000-2003 530-533 1524 1525 666 213 8000 6250 2>&1
|
||
|
+# Use our identd-sniffer!
|
||
|
+iscan "$1" 21 25 79 80 111 53 6667 6000 2049 119 2>&1
|
||
|
+# this gets pretty intrusive, but what the fuck. Probe for portmap first
|
||
|
+if nc -w 5 -z -u "$1" 111 ; then
|
||
|
+ showmount -e "$1" 2>&1
|
||
|
+ rpcinfo -p "$1" 2>&1
|
||
|
+fi
|
||
|
+exit 0
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/ncp
|
||
|
+++ netcat-openbsd-1.89/debian/examples/ncp
|
||
|
@@ -0,0 +1,46 @@
|
||
|
+#! /bin/sh
|
||
|
+## Like "rcp" but uses netcat on a high port.
|
||
|
+## do "ncp targetfile" on the RECEIVING machine
|
||
|
+## then do "ncp sourcefile receivinghost" on the SENDING machine
|
||
|
+## if invoked as "nzp" instead, compresses transit data.
|
||
|
+
|
||
|
+## pick your own personal favorite port, which will be used on both ends.
|
||
|
+## You should probably change this for your own uses.
|
||
|
+MYPORT=23456
|
||
|
+
|
||
|
+## if "nc" isn't systemwide or in your PATH, add the right place
|
||
|
+# PATH=${HOME}:${PATH} ; export PATH
|
||
|
+
|
||
|
+test "$3" && echo "too many args" && exit 1
|
||
|
+test ! "$1" && echo "no args?" && exit 1
|
||
|
+me=`echo $0 | sed 's+.*/++'`
|
||
|
+test "$me" = "nzp" && echo '[compressed mode]'
|
||
|
+
|
||
|
+# if second arg, it's a host to send an [extant] file to.
|
||
|
+if test "$2" ; then
|
||
|
+ test ! -f "$1" && echo "can't find $1" && exit 1
|
||
|
+ if test "$me" = "nzp" ; then
|
||
|
+ compress -c < "$1" | nc -v -w 2 $2 $MYPORT && exit 0
|
||
|
+ else
|
||
|
+ nc -v -w 2 $2 $MYPORT < "$1" && exit 0
|
||
|
+ fi
|
||
|
+ echo "transfer FAILED!"
|
||
|
+ exit 1
|
||
|
+fi
|
||
|
+
|
||
|
+# fall here for receiver. Ask before trashing existing files
|
||
|
+if test -f "$1" ; then
|
||
|
+ echo -n "Overwrite $1? "
|
||
|
+ read aa
|
||
|
+ test ! "$aa" = "y" && echo "[punted!]" && exit 1
|
||
|
+fi
|
||
|
+# 30 seconds oughta be pleeeeenty of time, but change if you want.
|
||
|
+if test "$me" = "nzp" ; then
|
||
|
+ nc -v -w 30 -p $MYPORT -l < /dev/null | uncompress -c > "$1" && exit 0
|
||
|
+else
|
||
|
+ nc -v -w 30 -p $MYPORT -l < /dev/null > "$1" && exit 0
|
||
|
+fi
|
||
|
+echo "transfer FAILED!"
|
||
|
+# clean up, since even if the transfer failed, $1 is already trashed
|
||
|
+rm -f "$1"
|
||
|
+exit 1
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/iscan
|
||
|
+++ netcat-openbsd-1.89/debian/examples/iscan
|
||
|
@@ -0,0 +1,35 @@
|
||
|
+#! /bin/sh
|
||
|
+## duplicate DaveG's ident-scan thingie using netcat. Oooh, he'll be pissed.
|
||
|
+## args: target port [port port port ...]
|
||
|
+## hose stdout *and* stderr together.
|
||
|
+##
|
||
|
+## advantages: runs slower than ident-scan, giving remote inetd less cause
|
||
|
+## for alarm, and only hits the few known daemon ports you specify.
|
||
|
+## disadvantages: requires numeric-only port args, the output sleazitude,
|
||
|
+## and won't work for r-services when coming from high source ports.
|
||
|
+
|
||
|
+case "${2}" in
|
||
|
+ "" ) echo needs HOST and at least one PORT ; exit 1 ;;
|
||
|
+esac
|
||
|
+
|
||
|
+# ping 'em once and see if they *are* running identd
|
||
|
+nc -z -w 9 "$1" 113 || { echo "oops, $1 isn't running identd" ; exit 0 ; }
|
||
|
+
|
||
|
+# generate a randomish base port
|
||
|
+RP=`expr $$ % 999 + 31337`
|
||
|
+
|
||
|
+TRG="$1"
|
||
|
+shift
|
||
|
+
|
||
|
+while test "$1" ; do
|
||
|
+ nc -v -w 8 -p ${RP} "$TRG" ${1} < /dev/null > /dev/null &
|
||
|
+ PROC=$!
