Copy Link
Add to Bookmark
Report
Chaos IL Issue 01
CHAOS-IL ARE PROUD TO PRESENT:
[-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-[-.-]
[-.-] [-.-]
[-.-] [-.-]
[-.-] ###### ## ## ###### ####### ######## #### ## [-.-]
[-.-] ## ## ## ## ## ## ## ## ## ## [-.-]
[-.-] ## ####### ###### ## ## ######## ## ## [-.-]
[-.-] ## ## ## ## ## ## ## ## ## ## [-.-]
[-.-] ###### ## ## ## ## ####### ######## #### ######## [-.-]
[-.-] [-.-]
[-.-] The Chaos IL Magazine [-.-]
[-.-] [-.-]
[-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-][-.-[-.-]
Chaos IL - Issue #1, 23/Feb/98
Oi! ~If freedom is outlawed, only outlaws will have freedom~ Oi!
Chaos IL Issue One Index:
~~~~~~~~~~~~~~~~~~ ~~~~~~
01. Introduction Chaos-IL Magazine!
02. How to Fraud the Excellnet Market by Sir Knight
03. Blue boxing in Israel - STILL POSSIBLE! by Sir Knight
04. How to Bypass BEZEQ's Frequency Tone Detector(FTD) by Sir Knight
05. Free-Toll 177 Number Scan + EXPLORE by Mr. Freeze
06. Information about Bezeq's Loops by Mr. Freeze
07. Phreak Bezeq's LAN Internet Service by Captain Black
08. Phreak Bezeq's TCS Payphone System by Sir Knight
09. IBM Internet Service Updates by Fourth Horseman
10. Resources & Credits Chaos-IL Magazine!
***
01. Introduction
Note from Sir Knight (Chaos_IL Editor-in-Chief) an2511@anon.penet.fi:
Welcome to the Chaos-IL Magazine Issue #1. We are a group of information
writers and editors with interest to Hack, Phreak and Anarchy material.
The magazine is a combination of files that are fully researched, discovered,
compiled and edited by Chaos IL members. All index topics includes absolutely
original Hacking/Phreaking information. If you have any original material,
contact us, and we might include it in the next incoming Issue of Chaos IL.
Issues will be released once we have anough quality data to include.
Chaos IL current primary members:
Sir Knight Editor-in-Chief
Captain Black Editor
Mr. Freeze Editor
The Trick Editor
Fourth Horseman Editor
Members can be reached via eMail (see in article's buttom).
Applications, feedbacks, corrections, support, will done at:
** Chaos IL Systems: 03-6746543 **
(also available - the latest Chaos IL Issue!)
==> World Wide Web: http://www.chaos-il.com <==
Support/FAQ mailing addresses:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
General E-Mail: submissions@chaos-il.com
Hack/Phreak FAQ: hpfaq@chaos-il.com (answered by Chaos IL members)
Issue Support: support@chaos-il.com (Issues mailing, general support)
* Any question regarding to the magazine's topics will be answered, and any
reasonable question about Hacking/Phreaking will be also.
The FAQ questions and answers will be included in the next Issue.
How to retrieve Chaos IL
~~~~~~~~~~~~~~~~~~~~~~~~
Chaos IL Issues will be regulary available once released in these fine boards:
Liquid Underground +972 (0)3-9067029
Kaos On Compton +972 (0)8-8524603
The Orphaned Land +972 (0)8-9422043
Chaos IL is also regulary in the following anonymous sites:
ftp.fc.net ./pub/phrack/underground/chaos-il/
defon.mit.edu ./pub/nordlys/chaos-il/
ds.internic.net ./pub/misc/cilmag/
ftp.auscert.org.au ./pub/emags/chaos_il/
* Israeli sites will be also available soon.
***
02. How to Fraud the Excellnet Market
-=***************************************************=-
. .
. HOW TO FRAUD THE EXCELLNET MARKET .
. .
. By: Sir Knight .
. .
. Designed to Chaos IL H/P-Mag .
. .
-=***************************************************=-
Intro
-----
A little request before getting started. Dont let this Information to
get into the wrong hands! We want to keep this fraud invisible from the
Excelnet's charges. This file is originaly ripped from the pre-release of
"Phreak the excellnet market", Since this is the first Issue release of the
Chaos IL magazine, we decided to include this. In future, pre-released texts
wont be included (If there will be any).
***
ExcelNet's marketing system Information
---------------------------------------
Like it or not, PCBoard is the most popular bulletin board software in the
whole world and specifically here, in Israel. most BBS systems that use PCBoard
are private systems and/or pirated boards that runs the BBS from a personal
computer(s) within thier houses. (aka "WAREZ" board) Mainly, the PCBoard Soft.
is designed for Hoby Boarding, enjoyment, testing, and it is not desigend for
Businesslike systems, Calculating Systems (Banks, Universitys, etc) and beyond.
