informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/hacking/icebook2.txt

959 lines
53 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-(Exploring the further regions of experience...)-
###################################################################
## _____________ __________ __________ ##
## /____ ____/\ / ______/\ / ______/\ ##
## \__ / /\___\/ / /\_____\/ / /\_____\/ ##
## / / / / / / / /_/___ ##
## / / / / / / / ______/\ ##
## / / / / / / / /\_____\/ ##
## ____/ /_/__ / /_/____ / /_/____ ##
## /____________/\ /__________/\ /__________/\ ##
## \____________\/ \__________\/ \__________\/ ##
## ##
####### Headquarters: (416) 934-4055 #######
## ##
#########################################################
## INNER CIRCLE ELITES (ICE) Presents: ##
## -- The Guide to Hacking & Phreaking [Issue #2] -- ##
## by Liquid Jesus ##
#########################################################
_______CONTENTS___________________________________________________________
PART I.......Introduction
PART II......PHreak PHile Extract (Guidelines by The Mentor - LOD/H)
PART III.....Datapac, PADs, and X.25
PART IV......DNIC Listing
PART V.......NUA Examples (Extracted from PHrack vol.3 issue 27)
PART VI......Questions & Answers
PART VII.....End of Transmission
__________________________________________________________________________
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
______ ______ ______ _________ _______
| __ | | __ | | ___ \ |___ ___| |_______|
| |__| | | | | | | |__/ / | | | |
| ___| | |__| | | / | | | |
| | | __ | | |\ \ | | __|_|__
|__| |_| |_| |_| \__\ |_| |_______|
-+- Introduction -+-
First off I want to thank all the people who left me feedback
after the release of the first issue. It's a hellova lot easier to talk
about things people ask about then by picking stuff out of the blue. It's
only been a couple of days since I finished the first issue but the great
response has prompted me to get my ass hauling an the second. This issue
will probably have a *large* Q&A section but I'll try and limit the ones I
answer to the ones being most important. Most people who leave me
feedback on my BBS will have their questions answered in this guide and
I'll have their name at the beginning of the question. If you ask me
something and you feel it's just such a dumb question that you don't want
to be labelled as the one who asked it, just tell me and I'll change you
to "anonymous".
Ok, I *was* planning on getting into new aspects of h/ping this
issue (credit card fraud, how an NUAs and X.25 works, details about
specific systems, etc..) but most of the feedback I've recieved so far
has had to do with either 800 services and Datapac. Another large area of
concern is the risk of getting caught. Well, I'm not going to lie to
anyone... law enforcement is a LOT tougher on phreaks then on pirates.
With pirating they figure "Ok, the guy probably wouldn't have bought the
game in the first place anyways so it's not like the company is LOOSING
money because he made a copy for himself". Also, it's a lot more
widespread. Hack/Phreaks charge money *directly* to places such as
telephone companies and other pay services. They can get into the corners
of large systems and read about someones personal data until they find it
time to have some fun and start changing things. When people start
feeling insecure about their own private belongings, they find it VERY
easy to slam the person who made them feel this way. You've probably
already heard numerous stories about hackers being caught and charged with
computer crimes. "Computer hackers crack credit codes", "Israeli hacker
cracks military, credit codes", "Fone Phreaks charge millions in unpaid
bills", etc, etc... it's no longer just the 95% average "nerd with taped
glasses" doing it. So how do you manage to stay out of trouble? Well
that's easy, be cautious. If you find something new you haven't seen
before, ask an experience hacker if it's safe to use. Also, keep a low
profile. So what if you feel great about cracking your first system.
Keep your discussions to h/p-designated BBS's and don't start blabbing
specifics to people you don't know. Instead of saying "I just got into
General Motors VAX mainframe" you could limit it to "I just hacked a big
VAX" or something. Just watch what you say.
As for what you CAN use, just about anything that someone else
says. Someone will tell you if something isn't safe, and if it isn't most
of the time they'll also tell you how to use it without getting in di-hoe.
Generally, everything is safe that is posted to the public (eg: on
Alliance, VMB's, BBS's, chat lines, etc..). Someone also asked me if ALL
950's were unsafe. Ok, here's the definition of a 950 from the PHreak's
Glossary:
950 - (pronounced nine-five-oh, not nine-fifty) A nationwide access
exchange in most areas. Many LD companies have extenders
located somewhere on this exchange; however, all services on
this exchange are considered dangerous due to the fact that
they ALL have the ability to trace. Most 950 services have
crystal clear connections.
All 950's have the number 800-950-xxxx (the prefix is 950 hence
it's name.. duhh). Not ALL are unsafe but there are more unsafe 950's
then other forms of 800 services. As I said before, you'll hear if one
isn't safe.
Another thing, before we get started, someone asked me to name
some things that would be good for beginner hackers to start on. Things
that are very safe. Well...
(1) university/colledge computers: most have relatively low external
security and don't keep logs of unsuccessful entry attempts. An
example is the Lincoln County Board of Education VAX at 641-1295
(2400 baud - use VT100 emulation for best results). Some other
examples of local small business systems are:
641-2973 (1200bps) - O.R. MFAS Complex [run on a VAX/VMS] Very SLOW.
641-5002 (1200bps) - System 288 ISOETEC Communications Inc.