|
||
|
+ sleep 3
|
||
|
+ echo "${1},${RP}" | nc -w 4 -r "$TRG" 113 2>&1
|
||
|
+ sleep 2
|
||
|
+# does this look like a lamer script or what...
|
||
|
+ kill -HUP $PROC
|
||
|
+ RP=`expr ${RP} + 1`
|
||
|
+ shift
|
||
|
+done
|
||
|
+
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/irc
|
||
|
+++ netcat-openbsd-1.89/debian/examples/irc
|
||
|
@@ -0,0 +1,79 @@
|
||
|
+#! /bin/sh
|
||
|
+## Shit-simple script to supply the "privmsg <recipient>" of IRC typein, and
|
||
|
+## keep the connection alive. Pipe this thru "nc -v -w 5 irc-server port".
|
||
|
+## Note that this mechanism makes the script easy to debug without being live,
|
||
|
+## since it just echoes everything bound for the server.
|
||
|
+## if you want autologin-type stuff, construct some appropriate files and
|
||
|
+## shovel them in using the "<" mechanism.
|
||
|
+
|
||
|
+# magic arg: if "tick", do keepalive process instead of main loop
|
||
|
+if test "$1" = "tick" ; then
|
||
|
+# ignore most signals; the parent will nuke the kid
|
||
|
+# doesn't stop ^Z, of course.
|
||
|
+ trap '' 1 2 3 13 14 15 16
|
||
|
+ while true ; do
|
||
|
+ sleep 60
|
||
|
+ echo "PONG !"
|
||
|
+ done
|
||
|
+fi
|
||
|
+
|
||
|
+# top level: fire ourselves off as the keepalive process, and keep track of it
|
||
|
+sh $0 tick &
|
||
|
+ircpp=$!
|
||
|
+echo "[Keepalive: $ircpp]" >&2
|
||
|
+# catch our own batch of signals: hup int quit pipe alrm term urg
|
||
|
+trap 'kill -9 $ircpp ; exit 0' 1 2 3 13 14 15 16
|
||
|
+sleep 2
|
||
|
+
|
||
|
+sender=''
|
||
|
+savecmd=''
|
||
|
+
|
||
|
+# the big honkin' loop...
|
||
|
+while read xx yy ; do
|
||
|
+ case "${xx}" in
|
||
|
+# blank line: do nothing
|
||
|
+ "")
|
||
|
+ continue
|
||
|
+ ;;
|
||
|
+# new channel or recipient; if bare ">", we're back to raw literal mode.
|
||
|
+ ">")
|
||
|
+ if test "${yy}" ; then
|
||
|
+ sender="privmsg ${yy} :"
|
||
|
+ else
|
||
|
+ sender=''
|
||
|
+ fi
|
||
|
+ continue
|
||
|
+ ;;
|
||
|
+# send crud from a file, one line per second. Can you say "skr1pt kidz"??
|
||
|
+# *Note: uses current "recipient" if set.
|
||
|
+ "<")
|
||
|
+ if test -f "${yy}" ; then
|
||
|
+ ( while read zz ; do
|
||
|
+ sleep 1
|
||
|
+ echo "${sender}${zz}"
|
||
|
+ done ) < "$yy"
|
||
|
+ echo "[done]" >&2
|
||
|
+ else
|
||
|
+ echo "[File $yy not found]" >&2
|
||
|
+ fi
|
||
|
+ continue
|
||
|
+ ;;
|
||
|
+# do and save a single command, for quick repeat
|
||
|
+ "/")
|
||
|
+ if test "${yy}" ; then
|
||
|
+ savecmd="${yy}"
|
||
|
+ fi
|
||
|
+ echo "${savecmd}"
|
||
|
+ ;;
|
||
|
+# default case goes to recipient, just like always
|
||
|
+ *)
|
||
|
+ echo "${sender}${xx} ${yy}"
|
||
|
+ continue
|
||
|
+ ;;
|
||
|
+ esac
|
||
|
+done
|
||
|
+
|
||
|
+# parting shot, if you want it
|
||
|
+echo "quit :Bye all!"
|
||
|
+kill -9 $ircpp
|
||
|
+exit 0
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/dist.sh
|
||
|
+++ netcat-openbsd-1.89/debian/examples/dist.sh
|
||
|
@@ -0,0 +1,23 @@
|
||
|
+#! /bin/sh
|
||
|
+## This is a quick example listen-exec server, which was used for a while to
|
||
|
+## distribute netcat prereleases. It illustrates use of netcat both as a
|
||
|
+## "fake inetd" and a syslogger, and how easy it then is to crock up a fairly
|
||
|
+## functional server that restarts its own listener and does full connection
|
||
|
+## logging. In a half-screen of shell script!!
