Copy Link
Add to Bookmark
Report
Critical Mass 6
Nope, Where Not Dead Yet!
_____________________________________________________________________________
\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
\ Critical Issue # 06 A Technical Text /
\ Mass ~~~~~~~~~~~ File Newsletter. /
\________________________________|____________________________________/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__________________________
__________ l___________ | ___________l
// \ _______ _____ l|l _____ ______ ___
// /~~~~~~~\_\ l \ l l l|l l l // \ _ l l
// / l [] / ~l l~ l|l ~l l~ // /~~~\_\ / \ l l
<<<< ritical l / l l l|l l l // / / \ l l
\\ \ l < l l l|l l l <<<< / ___ \ l l
\\ \_______/~/ l l\ \ l l l|l l l \\ \____/~/ / / \ \ l l_____
\__________/ l__l \_\ l___l l_l l___l \_______/ /_/ \_\ l_______l
==--> ==-->
____ __ ____ ==--> <03/26/92>
l \ / l ass ==-->
l \ / l __ ______ ______
l \ / l / \ / \ / \ A Technical
l l\ \ / /l l / \ / /~~~~~~ / /~~~~~~ text file newsletter
l l\\ / l l / ____ \ \ ~~~~~~/ \ ~~~~~~/ ~~~~~~~~~~~~~~~~~~~~
l l \\____/ l l / / \ \ ~~~~/ / ~~~~/ / Issue: 6
l l l l /_/ \_\ /~~~~ / /~~~~ /
~~~~ ~~~~ ~~~~~~ ~~~~~~
_____________________________________________________________________________
l Writters l Special thanks to.... l
l__________________________l________________________________________________l
l l l
l The Beaver l Shadow Hacker, Flea, The Phantom, l
l Shadow Hacker l Abigail, D.M., Section 8, l
l liaison l liaison and many other that I forgot l
l l to include. l
l__________________________l_________________________________________________l
Critical Mass Technical Newsletter is free to those who wish
to gain in further knowledge of topics of Telecommunications,
Datacommunications, Computer and Phone Security, Software and other
forms of piracy, explosives, and other forms of not widely known or
talked about topics.
All article are totally original, unless stated otherwise.
We will not except unoriginal, plagiarized articles, or article
that contain false information. We except articles from anyone who
is willing to follow these criteria, and as long the editors, writters
and S.A.O.O. members feel that the article is worthy to print.
We encourage all to download these files and pass them on
freely to others as long as credits of the editors, writer or
S.A.O.O. is not modified in any way.
There is no set date for release issues, but we attempt to
put them out as frequently as possible.
We now also offer BBS's outside the Tallahassee area to get
on our BBS listing. If you decide to get on this list, we will send
you issues as soon as they are produced.
If you have any questions pertaining to a article, please
leave E-Mail to the author of the article. If you cannot get in
contact with the author, please leave "The Beaver" mail at the
following BBS's, he will try to put you in touch with the author,
and/or try to answer your questions.
The Beaver
The Back Door BBS Temple Of Pong Internet Address
(904)997-6127 (708)717-1506 Brown@evax.eng.fsu.edu
termnet.uucp
Warrior's Retreat
(904)422-4606
Or, if you have access, one of the following S.A.O.O. BBS's.
The Upper-Deck <904>222-1291
Hacker Wholesale <Private>
ShadowGate <Not Up As Of Yet, Private>
S.A.O.O. Main <Private>
* As of this date, you might notice that most of BBS's that are
up are private. The "public" nodes does NOT imply that a user will
get into the S.A.O.O. It simply means that members outside the
S.A.O.O. will be allowed to call and discuss various topics.
If you wish to become a member of the S.A.O.O. please leave
The Beaver E-Mail, where he will send you an application for you to
fill out. From there, local S.A.O.O. members in your area will
consider you and take a vote on if at that date you can become a
member.
We are always looking for experienced and even
non-experienced p/hackers to join. Only after a back-ground check and
the vote, will you be let in. If you fail to get in, do not be mad,
we have turned down many people. Simply wait, improve the reasons
that you where not let in, if possible, and in the mean time, learn.
We are also looking into other remote S.A.O.O. support
boards to net with and share information with. In the event that
you would like to support a S.A.O.O. chapter in your area, please
contact a member of the Tallahassee S.A.O.O. Benefits do come.