Yet, there are Israeli defectives such as ExcellNet that runs a credit card
available computer market that is an On-line Card Calculating System!
Instructions
------------
Well, I guess some of your people have'nt been to check the ExcellNet market
system unless you wish to order something from thier computer hardware market.
anyhow, ExcellNet provides thier market services on a free toll line (177#)
and its accessable to all:
ExcellNet's Market - 177-022-6543
After calling the ExcellNet Market system you will be automaticly logged in
as EXLMARKET BUYER Account. after viewing the login application and notes,
through the Main Menu, go stright to the Market Enterprise, command to select
a few products from the Computer Hardware marketing list and then command to
invite the products you have just selected. (e.g: Modem USRobotics 33,600k v34)
While the invite progress proceeds, select an On-Line Credit Card invitation.
and now you are freely to enter a Credit Card Information in order to invite
the selected product(s) into the address you like to. the Credit Card Calculate
program is a simple program that is known to most of us, I assume - PPE.
as you know the PCBoard Programmnig Language (PPL) is an easy-chart language
that is a precopy of executables inside the PCBoard BBS. some how, the PPE
Calculating Operation is defective or it is not designed to test an actual
Credit Card Information and the program accepptes your Card Information without
even calculating the Credit Card numeric digit Number! after you entered your
card details, the market's incharges gets a full-detailed catalogs with all
the invitations that has been made weekly/mounthly. by the time they get the
money from the correct card details, they send you the products. Now, this is
easy as Internet Credit card fraud, get your self a card, dont need to be full
detailed even, since the PPE program acceppts any address that is reasonable!,
sort an address of an empty house or something and invite any product you wish!
Notes and Conclusion
--------------------
Yet, I assume the reason no one have'nt found this bug is becaouse any
computer expert (like me :)) have not got any interest in ExcellNet and most
of the people who are affiliated with them are Registering people that wish
to get new Software and the like. I also assume that this is the reason that
the PPL Program have'nt been designed and have been tested for major skilled
operations and beyond. anyway, this is not what we should be caring about :)
Do your best to keep this file underground from the ExcellNet Incharges and
Operators in order to keep phreaking thier market as much as we want, if you
have full-detailed credit cards and you are already talanted anough for this
kind of actions, please try not to mass-invite any products.
Signed, Sir Knight.
03. Israel's Blue boxing possibility
=||===============================================||=
|| ||
|| * Blue boxing in Israel - STILL POSSIBLE! * ||
|| ||
|| Written by: Sir Knight ||
|| ||
|| Designed to the Chaos IL Magazine ||
|| ||
=||===============================================||=
As you all experianced probably know, Blue boxes use a 2600hz tone to size
control of the phone switches that are using in-band signalling. and by that,
enables the Box User to access almost all of the special switch functions using
the tones provided by the Blue Box. After the huge wave of Blue Boxing scene
that came from the whole world to our little county, it has been like over two
years that Blue Boxing was freely, and out of any risk to get cought.
By that time, after the Blue Box plans got spreaded out all around, Bezeq was
first to know about it and quickly installed the FTD(Freq. Tone Detector),
that AT&T supplied underground to Telephone companies in a bunch of dollars.
the FTD is able to detect 2600hz tones on operator trunk lines. After people
started to get busted and got sue for telephony fraud, people stopped using
the Blue Box, and stopped exploring it at all. And now, the main question is
being asked "Is Blue box still possible?" You'll be suprised that the answer
is totaly simple, The basics world wide TeleCommunications of all telephony
companies all over the world cannot disable the HZ tone that use in-band
signalling due the large size, and the complex of the telephony base courses.
Yet, it is known that each general telephone company has a diffrent format of
base course, each base course has it own switching functions and controls.
But it all seems to be the like, either that there are some coutrys that people
still have'nt figured how to crack the tone that will size the control of the
phone switches. I explored alot about Blue boxing information in the last year
and I couldn't find anyone that have an Update or a new build for the correct
tone that Bezeq are using since they Installed the telephone FTD.
While I was exploring, I still found alot of other Blue box resources, I found
out that there are over 500 working exchanges in Israel that you can still
blow 2600hz tone at. Anyhow, the FTD(Freq. Tone Detector) that Bezeq uses is
easy to beat (see section "How to Bypass Bezeq's FTD" in this Issue),
the reason that gives Israel an advantage over the other states in Blue boxing
is mainly coused by the diffrent signalling systems that each company use, and
the features that each signalling system provides. The signalling system that
Bezeq use is named DTMF (Dual Tone Multi-Frequency) aka Touch Tone.
