Copy Link
Add to Bookmark
Report
b0g 07
_________________________________________
.-. _ .-. / \
| _____ | . o O| Ninja Chop This!%@ |
( @ @ ) \________________________________________ /
\ /
\ --- /
| |
--- ---
| i i |
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
TH4 JULY 1SSU3 1SSU3 VII ! 1N Y00R F4C3! PH33RN4T10N!
b0g b0g!# !b0 b0 #@! b0g!# #@!
b0g !b0g!#@ !b0 b0 #@ @!b0g!#@ #@!
b0g @!b0g!#@! !b0 !b0 #@ #@! #@! #@!
b0g @! @!b !#@! !b0 #@!b0g!#@!b !#@ 0 @!b #@!
b0g #@!b #@!b #@! !#@!b0g! !b0 !#@!b0g!#@!b !# b0g!#@!b #@!
b0g!#@!b0 #@!b #@! g!#@!b0g! !b0 !#@!b0g!#@!b g!# !b0g!#@ b0 #@!
b0g!#@!b0g #@!b #@! 0g!# b0g! !b0 !b !# g! @!b !#@ b0 #@!
b0g !b0g #@!b #@! 0g!# b0g! !b0 @!b !# g! @!b !#@ b0 #@!
b0g !b0g #@!b #@! 0g! b0g! !b0 @!b !# g! @!b !#@ b0 #@!
b0g !b0g #@!b #@! 0g! b0g! !b0 !#@!b0g!#@! g! @!b !#@ b0 #@!
b0g !b0g #@!b #@! 0g! b0g! !b !#@!b0g!#@! g! @!b !#@ b0 #@
b0g !b0g #@!b #@! 0g!# !b0g! @! g! g!# !b0g!#@!b0
b0g!#@!b #@!b0g!#@! g!#@!b0g! !b0 #@! g! !# !b0g!#@!b #@!
b0g!#@!b @!b0g!#@ g!#@!b0g! !b0 #@! 0g! !#@ b0 !#@!b #@!
0g!#@! !b0g!# !#@ b0g! !b0 #@ 0g #@! #@!
b0g! !b0g!#@!
g!#@!b0g b0g!#@
g!#@!b0
g!#@!b
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[ Table of Content! [b0g-7.txt]
[ 0:. - [ ] :. ]
[ 1:. - [ DefCon review ] [tak] :. ]
[ 2:. - [ the joys of root ] [timidu] :. ]
[ 3:. - [ how to pick up chicks ] [chris] :. ]
[ 4:. - [ Guide to Paytel Canada payphones ] [TheClone] :. ]
[ 5:. - [ stoned again! ] [wh0rde] :. ]
[ 6:. - [ Hacking Pine ] [timidu] :. ]
[ 7:. - [ Taxonomy of Communications Intelligence ] [psyops] :. ]
[ 8:. - [ How to own ttysnoop ] [tak] :. ]
[ 9:. - [ a guide to daemons ] [psyops] :. ]
[10:. - [ Two bombs and some anarchy ] [reaper] :. ]
[11:. - [ how to make napalm ] [karbonliphe] :. ]
[12:. - [ HACK THE PLANET!#@!] [acidkick] :. ]
[13:. - [ There's Nowhere to Hide ] [Aura] :. ]
[14:. - [ Fun and Games with RPM ] [phunki] :. ]
[15:. - [ The Ultimate Guide To Hacking Hotmail ] [acidkick] :. ]
[16:. - [ How to pimp IRC ] [dawgyman] :. ]
[17:. - [ Counter-control in school ] doc] :. ]
[18:. - [ The internet told me so ] [untoward] :. ]
[19:. - [ IRC Quotes ] [k-rad-bob] :. ]
[20:. - [ Mailbag ] [b0g@b0g.org] :. ]
[21:. - [ CH4NG1NG TH3 W1ND0W5 9X S74R7UP SCR33NS ] [gH] :. ]
[21:. - [ Closing words ] [k-rad-bob] :. ]
[ ]
____________________________________________________________________
get your b0g at: http://www.b0g.org - official site!
http://packetstorm.securify.com/mag/b0g/
send your submissions to b0g@b0g.org !
gibb0r us your articles!
send us anything >:/
http://www.ph33nds.org <--- for raver pr0n!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
You're sitting at home on the couch, it's 2am, watching your
videotaped reruns of 'Kojack' and leeching Metallica MP3z, just
because you can. A knock on the door. It's your friend Sarah,
and her girlfriend Beth.
They kick back on the sofa and fire up a phatty. The girls
get real comforable and start mugging down. Oh yeah. Before you
know it, Beth's got her hand up Sarah's skirt and Beth's tank top
is on the floor. You're chill, you're observing the scene.
Sarah looks up from Beth's nipple to moan, "You got any OpenCOLA?"
Of course you do. You're 'l33t.
"Then get some. And GET S0ME!!#@$!@!"
Get open for OpenCOLA
www.opencola.com
It's a distributed search engine/agent.
And a soft drink.
Gee whillikers!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[ 1:. - [ DefCon review ] [tak] :. ]
[tak@b0g.org] :. ]
____________________________________________________________________
well heres defcon8 through my eyes....
at 6:00am I ran with my gear over to k-mart, and adept picked me up. we
drove to the gas station, then to Dee's...at Dee's we saw almus, grifter,
some dod, and Almus's mom HAHA *B00P* everyone accumulated, and we ended
up going inside, and eating...
then we left, and shit, I rode with Mutilator, Zoob, and that
girl..hehzoob and I rode in back of the truck...it got hot...Almus and his
furry friend put an FM transmitter in their car, and broadcasted 'the best
of san Francisco' over the airwaves... then we threw shit at his car from
ours. We made a few stops along the way, and shit, nothing cool, then we
got there! boom baa boom.
We arrived at the hotel (alexis park) and I was instantly put in fear mode
from their ninja-like fountains. Then we saw these nerds, and yelled
'DORKS!' cause they were your urcle looking fucks. We parked, got the
dorito, and went to the lobby...hack the planet!
in the lobby, I chilled...I met up with
J-Man[phreak.org],
DTangent[defcon],
Serp[phreak.org],
and this dood Travis[radio man]
then I took a piss, about 3 hours later when I let all teh juice out of my
bladder, then we wandered around, and found grifter, and he guided us to
the hotel room where we chilled for a bit, and hacked the gibson.
after that I cant remember much, I just cruised the hotel and looked at the
dorky people, then jumped in the pool fully clothed which is ireet, I
stayed in the pool till about 1:00 am, then got out and talked to this
dood, and drank beer till about 4:00am or so, then he went clubbin, and me
and zoob chilled, then I went to sleep on the lawnchair type thing. At
about 6:00 [ 2 fuckign hours of sleep =\ ] fraud woke me up, and I walked
with him, and shit..i cant remember, and we went to a couple confs and
shit, and stuck HEKTIK stickers all over shit. and blah blah, we chilled,
I went to the lobby, and met up with shman again, and we were talking
about the nick tak, and vulgar heard me, and like 5 feet away was
FoneyOps, Vulgar, Acrylic, SG, and whoever else...HEH, so we then went
into capture the flag, and drank beer as foney was gonna hack the gibson
[he couldnt even get on the network:P ] then I ended up leaving or
something, and just wandering around...and I met up with keystroke some
time, and sadgirl who gave me a neet picture that said 't4k' from the mall
h0h0...blah, we got drunk that night, and I forgot where I slept...The
next day was Saturday, and by then people started knowing what hektik
was, and I was fearing...and up in the hotel room, everyone said they
would give me $10 to run up in the middle of some fed speaking and stick a
sticker on his laptop, I did it, expecting loads of money, and I got $5 =\
fuckers...well it was cool, it was broadcasted over every hotel room TV in
the place and shit HEH, time went on, and like we stole a few golf carts,
and drove to hard rock, then later I think we stole a bunch of alcohol
from the hotel, and got drunk again, and high and shit well basically the
whole weekend we were drunk =D and like yeah...that night....got drunk
that night, and threw people in the pool, and had sex and shit. Then almus
pushed me in the pool...oh shit other people can do that cause they own me
and shit, but lard ass over here does not have the right to push me in
the pool...I will own his fucking DOC wannabe ass. then like there was
this guy dressed as a fed standing, and would not talk....we would hit him
and he wouldnt move, so I stuck a hektik sticker on his forehead, and got
a few pictures with him =D then blah, cant remember.... Ok then like we
put soap in all the fountains, and shit, and all..they bubbled up, and
shit like that, minor havoc. ok, and on Sunday, people were hating us,
because the shmoo group, had hektik stickers all over theirs, and the
dis.org crew DOC was mad cause we had people handing out hektik stickers
at their table, and shit...then the main dood from cDc came to our hotel
room cause we had Polaroids posed in the windows, and he feared++ and was
talking and adept slammed the door on his face...fears0me and blah blah.
god, we did allot of other cool shit, and shit
like that, but I have no fucking clue right now as of what time these
things happened, and what days etc =D so sorry, but check out mad feared
pictures SOON at http://defcon.b0g.org =D
--tak
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[ 2:. - [ the joys of root ] [timidu] :. ]
[timidu@b0g.org] :. ]
____________________________________________________________________
Ok hackers , so you've been at it all night long .The system looked insecure
first but you realized that rooting it it's a real challenge.
And yet , you made it. The shiny '#' appeared at last and you are so excited
that your hands are frozen and you don't know what to do
next. Well , root is fun ! ;] And you can ABUSE it. Yeah , baby , that's
it!@#$!
I know 5 things to do with a root obtained on another people's box. And since
I have a big heart , Ill share them with you.
So .. here we go :
1) Placing a backdoor
This is for those script-kiddies that want more&more&more boxes for their own
'unscrutable' purposes ;] Yeah , we have knowledge of their purposes :
- packeting innocent people
- placing sniffers for NEW shells(accounts) and maybe credit cards
- and so on ......
There are plenty of backdoors on the 'black market' ;]]. Obvious ones to the
admin , or less obvious .. it's up to you to choose
one. Yet , the best combination is a trojaned ssh kit (the ssh distribution
patched so that you may log into ANY account using a password you have
specified ;]]) and a rootkit that will hide your processes/connections. There
arent such things as perfect rootkits. I tend to think that lrk[1-5] is
almost perfect but .. heh .. who needs all that functions? Also knark is a
neat one , being a kernel module that is truly hidden.
You can find applications like wu-ftpd or sendmail already trojaned on the Web
... and that's a good idea. What admin would think
that his XXX-important service provides a backdoor to a careful hacker? Heh
... The only bad part about the backdoors (except ssh) is that they can be
sniffed. You wouldn't like another hacker using your backdoors , eh? And not
only the hackers use sniffers. Admins use them ,too , as they want to know
what happens with their boxes in depth.
My suggestion : find the most complete rootkit and use ssh as a backdoor. Hide
the ssh process from all the process-printing-proggies ( ps , pstree ,top
,etc). And try to trojan the passwd binary so he'll e-mail you when root (or a
normal user) changes his password. In case you notice that you don't own
anymore that box .. you may try to log in with the most recent root
password. Maybe you got lucky and it was just an OS upgrade .. heh
I have a couple of things to say. A hacker is a scripter (a person who uses
scripts , usually made by HIM) but he shouldn't be lazy.
So one must be very careful not to use weak passwords , or the same password
many times (cuz you may want to trade the rewts .. heh) , or
to use the same ssh port (unless you're trojaning the 22-port ssh) , or to
keep his server list someplace unsafe. Clear the logs as Admins
really DO check them often. Don't make unnecessary stupid things like vhosts
and stuff. Try to work clean .. that's the key
2) Announce your presence
Do you want to be famous? Discover a way to travel with light-speed ;]
Do you want to be 'locally'-famous? ;]] Announce your presence on a box that
you just rewted.
You could write something in /etc/motd . MOTD stands for Message Of The Day
for those of you who don't know this yet.
It takes just a simple `echo "timidu was here .. h0h0h0!!!!" > /etc/motd` to
solve the things ... ;]
Or you could modify the telnet-banner to show that you have been there (see my
article in b0g-6 about changing /etc/issue*)
Defacing the web page hosted on that server is also included here. Make your
own suggestive index.html and upload it on every server
you hack. Place it in /home/httpd ... and your name will be known world-wide.
You can send an e-mail to attrition if the page you defaced belonged to an
important institution and they'll give you credit .. heh! ;]
3) Play Mr.Nice Guy
If you hack for fun or for knowledge .. it is a good idea to inform the admin
of the box you entered about the flaw you exploited
and . maybe , other obvious unpatched holes. That sounds stupid for some
people .. but are you really sure you want a box with a
33Kbps connection at Internet belonging to a 50 year clueless old man? Heh ..
fuck you then. Try rooting servers that are well
guarded. Those are the treasures...
4) Fuck up the system
Yeah .. if you are that demonic , you can try to ruin that poor admin box. `rm
-rf /`-ing became lame .. as anyone is able to do it
;] . Try something that will really fuck up his system. Playing with
setserial,rdev &co. or fooling around with hardlinks pointing to
/dev/null will fuck up his system. There are plenty of ways to do it but Im
not gonna actually cover them as I hate this kind of
hacker >:/ .
5) Making fun of the users ...
This is the coolest thing! ;]] I love to be a pain in the ass of the users ..
;]]
You could start by choosing a moment when there are many users logged on.
First let's bug them a little...
bash# wall
h0h0h0............... timidu is here and he totally 0wns j00!!!!
SUCK COCK, CUNT-FACES!!!
^C
bash#
If they don't react .. let's play rough!!! :
bash# for lOOSER in `users` ; do cat /dev/urandom | write $lOOSER ; done
What you did is redirecting /dev/urandom 's content at their terminals.
/dev/urandom is a phile that generates random UGLY characters ;]. That will
for sure disturb their attention. You can use the same nasty file for mailing
the users what we would call .. "not actually a love letter" :
You probably think .. "how do I know every user on that box?". Hey dum ,
remember /home folder? That's where you can find out what are all the
usernames.
There's only one tiny problem .. when you `ls /home` you'll get the directory
name .. like "john/" or "sue_ellen/".But this is where awk comes and helps
us.
bash# for I in `ls /home/ | awk -F'/' '{print $1}'` ; do head -100
/dev/urandom | mail $I ; done
Now everyone will have the pleasure of receiving a cute e-mail ;]
If you aren't satisfied with this ... try replacing basic files in /bin with
"cute" messages like ...
bash# echo "#!/bin/sh" > /bin/ls
bash# echo "echo -e "\033[1;31myou aren't allowed to use 'ls' !! Suck timidu's
cock and try again .. h0h0h0! >> /bin/ls
That's kind of damaging the server .. and I don't find it very clever as you
will need ls too. So my advice is either not to use it .. or to backup
whatever
files you rewrite.
Another fun thing is playing with setleds. For those who don't know what
setleds is ... well it turns Caps/Num/Screen Lock on and off. And it also
lights
those leds on your keyboard. When you're logged on a tty (not a pts .. that's
a special terminal) try using it. For example setleds +caps < `tty` will set
Caps Lock on for your terminal (yep , tty returns your terminal).So let's say
you're on one of your many hacked boxes and see that the real admin is logged
on tty1 for example. You can quickly start making fun of him ..
bash# setleds +caps < /dev/tty1
That just enables Caps but he'll probably turn it off. That's why I made this
cool script .. it just keeps switching caps/num modes .You'll have to tweak it
in
order to work .. as I made it for educational purposes only ... ;]
---- h0h0.sh ----
#!/bin/sh
# Courtesy of timidu .. enjoy ;]
tTTY=/dev/tty1 # change this variable to the appropriate one .. using w for
example
$echo "Watch your keyboard , cutie!" > $tTTY
while /bin/true
do
setleds +caps < $tTTY
setleds +num < $tTTY
setleds -caps < $tTTY
setleds -num < $tTTY
done
---- EOF ----
Another thing that'll really drive mad someone logged at an tty[1-8] is
playing with his Video Modes. You can use SVGATextMode for this. So .. log on
using
ssh or whatever your backdoor is and begin changing his modes with
`SVGATextMode -x <mode>` . You can find those modes in /etc/TextConfig. If
you're too
lazy then you should gn0h that important modes are 80x25x9 , 80x28x9 , 80x60x9
, and so on ....
If root is logged on but he is running X-Windows you can still make some cool
things. I will give you an example ...... suppose that box has wish
installed. Wish is part of Tcl/Tk and lets you play within X-Windows
environment.
Start wish by typing wish at your prompt .. your rootshell , of course ;]
bash# wish
%
You'll have to be quick as a window already popped up on root's screen. Now
let's move further. Type exactly what I tell you:
% label .label -text "Are you a faggot?"
.label
% button .button -text "Yes, I am!"
.button
% button .button1 -text "Nope!" -command halt
.button1
% pack .label .button .button1
Now that windows I was talking about earlier will ask root if he's a faggot.
If he presses the "Yes, I am!" button nothing will happen. If he presses the
"Nope!" button his PC will halt ;] Ain't that just cool?
There are plenty of things to be done for bothering the users but you'll have
to use your 0wn imagination. If you have something really cool , let me know ,
puuullleezzeeee!!!!!!
It's up to you to choose what to do with a hacked-root.. but always be careful
and don't make mistakes that will eventually be crucial.
I know this is a lame article and probably bob wont publish it .. but , heh
... I had no fucking time to finish it and place here really cool things. I
promise you a better article next time ................
Greetings : Alya , #linuxro , #rohackers , Alya , #pcr , Alya and all my
friends on Undernet (they know who they are ;])
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[ 3:. - [ how to pick up chicks ] [chris] :. ]
[chris@b0g.org] :. ]
____________________________________________________________________
Welcome to the first installment (of some odd amount) of my new b0g series.
Today, all of you h4x0rs, I will be talking about how to pick up women. Now,
if your techniques include Talking H4x0r1sh, reciting UNIX commands or
really anything computer related, this course may help you out. Let's get to
our first scenario.
Hypothetical Situation #1: You see a very attractive female across the room
(pub, alley, whichever) and you want to get her attention.
Your Initial Reaction: Walk over (stumble, rather), wearing a goofy smile and
pretend to "accidentally" bump into her. Let's here a few other answers:
- k-rad-bob - I'd just slap her unconscious and then take advantage of her
:(
- twist - I'd probably get out my penis pump and inflate myself to 4 inches,
then walk by her and surprise her with my large member.
