informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/magazines/COTNO/cotno05.txt

1857 lines
82 KiB
Plaintext
Raw Permalink Blame History

______ ______ _____________ ____ ___ ______
/ ____|\ / \ /____ ____/\ / | \ / / | / \
/ / ____\| / __ |\ \_/ /\____\/ / | / / / / __ |\
/ / / / /__/ / | / / / / /| |/ / / / /__/ / |
/ /__/______ | / / / / / / / | / / | / /
|____________|\ |\_____ / / /__ / / /___/ / |___/ / |\_____ / /
|_____________\| \|____| / \__\ / |___ |/ |___|/ \|____| /
____
/ \ ---
/ \ \ __
/ /\ \ \ \
_/______|_/ / / / \
| | / / / /
| ---\( |/ / / /
| \|\(/\(/ \(/
| |
/ /
/ \ /
/ \ ___/
/
/
/
Communications of The New Order
Issue #5
Fall 1994
"Those who would sacrifice a little privacy for more security, deserve
neither privacy nor security."
- Ben Franklin
Special Thanks: Boo Yaa, Ninja Master, TEK, Gatsby, TDK, Pulse,
Invalid Media, Mark Tabas, Marauder, Frosty,
Phalcon/Skism, PMF.
Good Luck To: Merc and the 602 Crowd, Crypt Keeper and 513 Crowd.
Cavalier...."I don't mind standing at a payphone for three hours
if its for a good cause."
Dead Kat...."I've been on hold forever! I just wasted five
dollars of some guys money."
DisordeR...."When I die I'm going to prank call god from hell."
The Public.."MoD never really split up, they were just in
different jails."
Voyager....."#hack, the IRC Channel of broken dreams."
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
__/\iNTRo/\__
CoTNo is a 'zine of the computer underground of the 1990's. It is written
for H4Qu3r's and pHR3aCK3r's of intermediate to beginning experience. All
the information published herein is as accurate as possible and pertains to
techniques and devices that actually work. We do not publish any article
that is not of an H/P nature. If you wish to comment on or contribute to
CoTNo, email us at tno@fc.net, or catch one of us on the iRC or try to catch
us in your local Telco dumpster.
Ahem...
As was hinted at in our last issue, some of our own members were snagged in
the so-called "Operation Sundevil '94". One of those was John Falcon (aka
Renegade), the uberhacker of Alaska. He was convicted of and incarcerated
for a number of cumputer related crimes this summer. For his "offences" he
received a 20 month jail sentence. Since rumors about his bust have been
running rampant on the 'Net, I've decided to set the facts straight here with
the information straight from JF himself.
First we'll begin with the information that has been released by the press.
Following is an excerpt from the Elmendorf AFB newspaper titled 'Computer
Hackers Benefit From Lax Security". My comments appear in [brackets]. ;)
[...garbage about security...]
Elmendorf (AFB) hasn't been immune to computer crimes and hacker
intrusions. During the past 12 months, AFOSI (Air Force Office of
Special Invesigations) Detachment 631 has investigated several
computer-related crimes, according to Special Agent Michael Vickery,
criminal invesigator for Det. 631 [da Fedz].
In one case, and active-duty military member gave his government
computer password to a friend [thanks dude!]. His friend used the password
to access the military computer system and store files in it [WaReZ!!].
The military member didn't know his friend, an accomplished hacker, was a
member of an active computer hacking group based in Colorado -- a group
responsible for causing massive damage to DOD (Department of Defense)
computer systems. [ooohhh... now we're famous.]
The same hacker and an associate also broke into a base building
five different time and stole more than $15,000.00 worth of government
computer equiptment [see CoTNo #03, article 4]. The hacker continued his
illegal activities when he charged more than $1,700.00 in long distance
phone calls to the Federal Aviation Administration and Mark Air
(local airline)[I was wondering how he managed to call Flatline so much! ;)],
and broke into a Seattle-based computer company's system.
The investigation involved a multi-agency task force, which
included investigators from the AFOSI, 3rd Security Police Squadron,
FBI, Secret Service (CIA), and the FAA. The hacker and his accomplice
were caught and convicted in federal court. The hacker was sentenced
to 20 months confinement, $21,000.00 restitution, and three years of
probation, according to Vickery [and Phiber thought he had it bad].
The AFOSI is addressing this new crime in a unique way. In 1978
AFOSI was the first law enforcment agency to create computer crime
invesigators. In 1992 AFOSI formed a small squad of these
investigators at Bolling AFB, Washington D.C., that manages all
computer intrusion invesigations for the agency. These cases need
central management so that only one coordinated invesigation is
conducted instead of several individual invesigations running
concurrently withou coordination.
[...deleted garbage...]
Once news of the bust started to leak out to the scene, the rumours went wild!
Following is a message from JF that debunks some of the rumours. Thanks to
Shade for getting in contact with him about this.
>From Jfalcon@ice_bbs.alaska.net Wed Nov 16 16:21:20 MST 1994
Greetings, I am Mr. Falcon aka John Falcon. A friend of mine was so gratious
as to send me a copy of the alt.2600 posting you made. Let me just cut to the
chase. I liked your writing, but you were misinformed on the facts so that is
why I am making this posting public because some kind of example must be made.
Common myths of my arrest:
1 - The FBI/NSA cracked my hard drive and read all my encrypted mail.
A: Christ man, If this was true, do you realize how many of your guys that sit
all night on #hack on IRC or some other channel or even all the mail in and
out of ripco.com and phantom.com would be monitored and people arrested?! If
this were the case, I can assure you my friend I would be talking to you face
to face right now and not via computer or anything.
2 - Mr. Falcon left his secring.pgp on his system.
A: This is only 50% true. Yes I had my secring.pgp on the system. The reason
for it being there was that 3 weeks earlier, the person who is kind enough to
post this message for me borrowed my 486 computer and took it to his school.
No big deal. Except when he hooked it up to their network, it began to have a
little problem. Chalk one up for microsoft, I was using doublespace and
lo-and-behold all my data got scrambled. Scary sight to see about 200 megs
worth of the latest information just go POOF. But I am sure all the people on
the net have experienced this once before. So the week before my computer was
brought in by the FBI, I created a new key that I never got to use. As you all
know, that every time you make a new key, you can make sure that it will be
original unlike DES standard which is a rather fixed algorithm.
3 - FBI/NSA read the RSA encrypted data.
A: This couldn't be farther from the truth, all the data on my HD was from a
backup over 3 months old. When they did get around to trying to disect (sic)
my hard drive they weren't able to read it. Not that there was much to read
anyway. The key that they did find couldn't open that file even if it wanted
to. Since PGP requires 2 keys, and since I just created my new PGP key the
week before, they weren't anble to read jack shit. Also chalk another one up
for NORTON UTILITIES. They weren't able to read my DISKREET directory with DES
running. You are right though, the FBI is running under a very tight budget
and the NSA doesn't have any real jurisdiction because none of what I did
compromised NATIONAL SECURITY. If anyone wants to read the report, please mail
me an address to the one I will provide at the end of this message and I will
try to send you one as soon as possible. It is to laugh...:)
4 - My conviction was because I was a hacker.
A: This again is only 50% true, I really am here for Theft and not all because
of HACKING. There wasn't enough to get me a reasonalbe long sentence so they
nailed me on theft charges. If anything, the amount of 'Hacking' which was
actually 'Phreaking' since there weren't any computers involved. Wait, I take
that back. Let me go over my conviction.
