informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/hacking/force1.txt

576 lines
27 KiB
Plaintext
Raw Normal View History

Initial commit
2021-04-15 11:31:59 -07:00
F O R C E F I L E S Volume #1
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From The Depths Of - THE REALM -, By: ----====} THE FORCE {====---- 12/03/87
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
FOREWARD
--------
Welcome To the FORCE FILES From the Depths of The Realm. What is THE REALM you
may ask? Well, just one of the boards I have sysoped, this one was (OR IS,
WHO KNOWS) an International BBS with an interesting collection of people.
Anyway, I am about to retire for a while from the world of hacking and the
following is a basic summary of well over five years of work. (Well, perhaps I
won't retire, just evolve into the next stage hehehe). I hope this will make it
easier for the people to come and I hope they will add their acquired knowldge.
First of all I would like to thank:
THUNDERBIRD 1 THE WIZARD THE TRADER
And all those who from the begining battled the security of the first
analogue computers and passed on their knowldge.
The files are broken up into several volumes, covering the following:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
M E N U
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Force File #1 - PUBLIC DATA NETWORKS
- AUSTPAC 5052
- MIDAS 5053
- SOME TECHNICAL JUNK ON NETWORKS
- AUSTPAC TUTORIAL BY SYSTEM CRUNCHER
- NUA STRUCTURES
- INTERNATIONAL DNICS
Force File #2 - US AREA CODES
- TYMNET NUA SPRINTS
- TELENET NUA SPRINTS
Force File #3 - TELENET NUA SPRINTS CONTINUED
- DATAPAC NUA SPRINTS
Force File #4 - ITT/UDTS NUA SPRINTS
- DIALNET NUA SPRINT
- PSS NUA SPRINTS
- DATEX-P NUA SPRINTS
- TELEPAK NUA SPRINT
- TRANSPAK NUA SPRINT
- AUSTPAC NUAS
- LOCATING PTSN NUMBERS
- OBTAINING PASSWORDS / INFOLTRATING SYSTEMS
- DEFAULT PASSWORDS
- VAX SYSTEMS
Force File #5 - UNIX SYSTEMS
- PRIMENET, DIALCOM - PRIMOS
- PRIMOS DEFAULTS
- PRIMOS SUBDIRECTORIES
- PRIMOS NUA SPRINTER
- PRIMOS PHANTOM
- PRIMOS TROJANS
Force File #6 - DIALCOM PRIMOS COMMANDS
Force File #7 - DIALCOM PRIMOS COMMANDS CONTINUED
- PRIMENET PRIMOS COMMANDS
Force File #8 - PRIMENET PRIMOS COMMANDS CONTINUED
- SELECTED PRIMOS COMMANDS
- PRIMOS OPERATOR'S TRICKS
- LATEST HACKER'S WEAPON
- OUTDIAL SYSTEMS
- CANADIAN DATAPAC OUTDIALS
- SYSTEM IDENTIFICATION
- INFO ON NETWORKS
Force File #9 - INFO ON NETWORKS CONTINUED
- PHREAKING
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
P U B L I C D A T A N E T W O R K S
=========================================
Once upon a time, the old OZ phreakes used their tones on New Zealands lines,
to phreak around the world, but with the increasing prices of overseas
telecomunications the PUBLIC DATA NETWORKS or PACKET SWITCHING NETWORKS have
been one of the most usefulls tools at the hackers disposal. Australia has
two major networks. AUSTPAC operated by telecom and very slack, and not so
slack MIDAS, run by the OTC.
A U S T P A C 5052
======================
Communicationg via Austpac or Midas for that matter can be a very costly hobby,
unless one has NUI or Network User Identification, which lives on someone
elses bank accoount. (Think of it as helping the Australian Economy if you
have any guilt feelings). The Austpac NUI's a virtually impossible to
hack using any sprinting or scaning procedure. (If you don't believe me,
have a go at it, if you have fifty or so years to dedicate to it), but they
do happen to leak out from time to time. a Typical austpac NUI has the
following format:
BHPLIBJ9ADF3
where the first six digits are the user supplied id code, ie BHPLIB in this
case the NUI used to belong to the BHP LIBRARY. The last six digits are the
telecom supplied part for security. One important thing to note is that when
a NUI dies, only the last six digits are changed. Don't take my word for it
since I haven't been able to verify this personally, but it makes sense and
the rumours are there.
Once you get the familiar AUSTPAC responce when you call up the system,
you have a number of options.
