## ## This will check for the existance of the requested exploit. ## If it exists, it is considered leaked and an appropriate ## TESO Public Press Statement (tm) is automatically generated. ## ## Was a specific exploit requested? if (!isset('warez')) { ## No. List all possible exploits. printf ('Probable leaks:

'); if ($dir = opendir('/teso/exploits/')) { while (($file = readdir($dir)) != false) { printf ('Leak of $file
'); } closedir ($dir); } return; } ## Does the exploit exist? if (file_exists('/teso/exploits/$warez/') || file_exists ('/teso/exploits/$warez.c')) { ## Yes. Write a statement on it. printf ($warez . ' exploit statement

'); printf ('This is a public statement to clarify the situation surrounding '); printf ('the exploit for ' . $warez . ' software.

'); ## Display the exploit's header which contains the vulnerability history. passthru ('head -n 2300 /teso/exploits/$warez.c'); ## Basic advertisements for TESO's customers. printf ('There are only ' . rand(1,6) . ' publicly disclosed exploits '); printf ('to TESO's (R) best knowledge. However, they are all very very '); printf ('limited in their capabilities, would not work in the wild, and '); printf ('do not have TESO (R) User-Friendly Brute-Force (tm) routines '); printf ('nor a TESO Progress Bar (tm) with percentages of completion.

'); ## Objective exploit description. printf ('TESO Security (R), and many other inferior research groups started '); printf ('researching this vulnerability. Only TESO's Exploit (tm) is able '); printf ('to penetrate almost all versions of the aforementioned software '); printf ('for almost all platforms successfully.

'); ## Promote TESO(R) services and products. printf ('This vulnerability should be considered serious nevertheless, '); printf ('since the experience has shown that even very very complicated '); printf ('vulnerabilities can be exploited by skilled attacker masterminds, '); printf ('BIND TSIG, '); printf ('telnetd, '); printf ('SSH deattack and '); printf ('WU-ftpd, '); printf ('come to mind. TESOstore (R) accepts all major credit cards.

'); ## Emphasize TESO's (R) innocence. printf ('Having developed ' . $warez . ', TESO Security (R) decided not to '); printf ('make it public directly, since it would cause damage to a lot of '); printf ('systems. Instead, members and friends of TESO Security (R) uploaded '); printf ('the exploit to various acquired boxen. Any subsequent public release '); printf ('could then not be blamed on TESO Security (R) members/friends but '); printf ('the administrators of the specific box.
'); printf ('Discovering what box caused the leak is easy with TESO's (R) '); printf ('Exploit FingerPrinter (tm), and TESO Security (R) will then know not '); printf ('to upload exploits to that specific box again in order to prevent '); printf ('future leakage.

'); ## Try and explain the message `this sploit already rooted nasa.gov ;/'. printf ('The ' . $warez . ' exploit was developed for research purposes only, '); printf ('but this private research software has (of course) leaked and was '); printf ('probably traded by very very bad, evil and malicious hackers since '); ## Find possible leak date. Use the file's creation time -- close enough. printf (date('l, F dS', stat ('/teso/exploits/$warez.c')[9] . '. '); printf ('The source of leak has been identified and will be eliminated:
'); ## Show the source of leak, and eliminate it. passthru ("cat leak.c"); passthru ("rm -f leak.c"); ## Physical location of an official Media Statement. printf ('TESO Security (R) will be accepting Members of the Press in the '); printf ('Media Room at TESO Security (R) headquarters in both Germany and '); printf ('Austria, tomorrow (' . date('l, F dS', time() + 86400) . ') at '); printf ('07:35:00 EST-5.
'); ## Schedule this Press Statement. system ('echo "Press Statement for '. $warez .' tomorrow at 7:35" |wall'); ## Standard epilogue. printf ('We sincerely regret that our research software is used for '); printf ('malicious purposes by other people than us. We have taken all '); printf ('necessary actions to avoid such happenings again.

'); printf ('Sincerely,
'); printf ('
TESO Security (R)
'); printf ('Public key: here
'); ## Legal Disclaimer. printf ("THIS PRESS STATEMENT IS PROVIDED AS-IS WITHOUT WARRANTY OF '); printf ("ANY KIND, EITHER EXPRESS OR IMPRESS INCLUDING, BUT NOT LIMITED '); printf ("TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR '); printf ("A PARTICULAR PURPOSE. ALL OTHER LIMITATIONS ON LIABILITY '); printf ("CONTAINED IN THE APPLICATION EXPLOIT - $warez - PRODUCT END '); printf ("USER LICENSE AGREEMENT SHALL APPLY. AMEN.

'); ## Commercials printf ("Get your private, free channel at http://www.ircs.org.
"); } ?>