- GrId - I woUld iMpreSS hER wiTH mY lEeT uNiX SkIllZ!
- tress - eugapwierbpofng[inr-q34y9h8awognawlgka?,sf2.
- Prae - Why would I want to get a women's attention?!
As you can tell, they just don't have a clue. Now, here's what you SHOULD
do: Make eye contact with her (while your sitting) and try to keep her
attention for at least 3 seconds. Then look away. Don't stare too long, she
may call the cops. Wait a couple minutes, then calmly walk over and
introduce yourself. Ask her where she's from and act interested. Just try to
keep her interest, ask her questions until she wants to know about you. If
she asks about you; you're doing good. Remember, the main goal of this
conversation is to make yourself appear calm and self-assured. At this
point: you have two choices. Either ask her to a movie (or wherever) or ask
her for her phone number. I would choose the latter, as it gives her more
time to think about you. Only do this if you think you've made a good
impression. If you feel your impression wasn't very strong, you may want to
ask her out first, so you can have more time to work on her. If you don't
want to go elsewhere, just sit down with her wherever you're at and talk to
her some more.
Tip 1 : There is something you need to know. If your trying to impress a
female ages 14 to 20, keep in mind they are often more attracted to guys who
are, in a word, pricks. Nice guys don't get the girls here, fellas. If, on
the other hand, you're trying to impress an older woman, nice guys = A+.
That's a general rule, but of course (as with any rule) there are
exceptions.
Tip 2 : Pick up lines are fucking lame. The only pick up line you'll be
needing is "Hi, my name is xxxxxx." If you feel you have to use a pickup
line, choose something that's not offensive and is loose. For example, "I've
lost my phone number, do you think I could have yours?" Then smile at her
and laugh. Generally, she'll laugh too. If she doesn't, just back away.
You're not welcome here.
Tip 3 : If you're going someplace with her, and she's riding in your car,
open the door for her. It's small, but it's a goody.
Remember, if all else fails, crack open the bottles of roofies and slip it
in her drink. She'll be all yours for 8 hours!
Until next month, kiddies.
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[ 4:. - [ Guide to Paytel Canada payphones ] [TheClone] :. ]
[theclone@nettwerked.net] :. ]
____________________________________________________________________
Written by: The Clone
On Friday July 14, 2000
ÛÛ
__________
./_CONTENTS_\.
` `
.; Disclaimer
.; PayTel Canada offices
.; Protel Model Phones
.; Intellicall Model Phones
.; Resources
.; Conclusion
.; Contact
.; Shouts
_,_
Disclaimer --
Within the pages of this document is information pertaining to the
technological ins and outs of a huge chunk of the payphone market in Canada.
I am by no way responsible for any damage someone or somebody causes by reading
this document. If you want to break something and risk a fine or prison time,
by all means leave me the hell out of it. In other words, if I in some way AM
contributing to that slight increase in Canadian youth crime, I don't take
responsibility for it. So please, use this information to learn and grow and
not to piss off your phone company, the police department, or national defense.
_-_
'PayTel Canada offices'
Several months ago, in my document titled 'The Complete Guide to the
Elcotel Payphone' I listed off every Corporation that currently has an
account with Elcotel; this included specific account information in
alphabetical order. From what I assume, that information was deemed useful
by my readers so for that I've taken a similar approach with this section.
For now, here is a list of every PayTel office in Canada in order from west to
north - just a good resource for Canadian phreakers who may be interested in
this company.
__
Paytel's national head office is located in Surrey, British Columbia,
with the following branch offices in:
Alberta (Calgary), Ontario (Toronto, Markham), Quebec (Mirabel),
New Brunswick (Moncton) and Nova Scotia (Dartmouth).
Western Canada (Head Office)
2428 King George Hwy
Surrey, BC V4P 1H5
Tel: (604) 542-2010
Fax: (604) 542-2011
Toll-free: 1-877-542-2010
Ontario Region
6 Adelaide Street East
Suite 500
Toronto, ON M5C 1H6
Tel: (416) 504-7400
Fax: (416) 504-7211
Customer Service: 1-800-265-2953
info@paytelcanada.com
Quebec Region
17,000, rue Charles
bureau 100
Mirabel, PQ J7J 1X9
Tel: (405) 433-0001
Fax: (405) 433-1303
Toll-free: 1-877-433-3553
Eastern Region
201 Brownlow Avenue
Unit 57
Dartmouth, NS B3B 1W2
Tel: (902) 468-1716
Fax: (902) 468-1717
Toll-free: 1-877-575-7555
_-_
'Protel Model Phones'
Protel, Inc. of Lakeland, Florida is North Americas leading manufacturer
of smart public payphones. In 1984 Protel introduced the first line-powered
smart payphone in the USA. Protel were one of the first key-players in the
development of the first Customer Owned Customer Operated Telephones (COCOT)
in the early 1990's, and have strived to bring quality yet cost effective
phones to millions of people around the globe.
Protel develops several payphones, though only having slight differences
between them, which are unique and interesting to mess around with for
a couple of obvious reasons; interaction with the phones' diagnostic -
statistical information is possible by using a series of secret codes,
and physical/remote security is fairly weak. This is just the type of
thing any telephone enthusiast loves to read.
Note:
I haven't personally found an abundant amount of these payphones within
Edmonton in comparison to the Intellicall model phones, but keep in mind,
the telecommunications industry is an ever-changing one so who knows what
to expect in the next six months or so. Keep your eyes peeled and lemme
know if you find any Protel Model payphones in your area.
PayTel Canada's Protel Phone
----------------------------
This is one of the few widely distributed Protel phones in Canada:
http://home.edmc.net/~theclone/protel.jpg
Payphones and Accessories
-------------------------
http://www.protelinc.com/PROTELInt/payphone/Fpayph.htm
Protel Locations
----------------
Restaurants - Truck Stops - Schools - Service Stations - Churches -
Airports - Bowling Alleys - Night Clubs - Bingo Parlors - Resorts -
Low-income Housing - Convenience Stores - Apartments - Bars - Lounges
- Hotels - Motels
Features
--------
- When dialing a call on a Protel phone, the phone slowly dials each digit
while it waits for you to finish dialing or finish paying. You'll be able
to hear this in the background, but it is often quiet so open your damn ears!
- Leaving a Protel receiver off the hook for too long will cause the phone
to produce an interesting beeping sound.
- Credit Card slots; some of these phones DO have credit card slots which
accept many major credit cards (ie. Visa, Mastercard, e.t.c).
- Internal Alarms; can be disabled by entering *# and the correct two to four
digit pin code, most likely in default mode and easily bruteforceable.
- Ringers; Protel model phones will most often ring when called.
After five rings a modem carrier will pick up which is sometimes
followed by an automated voice that reads off how much money is in the
phone including the date/time.
Special Features
----------------
- A particularly special feature about the Protel model payphones are the
unique Protel-only *# options that allow any phreaker to learn about the
phones' internal information simply by entering a few codes.
Here are the *#6X codes I'm aware of at this present time:
` *#61 should give you ANI information
` *#62 will ID the software version the phone is utilizing
` *#65 sometimes discloses the phones company's HQ modem number
- in Canada the modem carrier number would belong to PayTel Canada.
` *#68 disables the phone all together
! Tip: by hand-scanning other *# codes (ie. *#0X, *#1X, *#2X, e.t.c.)
you may find more neat options like the ones noted above.
Remote Administration Software
------------------------------
* Expressnet - ftp://208.49.251.4/Xv150.exe - (official Protel software)
ftp://208.49.251.4/XnetV151.exe - ""
* Panorama - http://filexfer.tripod.com
* Pronet - http://www.protelinc.com/PROTELInt/pronet/fpronet.htm
Security Issues
---------------
'Physical Administration'
To my knowledge there are two ways to gain physical administrative powers
on a Protel model payphone, the first way is somewhat easier.
Here's what you do;
` Enter *# and then the correct four digit admin PIN code which are most likely
defaults such as: *#1234, *#5555, *#9999, and so on. Once you enter the
correct PIN code you will have total access to all menus, rate tables,
and will have the ability to alter restrictions on what phone numbers
can be dialed.
` The second way is quite a bit more difficult but is successful nonetheless.
After entering the correct two to four digit *# alarm code, and opening
the phone with the proper keys, you will notice a 'setup' button on the
printed circuit board.
Press the button and immediately you'll be prompted for the correct PIN code.
` Enter *#000000 (6 digits) - at this point you will have total access to
all menus, rate tables, including the ability to alter restrictions on
what phone numbers can be dialed.
'Remote Administration'
Remote Administration of the Protel phone can be both enjoyable and
profitable, if done correctly. In this section, I'll be explaining step by
step on how to successfully take over a payphone or many payphones by
using just a computer with a modem and the proper software.
The first thing you'll need in order to successfully take over a Protel
payphone remotely is the particular payphone's phone number. This can be
accomplished by either writing down the phone number listed on the phone,
or by entering *#61 with the receiver off the hook.
Secondly, you're going to need the right payphone administration software.
Remember; some software which might work for administering one COCOT may
not necessarily work for another. The reason for this is that some
software just isn't compatible with the payphones' chip, making it impossible
to even connect to the phone correctly.
Another reason may be that the software you're using doesn't allow you to
enter the necessary number of digits that would be required of you when
prompted for the PIN code. In this case, you'll need software that allows
you to enter a 6-8 digit payphone admin PIN.
The PIN code; because of the fact that most payphone administration PIN codes
(by default) are a series of numbers with only one number and 6-8 digits,
and if we remember that the internal physical administration PIN for the
Protel is *#000000, I would say that the default PIN for all Protel phones
is likely an easy guess.
'Audio File coin return exploit'
Many of the Protel payphones throughout eastern Canada and parts of the
United States which are owned and operated by Bell (called BOCUT's) are
vulnerable to a particularly interesting form of phone fraud.
This vulnerability will allow anyone on one of these phones to make a
local call and then get their money spit back into the coin return.
Now as some of you may already know, as a service provided to ensure customers
aren't being ripped off when they insert that 25/35¢ for a call, phone
companies have what they call a "coin return policy".
This policy states that if a customer inserts his/her money for the call
but are unable to complete the call due to technical problems on the part of
the CO, then the operator must empty out the appropriate change. Now adays
with the advent of new telecom based technologies, all an operator would
be required to do is play a specific frequency into the receiver to
subsequently cause the phone to empty.
What I'm getting to is this; if anyone on a regular quality land-line was to
be called by someone on a Protel model BOCUT, and then the person on the
land-line was to play the coin-return frequency, they could quite possibly
automate what any operator has the power to do. This little exploit is
known as the 'Green Box', but alt.phreaking's 'Cyber Thief' coined this the
'Protel-Box' for the obvious reason that it only works on Protel model phones.
DIY, baby:
==> <==
The frequency in '.WAV' format: http://home.edmc.net/~theclone/freecall.wav
==> <==
Canadian Distributors
---------------------
C. G. Industries Limited
30 Shields Court
Markham, Ont. L3R8V2
Phone: 905-475-5093
Fax: 905-475-5389
http://www.cgil.com
International Connectors & Cable, Inc. (ICC)
16918 Edwards Rd.
Cerritos, CA 90703-2400
Phone: 562-926-0734
Fax: 562-926-5290
Toll Free: 1-800-333-7776
http://www.icc-payphone.com
Palco Telecom, Inc.
7825 Flint Road S.E.
Calgary, Alberta T2H 1G3
(800) 661-1886
(403) 255-4481
Fax: (403) 259-0101
http://www.palcotel.com
Pay Phone Technologies
80D Centurian Drive Unit 8
Markham, ON L3R 8C1
905-947-8216
Fax: 905-947-8209
Toll Free: 1-877-488-0041
http://www.foc-ppt.com
-`-
'Intellicall Model Phones'
`` Using advanced technology and the experience of over
12 years in the industry, Intellicall produces two payphone models
that may both be customized with a variety of options to meet the
demands of your locations. The UltraTel payphone is the economical
workhorse of the industry for those installations that use AC power.
The AstraTel payphone is the proven answer where line power is preferred.
Both are highly robust systems that deliver the long term reliability
required in any successful payphone network. ''
Paytel Canada's Intellicall Phone
---------------------------------
Paytel Canada distributes this model of payphone by Intellicall called
the AstraTel 2:
http://home.edmc.net/~theclone/astraltel2.jpg
Intellicall: 'AstraTel & Ultratel' Audio Samples
---------------------------------------------------
http://www.payphone-directory.org/sounds/wav/web/intvoice.wav
http://www.payphone-directory.org/sounds/wav/web/intavoice.wav
http://www.payphone-directory.org/sounds/wav/web/a.wav
http://www.payphone-directory.org/sounds/wav/web/intring.wav
Payphones and Accessories
-------------------------
http://www.universal-comm.net/intell.htm
Intellicall Locations
---------------------
Restaurants - Truck Stops - Schools - Service Stations - Churches -
Airports - Bowling Alleys - Night Clubs - Bingo Parlors - Resorts -
Low-income Housing - Convenience Stores - Apartments - Bars - Lounges
- Hotels - Motels
Features
--------
[On UltraTel Models]
- After Approximately five rings, a modem carrier will pick up
- Some models of this phone have a scrambled keypad, that is,
when you dial a number, the tones you hear don't match the
numbers you push. After a call is completed, the scrambling ends.
- This phone requires an AC power source to function properly.
- During a call, it will take your money as soon as it thinks
the call is answered. If it is left off the hook too long it will say:
"Please hang up and try again."
[On AstraTel Models]
- After Approximately five rings, a modem carrier will pick up
- It has a 14,400 baud modem, which is very fast for a pay phone.
It runs only on phone line power. If you don't deposit enough for a call,
you will be told to just deposit the difference.
- if you leave this phone off hook too long it will generate a fake fast
busy signal.
Special Features
----------------
Toll Fraud Prevention --
The fraud prevention is this: if you call your friend on an Intellicall
phone (UltraTel & AstraTel models) and your friend answers, the phone will
automatically dial '111'. If you were to call this phone from either the
payphone next to it or from a cellphone; have it ring once, pick it up and
then hang up, and pick it up again you'd get an unrestricted dial tone which
would allow you to use a tone dialer (since the keypad is temporarly disabled)
to make free local calls.
The auto-111 DTMF tones override the dialtone, thus preventing toll-fraud.
Security Issues
---------------
- Internal Alarm Bruteforcing -
Internal Alarm Bruteforcing can be done by firstly entering pound then
a four digit PIN. Because of previous problems involving the disclosure
of alarm codes, I will not be posting it on this article.
Too many people were abusing the #CPC code that was mentioned on the
'Complete Guide to the Elcotel Payphone', and because of that Canada Payphone
changed the PIN and set up a trap (at least in Edmonton) which automatically
caused the phone to dial out for help.
If you wish to bruteforce the PIN then all the power to you.
'Phone Seizing Problems - will give free phone calls'
Well whaddya know, the very same exploit I discovered on the Elcotel 9520C
model COCOTS works on the Intellicall model payphones as well.
When will these payphone developers and their distributors ever take their
security seriously? The answer is; until the specific fraud being committed
has reached such prevalent levels that the chance of a yearly revenue is slim
to none.
Using a twenty dollar Genexxa 33-Number Memory Pocket Tone Dialer from Radio
Shack, one can easily take advantage of Paytel's incompetence in relation
to call seizing.
-- Typical Scenario --
CALL TO PAYTEL CANADA
Operator: Paytel Canada, how may I help you?
Phantom Phreak: Yes, may I have the number for directory assistance?
Operator: Just a moment...
Phantom Phreak: Thank-you.
Operator: 1-877-542-2010
Phantom Phreak: No no no, thank-you!
* Operator Hangs Up *
* Phantom Phreak is dropped to an unrestricted line, and then proceeds to
play his pre-programmed 7 digit DTMF tones into the receiver allowing him
a free local call. *
Useful Numbers:
The keypad isn't disabled when using these local numbers,
meaning you will not need to go through the trouble of using a tone-dialer:
** 0
** 411
** 611
** 811
** 911 (?)
| see: 'SKANNING' at www.nettwerked.net for a listing of thousands of these: |
* Blocked From Area - Will eventually drop you to an unrestricted line
* Call Cannot Be Completed - Will eventually drop you to an unrestricted line
* Disconnected - Will eventually drop you to an unrestricted line
* Not In Service - Will eventually drop you to an unrestricted line
* Unsuccessful VMB Login Attempts - will usually drop you to an unrestricted
line after several unsuccessful login attempts (not recommended)
Modem Carrier Numbers (AstraTel 2):
519-576-0354 - Kitchener, Ontario, Canada
780-483-9783 - Edmonton, Alberta, Canada
780-456-9983 - 127St/139Ave: Edmonton, Alberta, Canada
905-453-9794 - Halifax, Nova Scotia, Canada (corner of Robie and Young streets)
'Resources'
Resources list -
URL's of web-sites that helped me with the R&D for this document:
-+ GHU - The Grasshopper Unit: http://internettrash.com/users/mtghu/
-+ Intellicall Inc: http://www.intellicall.com/
-+ Pay Phone Directory: http://www.payphone-directory.org
-+ PayTel Canada: http://www.paytelcanada.com/
-+ Protel Inc: http://protelinc.com
-+ Protel Inc (ftp): ftp://protelinc.com
-+ Tatung Telecom: http://www.tatungtel.com/
'Conclusion'
I'd firstly like to thank some people who helped directly and indirectly
with the creation of this document: Cyber Thief, Magma, Miklos, and RT.
Secondly:
Oh you big scary Telecom companies popping up everywhere trying to make
a buck (or should I say 'quarter') off the slowly dying payphone industry
in Canada, without ever paying attention to security. I'm not going to
chant about how you guys should INCREASE your security. See that's just
something honest 'white hat' folks do. The more you make it easier for the
Canadian phreakers to exploit you physically and remotely, the better.
Although I don't mind a challenge every now and again... or do I?
All this STUFF just comes so easily to me... tee-hee.
Def Con 8:
YES! Hack Canada and several of their Canadian friends will be attending
Def Con 8 this year for some good 'ol fashion fun! This will be Hack Canada's
second year attending this crazy Las Vegas conference, and we plan on having
a few surprises for all you people. Look for a lot more pictures and
reviews this year - hell just look for us and share your beer, eh.
PeAcE OuT...