This is a type of signalling which emits two distinct frequencies for each
indicated digit. Opposite, almost all of the companies such as in the U.S.A.
and in Canada and across, use a signalling system called CCITT, which stands
for International Telegraph and Telephone Consultative Committee. This is an
International committee that formulates plans and set standards for all of
intercountry communication means. Ofcourse that each signalling system has it
own MF(Multi-Frequency) tones, and if comparing, the CCITT signalling system
is much complexed, featured and hard to crack then the DTMF signalling system.
The conclusion acceppted is that Blue boxing is still possible and mostly
in Israel. The 2600hz valid exchanges are somewhere in the 177 Free Toll net,
and 1-800 Israeli digit. I myself using a Blue box since I scanned for a few
exchanges that you can blow 2600hz on. After you got an valid 2600hz exchange,
what you left to do in order to activate the Blue box is to bypass Bezeq's
Frequency Tone Detector, and then you are ranged in.
"Blue boxing is available in this season, and will always be otherwise if
the systems will switch to a non-tones technology."
Original article by Sir Knight & Chaos IL Magazine.
For any corrections/comments about this article:
E-Mail: an2511@anon.penet.fi
Or call & leave a message at:
** Chaos IL Systems: 03-6746543 **
04. How to Bypass BEZEQ's Frequency Tone Detector(FTD)
*********************************************************
* *
* How to Bypass BEZEQ's Frequency Tone Detector(FTD) *
* *
*********************************************************
Researched, discovered and explored by Sir Knight.
--------------------------------------------------
Bezeq's Frequency Tone Detector is an InterLine exchange that is able to detect
2600hz tones and beyond. The project has came into act in 1989, when AT&T
distributed the first FTD to TeleComm. companys, in order to detect any kind of
"blue actions"/ Blue boxing that was much massive those days. Either that the
FTD is operated within the pick/hang up Hz tones, and an InterLine exchange,
it can bypassed VERY simply.
To first-check Bezeq's FTD, get any Blue boxing program that supports the local
DTMF(Dual Tone Multi-Frequency) dialset, and send generated phone number tones
to your phone's mouthpiece using the SoundBlaster/MIC. After performing 3 local
calls, your telephone will be shuted down for 5 seconds and with period, you
will hear a strange tone that sounds like a musical trunk, and the line will
be back to normal. This is the FTD, and what it did, is to announce Bezeq of
your illegal tone frequency and disabling your short pass calls that were
actually performed without of any Billing Incharges. (please note that this can
be mentioned in your mounthly Telephone paperbill).
As said before, the FTD can be bypassed/disabled very easly. before excuting
your desired call, get a payphone number that is placed near to your house
(best in your street) and dial it in a reasonable hour. Wait for someone to
pick up the phone (a streetwalker). When the payphone is being picked
up, right then, the FTD gets disabled for the correct call. try to bullshit the
streetwalker that answered your call as much as you can in order to produce
more time if you get into troubles (it is not recommanded to repeat the same
way to the same payphone in generaly, in order to disable bezeq from
noticing anything). Anyhow, your call is out of the FTD. Now, you have to
quickly discharge the call, and send it over to your house. You have to make theperson who answer the phone to call you back within less then 5 seconds after
you closed down the corrent call. (5 seconds is the FTD's period time).
Now, this call should be performing very quickly, and it not seems to work some
of times couse of the payphone's "Telecard" delays, so the streetwalker
need to be ready with the Telecard verified inside. After he's done dialing
your phone's dialtones and the phone rings at your house, the FTD is enabled.
Quickly pickup the phone and hangup after 5 seconds exactly! (its recommanded
to use a clock near you). FTD is bypassed. you have 5sec to excute your desired
call using a Blue box or any other tone freq. that need to disable the FTD in
order to excute the call. I know this might not be clearly to some of you,
so I discribed an online FTD bypass that I did a short time ago:
* PP = Payphone (the remote payphone carrier)
* LP = Local Phone (you)
-- Calling the payphone --
-- Phone has been picked up --
PP: "Hello?"
LP: "Hello, is this 03-XXXXXXX payphone number, that is located in the main
Tel-aviv square?, Did I dialed correctly?"
PP: "You sure did. There was no one here to answer, so I picked up ..."
LP: "Can I use few minutes of your time?"
PP: "What happened?"
LP: "I'm a Bezeq lineman, I'm in the middle of Tele-line Device installation
and I need you to call back in here in order to verify the new Device."
PP: "I Understand. Then what is your purpose in calling this payphone?"
LP: "The device line is need to be tested within this Local Area Network,
The payphone you're talking through is serving the Network's point."