Count 1: Theft of Government Property - How they caught me: Narc
Count 2: Fradulent use of an Access Device - How they caught me: Narc
Count 3: Fradulent use of a Computer - How they caught me: questionable
Count 4: Fradulent use of an Access Device - How they caught me: Narc
Now, the count 3, supposedly I hacked into a place called Tera and erased
these guys desk top. Then they changed their story and said that it was MOVED,
not ERASED. But then they went on and said I went in 13 times. Then they
changed their story again and said that there were only 3 entries and 13
attempts. ATTEMPTS DONT COUNT PEOPLE! Then they changed it again and said they
don't know who did it 2 times, but they could only actually track me 1 time.
Just like I told the court all the time.
Being in prison, you get to learn about the law since you got time to kill.
There are people using what I call randomizer chips for cellular phones that
are able to beat the rap see US v. McNutt on this one. I also congradulate you
on giving a very good location as to where I am. You mention 'the birdman of
Lompoc.' Well, I never mentioned where I was sent to anyone but my friends and
family. Congrats, I live across the street from the 'Birdman of Lompoc'. He is
in the USP and I am in the PCI across the street to I recently just read 'The
Falcon and the Snowman' and was able to see how the snowman was able to
escape.
The government is very fucked folks. If I were you, I would keep reading for
some more of my posts from prison. I can only hope Phiber Optik is doing the
same on the east coast that I am doing here.
I won't mention names of the Narc like Magpie and Equalizer or anyone like
that :) but I can only say one thing, Keep it alive folks because it gov't is
out there and they want to fuck you.
Phil Zimmerman, Say 'Hi' from me to all the guys at TNO that host the little
shindig you did a few months back.
Catch ya on the Flipside... (signed) John Falcon
Well there you have it.. the story straight from the horses mouth. JF is a
great guy and I was sorry to see him go down (along with the rest of my
friends). The busts have completely changed TNo. We now take precautions that
would make the NSA envious. We encrypt everything, never discuss 'info' over
the phone, and have destroyed all physical evidence (notebooks, trash, ect.)
I suggest that YOU take take these same precautions. Also, always, ALWAYS
divert. Phone records are always used in cases like this, so make sure that
your phone calls bounce through a few systems before they hit your intended
target.
If you would like to get in contact with JF, here is his info:
email: jfalcon@ice_bbs.alaska.net
snailmail: Don Fanning
#12617-006
3600 Guard Road
Lompoc, CA 93436
Please don't send him any 'things', though letters are very welcome. Don't
send him books, but photocopies of non-criminal material would make him very
happy. At least let him know that he is not forgotten.
|>ead|<at
-=[TNo]=-
Table of Contents
~~~~~~~~~~~~~~~~~
1. Introduction...........................................DeadKat
2. The Stealth-Combo Box..................................DeadKat
3. RETAiL SKAMMiNG II.....................................DisordeR
4. Gopher Holes...........................................Rage(303)
5. Internet Outdial List 3.0..............................Cavalier/DisordeR
6. Notes on Unix Password Security........................Voyager
7. Frequently Called AT&T Organizations...................ThePublic/DeadKat
8. Revenge Database 1.3...................................DisordeR
9. Conclusion.............................................DeadKat
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)\
(*) (*)\|
(*) |>ead|<at (*)\|
(*) presents (*)\|
(*) (*)\|
(*) The Stealth Combo Box (*)\|
(*) (*)\|
(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)\|
\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\|
Ever since the original Rat Shack Red Box mod was printed in 2600 Magazine,
there has been an explosion in red box use. Red boxing is still one of the
primary topics of discussion on alt.2600 years later. The Radio Shack Tone
Dialer mod was one of the first boxes I ever built and has proven to be the
most useful of all the boxes I've experimented with.
For years, though, I've played with the original design in order to improve
it. My favorate variation of the original plans is what I call the Stealth-
Combo box. It is based on the original design, but makes use of mercury
switches to allow the use of both DTMF's and ACTS tones. In other words it
combines the functions of the red and white boxes.
The reason its called 'stealth' is the fact that when the dialer is held in
its normal position, it will produce touchtones as if it were un-modded.
When held 'upside-down' it is capable of producing tones similar to the
Bell ACTS tones that emulate a quarter being dropped into a payphone. This
design not only gives you both features, but leaves the box looking and
seemingly acting 'normal'.
Following are the complete steps to building the Stealth-Combo box that I
demonstrated at the Denver 2600 meetings. These instructions assume that
you have some experience working with electronics. If you don't, pracitice
a bit before you go cutting up your $30 tone dialer.
Parts List
~~~~~~~~~~
One (1) Radio Shack 33-Memory Tone Dialer (Cat. No. 43-146)
Two (2) Radio Shack Experimenter's Mercury Bulb Switches (Cat. No. 275-040)
One (1) 6.50 Mhz Sub-Miniature Crystal (Don't use 6.5536, its too big)
Three (3) AAA batteries
Solder
Stranded insulated wire no larger than 22 gauge
Electrical Tape
Recommended Tools
~~~~~~~~~~~~~~~~~
Soldering Gun of 20 watts or less
Small Philips Scewdrivers
Needle Nose Pliers
Wire Strippers
Wire Cutters
Exacto Knife
Epoxy or super glue
Schematics
~~~~~~~~~~
The following schematics shows the concept of how the switches work, not how
its supposed to look.
+ @----------------------+-------------------+ C1,2 = Crystals
| | S1,2 = Switches
- @---------+-------------------+ | (The switches are
| | | | orientated in
| +----+ +---+ | +----+ +---+ opposite directions)
_|_|_ _|_|_ _|_|_ _|_|_
| S1 | | C1 | | S2 | | C2 |
|____| |____| |____| |____|
Since this diagram doesn't explain shit, on to the steps to build the thing.
Steps
~~~~~
1. Remove the 6 screws securing the back of the Tone Dialer to the front.
Four of the screws are underneath the battery cover.
2. Gently pry off the back being careful not to break the four wires that
connect the speaker to the circuit board. Lay the back cover to the side
of the dialer. You should now be looking onto the back of the dialer's
circuit board.
3. Locate the original crystal (silver cylinder) on left side of the circuit
board. Carefully cut the crystal off the circuit board as close to board as
possible. Use needle nose pliers to pull the crystal loose as it is held in
place with rubber cement. Be careful not to crush the crystal!
4. Measure out 2 pieces of wire that are long enough to go from the
original crystal solder points, around the edge of the dialer, to a point
on the lower right side of the circuit board. Solder one end of the wire
to the lower original crystal solder point and the other end to a lead on
the original crystal (keep the leads on the crystals as short as possible).
Solder the other wire to the other lead on the crystal but _not_ to the
circuit board. Leave it hanging for now. Use tape to insulate the crystal's
leads.
5. Route the wires around the edge of the circuit board on the _underside_ of
the circuit board. You may have to remove the circuit board to route this
sucessfully. The circuit board is held in place by 6 philips screws down the
middle of the board. Glue or tape the crystal into place on the lower right
side of the circuit board on the underneath side (the keypad side). This
will leave us more room on the circuit board for the swithches.
6. Locate four green capacitors on left edge of the circuit board. Cut off
the second one from the bottom as close to the circuit board as possible.
Important! Make note of which lead on the capacitor went to which solder
point. Unlike crystals, capacitors are directional and if you reverse the
current, it will fry.
7. Glue or tape the capacitor to the empty spot on the upper right side of
the circuit board next to the LED.
8. Solder wires from the leads on the capacitor to the original solder points
of the capacitor. Run the wires along the edge of the circuit board and
insulate the capcitor's leads with tape. You have now moved the capacitor and
made room for the first switch.
9. Glue or tape the first switch on the left side of the circuit board
where the capacitor used to be. Carefully push the upper two green
capacitors to the right to help make room for the first switch. Orientate
the switch's leads down.
