FFS · Hacking · Perl

I Get Email

Apparently, having my name in CPAN is a sign that I know everything about Perl, SOAP, XML, and security.

Unless someone can come up with a legitimate reason to send 5000 authentication requests to a web server (including an explanation of why that’s not a brain-damaged way to solve the problem at hand), I’m going to assume that this guy is a wannabe script kiddie.

This isn’t the first time someone’s asked me to , but this time around, I don’t feel like toying with him. Script kiddies are people too.

Then again, so’s Soylent Green (as put it).

Hello ,
This is Mr. Avergonzado from singapore. Im actaully in need of your help regarding a code in Perl to Post XML statements in our web server for password authorization. The following statement below is how i can type the post statement of XML to our web server:after I issue telnet.( $ telenet <web-server hostname> <port#>)

POST /Ws/RegistrationService.asmx?WSDL HTTP/1.1
SOAPAction: “http://www.nlb.gov.sg/ws/RegistrationService:registerUserIn”
Content-Type: text/xml; charset=utf-8
Accept: text/xml, multipart/related,
text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
User-Agent: Java/1.5.0_09
Host: <localhost>
Connection: keep-alive
Content-Length: 721
<?xml version=”1.0″ ?>
<S:Envelope xmlns:S=”http://schemas.xmlsoap.org/soap/envelope/”>
<RegisterUserRequest xmlns=”http://www.nlb.gov.sg/ws/RegistrationService”>
<SecurityQuestion>What NLB means?</SecurityQuestion>
<SecurityAnswer>National Library Board</SecurityAnswer>

Then this is the correct response I get. I also need to capture the response for reference and verification.

HTTP/1.1 200 OK
Connection: close
Date: Thu, 10 Jan 2008 08:37:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Length: 477
<?xml version=”1.0″ encoding=”utf-8″?><soap:Envelope xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema”><soap:Body><RegisterUserResponse xmlns=”http://www.nlb.gov.sg/ws/RegistrationService”><Status>OK</Status><Message>User is added to AD successfully.</Message><ErrorMessage>User is added to AD successfully.</ErrorMessage></RegisterUserResponse></soap:Body></soap:Envelope>

My problem is I need to pass 5000 usernames and passwords to the web server,thats why I need to script it in perl or java using telnet. It will take days if I will use the post statements above for singular records. Hope you can help me how to script it in Perl or java so that I can send as many of this XML to the web server. Thanks.
Please,please,please,please,please,please,please,please,please,please help me…….
Mr. AVergonzado

7 thoughts on “I Get Email

  1. Well, not to play Devil’s Advocate here, but since it does seem to be a user-registration service, I suppose it is possible that he has a legitimate need to register 5000 users with this service, however, it seems there should probably be a bulk interface for doing that.

  2. The domain name ooblick.com hasn’t changed, just the name of the weblog. For one thing, “Ooblog” struck me as being both cutesy, and almost as ugly as the word “blog” itself. For another, I love the phrase “epsilon clue” (as in “Anyone with even epsilon clue should realize that…”). Also, it’s more googlable.

  3. “Anyone with even epsilon clue should realize that…” … is that a Brave New World reference?

    If so, damn, I’m glad I’ve read as many books as I have. I’d hate to miss out on all of this stuff.

  4. is that a Brave New World reference?

    No, math and (mostly) CS:

    Math, as in “For every δ, there’s an ε such that δ > ε”. δ is usually assumed to be a tiny number, and ε even smaller.

    And from CS, epsilon as in floating-point precision (which usually winds up close to the smallest representable nonzero number).

  5. Whenever someone asks again, you might be better off explaining that it is a Brave New World reference. Surprisingly, it’s a less nerdy explanation 😛

Comments are closed.