informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/hacking/dpacintr.rot

680 lines
37 KiB
Plaintext
Raw Permalink Blame History

Reign of Terror
[ R o T ]
Presents
* ----------------------- *
***** INTRODUCTION TO DATAPAC *****
* ----------------------- *
(and PSN's in general)
Written by: Deicide
A BEGINNER'S GUIDE TO CANADA'S LARGEST PACKET-SWITCHING NETWORK
Accessible from local dial-ins in most Canadians cities as well
as through every other packet-switching network world wide.
---------------------------------
TABLE OF CONTENTS
---------------------------------
I. INTRODUCTION
- intro to Datpac/Advantages of PSN's
- how it works
- services/systems offered
II. ACCESSING DATAPAC
- From Canada: Datapac
- From U.S. : BT Tymnet/Sprintnet
- From Intl. : Your local packet-switcher
III. WHAT CAN I DO?
- Datapac Information Service
- Legitimate use: Business use & Online service
- Illegitimate use: Intro to NUA's
IV. ILLEGITIMATE USE: YOUR COMPLETE GUIDE TO NUA'S
- Theory of NUA's
- Intro to Datapac's NUA's & NUA prefixes
- NUA Scanning : Procedure
- NUA Scanning : What to scan
- Error messages
- So you found a system...
V. EXTRA
- Special commands
VI. CONCLUSION
- Wrap up
- BBS' to reach me on for extra help & NUA's
-----------------------------
I. INTRODUCTION
What is Datapac/Advantages of PSN's
Well, Datapac, or DPAC as it is sometimes called, is a packet-switching
network that allows you to connect to thousands of computer systems across the
globe, free of charge! It allows the user access to any type of system you can
imagine, from huge supercomputers & mainframes to tiny IBM 386's. You will
find every type of company on packet-switching networks, from huge
conglomerates like IBM and Xerox, to small non-pay BBSes, as well as
government installations, etc.
Datapac also has poor security, as it is extremely hard to track every call,
considering there are thousands of connects every day across the network,
and the authorities STILL haven't caught on to the amount of people abusing it
, which means you can hack/phreak continually without much fear of prosecution
from Telco. authorities, unless the people who run the systems themselves
which you are abusing complain.
It is also quite easy to make traces very difficult, as the amount of private
PAD's(Packet Assembler/Disassembler) and outdials available on Datapac ensure
at least a few bounces before arriving at your destination (you can
communicate simultaneously with up to 255 different locations over one
physical link! talk about a difficult trace(tho slow hacking)!).
Also, if you need help with a network problem or a certain computer system
you are trying to access, it is usually readily available, as most people
have a local dial-in to a packet-switching network[also known as PSN, or PSDN
(packet-switching data network, same thing)] that will allow access free of
charge to the system you are working on, quite a bit simpler than a data #
local to you only.
And for all those reasons it is a fairly good place for the beginning h/p
person to start out, especially in these troublesome days for us hackers(DIE
FED DIE!!)(Damn k-rad c0DeZ kidz ruin it for us all).
Sound like a dream?? Nope, it's a reality to many the hacker, so let's abuse
it as much as we can before our Telco. authorities shut down our last refuge.
Have phun!
How it works
First of all, the user connects to a remote dial-in port for their local
packet-switcher, usually Datapac 3000 in Canada, and either Sprintnet(also
known as Telenet, its previous name) or BT Tymnet in the U.S.. The dial-in is
also known as a DTE(Data Terminal), or your X.25 PAD.
X.25 is the protocol for transmitting data within the Datapac network, and
Packet Assembly/Disassembly is how you get the data ready for transfer. When
connected to a PAD the data you send is assembled by the PAD into "packets"
which are then sent over the net at speeds ranging from 1200-56,000 bps, then
received by the PAD of the system you are connecting to, and disassembled back
into data the system can understand. The system then in turn sends back its
response to your data in another packet, which your PAD disassembles and gives
to you. Packets are generally either 128 or 256 bytes in size.