PP: "Ok, Understood. Which number should I call?"
LP: "Call to 03-XXXXXXX. Now, you must done the dialing within 5 seconds max.
the device will not get into act if you will pass the 5 seconds period.
put your Telecard in by now, so we wont lose any time."
PP: "Telecard is in. I will try doing this."
LP: "Ok, I am about to disconnect, please get ready and be alert."
PP: "Ok, all set."
LP: "Hanging up ..."
-- Call has been disconnected --
-- 3+ Seconds passed from disconnection --
-- Phone rings --
-- Picking up (This call should be closed within 5 Seconds) --
-- Clock Operated (To point the exact time period!) --
LP: "Hello?"
PP: "Thanks, Goodbye."
* DONT TAKE ANY CHANCES! DISCONNECT WITHIN 5 SECONDS PASS!
-- Clock beeps, 5 seconds passed --
-- FTD is bypassed! FREE 5 seconds to excute the desired call --
-- Box- <EXCHANGE DIAL-IN>+2600HZ+KP1+XXXXXXXXX (just an example) --
-- Call performed --
The FTD is limited for only 2 switchings that are less then the period time
(5 seconds). When you switch 2 calls (switch=disable FTD/enable FTD) in less
then 5 seconds that are not operated from the same signalling system,
(payphones uses an auto-operated exchanging switching system named ACTS)
you get a free 5 seconds when the FTD is setting up, in those 5 seconds you
can send any tones without getting detected. (2600hz) -- If you are about
to use this for Blue boxing, please read section "Blue boxing in Israel -
still possible!" in this Issue, before you're getting started.
Original article by Sir Knight. Thanks for #hack who helped me alot
to figure this. also greetings to The Milkman, Phriend and EFnet's #telephony.
05. Free-Toll 177 Number Scan + EXPLORE
CARRIERS 177-022/100-XXXX PN's. Scanned by Mr. Freeze
##. Freetoll Baudrate OS Type Notes
-------------------------------------------------------------------------------
177-022-3551 28800 LINUX
177-022-0093 28800 NetBSD Telebit NETWORK
177-022-7670 14400 VM/370 Octocom Server
177-022-0755 28800 GTN
177-022-5776 14400 Annex/FCC
177-022-9062 14400 AS/400
177-022-5788 33600 AS/400
177-022-8112 9600 AIX/RISC
177-022-8987 28800 DGT/UX (Digital Unix) Qualcomm Dial-In
177-022-0093 28800 DGT/UX (Digital Unix)
177-022-9808 14400 FirstClass Graphical FCC Host
177-022-9062 14400 AS/400
177-022-5663 9600 AIX " Menora " Network
177-100-6003 14400 SunOS/Solaris
177-022-8087 28800 DG/UX
177-022-8182 28800 AIX
177-022-5898 9600 AS/400
177-022-4812 28800 UNIX System V GIBOR Computers
177-100-0087 2400 IRIX
177-100-0075 9600 BSD/OS (FreeBSD)
177-100-0055 9600 ConvexOS
177-022-6295 28800 AS/400
177-022-4353 14400 NetBSD Telebit NETWORK
177-022-3907 33600 ConvexOS
177-022-3680 9600 DG/UX (Digital Unix)
177-022-1449 9600 SunOS/Solaris
177-022-7140 33600 System75/OS
177-022-4733* 2400 CISCO Router Banking SAC System
177-022-4409 9600 Annex
177-022-0074 9600 EP/IX (IRIX Platform)
177-022-1373 28800 Annex
177-022-6069 28800 DG/UX (Digital Unix)
177-022-3538 28800 MSM/OS UCI Communications
177-022-9492 28800 AS/400
177-022-7888 9600 BSD/OS
177-022-4556 14400 NetBSD Telebit NETWORK
177-022-0286 33600 AIX IDC Communications
177-100-0030 33600 BSD/OS
177-100-0098 2400 DG/UX (Digital Unix) IDC Communications
177-100-0122 14400 IRIX
177-100-0013 14400 ConvexOS
177-022-7223* 9600 CISCO Router Banking SAC System
-------------------------------------------------------------------------------
You are allowed to use these systems in any form of a way, just keep out your
mind from doing any stupied actions. During exploring these systems, this
base manual can be helpful for a nice start:
OS Login Password Notes
~~ ~~~~~ ~~~~~~~~ ~~~~~
AIX guest guest Guest login
DG/UX TNO tno Invoke a TNO
trvn trvn
sysnms sys.nmop System numeric-mode
AS/400 qsecofr qsecofr
qsysopr qsysopr
qpgmr qpgmr
ibm password
ibm 2222
ibm service
qsecofr 1111111
qsecofr 2222222
qserv qserv Quick Service Access
qsvr qsvr Quick Service Access
secofr secofr
qsrv ibmce1
Annex/RISC tno tno
demo demouser
syshelp help.sys
qhelp qhelp
assist assist1
FirstClass fc client
superv supervisor FirstClass Local Supervisor
fcc fcclient
list list
access system Or the opposite (l:system p:access)
GTN local boot Local bootaccess
reuser reuser
demo demo
help help
orgacc organacc
cris new
info info Information
System75 bcim bcimpw
bciim bciimpw
bcms bcmspw
locate locatepw
tech field
init initpw
craft crack
blue bluepw
nms nmspw
support supportpw
field support
browse looker Browseing account
