informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/bbs/DESTRUCTION/bbshack.txt

341 lines
18 KiB
Plaintext
Raw Normal View History

Initial commit
2021-04-15 11:31:59 -07:00
HIT Inc. Presents...
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20> The Really Fine Art of BBS Hacking <20>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Written by Vortex
Distributed By Exclusive Right of HIT To the World Terrorism Network
Please Read WTN.NFO <20> Please Read WTN.NFO <20> Please Read WTN.NFO
File Description: The Really Fine Art of BBS Hacking
HIT Non-Regular Release...
How to hack a BBS.
Disclaimer:
Hired International Terrorists, Inc., will have no responsibility on the
actions of the readers of HIT, Inc. In no way is HIT to be in fault as a
result of any actions, directly or indirectly relating to this textfile.
If you cannot do this, do not read this. This file is for information
purposes only.
NOTICE: I am writing this file to the novice, although people with more skill
will also find help with this text file. I am spending a lot of time on this
file, so don't question this. If you know something, skip over it, because
there will [probably] always be someone who doesn't know it and will be
really fuckin' pissed 'cuz I'm talkin' about something he or she don't
understand. GOT IT?
NOTICE: Using This File....
READ THE ENTIRE FILE!! I include vital information that is not included
in the beginning, so PLEASE, for your own safety, READ ALL OF THIS!
BULLETIN BOARD SYSTEMS
----------------------
Today, everyone involved in some way or the other knows about "BBS's". This,
of course, stands for Bulletin Board Systems. These systems are vast holding
areas of information. Some of this information is released to any Joe or Jane
down the street. Some of this, though, is reserved for an elite few.
BBS's run off of BBS programs. The people who program these programs
occassionally [hell, USUALLY] put in "backdoors". Backdoors are functions in
the BBS program that will allow someone with knowledge of accessing the
backdoor to get more access to information. Usually it is a function to allow
the backdoor user to enter the host system's OS (Operating System). If you
know how to access these backdoors, you're in luck!
Backdoors differ between programs. Even between different versions of the
same programs, backdoors can be changed, added in, taken out, etc. However,
there are ways to access backdoors.. where they don't exist.
That is what I will soon be telling you. Sit down, put on those reading
glasses, and get ready.
BBS "SECURITY"
--------------
System Operators (SysOps) are the people who run BBS's. These are the people
who reach into their pockets to pull out the good ol' check book and credit
card (usually it's their own credit card) to pay for a computer, a modem, a
phone line, and a BBS program for y'all to use. Respect these people. Know
how they feel. Figure out their tricks. Do WHATEVER you have to do to get an
edge on them.
SysOp's usually choose their BBS program usually a sorta mental checklist
that they probably don't know about. Is the program decent looking? Is the
program flexible enough to make my board look original enough? Is the program
able to support expansion, doors, whatever? And, IS THE PROGRAM SECURE??
SysOp's usually feel that their program is secure. I have heard SysOp after
SysOp say "Oh, I KNOW my BBS is secure." And, sadly for them, one by one, they
were hacked.
While I have the change, let me tell you about "HACKERS" and "DUMBASSES".
Hackers live in the pursuit of greater knowledge, information. They see BBS's
and other systems as a warehouse of information. DUMBASSES, aka FAGS, aka
DICKHEADS, whatever, see BBS's as places of trashing. Now, I admit that I
have trashed once in a while. But always with a purpose. Sometimes these people
had information on me that I would not like them to have. TRASH. Sometimes
these people REALLY annoy the shit out of me. TRASH. You get the point.
Hacker's take advantage of the SysOp's ignorance in thinking that their
system is secure. Since most (hopefully all) SysOp's won't sit by their
computers all day, watching and watching pathetically in the hope that their
system won't be hacked. You really have to know the SysOp's hours, even though
they varied. Once, I was in the middle of a hack, I had a bunch of the SysOp's
files, blah blah blah, and the SysOp breaks into chat!! The guy didn't figure
out that this was a hack, and we hung up, him thinking that I was the guy he
thought I was talking to (one of his Co-SysOps, whose account I "manipulated"
to get access to his system) and I thinking that the SysOp was a total loser.