_ Contact me _
E-mail: theclone@nettwerked.net
ICQ: 79198218
IRC: haxordogs.net [#haxordogs, #nettwerked]
URL - http://www.nettwerked.net
Shouts:
Hack Canada & Haxordogs
A
P R E - D E F C O N
2 0 0 0
R E L E A S E
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[ 5:. - [ stoned again! ] [wh0rde] :. ]
[wh0rde@b0g.org] :. ]
____________________________________________________________________
stoned again!
the ever-growing guide to my mentor, Mary Jane.
by wh0rde
Well, lets start out with what it is. Cannabis, weed, pot, ganja, whatever,
its a sexy substance that gives you a feeling of being absolutely retarded.
There are so many ways to extract "big papa" THC from the plant (which is what
makes you stoned) that I will just explain the important ones. For newbies I
always recommend a bong. They cant handle the smoke, so you should ice the
water to make it cooled down filtered smoke. The basic idea for a bong is a
slide, a container, and liquid.
/ \
| | |_|
| | //
|~~~~|//
| //
| //
| //|
|----|
Explanation: This is a simple "ghetto" bong, usually made out of 20 oz pop
bottles. What you need to do is make a small hole on the middle of the lower
middle part of the bottle (about 3/4 the way down). Make a slide out of an
emptied pen, the kind where you can pull off the tip and the endcap are the
best, so you have a straight tube. At the point where you stick it in, put
about an inch to a half an inch of the tube inside the bottle, and seal it
with any kind of semi-nonflammable object, if it is flammable make sure it
isnt poisonous, I like to use a little bubblegum and some aluminum foil. Now
make a cup-shaped thing, you can cut off the top (threaded part of the bottle)
of the bottle and use it, but just the very top. Take aluminum foil and line
the inside (and outside too) but leave the bottom covered with a two-layer
thing.
\ /
|\ /|
|| ||
|| ||
| \_______/ |
| \_______/ |
|-----------|
Now find a small bit of mesh wire, the kind thats really small
_|_|_|_|_|_|_
_|_|_|_|_|_|_
_|_|_|_|_|_|_
_|_|_|_|_|_|_
| | | | | |
Like so. Bend it in a cup and stick it on the bottom of the aluminum foil,
then poke about 10 holes in the bottom of the aluminum foil. Now take another
piece of aluminum foil and connect the cup and the pen body so that theres
maybe 1/2 an inch of just empty space between the cup and the body, but the
whole thing must be airtight.
\ /
|\ /|
|| ||
|| _______ || <- new layer is mesh
| \_______/ |
| \_______/ |
|-----------|
\ \
\ |
\ |
\ \
\ \
\ \ <- now connected to pen
This is a horrible diagram but you should be able to see it. The trickiest
part is to make the connector piece, so you can pull the bowl out and take the
last hit in the bottle where its collected. You may not want/need this but I
always prefer it, especially if its a big bottle. Just make it slidable, so
you can pull the bowl part off, and be sure to figure out how youre gonna get
it back on. I kind of round the edges of the part that connects to the tube..
but more often I use a *real* bong. Other substitutes are earthbongs, where
you dig chambers in the dirt and have the tubes come out of them, which is
nasty to me but some like it. Gravity bongs are like Air bongs where it puts
the hit in your lungs for you, which is pretty fucked up to me, thats for
people who are on life support and cant pull a hit. Some use apples or coke
cans or all sorts.. But my favorite is a *real* bong thats sole purpose was
made *to smoke weed out of* and not intricately busted up flower pots (like my
friend loves making). Other forms of smoking are joints, my favorite, blunts
and jujus, which are essentially a sort of "sub-joint," pipes, and roaches,
which are also a subclass kind of.
Joints are essentially weed, wrapped in paper. You usually make it out of
shake, since its hard to roll a big nug.. and you stick the weed in the middle
of the paper going one way diagonally, then smooth it by rolling back and
forth, then putting it to one side and start rolling, twisting off the ends
(in large cases). I've always had to twist off the ends, if you use tiny
amounts theres no point :/ a great thing to do is to put the ash/weed
combination in a bowl, since you actually sometimes do waste a little weed in
joints. Blunts are simply packed blunts, you can leave a little tobacco at the
mouth and then pack however much you want. To get the tobacco out get those
little 3prong computer tweezers and just pull it out. Jujus are just packed
ciggies, make sure when you start smoking it you pull the filter off.
Pipes are, well, pipes. Theres a bowl and a stem, and you light it and pull.
| |
\\_____//______________
\_____________________
Theres a little hole at the bottom of the bowl. Roaches are simply the
*really* resinous tips of joints, you can use tweezers or a roach clip to
smoke them. Thats all for this installment of "this old stoner," Im Bob
Villa, goodnight.
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[ 6:. - [ Hacking Pine ] [timidu] :. ]
[timidu@b0g.org] :. ]
____________________________________________________________________
Hi guys! I'm back and you'd better pjeer!@#$!
Glad for b0g's comeback I wrote another lame article. If you don't like it
, don't flame me ; if you like it .. you're weird. Heh....
I noticed from my 0wn experience that there are too many stupid system
administrators that think they have sooooo fucking good ideas and secure
their Unix boxes in strange ways. One of them is , for those who provide
mail accounts , assigning "/usr/bin/pine" as the new user's shell.Wh00z ,
guess what , you sick shitheads? It's safer to delete the root password
cuz pine CAN and WILL ;] use shell commands. If you're one of those unlucky
guys that have pine as shell .. send me 50$ and Ill share you the secret.
Heh , forget it. I don't need your dirty money!@#$!I'll tell you how I did
it. I know there are many other ways but .. Ill let you have the pleasure
of discovering' em.
You need a couple of things for succeeding:
- an account .. heh. That's what you want to hack. You should be able to
upload/download files in your account as this is very important.
- a simple backdoor that doesn't use root privileges to be ran. I used
bindshell.c found on www.anticode.com I think. Or was it
packetstorm? Anyway , you should find it easily.
- ASM and C++ knowledges are required. As well as a Brainbench degree in
Network Administration.... ;] stupid joke , heh.
I compiled bindshell.c on my box that has the same OS and architecture as
the box I wanted to hack. Afterwards , I took pine's configuration
file. It's called .pinerc and it is found in your home directory. The idea
is simple. We fool pine to use as external speller a backdoor and we will
telnet back on that host .. at THE port specified in the source (check out
what's the port , and change if you want!@#$!).In your .pinerc search the
line that sets the speller. It starts with the word "speller" (guess why..)
and
has a "=" after it. Add "~/bindshell" there, without the quota marks. Now
upload in that shell account the file .pinerc (it'll overwrite your
previous one) and the bindshell binary.Log in that account and start
composing a message. Go at the field where you write the cute love
sentences and you'll notice an option .. ^T -> Spell ;]]]] . Press it ,
what are you waiting. Now all you have to do is telnet over that host at
the port where your new shell is binded and .. start fooling around ;]
One more thing. Suppose you just can't use the bindshell binary cause they
have a strange OS. You'll have to upload the source and first to upload a
.pinerc file that sets the speller to gcc -o ~/bindshell ~/bindshell.c and
then upload a .pinerc that sets the speller to ~/bindshell. I never tried
so if it won't work .. try something else. Pine is a very "powerful" tool
;]
That's all for now!
Greetings for Alexandra (I love you , baby!) , for UnderW (he was the
first who asked me how to hack such an account) and to all my friends that
read b0g.
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[ 7:. - [ Taxonomy of Communications Intelligence ] [psyops] :. ]
[psyops@phault.org] :. ]
____________________________________________________________________
Cryptography is often considered, particularly by those primarily
concerned with security, to be the only serious barrier to communications
intelligence. Histories of the field have generally fostered this impression
by painting a picture of war between codemakers and codebreakers. In
practice, spying on communications is a multi-stage activity in which each
stage plays an essential role. It is entirely possible that the cryptanalysis
of a message, once the message has been identified and captured, may be less
difficult than acquiring and filtering the traffic to locate it. On balance,
the greatest problem in communications intelligence--as in most efforts
to learn things--is sorting out the information you are after from the
information you are not.
The 'sine qua non' of communications intelligence is acquisition of signals.
Without communications in the form of radio waves, electrical currents in
wires, written materials, or copied disks and tapes, there can be no work
for cryptographic or intelligence analyst. The interception of communications
presents both a strategic and a tactical aspect.
Strategically, it is crucial to learn as much as one can about an opponent's
communications infrastructure. The first step is to come up with the most
precise possible description of the target--what the military call the
'order of battle'. If the target is a country, it may have millions of
residents who in turn make millions of phone calls every days. Most of these
calls are not of interest; the people who make them do not work for the
government or in critical industries and say little of intelligence value.
Describing the target is one of the many areas where 'collateral intelligence-
-
information from sources other than covert interception of communications
plays a vital role. Most of the information about a country and its government
can be learned from open sources, such as phone books, newspapers, histories,
and government manuals. Some, however, will come from covert sources such as
spies, and some will come from communications intelligence itself.
Once the targets have been precisely identified, it is necessary to discover
how they communication with one another. Are their communications carried
by high-frequency radio, by satellite, or by microwave? How accessible the
communications are and how they can be acquired is a function of the means
chosen. High-frequency radio and satellite transmissions are the most
accessible.
At the time of World War II, most radio communications and thus most of what
was intercepted was HF. Such signals bounce back and fourth between the
ionosphere and the ground and can travel thousands of miles. This property
makes intercontinental radio communication possible; at the same time, it
makes it essentially impossible to keep HF signals out of the hands of
opponents. Today a large fraction of radio communication is carried by
satellite. Satellite downlinks typically have 'footprints' thousands of
miles across that spread over more than one country. Terrestrial microwave
communications are significantly harder to intercept. They travel between
towers a few miles or tens of miles apart. Intercept facilities on the
ground must generally be located within a few tens of miles of the micro-
wave path and often require facilities in the target country. In the 1970s
and the 1980s, there was a war of words between US and Soviet diplomats
over Soviet microwave interception activities from a residence the Soviet
maintained at Glen Cove, New York (Broad 1982).
As with the organization structure, a target's communication practices
can often be derived from open sources. Since national and international
organizations cooperate in allocating the radio spectrum, it is easier to
identify the frequencies used for military, police, or air traffic control
communications by consulting regulations and standards than by direct
spectrum monitoring.
The output of the strategic of 'targeting' phase of communications
intelligence is a map of the opponent's communications, which will guide
the selection of locations, frequencies, and times of day at which monitoring
is conducted. Interception can also be conducted from many sorts
of platforms; ground stations, aircraft, ships, embassies, covert locations,
and orbiting satellites.
The United States has several major intercept facilities within its borders
and a host of others abroad. Despite attempts to keep these locations secret,
many, including Menwith Hill in Britain, Alice Springs in Australia,
ALERT in Canada, Osburg in Germany, Misawa in Japan, Yakima in U.S.
Washington,
Sugar Grove in U.S., Karamürsel in Istanbul, Camp Humphreys in China, Bad
Aibling
in Austria, Kunia in Marcus Necker Ridge, and Shemaya in Aleutian Islands.
The Soviet Union made extensive use of small ships as collection platforms.
Usually operating under very thin cover as fishing trawlers, these boats
carried large antennas and were thought to be making their biggest catch
in the electromagnetic spectrum. The United States has been less successful
with this approach. In the 1960s it commissioned two ships described as
research vessels, the 'Liberty' and the 'Pueblo', for intercept duty.
The 'Liberty' was attacked by the Israelis, for no publicly apparent
reason, while supposedly intercepting Arab communications in the Eastern
Mediterranean during the Six Day War of 1967. A year later, the 'Pueblo'
was captured by the North Koreans. It turned out to have been carrying
many top-secret documents for which it had no apparent need, and most
of these fell to its captors. As quietly as it has begun, the United
States ceased using small ships as collection platforms.
Airborne collection, by comparison, has been an important component
of US COMINT for decades. Boeing 707s, under the military designation
RC-135, are equipped with antennas and signal-processing equipment.
These aircraft can loiter off foreign coasts for hours at a time.
Flying at altitudes of 30,000 feet or higher, they can pick up radio
transmissions from well inland.
The use of embassies to do intercept work exemplifies the twilight-zone
character of intelligence. Despite widespread 'knowledge' that many embassies
are engaging in intelligence collection, such activity is a
branch of diplomatic etiquette that could result in diplomat's being
asked to leave the host country if discovered. All the equipment used
must therefore be smuggled in or constructed on the spot and must be
made from components small enough to fit inconspicuously in the "diplomatic
bag"--a troublesome limitation of sizes of antennas. Politics
and public relations aside, if an embassy is not suspected of interception,
it is likely to be more successful. Mike Frost, a Canadian intelligence
officer who spent most of his career intercepting host-country communications
from Canadian embassies, reported that the Chinese put up a building to
block radio reception at the US embassy in Beijing but failed to protect
themselves against the Canadian embassy because they did not realize
that it too was engaged in interception (Frost 1994).
Interception can also be conducted from covert locations that do not
enjoy the legal protection of diplomatic immunity. Britain operated a
covert direction-finding facility in neutral Norway during World War I
(Wight 1987, p. 9). In the early 1950s, the CIA established a group
known as "Staff D" to carry out interception from covert locations.
One of the most ambitious undertakings in communications intelligence
has been the development of intercept satellites, which did not arrive
on the scene till roughly a decade after their camera-carrying cousins.
Low-altitude satellites are not well suited to intercept work. They are
relatively close to the transmitter, which is good, but they are moving
quickly relative to the Earth, which is not. No sooner have they acquired
a signal than they move on and lose it again, because the source has
passed below the horizon. The comparison with communications satellites
is interesting. The mainstay of satellite-mediated communications has
been satellites in synchronous orbits, 22,500 miles up. Only recently have
communications satellites been placed in low orbits. Tens of satellites
are required so that as soon as one moves out of range of a transmitter
on the ground, another comes close enough to take over. Systems of this
kind have the advantage that the satellites and the transmitters are
cooperating. A system in which the satellites were attempting continuous
coverage of uncooperative targets would be far more complex, and to our
knowledge, none has been attempted.
Because they are in very high orbits, intercept satellites must carry
antennas tens or hundreds of feet across. It is difficult to make an
antenna of this size light enough to be lifted into synchronous orbit.
In addition, the antenna must be launched in a folded configuration,
which adds complexity and detracts from reliability. In sum, communications
intercept satellites are more complex and expensive than other types.
Because of its huge size and the low population density of much of
its territory, the Soviet Union made more extensive use of radio
communications than the United States or Western Europe. Most of the
territory of the Soviet Union was far north and not conveniently
served by synchronous satellites, so the Soviets developed a
family of communication satellites, called Molniya, that move in
polar orbits. A "Molniya orbit" passes over the Northern Hemisphere at
very high altitude and thus moves quite slowly during this part of
its journey. Its perigee, in contrast is low over the Southern
Hemisphere, and that part of the trip goes very quickly. The result
is that most of the time the satellite "hangs" above the Northern
Hemisphere, where it can be used for high-altitude communications.
In order to spy on these communications, the US built satellites,
called Jumpseat, that move in Molniya orbits. These satellites
are in a position to listen to both radio transmissions from the
ground and those from Molniya satellites.
Communications intelligence depends for its success on tactical
as well as strategic elements. When an intercept station has been
put in the right location, operates at the right time of the day,
points its antenna in the right direction, and tunes its radio to
the right frequencies, it is rewarded with a flood of traffic too
large to record, let alone analyze. The process of examining
intercepted traffic to determine what is to be retained and what is
not may be as "simple" as detecting which channels within a trunk
are active or as complex as recognizing the topic of a conversation.
Typical selection processes include active channel detection, called
and calling number identification, speaker identification, keyword
spotting (in either text or voice), fax recognition, and semantic
information processing.
The difficulty of locating and isolating just the right messages
is an intrinsic consequence of the volume of traffic in modern
communications. Communications intercept equipment must decide
in a faction of a second whether to record a message it has
detected or to permit the message to escape. Often it must make
the decision to record communications of which it has only one
part. If, for example, the two directions of a telephone call
are carried on separate facilities, an individual intercept
point may have access to only one side of the conversation.
Although the entire call may in fact be recorded, so that both
sides of the conversation will ultimately be available to an
analyst, it wil be recorded by two devices acting independently.
Should either fail to detect that the call is of interest, and
therefore fail to record it, the utility of the other component
will be vastly reduced. The problem of identifying traffic of
interest among all possible traffic is the problem of 'search'.
Communications are organized at many levels. The entities
communicating have addresses--in radio these are called 'call signs'
(commonly known in the case of commercial stations as 'call letters';
in the case of telephones they are telephone numbers; in the case
of computer networks, they are IP addresses, email addresses, URLs,
etc. Messages follow 'routes', which in turn are made up of 'links'
or 'hops' on 'trucks'. Within an individual trunk, messages are
'multiplexed' into channels, which make up the trunk much as
lanes make up a road.
At the lowest level, intercept equipment sits and looks through
the space in which messages might be found. At each frequency, or
time slot, or code pattern, it listens to see if there is any
traffic at all. It may well be the case that most of the channels
in a trunk are inactive most of the time.
When intercept equipment detects an active channels, it must
decide whether to record what it finds here. This depends on the
'diagnosis': characterization of the form and the significance of
the signal that has been found. If the channel is a telephone
channel, for example, the likely possibilities are voice, fax, and
data. The intercept device must try to decide what it is hearing
and may then discriminate more carefully depending on the category.
The first step will usually be to listen for dial pulses or touch
tones and attempt to determine what number is calling and what
number is being called. If the call is voice, the device may attempt
to determine what language is in use, or even listen for keywords.
If the call is fax, it may try to determine whether the transmission
is text or pictures. If the call carries data, it will attempt to
determine what type of modem is in use and what codes (ASCII, Baudot,
EBCDIC) or data formats are present. When text is detected, the
equipment may go further and apply semantic processing to determine
the subject of the message in much the same way that a search engine
tries to locate a topic of interest on the World Wide Web.
One strategy followed by many pieces of intercept equipment should
be a caution to anyone using cryptography; if an intercepted message
is found to be encrypted, it is automatically recorded. This is
possible because at present only a small fraction of the world's
communications are encrypted. The first lesson to be drawn from
this is that if you encrypt something you had better do it well;
otherwise you will only succeed in drawing attention to yourself.
The second is that as the use of cryptography increases, the privacy
of everyone's traffic benefits.
Once traffic has been diagnosed as interesting, it will be recorded.
