每年圣诞节大家都有各种温馨浪漫的过节方式。其实我们黑客也有黑客的浪漫,只是一般人不容易感受到。 2014,xmas.futile.net 2014 年圣诞节的时候,如果你对 xmas.futile.net 这个域名执行 traceroute 操作,首先会看到一棵圣诞树,然后还有《Let It Snow! Let It Snow! Let It Snow!》《Jingle Bells》等几首圣诞歌曲的歌词:
图片描述 by gemini-3-flash-preview
这是一张黑色背景、绿色文字的终端命令行界面截图,展示了 traceroute 命令的执行结果。画面中,第 24 至 41 行利用字符巧妙地拼出了一棵圣诞树的 ASCII 艺术造型,随后的行数则将原本的主机名位置替换成了《Let It Snow!》、《Jingle Bells》等圣诞歌曲的歌词,如“Let.It.Snow.Let.It.Snow.Let.It.Snow”。
要实现控制多行 traceroute 返回结果其实并不需要真有这么多路由,用一台配置了多个 IP 地址的服务器就可以。只要在服务器上根据收到的 traceroute 请求中的 TTL 值以相应的 IP 返回 ICMP Time Exceeded Message 报文即可。 至于控制 traceroute 返回结果中的文本内容,大家首先想到的可能是 Reverse DNS。但如果你仔细看上面图中的内容就会发现这里用的一定不是 Reverse DNS。具体是什么,留给你们琢磨。 当然,现在 xmas.futile.net 已经失效了,再去 traceroute 也看不到上面的效果。毕竟在 IPv4 下玩这个游戏需要用接近一百个 IP 地址,还是有点费钱的。不过以后想玩的话可以用 IPv6,物美价廉。 1997,nmap -sX 1997 年,nmap 发布了第一个版本。这个扫描器一诞生,就在网络上掀起了不小的风浪。因为 nmap 可以说把 TCP/IP 协议用到了极致,实现了各种奇特的扫描方式。有些方式速度非常快,有些方式可以躲过入侵检测系统,还有些方式甚至可以穿透防火墙。 这些扫描方式中有一种叫 Xmas 扫描,即“圣诞扫描”。为什么叫这个名字呢?这个问题甚至绝大部分黑客也都不知道答案。 在 RFC 1025 中,把同时设置了 SYN、FIN、PSH、URG 四个标志位的 TCP 数据包称作 Christmas Tree Packet。因为当所有标志位都设置上,就像同时点亮圣诞树上所有的灯一样。 不过 nmap 在执行圣诞扫描时只会发出设置了 FIN、PSH、URG 三个标志位的数据包,并不会加上 SYN。因为圣诞扫描的目的是为了探测端口是否开放。当请求发出,如果收到 RST 报文,该端口就被认为是关闭的;没有响应则意味着端口是开放或被过滤的。而根据 RFC 793,只有不包含 SYN,RST,或者 ACK 位的报文会导致一个 RST 返回。所以圣诞扫描的报文肯定不能加上 SYN。 圣诞扫描所发出的报文不会出现在正常通信中,所以很容易被网络安全设备检测到。而且在当前的网络环境下,这种扫描方式也很难在互联网上得到有效返回结果。所以这种技术已经基本没有实用价值。不过如果你在圣诞节这天使用圣诞扫描同时又加了 -v 参数,nmap 还是会祝你圣诞快乐: tk@Debian:~$ sudo nmap -sX -v 192.168.0.1 Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-25 11:05 CST Nmap wishes you a merry Christmas!Specify -sX for Xmas Scan (https://nmap.org/book/man-port-scanning-techniques.html). Initiating Ping Scan at 11:05 Scanning 192.168.0.1 [4 ports] Completed Ping Scan at 11:05, 0.00s elapsed (1 total hosts) Initiating Parallel DNS resolutionof 1 host. at 11:05 Completed Parallel DNS resolution of 1 host. at 11:05, 0.01s elapsed Initiating XMAS Scan at 11:05 Scanning router (192.168.0.1) [1000 ports] Completed XMAS Scan at 11:06, 1.23s elapsed (1000 total ports) Nmap scan report for router (192.168.0.1) Host is up (0.0090s latency). Not shown: 997 closed ports PORT STATE SERVICE 53/tcp open|filtered domain 80/tcp open|filtered http 443/tcp open|filtered https Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds Raw packets sent: 1007 (40.272KB) | Rcvd: 998 (39.908KB) 1988,phillipps.c 各种编程比赛中,有一个资格很老又很另类的,叫“国际C语言混乱代码大赛 ”,International Obfuscated C Code Contest,简称 IOCCC。 IOCCC 创办于 1984 年,目标是选出最有创意且最让人难以理解的 C 语言代码。所以 IOCCC 的获奖作品大多不长,甚至只有一两行。但都非常难以阅读,源码比编译出来的二进制还难懂。 1988 年,英国的 Ian Phillipps 凭借下面这段代码获得了 IOCCC 的“最不可能成功编译奖”: main(t,_,a ) char * a; { return! 0t? t3? main(-79,-13,a+ main(-87,1-_, main(-86, 0, a+1 ) +a)): 1, t_? main( t+1, _, a ) :3, main ( -94, -27+t, a ) t == 2 ?_ 13 ? main ( 2, _+1, "%s %d %d\n" ) :9:16: t0? t-72? main( _, t, "@n'+,#'/*{}w+/w#cdnr/+,{}r/*de}+,/*{*+,/w{%+,/w#q#n+,/#{l,+,/n{n+,/+#n+,/#;#q#n+,/+k#;*+,/'r :'d*'3,}{w+K w'K:'+}e#';dq#'l q#'+d'K#!