1> - You connect to a system which will take collect calls, in which case,
you don't need a nui. The format is just
?<NUA> where NUA stands for Network User Address
ie ?222321000
The NUA's a usually 9 characters long, but they can have two trailing
digits to identify the specific system requested to the host.
ie ?222321000 will give one system
?22232100001 will give a different system at the same site
if appropriate.
2> - If you have a NUI, you can then connect to virtually thousands of
systems all over the world. You can connect directly to any network
which Austpac will support. If a network is not supported like in the
case of DIALNET, you must find an alternate route. For example to
excess DIALNET, you need to go via a DIALCOM system or any other
system which has a contract to carry data between the network and
itself. (I'll explain more about it later on) to connect to a
system in the USA for example the format would be
?N<NUI>-<NUA>
ie ?NBHPLIBJ9ADF3-0311041500101
The 'N' tells austpac that a NUI is to follow and to take the
necassary measures.
Austpac, like most other networks not only have a numerical address for each
host system, but has an equivalent alphabetical code, to simplify the task
of memorising the system addresses. For example: ?236620000
will do exactly the same job as: ?.memo
In both cases you will be connected to TELECOM's TELEMEMO a mail system
developed by the BELL LABORATORIES I believe, but quite useless when
compared to the more sophisticated ITT DIALCOM's network, of which MINERVA
is but one. (Refer to the DIALCOM NETWORK later on)
Host systems on AUSTPAC can be accessed not only via the AUSTPAC PAD,
(Packet Assembly, Dissasembly), but through otther networks internationally.
The international Code or DNIC for AUSTPAC is 5052 so to connect to TELEMEMO
from lets say BERMUDANET, one would type the NUA with the 5052 prefix
in front of it. Almost all networks also require a ZERO to be put infront
of the DNIC and NUA to indicate an international connection.
M I D A S 5053
----------------
Midas is fundementally very simmilar to AUSTPAC, but there are many very
significant differences. First of all the NUI's are only six digits long.
This still gives a very large number of possibilities, however sprinting
NUI's now becomes slightly closer to reality.
There isn't a great deal which is different about Midas, but it has the
advantage of connecting directly with another networks PAD. ie by
connecting to the DNIC on networks where it is possible you will be
connected to the actuall PORT or PAD of the foreign network. With Austpac
this is possible only with TYMNET 03106, and few smaller US networks like
COMPUSERVE etc.
MIDAS unike Austpac at least has the decency to give a prompt '*' and the
format for connections is simmilar. Example:
*N<NUI>-<NUA>
ie: *NH7SVCO-03106001572
SOME TECHNICAL JUNK ON NETWORKS
--------------------------------
I will not go into any great detail on how the packet switching networks
works, but it's worth noting that it's a very clumsy system to use all
because it's cost effitient. The Network PORT receives data from your
terminal at your speed be it 300, 1200, etc, or 9600 if you are fortunate
enough to have a dedicated connection. The Network receives the data and
compiles it into a small packet of data. It put's an address tag on it and
sends it off. It's bounced by few satellites etc and the system at the other
end does the rest. It reads the address tag and delivers it to one of it's
local systems at the speed at which it can be digested. As you can imagine,
this can get very slow and clumsy over long distances and the only reason
that it's done is they can neatly fit few thousand users on the one trunk,
whizing individual packets back and forth. About 50% of networks transmit
packets at 9600 baud the rest have operating speeds of over 15000 baud.
SYSTEM CRUNCHER has done a great job in his Austpac Tutorial, and me being
as lazy as I am, cant be bothered typing the info out again, so here
is an extract from the file dealing with Error codes and Profiles.
They can be used in reference to most other networks ie MIDAS since it is
a more or less universal standard.
AUSTPAC TUTORIAL BY: SYSTEM CRUNCHER
===============================================================================
AUSTPAC PAD PROFILES
A profile is a snapshot of all of the current values of PAD
parameters. A profile is set for each C-DTE. A standard
profile is is a given pre-defined set of PAD parameter
values which may correspond to a specific terminal or family
of terminals to an application or a family of
applications.There are 13 standard profiles.
