Here's one that will show that you shouldn't work on a system that you don't thourghly understand.

At my "previous" employer I was instructed to install a new (larger) disk drive in a RS/6000 system. Since a full backup of the system was done the previous day I just looked at the file systems vi a df to see which were on the drive that I was replacing. After this I did a tape backup of these filesystems, ran smit and did a remove of these filesystems.  I then installed the new disk and brought the system back up.  When I ran smit and when I was able to do the installation of the new drive and setup the file systems I was figuring that this was going to be an easy one.

WRONG!!  I was aware that you could expand filesystems under AIX but was not aware that it would expand them 'across physical drives'!!! I first realized that I was in trouble when I went to read in the backup tape and cpio was not found. I did an ls of the /usr/bin directory and it said that the file was there but when I tried to run it it was not found. and of course when I went looking for the original install tape it was not to be found....

This is a short example of using gethostbyname in C on linux. It is used to lookup a hostname and get a list of ip addresses for that host.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#include <netdb.h>
#include <sys/socket.h>

#include <netinet/in.h>
#include <arpa/inet.h>

char *addrtype(int addrtype) {
	switch(addrtype) {
		case AF_INET:
			return "AF_INET";
		case AF_INET6:
			return "AF_INET6";
	}
	return "Unknown";
}

int main(int argc, char **argv) {
	struct hostent *tmp = 0;
	int i = 0;

	if (argc < 2) {
		printf("Usage: %s <hostname>\n", argv[0]);
		exit(EXIT_FAILURE);
	}

	tmp = gethostbyname(argv[1]);

	if (!tmp) {
		printf("Lookup Failed: %s\n", hstrerror(h_errno));
		return 0;
	}

	printf("Lookup: %s\n", argv[0]);
	printf("h_name: %s\n", tmp->h_name);

	i = 0;
	while(tmp->h_aliases[i] != NULL) {
		printf("h_aliases[i]: %s\n", tmp->h_aliases[i]);
		i++;
	}

	printf("h_addrtype: %d - %s\n", tmp->h_addrtype, addrtype(tmp->h_addrtype));
	printf("h_length: %d\n", tmp->h_length);
	
	i = 0;
	while(tmp->h_addr_list[i] != NULL) {
		printf("h_addr_list[i]: %s\n", inet_ntoa( (struct in_addr) *((struct in_addr *) tmp->h_addr_list[i])));
		i++;
	}

	return 0;
}

Here's another story.

Just imagine having the sendmail.cf file in /etc. Now, I was working on the sendmail stuff and had come up with lots of sendmail.cf.xxx which I wanted to get rid of so I typed "rm -f sendmail.cf. *". At first I was surprised about how much time it took to remove some 10 files or so. Hitting the interrupt key, when I finally saw what had happened was way to late, though.

Fortune has it that I'm a very lazy person. That's why I never bothered to just back up directories with data that changes often. Therefore I managed to restore /etc successfully before rebooting... :-) Happy end, after all. Of course I had lost the only well working version of my sendmail.cf...

I have just added another tool to my collection. Which is a fake sshd for linux. It can be used to capture login attempts. It is used for doing the following.

• Profiling password attack atempts on servers.
• Setting up a honey pot so you can invite the "kids" in
• Stealing the dictionary's used by attackers to test against your own password hashes.

Here is an example of the log output from an attack.

Dec 11 14:02:04 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: edityahoo.no
Dec 11 14:02:06 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: edityahoo.org
Dec 11 14:02:07 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: 68b329da9893e34099c7d8ad5cb9c940
Dec 11 14:02:09 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: 7hur@y@t3am$#@!(*(
Dec 11 14:02:10 debian fake-sshd.exe: IP: 74.53.140.146 USER: sysgames PASS: qwertycosmin
Dec 11 14:02:12 debian fake-sshd.exe: IP: 74.53.140.146 USER: bin PASS: diana4ever
Dec 11 14:02:13 debian fake-sshd.exe: IP: 74.53.140.146 USER: bin PASS: bostanel

more information / download