This is not as simple as it sounds. Typically a signal can be recorded
in several different formats, depending on how well it has been
understood. It is always possible to make a recording of the waveform
being received, but this may turn out to be much bulkier than the
message it encodes. For example, recording a modem signal carrying
2400 bits per second of information (about 240 characters a second),
without demodulating it, uses up to 48-kilobyte-per-second capacity
of a digital audio tape. A direct recording of the signal is thus
20 times the size of the message it contains.
Neither diagnosis, nor recording, nor any form of analysis that
may be done on an intercepted signal can be separated from 'signal
processing'--study of the signal by mathematical and computational
means. Digital signal processing (one of the fastest-growing areas
in computing) is revolutionizing communications. The availability
of $100 modems is a consequence of the availability of signal-
processing chips costing a few dollars apiece.
Demodulating modem signals (which accounts for most of the signal
processing in data interception) is far harder for an intercept
device than for the modems used by the sender and the receiver.
Present-day modems go through a period of training at the beginning
of a call during which they study the communications path and "discuss"
how best to make use of it. Even if the intercept device is listening
to this "conversation", it cannot transmit without revealing its
presence, and thus it cannot engage in the negotiations. The signal
quality available to the intercept device is therefore rarely as
good as that available to the communicating modems.
Only after traffic has been located, demodulated, and recorded do
we finally get to the most famous process in communications intelligence,
the process of breaking codes: crypanalysis. This document is not the
place for a technical discussion of cryptanalysis (check my other papers
for more on cryptanalysis); such discussions now abound in both the
technical and the historical literature of cryptography. It is, however,
the place for a discussion of the process of cryptanalysis.
Most of the public literature, both technical and historical, is
devoted to 'research cryptanalysis', the process of breaking codes
for the first time. This is naturally an indispensable component
of any production cryptanalytic organization, but does not account for
most of its budget or most of its personnel. The object of "codebreaking"
is the development of 'methods' that can be applied to intercepted
traffic to produce plaintext. In modern cryptanalysis, this is often done
entirely by computers, without human intervention.
The process of converting ciphertext to plaintext is called 'exploitation'.
It follows a process of 'diagnosis' closely related to the more general
diagnosis of traffic discussed above.
The heart of a communications intelligence organization, however, is
not cryptanalysis but 'traffic analysis'-- a study of the overall
characteristics (length, timing, addressing, frequencies, modulation etc.)
of communications. Traffic analysis by itself provides a broad picture
of the activities of communicating organizations (Wright 1987).
Moreover, it is essential to assessing the signaling plan, the traffic
patterns, and the relationships among communicating entities. Elaborate
databases of observed traffic (Hersh 1986, pp. 258-259) underlie all
comint activities.
A last operational point that bedevils communications intelligence is
'retention'--the preservation of intercepted signals for short or long
periods of time until they can be processed, cryptanalyzed, interpreted,
or used. As we have noted, storing a signal that the holder is unable
to restore to its original form typically takes far more memory than
storing an understandable signal. This is justified because, enciphered
messages can be of value even if they are first read only months or
years after they were originally sent. During World War II, Allied
cryptanalysts were sometimes weeks or even months behind on some
classes of traffic (Welchman 1982). Some signals intercepted during
the Cuban missile crisis of 1962 were not read until two years
later (Hersh 1987). In what is probably the granddaddy of ciphertext
longevity, Soviet messages sent in the 1940s were still being studied
in the 1970s (Wright 1987). Managing the storage of intercepted material
is thus a major problem in all signals intelligence activities.
After all of the technical processes characteristic of communications
intelligence, the 'product' enters in to the part of the process common
to information from all intelligence sources: interpretation, evaluation,
dissemination. One process looms larger over comint than over perhaps
any other intelligence material: 'sanitization'--removal from the
intelligence product of information that would reveal its sources.
Sanitization to greater or lesser degrees produces intelligence of
varying levels of classification.
Feedback would be nice
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[ 8:. - [ How to own ttysnoop ] [tak] :. ]
[tak@b0g.org] :. ]
____________________________________________________________________
Ever on a box you wanna hax0r to the max0r?
What if they were running ttysnoop? DOH!
do not fear my friend, there are ways around that.
First off, lets see if your in windows or linux...
Windows telnet:
windows telnet is white background, black text by default, and can only
change it though preferences, not with a command on the remote
machine...BINGO! most likely the person on the other end is running
ttysnoops on console, which means black background, so the simple command.
echo -e "\033[0;30m"
will change their text black, and leave yours normal, you type, and they
cant see.
Linux Telnet:
in linux, you can either try this ninja trick in an xterm with a different
bg set, or something, or you can do it from console, with this ninja
command... type this command on the remote machine
echo -e "\033[0;30m"
it will turn black, then go to a different terminal on your LOCAL MACHINE,
like tty5 instead of tty6, and type:
echo -e "\033[0;0m" > /dev/tty6
that will change your tty6 console to regular colors, and shit, but still
leave it fucked up remotely. stand in fear.
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[ 9:. - [ a guide to daemons ] [psyops] :. ]
[psyops@phault.org] :. ]
____________________________________________________________________
Introduction.
The most secretive, yet most productive, application or
service on a Unix system is the daemon process. A daemon,
pronounced 'demon,' process is secretive because it runs
in the background, and often does not indicate its presence
in any significant way. Without it, most Unix systems
would cease to function. Programmers write daemons to carry
out a function with little or no intervention by users
or system administrators. In fact, many daemons require
no intervention at all!
The services offered by daemon processes are important to
understand, because the potential security violation may
be through a program that masquerades as a daemon.
What is a daemon?
A daemon process is a process that is not associated with a user,
but performs system-wide functions, such as administration and
control, network services, execution of time-dependent activities,
and print services. To qualify as a daemon process, several criteria
must be met: the process must not be associated with a user's
terminal session; and it must continue after the user logs off.
From the rudimentary process management knowledge you have read
about so far, you know that each process a user starts is terminated
by the init program when the user exits. The init program is the most
famous of all system daemons. This approach allows for proper
management of the process table.
Although daemon processes are almost completely invisible, they do
provide some level of service to users. Daemon processes accept user
requests and process them; they also respond to various events and
conditions. They are often inactive, however, and are designed to be
called into service only when required. By using a daemon instead of
starting a new process for every instance, system load is reduced,
and large programs that take time to get started will not slow down
the user or the operation.
A daemon can be distinguished from other programs on the system
by examining the process table--the ps command displays this table.
The distinguishing characteristic of a daemon is that the TTY column
does not reflect the controlling terminal name.
The daemon is the process with a questions mark "?" as the controlling
terminal name. The controlling terminal is identified in the "TT" or "TTY"
column of the ps output. Whenever this is found in a process entry,
the process is a daemon.
Daemon processes usually do not accumulate very much CPU in the
short run, unless they have a lot of processing to do when they start.
It usually takes a tremendous amount of time for these daemons
processes to equal the CPU requirements that many other processes
accumulate in a minute or two.
The daemon processes shown in the ps output were likely started
as part of the system's boot process.
It is important to consider that the startup procedures of the various
Unix flavors often are very different depending upon the heritage.
SunOS 4.1.x, for example, is derived from the Berkeley Software
Distribution (BSD) code and as such bears little or no resemblance
to the startup procedure seen in Solaris 2.x, which is based upon
the Unix System Laboratories Unix System V Release 4.
The same is true when comparing Unix System V Release 3.2 and 4.0.
These differences are important to note, because they make it easier
to hide inconspicuous programs for later action.
The HP-UX startup sequence makes use of a large number of files,
each of which are tightly linked to a given subsystem. For example,
the file netlinkrc is used to start network processes. With this type
of startup file layout, it is much harder to locate the daemons and
to modify the system startup procedure.
Regardless of the Unix implementation being considered, the use of
the /etc/rc/ file start the system is common. Consider the list of
files required to start the daemons on an SCO OpenServer 5.0 system.
SCO Unix products use a file system structure that is grouped by the
desired run level. Run levels, their meanings, and how to switch between
them.
Like the HP-UX implementation, a number of SCO Unix startup scripts
are used to start daemons. Each script essentially is dedicated to
starting the daemons for a specific function group. This is not
nessessarily bad design, but it requires a detailed level of understanding
of the underlying system structure.
Examining the System Daemons.
A number of system daemons can exist in a Unix system. Some are
only found in a specific version of Unix, but many daemons are common
to all versions of Unix. This section discusses many of the common
daemons and describes their function on the system.
init
The init daemon is known as the parent process for all the processes
on the system. It performs a broad range of functions that are vital to
the operation of a Unix system.
The most commonly known purpose of the init process is to boot the
system. The method init uses to boot the system differs among Unix
versions. The BSD and XENIX init programs, for example, do not work
the same way as the System V implementation. The System V init
program relies on the file /etc/inittab/ to provide details of how init is
to govern the startup and initialization of the various services on the
system.
The init process is commonly known as "init" because of its role in the
initialization of various processes during system operation.
The init program considers the system to be in a run level at any given
time. Run levels are the operating states of the system. For the purposes
of this section, a run level can be viewed as a software configuration;
each configuration allows only a selected group of processes to exit.
swapper
Some Unix system administrators refer to swapper as a daemon, and
others do not. The swapper process is responsible for scheduling the
use of memory by the various processes on the system. The swapper
process is actually part of the kernel, so you could say that it is not
a daemon after all.
update and bdflush
Update and bdflush are similar commands that periodically executes
the sync system call to flush disk buffers. These daemons execute
every 30 seconds. Users and system administrators rely on these
daemons to update the file system in case of a crash. Although two
commands are listed, your system will see one or the other, but rarely
both.
lpd
The lpd daemon is part of the BSD print services. It listens for and
accepts connections via TCP/IP to submit a print request. The lpd
daemon relies on the LPD protocol to accept the job, and submit it
to the requested printer. This daemon was almost exclusively found
on BSD-based systems until the more popular System V derivatives
started adding similar services.
lpsched
The lpsched daemon is the System V version of the print spooler. It
performs the same tasks as the BSD lpd program, but in a much different
format. Despite lpsched's inability to communicate directly via the LPD
protocol, it is still considered stronger than lpd because of its flexibility
with printer interface scripts.
cpd and sco_cpd
The cpd and sco_cpd daemons are the license managers for SCO products.
They are similar to license managers on other implementations of Unix in
that they ensure that all products on the local network have unique
serial numbers. With the release of SCO OpenServer 5.0, the license
managers support shrink-wrapped software and operating system software.
cron
The cron daemon is the automated task scheduler; it runs scheduled jobs
at the requested time. A user may want to execute a number of jobs at
regular intervals, for example. To do this, a crontab file is created
resembling
the following:
0,15,30,45 * * * * /usr/stats/bin/getstats border1.ottowa
0 3 * * 0 /usr/stats/bin/merge border1.ottawa
0 4 * * 0 /usr/stats/bin/ar border1.ottawa
This specification identifies when the job is to be executed and what the
command to be executed is. The cron daemon builds an internal list of the
jobs to be executed, and runs them at the requested time intervals.
syslog
The syslog daemon is a UDP/IP service that allows information and status
messages for different network services to be logged through a central
logging mechanism. The syslog daemon is controlled through the file
/etc/syslog.conf and can write messages of different types into different
log files. A sample syslog.conf file is shown here:
user.* /usr/log/user_logs
kern.* /usr/log/kernel_logs
daemon.* /usr/log/messages
mail.debug /usr/log/mail
etc. etc.
The syslog.conf file lists the facility priority level of the messages, and
where
that message is to be stored when received. Any message that is received
with a priority level of critical, for example, is written to the file
/usr/log/critical.
sendmail
The sendmail daemon is the common Mail Transport Agent included with current
versions of Unix. Because this program is a daemon, it listens for and accepts
incoming e-mail connections from external systems. This daemon receives and
subsequently delivers messages to local or remote users. Sendmail is not
intended to function as a user interface, but rather as the processing agent
for user mail programs such as elm, pine, mailx, and mush.
The sendmail program functions in two modes: incoming and outgoing. It accepts
mail from internal and external sources and processes it according to the
rules found in the /etc/sendmail.cf configuration file. The format of and
options for the /etc/sendmail.cf configuration file are far too complex to
cover here.
The sendmail program is capable of accepting TCP/IP connections on port 25.
The following output illustrates a connection to sendmail on this port.
nms% telnet nms 25
Trying 198.53.64.4 ...
Connected to nms.
Escape character is '^]'.
220 nms.home.org Sendmail 4.1/ch-950121.1 ready at Thu, 18 May
95 11:28:36 CET
help
214-Commends:
214- HELO MAIL RCPT DATA RSET
214- NOOP QUIT HELP VRFY EXPN
214.For more info use "HELP <topic>".
214-stmp
214-To report bugs in the implementation contact Sun Microsystems
214-Technical Support.
214-For local information contact postmaster at this site.
214-End of HELP info
quit
221 nms.home.org closing connection
nms%
The system administrator can test his or her configuration from the sendmail
command directly. Unfortunately, this capability can also be used by the way
the wily hacker to create a false mail message that looks like it came from
somewhere else.
getty
The getty daemon is responsible for providing a login prompt on terminals
and on serial devices directly connected to the system; getty is also
responsible for providing a login prompt on the console. The getty command is
started by the init process, and is part of the login->shell->logout process.
It is important to note that when you log in through telnet, getty is not
involved in the process.
The telnet server, telnetd, displays the login message and collects the user
name from the user.
rlogind
The rlogind daemon is the server side to the client rlogin program. It
provides a remote login facility with authentication based on privileged port
numbers and hostname-username pairs. rlogind is executed by the Internet
daemon, inetd, when it receives a service request at the port indicated in the
services database for login using the TCP/IP protocol.
deliver
The deliver daemon manages all mail delivery in the MMDF mail system. deliver
does not only deliver mail directly, but instead calls on MMDF channel
programs to handle actual delivery.deliver's actions are guided by the MMDF
configuration file, /usr/mmdf/ mmdftailor, and by command-line options. This
daemon also maintains a cache of host information on a perchannel basis, so
that mail for unavailable hosts can be skipped until the host is available.
inetd
The inetd daemon listens on multiple ports for incoming connection requests.
When it receives a request, inetd spawns the appropriate server. The use of a
"super-server" allows other servers to be spawned only when needed and to
terminate when they have satisfied a particular request. The following servers
are normally started by inetd: fingerd, ftpd, rexecd, rlogind, rshd, talkd,
telnetd, and tftpd. inetd can also start several internal services: these are
described in inetd.conf, which is typically found in the /etc directory. Do
not arrange for inetd to start named, routed, rwhod, sendmail, pppd, or any
NFS server.
routed
The routed daemon is invoked by root at boot time to manage the Internet
Routing Tables (usually during init 2). The routed daemon uses a variant of
the Xerox NS routing Information Protocol to maintain up-to-date kernel
Routing Table entries.
If the host is an internetwork router, routed periodically supplies copies of
its Routing Tables to hosts and networks that are directly connected.
nfsd
The nsfd daemon starts the NFS server daemons that hande client file system
requests the nsfd daemon is a user application entry point into the kernel-
based NFS server.
mountd
The mountd daemon is an RPC server that responds to file system mount
requests. It reads the file /etc/exports to determine which file systems are
available to which machines and users. This daemon also provides information
regarding clients with mounted file systems. This information can be printed
using the showmount command.
pcnfsd
The pcnfs daemon is an RPC server that supports ONC clients on PC (DOS, OS/2,
and MAC) systems. There are two implementations of the PC-NFS protocol:
Version 1 and Version 2. Version 2 supports extended printing features. It
reads the configuration file /etc/pcnfsd.conf if present, and then services
RPC requests directed to program number 150001. Many releases of the pcnfsd
daemon support both version 1 and version 2 of the pcnfsd protocol.
statd, rpc.statd
The statd and rpc.statd daemons are RPC servers that function as the RPC
status monitor. It interacts with the lockd server to provide crash and
recovery functions for the locking services on NFS. It is common to see either
statd or rpc.statd but not both on your system.
lockd, rpc.lockd
The lockd daemon processes lock requests that are either sent locally by the
kernel or remotely by another lock daemon. lockd forwards lock requests for
remote data to the server site's lock daemon. lockd then requests the status
monitor daemon, statd or rpc.statd, for monitor service. The reply to the lock
request will not be sent to the kernel until the status daemon and the server
site's lock daemon have replied.
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[10:. - [ Two bombs and some anarchy ] [reaper] :. ]
[reaper@b0g.org] :. ]
____________________________________________________________________
=================================================================
::Volcano Bomb:: :: reaper@b0g.org ::
=================================================================
(Firstly, Im not sure if this is an international thingy.. but like
here, everyone does it)
Ingredients for Volcano Bomb:
[1]Matchbox
[2]Duck Tape
[3]Sparklers(Enough to fill the matchbox/container)
(You do not necessarily have to use a Matchbox, you could use a container
larger as long as you can penetrate a hole in it..)
Step 1: You first need to empty the matchbox
Step 2: You then rub the sparkler so all the powder in little bits goes in
the matchbox, until the sparkler wire is bare(do this until the matchbox is
full) + (remember to leave 1 or 2 sparklers untouched outside the
matchbox, this will be our fuse)
Step 3: Close the matchbox
Step 4: Wrap duct tape around the matchbox,(make sure you do this
tightly, the more pressure there is) Also wrap it sideways, the more tape
again the more pressure.
Step 5: Make a hole through the top of the matchbox(It has to be small so
the sparkler-fuse can go in it),Place the sparkler in the hole of the match
box upside down(meaning the metal piece starting from the top)
Step 6: Light the fuse from the top of the sparkler.
Step 7: Stand back
How it works:
When the sparkler fuse fire, gets into the matchbox all the sparklers will
light up and from the pressure all the sparks will shoot up into the sky,
its really cool.
If you did it correctly the volcano thingy's sparks will shoot up to
at least a telephone wire.
============================================================
::Matchbox Bomb:: :: reaper@b0g.org ::
============================================================
Ingredients to Matchbox Bomb
[1] Two Matchboxes
[2] Duct tape
Step 1: Open your first matchbox(1) and empty it out
Step 2: Take your second matchbox(2),empty it out and cut the sides(the
part where you light the match)
Step 3: Put the sides you cut into the matchbox(1), put one on each of the
2 sides of the matchbox.
Step 4: Cut the match heads off the matches you have and put them inside
your matchbox(1).
