It was a cold November afternoon and I had grown bored with my
fungoidal pleasures. So I opened up the latest issue of 2600 mag and began reading. Contained therein was
the insideous Phf script written in python. I fired up my linux
box and banged in the script, only to find that I hadn't
installed python. A quick file grab from sunsite
and it was up and running, now only if I
could find a good list of internet addresses.
Boing! Like an early morning pee-on, I quickly ftp'd out to internic
and nabbed the zone files. After a liberal application of the cut util, a sort and a uniq, I had a clean,
usable list. With great expectations I fired up the script and
was disappointed to find that it didn't work with the latest version of python.
The following is a slightly modified
version that I managed to make work, mind you I removed all the
other pre appends that appear in the original and should
you find yourself with a lan connection to the net, feel free to put 'em back in.
For your enjoyment and absolute incrimination, here is said script...
for u in link:
if u== '.':
temp = temp+u
filename=raw_input("Filename to use? ")
logfilename=raw_input("Logfile to use? ")
output_path=raw_input("Out PutPath with trailing BackSlash ")
while not flag:
if link!=' ':
for u in combos:
print "Trying host :"+thislink
print "Host "+thislink+" error connecting"
logfile.write("error connecting: ")
print "tempfile dosnt exist"
if link==' ':
<stop cut here>
Now for the retch of the story...
The script worked like a charm, site after site
was hit, over and over again it logged the results... some
contained useful information... password
philes and such. But one, my little spores, contained a message
for the user of the PHF exploit.
Your attempt to hack this system has been logged,
CERT will be advised. Furthermore the SysAdmin at <ip address
that you are coming from> will be
contacted. Blah Blah Blah.
Apparently some sadistic fuck of a sysadmin had
replaced his phf bin with a perl script to rape us poor little
explorers of the back waters of the
internet. At first I thought, "Hey it's just a message to
scare people away..." But no no, my droogies... it was for
real, for my sysadmin was contacted and I was raked over the
coals, with the threat of losing my pre-paid six month account.
Fortunately for me, PB at compusmart, was
understanding and let me off with a warning... And with this
little page, I too warn you of the dangers
of hacking from your own account. Should you wish to run the Phf
exploit across the entire collection of i-net addresses, be
warned... do it from a free service that doesn't care who you are.
Or better yet, code it in Java and have it run
on other peoples browsers after they connect to your cool Warez
Source soon to come <grin>...
<eof> Phungus Out...