The motive behind all this packet-switching is that it enables two computer
systems with different protocols and baud rates to communicate, using one
common standard, the X.25 protocal.
When connecting internationally, Datapac uses the X.75 & X.121 protocols,
with the same general principles behind the transfer of data.
Services offered
If you are REALLY new to H/P, and don't really know what you can do with the
systems you access thru Datapac then here is a brief list:
- Access to Online Services such as Compuserve and Prodigy with improved
transmission quality, and a bit cheaper than direct dialing. Also a lot harder
to trace if you are abusing an account.
- Business administration tasks such as:
-- sending/receiving files
-- E-mail
-- database access
- Sales tasks such as:
-- credit verification
-- merchandise sales
-- accounting
- Order tracking & processing
- Viewing and altering inventory lists
- Shipping control
- Dispatch
- Information retrieval
- Electronic Funds Transfer
For us system abusers the illegitimate possibilities are endless! For the
less bright of you, you can use these services to get files (some which could
be VERY important, as in military secrets, etc..), reading other peoples
private mail(funny to read the security people's mail to each other as they
desperatly try and catch "hacker"), credit record retrieval (extremely
valuable to some people, especially with credit trouble, fun to mail to them),
and for the bored of you, you can send someone you hate 10 toilets. Then of
course we have Electronic Funds Transfer, which is taking money from somewhere
and putting it somewhere else...(any ideas people???). Draining bank accounts
can also be useful if REAL revenge is needed(remember Newsweek's Richard
Stanza?! hehe..)
II. ACCESSING DATAPAC
From Canada : Datapac
To connect to the Datapac network from Canada you will need to dial into your
local Datapac node, which is accessible in most cities via your local Datapac
dial-in number. You want Datapac 3000 numbers, not 3101 numbers, as 3000 is
what we will always be using. If it doesn't specify which, assume it is
Datapac 3000.
There are quite a few ways to find your local Datapac dial-in. It will
usually be in your telephone book under "DATAPAC PUBLIC DIAL PORT 3000". If
not, you could try directory assistance for the same name. Alternatively,
there are a couple phone #'s for finding your dial port(these are also
customer assistance):
1-800-267-6574 (Within Canada)
1-613-781-6798
Also, these numbers function only from 8:30 to 5:00 EST(Eastern Standard
Time).Also, the Datapac Information Service at NUA 92100086 has a complete
list of all public dial-ins. More on DIS later.
I think you can use both communication parameter settings work, but 8/N/1
(8 data bits, No parity, 1 stop bit) is used most frequently, so set it
initially at that. Some NUA's on Datapac use 7/E/1, change to it if needed
after you are connected to a Datapac dial-in.
Ok,if you have your Datapac 3000 Public Indial number, you've set your
communication parameters at 8/N/1, then you are now set to go. Dial your
indial just like a BBS(duh..) and once connnected:
You will have a blank screen
Type 3 periods and press RETURN (this is to tell Dpac to initialize itself)
The Datapac herald will flash up stating:
DATAPAC : XXXX XXXX (your in-dial's NUA)
You are now ready to enter commands to Datapac.
Example:
(YOU ENTER) atdt 16046627732
(YOU ENTER) ...
(DATAPAC RESPONDS) DATAPAC : 6710 1071
Now you are all set to enter the NUA for your destination.
More on how to find NUA's later on in this article.
From USA: BT Tymnet/Sprintnet
When accessing Datapac from the United States, it is not necessary nor
cost efficient to call a Datapac in-dial direct (unless you wish to connect
directly to Datapac and are phreaking, but then why waste a good PBX/Outdial
on something when you can access it free locally?), rather you could call one
of the many other packet-switching networks accessible from the United States.
From other packet-switching networks within the U.S. or Canada you can connect
to Datapac addresses without a NUI or extra charge. The most popular of PSDN's
are Sprintnet & BT Tymnet.
To find a public indial port for Sprintnet you may possibly be able to find
it in your telefone book(look under Sprintnet) or by Directory Assistance.