PAR PROFILE NUMBER
REF 0 1 2 3 4 5 6 7 8 9 10 11 12
------------------------------------------------------------------------
1 1 0 0 1 1 1 1 1 1 1 1 0 1
2 1 0 0 0 0 0 1 1 1 0 1 0 0
3 126 0 0 2 2 126 126 2 2 126 2 0 126
4 0 20 10 80 40 200 0 0 0 3 0 3 0
5 1 0 1 0 0 1 1 1 1 0 1 0 1
6 1 0 0 1 1 1 1 1 1 1 1 0 1
7 2 2 21 21 21 21 21 8 21 1 21 21 2
8 0 0 0 0 0 0 0 0 0 0 0 0 0
9 0 0 0 0 4 7 0 4 7 0 4 0 0
10 0 0 0 0 0 0 0 0 72 0 0 0 0
11 Cannot be set: Not pre-defined in any profile
12 1 0 1 0 0 1 1 1 1 0 1 0 1
13 0 0 0 0 0 0 0 0 1 0 0 0 0
14 0 0 0 0 0 0 0 0 7 0 4 0 0
15 0 0 0 0 0 0 0 0 0 0 1 0 0
16 8 8 8 8 8 8 8 8 8 8 8 8 8
17 24 24 24 24 24 24 24 24 24 24 24 24 24
18 42 42 42 42 42 42 42 42 42 39 10 42 42
------------------------------------------------------------------------
PARAMETER VALUES IN EACH STANDARD PROFILE
PROFILE EXPLANATIONS
0 : Simple profile defined in CCITT Rec X.28; echo by PAD; NO
padding after <CR> or <LF>; NO idle timer delay. PSTN
customers operating at up to 300 BPS or 1200 BPS are
usually assigned this profile.
1 : Transparent profile defined in CCITT Rec X.28; suitible
for low speed computer port (LSCP)
2 : Profile suitible for LSCP.Note that this is the only LSCP
profile which incorporates flow control by the PAD.
(Parameter 5 = 1)
3 : Profile recommended for C-DTE communicating with another
C-DTE or with an LSCP. There is an idle timer delay to
allow data to be sent from an auxiliary device. This
profile is also suitible for certain terminals which
transmit in blocks.
4 : Same as profile 3 except for a shorter idle timer delay
and four padding characters after <CR>.
5 : Classic keyboard-printer terminal used for local printing.
6 : Same as simple profile (0) except for the procedures on
BREAK.
7 : The only data forwarding conditions here are <CR> and
BREAK;therefore with this profile complete packet
sequences can represent logical entities manipulated by
the application.
8 : Profile with only <CR> as data forwarding character, 7
padding characters after <CR> to C-DTE, and line folding
by the PAD after 72 character line.
9 : Profile which is used for access by videotex terminals
(1200/75 BPS)
Note : Profile 9 has been changed from that previously
published and is now only accessible to 1200/75
BPS users.
10: Profile which utilizes "Editing during data transfer"
(Parameter 15 = 1) and employs <LF> as a line display
character (Parameter 18 = 10)
11: This profile could be used instead of profile 2 for an
LSCP without flow control by the PAD when a shorter
transmission delay is required.
12: Same as profile 0 except for parameter 2, for terminals
not needing echo by the PAD.
Format to set PAD :
SET <PAD#>:<VALUE><CR>
PAD COMMANDS AND INDICATIONS
==============================================================
| PAD COMMAND | FUNCTION | INDICATION SENT |
| FORMAT | | IN REPLY |
==============================================================
STAT To request info | FREE or ENGADGED
about a virtual |
call with the |
C-DTE |
--------------------------------------------------------------
CLR Clear a virtual | CLR CONF or CLR ERR
Call | (In the case of local
| procedure error)
--------------------------------------------------------------
PAR? To read parameter | PAR <List of parameter
values of specified| references with their
eg: PAR? 1,5,8 | current values or INV>
| Eg: PAR1:001,5 5:001,
| 8:000
--------------------------------------------------------------
SET? To set and read | PAR <List of parameter
specific parameters| references with their
Eg: SET?3:0, 5:1 | current (new) values
| or INV>
| Eg: PAR3:0, 5:1
--------------------------------------------------------------
OTHER PAD COMMANDS
PAD COMMAND EXAMPLE FUNCTION
==============================================================
PROFnn PROF10 | To assign all the PAD
| parameters the values
| in specified profile
--------------------------------------------------------------
RESET RESET | To reset the virtual
INT INT | call. To transmit an
| interrupt packet to
| the correspndent.