687-1655 (2400bps) - Q&O Corporate Division (Quebec and Ontario
Paper Company) [use VT-100 emulation]
687-8788 (1200bps) - Hotel Dieu (send hard break after connect. This
one is very hard to hack... I don't even know the
format of the login)
687-3954 (2400bps) - hit ESCape to get menu of companies
(2) computers connected through networks: as there are a massive amount
of people connected to a network at any given time it isn't practible
for the network to run traces on everything. And, through network
systems you can usually jump around to other systems. The closest
network dialups are for Datapac. Here's a few:
357-4695 2400 baud - ICE also has a list of about 50 or so other
687-1104 2400 baud Datapac dialups for both 1200 and 2400 baud.
687-1115 2400 baud Just ask!
688-5640 1200 baud
..and remember, after you connect enter two periods and hit return
(EG: .. <cr> ) and from there you enter the system address (which is
8 digits long) For some systems to check out see the first release
of this article (filename: ICE001.TXT)
What to stay away from? Well.. usually government computers
aren't safe to hack unless you know what you're doing (more on this in a
future issue), as well as systems to SOME big companies. Like calling
direct to AT&T's mainframe and hacking it for hours on end wouldn't be
something you'd wanna do.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
______ ______ ______ _________ ___________
| __ | | __ | | ___ \ |___ ___| |___________|
| |__| | | | | | | |__/ / | | | | | |
| ___| | |__| | | / | | | | | |
| | | __ | | |\ \ | | __|_|_|_|__
|__| |_| |_| |_| \__\ |_| |___________|
-+- PHreak PHile Extract: Guidelines by The Mentor - LOD/H -+-
The following was extracted from P/HUN Issue #2 by The Mentor (Legion of
Doom/Legoin of Hackers). I know I posted my own guidelines in release #1
of this guide but these are a few more you may want to keep in mind:
As long as there have been computers, there have been hackers. In the
50's at the Massachusets Institute of Technology (MIT), students devoted
much time and energy to ingenious exploration of the computers. Rules and
the law were disregarded in their pursuit for the 'hack'. Just as they
were enthralled with their pursuit of information, so are we. The thrill
of the hack is not in breaking the law, it's in the pursuit and capture of
knowledge.
I. Do not intentionally damage *any* system.
II. Do not alter any system files other than ones needed to ensure your
escape from detection and your future access (Trojan Horses, Altering
Logs, and the like are all necessary to your survival for as long as
possible.)
III. Do not leave your (or anyone else's) real name, real handle, or real
phone number on any system that you access illegally. They *can* and
will track you down from your handle!
IV. Be careful who you share information with. Feds are getting trickier.
Generally, if you don't know their voice phone number, name, and
occupation or haven't spoken with them voice on non-info trading
conversations, be wary.
V. Do not leave your real phone number to anyone you don't know. This
includes logging on boards, no matter how k-rad they seem. If you
don't know the sysop, leave a note telling some trustworthy people
that will validate you.
VI. Do not hack government computers. Yes, there are government systems
that are safe to hack, but they are few and far between. And the
government has inifitely more time and resources to track you down than
a company who has to make a profit and justify expenses.
VII. Don't use codes unless there is *NO* way around it (you don't have a
local telenet or tymnet outdial and can't connect to anything 800...)
You use codes long enough, you will get caught. Period.
VIII. Don't be afraid to be paranoid. Remember, you *are* breaking the law.
It doesn't hurt to store everything encrypted on your hard disk, or
keep your notes buried in the backyard or in the trunk of your car.
You may feel a little funny, but you'll feel a lot funnier when you
when you meet Bruno, your transvestite cellmate who axed his family to
death.
IX. Watch what you post on boards. Most of the really great hackers in the
country post *nothing* about the system they're currently working
except in the broadest sense (I'm working on a UNIX, or a COSMOS, or
something generic. Not "I'm hacking into General Electric's Voice Mail
System" or something inane and revealing like that.)
X. Don't be afraid to ask questions. That's what more experienced hackers
are for. Don't expect *everything* you ask to be answered, though.
There are some things (LMOS, for instance) that a begining hacker
shouldn't mess with. You'll either get caught, or screw it up for
others, or both.
XI. Finally, you have to actually hack. You can hang out on boards all you
want, and you can read all the text files in the world, but until you
actually start doing it, you'll never know what it's all about. There's
no thrill quite the same as getting into your first system (well, ok,
I can think of a couple of bigger thrills, but you get the picture.)
One of the safest places to start your hacking career is on a computer
system belonging to a college. University computers have notoriously lax
security, and are more used to hackers, as every college computer depart-
ment has one or two, so are less likely to press charges if you should
be detected. But the odds of them detecting you and having the personel to
committ to tracking you down are slim as long as you aren't destructive.
If you are already a college student, this is ideal, as you can legally
explore your computer system to your heart's desire, then go out and look
for similar systems that you can penetrate with confidence, as you're already
familar with them.
So if you just want to get your feet wet, call your local college. Many
of them will provide accounts for local residents at a nominal (under $20)
charge.
Finally, if you get caught, stay quiet until you get a lawyer. Don't
volunteer any information, no matter what kind of 'deals' they offer you.
Nothing is binding unless you make the deal through your lawyer, so you
might as well shut up and wait.
- The Mentor: LOD/H
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
______ ______ ______ _________ _______________
| __ | | __ | | ___ \ |___ ___| |_______________|
| |__| | | | | | | |__/ / | | | | | | | |
| ___| | |__| | | / | | | | | | | |
| | | __ | | |\ \ | | __|_|_|_|_|_|__
|__| |_| |_| |_| \__\ |_| |_______________|
-+- Datapac, PADS, and X.25 -+-
Ok, to start off, Datapac is a network with dialups ONLY in Canada
(a dialup is the number you call to get into the network eg. 687-1115) that
has all sorts of neat little services you can screw around with. After you
connect you type two periods and hit return ".. <cr>" and that will tell
Datapac you're their. From here you can enter any valid 8-digit address
to connect to a host systems. An example is "74600268" (a VAX system).