10. Solder the free end of the wire that runs to the original crystal
to one of the leads on the mercury switch. Solder a wire from the other lead
of the mercury switch to the upper solder point of the original crystal. The
circuit should now go from the upper solder point through the switch to
the original crystal and back to the lower solder point.
11. Test your work by putting the batteries in the dialer holding the slide
switch which turns on the dialer in the on posistion. The LED _should_ come
on. If it doesn't, check your work. Make sure that the circuit is complete
and the leads aren't grounding on anything. Hold the dialer in an upright
position while holding the switch on and press some buttons. You should
hear touchtones. If not, make sure you haven't broken any of the wires to
the speakers.
12. Locate the yellow capacitor on the lower right side of the circuit board.
Gently pry the capacitor loose with needle nose pliers and flip the capacitor
over. Insulate the leads of the capacitor with tape so that it doesn't come
in contact with the resistors which it is now partially laying on. This will
leave a nice open spot on the circuit board for the rest of our mods.
13. Look at the back cover of the dialer. You will notice that on the lower
left side of the back cover is some space about the size of a crystal. How
convenient! Remove the small screen on the lower left side that covers a
small opening in the cover.
14. Glue the new crystal into the spot where the screen was with the leads
facing out. The crystal will stick out the hole a little bit, but that won't
hurt anything.
15. Glue or tape the mercury switch in the space to the right of it with
the leads oriented up.
16. Solder wire from the new crystal to one of the leads of the mercury
switch. Solder a wire from the other lead of the new crystal to the lower
solder point of the original crystal. Make the wire to the solder point
as short as possible with the case open. Insulate the leads with tape.
17. Solder a wire from the remaining lead on the second mercury switch to
the upper solder point of the original crystal.
18. Test your dialer once more. This time hold the switch in the on position
while the dialer is upside down and press the keys. You should here the
touch-tones in a much higher key now.
19. If everything has tested out, then close up the box. This is probably
the most difficult step of all. You must have the mercury switches located
just right, or it won't close. Also you must place the wires which run from
the back cover away from the the components in order to optimize space.
Carefully close the box, but be warned, it takes quite a bit of pressure to
get the box closed. You may want to have a friend help you hold it closed
while you screw the screws back in. You may break a switch or two before
you get it right. Be very careful with any spilled mercury since as Karb0n
once told me, "Dude! That shit will make you go insane!" You must get the
case closed all the way, or the on switch will not make contact. This step
can be very frustrating, but once you get it closed _and_ working, don't
ever open it again!
Programming the Stealth-Combo Box
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To program the box, hold it in an upright position with it on and the second
switch in the store position. Now follow these steps to program in quarter
tones:
1. Press the memory button
2. Press the star key 5 times
3. Press the memory button again
4. Press the P1 button
5. Repeat these steps for the other Priority buttons
Switch it back to 'dial' and hold it upside down. Push the P1 button and you
should hear a 5 quick beeps that sound much like a quarter being dropped in
a payphone.
Using the Stealth-Combo Box
~~~~~~~~~~~~~~~~~~~~~~~~~~~
After building the thing, you should have a very good idea of how it operates.
If you have never used a red box before, consult CoTNo #01, article 6 for
detailed instructions on using it.
__________________________________________________________________________
(C)opywrong 1994, DeadKat Inc.
All wrongs denied.
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
RETAiL SKAMMiNG II
------------------
by DisordeR[TNo]
Y0y0y0
This is my greeting to all you out there in white bread land. More
retail type scams for you to enjoy. Like usual these are for educational
purposes. These are designed to show you that everything is a system.
Hacking root on unix, hacking a cell network, or hacking the social
system, it is all the same. Ponder on that after this article.
Free Car Repair
---------------
Driving down the road, your call stalls out. You later find out
that you have several hundred dollars in car repairs to come. 'This is
lame' you say. This is the solution...
Go to a Firestone or Midas or other chain car repair place that
can be found anywhere. Go early in the morning. Most of these places
will open at 7am or so since they hit the yuppie fucks who want to drop
their car off, go to work, and pick it up on their lunch break. Tell them
what is wrong, let them tell you what they think is the problem etc.
Just play it cool, and keep saying you HAVE to have it fixed because you
have to go somewhere important like court or out of town. When they ask
"what time do you need this by?" You respond "12:00 and preferrably no
later." This gives them about 5 hours(which most car repairs can be done
in) to fix your car. They will usually say that is fine since you will
be the first or second repair if you are there that early.
First thing. Leave them the ignition key and NO door key. Tell them
that you lost your door key, and to leave it unlocked as you have nothing
valuable in it. Make sure you do not sound nervous and that it sounds like
you really did lose your door key. Sign all the paperwork they want you to
with bullshit info. When they ask for a number to call you at, say you
will be away from the office/home and will just come back at noon, and that
they are authorized to do ANY repair needed. If they insist, give them
one of those numbers which always ring busy (see #Hack FAQ).
Enjoy your morning. Do whatever you want and get ready for the
next step.
Scope out the repair place. Around noon the place should be quite
busy with people reparing cars, new customers coming in, and morning
customers picking up their cars. Now, since your doors are not locked,
go to your car, use your second ignition key, get in, drive off happy
knowing that you ripped off some company that has about 250% markup on
parts, and overpriced labor charges. Free repairs to your car. Only
catch is you don't go back to the same place...but since there are a ton
of Firestone's and Midas repair shops around, no problem. Of course they
put your tags down on their paper work so stolen plates wouldn't hurt!
Free Diverters
--------------
Ever find yourself devoting all your time to scanning for a new
diverter of some kind? Praying that you will stumble on some decnet,
meridian, or other diverter? Create your own.
Most places that offer voice mail are ideal for you. Independent
voice mail owners really don't have a clue about phreaking, diverting,
or anything of that nature. Look in your yellow pages under 'voice mail'
and find some places that offer this service. Don't choose a place like
AT&T or USWorst or something since they are a little more keen on the
fraud thang.
Call the place up and ask questions about their voice mail service.
Ask normal questions like 'Do I have my own number?', 'How many messages
will it store?", or "Does it have paging service?". Sometime during these
questions, ask if it has a dialout feature. If it does, you are in luck.
If it doesn't, choose another place.
If the place has dialout service, this is the place for you. Now
ask about their billing. What you want to find out is if they can do auto
billing to a credit card, or if they bill an address. Either way, you should
be fine. If they do it all by credit card, then choose that. Use your
friend's credit card (with his consent of course). Have the place bill
that credit card at the end of each month. If they bill and address, then
tell them your address(probably a neighbor's house since you are never home)
and you are set. After all that is arranged, you should have a voice mail
box, with dialout feature. Since everything is in your friend's name(since
you work so much and are hard to reach), you shouldn't get hassled too much.
Rememeber, if you use the dialout feature for any reason, make sure
you use it for no more than three weeks, in case your 'friend' gets the bill
and is cross with you. If he is, set up another with a different friend's
credit card number.
The Rat Shack Discount
----------------------
How many of you shop at rat shack for any reason? Need a new tone
dialer since yours got stepped on? Need some more solder for creating that
new box? Like getting discounts just for the hell of it? This is your place.
Background. Tandy Corporation owns radio shack. They also own some
other stores as well, making them a pretty big company. One of the things
you get when working at ANY Tandy store is a discount at all the others.
Most people don't realize this, but Computer City is owned by Tandy as well.
Since Tandy treats their employees like total shit, this is your chance to
take a little out of them on each purchase. Take into account that since
Rat Shacks litter the country, they have a virutal monopoly on small
electronic parts. Thus, they can get away with unbelievable mark ups on
their items. Thus, ripping the customer off.
