The Discordant Opposition Journal Issue 11 - File 2
The Ancient Art of Port Surfing II :by `das<<<`amatier>>>
- addition to D0J-06 May/99 by cronus
--------- Modem Leaping---------
Ok, this goes out to all the Laim-ASS-Admins at Central Offices that support Broadband and do not know how to implement security for their clients. To start off one thing you must know is what Port 23 is. If you do not know what telneting is or how to implement it , then stop right here. Go educate yourself on telneting.
Now to start thing off again what we need is around 10 Host IP address so we can play with. You can make a list bigger but 10 is more than you need since we don't want to spoil ourselves. A great way to get Host IP address`s is to Spark up your favorite IRC client, Any will do since we all claim that the one we use is the best there is. You, know how that goes. Ok after you have your client up and running we are going to search for channels that will claim they are Cable or DSL only. I found a lot of cable/dsl users in channels that claim they are T1 but doesn't mater how you get them.
You can even do /whois *.dsl* in your client. Now that you have some users with cable/dsl, you are going to spark up your favorite port scanner, again we all have our favorite so I wont mention any particular one. But, your port scanner must support scanning sub-nets like xxx.xxx.xxx.1 - xxx.xxx.xxx.254.
Ok first rule to remember when doing this don't look like a cheesy ass rookie and start off by scanning the Op`s of the #channel, the first thing you want to do is !rules or !list like your actually into a Warez #channel and don't look obvious. I usually start off on the bottom of the user list. And don't worry about scanning someone and getting logged on their firewall software. If you are all you have to do is scan 1 to 1 IP below his IP and one after his IP-254. Ok what we are scanning for is the basic port 23 which of course is the Telnet. After doing a few of these you will start noticing that a lot of them have port 23 open and a few other ports but we only need the 23. Ok, Getting the first Host IP sucks because this is were your actually going to be logged. try to telnet into one of the modems you got port 23 open on. When it comes up sometimes your automatically in. sometimes just hit enter and a login prompt appears. Sometime you have to type login administrator and <enter> password: <enter> you will be surprised how many of them have no password. Remember that the user is always going to be Administrator or Admin, I think it there is no password because of the training that these companies got, trying to set up so many people at one time and are behind with the paper work. who cares any ways, because when you get your first one now you wont be logged anymore since you can clear the ARP cache table in this modem once your in, also you can try to telnet to other modems if you get in, this host modem IP gets logged not you. Ok once you in your going to either type <help>, <?> or <show> for most modems. what to look for is the config, we want to get the make and model of this modem so we can goto the modem companies website and download a PDF or something on their command lines for the modems. theirs not much what you can do but it's the little stuff that is cool. like telneting from the modem to other places with out you getting logged or trace route from another location from across the world.
Ok, lets say some little wanna-be is like nuking the shit out of you. all you have to do is log onto a few of these modems and ping -commands to his IP address and bamn, you will see him struggle to stay connected. In his Firewall he will not see your IP address which is the coolest part. I don't recommend doing that, basically you can log on to a modem start the pinging someone and just kill the Telnet session and it keeps on pinging the IP forever or however many times you specifies the pings to be and the packet size. Some modems are different and you can only ping like max 3 times or so what to look for is modems with unlimited capabilities. Ok this is not the only usage for this, mainly what I use them for is to try to Telnet into other shells from the modem to hide my identity. On major rule to remember is to clear the ARP cache right before you kill your session what you want to do is just kill the session after you clear the ARP table because if you log out you will be logged, logging out. I was really bored one day to see how many modems I could Telnet threw and I kept going till I ran out IP address, So I talented to mine. It was cool but useless for that point. Im not going to tell you about all the route additions you can make to this cable modem for all the fun stuff, but you probably will have tons of ideas ounce you learn your way around a few of these modems and what the command lines and capabilities are.
What ever you do , do not type reboot because it logs your IP as <reboot command from your IP Addy> and that's not what you need is someone calling up their Central Office and claim there is a problem with their modem, "Ya its been rebooting a lot lately", so the technician logs in VIA Telnet and finds out that there is no password; fixes that, looks around little more and notices that your IP address has been logged in the aRP cache so many minutes ago and your IP addy is the one that issued the reboot command. Also don't change the password at all because that's even worse.
since messing with FCC regulates Hardware&Software tampering a Federal offence. To get right down to it this is a real basic thing but the usage it near endless.
Happy Modem Leaping, and don't for get to clear the ARP cache.
-----------
I have seen the future, and have seen the past, and yes our master is thier.<<<`das`amatier>>>