Step 5: Gently close the match box
Step 6: Wrap duct tape around the matchbox very tightly
Step 7: Throw the matchbox onto the floor or on a wall with power. The
matchbox should light and you should hear a very loud noise.
How it works:
When throwing the matchbox the match heads rub against the two sides that
are in your matchbox, this causes them to light. From the pressure a loud
sound is heard.
Warning: This may be dangerous if not done correctly, it could explode in
your hand if you arent gentle.
==========================================================
::How to phreak your local Arcade:: ::reaper@b0g.org::
==========================================================
Everybody knows that if you want to impress your friends you must either
(a) be a totally er33t h4x0r like me or (b) phreak!@#!. In this tutorial I
will show you how to phreak your local arcade. First you must find an
arcade, then using the method we like to call "walking" (requires both
feet) we step into the arcade. You will see a pay phone on one of the
corners of the arcade, and if you saw the movie "hackers" everyone knows
phreaking pay phones is totally elite!!!
Instead of recording the sounds to phreak the payphone we shall use a
method far more superior!
First you must sit in one of the machines, you have to notice if the big
hairy apeman behind the cashier is looking at you. If he isnt, pretend you
are playing on one of the machines, you must not make yourself noticable !
After 5 mins you go up to the hairy apeman and you tell him "listen yo!
your FuQinG machine ate my money, dats right dat FuQing tetris machine". The
hairy apeman will then give you money so you can shut up. H0h0! he was
owned!!! What he doesnt know is that you never put in money! You use th e
money he gave you to make your free phone call!!!!
HACK DA PLANET!!!!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[11:. - [ how to make napalm ] [karbonliphe] :. ]
[karbonliphe@techie.com] :. ]
____________________________________________________________________
Good day up and coming Anarchs. Today you will learn how to make extremely
flammable products from less flammable products. Have a good time and
remember to be careful. You wouldn't want to burn a bunch of shit that
belongs to someone else now, would you? Making napalm is the easiest thing
you've ever done aside from lighting raw fuel ablaze.
-Ingredients:-
Gasoline
Styrofoam Peanuts(used for shipping)
Metal Can
Now that youve gathered all these household items and you mouth tastes like
the gas that you siphoned from your car you can begin the process of making
napalm. All you have to do is pour the gas into the can and put Styrofoam
in. The Styrofoam will melt unless you put like little plastic shit from
stuffed animals in there, in which case it will not melt and you will have
plastic in your gas and have to strain it out. That happened to me once
cause Im a dumbshit and it didnt go up in flames. Now keep putting the
peanuts into the napalm. Whats wrong, it wont eat anymore? Stir it and it
should keep absorbing em. Okay, now you have absorbed as many peanuts as
will mix in. Now drink it! No really drink it!
Yeah if you drank it and youre still reading this then go to the emergency
room and get it pumped...youre probably dead by now though. Well anyway,
go outside and throw a match into it after you pour it on a mailbox or
something. This is the cool part unless youre still standing by it or got
in on your hand or something. The napalm should go like 5 feet above the
trashcan if you made enough (enough=4-8 oz. or 1 cup). Wasnt that cool? now
you know how to make napalm!!
Stay awake and alive for more to come anarchist texts. I plan on writing
about burning shit in excess of 500* degrees and telling how to make
dynamite and plastic explosives.
Shout outs to all my friends back in Ohio.
IM NOT REALLY AN ANARCHIST BUT MAIL ME CRAZY SHIT FOR KICKS!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[12:. - [ HACK THE PLANET!#@!] [acidkick] :. ]
[acidkick@b0g.org] :. ]
____________________________________________________________________
HACK THE PLANET!#@! by acidkick
If you look back through film history, undoubtedly one of the
best movies was "Hackers". All of us can remember our first
experience with Hackers. Maybe you were sitting around with your
hax0ring buddies and one of them tells you about this elite movie.
Maybe you were flipping around the movie channels at 1am looking for
pr0n, but found Hackers instead. You might have been in your local
video rental store and noticed this movie Hackers on the shelf, you
were intrigued by it, it confused you...yet you wanted more. All of
us have different memories of Hackers, but they are no doubt
cherished.
This article however, is not about Hackers the movie, but
about that classic phrase that we got from it..."Hack The Planet".
Hack the planet may be the greatest phrase in the history of the
hacker underground. It is spoken over and over by the hack
community and it really pisses a lot of people off. A lot of people
say I'm immature and stupid because I say hack the planet, well to
those people I say blow me. Hack the planet is elite. Anybody who
cannot fully realize the eliteness of hack the planet, is certainly
not somebody I want to be associated with. Here at b0g...we all
feel a close bond with hack the planet. Hack the planet changes
lives, maybe people don't fully realize their eliteness until they
utter the phrase, hack the planet. You form a connection with this
phrase that will remain for the rest of your life.
One of the greatest pieces of software ever created was
hacktheplanet2000.exe, known by most as telnet.exe. With
hacktheplanet2000.exe 0day, you can hack gibson's like there's no
tomorrow. Below is an example of hacktheplanet2000.exe in use:
[lamer@k-rad]$./hacktheplanet2000.exe y4h d00d...0wn th15
[root@k-rad]#
As you can see, using hacktheplanet2000.exe is very
complicated, but with time it can be mastered and you too can be an
elite hax0r. The example shown above is hacktheplanet2000.exe in
it's local exploit form...here is the remote form:
[lamer@k-rad]$./hacktheplanet2000.exe www.eff-bee-eye.gov
Hold on d00d, eye am now owning www.eff-bee-eye.gov, th1s will 0nly
t4k3 4 m1nut3#$%^...
jaja...eff-bee-eye.gov=owned
[lamer@k-rad]$telnet www.fbi.gov 31337
Trying 32.96.111.130...
Connected to www.fbi.gov.
Escape character is '^]'.
[root@fbi.gov]#
hacktheplanet2000.exe is a very powerful tool as you can see.
The effbeeeye was just haxt0red with it's technique. And to all of
you silly hax0rs who think somebody might have already patched the
hacktheplanet2000.exe bug...don't worry it is 100% 'unpatchable'.
That's right, you can hack the planet in style using
hacktheplanet2000.exe.
Below...I have 'hack the planet' in some different languages
for all of our non-english speaking b0g readers...although if you
can't speak english...then you won't be able to read this. I would
like to thank rafay for the urdu, k-rad-bob for the norwegian, tak
for the binary and other computer crap and system_v for the korean.
I've also got logs and shit of people saying hack the planet,
because people who say hack the planet are elite. HACK THE PLANET 4
L1F3#%^$&* Also, hi Crystal. ;)
CORTE EL PLANETA - Spanish
ENTAILLEZ LA PLANÈTE - French
ZERHACKEN SIE DEN PLANETEN - German
INCIDERE IL PIANETA - Italian
CORTE O PLANETA - Portugese
GHOFLE DONYARO VAS KON - Farsi
DUNYA KO HACK KARO - Urdu
HACK PLANETEN - Norwegian
ACKHAY ETHAY ANETPLAY - Pig Latin
KUIG JANIEA ORALDIE - Korean
01101000011000010110001101101011001000000101010001001000010001010010
000001010000010011000100000101001110010001010101010000100001 -
Binary
12122366193255235253213471747344543521 - Decimal
4841434B - Hex
<system_v> HACK THE PLANET!@#@#$$^&#%^&#%
<Accipiter> HACK THE PLANET!
<FlameCube> Hack the planet!!!
<Wir3d0rb> HACK THE PLANET
*** Topic changed to "HACK THE PLANET" by sureal on #hackphreak
<Sekz> Haq da planet now.
<prolog> Hack the planet
<prolog> so what?
<clocker> HACK THE PLANET
*** Topic changed to "HACK THE PLANET" by Wir3d0rb on #hacktech
*** Topic changed to "HACK THE PLANET" by W on #hackphreak
*** Topic changed to "W sez...HACK THE PLANET*&^%^%$%#$@" by W on
#hackphreak
<Wir3d0rb> HACK THE PLANET LIKE WHOA
<jskorpyon> HACK THE PLANET!
<RLoxley> HACK ACIDPRICK
<Devin> Hack THE PLANET!!
<internal> HACK THE UNIVERSE!
<k-rad-bob> HAX0R THE PLANET!!!!!!!
<LaTeX> lets team up and hack the pwanet!!!!!!!!! :(
<acidkick> HACK THE PLANET$%&^*
<Johhn> YA@#$@#$@#$
<Johhn> ./nick z3r0|c00l
*** system_v is now known as HACK_THE
* HACK_THE PLANET
<niemand1> hack the planet
<IrcLoser> hack the planet ?
<frame_> HACK THE PLANET!!@^$!^
<dayzee> hacktheplanet.exe
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[13:. - [ There's Nowhere to Hide ] [Aura] :. ]
[aura@b0g.org] :. ]
____________________________________________________________________
<In a high-pitched, squeaky voice...> Hello, boys and girls! I'm
Aura, the crime-fighting teddy bear, and I'm here to tell you
that...
CRIME DOESN'T PAY!!!
You see, when you commit a crime, there's nowhere you can run,
nowhere you can hide. Our law enforcement professionals are
totally elite, and they'll find you. Oh, you may think you've
gotten away, but you'll slip up some way, because when you break
the law, the universe is against you.
And the fact that you tried to get away with it will make it much
harder on you. You'll be much better off if you turn yourself in
now!
You get the pic? Now, let me show you why trying to get away
with crime is so hopeless. First, let's visit Police Chief Roger
Brownell.
<We enter the office of the chief. He looks up with a scowl on
his face, then adjusts it to a plastic smile as he notes the
camera. With a startled look on his face, he quickly stuffs
something he had been looking at into his drawer and slams the
drawer shut.>
Aura: Hello, Chief Brownell! I just wanted the boys and
girls to know what a consummate professional is in
charge of law enforcement in their city so they'll know
they can't get away with anything. How did you qualify
for this job?
Chief: Uh, I dunno. I hired an ad agency to run my election
campaign. I'm not sure how they did it.
Aura: How many years have you been in law enforcement?
Note: Text enclosed in parentheses during dialog represents
silent thoughts.
Chief: (Oh, Juanita! Last night was heaven!)
Uh... what was that?
Aura: How... long... have... you... been... a... Cop?
Chief: Oh, uh, how long have I...
(Wait! That ribbon I took from her hair last night!
It wasn't in that stuff! Did I leave it in my pants
pocket?! My wife does laundry today! She'll see it!)
<The chief looks frantically through the items he just
stuffed in his drawer, ignoring Aura.>
(It's really not there! Oh, my goodness! I've got to
go home!)
<Slamming the drawer.>
Sorry! Something urgent just came up! A crime in
progress! Lives at stake! I've got to go!
<He rushes to the door, then looks down and zips up his
fly, then he's out the door.>
So you see, boys and girls? With such a dedicated Police Chief,
how could you expect to get away with anything?
Let's go meet some policemen on duty. We'll slip up on them so
we can see what it's really like to be a policeman.
<We approach a squad car on a dark street corner. Strange the
light should be out... Oh! It looks like someone shot it out.>
<As we approach the car, we find two policemen, one about 40 and
the other about 25, in consultation... or something. We draw
closer. We note an open box of doughnuts on the dashboard. As
we peer through the glass, we note guttural grunts and animal
sounds.>
<Suddenly, we note burglars coming out of the building right by
the squad car carrying a stolen tv set. We turn to warn the
policemen, and it is then that we see what they're doing-->
Aura: Children, look away quickly! These policemen are doing
special secret police stuff, and you're not supposed to
see!
Little
Girl: But, Aura, why did one cop have a doughnut around the
other cop's--
Aura: Shut up!!!
Well, boys and girls, we'll take another field trip later, but
you can see how crime doesn't pay. No matter how smart you think
you are. No matter how careful you are. You can't fool our law
enforcement people. They're smart. They're well trained.
They're totally dedicated to their jobs. They've got only one
thought on their mind. And that's to stop crime!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[14:. - [ Fun and Games with RPM ] [phunki] :. ]
[v0idnull@yahoo.com] :. ]
____________________________________________________________________
- What is rpm?
- How is it used?
- Creating packages
- Wtf is the point of reading all this?
- Defeating RPM
- What does it verify?
- Example
- good v 0.1.0 spec file
- Building and Installing good
- Replacing the binary
- Pimping packages
- Our new package
- Our new spec file
- Magic warez
- General ramblings
- Other shit
- good.c
- evil.c
-------------------------------------------------
Ahhhh, apc magazine. What can I say? 1.8 gigs of crap I dont need, clueless and
moronic opinions from people I have no respect for and only two pages of
remotely useful information, endearingly titled "TechnoBabble". All for the
bargain price of $8.95.
Yes, Australian Personal Computer Magazine has a lot to answer for, especially
the new generation of users it has spawned. They are "The Linux Clueless Fucks".
More and more of these fucks are popping up all over the place asking questions
like "where is the recycle bin in linux?" and "how do I uninstall
something/where is my registry?". There are two sub categories of clueless
fucks: the genuine clueless fuck, and the wanna-be hax0r clueless fuck. It is
the latter we'll be focusing our attention on.
A clueless fuck is born ...
07:30 - wake up, clothes on (don't forget, socks THEN shoes)
08:00 - brekky time! (thanks mum)
08:30 - on the bike, off to school (spokey dokes are rad!)
15:00 - schools finished, on the bike again (listen to those spokey dokes !@#!)
15:10 - stops to buy some pokemon cards at the newsagent.
"Hang on a moment .. it's the first of the month #@$#%@!"
hurries to the computer section ... yes! it's a new apc mag!!
pays for the pokemon and apc mag, hurries home
16:00 - successfully signs up for 500 free hours on aol from cd 1
16:30 - successfully installs, plays with and loses interest in all the programs
on cd 2
17:00 - sees "Redhat Linux" on cd 3
"Linux is cool!"
21:30 - Finally gets linux to boot (with breaks for dinner, naps, and IRC in
#linux)
Now, here the sub-categories of clueless fucks come into play: the genuine
clueless fuck will wonder why they get "bashed" when they type dos commands, go
to bed, then brag at school the next day about how cool they are for running
linux. The wanna-be hax0r however, makes a life changing decision, he hax0rs his
way to insecure.org and hax0rs in the nmap rpm, no small feat for an apc mag
reader. Thus, with no knowledge of linux whatsoever, he begins to portscan the
internet.
And here we find the wanna-be hax0r clueless fuck, merrily port-scanning away.
Generally, they end up port scanning someone with a clue, who ends up looking at
something like this:
220 clueless.hax0r.org FTP server (Version wu-2.5.0(1) Tue Jun 8 08:55:12 EST
1999) ready
blah, lets get started eh?
--- What is RPM? ---
RPM stands for Redhat Package Manager. It is, as its name implies, a package
management tool created by the good people at RedHat. Distributed under the GPL,
it is available for many linux distributions and its use is reasonably
widespread.
>From the blurb at rpm.org:
"[RPM] allows users to take source code for new software and package it into
source and binary form such that binaries can be easily installed and tracked
and source can be rebuilt easily. It also maintains a database of all packages
and their files that can be used for verifying packages and querying for
information about files and/or packages."
Here we're going to have a look at its verification options, specifically the
command "rpm -V"
--- How is it used? ---
rpm is a powerful/full featured tool. It has many options from the mundane such
as installing/uninstalling through to building packages from tarballs and
digitally signing them with pgp signatures. I'm not going to go into details
about all of these options, if you want more information see the urls at the end
of the file.
--- Creating rpm's ---
At the heart of building rpm's lies the spec file. The spec file contains a
description of the program, instructions on building and a list of all the files
needed. it's basic structure is like this:
Header: Contains information such as program name, author, version/release
information and other things in a similar vein (License, description
etc etc).
Prep: This is used to get for pre-build instructions to prepare for a make.
RPM has some macros pre-defined to aid the unpacking and patching of
sources, as each section is just basically a place to execute
shell commands.
Build: Here you place any commands you would use build the software if
you were doing things manually (eg: make).
Install: Here go the sh commands you would enter to install the software (or
make install if your makefile has one).
Clean: Get rid of any leftover/no longer necessary files, again, just sh
commands.
Files: A list of files for the binary package. Be sure to use the absolute
path (/bin/blah) instead of directories (/bin). The latter would
result in /bin/* being contained in the package :)
Changelog: The changelog.
Each section and any RPM macros are preceded by a % sign (eg %header, %prep etc
etc).
There is also an optional step between the clean and files stages for pre and
post install/uninstall scripts, with several macros pre-defined by RPM.
These are:
%pre for pre-install scripts
%post for post-install scripts
%preun for pre-uninstall scripts
%postun for post-uninstall scripts
--- The point? ---
As I mentioned before, we're going to look at the verification capabilities of
rpm, why you should bother with such is this. If you've hax0red a clueless fuck
and used your script-kiddie enabled rootkit tekneq, your going to get nailed as
soon as they type rpm -V (this is of course assuming they know such an option
exists but they'll probably be enlightened to the man command pretty soon by the
usual self-righteous assholes you find in any #linux :)
So now, lets have a look at defeating rpm's verification.
--- Defeating RPM ---
There are two main ways that spring to mind. One would be to modify the actual
rpm binary itself so that no or limited verification takes place. The other
would be to create a hacked rpm so everything appears to be ok when verified. A
downside of this is the requirement of forethought. In case you haven't guessed
we're going to be looking at the second method, creating our own rpm's.
--- What does it verify? ---
There are nine attributes it checks. Not all of them will be checked, as some
aren't
relevant for certain types of files. This is what they are:
- Owner
- Group
- Mode
- MD5 Checksum
- Size
- Major Number
- Minor Number
- Symbolic link string
- Modification time
When files are verified, no output is displayed if everything is hunky dory.
When something is amiss one line is displayed which has the general form:
SM5DLUGT c <file>
S - file size
M - file mode
5 - MD5 checksum
D - major and minor version numbers
L - Symbolic link constants
U - file's owner
G - file's group
T - Modification time
c - appears if the file is marked as a configuration file
<file> - the file that was verified
It is unlikely that every test will fail, so when a certain attribute is matches
the database a . is displayed instead of the normal flag, giving something like
this:
[phunki@angst rpm]$ rpm -V netkit-base
S.5....T c /etc/inetd.conf
[phunki@angst rpm]$
So here we can see the file's size, md5 checksum and modification time do not
match with what is stored in the database, and that file that did not match was
a configuration file. (inetd and ping are contained in the package netkit-base)
--- Example ---
Ok, to illustrate the steps needed we're going to replace the binary good with
our own binary, evil. These are just lame little "hello world" programs for the
purpose of illustration, and are included at the end of this file.