There are thousands of systems connected with Datapac all across Canada.
If you want to get the specifics on Datapac and how it works enter the
address "9160 0086" (no space in between though...) and it will give you
menus and texts of all sorts of things. So what's so special about Dpac?
Well, most of the systems connected to it allow access to other networks
around the world via packet assember/disassembers (PADs). What a PAD does
is group the data into 128 or 256 byte chunks (normally, this can be
changed. Using smaller packet sizes reduces PAD delay but may also cost
the company more money because some networks charge by the packet... but
hey, whatever makes your journey easier). The packet is now transmitted
at speeds ranging from 9600bps to 19200bps (or even faster) to another PAD
where it then takes the data and hands it down to whatever computer
system it's connected to. A PAD allows two computers that have different
baud rates or communication protocals to talk to each other over a long
distance.
Although the systems connected directly to Datapac are located in
Canada you can access any system in the world from it via the X.25 network.
All of the major networks (Telenet, Tymnet, Datapac, ItaPAC, etc..) offer
connections with X.25 as well as many private companies. (I don't wanna
confuse anyone here but I might..). Ok, as I said before, Datapac
connects to host systems by their 8-digit addresses. Now pretend this
8 digit number is like a normal 7 digit phone number (eg. 9344055) without
the area code. To call outside of Datapac (using an X.25 PAD) you must
add the DNIC in front of it. The DNIC (Data Network Identification Code)
is kind of like an areacode for networks. It tells Datapac the area of
the world and which network inside it, that you're calling to. Currently
Datapac connects DIRECTLY to the U.S. packet switching networks (PSN's) of
SprintNet, BT Tymnet, AT&T Accunet, Fedex, Net Express and Western Union.
Also, through Teleglobe Canada it can connect to more than 100 networks
throughout the world. So now you know what a NUA is (well... kinda). A
NUA (Network User Address) has been conformed to X.121 standards (what's
X.121? It's the standard set by Study Group 7 of the CCITT (International
Telegraph and Telephone Consultative Committee - you don't have to
remember that) that says an NUA takes the form of a 4 to 14 digit number
with the first four digits being the DNIC. In this manner X.121 ensures
unique addresses for all data terminal equipment in the world. Another
thing that you don't need to know is X.75 which defines the signalling
system between to PSN's, but can basically be defined as a network to
network interface (makes sure both networks are talking in the same
"language" so to speak). Ok got all that? Remember it for the test on
Friday (hohoho 8-) I'm just tellin yah how things work in case anyone
actually cares. Quick review:
X.121 - standard of how NUA's are made up
X.75 - network to network interface (the "language")
Sooo... an NUA is like this:
(1) (DNIC) (FOREIGN ADDRESS)
: : :
One defines the Datapac International.: : :
Prefix (tells Dpac yur callin outside : :
of the network) : :
: :
Packet networks are identified by a ........: :
four digit number called a DNIC :
(data network identification code) :
:
The foreign national address is .......................:
expressed as an eight to ten digit
address.
Also, as I stated before, when in Dpac you can change the packet size, but
when calling internationally the packet must be 128 characters. You
cannot change this. Ok, an example NUA is QSD:
1 2080 57040540
: : :
: : :
Identifies international..: : :
call (1) : :...this is the address within
: Transpac - the host system you're
DNIC: 2080 - identifier for..: connecting to.
the network TRANSPAC in
France - the network your
connecting to
Note: every PSN has a DNIC. Datapac's is "3020" so if you lived in
Italy and hooked up to ItaPAC and wanted to call a VAX at 12345678
connected with Datapac the NUA would be 1302012345678. Easy eh?
So what's so great about all this? Well just think, if there's
some tiny little company with a little desktop computer in the basement
of some small building in Japan, you can connect with it if it's hooked
up to a packet switching network, or even if it's hooked up to a LAN
(local area network) providing the LAN server is connected with a PSN.
Also, unlike placing a normal phone call with which you can only be
connected to one place per line, X.25 PADs can have multiple lines
(actually, called channels) so sitting on your one line-one modem micro,
you could be connected to five or more mainframes in different countries
around the world simultaneously.
Well now you know a little bit more about about 45% of the hacker
world (the other 45% is codes - 800 services (eg: PBX's) and the remaining
10% is the anarchy bit which I've never really been interested in. Most
people are H/P but their's also the H/P/A (hack/phreak/anarchy) dudez who
spend time trying to construct the atomic bomb from household supplies...
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
______ ______ ______ _________ ________________
| __ | | __ | | ___ \ |___ ___| |________________|
| |__| | | | | | | |__/ / | | | | \ \ / /
| ___| | |__| | | / | | | | \ \/ /
| | | __ | | |\ \ | | __|_|___\__/____
|__| |_| |_| |_| \__\ |_| |________________|
-+- DNIC List -+-
Well seeing as how I babbled on so much the last section about
them, I thought it might be worthwhile to include a DNIC listing because
chances are you'll need it in the future. Soo, straight from Datapac's
Information Service....
DATAPAC INTERNATIONAL IDENTIFICATION CODES (DNIC)
A comprehensive list of the International Packet-Switched networks
which are accessible via the Datapac-Teleglobe gateway is provided
below. It is current as of 1992 06 09.