Currently we are looking into mostly the Florida region,
from Jacksonville To Miami, but are willing to reach into other
areas.
Head Chief And Writer - The Beaver
Editor - Flea
Members - <S>ilicon <A>luminum <O>xidation <O>rganization.
This Issues Articles Include:
I. - A Brief Editorial
By The Beaver.
II. - Stupid VMS Tricks To Amaze And Piss Off You Friends With.
By The Beaver.
III. - A Small Telenet Directory Of Washington and NY Areas
S.A.O.O Telenet Directory, Part One.
By The Beaver and Shadow Hacker
IV. - Tymnet Directory Listing
S.A.O.O. Tymnet Directory Listing, Part One.
By The Beaver, Shadow Hacker and liaison
V. - Taking DECservers Off The Air
By The Beaver.
VI. - ROLM Data Lines, A SAOO Memo
By The Beaver
VII. - A Critical Profile <Shadow Hacker>
The Beaver
VIII.- Closing Notes And Letters.
The Beaver.
______________________________________
l l
l Brief Editorial l
l The Beaver l
l____________________________________l
Welcome to Critical Mass issue #6! Sorry for the delay,
but much has been going on in our little world. Now on with a
little bit of news and a little bit of chit-chat.
FIRN <Florida Information Resource Network <904>488-0650> has
undergone a few changes. They are know supporting CRDC <Centeral
Florida Regional Data Center> and CRDC VTAM. It operates pretty much
like NERDC <Type: Nerluis at the "username" prompt>.
The advantages? Not much from our standpoint, except that is
provides another lame loop back to FIRN, put that's about is. Other
than that, it also will allow access to other machines such as CICS
<State accounting system> and make it easier to get to CRDC than
having to go through NERDC to get there. Other than that, that's
about is.
FIRN also claims that you have to now have authorized access
to get to services like FAUNET <Florida Atlantic Univ. DECserver>,
FSU <CDCnet> and UFnet <Univ Of Florida Netowrk>, which are no
longer listed on the service "menu". This is partly untrue though.
Though you cannot access FSU's CDCnet as you use to <But typing
"FSU" at the username prompt>, it can be accessed by typing "SCRI"
at the username prompt. We are not sure if they are aware of this,
or if they simply changed all the service names to insure security,
but this is what we have found.
It is not really even known if UFnet and FAUnet are still on
FIRN, but it is speculated that it is, since FIRN still supports
FAUVAX.
When asked about the changes in the network, they said it was
"due to security problems that we <FIRN> have had in the past".
A little bit of a myth is going around about the caller ID
blocking in our area <*67>. While is does display "<PRIVATE>" on
the ID box, it will NOT however stop the custom calling feature
"Last caller" or "Call back".
I recently overheard two people talking about call trace and
such, when one said, "Naaa, It's impossible to trace calls on WAT's
lines".
I would like to clear up this myth. ANI's <Automatic Number
Identification> work very well on WAT's lines. You don't believe
me? Try code hacking on US Sprint or MCI. The only place that call
trace does not work effectively is on old SxS and old Crossbar and
all none ESS's <Electronic Switching System>, which on WATs are few
and wide.
Last but not least, SAOO has a new support BBS <Run by myself,
a new hack type, liaison and Shadow Hacker>. It is as follows....
The Upper-Deck BBS <Part Of SAOOnet>
<904>222-1291
300/1200/2400
24hrs / 7 Days a week
We support all "educational" files on p/hacking and also have
many other utilities and such. Right now the BBS is in is building
stages and is off to a rocky start. We expect to upgrade quite a
bit within the next year. Hopefully soon, we will be running on a
386 25mhz, with around 130 meg on-line, and will support SAOOnet.
We are also planing on networking with ShadowGate <Private> using
TCP/IP. Anyrate, give it a call, because we might decide at anytime
to shut the board and stop excepting new users.
That's about all on the home front. Chow....
---==<Beaver>==---
_________________________________________
l l
l Stupid VMS Tricks To Amaze l
l And Piss-Off Friends l
l With. l
l The Beaver l
l_______________________________________l
Here are a few little things that myself and other
S.A.O.O. members have done to piss each other off, or other
people. The information here is relatively none harmful.