|
||
|
+
|
||
|
+PORT=31337
|
||
|
+
|
||
|
+sleep 1
|
||
|
+SRC=`tail -1 dist.log`
|
||
|
+echo "<36>elite: ${SRC}" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1
|
||
|
+echo ";;; Hi, ${SRC}..."
|
||
|
+echo ";;; This is a PRERELEASE version of 'netcat', tar/gzip/uuencoded."
|
||
|
+echo ";;; Unless you are capturing this somehow, it won't do you much good."
|
||
|
+echo ";;; Ready?? Here it comes! Have phun ..."
|
||
|
+sleep 8
|
||
|
+cat dist.file
|
||
|
+sleep 1
|
||
|
+./nc -v -l -p ${PORT} -e dist.sh < /dev/null >> dist.log 2>&1 &
|
||
|
+sleep 1
|
||
|
+echo "<36>elite: done" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1
|
||
|
+exit 0
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/bsh
|
||
|
+++ netcat-openbsd-1.89/debian/examples/bsh
|
||
|
@@ -0,0 +1,29 @@
|
||
|
+#! /bin/sh
|
||
|
+## a little wrapper to "password" and re-launch a shell-listener.
|
||
|
+## Arg is taken as the port to listen on. Define "NC" to point wherever.
|
||
|
+
|
||
|
+NC=nc
|
||
|
+
|
||
|
+case "$1" in
|
||
|
+ ?* )
|
||
|
+ LPN="$1"
|
||
|
+ export LPN
|
||
|
+ sleep 1
|
||
|
+ echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 &
|
||
|
+ echo "launched on port $LPN"
|
||
|
+ exit 0
|
||
|
+ ;;
|
||
|
+esac
|
||
|
+
|
||
|
+# here we play inetd
|
||
|
+echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 &
|
||
|
+
|
||
|
+while read qq ; do
|
||
|
+case "$qq" in
|
||
|
+# here's yer password
|
||
|
+ gimme )
|
||
|
+ cd /
|
||
|
+ exec csh -i
|
||
|
+ ;;
|
||
|
+esac
|
||
|
+done
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/alta
|
||
|
+++ netcat-openbsd-1.89/debian/examples/alta
|
||
|
@@ -0,0 +1,33 @@
|
||
|
+#! /bin/sh
|
||
|
+## special handler for altavista, since they only hand out chunks of 10 at
|
||
|
+## a time. Tries to isolate out results without the leading/trailing trash.
|
||
|
+## multiword arguments are foo+bar, as usual.
|
||
|
+## Second optional arg switches the "what" field, to e.g. "news"
|
||
|
+
|
||
|
+test "${1}" = "" && echo 'Needs an argument to search for!' && exit 1
|
||
|
+WHAT="web"
|
||
|
+test "${2}" && WHAT="${2}"
|
||
|
+
|
||
|
+# convert multiple args
|
||
|
+PLUSARG="`echo $* | sed 's/ /+/g'`"
|
||
|
+
|
||
|
+# Plug in arg. only doing simple-q for now; pg=aq for advanced-query
|
||
|
+# embedded quotes define phrases; otherwise it goes wild on multi-words
|
||
|
+QB="GET /cgi-bin/query?pg=q&what=${WHAT}&fmt=c&q=\"${PLUSARG}\""
|
||
|
+
|
||
|
+# ping 'em once, to get the routing warm
|
||
|
+nc -z -w 8 www.altavista.digital.com 24015 2> /dev/null
|
||
|
+echo "=== Altavista ==="
|
||
|
+
|
||
|
+for xx in 0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 \
|
||
|
+ 190 200 210 220 230 240 250 260 270 280 290 300 310 320 330 340 350 ; do
|
||
|
+ echo "${QB}&stq=${xx}" | nc -w 15 www.altavista.digital.com 80 | \
|
||
|
+ egrep '^<a href="http://'
|
||
|
+done
|
||
|
+
|
||
|
+exit 0
|
||
|
+
|
||
|
+# old filter stuff
|
||
|
+ sed -e '/Documents .* matching .* query /,/query?.*stq=.* Document/p' \
|
||
|
+ -e d
|
||
|
+
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/README
|
||
|
+++ netcat-openbsd-1.89/debian/examples/README
|
||
|
@@ -0,0 +1,5 @@
|
||
|
+A collection of example scripts that use netcat as a backend, each
|
||
|
+documented by its own internal comments.
