##
## This will check for the existance of the requested exploit.
## If it exists, it is considered leaked and an appropriate
## TESO Public Press Statement (tm) is automatically generated.
##
## Was a specific exploit requested?
if (!isset('warez')) {
## No. List all possible exploits.
printf ('Probable leaks:
');
if ($dir = opendir('/teso/exploits/')) {
while (($file = readdir($dir)) != false) {
printf ('Leak of $file
');
}
closedir ($dir);
}
return;
}
## Does the exploit exist?
if (file_exists('/teso/exploits/$warez/') || file_exists ('/teso/exploits/$warez.c')) {
## Yes. Write a statement on it.
printf ($warez . ' exploit statement
');
printf ('This is a public statement to clarify the situation surrounding ');
printf ('the exploit for ' . $warez . ' software.
');
## Display the exploit's header which contains the vulnerability history.
passthru ('head -n 2300 /teso/exploits/$warez.c');
## Basic advertisements for TESO's customers.
printf ('There are only ' . rand(1,6) . ' publicly disclosed exploits ');
printf ('to TESO's (R) best knowledge. However, they are all very very ');
printf ('limited in their capabilities, would not work in the wild, and ');
printf ('do not have TESO (R) User-Friendly Brute-Force (tm) routines ');
printf ('nor a TESO Progress Bar (tm) with percentages of completion.
');
## Objective exploit description.
printf ('TESO Security (R), and many other inferior research groups started ');
printf ('researching this vulnerability. Only TESO's Exploit (tm) is able ');
printf ('to penetrate almost all versions of the aforementioned software ');
printf ('for almost all platforms successfully.
');
## Promote TESO(R) services and products.
printf ('This vulnerability should be considered serious nevertheless, ');
printf ('since the experience has shown that even very very complicated ');
printf ('vulnerabilities can be exploited by skilled attacker masterminds, '); printf ('BIND TSIG, '); printf ('telnetd, ');
printf ('SSH deattack and ');
printf ('WU-ftpd, ');
printf ('come to mind. TESOstore (R) accepts all major credit cards.
');
## Emphasize TESO's (R) innocence.
printf ('Having developed ' . $warez . ', TESO Security (R) decided not to '); printf ('make it public directly, since it would cause damage to a lot of ');
printf ('systems. Instead, members and friends of TESO Security (R) uploaded ');
printf ('the exploit to various acquired boxen. Any subsequent public release
');
printf ('could then not be blamed on TESO Security (R) members/friends but '); printf ('the administrators of the specific box.
');
printf ('Discovering what box caused the leak is easy with TESO's (R) ');
printf ('Exploit FingerPrinter (tm), and TESO Security (R) will then know not
');
printf ('to upload exploits to that specific box again in order to prevent '); printf ('future leakage.
');
## Try and explain the message `this sploit already rooted nasa.gov ;/'.
printf ('The ' . $warez . ' exploit was developed for research purposes only,
');
printf ('but this private research software has (of course) leaked and was '); printf ('probably traded by very very bad, evil and malicious hackers since ');
## Find possible leak date. Use the file's creation time -- close enough.
printf (date('l, F dS', stat ('/teso/exploits/$warez.c')[9] . '. ');
printf ('The source of leak has been identified and will be eliminated:
');
## Show the source of leak, and eliminate it.
passthru ("cat leak.c");
passthru ("rm -f leak.c");
## Physical location of an official Media Statement.
printf ('TESO Security (R) will be accepting Members of the Press in the ');
printf ('Media Room at TESO Security (R) headquarters in both Germany and ');
printf ('Austria, tomorrow (' . date('l, F dS', time() + 86400) . ') at ');
printf ('07:35:00 EST-5.
');
## Schedule this Press Statement.
system ('echo "Press Statement for '. $warez .' tomorrow at 7:35" |wall');
## Standard epilogue.
printf ('We sincerely regret that our research software is used for ');
printf ('malicious purposes by other people than us. We have taken all ');
printf ('necessary actions to avoid such happenings again.
');
printf ('Sincerely,
');
printf ('TESO Security (R)
');
printf ('Public key: here
');
## Legal Disclaimer.
printf ("THIS PRESS STATEMENT IS PROVIDED AS-IS WITHOUT WARRANTY OF ');
printf ("ANY KIND, EITHER EXPRESS OR IMPRESS INCLUDING, BUT NOT LIMITED ');
printf ("TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ');
printf ("A PARTICULAR PURPOSE. ALL OTHER LIMITATIONS ON LIABILITY ');
printf ("CONTAINED IN THE APPLICATION EXPLOIT - $warez - PRODUCT END ');
printf ("USER LICENSE AGREEMENT SHALL APPLY. AMEN.
');
## Commercials
printf ("Get your private, free channel at http://www.ircs.org.
");
}
?>