There nothing big in here. Also, I will not attempt in fully
telling about all the VMS commands except for a brief
summary. if you have any questions, use the VMS Help
facility or contact me.
The Simple Mail Loop Trick.
This runs on a very simple principle, and that you use a
simple little batch loop to send mail to your "mark" <your
target/enemy>. Heres how it works, create the following
using the VMS "CREATE" command. Type at the DCL prompt......
create 1.bat
When you hit return, you will notice no other prompt
appears, but worry not, because create works just as MS-
DOS's "copy con" command. Now at this point enter......
$ mail sendme.txt <uname here> <node/address here>
$ submit 2.bat /noprint /nolog
Now hit control-z and you have created "1.bat". Now do
the exact same as above, with the following modifications...
create 2.bat
$ mail sendme.txt <uname here> <node/address here>
$ submit 1.bat /noprint /nolog
Hit control-z and, yeap, you just created "2.bat".
<NOTE: Include the '$', for these tell the VMS batch process
the these are just standard DCL commands.>
Ok, now we just have one more file to create. That's the
"sendme.txt". I would just use the create command as you did
before. You can pretty much make this anything that you
desire. For instance.........
create sendme.txt
Hello <uname>,
Gotten much mail today?
<CTRL-Z>
Now, we kick this baby off, but first, I will explain
what this program will do real quick, though it is quite
simple.
In our file "1.bat", the first thing it will do is send
the "sendme.txt" to our mark. After that, is will start up
the "2.bat". In this, it will send mail all over again, and
start up the "1.bat" again. So basically it gets caught in a
loop!, So what now right? Well, if you will recall, when new
mail arrives to a user, if he is on-line, he will get a
message along the following lines "NEW MAIL ARRIVE ON NODE
<BLAH> FROM <BLAH>". The mark will have a little bit of
trouble in doing his/here work. Heres how we kill our baby
off.
submit #.bat /noprint/nolog
The "#" can be either one you desire, cause it don't
really matter at all. Now let me explain a few things. Once
you kick this guy off, it is relatively hard to stop. I know
of three ways, but I will let you figure them out. After
all, that's what hacking is all about anyrate, huh <Grin>.
One thing I will let you in on is that the /noprint
basically disables output to the console printer <This you
don't want, unless your going to an OP, but I got a better
stupid trick than this, for that!>. The /nolog makes it so
that it will not fill your directory with thousands of logs
of worthless crap.
- Kicking each other off
Heres another stupid, yet entertaining thing to do to
those who don't know about this. Sometime, when I hack with
my friends at D.M.'s place, we use to pull this on each
other and get in little wars <HEY! We had been up a long
time!>. Slip in under a account that one of your fellow
hackers is on <Preferably a new, young, nervous guy>. Show
the users, and get his PID number for HIS not YOUR current
processes. Now type in the following.....
stop /id=<pid here>
For example.....
stop /id=01922012e
What happens? It logs him out. Preferably do this while
the mark is getting a huge buffer capture or something.
Pretty mean, but that's life. You could also, before you do
this, rename the marks "LOGIN.COM" <The one with the latest
version number!> and make a new one with the simple command
"$logout" in it. So as soon as the mark gets on, he gets
logged out. This works well when breaking in a new,
inexperienced friend or what not, cause you can look at the
kid and say shit like, "MAN, they busted you hard! HHOOLLYYY
SSSHHIITTT! OOHHHH AHHHH", then watch his young face go
pale! Don't try the with experience hacks, they will just
look at you and say, "gemme a break" and ctrl-c out of the
LOGIN.COM.
I did this on a hack friend of mine when he was a up
and coming type, except he was on a teletype trying to
print out a 100k file. I made it last for 30 minutes till I
could not control the laughter anymore.
The fill the que trick.
This one, I guess if it ran long enough, might actually
cause damage, but I doubt it. It works on the same bases as
the mail routine, in that it is an endless loop. This one,
you only do to OP's though, cause it will be noticed.
Write the following program <Here in BASIC, but write it in
anything you desire>.