COUNTRY NETWORK DNIC DIRECTION
------- ------- ---- ---------
ANDORA ANDORPAC 2945 BI-DIR
ANTIGUA AGANET 3443 INCOMING
ARGENTINA ARPAC 7220 BI-DIR
ARPAC 7222 BI-DIR
AUSTRIA DATEX-P 2322 BI-DIR
DATEX-P TTX 2323 BI-DIR
RA 2329 BI-DIR
AUSTRALIA AUSTPAC 5052 BI-DIR
OTC DATA ACCESS 5053 BI-DIR
AUSTPAC 5054 BI-DIR
BAHAMAS BATELCO 3640 BI-DIR
BAHRAIN BAHNET 4263 BI-DIR
BARBADOS IDAS 3423 BI-DIR
BELGIUM DCS 2062 BI-DIR
DCS 2068 BI-DIR
DCS 2069 BI-DIR
BELIZE BTLDATAPAVC 7020 BI-DIR
BERMUDA BERMUDANET 3503 BI-DIR
BRAZIL INTERDATA 7240 BI-DIR
RENPAC 7241 BI-DIR
RENPAC 7248 INCOMING
RENPAC 7249 INCOMING
BULGARIA BULPAC 2841 BI-DIR
CAMEROON CAMPAC 6242 BI-DIR
CAYMAN ISLANDS IDAS 3463 BI-DIR
CHAD CHAD 6222 BI-DIR
CHILE ENTEL 7302 BI-DIR
CHILE-PAC 7303 INCOMING
VTRNET 7305 BI-DIR
ENTEL 7300 INCOMING
CHINA PTELCOM 4600 BI-DIR
COLOMBIA COLDAPAQ 7322 BI-DIR
COSTA RICA RACSAPAC 7120 BI-DIR
RACSAPAC 7122 BI-DIR
RACSAPAC 7128 BI-DIR
RACSAPAC 7129 BI-DIR
CYPRUS CYTAPAC 2802 BI-DIR
CYTAPAC 2807 BI-DIR
CYTAPAC 2808 BI-DIR
CYTAPAC 2809 BI-DIR
DENMARK DATAPAK 2382 BI-DIR
DATAPAK 2383 BI-DIR
DJIBOUTI STIPAC 6382 BI-DIR
DOMINICAN REP. UDTS-I 3701 INCOMING
ESTONIA ESTONIA 2506 BI-DIR
EGYPT ARENTO 6020 BI-DIR
FIJI FIJPAC 5420 BI-DIR
FINLAND DATAPAK 2441 BI-DIR
DATAPAK 2442 BI-DIR
DATAPAK 9358 BI-DIR
DIGIPAK 2443 BI-DIR
FRANCE TRANSPAC 2080 BI-DIR
NTI 2081 BI-DIR
TRANSPAC 2089 BI-DIR
TRANSPAC 9330 INCOMING
TRANSPAC 9331 INCOMING
TRANSPAC 9332 INCOMING
TRANSPAC 9333 INCOMING
TRANSPAC 9334 INCOMING
TRANSPAC 9335 INCOMING
TRANSPAC 9336 INCOMING
TRANSPAC 9337 INCOMING
TRANSPAC 9338 INCOMING
TRANSPAC 9339 INCOMING
FR ANTILLIES TRANSPAC 2080 BI-DIR
FR GUIANA TRANSPAC 2080 BI-DIR
FR POLYNESIA TOMPAC 5470 BI-DIR
GABON GABONPAC 6282 BI-DIR
GERMANY F.R. DATEX-P 2624 BI-DIR
DATEX-C 2627 BI-DIR
GREECE HELPAK 2022 BI-DIR
HELLASPAC 2023 BI-DIR
GREENLAND KANUPAX 2901 BI-DIR
GUAM LSDS-RCA 5350 BI-DIR
PACNET 5351 BI-DIR
GUATEMALA GUATEL 7040 INCOMING
MAYAPAC 7042 INCOMING
GUATEL 7043 INCOMING
HONDURAS HONDUTEL 7080 INCOMING
HONDUTEL 7082 BI-DIR
HONDUTEL 7089 BI-DIR
HONG KONG INTELPAK 4542 BI-DIR
DATAPAK 4545 BI-DIR
INET HK 4546 BI-DIR
HUNGARY DATEX-P 2160 BI-DIR
DATEX-P 2161 BI-DIR
ICELAND ICEPAK 2740 BI-DIR
INDIA GPSS 4042 BI-DIR
INDONESIA SKDP 5101 BI-DIR
IRELAND EIRPAC 2721 BI-DIR
EIRPAC 2724 BI-DIR
ISRAEL ISRANET 4251 BI-DIR
ITALY DARDO 2222 BI-DIR
ITAPAC 2227 BI-DIR
IVORY COAST SYTRANPAC 6122 BI-DIR
JAMAICA JAMINTEL 3380 INCOMING
JAPAN GLOBALNET 4400 BI-DIR
DDX 4401 BI-DIR
NIS-NET 4406 BI-DIR
VENUS-P 4408 BI-DIR
VENUS-P 9955 INCOMIMG
VENUS-C 4409 BI-DIR
VENUS-C 4410 BI-DIR
KENYA KENPAC 6390 BI-DIR
KOREA REP HINET-P 4500 BI-DIR
DACOM-NET 4501 BI-DIR
DNS 4503 BI-DIR
KUWAIT BAHNET 4263 BI-DIR
LEBANON SODETEL 4155 BI-DIR
LIBANPAC 4150 BI-DIR
LUXEMBOURG LUXPAC 2704 BI-DIR
LUXPAC 2709 BI-DIR
MACAU MACAUPAC 4550 BI-DIR
MADAGASCAR INFOPAC 6460 BI-DIR
MALAYSIA MAYPAC 5021 BI-DIR
MAURITIUS MAURIDATA 6170 BI-DIR
MEXICO TELEPAC 3340 BI-DIR
MOROCCO MOROCCO 6040 BI-DIR
MOZAMBIQUE COMPAC 6435 BI-DIR
NETHERLANDS DATANET-1 2040 BI-DIR
DATANET-1 2041 BI-DIR