Which is true.
Anyway, BE CAREFUL!! Paranoia isn't that bad, to tell y'all the truth. Get
lazy, get careless, get in trouble!
SWEET-TALK
----------
This is a good way to get started!!
Call any local lame board. Since it'll probably only be about 10 cents or so,
no big deal. Leave the SysOp some nice stuff about how you'd like to become
"known" in the BBS world. Sweet-talk away. Manipulate. Offer him or her stuff.
Have him call you voice. Chat away. Eventually, if you have a little luck,
you will get Co-SysOp access.. or even SysOp access. When you can, when you
know the SysOp is away, take advantage of his trust in you.
Most BBS's knowadays have ways to get into the main system's OS. That
later. For now, here are some hints about sweet-talking.
<20> I know many people will say it's dumb to put
down your real user info. Well, I don't. First.
if you get CoSysOp access, the SysOp will probably
call you sooner or later. It's better that you have
your real name & Phone # for that. Think about it.
<20> Don't EVER tell ANYONE your intentions. It's just not
good health.
<20> Don't "document" your activities 'til long after it's done.
ENTERING THE OS
---------------
For now, I am assuming that you are going to be using DOS (Disk Operating
System), which is common on the IBM compatible computers. Mac boards may be
harder to hack, but it is doable if you have knowledge of the MacIntosh
System, or better yet, you can make a door using something like HUX and use
ResEdit or something. Figure it out yourself, I don't know much about Macs.
Anyway, if you can sweettalk the SysOp for Co ACS, that's great. If you
can't, maybe you can get the SysOp to run a door. If you can, program a decent
looking door with a backdoor feature. If you know anything about programming,
that shouldn't be too hard. In fact, using QuickBASIC or something, that's
pretty simple. Remember, don't use something like QBASIC, you must have
something that'll let you compile the file!!
I plan to release a file on backdoors, or it may be included in the BoRG
Journal of Miscellaneous Activities, or whatever it will be called. Anyway,
I will give you some hints on how to do it.
Once you have programmed the game part, or whatever it is, it's time for
the backdoor. If you are programming the door, you will probably need some
info from the BBS program. The BBS program creates information file about the
board and the user, and creates this anytime a door is executed. There are
several different formats:
DORINFO1.DEF, CHAIN.TXT, DOOR.SYS, etc.
Since nowadays BBS programs can support many of these file types, use
something that you know. I personally use DORINFO1.DEF. When this is run, the
file will tell the SysOp's name, the BBS name, the user's name, the user's
ACS, the BBS comport and baud rate, etc. This is necessary for operating the
door. You also need the comport.
When the backdoor is activited (you must figure out how to this yourself,
or wait until my textfile comes out), you should have the program execute
the following DOS commands:
ctty COMx
command
Of course, x will be the comport. You can make a string out of COMx, and then
stringcopy it with ctty to make "ctty COM1", or ctty COM2, or whatever. You
figure it out.
This will let you into DOS. Not bad, eh? Since a lot of programs now use
DSZ, all you have to do is type in the command string for DSZ to upload or
download files at your will.
If you can't make a backdoor, and you have Co-SysOp ACS, you will probably
be able to get to the menu editor. If you can, then find out the SysOp's COM
port. Then create a batch file to be executed with the DOS commands:
ctty COMx
command
You know the routine. Also, on certain BBS programs, such as WWIV and Telegard,
there are such things as PKUnzip routines. This occurs because the system runs
PKZip and PKUnzip, and/or other archives, through the system's path. Newer
programs, perhaps even newer versions of the above mentioned programs, have
fixed this problem. But try it anyway.
DEVELOPING HACK TECHNIQUES
--------------------------
No BBS program is truly hack-free. It's just that maybe you (or anyone else,
for that matter) knows how to hack it. The way I learned to hack was using
my really ultra super fast 2400 bps modem to download all the BBS programs I
could. I discovered ways to get into the thing. Do what I did. No one will be
willing to give you all the information on a platter. You have to dig. The
World Terrorism Network, which, BTW, is owned and operated by BoRG, is an
excellent place to start, but it does not give all the information, both
accidently, and purposely. New programs are coming out every day, and updates
to existing programs are released. These new programs and these updates add,
edit, or take out backdoors. A backdoor that worked on version 2.0 may not
work on version 2.01. Or 2.0a. Get the point?