10 for i=1 to 100
20 open "me"+str$(i)+".com" for output as#1
30 for d=1 to 100
40 print#1,"$submit me"+str$(i)+".com"
50 next d
60 close#1
70 next i
Run this program then exit BASIC. Basically, you have
created 100 batch jobs. Each batch job will then submit
each other. Now, heres where it gets fun. There is a set
number, or at least 99.9% or the time, of the number of
processes that you can have running. It maybe three or it
maybe seven, who knows. We will say that the system you are
about to do this on can handle five. Now, with five batch
jobs currently running, this means that 500 will be put in
the que <eventually>. When one gets done, one comes out of
the que and 100 more are put back in. Its a never ending
cycle. The que is nothing more than a holding pen. What
happens is that the computer say, "hey, I can only have five
batchs running, so the rest I will throw in the que till I
get done with these". So 95 go in the que. The other five
batchs say "Hey, run these batch jobs!", the computer
says,"nope, all you guys go into the que, I will pull you
out when I get done."
This tends to REALLY piss people off. Now think back on
what the /noprint command did. Well, since the que IS going
to fill and the OP's are going to notice, you might as well
put on a show. One problem though. It will create thousands
of log files in your directory, so you will want to employ
so why of deleting them. I just used the VAX key buffering
and entered "del *.log;*". This will kill the logs, except
for the ones in use.
The loop in line 10 can be modified to what ever you
want, but I would make sure I have the disk space before
attempting 10,000. Really though, 100 should do, because it
really would make no sense to use 10,000 once you think
about it. But let us take this a little bit further here.
Remember the mail loop you pulled on your friends? Ah, you
get it now..... Add this in at line 45.
45 print#1,"$ mail sendme.txt <uname> <node/address>"
Now, lets sit back and picture this seen.... This is
the way it happened for me, the only time I ever did this,
and I can only speculate what happened in the computer
center.......
Joe the op, is kicking back, doing what a lot of op's
do...... Just killing time. Staring down at his newspaper,
he heres a beep at the VAX console. He looks up, "NEW MAIL
ON NODE ADLE::", it displays. Two seconds later, line
printers <two or three I figure, never check out devices>
start going nuts. He gets up, but as he does, he hears yet
more beeps coming from the console. He looks back. His
screen is filled with "NEW MAIL ON NODE ADLE::". He grabs a
printout, it appears to be batchs running like crazy and
dumping to the printer's! He shows the que. He watches for
over 30 seconds at the list of batch jobs that are in the
que. He gets on the horn and calls a computer security
department and says, "we got a big problem". He thinks,
"another internet worm.....a virus.....".
Half way across the country, a hack know as The Beav.
is kicking back, deleting logs, showing users and the que,
and laughing bout it ,"I got that asshole back.". He thinks
to himself, "I knew this would be easy! I knew it would
work. I wonder how long it will take them to purge the que."
Back at the computer center, op's storm the consoles.
Its real evident as to whom started the whole thing after a
simple "show users". They read a piece of mail as it flies
in. It states something along the lines of, "Should not let
sorry shit head fake hack types kill <name here> on your
nice system. Tell the sorry fuck if he ever kills/or gives
out bogus 'hacked' accounts, life will get worse".
Meanwhile, Beav, still at his trusty term says to
himself, "I can't believe they have not purged the fuck'in
que". The Beav gets a ring. <BEEP>. A "VMS PHONE" request.
He answers.................. The only thing he see's is.....
HEY! YOUR FILLING THE QUE!!!!!!!!!!!!!! DAMNIT STOP RO\\
Connection closed.
Beav, "HAHAHAHAHAHAH".
They did finally purged the que, and as you can see, I
did this to take revenge on a guy up north that gave me
bogus accounts and then killed two of mine! Truthfully, I
just had to do it to see how well it would work also.
The odds of this actually crashing a system though is I
believe, remote to null. Shadow Hacker and I conducted a
experiment on a Utah VAX/VMS with no operators on-line and
let one of these guys run for over three hours and nothing
much really happened. The worse, it might have slowed the
system down a little bit.
I myself am very much against attempts of crashing
systems, though this article might seem other-wise. There is
no gain except for a few moments for "whoop" then its over
with. With all hackers though, I believe that every once and
a while, we like to try to push the limit.
These are not much more than jokes with little to no
harm. I do condone revenge though. The story above was true,
I just cracked the guys personal account and ran it out of
his. The time it was attempted in Utah was on a account
that had never been used. Well, fuck this explaining myself.
If you don't like it, to bad.