DABAS 2044 BI-DIR
DATANET-1 2049 BI-DIR
N. MARIANAS PACNET 5351 BI-DIR
NEW CALEDONIA TOMPAC 5460 BI-DIR
NEW ZEALAND PACNET 5301 BI-DIR
NIGER NIGERPAC 6142 BI-DIR
NORWAY DATAPAC TTX 2421 BI-DIR
DATAPAK 2422 BI-DIR
DATAPAC 2423 BI-DIR
PAKISTAN PSDS 4100 BI-DIR
PANAMA INTELPAQ 7141 BI-DIR
INTELPAQ 7142 BI-DIR
PARAQUAY ANTELPAC 7447 INCOMING
PERU DICOTEL 7160 BI-DIR
PHILIPPINES CAPWIRE 5150 INCOMING
CAPWIRE 5151 BI-DIR
PGC 5152 BI-DIR
GMCR 5154 BI-DIR
ETPI 5156 BI-DIR
PORTUGAL TELEPAC 2680 BI-DIR
SABD 2682 BI-DIR
PUERTO RICO UDTS 3300 BI-DIR
UDTS 3301 BI-DIR
QATAR DOHPAC 4271 BI-DIR
REUNION (FR) TRANSPAC 2080 BI-DIR
RWANDA RWANDA 6352 BI-DIR
SAN MARINO X-NET 2922 BI-DIR
SAUDI ARABIA ALWASEED 4201 BI-DIR
SENEGAL SENPAC 6081 BI-DIR
SEYCHELLES INFOLINK 6331 BI-DIR
SINGAPORE TELEPAC 5252 BI-DIR
TELEPAC 5258 BI-DIR
SOLOMON ISLANDS DATANET 5400 BI-DIR
SOUTH AFRICA SAPONET 6550 BI-DIR
SAPONET 6551 BI-DIR
SAPONET 6559 BI-DIR
SRI-LANKA DATANET 4132 BI-DIR
SPAIN TIDA 2141 BI-DIR
IBERPAC 2145 BI-DIR
SWEDEN DATAPAK TTX 2401 BI-DIR
DATAPAK-2 2403 BI-DIR
DATAPAK-2 2407 BI-DIR
SWITZERLAND TELEPAC 2284 BI-DIR
TELEPAC 2285 BI-DIR
TELEPAC 2289 BI-DIR
TAIWAN PACNET 4872 BI-DIR
PACNET 4873 BI-DIR
UDAS 4877 BI-DIR
TCHECOSLOVAKA DATEX-P 2301 BI-DIR
THAILAND THAIPAC 5200 BI-DIR
IDAR 5201 BI-DIR
TONGA DATAPAK 5390 BI-DIR
TOGOLESE REP. TOGOPAC 6152 BI-DIR
TORTOLA IDAS 3483 INCOMING
TRINIDAD DATANETT 3745 BI-DIR
TEXTET 3740 BI-DIR
TUNISIA RED25 6050 BI-DIR
TURKEY TURPAC 2862 BI-DIR
TURPAC 2863 BI-DIR
TURKS&CAICOS IDAS 3763 INCOMING
U ARAB EMIRATES EMDAN 4241 BI-DIR
EMDAN 4243 BI-DIR
TEDAS 4310 INCOMING
URUGUAY URUPAC 7482 BI-DIR
URUPAC 7489 BI-DIR
USSR IASNET 2502 BI-DIR
U.S. VIRGIN I UDTS 3320 BI-DIR
U. KINGDOM IPSS-BTI 2341 BI-DIR
PSS-BT 2342 BI-DIR
GNS-BT 2343 BI-DIR
MERCURY 2350 BI-DIR
MERCURY 2351 BI-DIR
HULL 2352 BI-DIR
VENEZUELA VENEXPAQ 7342 BI-DIR
YUGOSLAVIA YUGOPAC 2201 BI-DIR
ZIMBABWE ZIMNET 6482 BI-DIR
(As you can see there's a LOT of different networks around the world!)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
______ ______ ______ _________ __________
| __ | | __ | | ___ \ |___ ___| |__________|
| |__| | | | | | | |__/ / | | \ \ / /
| ___| | |__| | | / | | \ \/ /
| | | __ | | |\ \ | | ___\__/___
|__| |_| |_| |_| \__\ |_| |__________|
-+- NUA Extract -+-
There are tens of thousands of NUAs around the world so I'm not
going to list them all obviously (the list alone would takes megs of
space). I'll just take a few from PHrack issue #27 (vol.3) so you can
have a looksee of what's out there. THESE HAVE NOT BEEN TESTED and they
may be out of service by the time you try them out, but chances are
they'll still be there:
DNIC
\ /
\/
2062 22 101 2 ? Ministry of economic affairs
2080 57 040 540 QSD (Chat system)
2284 621100102 Cigy DEC1091
2284 6411010 DM DATAMAIL (RSAG)
2284 681140592 Princeton University High Energy Physics
Group Vax 11/750
2284 681140593 University of Michigan Physics Vax 11/750
2284 681140596 N.U. Physics Vax 11/750
2284 681140597 Harvard University High Energy Physics Lab.