If not, try Sprintnet Customer Service at 1-800-336-0437. This also will
probably only function between 8:30 and 5:00 EST, maybe a bit different.
Also, for a data number for in-dial look ups try 1-800-424-9494 at
communication parameters 7/E/1(or 8/N/1 also i believe). Type <ENTER> twice
or @D for 2400bps and press enter so Sprintnet can match your communications
parameters. It will display a short herald then a TERMINAL= prompt.
At the TERMINAL= prompt type VT100 for VT100 terminal emulation, if you are
using a personal computer i think D1 works, or just <ENTER> for dumb terminal.
Then type "c mail", at the username prompt type "phones", and for password
type "phones" again. It is menu driven from there on.
Now that you have your Sprintnet public dial port number, call it up like you
would a BBS, then when it connnects type the two <ENTERS> for 300/1200bps or
the @D for 2400bps, then it will display its herald, something like:
SPRINTNET(or in some cases TELENET)
123 11A (where 123 is your area code & Sprintnet's address prefix
and 11A is the port you are using)
TERMINAL=(type what you did previously eg:VT100,D1,<ENTER>)
then when Sprintnet displays the @ prompt you know you are connected to
a Sprintnet PAD and you are ready to go. Read on for more information as to
where you can go(NUA's).
For finding Tymnet dial-ins the procedure is much the same, look in the phone
book under Tymnet or BT Tymnet, or phone directory assistance and ask for BT
Tymnet Public Dial Port numbers, or you can call Tymnet customer Service at
1-800-336-0149. Generally try between 8:30 and 5:00 EST. I don't have the
Tymnet data number for finding in-dials, but once you are on Tymnet type
INFORMATION for a complete list of in-dials as well as other things.
Once you have your in-dial number set your communication parameters at either
8/N/1 or 7/E/1 then dial the number just like you would a BBS. At connect you
will see a string of garbage characters or nothing at all. Press <ENTER> so
Tymnet can match your communication parameters. You will then see the Tymnet
herald which will look something like this:
-2373-001-
please type your terminal identifier
If it wants a terminal identifier press A(if you want, you can press A instead
of <ENTER> at connect so it can match your communication parameters and get
your terminal identifer all at once).
After this initial part you will see the prompt:
please log in:
You are now ready to enter the NUA of the system you wish to connect to.
If you have the choice between either Tymnet or Sprintnet i would strongly
recommend going with Sprintnet. Tymnet offers more services, but not too much
more, and Tymnet has one MAJOR disadvantage, in that it only allows three
mistakes at NUA's, then it disconnects. This flaw severly hampers NUA scanning
extremely, in other words GO WITH SPRINTNET.
III. WHAT CAN I DO????
Datapac Information Service(DIS)
The first thing you may want to do upon your first connection to Datapac or
alternatively Tymnet/Sprintnet is to visit the Datapac Information Service.
DIS has a full list of public dial-ins, as well as a pretty good overview &
documentation. You can reach it at NUA 92100086.
So from Datapac type: 92100086
from Sprintnet : c 302092100086
from Tymnet : 302092100086
(you may or may not need to use a "1" in front of the NUA from
tymnet or sprintnet)
Legitimate Use
Datapac can be used to connect to many online services & to perform various
business functions, as described in the introduction, by authorized people.
Unfortunely, people don't authorize us, so we find our own way in.
Illegitimate Use
Datapac & its systems can be abused in all the ways i described in the
introduction, as well as for phreaking with outdials and so on."But how do I
access these services and such?" you may ask. You enter the systems 8 digit
Network User Adress(NUA also know as a DNA or Data Network Address)(9 or 10
digits if using LCN logical channel subaddressing)(up to 12 if on another
packet-switcher: you must enter Dpac's DNIC as well) that is kind of like a
computer's dial-up data phone number. "But i doubt that the system operators
would be so kind as to hand over the NUA if i am not authorized to use the
system!?!" Quite true, which is where the first stage of hacking comes in:
NUA scanning, our next topic.