cust custpw
ConvexOS sysroot password1 System root
admin password1 System Administrator
sysfield sysfield
field access
sys sysacc
mpa routempa
vnwo vnwompa
user23 user23
SunOS/Solaris sysadmin sysadmin System Administrator
comint intile
ddacc access
sysprog way
lynx bver
test system
local local
mdtest mdaccess
Note: To access one of the above systems, you may try accessing using the
default login accounts. If non working, you should try cracking the
unix passwords either if they are defaults, and either if they are not
known to be exist. The best cracking packages available are:
* CrackerJack V.XX by Jackal
* John The Ripper V.XX by Solar Designer
--These crackers are available at: ftp.fc.net /pub/cud/progra/ux/
Have phun,
Done by Mr. Freeze!
for comments/questions, you can mail me in Chaos-IL FAQ at hpfaq@chaos-il.com
or any general comments to mr_freeze@idc.co.il
06. Information about Bezeq's Loops
##################################################
## ##
## >> Information about Bezeq's Loops << ##
## ##
## Written by: ##
## ##
## Mr. Freeze / 1998 ##
## ##
## (c) Chaos IL Magazine! ##
## ##
##################################################
Loops are a pair of consecutive telephone numbers that are generaly used by the
local telephone company for testing and device verifications. Loops have two
ends, a high end and a low end, ofcourse each end is operated from another
phone number. When both ends are called at the same time, they are getting
connected. For example, if one person call the high end, and one person calls
the low end, at the same time, they will get connected right away, and will be
able to talk through the loop. Both of the persons who called wont be charged
for the call, but the loop will. Most of the Loops that Bezeq localy use, has
a Multi-User Capability, which means you can perform a conference call.
Bezeq has over 600 high+low ends of Loops that are operated from the Free-Toll
177 Phone Network, and that what makes them easy to find.
- How to find a BEZEQ Loop of your own -
Although 177 is an Bezeq-Israeli Tele. Communications FREE-TOLL Network, there
are also International Loops that are used by AT&T/MCI/SPRINT/GAP/BLUEWAVE and
such global telephone companys. These International Loops can be used to
perform a Long Distance Multi-User conference call that wont get charged by
any of the conference call users. Anyhow, its much useful to find a local loop
that is used by Bezeq. Those Loops are an alternative communication mediums
of Bezeq, that has many potential uses that have'nt ever been tapped yet, and
much more functions then just voice calls. First of all, do all of your loops
searchings at night only! The Loops serve a genuine test function which Bezeq
uses during the day. Bezeq locates thier loops in the 177 free-toll network
(as said before), in a special digit code that is not used for any other 177
phone numbers. (like company support 177 number) Only loops are used within
this digit. For example, you wont find any loop in the 177-022-XXXX digit,
though you may find some loops in the 177-100-XXXX digit, but they are not
having such special potential uses. In order to search for your own working
loop, scan for 177-XXX-XXXX digit code that might take some time. You can
also scan for 177-100-XXXX for loops, but as said befores, depends what is
your purpose of using the loop. The "100" loops are much better if you wish to
make any Long-Distance conference calls, or you want to talk with someone, but
not through your Homephone for some reason. You will know a loop when called,
because only loops has two ends, that one end gives a constant, loud tone when
it is called. Opposite, the other end is totaly silent.
Here are two loops that have been found in 177-100, that are used by phreaks
to make Long-Distance conference calls, and all the voicing functionals:
Low end High end
------- --------
177-100-0037 >><< 177-100-0036 /* Notice the consecutive; 0037/0036 */
177-100-0035 >><< 177-100-0057
The Low end number is the constant tone answering, and the High end is always
silent when its called. Call them both, you'll strightly note the diffrence.
If you called the High end, and you are waiting for someone to connect the Low
end, you'll know someone is dialing-in, if you're silent High end will start
hearing some loud clicks, which are coming from the Low end that is currently
being connected with yours.
