IT Nov. 5 Assignment: Telnetting: Checking your email via telnet might be handy if you don't have an email client at hand (surely someone out there has this problem...). Sending email via telnet is equally useful (whatever that means), but also allows for some more "dastardly" doings. Let's start with POP3. Note that here I just connected to the "insecure" POP3 on port 110 as opposed to POP3s which uses SSL. This means I sent my password unencrypted (gasp!) over the network. Fortunately the data was only on the Marlboro network, so it's not *as* risky for this one time, but still not a good idea. <------(comments added in like this) [localhost:~] gabe% telnet mail.marlboro.edu 110 <--(connecting to Marlboro's mail server Trying 10.1.2.5... Connected to akbar.marlboro.edu. Escape character is '^]'. +OK dovecot ready. USER glein +OK PASS ******* <---- (ha, not telling you) +OK Logged in. STAT <------(statistics) +OK 69 1492900 <------(number of messages and total size in bytes) LIST +OK 69 messages: 1 1339 2 49127 3 5217 4 3104 ... ... <---(abbreviated for your convenience) ... 68 3053 69 3938 . RETR 69 <-------(retrieving last message) +OK 3938 octets Return-Path: Delivered-To: glein@marlboro.edu Received: from mute.marlboro.edu (mute.marlboro.edu [10.1.2.14]) by akbar.marlboro.edu (Postfix) with ESMTP id 7D0EA1FD04 <-----(many many email headers) for ; Fri, 26 Nov 2004 05:34:28 -0500 (EST) Received: from paris.hostwizard.com ([64.84.37.40] helo=lists.hostwizard.com) by mute.marlboro.edu with smtp (Exim 3.35 #1 (Debian)) id 1CXdQj-00009g-00 for ; Fri, 26 Nov 2004 05:34:21 -0500 Received: from osxfaq.com by lists.hostwizard.com with SMTP; Fri, 26 Nov 2004 02:07:57 -0800 User-Agent: Microsoft-Entourage/11.0.0.040405 Date: Fri, 26 Nov 2004 02:07:52 -0800 Subject: Inside Mac Radio - November 27th Show - Intelligent Assistance & The DV Guys !! From: Scott Sheppard To: glein@marlboro.edu Message-ID: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: Precedence: List List-Software: LetterRip Pro 4.05b7 by LetterRip Software, LLC. List-Subscribe: List-Unsubscribe: X-LR-SENT-TO: glein@marlboro.edu X-Marlboro-MailScanner: clean X-Marlboro-SpamCheck: not spam, SpamAssassin (score=0.08, required 7, autolearn=not spam, AWL 0.08, BAYES_00 0.00) X-MailScanner-From: unixtips@lists.osxfaq.com Status: O X-UID: 3102 Content-Length: 2263 X-Keywords: Hello Everybody :-) <--------(start of actual email text) Here is the information about the November 27th broadcast of the Inside Mac Radio Show. Listen to the show LIVE on AM 1220 KNTS in the San Francisco Bay Area or on the web at http://www.universaltalknetwork.com/listen.htm Saturday's from 1-3pm Pacific Time. ... ... ... QUIT +OK Logging out. Connection closed by foreign host. As I mentioned before, sending email via telnet can be more dastardly because you are presented with several options the average web client doesn't tell you about (with good reason). Case in point: [localhost:~] gabe% telnet smtp.marlboro.edu 25 <----(connecting to the smtp server) Trying 10.1.2.14... Connected to mute.marlboro.edu. Escape character is '^]'. 220 mute.marlboro.edu ESMTP Exim 3.35 #1 Fri, 26 Nov 2004 18:43:32 -0500 HELO 10.1.5.108 <-------("please send mail from this IP address") 250 mute.marlboro.edu Hello mdhcp5-108.marlboro.edu [10.1.5.108] MAIL FROM: billgates@microsoft.com <------(y'know, I just don't feel like being Gabe today) 250 is syntactically correct RCPT TO: kgrav@marlboro.edu <------(nothing better than sending spam to your girlfriend) 250 verified DATA 354 Enter message, ending with "." on a line by itself Subject:Your copy of Windows is out of date! <-----(the plot thickens) From: Bill Gates <------(make it a little more convincing...) Hey love, it's really just me. <----(better come clean or she'll get mad) -Gabe . 