--------------------------------------------------------------
SET<n:n> SET 2:0 | To set or change
| parameter values
| parameters desired
--------------------------------------------------------------
?<AUSTPAC number> ?238221000 | Call request-Set up a
| call
--------------------------------------------------------------
PAD INDICATIONS ASSOCIATED WITH INCOMING EVENTS
==============================================================
INDICATION FORMAT | EXPLANATION
==============================================================
RESET cause | Reset of call/circuit
--------------------------------------------------------------
COM | Call connected
--------------------------------------------------------------
COM | There is an incoming call
| Applies to receiving C-DTE
--------------------------------------------------------------
CLR cause | Call/circuit cleared
--------------------------------------------------------------
AUSTPAC | Identifier
--------------------------------------------------------------
ERROR | Error in PAD command
--------------------------------------------------------------
AUSTPAC MESSAGES - BRIEF
CODE | CAUSE
==============================================================
CLR OCC | NUMBER BUSY
CLR INV | INVALID REQUEST FACILITY
CLR RNA | REVERSE CHARGING ACCEPTANCE NOT SUBSCRIBED
CLR NC | NO CIRCUITS
CLR DER | OUT OF ORDER
CLR NA | ACCESS BARRED
CLR NP | NO PORT
CLR RPE | REMOTE PROCEDURE ERROR
CLR ERR | LOCAL PROCEDURE ERROR
CLR DTE | DTE ORIGINATED
CLR ID | INCOMPATIBLE DESTINATION
CLR CONF | CLEAR CONFIRMATION
CLR PAD | PAD ORIGINATED CLEARED
RESET PAD | PAD ORIGINATED RESET
RESET NC | NO CIRCUITS
RESET 01 | OUT OF ORDER
RESET RPE | REMOTE PROCEDURE ERROR
RESET ERR | LOCAL PROCEDURE ERROR
==============================================================
AUSTPAC MESSAGES - EXPLANATION
CLR OCC : The called party is engadged in other calls and
unable to accept the incoming call
CLR INV : Invalid facility requested by calling DTE. Eg:
Invalid NUI.
CLR RNA : The called party does not accept reverse charging.
CLR NC : A temporary network fault of network congestion
RESET NC : As above
CLR DER : Called party is out of order (System down etc.)
RESET DER: As above
CLR NA : The calling DTE os not permitted to obtain the
connection to the called DTE (Eg: CUG)
CLR NP : The address specified is outside the numbering
plan or is unassigned.
CLR RPE : A procedure error has been detected at the remote
DTE network interface
RESET RPE: As above
CLR ERR : A procedure error caused by the local DTE is
detected by the PAD (Eg: Incorrect format)
RESET ERR: Same as with CLR ERR
CLR DTE : Remote DTE has cleared or reset the call
RESET DTE: As above
CLR ID : The call is not compatible with the remote
destination.
CLR CONF : Response of PAD to valid clearing by the C-DTE
CLR PAD : The PAD has cleared the call at the invitation of
the correspondent.
RESET PAD: The PAD has reset the call (Eg: Loss of input
characters)
--------------------------------------------------------------
Note: These codes will be followed by a 3 digit code. These are
diagnostic codes which are used by Telecom maintenance staff.
MISC. AUSTPAC NOTES
PAD recall character : Ctrl 'P'
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
N U A S T R U C T U R E S
-----------------------------
There are 2 basic NUA formats. There is the logical structure and the
stupid one. There are few exceptions like AUSTPAC NUA's which are just
plain crazy.
The best example to demonstrate would be two NUA's one on TYMNET, other on
TELENET both of which access the same system:
TELENET 0311030100341
if you can brake up the NUA into it's components this is what you obtain:
0 3110 301 00 341
Specifies DNIC Address Area Code nothing Host
International for TELENET much Address
Connection
It's important to note that from the TELENET PAD, the NUA would become
C 301 341, so since you are likely to come accross a US made NUA listing
of Telenet, to convert the NUA's into a more conventional form, just add
the 03110 prefix and enough zeroes in between the area code and Address
to give a total of 8 digits. (trailing digits not included)
TYMNET 0310600157241
Again brake up the NUA into its components.
0 3106 00 1572 41
Specifies DNIC Address Area, no Host Trailing
International for TYMNET particular Address Digits
Connection pattern to be used
by local
host.
The major ares on TYMNET are 00, 07 and 90. There are a lot of others but
they don't have significantly large numbers of NUA's and most of them need
two trailing digits which are often somewhere between 01-99. There could
be some sort of logical format to TYMNET, but as yet, I haven't discovered it.
Thus basically the two formats emerge.
0311030100341xx and
03106001572xx where xx are the trailing digits to provide host with more
specific info if required.
The NUA's can be up to 15 digits in most cases and the corresponding phone area
code is used in the NUA, with exception of TYMNET, ITAPAC and few others.
America likes to be different from the rest of the world, as demonstrated by
BELL Standards, so they naturally insist on having a slighly different format
to their NUA's. Us PADS do no not have the zero prefix, so just remember to
leave it out. (Now don't ask me why, just do it.)