For any comments or further info about Bezeq's loops reach me like:
eMail: mr_freeze@idc.co.il
OR call the Official Chaos-IL INFO SYSTEM: 03-6746543, and leave a message
to " Mr. Freeze ". , IRCNick: mr_freeze (#2600)
$EOA$
07. Phreaking Bezeq's LAN Internet Service
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Phreaking Bezeq's Local Area Network INTERNET SERVICE
Written & Compiled by: Captain Black / Chaos IL
Designed to the Chaos-IL Magazine!, 1998
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
** BEZEQ'S ISDN-LAN LOOP **
LOCAL SERVICE INFORMATION
=========================
Although it's no sense and impossible, It has been found. in the late 1997,
we have done excuting a toll 1-800 loops search, and while taking a look, we
noticed a voice-filtered loop that sounds just like an ISDN line strings.
Loop is a pair phone number, usually consecutive, like 177-XXX-9999. They are
used by the telephone company (in this case Bezeq TeleComm) for testing.
In further, We found out actually, that this loop is an ISDN Terminal shell,
which is one of many Bezeq's Universal Internet Connection Networks.
e.g.: Used for the 144 Internet services, Bezeq-NET, Bezeq-ISDN and the like.
The host is not cloned with any telnet server that is connectable through the
Internet. Therefor, we had to crack the login prompt password and follow with
the root shell. Using a Tap box, we did an Assignments of Free-Toll 177 loops
with the Bezeq 1-800 loop found. The Bezeq 1-800 loop was according to an
exist Free-Toll 177 loop that is used by Sprint Telephony Phonecards testing.
Each regular loop has two ends, a high end and a low end that are in generaly
made for featuring the call from the high to the low. We used the Tap box
to get the Assigned Toll 177 number in the low end of the loop, and the
1-800 to the high end of the loop. That way we've created pirate toll line
that is actually the 1-800 Bezeq's system clone that is within the loop.
DATA HOST CONFIGURATION
=======================
Emulation: 5251 TERMINAL
Ports: SERV01 % SERV80 (80 simulations)
Networking: 128,000k LAN 3.1.0.75
Domain Name: bt.com
SMTP VHost: smtp-00.vsm.bt.com
PIN Number Range: 01-XXX-330-XXXXX-01
Query: 2.12A2
Numeric Design: -
Destination Port: PR8023_TTY208011
* This was originaly ripped from the data host.
***** TELEPHONE # : 177-022-5828 *******
* Since the pirating, you may hear some Unreconized Tones before the Network
will start responding to your modem. DONT hangup! hold a few seconds until
you'll hear the modem strings -- then the Network is responding.
We are not to administrate the host. Since the Bezeq 1-800 number is in the
high end of the loop, every setting from the followed is currect for the
low end of the loop which is our pirate 177 free toll.
ACCESS AND USE INSTRUCTIONS
===========================
After connecting the network you will recieve the login prompt screenshut.
We are not here to give you furthered access information! the mainatain phun
of Hacking will be blanked. If you're an experianced UNIX Hacker, this should
not be a problem for you at all.
Exploring the system from within brings a few methods of how you can gain
an access to the service:
o Get any fast UNIX Password Cracker that is able with the system environment.
most known are "CrackerJack" and "John The Ripper". (Wordlists)
o Try looking for the TELNET host and avoiding it with any ICMP/ICMB routes.
o Scan for more exchanges such as that and you might find another loop
which is not password secured :)
Within the Network you can provide two monochrome connection types:
TERMINAL(Text) connection, and a UNIX Shell access (mostly recommanded).
Terminal Mode connection will be used with any Terminal emulation program,
and the connection will be regulary UNIX Text mode connection. Yet, If you
are not having any use problems in UNIX, the UNIX Shell access is recommanded
and much prefered. The shell provides true-128k A/E connection, 1900MB hard
drive free for each shell, and includes all of the supporting tools such as
Browing programs, TELNET, IRC, and the like.
SERV01 % SERV80 is mentioned in the host data informance and comes to fact
that 80 simulation interfaces can be valid at a time. all simulations can
broadcasting and transfering data while doing any actions.
The BT.COM domain host, stands for Bezeq Technologies. The local network
work that way, that your Domain host is being auto-spoofed after you are
connected to the net. The spoofing is made by another shell operation,
that is actually generating any card-able vHost (Virtual Host) and spoofing
it into your local connection terminal info. In order to select the domain
you would like to spoof, press ALT-B and hold it for few seconds, then you'll
be able to select any of the card-valid generated vHosts that Bezeq provides.