/+k#;q#'r}eKK#}w'r}eKK{nl]'/#;#q#n'){)#}w'){){nl]'/+#n';d}rw' i;# ){nl]!/n{n#'; r{#w'r nc{nl]'/#{l,+'K {rw' iK{;[{nl]'/w#q#n'wk nw' iwk{KK{nl]!/w{%'l##w#' i; :{nl]'/*{q#'ld;r'}{nlwb!/*de}'c ;;{nl'-{}rw]'/+,}##'*}#nc,',#nw]'/+kd'+e}+;#'rdq#w! nr'/ ') }+}{rl#'{n' ')# }'+}##(!!/") : t-50? _==*a ? putchar(31[a]): main(-65,_,a+1) : main((*a == '/') + t, _, a + 1 ) : 0t? main ( 2, 2 , "%s") :*a=='/'|| main(0, main(-61,*a, "!ek;dc i@bK'(q)-[w]*%n+r3#l,{}:\nuwloca-O;m .vpbks,fxntdCeghiry") ,a+1);} 这个“最不可能成功编译奖”真的实至名归,怎么看也不像是能编译通过的样子。但偏偏就可以编译。不但能编译,而且编译出来的程序执行后会打印出《圣诞节的十二天(The Twelve Days of Christmas)》这首歌的完整歌词: tk@Debian:~$ ./a.outOn the first day of Christmas my true love gave to me a partridge in a pear tree. On the second day of Christmas my true love gave to me two turtle doves and a partridge in a pear tree. On the third day of Christmas my true love gave to me three french hens, two turtle doves and a partridge in a pear tree. On the fourth day of Christmas my true love gave to me four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the fifth day of Christmas my true love gave to me five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the sixth day of Christmas my true love gave to me six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the seventh day of Christmas my true love gave to me seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the eighth day of Christmas my true love gave to me eight maids a-milking, seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the ninth day of Christmas my true love gave to me nine ladies dancing, eight maids a-milking, seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the tenth day of Christmas my true love gave to me ten lords a-leaping, nine ladies dancing, eight maids a-milking, seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the eleventh day of Christmas my true love gave to me eleven pipers piping, ten lords a-leaping, nine ladies dancing, eight maids a-milking, seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the twelfth day of Christmas my true love gave to me twelve drummers drumming, eleven pipers piping, ten lords a-leaping, nine ladies dancing, eight maids a-milking, seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. 《圣诞节的十二天》歌词本来就有大量重复内容,所以代码可以比打印出来的歌词还短并不奇怪。而通过简单的位移加密也很容易做到让源码里没有任何歌词的痕迹。但能够如此善于利用 C 语言的各种特性,把嵌套递归用到极致,让看起来一片混乱的代码可以正常工作,就真当得起“精妙”两个字了。 看了这段代码你应该也能想明白一个问题:为了自证清白而开放源代码只是一种姿态,因为想通过源码审计来找后门,是没那么容易的。 顺便说一句:《圣诞节的十二天》是一首非常古老的歌曲,诞生时间以追溯到 1780 年。所以歌词内容看起来非常古朴。其实念一下就明白了,这就是外国贯口。不信和西河大鼓《玲珑塔》的词对照看看: twelve drummers drumming,eleven pipers piping,ten lords a-leaping, nine ladies dancing,eight maids a-milking, seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens,two turtle doves and a partridge in a pear tree. 玲珑塔,塔玲珑,玲珑宝塔十二层。十二张高桌四十八条腿,十二个和尚十二本经,十二个铙钹十二口磬,十二个木鱼十二盏灯。十二个金铃,四十八两,风儿一刮响哗愣。