HPACV ETIQUETTE
---------------
I'm including this file because it was requested from the World Terrorism
Network. Share your information, but don't give it out on a platter to any
Joe or Jane who comes by. And don't distribute these files. I know you want
upload credit, blah blah blah. If I find, though, that this file was
distributed without prior and firm approval by the World Terrorism Network
AND BoRG International Terrorism, then I, and all the writers contributing
to the World Terrorism Network, will stop writing. Got it?
WHAT IF YOU'RE CAUGHT?
----------------------
What if you're caught? This can happen, no matter how safe you are. Since what
you are doing is not legal, you should know what to do. I have never been
caught, but have come pretty damn close. If you are caught, then you can do
the following things:
1) Say someone hacked into your account and used it to hack others.
2) Give false information.
3) Deny everything.
Do not, I repeat, firmly, DO NOT go for any deals. If you are charged legally,
do not make any deals, do not give any information. Just SHUT UP and get a
lawyer. I never had to do this, but as a respect for the community, if you
get caught, don't make deals, don't think you'll be getting any short cuts.
Just shut up, don't answer any questions, and get a lawyer. Got it?
"BRUTE FORCE"
-------------
If you can't get into the system using the above mentioned techniques,
namely Sweet-Talk and Back-Doors, then you must use the brute-force method.
Try every single password you think could be appropriate. Remember, try this
after trying the above methods. This will require many callbacks, and you
shouldn't give up, no matter what happens. BBS programs almost always record
the number of unsuccessful attempts at a password. If you do 5 incorrect
passwords, it will record it. If you do 5000 incorrect passwords, it will
record it. So don't give up.
Here is a list of who to hack:
(1) Someone with SysOp or Co-SysOp access. If necessary, do the SysOp, though
that is not very wise, because the SysOp can log on more
frequently and check the logs of the passwords.
(2) Someone you know
(3) Someone who's password you know.
Here is a list of types of passwords to use:
(1) Try there real name
(2) Try there handle
(3) Find out what music they like, and enter the name of their favorite or
one of their favorite groups
(4) Use combinations. For example, if their first name was Albert Brandy,
and their handle was Crimson Death (no relation to the real one), the
password might be ABCD.
(5) Type in the city or the borough they live in.
(6) Their high school
(7) Their girl/boyfriend, someone they like, best friend, etc.
(8) Mother's maiden name
(9) Computer Type, Computer Speed
(10) Street they live on, or street they live near
(11) Name of school, Name of Place of Work
(12) Favorite school subject, Name of Job
(13) Favorite club, bar, pub, place to hang out
(14) HPACV group they are member of
(15) Favorite TV show
(16) Favorite Radio Station
(17) Favorite Book
(18) A Day of the Week
(19) Curse words, like "FUCK", "SHIT", "FUCK YOU", "BACDAFUCUP", etc.
(20) Any of the above, with prefixes/suffixes like "FUCK","SHIT","FUCK YOU",
"BACDAFUCUP", etc.
(21) Zip Code
(22) Random Number
(23) Name of BBS
(24) Name of SysOp
(25) Real First Name
(26) Real Last Name
(27) 25 or 26 above, little changed around. Like DAVID would be DAVEMAN.
(28) phone # of the BBS
[ Note: Check out PW-HACK.WTN coming soon on the World Terrorism Network! ]
That's all I feel like typing write now. Maybe sometime in the future, HIT
and the World Terrorism Network will release a much longer file, maybe 200
or 300 types of passwords. But for now, this will do. Remember, even if you
try every single thing here, you may not get the password. Don't despair.
We at HIT are looking at various user data files (some of them are even
from our own boards!!) with passwords, trying to figure them all out. We are
getting there.
See ya......