______________________________________________
l l
l S.A.O.O Telenet Directory l
l Part I l
l Compiled By The Beaver And Shadow Hacker l
l New York and Washington DC l
l 3/9/92 l
l____________________________________________l
Information on Telenet:
The First thing you need to do is obtain a dial up list. To do
this, call 1-800-424-9494 <1200 7E1, or 1200 8N1 with hit bit
striping on>. Once on, you will receive a "TERMINAL=", which at
this point, enter your terminal type, or just press return <TTY>.
You will now get a "@" prompt. From here type "c mail". At
the "Username?" prompt, enter "phones" and the same for the
"Password?" prompt. At this point, simply follow the directions,
and you will get your local dialup<s>. One thing I would like to
note, when using the 300/1200 dialups, when you connect, simply hit
return a few times. When using the 2400 dialups, you must enter "@"
followed by a carriage return.
For more information on Telenet, I advise you to get
Hacker's Unlimited issue#1 or LOD/H Technical Journal for more
information on Telenet. I did not wish to make this a text file on
Telenet, but rather a directory of listings scanned by myself and
fellow S.A.O.O members. These files can be obtained on The
Upper-Deck BBS.
Prefix: 202 <Washington, DC area> Scanned: 0-400
Suffix Information O/S
------ -------------------------------------------------------------- ----
001 Unknown PRIME
002 Unknown PRIME
010 Unknown PRIME
012 Unknown PRIME
031 OS/2 News Machine VMS(?)
032 Enhanced Net. Service --
042 VTAM VM
049 "Enter System id---", Unknown... Test port (?) --
132 Unknown VMS
141 Unknown --
142 Unknown --
150 "UPI>", Unknown --
201 Compuserve --
202 Compuserve --
214 Unknown <SPA> PRIME
217 Unknown PRIME
238 US Government VMS
245 "New-Line" AOS/VS
255 Morgan Stanley Network VM
259 "Acc from pad 'this' not allowed" --
261 Federate "* * E D G E * *" --
262 Federate "* * E D G E * *" --
336 Congressional Quarterly Online System VMS
337 Congressional Quarterly Online System VMS
351 "Acc from pad 'this' not allowed" --
356 Unknown PRIME
365 Lexis and Nexis --
366 Lexis and Nexis --
367 Lexis and Nexis --
368 Lexis and Nexis --
369 Lexis and Nexis --
Prefix: 212 <NYC-Bronx & Manhattan area> Scanned: 0-999
Suffix Information O/S
------ -------------------------------------------------------------- ----
030 Unknown (locks) --
040 Unknown --
041 Unknown --
053 Unknown VMS
079 Unknown --
085 PB System VMS
086 DECServer Rip-off --
100 Unknown VMS
101 Unknown VMS
102 Unknown, "Invalid sign-on" (need nui) --
103 Unknown, "Invalid sign-on" (need nui) --
104 Unknown, "Invalid sign-on" (need nui) --
112 Shearson Lehman Brothers (VTAM system) VM
130 Morgan Stanly, Gateway server (UN:access) --
131 Shearson Lehman Brothers (VTAM system) VM
137 Unknown <NY60> Prime
141 Unknown <Telemail,Connect 90940) Prime
142 Unknown < " > Prime
145 Unknown --
152 Unknown VMS
159 Unknown (locks) --
197 Bankers Trust WANG
217 Tymnet ripoff... almost... --
218 Tymnet ripoff... almost... --
226 Telenet PAD --
242 Unknown --
248 Unknown PRIME
255 PBS Development System VMS
258 Unknown, locks --
259 TAS System VMS
260 Banker's Trust Online Network --
275 Banker's Trust Online Network --
277 Unknown, Possibly a Telenet Test Port --
278 Banker's Trust Online Network --
279 Unknown RSTS
320 Unknown --
343 Unknown PRIME
376 Banker's Trust Online Network --
430 Unknown (Connect 31259) --
448 Emco Sales PRIME
500 "enter a for astra" --
502 "enter a for astra" --
503 "enter a for astra" --
504 "enter a for astra" --
505 "enter a for astra" --
506 "enter a for astra" --
539 Unknown --
561 Unknown VMS
571 Unknown, Very funny though --
580 Unknown --
603 Shearson Lehman Brothers (VTAM system) VM
615 Shearson Lehman Brothers (VTAM system) VM
625 Shearson Lehman Brothers (VTAM system) VM
686 Unknown UNIX
693 Unknown PRIME
703 Unknown, Very secure UNIX
704 Unknown, Very secure UNIX
713 Unknown --
734 Strange Unix Rip-off --
[Linked systems: 202 909761 <-> 202??? 909406 <-> 202??? ]
[ 6171371 <-> 202132 ]
[ ]
[Linked systems: 212 90940 <-> 212141 31259 <-> 212430 ]
This is NOT even to say that these are all the systems in
the NY and Washington area! These where very brief scans and there
are definitly more. In future issues, we will have better listings,
but these should be good enough for a part one.