Go into radio shack. Get whatever you want, and take it up to the
counter. Tell them that you work for Computer City and get your employee
discount. Most Rat Shack employees will know about Computer City being in
the chain, but know nothing else about it. From there they will ask what
discount you recieve. According to Tandy, you get 10% off at all Rat Shacks
if you work at Computer City. So make sure you say 10% (If you said 25% or
something, they probably wouldn't question you though). 100% of the time
that friend's have used this, they have NOT checked to see if it is true.
So now you can but whatever you want at a decent discount. 10% may not seem
like a big discount but look at it this way. 10% is more than your tax rate.
So at the least you are taking a little money from the government. At most
you are taking 10% from Tandy Corporation which really deserves to rot in
hell. The ONLY thing they have brough us is a single place where you can
buy anything you need for your phreaking desires.
When you purchase the items they will ask you for two pieces
of information. First, your store number. If you don't know a computer
city store number you can do one of two things. Call your local
Computer City (If they have one in your area), ask for customer service,
and just ask "What is your store number?". They will usually tell you without
a question. OR, you can use this one: 29-5260. That is the store number
for the Computer City in Denver, CO. The format for their store codes is
29-5XXX with it usually being either 52XX or 51XX depending on the region.
The second thing they will ask you for is your social security number.
The only thing to remember here is that they begin with a number between
2-5. So don't say "866-69-1010" or something. Also remember the number you
use in case the person is a gimp and doesn't type it in right, and has to
ask you again.
Free New Car Engine
-------------------
Deadkat made me aware of this one, and it is quite nice.
Jiffy Lube offers a guarantee on their work that goes something like
this: They will repair/replace any damaged piece/component of your
car that is damaged due to their work.
Go do their spiffy 10 minute oil change at a distant Jiffy Lube.
After they are done, pay and drive off. A little ways down the road
pull over somewhere where you can't be seen, and get under your car. Loosen
or remove the oil pan drain plug. Whatever it takes to make oil drip out
or leak. Keep driving as the oil drains. After a while your engine will
overheat, and probably seize. Bingo. Their faulty workmanship caused
your engine to blow up. Have your car towed back to the Jiffy Lube and
demand to see their manager. Tell them you were driving down the road
enjoying life, and your engine blew up and you don't know why. Tell them
you just came from there hours earlier, and want them to look at it and
find out what is wrong.
Through persistance and social engineering, you should be able to
convinve him(since they will find the reason it happened quite easily)
that they fucked up and you suffered. Although this is a little more
hardcore, it can pay off quite well, especially if you have an old piece
of shit for a car.
Free Books
----------
Find the company that publishes the book you want. Call them up.
Here is an example of what you would say.
"Hi. My name is Hank Poecher and I am teaching a class on _________
at __________ College (Highschool). I would like to get a review copy of your
book called 'Eye kAn hAcK!@#!". The ISBN number is 3038661010."
Usually they will be more than glad to send you a copy as
it will be bought by every student, and spread more. If they would
like to charge you, just mention the above fact. Many computer related
or school type books are getting pretty expensive, so this comes in
handy.
Free Software II
----------------
Even though I mentioned one way to get software, this method
is ideal for those bigger software packages out there. This is a sample
conversation you can use. Call up the company who makes/distributes
the software...
"Hi there, my name is Chester Karma and I am authoring a new
book called 'Business Software for the PC' and would like to review your
product. Could you send me a copy of your package please?"
Usually they are willing, but sometimes there are two objections
to this, or two catches. Sometimes they will want the request in writing.
This is not a problem. Just write out a letter telling them exactly what
they want to hear. Since you are not doing anything in illegal, send it
to your house. They will not do anything since the potential for a good
review in a major book is a wet dream to them. Sometimes they will ask
who your publisher is, and you can drop any name to a MAJOR publisher,
or mention that you aren't sure yet, or that you are self published.
In any case, just sound convincing.
DisordeR[TNo]
Any questions, call me vox at 301.688.6311 and ask for 'Director of Ops'
That is my work number, so call during business hours please.
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
|\_/| Gopher Holes |\_/|
.' o o\ Brought to you by /o o `.
_--~~~/ ._ o}~~--_ Rage-303 _--~~{o _. \~~~--_
( ( . .\|| ) -------- ( ||/. . ) )
~--___`-' `-'____--~ ~--____`-' `-'___--~
~~~~~~~ ~~~~~~~
The Intro and What a Gopher Hole is
-----------------------------------
This article will tell a little about Gophers, but will be mostly be
directed on one thing they have that will let you access almost anything
through them. Totaly anonymous.
A Gopher Hole is when a Gopher System tries to telnet you to another
system but that system is laged to hell, or doesn't exist anymore. So
the gopher will give you an error and defualt back to the telnet prompt
allowing you to Telnet anywhere you want, Fake Mail, Outdials, Hacking
Systems, Anon IRC Services all totaly anonymous.
About Gophers and How to find Gopher Holes
------------------------------------------
A Gopher is a somthing that will let you have access to certain
information and utilities without having to have an account somewhere.
You can do many things from looking though Phone Books to FTPing.
Finding a Gopher Hole is easy. All you need is a number to a Gopher in
your area code that you can dial anytime you want, just ask around on
local BBSes or something like that. Once you dial it up and login you
will usally be presented with a sceen similar to the following.
Internet Gopher Information Client 2.0 pl10
Online Auraria Shared Information Service
--> 1. Information About BOARDNAME/
2. Local Campus/
3. Local Library/
4. Local Media Center/
5. Community College of Bolivia/
6. Metropolitan State College of Denmark/
7. University of Colorado at BFE/
8. Information Beyond Auraria including Other Colorado Info Systems/
9. Interesting Things to Explore on the Internet (under construction)/
10. BoardName Statistics/
The top line is the Gopher Software/Version they are running the Gopher
off of. The next line is the Menu you are on. If it is the first/main
menu then it will be the Gopher info (like above). The arrow
(-->) shows what you have selected, you can move it up and down with the
arrow keys. There are four things in a Gopher to take note of,
Directories, Telnets, Files and Word Serches. All of the above options are
Directories, you can see this because they have a forward slash (/)
after the option. You select options by moving the arrow to it and
hitting return, or pressing the corresponding number.
Internet Gopher Information Client 2.0 pl10
Information Beyond Auraria including Other Colorado Info Systems
--> 1. Academe this Week (Chronicle of Higher Education)/
2. Archie Gateway (FTP Searches)/
3. CULine <TEL>
4. Colorado Legislative Database (CLD) <TEL>
5. Colorado Legislative Information (Higher Education Issues)/
6. FEDIX/MOLIS/
7. Hytelnet/
8. Library of Congress (LC MARVEL)/
9. Other Gophers (by geographic location)/
10. Other Gophers (by subject)/
11. Other Gophers in Colorado/
12. Phonebooks/
13. UMS/IRM Gopher/
14. United Nations/
15. University of Minnesota Gopher/
16. WAIS Gateway/
This is the menu we get after selecting option 8. As you can see now we
have some <TEL> options. As an idiot could have guessed that means when
you select it you will be telneted somewhere else. This is what we get
after selecting 7, then 1 (selecting a <TEL> command).
+-------------------Connect to Hytelnet-------------------+
| |
| Warning!!!!!, you are about to leave the Internet |
| Gopher program and connect to another host. If |
| you get stuck press the control key and the |
| ] key, and then type quit |
| |
| Connecting to oasis.denver.colorado.edu using telnet. |
| |
| Use the account name "hytelnet" to log in |
| |
| [Cancel: ^G] [OK: Enter] |
| |
+---------------------------------------------------------+
This tells us it is going to telnet us, where its going to telnet us to,
and the login name to use. So we hit enter and go through the login
process to see this..