--- good v 0.1.0 spec file ---
The general format of an rpm's filename is name-version number-release.rpm, so
our package, good, will look something like this:
good-0.1.0-1.rpm
A spec file has the same format as an rpm, with the .rpm being replaced with
.spec, eg:
good-0.1.0-1.spec
So lets have a look at good's spec file.
--- begin good-0.1.0-1.spec ---
Summary: Says hello world
Name: good
Version: 0.1.0
Release: 1
Copyright: GPL
Group: Development/Tools
Source: http://clueless.hax0r.org/good-0.1.0.tar.gz
Patch: good-0.1.0-buildroot.patch
BuildRoot: /home/phunki/rpmtest/BUILD
%description
using k-rad printf tekniq, will display "Hello World!" *every* time it is run
Install it if you think you're leet enough to handle it
%prep
#nothing to untar, dont need to do anything
%build
gcc -o good $RPM_BUILD_ROOT/good.c
%install
mkdir -p $RPM_BUILD_ROOT/home/phunki
install -m 755 good $RPM_BUILD_ROOT/home/phunki/good
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-, phunki, phunki)
/home/phunki/good
%changelog
* Thu Jun 17 2000 phun kay <v0idnull@yahoo.com>
- Created possibly the elitest program ever
--- end good-0.1.0-1.spec ---
A few things to note here.
1) You'll notice Im too lame to use tar. Generally in the prep section you'll
put something like %setup, which is an RPM macro that untars and cd's into the
directory required. (%setup has various options such as cd'ing before untarring
and other such action-packed things)
2) The use of $RPM_BUILD_ROOT. This variable holds whatever was specified in the
BuildRoot section of the header. It saves a lot of hassle, so use it.
3) Also in the prep section, a comment is placed just as you would in a shell
script.
Notice all the commands that aren't macros are just normal shell commands. Also
notice the lack of #!/bin/sh
--- Building and Installing good ---
Nothing too special here:
(create a binary package)
rpm -bb good-0.1.0-1.spec
(install it)
rpm -I good-0.1.0-1.rpm
[phunki@angst rpm]$ /home/phunki/good
Hello World!
[phunki@angst rpm]$
--- Replacing the binary ---
Ok, so good has been built and installed, now what? If we want to replace the
binary we can't use mv/cp, or it will fail verification.
[phunki@angst rpm]$ cp -f evil /home/phunki/good
[phunki@angst rpm]$ rpm -V good
SM5....T /home/phunki/good
[phunki@angst rpm]$
Definitely bad. So let's try replace good by "upgrading" to use our evil binary
with rpm.
--- Pimpimg packages ---
As you've probably guessed, we're going to build a new rpm, but how can we do
this without the original spec file? A neat feature of rpm is that it can be
used to query existing packages, and enough information can be gained to create
our own spec file.
First off, we need to know which package our binary came from. In this case the
name of the file was the name of the package, but this is often not the case,
especially with "system base" sorts of tools:
[phunki@angst rpm]$ rpm -q -f /home/phunki/good
good-0.1.0-1
[phunki@angst rpm]$
Now we need the information for the header:
[phunki@angst rpm]$ rpm -q -I good
Name : good Relocations: (not relocateable)
Version : 0.1.0 Vendor: (none)
Release : 1 Build Date: Thu Jul 20 02:30:55 2000
Install date: Thu Jul 20 02:33:33 2000 Build Host: angst.blah.com
Group : Development/Tools Source RPM: good-0.1.0-1.src.rpm
Size : 11702 License: GPL
Summary : Says hello world
Description :
using k-rad printf tekniq, will display "Hello World!" *every* time it is run
Install it if you think you're leet enough to handle it
[phunki@angst rpm]$
Not everything in the header is displayed, but you can get away with just an
increase in version and/or release information (and you dont even need that),
so this is plenty. Also note the build host, if people are cluey enough, they'll
probably realize that angst.blah.com isn't a great redhat networking tool
distribution center, but if you're thorough enough to be doing this, and it
bothers you, this is easy enough to fix.
Now we'll need a list of files that were installed:
[phunki@angst rpm]$ rpm -q -l good
/home/phunki/good
[phunki@angst rpm]$
Finally, we'll include the changelog:
[phunki@angst rpm]$ rpm -q --changelog good
* Sat Jun 17 2000 phun kay <v0idnull@yahoo.com>
- Created possibly the elitest program ever
[phunki@angst rpm]$
Ok, so now we have all the information need for our specfile, as you've noticed
rpm gives out info like a cheesy slut.
--- Our new package ---
The build options are inconsequential enough, as rpm's are distributed in binary
form, so basically it's whatever works. As for installing there are a few things
you can do if you're paranoid enough to want the original version number. One is
to uninstall the original package using rpm -e, then install the new package.
Another is to use rpm -I --force to install the new package over the old one.
These have a disadvantage of removing/overwriting configuration files, but again
this is easy enough to get around, rpm -q -l -c will list only configuration
files. Anyway, in this example we're just doing an upgrade :)
--- Our new spec file ---
This is pretty much the same file, note the addition of evil.c. You could always
add something to the changelog like "I trojaned your binary, fucknut" if you
were so inclined.
--- begin good-0.1.1-1.spec ---
Summary: Says hello world
Name: good
Version: 0.1.1
Release: 1
Copyright: GPL
Group: Development/Tools
Source: http://clueless.hax0r.org/good-0.1.0.tar.gz
Patch: good-0.1.0-buildroot.patch
Buildroot: /home/phunki/rpmtest/BUILD
%description
using k-rad printf tekniq, will display "Hello World!"
*every* time it is run
Install it if you think you're leet enough to handle it
%prep
#blah
%build
gcc -o evil $RPM_BUILD_ROOT/evil.c
%install
mkdir -p $RPM_BUILD_ROOT/home/phunki
install -m 755 evil $RPM_BUILD_ROOT/home/phunki/good
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-, phunki, phunki)
/home/phunki/good
%changelog
* Thu Jun 17 2000 phun kay <v0idnull@yahoo.com>
- Created possibly the elitest program ever
--- end good-0.1.1-1.spec ---
Build is the same, rpm -bb good-0.1.1-1.spec, when installing we'll use rpm -U.
--- Magic warez ---
[phunki@angst rpm]$ rpm -U good-0.1.1-1.i386.rpm
[phunki@angst rpm]$ /home/phunki/good
h4h4h4! 3y3 0wn j00 !@#!
[phunki@angst rpm]$ rpm -V good
[phunki@angst rpm]$
h0h0!
--- General ramblings ---
I've spent the last few days poking around rpm, objectively it's a pretty good
tool that serves a valid purpose. Security wise it's about as useful as a kick
in the tits, but it's worthwhile for it's other features. The only reason I can
think of why its not as popular as it should be is it's egotistical name. I'm
willing to bet if it's name was some recursive acronym with sexual connotations
everyone would be using it.
If you have to use it, do it with something like tripwire to back up its piss
poor security. On a side note, I noticed the actual database (in /var/lib/rpm),
doesn't seem to be owned by any package so you could possibly delete the entire
database and rebuild it with rpm --rebuilddb. I dont particularly have an
overwhelming desire to test this out though.
One thing I haven't touched on is the signature checking abilities. To write
this I did a "minimal" install of redhat 6.2 which was about 227 megs. If your
using redhat type rpm -q -a to see every package installed. Feel like checking
all their signatures daily?
Admittedly, if you were recovering from a compromise, and couldn't bring the
host down, this could be worth the effort, but it would still be a large pain in
the ass.
So, thats it. Go own some clueless fucks.
--- Other Shit ---
Spokey Dokes: Brightly colored ball shaped plastic things that go on bike
spokes. They slide up and down the spokes as you ride making a
rad clanking sound.
APC Magazine: For some bizarre reason this is a popular magazine in Australia.
The parts
of it that aren't ads are generally mindless pap.
URLS: www.rpm.org - the rpm howto is worth a read
www.rpmdp.org - rpm documentation project contains an entire book
on rpm in various formats. Worth it if you uh, want to read a book
on rpm.
Other: The rpm man page - if your going to be using rpm, read this, its
worth it.
--- good.c ---
#include <stdio.h>
int main(void)
{
printf("Hello World!\n");
return 0;
}
--- evil.c ---
#include <stdio.h>
int main(void)
{
printf("h4h4h4! 3y3 0wn j00 !@#!\n");
return 0;
}
If you cant compile these, you're a moron. These are just included for
completeness.
----------
y0 too ...
#ozsec, #is - IRC is a tool of the devil
2600.org.au
mindrape.org - mad archive
wiretapped.net - another mad archive
phase5
caddis
grufl - "g1bb0r me back my IDE controller !@#$!"
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[15:. - [ The Ultimate Guide To Hacking Hotmail ] [acidkick] :. ]
[acidkick@b0g.org] :. ]
____________________________________________________________________
Well haxt0rs, one night I was sitting on IRC (Internet Relay Chat) and I
was talking to my good friend k-rad-bob. He was like "b0g is an elite e-zine
dude%^$#@%$". Then I decided to write this 3133(5+2) article and you will all
fjear.
The art of "hax0ring hotmail" is one that takes many years to master.
Through my time on IRC "How do I hack hotmail?" seems to be the most frequent
question in elite channels such as #hackphreak. Most elite hax0rs want to own
hotmail to find out if their girlfriend is cheating on them with the next door
neighbors gerbil. To hack hotmail, first you must be 3133(5+2) without that
technique, you are fucked. If you can't hack the planet, or own a gibson or
2...don't even try to hack hotmail because it will come after you with a
vengeance. I have come to learn that hotmail has a mind of it's own...and if
you don't straight up own it then hotmail might just hax0r you and that is bad.
Second,if you want to hack hotmail for a reason other than finding out if your
fat gay lubbor is cheating, turn away now because that's all that it's really
good for. If you want to hack hotmail accounts in order to say, get free ascii
pr0n or for any other reason...that just won't cut it because it's a waste of
time. Now to the actual owning^&%$#& Following each "hax0ring method" I will
have examples for the stupid people.
If you are at the "victim's" house you can be 3133(5+2) and look over
their shoulder while they type in their password! You will get their password
and they'll be hacked. Now what if the person is like "dunt look at my password
or I'll break your legs"...well, you cover your eyes, but peek through$%^#&*
they will never notice and you will have just hacked them.
Example 1:
(Jebediah): I am going to check my e-mail on Microsoft Hotmail.
(You): Ok, good idea Jebediah.
(Jebediah): *types in password*
(You): *looks at keyboard*
Jebediah=Owned
Example 2:
(Jebediah): I am going to check my e-mail on Microsoft Hotmail.
(You): Ok, good idea Jebediah.
(Jebediah): Cover your eyes, I don't want you to see my password, it's uber
secret.
(You): All right. *covers eyes, but leaves a crack between fingers*
(Jebediah): *types in password*
Jebediah=Owned
The second hotmail hacking technique is to be like "I am a hotmail
administrator. Tell me your password now." and you get the password and see if
the gerbil rumors are true! This is a bit tricky since hotmail has all that "Do
not give your password out to anybody." crap on their pages. Lucky for you...if
someone is stupid enough to use hotmail, chances are they will be stupid enough
to believe that you are actually a hotmail administrator.
Example 3:
From: Jebediah Johnson - Hotmail Administrator <jjohnson@hotmail.com>
To: Stupid Gimp <ilikeboys@hotmail.com>
Dear Mr. Gimp,
I am Jebediah Johnson, a Hotmail Administrator. Our system has recently
crashed and we therefore need to confirm the existing password of all of our
users. Please respond with your password as soon as possible. Thanks.
Sincerely,
Jebediah Johnson
From: Stupid Gimp <ilikeboys@hotmail.com>
To: Jebediah Johnson - Hotmail Administrator <jjohnson@hotmail.com>
du0d, my password is "31337h4x0r". it sucks that you got 0wn3d, haha...but
like, there is my password for your 'confirmation'
-Fucking Idiot
---That's how it works people, owning hotmail accounts is as easy as 1, 2, 7.
The third and final method of owning is to be like 'TELL ME YOUR PASSWORD
HONEY OR I WILL RIP OUT YOUR EYES WITH AN ICE PICK. THAT'S RIGHT BITCH, DONT
MESS WITH ME'. This is also known as the "hostile" method. I take no
responsibility if you are sent to jail for making these type of threats. It's a
good thing that we all know that won't happen, because the victim will fjear
your technique and give up the password on the spot.
Example 4:
(Big Gay Al): Hi honey, how was your day?
(Big Gay Joe): TELL ME YOUR HOTMAIL PASSWORD NOW SLUT!
(Big Gay Al): What do you mean tell you my hotmail password?
(Big Gay Joe): I SAID TELL ME THE PASSWORD ASSFACE#%$@^&
(Big Gay Al): Ok, ok...it's backdoor_bandit. Ok?
(Big Gay Joe): IF YOU'RE NOT TELLING ME THE TRUTH...I'M PICKING YOUR EYES OUT
WITH AN ICE PICK!
(Big Gay Al): It's the truth, I swear.
(Big Gay Joe): Thank you.
If none of these methods work, then I'm afraid you're shit out of luck,
because those are the most elite hax0ring methods around. If anyone has anymore
ideas on how to own hotmail ninja style, e-mail me at acidkick@b0g.org and I
just might do a "follow up" article. Shouts to bob, #k-rad, #dps, #hacktech,
hst, acrylic, messiah, reaxt, vulgar, overfien, tak, electro-, console, t|rant,
wh0rde, tidepool, Wir3d0rb and rash.
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[16:. - [ How to pimp IRC ] [dawgyman] :. ]
[glcharron@uswest.net] :. ]
____________________________________________________________________
First you gotta social engineer the bitch. And you gotta go soft on her, if you
want things.
Session Start: Fri Jul 28 11:22:19 2000
<Davvgyman> Got a picture?
<LippyCat> i wish
<LippyCat> i should have one soon
<LippyCat> im gonna go to kinky kinkos and try to get one
<LippyCat> if i can get a ride from my mom
<LippyCat> cuz i dont have a scanner
<Davvgyman> oh
<Davvgyman> =\
<LippyCat> heh...
Session Close: Fri Jul 28 11:23:07 2000
Then you gotta make the bitch seem like she's ALL THAT, okay? Make the bitch
feel special.
And then maybe she will start to tell you personal things, really personal
things. =)
Session Start: Fri Jul 28 11:23:08 2000
Session Ident: LippyCat (o@ip212.tucson14.az.pub-ip.psi.net)
<LippyCat> you think im not cute?
<Davvgyman> You sound cute.
<Davvgyman> =)
<LippyCat> Ur wrong
<LippyCat> iam cute
<LippyCat> : )
<LippyCat> trust me
<Davvgyman> HEHE
<Davvgyman> word
<LippyCat> i wouldnt have ex boyfreinds stalking me if i wasnt
<LippyCat> err but thats not a good thing
<LippyCat> didnt you hear me say my descriptino on the conf?
<LippyCat> is dawgy dead?
<Davvgyman> ?
<Davvgyman> Sorry
<Davvgyman> I'm watching a movie.
<Davvgyman> hehe
<LippyCat> oh dear
<LippyCat> heh
<Davvgyman> No, I didn't hear you say your description on the conf.
<LippyCat> i have hair down to my waist... its like thick and aubornish
<LippyCat> blue eyes
<LippyCat> dark blue
<LippyCat> 4'8
<LippyCat> 22 inch waist
<LippyCat> 90 lb.s
<LippyCat> heh and umm yah...
<Davvgyman> mmmmmmmmmm
* Davvgyman moans
<LippyCat> heh bageesus
<LippyCat> seriously thats how i look.. so dont fake moan at it silly kid
<LippyCat> im little
<LippyCat> very little ;_(
<LippyCat> tiny
<LippyCat> mew
<LippyCat> Dawg
<LippyCat> wake up
<LippyCat> stop watching pornos
<Davvgyman> ?
<Davvgyman> LOL
<Davvgyman> oh
<Davvgyman> You want me to call you up, and then moan at you?
<LippyCat> ok
<LippyCat> hehe
<Davvgyman> lol
<Davvgyman> Then secks you up.
<Davvgyman> >=)
<LippyCat> yah
<LippyCat> lets get the show on the road well!
<LippyCat> seks me up
<LippyCat> fine you dont get to nipple on lippy!!!
<Davvgyman> lol
<Davvgyman> =
<Davvgyman> =(
<LippyCat> shes so sweet too
<LippyCat> .. you have to tell me how you set that conf up
<Davvgyman> Are you seriously 4'8"?
<LippyCat> pwetty pwease
<Davvgyman> lol
<Davvgyman> Well, we carded it.
<LippyCat> yes ;_(
<LippyCat> y?
<Davvgyman> Just wondering.
<Davvgyman> =)
<Davvgyman> I still l0b j00.
<LippyCat> no you dont
<LippyCat> you dont like short girls
<LippyCat> i see how it is
<LippyCat> carded... ?
<LippyCat> credit card?
<LippyCat> hey pay attention to me
<LippyCat> fine mister short girl hater
<LippyCat> au revoir
<Davvgyman> lol
<Davvgyman> Sorry!
<Davvgyman> =(
<Davvgyman> yes
<Davvgyman> credit card
<Davvgyman> stolen account
<Davvgyman> =P
<LippyCat> how did you get it?
<LippyCat> why dun you like short girls..
<LippyCat> im thin
<LippyCat> just petit ...
<Davvgyman> I like short, small girls.
<Davvgyman> Seriously.
<LippyCat> hah sure..
<Davvgyman> =(
<LippyCat> the boobs dont go with the body though = (
<Davvgyman> Big boobs?
<LippyCat> im small everywhere except... breasts
<Davvgyman> cool
<LippyCat> yah err dun tell anyone but 34/DD
<LippyCat> dun tell umm ron or anything
<Davvgyman> @#$#@!$#@!@
<Davvgyman> WOW!
<LippyCat> err i hate them
<LippyCat> and then i have this tiny waste
DONT EVER FORGET TO TALK SMOOTH TO HER! Be cool, play a game or 2 with her.
Just let your cawk guide you.
Session Start: Sat Jul 29 12:46:06 2000
Session Ident: LippyCat (o@210.220.69.165)
<LippyCat> purrrr
<LippyCat> were do you get that translator?