____________________________________________________
S.A.O.O. Tymnet Listing
Part One
Compiled By The Beaver/Shadow Hacker/liaison
3/11/92
________________________________________
To get on Tymnet, dial 422-0149, if in the Tallahassee
area. If not, dial 1-800-222-0555. When you connect you should get
garbage on the screen, which at this point you should press "a". To
find out your local dialups, at the "user name:" prompt, enter
"information" or "help" and follow the instructions.
Tymnet is run by British Communications (BT) and serves
many commands all over the U.S. and outside. On Tymnet, you may find
out-modems, companys, other networks and much more. Scanning takes a
while, but is possible to do easy enough. If you wish for some
scanning pointer's, please e-mail The Beaver or Shadow Hacker,
because we don't want to give away our scan method for the fact
that they might take out the essential program we need that lets us
do relatively easy scanning. Though very little guess work, you
should be able to figure it out.
Tymnet runs on a X.25 network, which you have probably used
before. If you have ever been on FIRN, then you have been on X.25
networking. <Actually, Tymnet and FIRN are actually linked
together!>.
Lastly, as you may notice the "PASSWORD" section of the
list. One some services, you will notice a "No Password". This
either means that there is completely no password, or at the
password prompt, hit return a few times. This list was a SAOO file,
but it is not the original. It had to be edited so that some
possibly damaging information would not get out. To the date of this
article, these should be valid..... Heres the portion of the SAOO
file..........
Fellow hackers,
These are 166 tymnet services and all information available from
a very casual "look" at each. All care was taken to insure its
accuracy, however since we aren't computers, mistakes are bound
to be made. We apologize for any inconvience such inaccuracies
may cause. Please notify the SAOO of any mistakes made herein
at either of our BBS'es...
The Warrior's Retreat @ (904)422-3606
The Upper Deck @ (904)222-1291
- Shadow Hacker
- and -
----==<The Beaver>==----
And a thanks to Liaison, a new prospective member of SAOO for his
assistance in verification and his diligent researching of tymnet.
Thanks a lot!
-----------------------------------------------------------------------------
NAME PASSWORD INFORMATION
--------------- --------------- -------------------------------------
aa No Password Outdial Modem
access
account
ace
admin
air
aleart No Password
apple No Password NISNet
archive
avl
b
banana
bbs
beaver <No Kidding!>
ben
bill
bio No Password
bird
bix No Password Byte Mag. Information Exchange
book
brown
bs
bubble
buf
ca No Password VAX running VMS
canada
carrier
cash Credit Check???
centel Centel, The Phone Company
chain
cheese
class
comet
corp
crash
dec
decnet
dialnet
e
easynet No Password Credit Checking ? We think so...
ed
eds
express
fire No Password Firestone/Bridgestone
fork
frank
franklin
fred
games
gate
giga
gold No Password Telecom gold, ";" prompt
gte GTE?
hal
help BT Information
homer
horse
houstor
hst
idea No Password "Not available thru net"
inet
info
information No Password BT Information.
inter
isreal
jackson
jacksonville
jet
john
jupiter
kanta <Crack Ye Own!> DECServer, hacked by Mad Max (TE/TP)
kk
lan
lawrence
lee
lexis No Password Lexis & Nexis
liberty
life
log
london
lotus
lu
ma No Password Hayes Inc., VAX running VMS
mail
master
mbs
men
miami
michel
mickey
micro
mike
mil
morgan Morgan stanley server?
naee
national
nea
nes
net
new
nn No Password
no
null No Password "Usernae Invalid"
ny
office
old
online No Password
operator
orbit No Password
outdial Outdial Modem?