IV. ILLEGITIMATE USE: YOUR COMPLETE GUIDE TO NUA'S
Theory of NUA's
NUA stands for Network User Address,also known as DNA's(Data Network Address)
which is a packet-switching network's equivilant to a in-dial data number for
computer systems. But instead of phoning the system directly with the data
number, you first logon to your packet-switching system, then enter the NUA
for the system you wish to connect to. NUA is the format used on every
packet-switching network i know of, and definetly all the major ones.
But a major difference between phoning a Montreal indial from Vancouver
direct and calling a Montreal NUA from Datapac exists; it is that you don't
have to pay for the call! Every call across Datapac, or any other packet-
switcher for that matter, is automatically COLLECT(no operator involved as
well unless specified otherwise by yourself upon enabling a NUI, more on that
later. And systems are usually set up to automatically receive all collect
calls, unless made "reverse charging systems" which force you to use a NUI or
private pad. So you will never receive a long-distance bill for calling
systems across Datapac, the operators of those systems assume those bills.
Intro to NUA formats & prefixes
Like a phone number, NUA's have many different parts to them, each with a
special meaning. And, also like a phone number, the NUA format varies
depending on where you are calling from, although certain segments are always
used. Take for example the phone number:
1-666-555-1234
It has four parts to it, the long distance number (1), the area code(666),
the local prefix(555), and the number(1234).
Say this number is in Igloo, Yukon.
If you are from outside the province
(eg: BC, Montreal, California, etc..) you must dial the full number.
If you are inside the province but long-distance to the city itself, you must
use the long distance number, plus the local prefix and the number, while
excluding the area code.
If you are inside the city & province, or within free calling of that number
than you only need dial the local pref. and the number.
It is something like that with a NUA, but the long-dist. prefix usually does
not apply, although i have to use it to connect to other packet-switchers
outside Datapac, and it is possible that if you are calling from a different
packet-switcher you will too, try without it first, if it doesn't work, use
it.
NUA's can be between 4 and 14 digits, with NUA's within Datapac being 8
digits normally, 9-10 digits with subaddressing(more on that later).
The NUA has up to five parts:
-The pre-DNIC digit(usually not counted as part of the NUA, just a prefix)
-The DNIC
-The address prefix
-The address
-The LCN digits
The pre-DNIC digit is like a long distance number prefix, its use is varied:
The pre-DNIC digit for Datapac is 1 when calling international.
The pre-DNIC digit for Sprintnet is 0 i believe.
(try 1 when calling to Datapac from another network does not work properly)
The
The rest of the address is unique and non-optional(changing 1 digit will
call a completely different system), although as i illustrated with the
telephone example above, certain parts of it may be omitted from the full
address.
The reason for this uniqueness is mainly the DNIC, or Data Network
Identification Code, which is the packet-switching networks own prefix.
It MUST be used when connecting from to a system that is on a packet-switching
network other than the one you are currently on. Some PSN's DNIC's are:
Datapac : 3020
Tymnet : 3106
Sprintnet: 3110
The third part is the address prefix, which is like an area code(but non-
optional), it specifies which part of the country you wish to call, as
designated by the packet-switching company. On Sprintnet the address prefix
corresponds with the area code that you are calling(ie the area code for
Seattle is 206, so every address that has a 206 prefix is in Seattle). On
Datapac it does not correspond to the area code you are calling, rather they
were distributed in chunks, like early 6XX is Alberta, and late 6XX is B.C.
etc. Address prefixes are generally 3 digits then a zero.
The fourth part is the address, or port, which designates the computer you
are calling within the prefix & DNIC. The addresses are generally not handed
out in any specific way, although companies occasionally buy large blocks of
them at a time, so you may find 20 of the same company's computers in a row.
The last part's use is rare, it is the system subaddressing, or Logical
Channel(LCN). They are the 9 and 10th digits of a standard address within
Datapac(without long-d pref. or DNIC). These are not used frequently enough
to scan regularly for, though, as a general rule stick to the 8 digit format.