Welcome to HYTELNET version 6.7
May 14, 1994
What is HYTELNET? <WHATIS>
Library catalogs <SITES1>
Other resources <SITES2>
Help files for catalogs <OP000>
Catalog interfaces <SYS000>
Internet Glossary <GLOSSARY>
Telnet tips <TELNET>
Telnet/TN3270 escape keys <ESCAPE.KEY>
Key-stroke commands <HELP>
.............................................................
Up/Down arrows MOVE Left/Right arrows SELECT ? for HELP anytime
m returns here i searches the index q quits
.............................................................
HYTELNET 6.7 was written by Peter Scott
E-mail address: aa375@freenet.carleton.ca
Unix and VMS software by Earl Fogel
Basicaly this is one big Telnet system that will take you to other
Gophers, Free Nets, Fee Based Systems (like Delphi and Prodigy$@!) and
other info systems. If you can get to hytelnet you are in luck. From
here you can go to almost any Gopher System looking for holes (All the
good stuff is in <SITES2>).
Internet Gopher Information Client v1.12S
EcoGopher!
--> 1. Welcome to the EcoGopher Project at the University of Virginia!/
2. Connect to the U.Va. Resource Tracking System!/
3. Environmental Groups and Programs/
4. Archives of Environmental Electronic Mailing Lists/
5. The Library/
6. Other Gopher-accessible services/
7. Katie - Keyword-search of All Text In EcoSystems <?>
8. Environmental CHAT Areas!/
9. :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-).
10. EcoLynx - access to the World Wide Web of Hyper-text! <TEL>
I am showing you this menu because it has all 4 options on it. You can
see the Directories marked with "/", then Telnets marked with "<TEL>",
the Word Serches marked with "<?>" and the files marked with "." (BTW,
That file is one HUGE Ascii Galary, you can access EcoGopher through
Hytelnet). Now, the first thing we would do when we found this menu is
select option 10. If it telnets to EcoLynx (which it does) then you have
two option. You can either roam around EcoLynx looking for Gopher Holes
(which would be useless since WWW doesn't have Gopher Holes), or you can
quit back to EcoGopher and search the rest of that before moving on (that
what I sugest you do). If we select the following options, (";"=Enter)
6;2;4;12;7;, we will get this.
+------------------------IRC Server--------------------------+
| |
| Warning!!!!!, you are about to leave the Internet |
| Gopher program and connect to another host. If |
| you get stuck press the control key and the ] key, |
| and then type quit |
| |
| Connecting to ircd.deamon.co.uk, port 6666 using telnet. |
| |
| Use the account name "irc" to log in |
| |
| [Cancel: ^G] [OK: Enter] |
| |
+------------------------------------------------------------+
Trying 158.152.1.65 ...
telnet: connect: Connection refused
telnet>
Bingo, if you get this consider yourself lucky that you now have a
totaly anonymous Telnet Diverter (now all of you have one if you were
paying attention to what I was saying and the options I selected). So
just go through all the Directories on a gopher looking for a <TEL>
option, and trying it out. Also note that you will have to have telnet
once already for this to work, otherwise it will defualt back to the
Gopher since you haven't telneted yet.
Note: By the time I got to EcoGopher I had already Telneted twice.
Info for 303ers
---------------
Two of the numbers to Oasis - 303.893.9440, 303.629.0134.
Once you connected just press any key and a menu will come up.
login: oasis
The number to Hytelnet - 303.592.7911.
Once you connected hit enter. I have found out that you cannot log
into Hytelnet dialing direct anymore because dialing direct puts you
on "oasis.denver.colorado.edu" but if you telnet is from Oasis you get
connected to "ccnucd.denver.colorado.edu". Note that these are the
same addreses as Oasis, this is because they are telneting on
different ports.
login: hytelnet
Info for Everyone
-----------------
Here are some places you can go once you get to a Telnet prompt.
IRC Services:
134.129.123.1 power.ee.ndsu.NoDak.edu (VAX/VMS)
Username: IRC
199.0.65.102 question.tiac.net
login: irc
Note: This account has been temporarily disabled.
149.156.98.60 student.uci.agh.edu.pl
login: irc Password: irc 1st=Realname 2nd=Nick
Note: The above system is lagged to HELL
140.113.17.162 4470 gopher.csie.nctu.edu.tw 4470
login: gopher
Note: That one says banned from server, then won't let you switch servers.
If you get on IRC do a "/who *irc*" to try and find more.
The Outro
---------
By now you should have a pretty good idea of what a Gopher does, what to
look for on a Gopher, how to abuse them and some places you can go once
you get to the telnet prompt. The Gopher Hole I gave out has been up for
4 months, about 10 people knew of it before this file, and have done many
things with it. Final greets to DeadKat, DisordeR and Mindscrew <-he made
me :]
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
Internet Outdial List v3.0
by Cavalier and DisordeR
Introduction
------------
There are several lists of Internet outdials floating around the net these
days. The following is a compilation of other lists, as well as v2.0 by
DeadKat(CoTNo issue 2, article 4). Unlike other lists where the author
just ripped other people and released it, we have sat down and tested
each one of these. Some of them we have gotten "Connection Refused" or
it timed out while trying to connect...these have been labeled dead.
Working Outdials
----------------
as of 12/29/94
NPA IP Address Instructions
--- ---------- ------------
215 isn.upenn.edu modem
218 modem.d.umn.edu atdt9,xxxXXXX
412 gate.cis.pitt.edu tn3270,
connect dialout.pitt.edu,
atdtxxxXXXX
413 dialout2400.smith.edu Ctrl } gets ENTER NUMBER: xxxxxxx
502 UKNET.UKY.EDU CONNECT KECNET
@ dial: "OUTDIAL2400 or OUT"
602 acssdial.inre.asu.edu atdt8,,,,,[x][yyy]xxxyyyy
713 128.143.70.101 connect telnet
connect hayes
713 128.249.27.153 atdt x,xxxXXXX
714 modem.nts.uci.edu atdt[area]0[phone]
804 ublan.virginia.edu connect hayes, 9,,xxx-xxxx
??? 128.200.142.121 atdt x,xxxXXXX
??? dialout.cecer.army.mil atdt x,xxxXXXXX
Need Password
-------------
303 129.82.100.64 login: modem
404 128.140.1.239 .modem8|CR
415 128.32.132.250 "dial1" or "dial2" or "dialer1"
514 132.204.2.1 externe,9+number
703 128.173.5.4 dial2400 -aa
??? 128.95.55.100 This is an unbroken password
Dead/No Connect
---------------
201 128.112.88.0
202 modem.aidt.edu
204 umnet.cc.manitoba.ca "dial12" or "dial24"
206 dialout24.cac.washington.edu
215 wiseowl.ocis.temple.edu "atz" "atdt 9xxxyyyy"
218 aa28.d.umn.edu "cli" "rlogin modem" at "login:"
type "modem"
305 128.227.224.27
307 modem.uwyo.edu/129.72.1.59 Hayes 0,XXX-XXXX
313 35.1.1.6 dial2400-aa or dial1200-aa or dialout
402 modem.criegthon.edu
404 broadband.cc.emory.edu ".modem8" or ".dialout"
404 emory.edu .modem8 or
413 dialout.smith.edu
416 annex132.berkely.edu atdt 9,,,,, xxx-xxxx
416 pacx.utcs.utoronto.ca modem
503 dca.utk.edu dial2400 D 99k #
503 dialout.uvm.edu
513 r596adil.uc.edu/128.137.33.72
514 132.204.2.11 externe#9 9xxx-xxxx
602 dial9600.telcom.arizona.edu
609 128.119.131.11X (X= 1 - 4) Hayes
609 129.119.131.11x (x = 1 to 4)
609 129.72.1.59 "Hayes"
614 ns2400.ircc.ohio-state.edu "dial"
614 r596adi.uc.edu
615 dca.utk.edu "dial2400"
617 128.52.30.3 2400baud
617 dialout.lcs.mit.edu
617 mrmodem.wellesley.edu
619 128.54.30.1 atdt [area][phone]
619 dialin.ucsd.edu "dialout"
713 128.249.27.154 "c modem96" "atdt 9xxx-xxxx"
or "Hayes"
714 130.191.4.70 atdt 8xxx-xxxx
714 modem24.nts.uci.edu
902 star.ccs.tuns.ca "dialout"
916 128.120.2.251 connect hayes/dialout
916 129.137.33.72
??? 128.112.131.110-114
??? 128.112.88.1
??? 128.112.88.2
??? 128.112.88.3
??? 128.119.131.11X (1 - 4)
??? 128.120.59.29 UCDNET <ret> C KEYCLUB <ret>
??? 128.122.138.226-230 dial3/dial12/dial24
??? 128.169.200.68 dial 2400 d 99Kxxxxxxx
??? 128.173.5.4
??? 128.200.142.3
??? 128.200.142.5
??? 128.54.30.1 nue
??? 128.54.30.1 nue, X to discontinue, ? for Help
??? 128.6.1.41
??? 128.6.1.42
??? 129.137.33.72
??? 129.180.1.57
??? 129.72.1.59 Hayes
??? 131.212.32.110 atdt 9,xxxxxxx Duluth MN
??? 140.112.3.2 ntu <none>
??? 140.115.1.101 guest <none>
??? 140.115.17.110 u349633
??? 140.115.70.21 cs8005
??? 140.115.83.200 guest <none>
??? 140.119.1.110 ?