pan No Password Demo
panama
panasonic Panasonic
paper
pascal
pay
pc
ph No Password VTAM server
plae
prodigy Prodigy Online Service
pub
reserve
scan
scott No Password
scri FSU SCRI?
shadow <No Joke!>
shearson Shearson/Lehman?
silver
skim
spring
sprint Possible US Sprint?
steel
stop
sun
super
switch
sys
system
t
tape
target
telenet Telenet Gateway
temp
test
tester
think No Password Thinking Machines Corp
town
transfer
tray
trwnet TRW Credit System
turbs
turtle
tv
tymnet Tymnet Gate or what?
univ No Password "host shut"
usa
user
username
vax
vision
voyager
war
warrent
water
wheat
-----------------------------------------------------------------------------
<EOF>
We went to painful stakes to get this to you, so please use it
wisely. Thanks. Chow
____________________________________
l l
l Taking DECservers Off The Air l
l 3/13/91 l
l By The Beaver l
l__________________________________l
This is an "educational" file, that I thought that I might not
release, so please just treat it as a educational file, and don't
abuse the information in this file. Though, one person has tested
the information out, I have not. Though, according to his results,
it did work, and needless to say I was very pissed.
This information should also hold true for EMULEX and other
ripoffs of DECservers. Once again, this is only for the pure
knowledge.
When I say "off the air", I am not referring to the fact of
"crashing", but rather the method of modification of characteristics
that will make it so the DECserver cannot be used from certain
or all ports. It is actually quite simple, and 9 time out of 10,
you would not need "priv'ed" access to do this.
There are two commands that one must be familiar with in
order to understand how this works. The "set" and the "define"
commands. The "set" command basically means that the characteristics
changed will take effect immediately. For example, if I say "set port
broadcast disabled", my broadcast is disabled right after I hit
return. Now if you say "define port broadcast disabled", it will
not take effect until a> next user logs in b> the system is init'ed.
Ok, with this in mind, lets imagine this, what I said
"set port output 75". What this would do is set the output <I.E.
when you connect to another computer though out the DECserver> to 75
baud. Either your connection to host machines would be real slow,
or most probably, it would not support it. This would take effect
right away. Now if you said, "set port input 75", it would change
your port speed to you to 75 baud and all you would receive is
garbage. How could you get back on? Logout and log back in, because
remember, the values will go back to there "defined" values. Now
you should be getting the picture. Now if we use "define" instead
of "set" it will be held in the DECserver database, and the only
way a user can change the defined values is to get on that port
<Unless there is a cleared port and you have priv'ed access, or you
can reboot the server from original with original settings>. Now in
that last bit, we "defined" the bauds, but other things can be
changed, and remember, while you are on, they will take no effect
until AFTER you have logged out. After getting a little help, you
will see that there should be no problem in changing the parity,
stop bit, data bit's, etc, etc.
If I remember correctly, it is possible to set yourself up
with something like 75 baud inspeed, 75 baud outspeed, parity odd,
stop bits 2 data bits 6!!!. So the next person to call in would
have to have there terminal set to these spec's! No way that will
happen!
Now you can off online the ports you have access to, unless
you are priv'ed in which you can off them all. If you have access
to all the ports, then there would be no problem with off'em all.
Anyrate, this was just a little bit of information I
thought you might like to know. I found this out about 8 months
ago, and I am working straight my "not static memory", as Shadow
would say. Anyrate, any errors or questions, please contact me, The
Beaver. Chow
____________________________
l l
l ROLM Data Lines l
l A SAOO Memo l
l The Beaver l
l__________________________l
This originally appeared on the SAOO backboards, but has
since been released. It is basic information on ROLM Data Lines.
The phone numbers have been changed to protect the system, contact
me or a fellow SAOO member for more information on the system in
question.
"ROLM Data Line Information.
This file was written due to new information on ROLM Data
lines, and the ROLM data line in the 599-xxxx.
ROLM data lines is basically a network that has many, many
function and great uses. It operates on a "CBX II", and offer the
following services <If setup>
SuperPBX, Voice Mail <VMB>, LAN's, Public and private data
transfers, Desk top, call management, Voice communications,
Mainframes and Video <Like video phone and such!>
The lower end ROLM, probably like the one we are dealing
with <ROLM7e I think>. The stat's on it are as follows......