NOTE: If you find a Gandalf system(i'll explain how to identify them in
another g-phile)they will often have 1, 2 & 3 subaddressing. After
finding the address try a 1,2 or 3 after the address. Gandalf's generally
have the systems FOX,LOGGER & MACHINE after an XMUX which are generally on
standard addresses. FOX is just a test machine, LOGGER has a very small log,
and on MACHINE enter S for small log of the XMUX, L(system optional) for a
complete log of NUA's/user-id's for a system-specified amount of
time, sometimes up to a month)
SAMPLE FORMAT FOR CALLING PACKET-SWITCHING NETWORKS OTHER THAN THE ONE YOU ARE
CURRENTLY CONNECTED TO: (brackets not included,used for illustration)
(1)(3020)(1230)(0001)(01)
| | | | |
| | | | |
International Prefix | | |
(if needed)(or zero) | | |
| | | |
Datapac DNIC | | |
| | |
Address Prefix| |
| |
System's Address|
|
LCN Subaddressing(if used)
REMINDER: On sprintnet you must use a 'c' then a space before the NUA
SAMPLE FORMAT FOR CALLING DATAPAC SYSTEMS FROM WITHIN THE DATAPAC PACKET-
SWITCHING NETWORK: (brackets not included, used for illustration)
(1230)(0001)(01)
| | |
| | |
Address Prefix | |
| |
System's Address |
|
LCN Subaddressing(if used)
Usually within Datapac the address will just be 8 digits, use that as a rule
when scanning.
NUA Scanning : Procedure
Ok, so now that you know how all this works, you will want to begin using it,
but you need NUA's to call, and most Operators won't hand them out freely
(unless you are skilled at social engineering), so what are you to do?
You could get a copy of a NUA list off someone, or from Eric Bloodaxe's
article in the LOD Technical Journal #4, or from one of the lists in Phrack
(issues 21 and 27, i believe).
Or you could get your own by NUA scanning! The best choice would be a
computer automated Datapac NUA scanner, much like a wardialer for direct
calling but for use on Datapac. The most popular one i know of for Sprintnet
is NUAA, a great program by Doctor Dissector. If you are hacking thru Datapac
i know of none out yet, but never fear, RoT is coming out with one very soon.
Although most Sprintnet scanners are meant for Sprintnet scanning, most of the
good Sprintnet/Tymnet scanners(NUAA included) have an option to use DNIC's, so
you can set it up to scan Datapac NUA's. If you can, try and get a scanner
that does addresses randomly within a specified field, then saves where you
are for next time, because this is less risky than doing sequential scanning
(if by miracle a Telecom Canada employee actually notices your scanning!).
Read on for more on "what" to scan(prefixes etc..).
The second way, which is much more exhausting and time consuming(but a good
alternative if you don't have a computer scanner)is manual scanning.
Wait, don't scream yet! This is not AS bad as it may sound, if your term
program has an option for macros on it(as any worthwhile one does). If not,
and you still choose to do manual scanning, then i commend you for your
dedication, as i sure the hell wouldn't do it!
First of all, you need to get into your macro settings screen, which on
TELIX is <alt>K, then T for Terminal Settings. Look in the help screen or docs
of other programs for proper procedures. Usually you would pick a normally
useless key, like one of the function keys(the best are F1 and F12, you are
less likely to hit others, and it goes faster), and turn it into your macro
key. From Datapac you want to scan 8 digit numbers, so enter the prefix you
want(three digits usually) then make the rest zeroes until you have 6(SIX)
digits on your macro.
eg: 999000
The reason for this is that you only have to enter your macro key then two
digits on your keypad then <ENTER>, so with a little practice you can make the
process quite fast. Also with a little practice, it is such an automated
process that it takes very little concentration, so you can pretty well do it
in your sleep(or at least while listening to music, talking on the phone or
watching TV).
The easiest way to do this type of scanning is sequentially, which is risky
when doing PBX's(Public Branch eXchanges) and occasionally risky when doing
direct-dial scanning, but generally not risky when doing it on Datapac.