|
||
|
+
|
||
|
+I'll be the first to admit that some of these are seriously *sick*,
|
||
|
+but they do work and are quite useful to me on a daily basis.
|
||
|
--- netcat-openbsd-1.89.orig/debian/examples/contrib/ncmeter
|
||
|
+++ netcat-openbsd-1.89/debian/examples/contrib/ncmeter
|
||
|
@@ -0,0 +1,82 @@
|
||
|
+#! /bin/bash
|
||
|
+
|
||
|
+# script to measure the speed of netcat.
|
||
|
+# start with one argument for usage information
|
||
|
+#
|
||
|
+# Tools that are used by this script are:
|
||
|
+# nc, bc, wc, sed, awk
|
||
|
+#
|
||
|
+# Author: Karsten Priegnitz (koem@petoria.de)
|
||
|
+
|
||
|
+NCPORT=23457
|
||
|
+WAIT=1
|
||
|
+
|
||
|
+# determine the programme's name
|
||
|
+me=`echo $0 | sed 's+.*/++'`
|
||
|
+
|
||
|
+# check number of arguments provided
|
||
|
+if [ $# -ne 0 -a $# -ne 2 ]; then
|
||
|
+ echo "Usage:"
|
||
|
+ echo
|
||
|
+ echo " On the transmitter side:"
|
||
|
+ echo " $me <receivers ip-address> <amount of data>"
|
||
|
+ echo
|
||
|
+ echo " The <amount of data> is to be given in byte but you"
|
||
|
+ echo " also can supply M or K for MegaByte and KiloByte."
|
||
|
+ echo " Example: $me 10.1.1.3 20M"
|
||
|
+ echo
|
||
|
+ echo " On the receiver side:"
|
||
|
+ echo " $me"
|
||
|
+ echo
|
||
|
+ echo " Start $me on the receiver side before starting it"
|
||
|
+ echo " on the transmitter side. Stop the receiver by pressing"
|
||
|
+ echo " and holding Ctrl-C."
|
||
|
+ exit 1
|
||
|
+fi
|
||
|
+
|
||
|
+# are we the receiver?
|
||
|
+if [ $# -eq 0 ]; then
|
||
|
+ # yes, we are
|
||
|
+ while true; do
|
||
|
+ echo "waiting to receive data... (quit: press and hold Ctrl-C)"
|
||
|
+
|
||
|
+ # wait for data and count bytes
|
||
|
+ AMOUNT=`nc -v -w 120 -l -p $NCPORT | wc -c | awk '{print $1}'`
|
||
|
+
|
||
|
+ # display amount of data received
|
||
|
+ echo $AMOUNT byte of data received
|
||
|
+ echo
|
||
|
+
|
||
|
+ # sleep, so that the loop can be
|
||
|
+ # interrupted by pressing Ctrl-C
|
||
|
+ sleep 1
|
||
|
+ done
|
||
|
+fi
|
||
|
+
|
||
|
+# we are the sender
|
||
|
+echo "sending data..."
|
||
|
+
|
||
|
+# calculate the amount of data to be sent
|
||
|
+AMOUNT=`echo $2|sed s/[mM]/\*1048576/g | sed s/[kK]/\*1024/g | bc`
|
||
|
+
|
||
|
+# send data and measure the time spent
|
||
|
+TEMP=/tmp/$me.tx
|
||
|
+( time -p dd if=/dev/zero bs=$AMOUNT count=1 2>/dev/null | nc -v -w $WAIT $1 $NCPORT ) 2>"$TEMP" || cat "$TEMP"
|
||
|
+
|
||
|
+# read the time needed
|
||
|
+REAL=`grep "^real" "$TEMP" | awk '{print $2}'`
|
||
|
+rm "$TEMP"
|
||
|
+# subtract the wait times
|
||
|
+DOUBLEWAIT=$(($WAIT * 2))
|
||
|
+NEEDED=`echo $REAL - $DOUBLEWAIT|bc`
|
||
|
+
|
||
|
+# calculate and print speed
|
||
|
+BPS=`echo "scale=3;$AMOUNT / $NEEDED"|bc`
|
||
|
+KBPS=`echo "scale=3;$AMOUNT / $NEEDED / 1024"|bc`
|
||
|
+MBPS=`echo "scale=3;$AMOUNT / $NEEDED / 1048576"|bc`
|
||
|
+
|
||
|
+echo "time needed: ${NEEDED}s"
|
||
|
+echo "byte per second: $BPS"
|
||
|
+echo "KByte per second: $KBPS"
|
||
|
+echo "MByte per second: $MBPS"
|
||
|
+
|