<Dawgyman> lol
<Dawgyman> in a channel i'm in
<Dawgyman> on efnet
<Dawgyman> It's a secret channel.
<Dawgyman> For members only.
<Dawgyman> =P
<LippyCat> heh what?
<Dawgyman> www.cyberarmy.com has a nice translator.
<LippyCat> you brat
<LippyCat> im gonna bite ya
<Dawgyman> mm
<Dawgyman> please do
<LippyCat> ohhhy yay
* Dawgyman licks you
<LippyCat> mmm were?
<Dawgyman> You know..
* Dawgyman winks
<LippyCat> ohhhhhy mmmmmm
Session Close: Sat Jul 29 12:48:42 2000
here comes to really cool part, when you start getting nasty! =)
Session Start: Sat Jul 29 12:50:08 2000
Session Ident: LippyCat (o@210.220.69.165)
<LippyCat> you should really do that
<LippyCat> i would like it
<Dawgyman> ?
<Dawgyman> Do what?
<LippyCat> heh
<LippyCat> lick me there
<Dawgyman> okay!
<Dawgyman> Lippy
<Dawgyman> Do you love me?
<LippyCat> yep yep yep
<Dawgyman> I love you too.
<LippyCat> i lub j0o sooo much dawgy
* Dawgyman licks your **********************************************
<Dawgyman> =)
<LippyCat> mmmmmmmm
<LippyCat> purrrrrrrrr
<Dawgyman> Lippy: tonight, lets phone sex0r.
<Dawgyman> =)
<LippyCat> your silly dawg
<LippyCat> hmm but i wish you could come here and do that
<Dawgyman> CAn't we just do both?
<LippyCat> i dun want a bunch of people listening to me get off
<Dawgyman> What?
<LippyCat> on teh conf
<Dawgyman> hmm
<Dawgyman> We dont need to bring people on it.
<Dawgyman> We can be alone.
<LippyCat> hah and then i can play with myself and moan and you can tell
everyone in the rooms
<LippyCat> hehe
<LippyCat> i dun think that woudl be yay
<Dawgyman> no
<Dawgyman> I love you.
<Dawgyman> Anything we do, stays with us.
<LippyCat> err umm please dont say you love me when we arent joking
<LippyCat> hmm ill tink about it
<LippyCat> err dawg your gonna get hit
<LippyCat> dont say that
* Dawgyman bites your finger
* LippyCat bites your wrist
Talk to her, ask her what she wears sometimes, dont be crude about it!
Session Start: Sat Jul 29 13:08:17 2000
<Dawgyman> lol
<Dawgyman> I'm back.
<Dawgyman> We're outta gas.
<LippyCat> brat
<Dawgyman> =(
<LippyCat> you get to not do your chores
<Dawgyman> lol
<LippyCat> i still have to do dishes
<Dawgyman> hehe
<Dawgyman> Do it naked?
<LippyCat> yep
<LippyCat> naw i do it in gee strings
<LippyCat> they look so nice on my tight ass
<Dawgyman> HEH!%!@^!#@!
<LippyCat> what are you hehing about?
<Dawgyman> THATS AWSOME
<Dawgyman> =)
<LippyCat> its even better when you can see it
<Dawgyman> OMG
* Dawgyman masturbates
<Dawgyman> =)
Session Close: Sat Jul 29 13:17:21 2000
And the rest should tell you how much of a hoe she can turn into. =)
Session Start: Sat Jul 29 15:13:01 2000
<Dawgyman> Whatcha doin secksi?
<LippyCat> putting my finger in me and moaning
<LippyCat> i was kidding silly
<Dawgyman> haha
<Dawgyman> Man.
<Dawgyman> I want to say something, but you would get mad.
<Dawgyman> =(
<LippyCat> what?
<Dawgyman> I love you.
<LippyCat> err
<Dawgayman> =(
Session Close: Sat Jul 29 15:21:56 2000
Here sometimes comes to the phone sex part. =)
It gets eRoTiC!#!#$@! h0h0!$#@!$@!
Session Start: Sun Jul 30 04:46:59 2000
Session Ident: LippyCat (o@ip117.tucson14.az.pub-ip.psi.net)
<LippyCat> i lub j0o
<Davvgyman> I loB jOoO tOo!
<LippyCat> hehehe
<LippyCat> i wanna talk to you
<LippyCat> ;_(
<Davvgyman> phone?
<LippyCat> yah
<Davvgyman> Me too, hehe,
<Davvgyman> brb
<LippyCat> k
<Davvgyman> ok
<Davvgyman> back
<Davvgyman> Want me to call you?
<LippyCat> yah !
<Davvgyman> okay
<LippyCat> yah
<LippyCat> yay*
<LippyCat> hold on
<Davvgyman> okay!
<Davvgyman> So..What're we gonna talk about? =P
<LippyCat> i dun know well see when you call me
<Davvgyman> =)
<LippyCat> k call me in like thirty seconds
<Davvgyman> k
<Davvgyman> !
-> [LippyCat] PING
Session Close: Sun Jul 30 05:48:20 2000
Here's the part when you know she's a slut...
Just read how she treats ya. =)
Session Start: Sun Jul 30 05:49:42 2000
<Davvgyman> God, that was so great!
<LippyCat> hmm
<LippyCat> was it?
<Davvgyman> yes
<LippyCat> well im glad you had fun.
<LippyCat> hmm
<Davvgyman> Did you?
<LippyCat> sorta
<Davvgyman> =\
<LippyCat> you came pretty fast
<Davvgyman> I know, I was masturbating before you asked me.
<Davvgyman> I'm shy. =P
<LippyCat> hmm
<LippyCat> why did you say you loved me when you came
<LippyCat> or hung up
<Davvgyman> Cause I do.
<Davvgyman> Did that make you mad?
<Davvgyman> =(
<LippyCat> do you know what love is..
<Davvgyman> yes
<Davvgyman> sorta
<LippyCat> hmm..
<LippyCat> you dont love me
<Davvgyman> Do you?
<LippyCat> trust me
<Davvgyman> ok
<LippyCat> you only lust after me because i sound sexy and can make you cum
<LippyCat> And if you tell anyone i did that with i swear to god ill find you
and kill you
<LippyCat> im serious..
<LippyCat> just keep in mind.. that im psycho
<Davvgyman> No you're not.
<Davvgyman> =(
<LippyCat> yes i am
<LippyCat> if you tell anyone you get in trouble and then i will find out wre
you live and i will kill you
<LippyCat> i have your phone number and your listing is Gayle L Charron
<Davvgyman> Yes, I know.
<LippyCat> and i will slit you like a fish
<LippyCat> ok?
<LippyCat> so your not gonna tell anyone right?
<Davvgyman> LOL
<Davvgyman> no, i'm not.
<Davvgyman> Nina, Why would I do that?
<Davvgyman> =(
<LippyCat> tell me you dont love me
<LippyCat> Now!
<LippyCat> ..
<LippyCat> im waiting
<LippyCat> tell me you dont love me and mean it
<Davvgyman> I dont love you.
<Davvgyman> I hate you.
<Davvgyman> =)
<Davvgyman> Happy?
<Davvgyman> =p
<LippyCat> yes..
Session Close: Sun Jul 30 06:02:54 2000
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[17:. - [ Counter-control in school ] doc] :. ]
[doc@b0g.org] :. ]
____________________________________________________________________
I am a former high school teacher and school administrator.
While I was in that rancid occupation, I noted a lot of the
"tricks" school teachers and Admins use to manipulate and control
students. (That's one of several reasons I got out of the
field.) In this article, I will cue you in to how to counter
these techniques.
Most school teachers and administrators chose that occupation
simply because they are such little people with so little
intelligence and such low self-value (at least credit them with
knowing their true worth!) that they want to compensate by
dominating and controlling others. Many of them seem to derive
sexual pleasure from exerting control. I think it's about time
the tables were turned on them!
Be forewarned, though... Using these counter-control methods
will not endear you to these wannabe dictators. It will, in
fact, drive them berserk and ensure their undying hatred. So be
sure you're ready for that before you proceed.
`Tip #1:` When they summon you into their office to harass you,
they may leave you standing. This is to throw you off-balance
and to make sure you remember you're in their territory. They
expect this to intimidate you and make you nervous.
Counter-measure: Seat yourself. Now who's off-balance? (Be
ready for instant rage!)
(School thug's reaction: "Erg?!")
`Tip #2:` From the time you enter their office, they intend to
keep strict control of the meeting.
Counter-measure: Immediately seize the initiative. Make
statements, ask the questions, etc.
(School thug's reaction: "Wha--?)
`Tip #3:` In any encounter, they are likely to pepper you with
questions so they can knock down your answers. This is to keep
you intimidated and confused.
Counter-measure: Don't play the defensive role they intend for
you. Give only brief, mono-syllabic non-answers, immediately
followed by pointed questions to keep them off-balance.
(School thug's reaction: "Wha--?")
`Tip #4:` They want to have the last word.
Counter-measure: Be sensitive to when the meeting is about to
end and don't let them dismiss you. Instead, rise and with a
smile say something like, "Well, this has been a productive
session. Thanks for your help! I'll not take up any more of
your valuable time."
(School thug's reaction: "But at the seminar they said I'M
supposed to do the dismissing. And this smart-ass kid is
dismissing ME?!")
`Tip #5:` Beware "The Voice." This is a psychological technique
taught in seminars for tyrants and heavily used by school
personnel as well as by cops and other such slime. It simply
involves barking commands in a stern tone. Most mundanes are
cowered, and many will meekly obey before they even have time to
think about it.
Counter-measure: Develop a mindset of not being intimidated or
controlled by this cheap trick. Display an amused expression for
an instant, then respond in a similar barked manner.
(School thug's reaction: "Wha--?")
`Bonus Tip #1:` If you find yourself nervous during an encounter,
imagine the wannabe "authority figure" standing before you in the
nude, with all the flabby fat jiggling with every move, etc. Let
your facial expression respond naturally to this vision.
(School thug's reaction: "Huh? Is my fly unzipped, or what?")
`Bonus Tip #2:` Be alert for signs of sexual interest and react in
such a manner as to inflict maximum embarrassment. For example,
if you're a guy and your harasser keeps glancing at your crotch
and licking his/her lips or swallowing, that's a good sign of
such interest. If you're a girl and the harasser stares at your
breasts, that's an equivalent indication. Whenever he/she looks
at your face again, smile knowingly, then look deliberately at
the targeted area of your anatomy and casually cover it. (It's
time to implement Tip #4.)
(School thug's reaction: "N-O-O-O-O-O-O!!! He SAW me looking at
his--!")
Well, kids, there you have it! As I said, it seems a lot of
school thugs get a sexual thrill from control, so this is a sure
way to quickly deflate their--uh, egos--and leave them flaccid!
\
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[18:. - [ The internet told me so ] [untoward] :. ]
[ford@fop.ns.ca] :. ]
____________________________________________________________________
You can close your windows
lock your doors
leave me leaning on widows
sucking on whores
I know that ugly men in beautiful ties
can fool you with their business card lives
allow your finger into their pies
hide you from their wives
The internet told me so,
and with a silly buffer overflow
I know where you were last night
that's right
You can call it done
say you never loved me
that we had our fun
and that was all it was meant to be
and that was all I was meant to be
but I've seen your personal emails
business men fetish she-males
selling you amongst themselves retail
I know you in perfect bitmap detail
the internet told me so
and with a silly buffer overflow
I know where you were last night
that's right
I know who you were last night.
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[19:. - [ IRC Quotes ] [k-rad-bob] :. ]
[irc.undernet.org] :. ]
____________________________________________________________________
*** BobsKC changes topic to 'No help for this channel.. BobsKC'
*** BobsKC sets mode: +mi
*** exit has left #k-rad
<BobsKC> I'll open it but you do NOT want to bring any more bots there except
one which I Prae is brining back
<BobsKC> bringing
<k-rad-bob> just one?
<BobsKC> one
<BobsKC> how many is x?
<k-rad-bob> okay
<BobsKC> how many is w?
<BobsKC> one
<k-rad-bob> yeah but x and w are a lot more stable then praes crappy bot lol
<StreamR> does there is any tcl scripters here? if yes, i have a question: does
there is any way to get a keyboard keypress in a variable in tcl?
<__brian> you know that in israel some people trade animals
<Cam2o> What do you call a drive by in china town?
<Cam2o> capachino
<Cam2o> I don't understand it
<aboul3abd> hi all there is someone in our channel steal an op pass and his
puting bad topics with W can i get his ip?
<cayote> do u know where i can get a copy of bo2k that works
<Cam2o> prae, how do you know where to start your record?
<Cam2o> is there a dot were you put the needle when you start?
<Prae> what fucking record
<Cam2o> a beatles record
<Prae> no you stupid cunt
<k-rad-bob> LOL
<Prae> you put it on the outside
<last|one> wuftp does have any bug because i belive my machibe was hack using
some sort of exploit :(
<reveal> what's better than winning gold at the special olmypics?
<reveal> not being retarded
<FoRuM19> who have a scanner for mirc?
<DjNUISSAN> can somebody tell me how to get get the correct IP of a pc that is
online
<louie7> does anybody know how to access a novell netware network with an ip
address / username and pass?
<Prae> Q: why cant paki's play football? A: everytime they get a corner they
build a shop on it
<wh0rde> lore PLEASE send me those scripts?
<mr_lore> write your own man
<mr_lore> i didn't know you hung with b0g
<mr_lore> i'm not sending out my scripts to b0g lovers
<Mr_Mcfly> topic Hi... does anybody knows about a new program wich is called
zero something and it hacks hotmail and icq and stuff like that? thanks
<Cam2o> do cows get errections if you like massague their penases?
<monkey> does anyone know how to hack nicknames on IRC? please answer me
<FloodY> were can i find WINSCK.OCX
<Th33Ph> I looked under google for Accidental Cleavage
<Cam2o> can you access their web cam?
<Cam2o> and see if they're masterbating?
<phatezero> what are some commands i can do in telent port 25 how do i read the
persons mail
<k-rad-bob> i wish russia had ebay
<k-rad-bob> so you could buy stuffed tits and stuff
<while1> i know ASL, but wat does the D in ASDL mean ?
<ZeeWolf> can some one nuke me pls ???????? this is a test
<fid> Argh, anyone know AOL... do they use their own browser?
*** eljine has joined #hacktech
<eljine> who can help me to hack a server of fuck... society ??
*** ShadowDog has joined #hacktech
<j0hhn> huh
<eljine> allo ?
<eljine> allo ?
<eljine> allo ?
<eljine> allo ?
*** Pingu2k is now known as PinguAway
<eljine> what's the fuckin men are there here !!?
this one is fom icq but i just had to post it:
Kr0zKr0niK (ICQ#44006891) Wrote:
is there a way i can actually get an e~mail address like: r00t@127.0.0.1
<[Durango]> Is it possible to disconnect a computer from the internet with
another computer in another home? Msg me
<chris`> rap = retards attempting poetry
[23:15] *** jan20 was kicked by Kim- (Unwanted: members of channels with
"#familysex" in the name)
<RLoxley> big mistake grid, dont you know all my lines are sniffed by the NSA
<RLoxley> you wanna play, now i am in the game
<ls`> He be wanking to the mens section in Sears mag
<chris`> lol
<chris`> it's a+ material
<ls`> For the longest time...
<chris`> no
<ls`> I thought the prodigy song " smack my bitch up " was really...
<ls`> Smack my picture
<chris`> all those revealing khakis..
<sara21321> SEE MY FREE NAKED PICTURES!!WET P"USSY 4 U!->
http://www.hitboss.com/cgi/1/Bikini?10660 BLUE
<chris`> I HAVE AN 8 INCH COCK!
<chris`> hey BITCH
<chris`> I can find out where you live by your IP address?
<chris`> Isn't that cool?
<chris`> THen I can RAPE you
<chris`> and throw your body in a dumpster somewhere.
<chris`> you fucking cunt
<chris`> answer me or I'll hunt you down
<chris`> and ram my cock in your rectum
<bin:#hacktech> can anyone help me with buffer overflows?
<bin:#hacktech> ive been experimenting with some code to learn more about them
<bin:#hacktech> none of them generate a root shell like they should, so i tried
a prog with just exec(/bin/sh) and setuid it to root, but it didn't work!
<bin:#hacktech> why?
<_grid> hmmm
<_grid> are you stupid by any chance
[!] topic for #teen: <ocelbac> ATTENTION EVERYBODY: THE INTERNET WILL TURN OFF
IN 10 MINUTES --THANKS
<cnz_-> hey hst.
<hst> y0o hh
<hst> wuhjts"s
<slickrick> heh
<hst> up
<slickrick> he's drunk
<hst> imA SM NIOOT
<slickrick> haha
<hst> heh
<hst> iofm eayer
<slickrick> ?
<slickrick> wtf
<hst> WHat
<hst> ?
*** JCS_TX (~JCS_TX@bay1-341.houston.ziplink.net) has joined #lpsg
<hst> ok,as strightt
*** JCS_TX (~JCS_TX@bay1-341.houston.ziplink.net) has left #lpsg
<slickrick> [hst!hst@adsl-61-153-28.atl.bellsouth.net]: breer
<slickrick> think that means beer?
<slickrick> :D
<cnz_-> heh
<cnz_-> hst is a drunk!
-> *jesus* invite timrocks #satcomm
*** acrylic has quit IRC (brb.)
*** JESUS (timmy@unix.gci-net.com) has invited you to #satcomm
<cnz_-> did you give up on #satcomm hst?
<hst> jush
<hst> jush
<hst> huh?
<cnz_-> you dont chill in #satcomm anymore
<hst> WHatu\
<cnz_-> heh
<cnz_-> nevermind
<slickrick> hahaha
<cnz_-> you are obviously too drunk to keep up a conversation
<hst> is satco,bvcn[
<slickrick> i guess I'l ask him to add me tomorrow :D
<cnz_-> hahah i dont think he could type the command rick
<cnz_-> *grin*
<hst> IA YAM THE NRREDWORM
<slickrick> no
<slickrick> hahaha
<slickrick> justin log this
<cnz_-> HEH hes drunk and listening to dj qbert
<cnz_-> I YAM THE REDWORM
<slickrick> we'll give it to him tomorrow
<cnz_-> LOL
<cnz_-> werd.