??? 18.26.0.55
??? alcat.library.nova.edu
??? annexdial.rz.uni-duesseldorf.de
??? annexdial.rz.uni-duesseldorf.de
??? dial.cc.umanitoba.ca
??? dial24-nc00.net.ubc.ca
??? dial24-nc01.net.ubc.ca
??? dial96-np65.net.ubc.ca
??? dial96.ncl.ac.uk
??? dial9600.umd.edu
??? dialin.creighton.edu
??? dialout.lcs.mit.edu
??? dialout.plk.af.mil
??? dialout.scu.edu
??? dialout1.princeton.edu
??? dialout1200.scu.edu
??? dialout1200.unh.edu
??? dialout24.afit.af.mil
??? dialout24.cac.washington.edu
??? dialout2400.scu.edu
??? dialout9600.scu.edu
??? dswitch.byu.edu "C Modem"
??? engdial.cl.msu.edu
??? gmodem.capcollege.bc.ca
??? hmodem.capcollege.bc.ca
??? irmodem.ifa.hawaii.edu
??? modem-o.caps.maine.edu
??? modem.calvin.edu
??? modem.cis.uflu.edu
??? modem.d.umn.edu/129.72.1.59 Hayes 9,XXX-XXXX
??? modem.ireq.hydro.qc.ca
??? modem12.bcm.tmc.edu
??? modem24.bcm.tmc.edu
??? modem24.bcm.tmc.edu
??? modem_out12e7.atk.com
??? modem_out24n8.atk.com
??? modem_pool.runet.edu
??? modems.csuohio.edu
??? modems.uwp.edu
??? outdial.louisville.edu
??? r596adi1.uc.edu
??? ts-modem.une.oz.au
??? ts-modem.une.oz.au
??? vtnet1.cns.ut.edu "CALL" or "call"
??? wright-modem-1.rutgers.edu
??? wright-modem-2.rutgers.edu
Conclusion
----------
If you find any of the outdials to have gone dead, changed commands,
or require password, please let us know so we can keep this list as
accurate as possible. If you would like to add to the list, feel free
to mail us and it will be included in future versions of this list,
with your name beside it. Have fun...
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
Notes on Unix Password Security
by
Voyager
will@gnu.ai.mit.edu
Introduction
~~~~~~~~~~~~
Standard Unix implementations keep user passwords in the file
/etc/passwd. An entry in the password file consists of seven colon
delimited fields:
Username
Encrypted password (And optional password aging data)
User number
Group Number
GECOS Information
Home directory
Shell
]
] Sample entry from /etc/passwd:
]
] will:5fg63fhD3d:9406:12:Will Spencer:/home/fsg/will:/bin/bash
]
Broken down, this passwd file line shows:
Username: will
Encrypted password: 5fg63fhD3d
User number: 9406
Group Number: 12
GECOS Information: Will Spencer
Home directory: /home/fsg/will
Shell: /bin/bash
Password Aging
~~~~~~~~~~~~~~
On some systems you will find passwd entries with password aging
installed. Password aging forces the user to change passwords after a
System Administrator specified period of time. Password aging can
also force a user to keep a password for a certain number of weeks
before changing it.
]
] Sample entry from /etc/passwd with password aging installed:
]
] will:5fg63fhD3d,M.z8:9406:12:Will Spencer:/home/fsg/will:/bin/bash
]
Note the comma in the encrypted password field. The characters after
the comma are used by the password aging mechanism.
]
] Password aging characters from above example:
]
] M.z8
]
The four characters are interpreted as follows:
1: Maximum number of weeks a password can be used before changing
2: Minimum number of weeks a password must be used before changing
3&4: Last time password was changed, in number of weeks since 1970/1/1
Three special cases should be noted:
If the first and second characters are set to '..' the user will be
forced to change his/her passwd the next time he/she logs in. The
passwd program will then remove the passwd aging characters, and the
user will not be subjected to password aging requirements again.
If the third and fourth characters are set to '..' the user will be
forced to change his/her passwd the next time he/she logs in. Password
aging will then occur as defined by the first and second characters.
If the first character (MAX) is less than the second character (MIN),
the user is not allowed to change his/her password. Only root can
change that users password.
It should also be noted that the su command does not check the
password aging data. An account with an expired password can be su'd
to without being forced to change the password.
The password aging codes are in base-64 format, and can be converted to
decimal using the following table:
Password Aging Codes
+------------------------------------------------------------------------+
| |
| Character: . / 0 1 2 3 4 5 6 7 8 9 A B C D E F G H |
| Number: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
| |
| Character: I J K L M N O P Q R S T U V W X Y Z a b |
| Number: 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
| |
| Character: c d e f g h i j k l m n o p q r s t u v |
| Number: 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
| |
| Character: w x y z |
| Number: 60 61 62 63 |
| |
+------------------------------------------------------------------------+
Password Aging Defaults
~~~~~~~~~~~~~~~~~~~~~~~
System wide defaults for password aging are stored in the file
/etc/default/passwd.
]
] Sample entry from /etc/default/passwd under System V release 4.0
]
] MINWEEKS=0
] MAXWEEKS=500
] PASSLENGTH=5
] WARNWEEKS=1
]
MINWEEKS is the default minimum number of weeks a password must be
used before changing. MAXWEEKS is the default maximum number of weeks
a password can be used before changing. PASSLENGTH is the minimum
number of characters a password may contain. WARNWEEKS, which did not
exist prior to System V Release 4, is the number of weeks a user is
warned that they must change their password.
Password Shadowing
~~~~~~~~~~~~~~~~~~
Due to basic design aspects of the Unix system, the file /etc/passwd
is world readable. This allows password crackers to steal the
encrypted passwords and attempt to crack them. Newer versions of Unix
use a scheme known as shadowing to alleviate this problem.
On a Unix system with password shadowing, the encrypted password field
of the password file is replaced by a special token. When the login
and passwd programs see this token in the password field, they switch
to the shadowed copy of the password file for the actual encrypted
password field. The shadowed copy of the password file is readable
only by root and the login and passwd programs run SUID root.
