informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/hacking/trashing.rot

286 lines
18 KiB
Plaintext
Raw Permalink Blame History

Reign of Terror
[ R o T ]
presents...
=============================
the art of
TRASHING
--------------
a how to guide for one of the most useful
tools in hacking today
================================================
Written by: Deicide
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
THEORY BEHIND TRASHING:
The whole theory behind trashing is that us H/P/C guys need
information. And a lot of VERY useful information is thrown out daily. It is
not thrown out because it is no longer valid, it is thrown out because the
owner of the material no longer needs it or has use for it. The key here is
that while the OWNER no longer has use for this information, you just might.
In fact, you might have a lot of use for it. The key is to get this
information, in the form of trash.
WHAT TRASHING IS USEFUL FOR(INTRO):
I said earlier that trashing is one of the most useful tools in hacking
today. I also based this statement on looking through other peoples trash. If
you have been hacking/phreaking/carding for a long time then you know what i'm
talking about. If not, you are probably a bit confused.
If you don't already know what i mean by valuable items being thrown out
then you are most likely scratching your head(ass?) right now. People don't
throw out Dual Standards or sacks of cash, right? Well, not usually, but they
do throw out something even more valuable to us. Information. The currency of
the underworld.
Daily, workers and administrators alike unwittingly throw out material
which is potentially harmful and/or deadly to their business and its
customers. This is because they
a: don't realize the potential harmfulness of the information thrown out
b: don't think a hacker would ever search through THEIR garbage
Very few companies ever paper-shred sensitive information, a flaw which they
might never discover and which you can exploit continually, for those two
reasons mentioned above.
Examples of places to trash & info you can find there is the subject of
the next section.
WHAT IS TRASHING USEFUL FOR(REGULAR BUSINESS):
This section is based on businesses where you can apply trashing and what
you might expect to find there.
Deparment Stores: The main objective of trashing at departments stores
is to obtain as many Credit Card carbon copy slips as possible. You will find
huge amount of them, as 50-75% of the purchases made at the large department
stores(such as Sears, JC Penney, etc..) are made with credit cards. A number
of copies of each purchase made with a CC are kept on carbons, to my
knowledge one is always thrown out. The carbons contain such useful info as
- Credit Card Numbers
- Expiration Date
- Customers Signature.
Credit card #'s are needed to card items(duh..) and are good for trading for
AT&T's, system acct's, etc for people who are too lazy to go trashing
themselves.
Gas Stations : The same type of thing can be found at gas stations,
but unfortunely quite a few stations accept only store specific cards, which
aren't nearly as useful. But a lot less excess trash gets thrown out at gas
stations, which makes the searching easier.
Credit Bureau's : Famous for TRW printouts. If you hack at all you know
about it. Not good for too much else, card numbers are display but the extra
code which is standard on most credit bureau's is shadowed over.
Other companies : You will be able to pick up CC carbons at many other
stores as well, the possibilities are endless, but the main focus of this
section is for the hacking aspect of trashing. A large number of small to
major businesses run on computers. A large percentage of these computers have
dialin data numbers. These numbers are frequently contained in printouts of
the company's computers, look for them. Also, if you want to go farther as
far as hacking, or you already have the modem number, you will often find
workers & administrator names + home and office phone numbers. These are very
useful for social engineering. Sometimes you will find entire username & pword
lists written down, or even just one id + password thrown out by a careless
employee, these will cut hacking time severly.
WHAT IS TRASHING GOOD FOR(TELCO.):
And now we come to one of my favorite subjects ever: trashing at the
Telephone company. So many people/groups have gained fame from information
gained by trashing at the local telco. you think they would have caught on by
now and raised security measures. But no, it is a still applicable trade world
wide. To name a few of the more famous trashers: LOD & Kevin Mitnick. Both
gained information not accessible to the most accomplished social engineerer.
You can expect to find many invaluable pieces of information, some examples
are: - Calling Card Numbers : Usually written on memo's, phone #'s + 4
digit number
- Misc. system dialins
& PBXes, etc. : Written on memos
- Telco. Dialins : Obviously very useful, usually the system/OS
name accompanied by a phone #
- Tech info : Miscallaneous technical info printed in
manuals, user help sheets, admin help sheets,
etc. Can be extremely useful to find system
flaws, etc.