(NOTE: The spoofing feature is only available in a UNIX Shell Access mode)
TECHNICAL PROBLEMS
==================
Once again I would say, This is a pirate 177 Toll system that stands stright
in the end of a Loop. In that like position, Nothing cannot be perfect.
o Sometimes all simulations can be closed and the host will get down. This
happens due to pre-Authorization verifys that the high loop is excuting
when there is a system overload. The host will stright up within 2-3 hours.
o DISK Overloads are also available when a few simulations that have a common
hard-drive are transfering files into the same worksheet directory.
These are mainly the basics that will fix you.
SECURITY POLICY
===============
We did fully secured to the loop, any wire taps will be automatic detectioned.
for saving this loop alive, dont leave any signs of your real name, nickname,
personal details, scene details, and loop info in any parts of the system.
DO NOT use the message base for writing messages/reading. and most important
is not to leave any signs while you broadcasting to another user, since all
broadcasts are being logged and we assume that Bezeq or any part of it will
be known about this loop at final, Do your best to avoid any signs of the
above, or any data/files that can use an evidence.
TECH HELP & ASSISTANCE will done at E-Mail: capblack@unixgods.com
**********************
08. Phreak Bezeq's TCS Payphone System
======================================================
| |
| ** PHREAK BEZEQ'S TCS PAYPHONE SYSTEMS ** |
| |
======================================================
Written & Designed by Sir Knight (c)Chaos-IL Magazine! 1998.
In the past, the well known Bezeq Payphones, in all areas, were implemented
with a computer system known as ACTS (Automated Coin Toll Service). ACTS is
a simple telephony system that is reconizing a tone signals such as coin
depositing, coin collect, coin return, and ringback. Red boxes were able to
phreak ACTS telephony systems, by emulating one of the tone signals, and then
using its services for free. (e.g: Sending a COIN COLLECT tone with Red box
will make ACTS to think you actually inserted a coin to the payphone, and let
you placing a call to your desired number). After years of frauding the
ACTS systems in payphones all over the world, there was a world-wide assignment
that appointed to ban the ACTS systems from all over. The assignment had a
few formulations that used against ACTS:
o Coin Collect systems got frauded all over with the years, and coused a lose
to the TeleCom companys by giving Call and Long-Distance services for free.
o Evolution of Payphone Technology must be developed with a higher system.
The assignment was successfuly resumed, and the appointion was so did.
Few mounths later, TeleCom companys has started to replace payphones with a new
improved telephony system: Traffic Service Position System (TSPS), that is
routed to done calls and telephone services via an on-line Operator. Due to
Mankind Resources problems, Bezeq could not effort to gain the TSPS system to
our country and fixed with a new device that was true developed by Bezeq:
The Tone Card Service (TCS). Unlike ACTS and TSPS, TCS reconizing signalling
of tones that are listed on a telephone card, which stands as number of calls.
If there are calls left, TCS allows a toll use of call collect. ("TeleCard").
Although the TCS system is much complexed and sophisticated comparing to the
other systems available (ACTS, TSPS), TCS is the most easiest to fraud!
there are two ways of frauding the TCS system, one is the Physical Fraud and
one is the Technical Fraud. (Both are VERY simple). The physical Fraud stands
for Frauding TCS by sabotaging the payphone, or the telephone card itself,
like writing tone signs on the card, or painting it in White, that will make
TCS to think that no calls were made with the current card. The Technical
way is much likeable, and much functional. The TCS system is still signalled
with the tones of ACTS, which means, Red box can fix up tones to the payphone.
unlike ACTS, TCS's signalling system is working through the Operator.
By dialing 142 from any payphone, you get a an Bezeq telephone-services center
is used for placing calls to anywhere, that will be charged to the owner of the
called number with his first-agreement ofcourse. This Service system will
size the control of any ACTS tone that will be sent. Using a small Red box
or Green box that generates ACTS tones, send a call collect tone to the
mouthpiece of the payphone after the recorded operator machine of service 142
will answer, and you'll get a signal into a code system. (Just like when the
key '#' is pressed on answering machines, you're able to insert the sys code).
the system code is a permanent range of 0000001 through 00000010 that is being
changed after each use of the payphone. After the correct system code is
sent, TCS thinks that the 142 system has found your card valid, and gives you
a line tone. Now you are able to perform any call.