Defeating Password Shadowing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Password shadowing can be defeated on some systems by using
getpwent(), as in the following program. Successive calls to
getpwent() are made for every line in the passwd file. This method
only works for older password shadowing schemes.
] #include <pwd.h>
] main()
] {
] struct passwd *p;
] while(p=getpwent())
] printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd,
] p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);
] }
On systems where getpwent() fails, it is possible to utilize the
pwdauth() function for similar purposes. Note that the pwdauth()
function is purposefully designed to operate very slowly. This
program shows the basics of pwdauth(), for a more complete example of
a cracker utilitizing pwdauth() refer to Shadow Crack from The
Shining/UPi.
]
] #define MAXLOGIN 8
] #define MAXPASS 8
]
] main()
] {
]
] char login[MAXLOGIN];
] char password[MAXPASS];
]
] printf("login: ");
] scanf("%s", login);
]
] printf("password: ");
] scanf("%s", password);
]
]
] if (pwdauth(login,password) == 0 )
] printf("Correct!\n");
] else printf("Wrong!\n");
] }
]
A third method of defeating password shadowing is to have root
priveleges, as root is able to read the shadowed password file
directly.
The following chart show the location of the shadowed password
information and the token left in the /etc/passwd file by various
versions of Unix.
]
] Unix Path Token
] -----------------------------------------------------------------
] AIX 3 /etc/security/passwd !
] or /tcb/auth/files/<first letter #
] of username>/<username>
] A/UX 3.0s /tcb/files/auth/?/*
] BSD4.3-Reno /etc/master.passwd *
] ConvexOS 10 /etc/shadpw *
] ConvexOS 11 /etc/shadow *
] DG/UX /etc/tcb/aa/user/ *
] EP/IX /etc/shadow x
] HP-UX /.secure/etc/passwd *
] IRIX 5 /etc/shadow x
] Linux 0.99 /etc/shadow *
] OSF/1 /etc/passwd[.dir|.pag] *
] SCO UNIX R3.2v4.2 /etc/shadow x
] SCO Unix 3.2.x /tcb/auth/files/<first letter *
] of username>/<username>
] SunOS 4.1+c2 /etc/security/passwd.adjunct ##username
] SunOS 5.0 /etc/shadow
] <optional NIS+ private secure maps/tables/whatever>
] System V Release 3.2 /etc/shadow x
] System V Release 4.0 /etc/shadow x
] System V Release 4.2 /etc/security/* database
] Ultrix 4 /etc/auth[.dir|.pag] *
] UNICOS /etc/udb *
]
Format of the shadowed password file
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The format of the shadowed password file differs under various Unix
implementations. Many implementations follow the original System V
Release 3.2, while others opt for a more complicated yet more
efficient database structure.
An entry in the System V Release 3.2 shadow file consists of five
colon delimited fields:
Username
Encrypted password (And optional password aging data)
Last time password was changed, in number of days since 1970/1/1
Minimum number of days a password must be used before changing
Maximum number of days a password can be used before changing
System V Release 4 introduced three more fields to the shadow file:
The number of days before the password expires that the user will be warned
The number of days of inactivity allowed for the user
The absolute expiration date for the account
]
] Sample entry from /etc/shadow under System V release 4.0
]
] will:5fg63fhD3d:8960:1:60:10:90:10000
]
Broken down, this shadow file line shows:
Username: will
Encrypted password: 5fg63fhD3d
Last change: 8960 (Password was last changed on
Minimum days: 1 (Password must be kept for 1 day without changing)
Maximum days: 60 (Password must be changed every 60 days)
Warning days: 10 (User receives 10 days warning of required
password change)
Inactivity days: 90 (Account disabled if not used for 90 days)
Expiration date: 10000 (Account expires on
The SunOS adjunct system
~~~~~~~~~~~~~~~~~~~~~~~~
Sun Microsystems introduced changes in their version of the shadow
file in SunOS 4.1.
An entry in the SunOS passwd.adjunt file consists of seven colon
delimited fields:
Username
Encrypted password (And optional password aging data)
]
] Sample entry from /etc/security/passwd.adjunt under SunOS 4.1
]
] will:5fg63fhD3d::::ad,p0,p1:dr,dw,dc,da,lo
]
Broken down, this passwd.adjunt line shows:
Username: will
Encrypted password: 5fg63fhD3d
Minimum login clearance:
Maximum login clearance:
Default login clearance:
Always audit: ad,p0,p1
Never audit: dr,dw,dc,da,lo
NIS
~~~
NIS (Network Information System) in the current name for what was once
known as yp (Yellow Pages). The purpose for NIS is to allow many
machines on a network to share configuration information, including
password data. NIS is not designed to promote system security. If
your system uses NIS you will have a very short /etc/passwd file that
includes a line that looks like this:
+::0:0:::
To view the real password file use this command "ypcat passwd"
Password cracking
~~~~~~~~~~~~~~~~~
Contrary to popular belief, Unix passwords cannot be decrypted. Unix
passwords are encrypted with a one way function. The login program
encrypts the text you enter at the "password:" prompt and compares
that encrypted string against the encrypted form of your password.
Password cracking software uses wordlists. The password cracking
program encrypts each word in the wordlist and compares that encrypted
string against the encrypted form of the password. If the encrypted
forms match, the password is known.
To crack passwords, you will need a password cracking program and a
wordlist. The best cracking program for Unix passwords is currently
Crack by Alec Muffett. For PC-DOS, the best package to use is
currently CrackerJack. Larger wordlists will allow you to crack more
accounts.
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> Thank you for abusing AT&T <20>
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> by The Public & Dead Kat
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Some of the "Frequently Called AT&T Organizations":
Account Inquiry Centers (AIC)...................................1-800-325-0138
Provides support for business customer inquiries regarding
billing of MTS, WATS and private line.
ACCUMASTER Network Management Support...........................1-800-637-0007
Provides custormer service for the following systems:
1. ACCUMASTER Integrator
2. Services Workstation
ACCUNET Bandwidth Management Service............................1-800-526-0253
ALLIANCE Teleconference.........................................1-800-544-6363
Call to set up dial-in and dial-out teleconferences.
Amcom Software Helpline.........................................1-800-852-8935
Provides customer support for 3B2 Messaging Server.
AT&T Easylink...................................................1-800-242-6005
AT&T Paradyne Products..........................................1-800-237-0016
Processes customer trouble reports and arranges repair
for Paradyne modems and multiplexors.
Call Acquisition/Fault Management Helpline......................1-800-422-6622
Provides customer service for the following systems:
1. Call Accounting System (CAS), CAS+
2. CDRU, CDRP, Cost Allocator
3. Trouble Tracker
Call Center Helpline............................................1-800-344-9670
Provides customer service for the following systems:
1. Call Management System (CMS)
2. CONVERSANT Voice Information System (VIS)
3. Telemarketing Gateway
Computer Hotline................................................1-800-922-0354
Handles customer problems relating to AT&T
software, computers and net-working products.
Corporate Education.............................................1-800-TRAINER
Provides training for customers and employees on a wide 8724637
range of AT&T products and services.
General Business Systems Branch Offices (GBS)...................1-800-247-7000
Provide small business customers (those with less than 80
stations) sales, lease and overall support for voice
products and data systems.
Inbound MEGACOM Service.........................................1-800-222-1000
Outbound MEGACOM WATS...........................................1-800-MEGSCOM
Processes customer trouble reports and arranges repair for 634-2266
M800/900/MultiQuest Service
International Information Service...............................1-800-874-4000
A toll-free service for U.S. customers providing
answers to international calling questions (including
international rate and dialing instructions).