Vax 8650
2342 19200190 INFOLINE PERGAMON INFOLINE LTD. (NFS)
2342 19200203 IPSH SHARP, I. P. ASSOCIATES LTD.
2342 19200220 BRITISH LIBRARY ON-LINE SYSTEM
2342 19200222 BLAISE British Library Information System
2342 22236236 UWIST University of Wales
2342 22339399 CAMBRID Cambridge University (Phoenix)
2342 22530303 SWURCC South-West Universities
2342 2253030388 SWURCC South-West Universities Network
2342 23519111 AERE Atomic Energy Research Establishment at
Harwell
2343 07813 EUROINFO Euronet Diane Information Service
2442 03008 HELVA High Energy Physics Vax 11/750
2442 03017 U of Technology DEC-20
2442 31006 Technical University of Tampere VAX
2624 5241040149 Aachener + Muenchener Versicherung
2624 5241090528 rmi-aachen
2624 5241090832 RMI Datentechnik Aachen
2624 5243340307 OPTEL (Ruehlemann-Box)
2624 5246190509 Kfz Juelich
2624 5271040240 Uni Siegen, FB Physik (VAX 11/750)
2624 5293140196 Handwerkskammer (HWK) Arnsberg
2624 530000414 GFC-AG
2624 5611090322 American Express
2624 5611090347 American Express
3106 000323 TRW Defence & Space Systems Group
3106 000401 TMCS Public Network
3106 000633 Public TYMNET/TRWNET Interlink
3106 00157878 BIX
3106 001659 BYTE Information Exchange (GUEST,GUEST)
3106 001663 People Link
3106 001819 TMCS Public Network
3106 001828 FRX Faifax Outdial Host (Tymnet)
3106 001864 SUNGARDS Central Computer Facility Network
3106 002677 The New York Times
3106 0057878 BIX
3106 00584401 Washington Post
3110 21200315 Outdial 300 bps (Area 212)
3110 21200316 Outdial 1200 bps (Area 212)
3110 21200412 Outdial 2400 bps (Area 212)
3110 2120041200 New York City Outdial (Area 212)
3110 21300029 TRW Defence & Space Systems Group
3110 3010002000 NLM National Library of Medicine
3110 3010002400 The Source
3110 500061 Nuclear Research
3110 608016630 University of Wisconsin
3110 609004200 Dow-Jones
3110 6120002500 Honeywell Inform Services Datanetwork
3110 6170013700 Masachusetts Institute of Technology
3110 6170013800 Masachusetts Institute of Technology
3110 6170013900 Masachusetts Institute of Technology
3110 6170014000 Masachusetts Institute of Technology
3110 6170127500 Masachusetts Institute of Technology
3110 6170139000 Masachusetts Institute of Technology
3110 6170140300 Masachusetts Institute of Technology
3110 61703088 Delphi
3110 61900050 California Outdial 1200 bps (Area 619)
3110 7030002000 Litton Computer Services
3110 7030002100 American Management Systems
5052 82620000 VAX in Sidney, Australia
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
______ ______ ______ _________ ________________
| __ | | __ | | ___ \ |___ ___| |________________|
| |__| | | | | | | |__/ / | | \ \ / / | |
| ___| | |__| | | / | | \ \/ / | |
| | | __ | | |\ \ | | ___\__/____|_|__
|__| |_| |_| |_| \__\ |_| |________________|
-+- Questions & Answers -+-
A lot of people think they shouldn't bother asking a question
because it's stupid, or it might make them look like a beginner. Well
without an answer to your question you'll ALWAYS be a beginner. I will
answer _any_ question no matter how small it may seem and if I can't give
an answer to it I'll find someone who can. I've been in the h/p scene for
a couple of years now and there's still LOTS of stuff I have no clue about.
H/Ping goes into all corners of the computer world and other forms of
electronics and there's no WAY someone can know everything about all of it.
Most people just stick to one party of h/ping and specialize their. I've
seen people that know the operating system to VAX/VMS inside out but they
don't have a clue as to how a PBX works. I also know people who can hack
out VMB's in a minute but have never heard of an outdial. Don't think
that all hack/phreaks know everything about everything cause they don't.
I've got loads of technical journals at hand so I can look up and give a
detailed answer on almost anything if you want one. If you want me to
explain somethings step-by-step I'll do that too. Ask and you shall
recieve. So you ask "why am I being such a nice guy?" Well as I said
before, the amount of phreaks in Niagara are VERY few and I want to expand
people's knowledge in the area. When more people are learning, I won't be
the only one answering questions. One more thing, not all answers in this
section will be from me. In this issue they are but in future issues I'll
be taking extracts from other hack philes and from other BBS's.
Ok, hours after I released the first ICE H/P Handbook I had
feedback waiting for me on my board. That's great. The more the merrier.
If you have a question (L)eave Feedback to me on my BBS: 416-934-4055 (no,
you don't have to be a member to do this... guests can leave feedback as
well).
[QUESTION #1 from Darkwing Duck]:
Ok, umm, I've read MOST of your H/P book (I'm on line 512 now). What I'd
like to know is about Datapac. When I call and look around is this illegal
(stupid question), ok, but can I get caught?