WHAT TO DO ONCE YOUR IN
-----------------------
You must be very careful once you are in. You do NOT want to lock up the
system. Therefore, do not run any .EXE programs with prompts that the local
user must enter. Like, don't run CSHOW to view the XXX GIFs that the SysOp
has online!! It will hang the program until someone comes over to the local
console, gets out of CSHOW, and whatever!! Like the SysOp's gunna do that and
let you on your way??!!
First thing I would do, even before you start hacking the system, is get
a copy of the program that is being run. This is extremely useful, not only
for figuring ways to get into the system, but also for getting the user lists
and the message bases all up and ready.
You should use something like DSZ to transfer your files. If the program
does not require DSZ, then upload it, unarchive it, and set it up. After you
are done, delete it, viola, you are done! I won't get into how to use DSZ,
as it will vary from user to user, the BBS, and the protocol. If you have the
brains to read this file, you can probably read... the docs!! (oh my.)
First thing to do is to download the user datafiles. Sometimes this is more
than one file. Check carefully, don't miss anything. I feel very uncomfortable
doing breakins for very long times, as it arrouses suspicion, and I also hate
having to call back to finish a job I could have done on the first entry. So
make sure you got everything, and GO.
Next thing to do is PKZip and download the infoform. You don't have to ZIP
it, but, alas, I still run with a 2400 modem, and ergo, it takes me much time
to download the fuckin' 2 meg infoform!! So ZIP it, ARJ it, FUCK it, BLOW it,
EAT it, whatever the hell you gotta do, and DO IT. End of line.
Next, download the private message base. This includes all of the new user
validation letters to the SysOp, usually, and can give you nice numbers for
them BBS's. Also nice stuff for blackmail, if you know what I mean (if you
don't, then you're a fool, get the fuck out of this file and get a life).
While you're downloading these files, I recommend after downloading the vital
essentials (I think of that as the userfile, as you can get the SysOp and all
the CoSysOp's passwords and try again lest anything bad occurs), download the
logs. While the other file transfers are going, edit the log to appear normal.
After you are about to exit, upload that log in the place of the existing one.
You're safe!!
Other stuff to look for is the warez. Since this stuff will all be free,
download away!! Also look for the SysOp's terminal program, and download the
phone directory, with the terminal program if you don't have it and think you
can get away with it. A word of warning: Put your priority downloads on top,
as the SysOp may walk in anytime and see what you are doing, and freak out.
Actually, it will probably look like the program crashed, and he or she will
get reset the computer, thinking that the goddamn thing crashed, check his
logs (maybe that'll be a good thing, as some programs only write to the logs
after the user logs off), find the batch file with the CTTY stuff, freak out,
and chances are, you will have a MUCH less chance of getting in again. So get
what you need first, then go for the extra goodies.
IN CONCLUSION
-------------
What information, you say? This is information? Well, from this information,
you can get numbers of people you can talk to, exchange ideas with, etc. You
can get numbers of boards to share your ideas (but if you are on WTNet, what
else do you need??), etc. BBS entry is only part of the information experience,
but it may be a necessary one.
Keep Clean!!
SEE ya when I See Ya!
PEACE!
Vortex
[HIT!]
-<2D>-<2D><><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-
This File Was An Exclusive File Of
The World Terrorism Network!
-<2D>--<2D>--<2D>--<2D>--<2D>--<2D>--<2D>--<2D>--<2D>--
Do Not Distribute This File!! Do Not Distribute This File!! Do Not Distribute!!
Since this file was made exclusively for the World Terrorism Network, we request
that this download be kept on the network, for security purposes.
If you do not comply with this request, we may stop distributing these files,
or restricting access to the World Terrorism Network.
1993, HIT International Terrorism. For Exclusive Distribution of the World
Terrorism Network
The World Terrorism Network World HUB: New York City, NY
Hired International Terrorists World HQ: New York City, NY
For More Info, Check Out WTN-APP.ZIP or WTN-APP.ARJ. Thank You.
Final Notes on BBS Hacking:
Check out new released from HIT on specific BBS types,
coming as soon as we make 'em... which is pretty fast!
We need more members for HIT!
Check out the App for more info