165 channels / 15 nodes providing 115,200 2 way channels.
The stat's change when a ROLM bus is installed
<uninstalled, top baud it 115.2k Baud, with it a mind blowing 3300k
baud>. This is nice and all but, in lines operate at 300bps, so
this impressive info does us no good.
Ok, now you know a little about ROLM systems. The cool
thing about ROLM systems is that it does not use RS232C's, but
rather actual phone lines! There are two ways to access a ROLM
system.
1> Using a touch tone phone. This is a lame ass way, plus we don't
the phone number.
2> Data. We DO have the phone number.
To get to the point, we all know, or at least should know,
that the 599 prefix serves beepers/VMB's. Now think about
everything just stated above, and think...........
The ROLM date line supports phone mail, and other
communications. Hmmmmm, 599 has lots O' VMBs and beeper's. I think
you get the point.
Now outgoing calls are recorded, so precautions should be
taken. We could pull a Social Engineer after trashing at the ROLM
office to gain information.
You see ROLM has to be set up simple like, so the average
secretary or business man can access it. It's simple enough in
most cases that a 10 year old can operate it.
Sometimes these systems have passwords, other times not
<Like in our case!>, but this does not mean we are priv'ed or
anything. Bad news is that, our ROLM system does not appear to be a
standard, in that it don't respond with a "Call, Display Or Modify"
prompt. <Shadow hacker, this should ring a bell. FIRN SERDECserver?
We used there crappy no good ROLM dataline there, or that might
have been me and the Nut-Kracker. This was a while back.>
The commands are just as it should prompt, call, display or modify.
Heres how to get a list of services/file/whatnot.
type: Display groups
you should get something along the lines of this.....
[21] Payroll [11] Accounting [01] System1243
[23] Number [12] Etc [99] Etc
To connect/access a area, you would type.......
call payroll
<it would say>
Calling 1423
* Connected To Payroll *
Or something along these lines. Now, as of the writing of
this file, I have not checked out these commands. As I said, it
almost appears though that this is a non-standard system. I will
check them out though.
This system can only be one of two things. There is a
office in the 599 which is ROLM district branch. This could be good
also. Even better, this could be what controls the VMB's or what not!
I am sorta leaning on the ROLM district branch, but it could be
possible that the city is also using it and ROLM does all up keep
and what not.
Another fact is that ROLM's can support more VMB's and what
not then the entire 599 prefix can hold!!! Anyrate, that's all, I
just thought I would let you in on the deal, ideas and information.
The ROLM I found <back in 1988 or 89 and it is still working!> is
the following phone number.
599-xxxx
WARNING: I would advise routing though a extender. I know,
you don't have one. Well, I found one about 4 months ago but lost
the phone number, and will be scanning for it again SOON. I believe
it is somewhere near the middle of the exchange. Anyrate, have fun,
and please give me feedback on this stuff. Chow.
---==<Beaver>==--- "
_____________________________
l l
l Letters l
l___________________________l
Well, I didn't buffer my mail as usual, so I will have to
reconstruct some of the mail that I got.
By: Black Knight
When is Grind3.0 coming out?
>Well, It should be out soon. Within this month possible,
but so much has been going on that I have not been able to work on
it as much as I would like.
Pretty much all that needs to be done is completing the
trojan compiler, and get a good VGA intro screen, and that will be
about it! Anyrate, you are sure to enjoy, its worth the wait.
By: ?????????????
I've been playing with the DECserver number on Telenet that
you gave me, but I am unable to get the DECnet priv'ed password. Do
you have it.
>I wrote those articles on DECservers just to give a look
at the possible things that you can do with them. Forget the
priv'ed access, its nice but no big deal. Go for the systems that
are connected to the server. Usually, the computers that run the
server is alot more run than the server itself.
By: ?????????????
Some of the services on FIRN are not on the main menu.
Where are they?
>FIRN changes every 6-8 months it seems, so it is very
likely that the services mentioned in past CM's may not work
anymore.
____________________________
l l
l Final Notes l
l__________________________l
Well, that concludes yet another issue of Critical Mass. I
hope that with this issue, and others, that you walk away with a
little bit more knowledge then before you started. Anyrate, have fun
and happy hacking...... Chow
---==<Beaver>==---
<EOF>