<cnz_-> i cant log
<hst> GMOW
<cnz_-> ill just copy it to txt
<slickrick> damnit
<slickrick> k
<slickrick> hst: theres naked pictures of your mom on the website now
<hst> wetrd
<hst> EI<KKID NTIMKE
<slickrick> totally
<slickrick> i wish i was that smashed
*** slickrick changes topic to Drunken hackers, today on Sally
<cnz_-> HAHAHAHAH
<cnz_-> WERD*$&
<cnz_-> im sending this to b0g =p
<hst> HAckPHRWKA
<slickrick> haha
<cnz_-> hst, is the screen spinning?
<slickrick> dude got any leet colored popups?
<slickrick> :D
<cnz_-> lol
<cnz_-> sorry
<slickrick> bbbbbbbeeeeeeeeeeerrrrrrrrrr
<hst> #HACKPHREAK
<cnz_-> i was watching people ping out the ops =P
<cnz_-> hehe
<hst> IMTM EH AREAL SL:IM SHAYDF
<hst> PLEASSE DASTAND UP
<cnz_-> HAHA
<slickrick> YES IM THE REAL SHADY
<cnz_-> ME TOO HST, ME TOO
<hst> PLEASE STANP YUP
*** hst changes topic to M JUUCAHAHAHA BOOOS HH
**
<hst> YEHAN
<hst> UHHN UH
<hst> FSUCVK YOU
<shift> damn
<shift> hello
<hst> AN F YOUR UNCLE YTP
hst> HR$y buiddy
<hst> sdyickl, up ypur ass
<SolCalibr> me?
<Devin> dude, he fuck yer goat ass, dont diss
<Stucc0> i think he is missing RLoxley
<hst> Rloxleryuy is a fat hp,psexual;
<cnz_-> try not to puke on your keyboard ok hst?
*** hst has quit IRC (Ping timeout for hst[adsl-61-153-28.atl.bellsouth.net])
<cnz_-> HAAH guess the puke seeped into the hard drive =(
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[20:. - [ Mailbag ] [k-rad-bob] :. ]
[mail@b0g.org] :. ]
____________________________________________________________________
Fra: AOL Instant Messenger <register@newmn-r1.blue.aol.com>
Til: tak@b0g.org <tak@b0g.org>
Emne: AOL Instant Messenger Confirmation (h9tbXp6b1D rootninjatak)
Dato: 25. mars 2000 21:31
Thank you for registering for AOL Instant Messenger(TM)!
Your registration for screen name rootninjatak has been received.
Please reply to this message within 48 hours to complete
the registration process. Simply reply to the present message
and type 'OK' as the text of your message. (This is to help
us ensure your e-mail address is valid.)
Thank you!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
Fra: Th33ph v1ruS <th33ph@antionline.org>
Til: k-rad-bob@b0g.org <k-rad-bob@b0g.org>
Emne: Boo Ho0o, I see your po0.
Dato: 2. juli 2000 00:39
Hey Bob, I just thought I would mail you and tell you that you are like a
fatherly figure to me. Your my idol, and always will. When I was a small child
growing up on the hard streets of Ireland, I would cradle myself thinking of all
the different ways I could be like you. Then I thought "I could shave my nuts
and molest some little children" but came to realization that by doing this I
would not be like you, and that it was just the voice in the back of my head.
Well, Now I have grown up, and Im listening to Mindless Self Induglence.
Harrasing single women in #Widows, and packeting small children off of IRC. But
I still dont feel like I have completed my mission in being K-Rad like you. What
do you suggest I do?
Also would you like the story of the little dog I had sex with when I walked my
neighbors dog?
Th33Ph
Ph33nds.Org
Lamers Anomoynous (Is that how you speeeeel it? Its a long word)
------------------------------------------------------------
Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
AntiOnline - The Internet's Information Security Super Center!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
Fra: nasty wild style (NWS crew) <graffiti@cypria.com>
Til: k-rad-bob@b0g.org <k-rad-bob@b0g.org>
Emne: h0h0...
Dato: 13. juni 2000 22:13
can u tell me where i can find sow qualiti p0rn pics ? ...i jsut building a
site but i dont have much on me xxx section//pls send me some links and
pls free XxX sitez Thanks ..S0csUx0il crew rulz
bye
Get your FREE email @ Cypria.com
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
Fra: brian! <hax0r@netvision.net.il>
Til: bob@b0g.org <bob@b0g.org>
Emne: HI THERE BOB
Dato: 31. juli 2000 22:57
"Dear k-rad-bob,
I am writing to you because of a serious problem I am facing, computer
related. You see, an aquaintanance of mine ask me for help and I'm not sure
I can help him with his serious dilemma. He's a Vietnam-era deserter from
the U.S. Marines, and has a cousin who works for Microsoft. His mother
peddles Nazi literature to Girl Scouts in Utah, and his father (a former
dentist) is in jail for 30 years for raping most of his patients while they
were under anesthesia. (nice guy...)
My friends family, including himself and his $500-a-week heroin habit, are
his uncle (master pick-pocket "Fingers") and his aunt and kid sisters, who
are well-known streetwalkers, down there in Utah.
Well, here's his problem: He has just gotten engaged to the most beautiful,
sweetest girl in the world. She is just sweet sixteen, and they are
going to marry as soon as she can escape from reform school in Salt Lake
City. To
support themselves, they are going to move to Mexico and start a fake
Aztec souvenir factory staffed by child labor. They are looking forward to
bringing their kids into the family business. But--my friend is concerned
and worried that
his family will not make a good impression on hers, once she has a chance
to meet them.
In your opinion, RaveN: should he, or shouldn't he, let her know about
his cousin who works for Microsoft?"
h0h0h0!
BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN
RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES!
BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN
RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
Fra: mike alkav <mikealkav@hotmail.com>
Til: k-rad-bob@b0g.org <k-rad-bob@b0g.org>
Emne: m4d sh17
Dato: 22. Juli 2000 00:33
//////////////////////|b0g dr1nks! - malkav|\\\\\\\\\\\\\\\\\\\\\\\\\
[Kermit the Fudge]
1 big ass cup from quicktrip or something
Crushed Ice
1/2 Surge
1/4 Sweet and Sour Mix
1/4 Vodka
A little bit of Tom Collins
You can't taste the alcohol so it's great with ch1x0rz who don't like
liquor. You can't smell the alcohol so you can sneak it in class. The
caffeine from the Surge keeps you awake. It's a big hit at parties, just
make it in massive quantities. It's not too expensive. At a party of 60
people, we went through 8 (8!) gallons of this stuff.
&$^&Kermit the Fudge is now the official drink of b0g~@$#
mikealkav@hotmail.com
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
Fra: c00kie <cookie@undernet.org>
Til: k-rad-bob <808@c2i.net>; object@undernet.org <object@undernet.org>
Emne: Re: [Objection] SV: Your application for #k-rad has been rejected.
Dato: 26. juli 2000 19:30
At 08:09 AM 07/26/2000, k-rad-bob wrote:
>how's the weather on your planet?
Actually the weather here is just fine, thanks for asking.
>abuser?
Yes.
>i have yet to resort to even ping someone
>whoever it is over there that for some mysterious reasons has a personal
vendetta against me, please back this utterly absurd statment with some
evidence, proof, logs, anything.
Oh, I guess someone neglected to tell you that we don't really need a reason to
refuse our services to *anyone*. There is nothing anywhere that says we have to
register any channel.
>oh i forgot you cant!
>or can you?
>i dare you
>you guys are starting to look so bad.
>first purged X from the channel because someone at your place made a bad
judgment call, then, when i sent proof, proving beyond the shadow of your
wildest dream that you screwed up and not me or anyone in my channel you didnt
even have the decency to reply.
>
>now 6 months later, we applied for X and it got rejected for the most mindless
reason ever, its pretty clear that whoever made that decision is on some kind of
crusade against me for reasons i have yet do discover.
>again this email i received from whoever it is that wrote it is a reply to my
objection since the application got rejected.
>
>hello!??!?!
>
>you are supposed to answer for your yet again absurd actions, not banning me
because you happen to not like someone in my channel.
>grow up.
Actually, you're the one who needs to grow up and get over it. We are not going
to register your channel. Period. End of story.
>yes again, i have never abused anything, i have done the right thing all along,
but this someone in your department is acting like with such arrogance its
starting to scare me.
>i demand some answers
>and i want this sabotage to end.
>
>desperately yours
>
>k-rad-bob
>owner of #k-rad
>
>
>
>
>-----Opprinnelig melding-----
>Fra: regproc@cservice.undernet.org <regproc@cservice.undernet.org>
>Til: 808@c2i.net <808@c2i.net>
>Dato: 26. juli 2000 16:42
>Emne: Your application for #k-rad has been rejected.
>
>
>>I regret to inform you that your application for #k-rad has been rejected
>>The reason stated by the Admin reviewing you channel was:
>>
>>Setting to never-reg. We don't provide services to known abusers.
>>
>>Please try correcting this problem (if possible) and try again.
>>
>>
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
-----Opprinnelig melding-----
Fra: staff <staff@cybergym.com>
Til: k-rad-bob <k-rad-bob@b0g.org>
Dato: 2. april 2000 17:21
Emne: Re: hm
http://www.dineatdms.com/stories/eatpussy.html
>k-rad-bob wrote:
>
>> i found a site containing your "A LESSON IN EATING PUSSY"
>> and i liked it but i forgot the url
>> could you help me out?
>>
>> :))
>
>
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[21:. - [ CH4NG1NG TH3 W1ND0W5 9X S74R7UP SCR33NS ] [gH] :. ]
[hax0r@netvision.net.il] :. ]
____________________________________________________________________
4N 3SS4Y BY gH
JULY 31ST, 2OO0
4LL R1GH7S R3S3RV3D T0 ne0h & MoStHaTeD - WHY TW0 K4Y!@$
1T H4PP3NS V3RY 0FT3N TH4T N3WB1E5 4SK M3 "H0W D0 EY3 CH4NG3 MY ST4RTUP SCR33NS
0N W1ND0WS 9X?!?@#$?@!%$?$@#^#^$%#$%?#$", S0 TH3R3F0R3, 3YE D3C1D3D I SH0ULD
WR1T3 A WH1T3 P4P3R AB0U7 TH3 ST4R7UP SCR3EN5 M4N1PUL4T1ON T3QN1Q.
L3T'S G37 T3CHN1C4L. WH4T Y0U W1LL N33D 1N 0RD3R T0 D0 S0 1S A GR4PH1C 1M4G3
M4N1PUL4T10N PR0GR4M (MSPAINT.EXE W1LL D0), A 10 OHM R3S1ST0R, 3 FT. 0F W1R3S,
2 AL1G4T0R CL1PS, A S0LD3R, 4ND S0LD3R1NG 1R0N.
0P3N MSPAINT.EXE 4ND S3L3CT "OPEN" FR0M TH3 F1LE M3NU. TH3N BR0WS3 AR0UND T1LL
Y0U G3T T0 TH3 C:\WINDOWS\SYSTEM D1R3CT0RY. TH3N M4K3 SUR3 TH4T Y0U H4V3 "ALL
FILES" 1N "FILE TYPE".
F1ND LOGO.SYS 4ND 0P3N 1T. TH3N 3D1T TH3 P1CTUR3. TH3N S4VE.
KN0WN BUGZ: N0T 4LW4YS W0RK1NG. W3 4T gH L4B5 4R3 ST1LL W0RK1NG 0N A W0RK4R0UND
UNT1L M1CR0S0F7 R3L34S3S TH3 0FF1C14L P4TCH.
4ND N0W T0 TH3 P4RT 3Y3 L0V3 TH3 M05T!@$
-=:[.^Sh0U70uTz!@$^.]:=-
Chaos Merchants, ILF, PTR, Ghost Shirt Factory, AOHP, phait, St0rM, WinDose/LSD,
code zero, druhy, LoU, StarFire, fr0lic, P.A.R.A., GALF, Circle of Deception,
Chameleon, tmw, toxyn, KNS, CHAD, X-Ploit, enforcers, ei8ht, 777, phoenix, shady
invader, Kecoak E., No|d, KaotiK, TBH, br41n c4ndy, NoHuP, Tech Voodoo Crew,
b0g, Trix/Vertex, SUiD, Mr Revengario, Lithium Node, Gr Power, Headflux, 74074,
|TeDUHOB, raptor666, HFG, d3stro, xenion, MoD, the mach1ne, johnnyd, txe, XHN,
Access Denied,freddie & chewie, JiG-SaW, z1pp4h, HackPHR, lyp0x, holt, CHA,
Spam, vyrus, Ez|ne, wH^TyC, SHA, BuG^, BTF Team, kpz, snow, rd, khd, special-k,
sobber, X-organisation, cha0s, ucl, #pascal crew, Milkil/REKill, rEWTED, ax, gH,
null, Sp0rE/Dem0l|sh, VHG, Ble4cH, chc, SpazRat, Viper, HcV, network weakness,
mode, doberman, Hackmasters,X-Team, phantom one, hackcity, CmP/NBH, Netguru,
Fluxx, maverick, fasti\o, LoRD OaK,Raider-X, covered mine, RazaMexicana, Hi-Tech
Hate, Dr acid, rootworm, #gphoe, k-rad-bob, #hacktech, #intercore, #eEye,
#rootworm, #kernal, psychic, Chrizome, WaSTeD, Hacktech, sistym ghost,
raptor666, Pentaguard, HARP, EazyMoney, HKDD, leprechaun, the israeli ghost,
subzero, HiV, analyzer, *.es, *.pt, *.mil, hack.co.za, gov-boi, coolio, mafia-
boy, e-mind, #972 - #darknet - #auth - #shells (on EFNET), #hackphreak - #gps -
#pi (on UNDERNET) yorkie, rawtaz, ishtar, smoke_, MOD, PAKISTAN HAX0RS, everyone
from china, japan, korea,thailand, or from the middle east, all unauthorized
people in the usa, russian people.
M4D SH0U7Z T0 MY B4BY-G1RL (H3Y CHR1ST1N, WHY D1D Y0U L34V3 M3?@#%$ :( :( :( )
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
____________________________________________________________________
[22:. - [ Closing words ] [k-rad-bob] :. ]
[k-rad-bob@b0g.org] :. ]
____________________________________________________________________
Summertime and the living is hax0ry.
I'm too tired to write anything.
Remember kiddies, send us your money, send us your pr0n and send us your
articles. If not well ninja chop you to Korea and back!
His and hellos goes out to these peeps:
Everyone that has contributed to this b0g issue, anyone that has
contributed to any b0g issue, the gimps at packetstorm for mirroring
our stuff, mogel and his uber site at http://scene.textfiles.com/ ,
The guys at hackernews.com, all the guys in FK, cryptic at
http://www.digitalaggression.com/ , all our affilates and the b0g belivers,
fraggy, acidkick, p0lar, sadarak (for 0wning my ass in unreal)
syztrix and the rest of the DH crew, N.A.P, people on #efnet that
doesnt suck, redpriest, skywalker, everyone that plays LMS at ukonline
and doesnt camp! Spear, the chick I'm inlove with, everyone that puts
up with the gayness we display in the official b0g channel #k-rad on
undernet, also on undernet: #hacktech, #gaydogsex (HEH), #hackphreak,
#phreakhack, #whhs and #gps, cnz, g4wd, the clone and his 0day site at
http://nettwerked.net/ , rafay, , anyone that I forgot, anyone that wants
to see theyre name here, rfp, wizdumb, c0redump, your m0th3r, cr0bar,
pneuma, r3wt, the gimps in irc.blabber.nets #hack, people who love
us, chicks who will have sex with us, chicks with webcams that are
going to write b0g propaganda on theyre naked skin and send us
pictures at h0h0@b0g.org, you for reading this, and last but not least
all my fellow b0gsters!
thats it!
Fear!
:))))))))))))))))))))))))))))))
t1m3 t0 haX0r d@ f3dZ!
By: r3wt
/*
telnet top-secret-server.fbi.gov
FedBSD/i386 (top secret!) (ttyp1)
# t1m3 t0 mak3 0ur attacK!
login: root
password: wetwilly
Last login: Thu Jun 02 00:29:21 on ttyv1 from ovaloffice.whitehouse.gov
# h0t shyT w3r3 1n!
$ ls
Secret_Investigation
pr0n
NSA_Files
Plans_to_Defeat_Cuba
Nuclear_Missle_Launch_Codes
# sh1t f1r3 w3 h1t tha jacKp0t! l3tz s33 wh0z 0n tha syst3m f1rsT
$ who
bill_clinton ttyp2 June 03 18:31
nsa ttyp3 June 03 17:24
root ttyp1 June 03 21:08
# l00kz like w3'r3 c00l ph0r n0w.... l3tz sn00p ar0unD!
$ cd pr0n
$ ls
lewinsky0.jpg
littlegirl13.jpg
hairyrectum.gif
preteen01.jpg
preteen02.jpg
algorewife.gif
hillary.jpg
# n0t mUch h3r3! l3tz trY an0th3r d1r...
$ cd ..
$ cd Nuclear_Missle_Launch_Codes
$ ls
222010.missle.code
345324.missle.code
3l33t.missle.code
# 0h shYt th3y g0t hax0r wArfAr3! b3tt3r ch3qu3 d1z 0uT...
$ cat 3l33t.missle.code
6650234331337sdfsa24asd3rfds3s3sak300134
# wh00p wh00p d3y iz fuX0r3d n0w!
Message from bill_clinton on topsecret! (ttyp2) [ Thu Jun 03 21:13:01 ]
...
hey baby, wanna cyber?
<EOT>
# 0h shYt! fAg b0y kn0wz w3'r3 h3r3! t1m3 t0 c0v3r 0uR trAcKz!
# wa1t! alm0st f0rg0t t0 l3av3 a m3ssAg3!
$ cat haxx0r > /etc/motd
$ cat /etc/motd
_____ ph33f
/ o \ EwE HaZ BeeN ph33f
GRRRRR - | v^v^v HaQaSaUrEd ph33f
\ _/ By D4 d00dz 4t ph33f
, | |___, ph33f
| / |---, b0g ph33f
\\_/ / ph33f
\_/|||| HaVe A ph33f
|||| FuQeD Up ph33f
|_|_> Day, PhAg! ph33f
$ kill -9 -1
Connection closed by foreign host.
now.. dont worry.. that killed everything so they will never find me..
remember to steal the free missle launch cod3z in that log!
