253 lines
10 KiB
Plaintext
253 lines
10 KiB
Plaintext
r61
|
|
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%% HARRY HACKALOT PRESENTS>>>>>>>>>>>>>>>>>>>>> %%
|
|
%% "Defense Data Network Blues" %%
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
Another Famous G-file by HARRY HACKALOT!!!!!!!!!!!!!!!!!!!
|
|
|
|
- - - - - - - - - - - - - - - A T T E N T I O N - - - - - - - - - - - - - - -
|
|
The following phile consists entirely of UNCUT,UNEDITED,TRUE downloads from
|
|
the National Defense Data Network. Names have been changed to protect the
|
|
innocent. I, Harry Hackalot, take FULL responsibility for contents of this file
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
|
|
Well, as we log on the the National DDN (Defense Data Network) we pause to
|
|
notice some messages posted by our hero, "guy", in regard to the trial of a
|
|
couple of UCLA hackers who broke into the network a year ago........
|
|
|
|
(NOTE: Something went wrong with my terminal program's buffer,so I only got the
|
|
last couple of lines of the first message. It is a list of all the sites
|
|
penetrated by the hackers. Crystal is the one the Wargames kid got into)
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
|
|
|
ps The list of sites penetrated includes:
|
|
|
|
nosc-cc purdue rand-relay nrl-css/aic bbn-unix
|
|
mitre-bedford cornell nta-vax uwisc/crystal csnet-sh
|
|
ucb-vax/ingres/calder/medea/cad isi-vaxa/elvira/xorn
|
|
sri-unix ucla-ats/locus/cs/vax su-shasta/diablo/navajo
|
|
|
|
pps As of 8/31/83, we have been logging all activity originating at UCLA, and
|
|
going out thru FTP and TELNET. (ie, we 'bugged' ftp and telnet to record
|
|
all bits going/coming) We therefore have a pretty good record of what the
|
|
bandits were doing. (Yesterday I turned over 4000 (yes thousand) pages of
|
|
ftp/telnet logs to the DA) We have also been doing CSH commmand history
|
|
logging. If you would like more gory details about activity relating to
|
|
you site, please give me a call.
|
|
|
|
-----------------------------------------------------
|
|
Date: 31 Oct 1983 11:02:45 PST
|
|
From: guy - UCLA-LOCUS
|
|
Subject: Re: HACKER ROUNDUP - WITNESSES NEEDED
|
|
In-reply-to: Your message of 31 October 1983 10:29 EST.
|
|
Text:
|
|
I just got off the phone with ..........., the deputy DA prosecuting
|
|
the case. He says that since we have talked with all the folks we expect
|
|
to be using, there's no problem in telling all the site administrators what's
|
|
been going on. If any new evidence/sites turn up, we're interested, but it is
|
|
doubtful that it would be used in this particular case.
|
|
|
|
Note especially that we're only filing charges against one of the two guys,
|
|
and if more info turns up on the second, that would be VERY useful. The two
|
|
key first names are 'ron' and 'kev', short for Ronald and Kevin. These guys
|
|
have a habit of changing their UNIX 'full name' to at least be their first
|
|
name, if not their last name as well. (they have been known to use a
|
|
fictitious surname on-line.) We're filing against Ronald, initially.
|
|
|
|
They were active at UCLA from August 1 through Sep 22, when they were served
|
|
search warrants, and their toys confiscated. One had a Commodore, the other
|
|
a TRS color computer. Both had cassettes, neither had floppys or printers.
|
|
Both had 300-baud modems. Both had UNIX manuals--one had a two volume set
|
|
from Bell system III; the other had the Yates book. One had also purchased
|
|
UCLA CSDept documents on using UNIX.
|
|
|
|
We know that a third person was involved, and that accesses to UCLA continued
|
|
briefly even after the equipment was confiscated. Other sites have also
|
|
noticed that some activity is still occurring.
|
|
|
|
richard
|
|
|
|
ps
|
|
|
|
I suspect that this note, with excerpts from the others, are what you want
|
|
to publish to the liasons/administrators. Also note, that due to the wonder
|
|
of transparent gateways, ANY host accessible directly by ftp/telnet is a
|
|
potential victim. Not to mention anyone with a dial-in. Our bandits used
|
|
(fraudently) both MCI-type long-distance dialing codes, as well as dial-out
|
|
facilities from various penetrated systems.
|
|
|
|
-------------END OF FORWARDED MESSAGE(S)-------------
|
|
|
|
|
|
|
|
-------------------------------------------------------------------------------
|
|
|
|
WOW! The kids broke in with a TRS-80 Color Computer and a Commodore!
|
|
Anyway, those super-intelligent TAC guys left a tutorial on how to log on to
|
|
the system..... This should help any hackers interested in hacking out their
|
|
own P/W's & logon accounts........... Here it is........
|
|
|
|
-------------------------------------------------------------------------------
|
|
|
|
TACACS, the access control system for MILNET TAC's, requires you to
|
|
login before a connection to a host may be completed. The login process
|
|
is automatically started with the first -open (-o) command you issue.
|
|
There is also a new -logout (-l) command to logout. Otherwise, the
|
|
functioning of the TAC is essentially unaffected by the access control
|
|
system.
|
|
|
|
Here is a sample of the login dialog (the user input is underlined):
|
|
|
|
(a) PVC-TAC 111 #: 01 This is the last line of the TAC
|
|
herald, which the TAC uses to
|
|
identify itself. When you see the
|
|
herald, the TAC is ready for your
|
|
command.