- Telco system printout: These common finds can help you determine
any number of things, including user names
system types, etc.
- Worker/Administrator
names, phone numbers : Essential for social engineering.
- Access codes/pwords : Occasionally a not-too-bright Telco. employee
will write down his name and password on
a sheet of paper. A very valuable find.
- Security memos : Telco. security will often write each other
and their superviors notes on what they are
working on, what they have found, pending
bust dates, etc. Or the other way round, with
managers assigning cases. Although frequently
boring/pointless memos will be found, this
might just save your ass one day, if you see
you or your friend's name/number with
"being traced/tracked" or "bust/raid date"
beside it then you can bury your notes/disks
and run for your life knowing you did the
right thing.
WHERE TO(FINDING THE SITE):
Now, while finding a department store/computer store to trash at may be
pretty easy, finding a telco. installation can sometimes be more difficult.
First of all, you normally want to hit the Telco. offices, as while the
switching stations might have cool tech manuals they won't have much else. And
i've found as a rule that for some reason switching stations are better
secured.
Sometimes the offices are clearly marked(a big AT&T sign is usual a signal
that you found it), but occasionally your Telco. office will only be marked
by a small sign, or none at all.
If this is the case, you can either:
a) Request a tour(they do give em)
b) Request the land/building permit or whatever works in your town for your
telco. offices from a local govt. building(they'll usually tell you where
and what to ask for if you ask politely). Don't be all nervous and shit
about this, it is completely legal and within your rights, so don't
get worried. Just don't act suspicious and it'll go fine. The document
will tell you the exact location of the building site.
HOWTO(TRASHING!):
- Plan it! : The most essential part to any plan is the planning
stage. Without proper planning you are just asking
for disaster, especially where crime is concerned.
Plan it carefully! Scout the site first so you know
what you need to carry out the operation. The first
time is always the hardest, after that you know how
it goes. Equipment you might need: Gloves, flashlight
wire/bolt cutters, hammer, garbage bags. Have an
escape plan set up if something goes wrong. Even the
best plan can be fucked up by bad luck. The best
vehicle to use would be a pickup truck, just throw
the bags in the back and drive away. Other vehicles
work as well, van's work equally as well.
- Timing : Also essential for a smooth job, timing involves
foresight,planning and luck. The luck part you can't
help, but the foresight and planning you can. Go very
late at night, you can't risk being spotted by a
Telco. employee, or for that matter anyone else while
trashing. (it IS a B&E which IS a crime). Don't go on
bingo night or whatever when there are tons of people
about. Plan it out before hand, so that it only takes
you a minute to get what you want and get out.
- People : Keep the number of people involved to a minimum, 3
involved is usually the best rule. One to jump the fence &
grab the bags, one to receive the relays of the bags
from the person behind the gate, and one to stay in
the vehicle. This works out especially good as the
person in the vehicle can signal to the others if
someone is coming. The guy behind the gate can hide
(easy at night if done quickly enough) and the relay
man can pretend to be fixing the vehicle. If the
person raises suspicions about your actions just
tell them that you are fixing the vehicle. If he
stills seems suspicious and wanders off to tell a cop
(you can usually tell) then just get the fence-jumper
to come back over, then just drive out normally, no
tire squealing etc.
- Fenced? : Although some installations have no fence at all,
Barbwire?? many do, and it can be an unpleasant experience for
the uninitiated during their first barbed-wire fence
climbing. First of all, don't cut the fucking wire.
I have seen so many people brag "we cut the bitchin
wire right off" or "we made the hugest hole in da
fence". Right on d00d! Now the security people think
there has been a break in and they call the police.
At the very least they usually install better
security. Instead of wasting your time, just jump
the fence. Take the most agile member of the group
and either:
a) back vehicle up against the fence so he
can hurdle it. (be careful. barb wire +
limb=pain)
b) have him simply climb it.