There are few other exceptions to the universal NUA formats and australia
has one of them. AUSTPAC NUA's are reasonably unique in that the have a
general format of their own. They may look like random assortments of numbers
at first, but there is a definate pattern.(Thank God for that)
Most NUA on AUSTPAC are in the follwing series ie:
224122000, 224123000, 224220000, 224221000 etc
Basically the last digits reain more or less in their low values. ie most
NUA's will be in the series 224122000 - 224122020 for example, with very few
having the end value greater than twenty. Again, there may be two trailing
digits.
The final exception I have found is in the case of DIALNET which is a very
small network not even worth bothering about, unless you want to access
DIALCOM SYSTEMS in countries with no Public Data network of their own.
Their NUA's are of the form 9000xx and are accessibly through primecon
systems only. (perhaps there are other routes but as yet I haven't found them)
INTERNATIONAL DNICS
-------------------
The following is a table of all the current networks I have been able to
track down, some of the blanks are yet to be filled in.
Unfortunatelly not all are serviced by either MIDAS or AUSTPAC, so you may
need to route your connections very carefully if you want to play with a
system in SAUDI ARABIA and in other exotic places.
COUNTRY NETWORK DNIC COUNTRY NETWORK DNIC
----------------------------------------------------------------------------
ARGENTINA INTERDATA 7220 AUSTRALIA MIDAS 5053
AUSTRALIA AUSTPAC 5052 AUSTRIA RADIO AUSTRIA 2329
AUSTRIA DATEX-P 2322 BAHAMAS IDAS 3406
BAHRAIN BAHNET 4263 BARBADOS IDAS 3423
BELGIUM DCS 2062 BELGIUM - 2068
BELGIUM - 2069 BERMUDA BERMUDANET 3503
BRAZIL INTERDATA 7240 CANADA GLOBEDAT 3025
CANADA INFOSWITCH 3029 CANADA DATAPAC 3020
CAYMAN ISLANDS - 3463 CHILE INTERDATA 7300
COLUMBIA DAPAQ-INTER. 3107 COTE D IVOIRE SYTRANPAC 6122
DENMARK DATAPAK 2382 EGYPT ARENTO -
FINLAND FINPAK 2442 FRANCE TRANSPAC 2080
FRANCE NTI 2081 FRENCH ANTILLES DOMPAC 3400
FRENCH GUIANA DOMPAC 7420 FRENCH POLYNESIA TOMPAC 5470
GABON GABONPAC 6282 GERMANY(FED REP) DATEX-P 2624
GERMANY(FED REP) DATEX-P INT 2624 GREECE HELPAC 2022
GUATEMALA GUATEL - HONDURAS - -
HONG KONG DATAPAK 4545 HONG KONG IDAS 4542
ICELAND ICEPAC 2740 INDONESIA SKDP 5101
IRISH REP EIRPAC 2724 ISRAEL ISRANET 4251
ITALY ITALCABLE 2227 ITALY ITAPAC 2222
JAPAN VENUS-P 4408 JAPAN DDX-P 4401
LUXEMBOURG LUXPAC 2704 LUXENBOUTG LUXPAC-PSTN 2709
MALAYSIA MAYPAC 5021 MEXICO TELEPAC 3340
NETHERLANDS DATANET 1 2041 NETHERLANDS DABAS 2044
NETHERLANDS DATANET 1 2049 NEW ZEALAND PACNET 5301
NORWAY DATAPAK 2422 OMAN - -
PANAMA INTELPAQ - PHILIPPINES GMCR 5150
PHILIPPINES PHILCOM - PORTUGAL TELEPAC 2680
PORTUGAL SABD 2682 PUERTO RICO UDTC 3301
REUNION DOMPAC 6470 SINGAPORE TELEPAC 5252
SOUTH AFRICA SAPONET 6550 SOUTH KOREA DACOM-NET 4501
SPAIN TIDA 2141 SPAIN IBERPAC 2145
SWEDEN DATAPAK 2402 SWEDEN TELEPAK 2405
SWITZERLAND TELEPAC 2284 SWITZERLAND RADIO SUISSE 2289
TAIWAN UDAS 4877 TAIWAN PACNET 4872
THAILAND IDARC 5200 TRINIDAD DATANET-1 3740
TRINIDAD TEXDAT 3745 UN.ARAB EMIRTS. TEDAS -
UK PSS 2342 UK IPSS 2341
USA ACCUNET 3134 USA ALASKANET 3135
USA AUTONET 3126 USA COMPUSERVE 3132
USA DATA TRNSPORT 3102 USA FTCC 3124
USA MARKNET 3136 USA MCII-IMPACS 3104
USA RCA-LSDS 3113 USA ITT-UDTS 3103
USA TELENET 3110/3125 USA TRT-DATAPAK 3119
USA TYMNET 3106 USA WUTCO 3101
END
END