So start with 00 and go until you reach 99, then enter your macro again and
change the last digit to a 1, and start with 00 again, but now you will be
doing 100's. Then, when done, repeat process with a 2 for 200's. Do this until
there are only blank addresses for a while(or you get bored).
A sample macro scanning session from Telix on Datapac would be:
<alt>K, T , F1, 999000 (setting macro up for use)
<F1>00 (enter your macro key, then 00, then <ENTER>)
<F1>01 (enter your macro key, then 01, then <ENTER>)
<F1>02 (enter your macro key, then 02, then <ENTER>)
and so on...
then after 99900099:
<alt>k, T, F1, 999001 (setting macro up for next set of scans)
and so on...
NUA Scanning : What to scan
Ok, now that you are able to connect to Datapac, and you know how to find
systems, you are probably going to want to start right away...Don't!
For maximum success in finding quality NUA's go at it with an attack plan:
Know what you are scanning!! For example, there will be a substantially less
amount of really great NUA's in a NUA prefix of Halifax than there would be
in Toronto or Ottawa!!
First of all,there are millions more people in Toronto or Ottawa than there
are in Halifax, also, the majority of corporate business headquarters and
government installations are housed in Toronto and Ottawa. Other good NUA
prefixes to scan would be those in Vancouver, with another ton of NUA's in
Montreal & Quebec City. Every province has a large number of NUA's, and you
will eventually want them all, but you will want to start in a prefix with a
large amount of quality connects so you won't be discouraged.
"Ok, that's really neat, but how the hell am i supposed to know where i'm
scanning on Datapac?" you might say. That is really true, because unlike
Sprintnet the area codes don't correspond to the NUA at all. But, NUA prefixes
are handed out in large chunks, with few exceptions, so you will have a good
idea of where you are scanning from this list:
early 200's: ONTARIO - Ottawa, Windsor, Kingston
mid 200's: ONTARIO - Ottawa, Sudbury, Toronto
late 200's: ONTARIO - Windsor
all 300's: ONTARIO - London, Toronto, Kitchener, Guelph
early 400's: QUEBEC - Quebec City
mid 400's: ONTARIO - Hamilton, Toronto, Oshawa, Scarborough
late 400's: QUEBEC - Quebec City, Montreal
early 500's: QUEBEC - Montreal
mid 500's: QUEBEC - Montreal
midlate 500's: YUKON - Yellowknife, Inuvik
late 500's: ALBERTA - Edmonton, Calgary
early 600's: ALBERTA - Calgary
mid 600's: B.C. - Vancouver, Kelowna, Prince George, Surrey
late 600's: B.C. - Vancouver
verylate 600's: MANTITOBA - Winnipeg
early 700's: SASKATCHEWAN - Regina, Saskatoon
mid 700's: NEW BRUNSWICK - St. John
midlate 700's: NOVA SCOTIA - Halifax, Dartmouth
late 700's: NEWFOUNDLAND - St. John's
early 800's: ONTARIO - Toronto
premidearly 800's: QUEBEC - Montreal
midearly 800's: B.C. - Vancouver, Burnaby
mid 800's: ONTARIO - Ottawa
late 800's: ONTARIO - Ottawa
early 900's: ONTARIO - Toronto,Clarkson
premid 900's: MANITOBA - Winnipeg
mid 900's: ALBERTA - Edmonton
prelate 900's: ONTARIO - Toronto, Brampton
late 900's: ONTARIO - Toronto
Now, this list is just a general rule to help you out, there will be
exceptions & additions. Also, the cities used are just examples found commonly
in that prefix, there will be many other cities found than those mentioned as
examples.The format for this guide is (area prefix)XXXXX, as in 200XXXXX where
XXXXX is the rest of the address. Remember, you will find a lot of "bad"
prefixes where there is little or no connects. Don't be discouraged, try some
more, remember, there are TONS of great prefixes out there just waiting to
be scanned...get to it!