250 OK id=1CXpnl-0000Xb-00 QUIT <-------(all done!) 221 mute.marlboro.edu closing connection Connection closed by foreign host. So all I need to do is wander onto Marlboro's campus, jack in, and send barrels of spam with a little script and a list of email addresses. Apache Webserver: Not much explanation needed here, as I just followed the installation instructions on the website. I was of course sure to check the md5 hash for the file before installing (gotten from apache.org, not from a mirror). An interesting point I found (which forced me to reinstall the server): when you run the configure file, and give a relative pathname for "--prefix", the server will install correctly, but when you try and start the http daemon, the pathfile in incorrect. In my case, my first attempt I typed: ./configure --prefix=../apache This was fine at first, and everything installed alright, but when I went to start it, httpd couldn't find "../apache/conf.httpd.conf". Uh oh! So I tried installing again, this time typing: ./configure --prefix=/home/glein/apache This worked fine. I modified the httpd.conf file so that it listens on port 8413, so if you go to cs.marlboro.edu:8413, you'll see a simple little page. Once I'm confident it won't blow up I'll start moving more important stuff over there. HTTPD headers: I used telnet to get these. First, a simple request for www.marlboro.edu's homepage: [glein@cs glein]$ telnet www.marlboro.edu 80 Trying 10.1.2.15... Connected to www.marlboro.edu. Escape character is '^]'. GET / HTTP/1.1 Accept: text/html; Host: www.marlboro.edu HTTP/1.1 200 OK Date: Sun, 28 Nov 2004 00:29:13 GMT Server: Apache/1.3.26 (Unix) Debian GNU/Linux mod_ssl/2.8.9 OpenSSL/0.9.6c PHP/4.1.2 X-Powered-By: PHP/4.1.2 Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ... <-----(actual webpage here) ... So what does this mean? Okay, we have the standard "200 OK", which just means "ok, I'm fine doing that for you", as opposed, for example, to a "404 not found", or "403 Forbidden". Oooh, server info... Handy information if I want to hack this computer. It's even kind enough to tell me what OS it's running. "X-Powered-By" I don't really understand, but I know PHP is kind of like cgi, so this probably just means the compiler used for actual code on this site. Transfer-Encoding, not sent in one big lump. Content-Type, pretty expanatory, just says "read this as html." Let's try a more interesting one. This one's rather interesting, actually. Here I try asking for the home page at www.amazon.com: [glein@cs glein]$ telnet www.amazon.com 80 Trying 207.171.175.35... Connected to www.amazon.com. Escape character is '^]'. GET / HTTP/1.1 Host: www.amazon.com Accept: text/html; HTTP/1.1 301 Moved Permanently Date: Sun, 28 Nov 2004 04:03:05 GMT Server: Stronghold/2.4.2 Apache/1.3.6 C2NetEU/2412 (Unix) amarewrite/0.1 mod_fastcgi/2.2.12 Set-Cookie: skin=; domain=.amazon.com; path=/; expires=Wed, 01-Aug-01 12:00:00 GMT Location: http://www.amazon.com:80/exec/obidos/subst/home/home.html Cneonction: close Transfer-Encoding: chunked Content-Type: text/plain 0 Here Now this is the whole thing sent to me, "webpage" and all (notice the "Here"). Here we get the message "301 Moved Permanently". Further down we get the HTTP header for "Location:" and sure enough if we point a browser at www.amazon.com, that's where it sends us. The "Cneonction" line confused me so I looked it up. I actually found a forum post where someone had done the exact same thing (http://www.webservertalk.com/message207039.html). It seems to be a rather weird issue. We also have a Set-Cookie header, which isn't very exciting except for the fact that it seems to be set to expire back in 2001. Perhaps this is a relic of an older system, or maybe it's supposed to expire immediately (for some bizarre reason). One more, submitting a "GET" form: [glein@cs glein]$ telnet www.google.com 80 Trying 64.233.161.104... Connected to www.google.com. Escape character is '^]'. GET /search?hl=en&q=fish+cakes&btnG=Google+Search HTTP/1.1 Host: www.google.com Accept: text/html; HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html Set-Cookie: PREF=ID=6726b6c80bf417ab:TM=1101616815:LM=1101616815:S=09R2b9tApiGALB_j; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com Server: GWS/2.1 Transfer-Encoding: chunked Date: Sun, 28 Nov 2004 04:40:15 GMT bea Google Search: fish cakes