Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re^3: Strict Clean JAPH

by marto (Cardinal)
on Aug 08, 2014 at 19:34 UTC ( [id://1096804]=note: print w/replies, xml ) Need Help??


in reply to Re^2: Strict Clean JAPH
in thread Reaped: Strict Clean JAPH

I'd hope that this is obvious to most. It's not a good idea to send an "unknown" payload to a system which you do not own. The link I gave shows what the tool this script is based on (well, essentially is) does. It's downright dishonest to post this here under the guise of an obfuscated JAPH

Update: Fixed typo, additional text.

Replies are listed 'Best First'.
Re^4: Strict Clean JAPH (reap socket obfuscation)
by Anonymous Monk on Aug 10, 2014 at 07:19 UTC

      Point taken, it won't happen again. In my defence I felt pressured to do this quickly. A senior monk had mentioned in the CB that some investigation should be done to determine what this code does, in addition to this I couldn't be as verbose as I should have due to parenting issues. I did manage to discuss the issue in some detail in the CB a short while after raising the consideration.

        There is no way to know what the code does... other than it being a vector for whatever code the author chooses to offer up at that IP address/port. When I saw this code I tried to download from the address but the service at that port had already been taken down.

        But it wouldn't have mattered if the code I had gotten was completely innocent. Because there is nothing to stop the author from changing what code is offered. The service can offer the same innocent code 99% of the time but add a malicious part 1% of the time.

        This type of code is simply unsafe to run. It is good that the node was reaped.

        - tye        

      Where does spam/ads fall? Useless, stupid, off-topic?

Re^4: Strict Clean JAPH
by hookbot (Acolyte) on Aug 09, 2014 at 19:39 UTC

    Well, I actually thought it would be a fun exercise to de-obfuscate. There was no malicious intent. It actually works just fine and doesn't do anything wrong. But yeah, that does make sense about the "unknown" payload. Sorry if that offended anyone. I'll be more careful in the future.

      I want to know exactly what this program does. Please document it, here. It is hard for an emptor to caveat without knowing these details. Thanks!

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1096804]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (3)
As of 2024-03-29 01:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found