Error Messages
Ok! Now you've started scanning and everything has been just great, tons of
connects, no problems, right?? Well, maybe, but not usually. If you are lucky
you will find an average prefix with quite a few connects, and more than your
share of error messages. Error messages are VERY common, even if you are on
an incredible prefix with huge amounts of connects, you will find a greater
amount of error messages. Here is a small guide to those error messages, what
they mean, and in some cases, how to get by them.
ADDRESS NOT IN SERVICE: By far the most common message. It means that the
address you are calling does not currently host a system. It may at sometime
in the future, but not right now. These are unfilled and useless for now.
COMMAND NOT ALLOWED: This is found frequently when you try to connect to
another Datapac address directly from Datapac while still on another Datapac
system. Sound confusing? I encountered this occasionally when phreaking off
Datapac outdials; sometimes for various reasons i would return to the Datapac
prompt(errors, etc), but i was still physically connected to the outdial, so
Datapac would not allow me to call somewhere else as i was already using a
Datapac system! If you were not connected to anywhere important, hang-up and
call back, that clears the connection. If it was important you can *try* to
exit the terminal program and then enter again, while not hanging up. This
works most of the time, but occasionally it will malfunction and drop carrier.
In this instance your only choice is to call back.
BUSY: This is a completely ambiguous command; it essentially means that the
system will not accept any more calls. BUT, the system may just be temporarily
busy(a user is already on), down for a day to a week(maintenance) or
permanently busy(various reasons). You may choose to call back at a different
date, some people just ignore them and move on.
INCOMPATIBLE CALL OPTIONS: It means that you have facilities not available at
the system you are attempting to reach, or are just simply non-compatible.
Don't bother with these.
TEMPORARY NETWORK PROBLEM: These "temporary" problems are frequently permanent
and exist over entire prefixes. Skip these prefixes. If you want, try them
in a month or so.
DESTINATION NOT RESPONDING: Either the destination is ignoring your call
request, or it is down(either temporarily or permanently).
ACCESS BARRED: I know very little about this "mysterious" error message
although it is found frequently. It has something to do with the network
itself blocking the call, because of a Closed User Group Violation. Now, i
also know little about Closed User Groups, other than the command to enable
them is 'c' at the Datapac prompt(although 'c' by itself just gets the error
message "Closed User Group error", so you'll have to figure out the parameters
yourself, sorry..).
REMOTE PROCEDURE ERROR: This is the message given to you when you have not
given a full address. Occasionally, the host system will specify the use of
mnemonics in the address. Without these mnemonics, the call will not go
through. The mnemonics are placed after the NUA digits, divided with a COMMA
(,) which tells Datapac that you are now using data chars. As far as i know,
the mnemonic can be anything, probably within 8 characters. Common mnemonics
are: Modem, system, console, logon, access, dial. It depends on the system
operator though, it can be anything he desires, quite often the company name
or the function of the computer. Another thing about mnemonics is there can
be multiple mnemonics possible for each system, like two mnemonics on one
system, each separate from each other. The reason for this is to specify
which system you wish to access, this is used occasionally if there are two
separate systems on one NUA. To clarify this here are a few samples:
Normal NUA w/mnemonic : 99900999,modem
NUA with LCN + mnemonic : 111001112,modem
NUA with multiple mnemonics: 12300456,host (to access host system)
& 12300456,dial (to access outdial)
REMOTE DIRECTIVE: Shows that a clearing of a virtual circuit in response
to a clear request packet from the destination. Which means that you have
been cleared of the line by a request from the system you are connected to.
Occasionally using a subaddress will get by this, and proceed to the
subaddressed system. Try it occasionally or when you suspect a system is
present.
COLLECT CALL REFUSED: To understand this you must know that every system
you call that you DO NOT receive this message on you are calling collect,
charging the call to the system. But, some systems DO NOT want to pay for
collect calls, and will not accept them. These are called "reverse-charging
systems", as that is exactly what they will do, reverse the charges back to
you. But, you are not set up to pay for these charges, so you do not accept
them and every thing cancels out and you're back to the Datapac prompt. There
is, however, a common way to get past this dilemna. Use a NUI(Network User
Identifier).