If the fence has the slanted barb wire then you might
have a problem. The hurdling would be the best
procedure then, but if climbing is a must, look for
the corner of the installation. Frequently the
barbedwire will go back straight right at the point
of entry into the wall. Sometimes a post will be
right there as well, aiding you in the climb.
Straight barbed wire is much easier to climb. When
you climb over, make sure the relay man is
underneath you in case you fall/slip.
- Locked? : If the dumpster's locked, it makes the job a whole
lot less pleasant. If you or a friend can pick locks
than your problem is solved, if not, there are tons
of G-Philes out on lockpicking, although it takes a
long time to learn the skill. If you want to do the
job though, you are going to have to do it a lot less
frequently. A sharp hammerblow to the top of the
lock or a pair of boltcutters should do the job. When
you are done take the broken lock with you. This will
fool them once or twice(some joe blow employee lost
the lock or something) but will eventually make even
Telco. employees suspicious.
- What to : There are two places to initially start your search,
Look for the hardware bin and the dumpster. The hardware bin
contains such things as wire's, broken hardware parts
busted RS-232's etc. Kinda interesting for hardware
buffs. The main score is in the dumpster. Pop it open
and grab the bags. Throw em to the relay man. Leave.
- Extra : Occasionally the installations will have extra
Security security measures such as motion-detectors or
cameras. To my knowledge if the video images are
not valid as evidence in a court of law if a sign
stating the presence of such cameras on the premise
does not exist, as this violates the thief's rights.
So you should know if they have a camera. If they
don't have a sign, don't worry about it, they can't
use it as evidence.
A BAD EXAMPLE OF A TRASHING RUN(FROM RoT EXPERIENCE)
11:30 Scouted premises. Sign stating cameras + electronic sensors on
premises noted. Good security. High fences with good quality
barbed wire. Deicided to go through with it, just do it fast
with masks.
11:45 Vehicles placed in position. Security forced an entry through
multiple backyards to get to a fence which allowed us to avoid
the security camera.
11:47 2 members made a run through the yards, made it to the fence.
Ready.
11:50 Lord IBM jumped the fence, and was now waiting for Deicide to do
the same. Deicide was half-way over when a figure stepped out
from behind the furnace where he was doing maintenance(at
11:50????) and yelled "What the hell are you doing!". Luckily,
Lord IBM is a top Canadian martial artist and responded with a
sharp blow to temple. We proceeded to get the fuck outta there.
Our not-so-bright rides took off with squealing tires(bad idea),
but we made the escape.
A GOOD EXAMPLE OF TRASHING RUN(FROM RoT EXPERIENCE)
11:30 Scouted premises. No signs noted. Fence with slanted barbed wire
noted. Looked in corner of installation:Straight barbed wire.
Garbage bin right near fence. Hardware bins right near fence.
Jumping spot hidden by tree cover. Garbage bin unlocked.
11:50 Car + truck put in position.
11:54 Deicide jumps the fence.
11:54 Deicide looks in hardware bins, grabs wire and relays it to
Lord IBM, who relays it to truck.
11:54 Car drives through lot, signal given, Deicide hides & Lord IBM
pretends to work on truck.
11:55 All Clear signal given.
11:55 Deicide jumps in bin, throws 3 bags to Lord IBM who relays it
to truck.
11:55 Deicide jumps out and climbs fence. The four participants leave
site in the two vehicles. No problems.
Time elapsed : 2 minutes
Items recovered: Various maintenance phone #'s
Technical sheets
1 system manual(small)
1 complete employee payroll list(w/phone #'s, addresses,
SIN(SSN in the U.S.) and job function)
Various administrator/manager names/phone numbers
1 Access Code
Various system info
1 Telco. dialin
CONCLUSION
I hope you find this useful, give it a try, you won't regret it. For any
questions or comments you can find me at the RoT HQ's. Call them for the
latest in H/P/A/C/V + the [RoT] G-Philes and programs as they come out.
--= RoT WHQ =-- --= RoT USHQ =--
6 <20><><EFBFBD>T <20><>D<EFBFBD>R the Cellar
[604] 824-0317 [401] PRI-VATE
Reference in New Issue View Git Blame Copy Permalink