--------------------------------------------------------------------------
No, it's not a stupid question. When I first started out the
major thing that worried me and kept me from trying new things was getting
caught. Datapac is a public service, and if you're just snooping around
not causing any harm, you won't get into trouble. I have *heard* stories
of some people getting into dung for scanning Datapac, but myself as well
as other members of ICE and other people I know have been scanning Datapac
extensively for a _long_ time and nothing has every happened to me or them.
Remember, Datapac is a huge network that goes all across Canada and also
accepts calls from overseas. It has hundreds of dialups over the country.
This allows for thousands of people to be accessing it simultaneously.
Datapac doesn't have the time, money (well, maybe), or manpower to moniter
the doings of every user connected to it.
[QUESTION #2 from Darkwing Duck]:
I'd like to call some LD BBS's (preferably h/p or pirate boards),
using the 800 services, now, can I get caught?
--------------------------------------------------------------------------
Most (I'd say about 95%) of the codes you hear being spread around
H/P BBS's, VMB's etc.. are safe to use. If they're not, the person who
posted it will say so. There has been problems with some 950 services
doing random traces in the past and some services have even posted fake
FBI warnings (remember, the FBI is an AMERICAN agency... they're not going
to go after people in Canada when they've got enough work to do in their
own country. And as for the RCMP computer crime unit... they're a little
bit behind the times). There's so many people using these ways to call LD
for free at the same time that it's impossible to do traces of all of them.
Of course if someone uses this 800 service to call a long distance computer
somewhere else, and goes in and destroys that system, well of course that
will increase the chance of getting caught. But if you're using them to
call BBS's you're safe.
[QUESTION #3 from Anonymous]:
I'm not quite sure of what the point of using a Datapac is. Is it
to call networks and not get caught?
--------------------------------------------------------------------------
Well first, Datapac _is_ a network. From it you can also connect
to other networks though. Their are a number of reasons of using it.
For one, most of the systems connected with it have PAD (Packet
Assembler/Disassembler) software, which allows you to call other systems
around the world via their NUA (network user address). The advantages of
using a PAD to call out from Datapac, is that you get a crystal-clear
connection: no line noise. PADs allow two remote systems to talk to each
other even though they may be connected at different baud rates or using
different protocals. Transmissions between PADs in networks zip around at
speeds of 9600-19200 baud (even though you may be calling on a 1200 or 2400
baud modem, the modems in the network are going at light speed) and have
built in error correcting protocals. Also, once you connect to Datapac you
have access to other networks: Telenet, Tymnet, ItaPAC, JANET, SBDN,
PandaNet, THENet, and a whole host of others. All of which have thousands
of separate systems connected to them.
[QUESTION #4 from Darkwing Duck]:
When using 800 services, am I SUPPOSED to watch out for 950's and
PBX's?
--------------------------------------------------------------------------
No. 950's and PBX's are WATS (Wide Area Telecommunications Service)
and this is what people use to call ld for free. If you hear of a 950 use
it unless you hear otherwise. Or if you're still unsure, call through a
diverter (a diverter is an 800 service that allows people to call other
800 numbers outside of their calling area).
[QUESTION #5 from Darkwing Duck]:
Using Datapac, I call out to lets say Air Canada (an example from
the handbook). Now, I connect, then I'm trying to break in (no I KNOW this
is illegal) but what are the chances of me getting caught?
--------------------------------------------------------------------------
Well I've been into bigger places than Air Canada even after
hacking for hours, and still haven't been caught or warned or anything.
Even though a system might keep track of unsuccessful login attempts, it
won't say where those attempts were made from. Companies generally won't
start running traces unless they really feel threatened by the possible
intruder. Systems are hacked on all the time so it wouldn't be practible
for the company to start ordering the phone company to trace every time a
new hacker came along. So in other words, I wouldn't worry about getting
caught. But, if by some odd chance someone DID call you or anything, you
just say someone told you it was a private bbs system and you forgot what
the login/password was or something. Just play dumb.
[QUESTION #6 from The Unit]:
Can you explain a few more things in a little more detail for me?
Like, in the h/p message sections, they were talking about codes to dial
out ld, what exactically do they mean when they write " +code+#### " stuff
like that (put numbers in for #)
--------------------------------------------------------------------------
Ok, most of the time when someone posts a long distance service it
will be something like (example):
1-800-123-4567+09+acn
or even 8/123-4567+09+acn
If you seem something with 8/ that means it's a 1-800 (we're just too lazy
to type 1-800 I guess)... "09" would be what you enter to get to the other
line that lets you dial out (when calling 800 services you call on one
line to get to it (an INWATS) and then once it answers you have to type in
a code that will switch you to the line that lets dial out (an OUTWATS).
BTW: a WATS is a "Wide Area Telecommunications Service". So you'd call up
1-800-123-4567 on you're trusty TOUCHTONE phone (if you've got only a
pulse phone you might as well not even be reading this file) then once you
hear it answer you will usually either hear a recording or it will go
right to another dialtone. This is where you enter "09" and then it will
either go from the recording to a dialtone or just stay at a dialtone if
it already was. Now you enter your ACN. An ACN is Area Code Number (eg:
416-934-4055). Alot of the time it will say 1+acn because the 1 is
required to call long distance. It depends on the service. Also,
whenever you see a code posted and the "+" are in it.. all the plus signs
mean is "wait for something and then enter the next thing". Sometimes you
may get some huge code like 8/123-4567+1+09+acn+code or something like
that where you're required to call the 800 number, enter a number, wait
for something (either a message to end or a beep, or whatever) then enter
another number or set of numbers, then the areacode number you wanna call,
then a code (which of course was already hacked out by either yourself or
another phreak).