TCS System Code range:
0000001
0000002
0000003
0000004
0000005
0000006
0000007
0000008
0000009
00000010
* Try them all until you find a correct one. There are only 10 options of the
code, recommanded is to try them one after one. When the code Enter Signal
is operated, you have 5 tries for entering the correct code. (5+5 = 2 Calls)
Here are the tones that are functional in ACTS/TCS:
COIN COLLECT 700 + 1100 Hz
COIN RETURN 1100 + 1700 Hz
RINGBACK 700 + 1700 Hz
Now, How does it works exactly? Well, when you insert your valid Tele-card
into the payphone, the payphone sends your card's tones which stands for the
number of calls left on the card, to the payphone's local signalling system
which is TCS. In fact, 142 service is a TCS system, and when it verifies your
card and founds it as valid, it performs a coin collect tone, inserting the
system code and replys the TCS verification reply to your payphone, which
then the "Calls left:" prompt is shown in the payphone's message box screen
and allowes you to make your call. If a COIN RETURN or a RINGBACK tone is
sent while into the 142 service, you get nothing. But if you enter the
RINGBACK tone in a normal payphone season before dialing, it do performs a
Ring-back function, either if you inserted a valid Tele-card or you did'nt.
Sending a COIN RETURN tone will end/disconnect the current call.
Performing all of the above correctly
-------------------------------------
You may build a Red box or a Green box which are VERY simple to build, and use
them to perform all of the above. (for instructions on Red/Green box building,
see "Resources" section in this Chaos-IL Issue). You may also get the well
known program ' BlueBeep! ' (any version), and use the RED BOX section there
to record the ACTS/TCS Tones to a tape and send them to a payphone using some
kind of a microphone or any small tape/recording machine you can hang with.
NOTE: Ofcourse that this Information is not truely useful, since there are
much better and faster ways to perform free calls either from a payphone.
Although, it can be very useful for long distance voice calls and the like,
since you are OUT of ANY risk getting traced!
Done by Sir Knight.
(c) Chaos-IL Magazine! 1998
eMail: an2511@anon.penet.fi
CALL: Chaos-IL INFO SYSTEM 03-6746543
09. IBM Internet Service Updates
>> IBM Internet Service Updates <<
------------------------------------------------
Done By: Fourth Horseman / Designed to Chaos-IL Magazine! 1998
The way to open accounts in IBM is known for a long time,
just a little bit history... on the the early 1994 we could open
internet accounts with the IBM dialer which came with their package and
was downloadable from their webpage also, and all you had to do is
to know a credit card algorithms or to have some credit card generator,
enter it in the dialer, enter some more crap in the other fields and
you have back your account. It worked and served us very well for
a very long but, eventually IBM realized that something is fucked up
and people are cheating them, that happed not long ago. If you would
try to open an account now using the old / new Dialer it would open
the account and everything will go ok, but if you will try to connect using
this account, you'll notice that IBM actually revoked your new account.
The new way for opening accounts came along with the strong entrance
of the internet into today's life.
Opening Internet accounts in IBM successfully is now available from
their official web page (www.ibm.net), the new way is not a doctrine or
something. All you have to do is get your self a full detailed un-usable
credit card, go on line (if you currently doesn't have any account, you
can access the i-net using 135 or something) to IBM webpage, there
to the Registration Center, click the registration process, enter
the credit card details, then it'll let ya wait for a couple of minutes
and you will receive full featured POP IBM account, with ability to
use ISDN and E-mail of your own.
Download their dialer or just creat a new Dial-Up networking connection
and you are set to go.
Since the old days, IBM has improved their service very nice,
you can get up to 3.0 kb/s on some times of the day.
I donno, but something tells me it would became slower soon :)
For any questions / responses or whatever just drop mail to
4thm@liquid98.com or liquidunderg@hotmail.com.
Fourth Horseman.
10. Resources & Credits
Chaos-IL would like to greet every possible resource who supported us or
helped us in any kind of a way.
Bezeq TeleCommunictions INC.
Barak Israel-International INC.
GreenShop Computers (TEL-AVIV)
IDC Communications INC.
AT&T Communications INC.
SPRINT Global-One Communications
Israel Telegraph LTD.
2600 Magazine
Phrack INC. Newsletter
Informatik E-Magazine
9X Group
Hacker's Heaven (BBS)
Underground Society (BBS)
Route 66 (BBS)
Liquid Underground (BBS)
EFNet #hack
EFNet #phreak
EFNet #telephony
EFNet #punx
www.border.com
www.etext.org
www.l0pht.com
www.lat.com
www.itd.nrl.navy.mil
ftp.fc.net
The Prototype
Captain Crunch
Emmanuel Goldstein
"T.S" (Bezeq 144 Operator)
"C.B" (Bezeq 188 Operator)
"N.I" (Sprint Global One Operator)
Retro
Manomaker
Unix geek
Kocane (Kaos On Compton {08})
Phriend
The Milkman
Anti-D
Stoner
Dr. Grass
Dead Zed
Blackbird
Prophet
Substance (9X)
ALL of Chaos-IL Members
-[EOI#1]----------------------------------------------------------------------
(c) Chaos-IL Magazine
February 1998