|
|
|
|
(b) -o 26.2.0.8<RETURN> The user inputs the command to
|
|
------------------- open a connection plus the
|
|
internet address of the host to
|
|
which he wishes to connect,
|
|
followed by a Carriage Return.
|
|
|
|
(c) TAC Userid: SAMPLE.LOGIN<RETURN> Here the TAC prompts the user for
|
|
-------------------- his Userid. The user enters his
|
|
ID exactly as shown as shown on
|
|
his TAC Access Card, followed by
|
|
a Carriage Return.
|
|
|
|
(d) Access Code: 22bgx4467<RETURN> Again the TAC prompts the user,
|
|
----------------- who responds by entering his
|
|
Access Code as shown on his TAC
|
|
Access Card, followed by a
|
|
Carriage Return.
|
|
|
|
(e) Login OK The TAC validates the ID/Access
|
|
TCP trying...Open code and proceeds to open the
|
|
requested connection.
|
|
|
|
HELPFUL INFORMATION:
|
|
|
|
When entering your TAC Userid and Access Code:
|
|
|
|
- A carriage return terminates each input line and causes the next
|
|
prompt to appear.
|
|
|
|
- As you type in your TAC Userid and Access Code, it does not matter
|
|
whether you enter an alphabetic character in upper or lower case.
|
|
All lower case alphabetic characters echo as upper case for the
|
|
Userid.
|
|
|
|
- The Access Code is not echoed in full-duplex mode. An effort is
|
|
made to obscure the Access Code printed on hardcopy terminals in
|
|
half-duplex mode.
|
|
|
|
- You may edit what you type in by using the backspace (Control-H)
|
|
key to delete a single character.
|
|
|
|
- You may delete the entire line and restart by typing Control-U.
|
|
A new prompt will appear.
|
|
|
|
- While entering either the TAC Userid or Access Code, you may type
|
|
Control-C to abort the login process and return to the TAC command
|
|
mode. You must interrupt or complete the login process in order to
|
|
issue any TAC command.
|
|
|
|
|
|
IF YOU HAVE A PROBLEM WITH TAC LOGIN:
|
|
|
|
Should the login sequence fail (as indicated by the response "Bad
|
|
login"), examine your Access Card carefully to ensure that you are
|
|
entering the ID and Access Code correctly. Note that Access Codes never
|
|
contain a zero, a one, a "Q" or a "Z", since each of these characters
|
|
may be mistaken for another character. If you see what appears to be
|
|
one of these characters in your access code, it is really the letter "O"
|
|
(oh), or "G" (gee), the letter "L" (el), or the number "2" (two).
|
|
|
|
If you have followed all of the above steps as indicated, and if you
|
|
are sure you are entering your ID and Access Code correctly, and you
|
|
still cannot login, call the Network Information Center at (415)
|
|
859-3695 or (800) 235-3155 for help.
|
|
|
|
AFTER LOGGING IN:
|
|
|
|
Your TAC port will remain logged in as long as you have an open
|
|
connection. If you close the connection, you will have ten minutes in
|
|
which to reopen a connection without having to login again. If you do
|
|
not reopen a connection within ten minutes, the TAC will attempt to hang
|
|
up your port, and will automatically log you out.
|
|
|
|
WHEN YOU ARE FINISHED:
|
|
|
|
Always logout using the "-l" command. Typing "-r" has no effect on your
|
|
logged in status.
|
|
|
|
--------
|
|
|
|
If you now wish to login to the TAC, leave the TACNEWS program by
|
|
typing "quit" at the next prompt. This will return you to the TAC, and
|
|
you may then begin the login sequence with the "-o" command to the TAC.
|
|
|
|
15 Feb 1984|
|
|
|
|
---------------------------- End of Issue ----------------------------
|
|
|
|
Well, that's about it for this issue.... Maybe another file will be coming soon
|
|
, but who knows? Anyway, I'll show you how I (tried to) log off this very
|
|
advanced UNIX system. (Hah!)
|
|
|
|
TACnews> QUIT
|
|
Killed Job 27, User TACNEWS, Account QUERY, TTY 110, at 14-Sep-84 14:42:03
|
|
Used 0:00:02 in 0:06:51
|
|
Closed
|
|
Host closing connection
|
|
-LOGOFF
|
|
Can't
|
|
-BYE
|
|
Bad
|
|
LOGOFF
|
|
-OFF Bad
|
|
-goodbye
|
|
Bad
|
|
-BYE
|
|
Bad
|
|
|
|
|
|
(I now take my phone off the hook and push the 1 button 10 times)
|
|
|
|
NO CARRIER
|
|
|
|
|
|
copyright 1984
|
|
Hackalot Publications
|
|
New York,New York headquarters.
|
|
Divisions in : Chicago
|
|
Boston
|
|
L.A.
|
|
Denver
|
|
Dallas
|
|
and of course, San Francisco.
|
|
|
|
///////////////////
|
|
// T //
|
|
// H //
|
|
// E //
|
|
// //
|
|
// E //
|
|
// N //
|
|
// D //
|
|
///////////////////
|
|
done
|
|
done
|
|
|
|
|
|
|
|
|
|
8: Text Philez A-O
|
|
[UD:Punter][11 Min.][40]: |