NUI's are the packet-switching network's equivalent to a Phone Calling Card.
This is a personal account that when invoked will automatically accept all
charges, regardless of whether the system is reverse-charging or not. This
is the best way to get past reverse-charging systems.
The regular joe can get themselves a NUI, but unfortunely, they won't be much
good to you for hacking if the system knows your real name, and by a request
to Telco. authorities your address and phone number as well!
So what you need is someone else's NUI! Unfortunely, these are pretty hard
to come by. A large amount of trashing, or a B&E might net you one or two,
its hard to say. It's also hard to say how much usage you will get out of it
before the NUI goes down.
NUI's are 6-8 character alphanumeric codes that should be entered before
making your call request. Along with each NUI comes a password(what did you
expect).
Datapac claims that the NUI format is different from system to system, so if
the following format does not work for you, experiment until it does(unless
your NUI is no longer valid). Type NUI followed by your 6-8 character code.
Datapac will prompt for a password(which is shadowed), then after that Datapac
will tell you the NUI is active and you have NUI status, and then you are
ready to go. Example:
(user) NUI XXXXXXXX
(Datapac) Password:
(user) XXXXXXXX (not sure on length requirements)
(Datapac) DATAPAC : Network User Identifier XXXXXXXX active
NUI Status
So you found a system...
Now, after all this preparation and work, you finally have some connects!
Some of these may be blank or useless, but you should probably have a few
decent ones with at least a prompt. In another upcoming [RoT] g-phile i'll
give you the ways to identify most systems, defaults for those systems, and
tips on brute forcing, etc. But for now, if you find a UNIX try root/root
(unlikely, but hilarious if it works), guest/guest on a VAX/VMS(also unlikely
nowadays, but you'll still find the occasional one), autolog1/autolog on VM's,
prime/prime on Primos & mgr.telesup,pub/hponly on HP3000's and
Autolog1/Autolog on VM/SP's.
V. EXTRA
Special Commands
I have not toyed much with unlisted commands, but i've found a few:
c | something to do with closed user groups
f | it's a service option(it says "not subscribed")
l | sets packet sizes somehow(i couldn't get 128 or 256 to work)
n | some kind of NUA option(function unknown)
p | a NUA option that sets packet size to 128
r | same as n, says n too
t | something to do with RPOA's(Registered Private Operating Agencies)
| which are the ID's of the online system.
set | a weird one, it goes to about 3 line down and sits there
| if you type a NUA it will go there.
The NUA options are shown in the inital connect string that Datapac sends
first upon connect. A usual connect string without options would read like
(01) n,remote charging,256,XXXXXXXX
where 01 is the node, remote charging, 256 is the packet size, XXXXXXXX is the
NUA, and n is the NUA option(n = no service option??). But when you enter the
'p' NUA option where the 'n' is in the above illustration is now 'p'.
I haven't experimented much, maybe some other time..
VI. CONCLUSION
Wrapping it up
Well, i suppose that is all for now, hope you have a phun time exploring
Datapac, try not to get busted, and if you do, don't blame me. For questions
comments, fan mail, hate mail, or just talk you can always find me at any
[ R o T ] HQ or Dist. site.
Seeya...
Deicide
[RoT] H/P coordinator
RoT HQ's
------------
For all your H/P/A/C/V needs as well as all the RoT programs and
G-Philes as soon as they are released call:
[RoT] WHQ [RoT] USHQ
-- 6 <20><><EFBFBD>T <20><>D<EFBFBD>R -- -- the Cellar --
[604] 824-0317 [401] PRI-VATE
GREETZ: Ruskin, RT, K-Neon, Lint, B-Eagle, Ydiner, Kamikize, Case(what
happened??), Shadow Hawk, Sandalwood, Phrack(i grew up on it), cDc(mental but
cool), LOD/H(for old times sake) & Robin Hood(for giving me a chance).
Reference in New Issue View Git Blame Copy Permalink