لطفا منتظر باشید ...
Hack 80 Fake an Ident Response
Fake a simple Identification Protocol server toconvince IRC servers who you are.In the Unix world, it is generally taken for
granted that it is possible to determine the ownership of a TCP
connection by querying the Ident server. A
process called identd runs in the background and
accepts queries from remote machines. The Ident server then responds
with information that identifies the user of that connection.Most IRC servers attempt to use the Identification Protocol to
establish the identity of each user that connects to it. When you
connect to the IRC server, it will establish a separate connection to
the Ident server on the machine you are connecting from. The IRC
server will then ask to whom the connection belongs. If all goes
well, the Ident server will respond correctly, the IRC server will be
happy, and you'll be allowed to chat away.One curious thing about the Ident Protocol is that nearly all IRC
servers make use of it, yet a huge number of users do not run a
permanent Ident server. In particular, users of Microsoft Windows
will find that their operating system does not run an Ident server
unless they have specifically downloaded and installed one. For this
reason, most IRC clients come with their own implementation of an
Ident server built in. When you instruct your client to connect to an
IRC server, it can turn on the temporary Ident server to accept the
Ident query. Once this has been done, there is no need to leave the
Ident server running, so it can be closed.The Identification Protocol runs on TCP port 113. On Unix-based
systems, "normal" users will not
have permission to run processes that create server sockets on this
low port number. As the identd process is
normally already running as root on most Unix
systems, this is not so much of a problem. On other operating systems
where an Ident server is not already running, such as Windows, there
are often no restrictions on creating such processes. If you
do have permission to create a server socket
that accepts connections on port 113, it is worth remembering that
there can only be one process at a time that does this.The Identification
Protocol is fairly simple, and you need to know only a little bit
about it to fool an IRC server. However, if you want to know more,
the protocol is defined in RFC 1413. The full contents of this RFC
document can be found at http://www.faqs.org/rfcs/rfc1413l.When a client (or in our case, an IRC server) wants to query our
Ident server, it will do so by connecting to it and sending a line of
text. For the purpose of hacking together a quick program to satisfy
an IRC server, you do not even need to know what this line of text
isall you have to do is make sure it's used
as part of your response. The expected response must start with this
line and end with your desired login. Here is an example of an Ident
request from an IRC server:
3408, 6667The request is simply asking who is connecting to port 6667 from port
3408 on the local machine. If you want to tell the IRC server that
your login is "paul," you simply
respond with:
3408, 6667 : USERID : UNIX : paulYou can now
close the connection and shut down the Ident server. Note that each
line sent via the Identification
Protocol must be terminated with a trailing return and new line
(i.e., \r\n).
13.4.1 The Code
Save the following in a file called
IdentServer.java
:
import java.net.*;
import java.io.*;
public class IdentServer {
public static void ident(String login) throws IOException {
// Wait for a connection on port 113.
ServerSocket ss = new ServerSocket(113);
Socket socket = ss.accept( );
BufferedReader reader = new BufferedReader(
new InputStreamReader(socket.getInputStream( )));
BufferedWriter writer = new BufferedWriter(
new OutputStreamWriter(socket.getOutputStream( )));
// Read the line from the connecting client.
String line = reader.readLine( );
if (line != null) {
System.out.println(line);
// Create our line of reply and send it back.
line = line + " : USERID : UNIX : " + login;
System.out.println(line);
writer.write(line + "\r\n");
writer.flush( );
}
// Close the connection and let the program end.
writer.close( );
ss.close( );
}
public static void main(String[] args) {
try {
// Tell the ident server to respond with the login "paul".
ident("paul");
}
catch (IOException e) {
// If anything goes wrong, print it to the standard output.
e.printStackTrace( );
}
}
}
13.4.2 Running the Hack
Compile the program with the javac command:
% javac IdentServer.javaAfter compiling the program, run it with the java
command:
% java IdentServerThis hack is standalone and can be run as a temporary one-shot Ident
server. While the IdentServer is running, you can connect to an IRC
server and let it respond to the Ident request. After the response
has been sent, the program will end.As you can see from this hack, implementing a simple Ident server is
not particularly difficult. This standalone program could be modified
and used within your own Java applications, including IRC clients or
bots.
13.4.3 Firewalls and Ident
Take care when using Ident from behind a firewall or
Network Address Translation (NAT). If the
IRC server you are connecting to is unable to see your Ident server,
there is no point running it in the first place. Remote machines must
be able to connect to port 113 of your machine to use your Ident
server. To allow this to happen through a firewall, you may need to
explicitly open this port or allow it to be forwarded from another
machine.