Other times you'll see something like: 800-123-4567+5dig+acn and
that means the code consists of 5 digits but nothing has been hacked out
yet (so if you've got time work on it). OR, you're see some that have a
template like (I'll give an example of a 7 digit code):
800-123-4567 536xxxx
which means that someone has found a lot of codes on it with the first
numbers being "536". A lot of companies put their codes in groups. MOST
long distance services WILL require a code of a sort which will range
anywhere from 3 digits (easy to hack out) to 9 digits (very hard without a
template).
[QUESTION #7 from Iron Fist]:
People have explained what a pad is but I'm still not too sure. I
know you use them in networks but how?
--------------------------------------------------------------------------
When you're connected to a host system on a network (say a PRIME
system for example), chances are that system will have a packet
assembler/disassembler connected to it. This isn't a piece of hardware or
something you can see. It's a program (on Primos computers this program
is called "Netlink", on VAX's you can use the "set host" command) that
assembles data into packets of 128 or 256 byte chunks. The program then
sends it to a 9600-19200 baud modem that is connected with another system.
From here it goes to the other system, who's pad software disassembles the
packet. Say you're connected to a university in England and it displays
the prompt "Hit 'C' to Continue". You hit "C". It goes from your
computer, to the packet switching network your connected to (eg: Datapac)
to the host system your connected to, is put into a 128 or 256 byte
packet, is sent through the fone lines via the X.25 network to the other
computer you're connected to.
Ok, that's great but how do you actually place a call? Well, when
you're at the PAD prompt (which can be anything eg: "DevelNet X.25:" or
what Netlink uses which is just a "@" symbol) enter either "?" or "help"
to get a list of commands. Usually the command to call out is "c" but
this can vary according to the program. The format of the NUA can also
vary. If I'm calling QSD in France (NUA: 208057040540) from a Prime
computer the command would be "c 12080:57040540". The Netlink program
demands a colon after the DNIC. But the most common format is c+1+nua.
[QUESTION #8 from Iron Fist]:
How do I get a list of VMB's or NUA's that are valid (current)?
--------------------------------------------------------------------------
The best way to get an up to date list of anything is your
favorite hack/phreak BBS. Or, if you have a VMB that you call, there.
[QUESTION #9 from Anonymous]:
What is the best computer to hack with? I only have a 64 but can
I still do all the same stuff as other people?
--------------------------------------------------------------------------
Some of the best hacking/scanning programs are for the C-64 and
some of the best h/p BBS's are run on the Commie. One that used to be
good (haven't called in awhile) is Meltdown in Hamilton/Ontario at
416-648-8175 (12-24oo baud).
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
______ ______ ______ _________ ____________________
| __ | | __ | | ___ \ |___ ___| |____________________|
| |__| | | | | | | |__/ / | | \ \ / / | | | |
| ___| | |__| | | / | | \ \/ / | | | |
| | | __ | | |\ \ | | ___\__/____|_|_|_|__
|__| |_| |_| |_| \__\ |_| |____________________|
-+- End of Transmission -+-
Well this one took a little longer than I had wanted (a whole 2
days - but those were 2 days of nonstop writing). I'm hoping someone else
will write something in the next issue. I'm going to ask Technazz to do
an article on something but he's a buzy person, so if *anyone* wants to
write in this just tell me. It can be something that's only a paragraph
if yah want. Anything. What I don't have too much knowledge on is other
networks (Tymnet, Telenet, etc..) so if someone wants to do something on
that...
Ok, well keep the questions comming to me cause it's easier for me
to talk about stuff that way. Call ICE HQ at [416] 934-4055 and (L)eave
Feedback. You don't even have to be a registered user to do that so call
call call. Tell me what you think about these "hackbooks" and what you
wanna see in 'em (or don't wanna see in 'em for that matter).
What to look for in the next release? Hmmm... I'm not even sure
yet. I think I'll release a tech journal compilation with extracts from
PHrack, PHun, and LoD/H. Maybe type out a few newspaper articles lying
around, who knows. Oh well, I'll have more of an idea when people leave
me some feedback. Where can I (and other ICE members) be contacted?
PSYCHIATRIC CYBERHELL BBS (ICE WHQ): 416-934-4055 [12/2400bps]
Currently the only H/P supporting BBS in Niagara (and even if
there was another it'd still be the best! ehehhe).. and here's how I can
be contacted internationally:
...aah the suffering - the sweet suffering...
Contact Liquid Jesus of ICE/Nightbreed globally:
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
InterNet/UUCP........ liquid_jesus@pegasus.ch
Canada............... ICE WHQ: (416)934-4055, (416)934-6795
United States........ Town Town BBS (Paradise USA HQ): (414)781-3218
France (direct)...... +33 36431515 (type "THELINE") mailbox name: ICE92
France (via X.25).... 208057040540 (mailbox name: ICE92)
Switzerland.(direct). +41 (0)71 715577 (10 lines) (username: Liquid_Jesus)
Switzerland (X.25)... 228475212574 (Same as above)
Iceland (direct)..... 354-1-78099, 670990
Iceland (X.25)....... 274011991000 (username: AmiPhreak)
Iceland via X.25..... 274011991000
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
Thanx to... Mentor(LOD/H), TAP Online, DIS

Reference in New Issue View Git Blame Copy Permalink