Long Distance Gift Certificates -- Business.....................1-800-222-7747
-- Residence 1-800-222-8555
Sales and service for AT&T Long Distance Certificates
Long Distance Repair Service Center (LDRSC).....................1-800-222-3000
Processes customer trouble reports and arranges repair for
both residence and business AT&T Long Distance Services.
Covers 800 Service, WATS, PRO WATS, and One Line WATS.
National Sales & Service Center (NSSC)..........................1-800-222-3111
Provides:
-- nationwide sales to residence and very small business
customers for corded, cordless answering systems,
typewriters and Do-It-Yourself products.
-- troubleshooting support for al AT&T consumer products.
National Service Assistance Center (NSAC)
Supports business customers in the repair of the following
product lines:
1. Smaller systems (ComKey, 1 A Key, Horizon(R)).............1-800-526-2000
2. Merlin(R), Spirit(R), FAX, EKTS, System 25................1-800-628-2888
National Special Needs Center (NSNC)......................voice 1-800-233-1222
Handles inquiries for speech and hearing impaired tdd 1-800-833-3232
customers including lease and sale of telecommunications
products, billing inquiries for long distance and
equipment.
National Telemarketing Centers (NTC)............................1-800-CALL-ATT
Handles orders for AT&T Card and residence AT&T optional
calling plans
PBX Technical Service Center....................................1-800-242-2121
Handles questions concerning:
Definity Communications System G1, G2, G3
System 75
Dimension PBX
PC/PBX Support..................................................1-800-231-1111
Primary Account Sales Centers (PASC)............................1-800-222-0400
Perform a wide range of sales oriented functions for small
business customers (those with annual long distance bills
of less than $50,000).
Residential Billing Inquiry
-- residence customers for sales, service and billing of......1-800-555-8111
long distance
-- residence and very small business customers for lease,.....1 800-555-8111
sales, service and billing of equipment
Share Owner Services (TRANSTECH)................................1-800-348-8288
Provides a wide range of services including stock
transfers and dividend payment processing.
SDN Repair Service Center.......................................1-800-344-5100
Processes customer trouble reports and arrages repair for
Software Defined Network (SDN).
Switched 56 Repair Service Center...............................1-800-367-7956
Proceses customer trouble reports and arranges repair for
Switched 56 systems.
Private Line Repair Service Center..............................1-800-325-1230
Processes customer trouble reports and arranges repair for
voice grade PL/DDS/ASDS.
Telephone Equipment, Computers & Services.......................1-800-247-1212
Business Marketing Group
38 computers, PCs, System 75 and 85, UNIX(tm), and ISN.
For businesses 80 stations +.
8:00am to 6:00pm [EST I found out]
The AT&T Catalog................................................1-800-635-8866
The Global Business Communication Systems product catalog
for Business, Federal, State and Local Government
Custormers. Ask for extension 7000 to order catalog.
Voice Messaging Helpline........................................1-800-56-AUDIX
Provides custormer service for the following systems: 562-8349
1. Audix Voice Messaging System
2. Voice Mail, AUDIX VP, Inbound Call Director, Voice
Power Automated Attendant
ADDITIONAL RESOURCES FOR EMPLOYEES
"Easy To Do Business With" Reference Manuals. A variety
of printed reference materials which include helpful
contact information. Ask for a copy of the BCSystems
Publications Catalog (# 555-000-010) 1-800-432-6600
A "LAST" RESOURCE FOR EMPLOYEES
FIND AT&T Center 1-800-FIND-AT&T
A last resource for employees needing additional (346-3288)
information on a wide range of AT&T topics, (e.g.
products, organizations, addresses, telephone numbers)
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
Revenge Database
v1.3
by: DisordeR
Things to do to people for revenge. These include local and LD forms. From
'pain in the ass' to 'downright fuckin cruel'. This is just for speculation
and not suggesting any actions, so I am not responsible for anything you do.
With many of these ideas, you may not be able to do everything you wish,
but remember that even the smallest effort on your part can cause a lot
of problems on their side.
Finding their info.
1) If you have their handle. Check around local area BBSs for their real name
in user info. Check with other BBSers or friends who may know the person.
Get real name and any other info possible. Even the most abstract of things,
regardless of what it is, write it down. It may come in use later down
the road.
2) With any info you currently have (mainly focus on getting their name and
phone number) get their phone number. If you only have their name try and
get their number through the phone books, or information. If you have
their number use a CN/A to get more info. Also check with 900 pay/info
lines for more info. If you have thier license plate number, go down to
the DMV and have thier info pulled. This only costs a couple of bucks.
Once you have their info...
._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.
Phone.
1) Call up their local phone provider and act like the victem.
A) Install a password on their phone line. This makes it so they can't
change their own service without providing that password. The only
way around it, is for them to visit a local office, show ID, fill
out bullshit paperwork etc. Remember, since most people don't
call the phone company that often, it may take them a month until
they realize what you have done.
B) Add any/all of the following services.
1) Privacy/Non-Publish $2.10/month
2) Caller ID $5.95/month
3) Call Waiting $4.50/month
4) Call Forwarding $1.50/month
5) Three Way $3.50/month
6) Speed Calling (30) $3.00/month
7) Callback $2.95/month $8.50/install
8) LD Block $2.00/month
9) Change Number(Custom) $17.50 (after first time)
10) Change to Custom # $75.00
-----------------------------------
Total $126.50
C) Change their LD service to the most expensive service if you want
a quick but subtle revenge. I find it better to change their carrier
to MCI. From here ask for a custom 800 number for 'your' line. After
that, they will be reached from an 800 number, and all calls will
be billed to them, even local. Post up their number as a BBS number
on any of the lamer Usenet groups. Since they are with MCI, you
can set up and bill conference calls to their number through the
right procedures.
2) Visit the victem's house and use your beige on them. Also have a custom
little device that will allow you to bridge the line while you are on
it, so that you can remove your beige and they will stay on the line.
A) Call any 900 numbers you want, including the various 900 services that
give information about people. Might as well make them pay for you
getting their information. :) I suggest dedicating some time to call
900.97M.ONEY ... each call to that number will bill them 25 bucks.
One hour of this can hit around 1500 bucks of damage to their phone
bill.
B) Set up a string of confs for ten or so days, and make each day
last from noon til midnight. For more info on setting up confs,
consult CoTNo issue 3, article 6.
C) Call the secret service and threaten to kill the president. Make
it convincing and be somewhat vague about your plans. This will prompt
a quick visit by agents in trenchcoats that will want to play 20 questions
about how that person plans to kill the president.
D) Prank call people, threaten them, initiate as many COT's (Customer
Oriented Trace) as you can. This will flood their house with those
wonderful letters from the phone company saying that person was
harrasing people, and are the scum of the earth.
E) On your way out of their backyard, cut their phone lines. If you can't
use them, why should they? If you don't want to do that, hook up the
little device to hold the line when you unclip your beige, and call
Time/Temp in Japan. That should rack up a decent bill.
._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.
Credit.
1) Pull a CBI on them, or obtain their credit info any way you can. Through
enough social engineering, you should be able to get most of the info
you need, if not, there are still a few ways to strike out at them.
Cancel all their credit cards. Report them as stolen, and ask for a new
one to be sent to you, and your old account number put on hold. Next time
they are in a store and use it, the cashier will call the cops when the
response comes back as 'stolen'. Public humiliation and a hassle in a
store is great to watch.
2) Using their info, apply for a credit card they don't have. Usually
Diner's Club or Discover or something that isn't as widely used. Fill
out all the information as theirs, and send it in. Intercept the mail
with the card in it, and send response back that you moved, and give
them a new address that is more convenient for you. Now you have a credit
card that is in their name, and they don't know about. When the bill
is sent to them, it will go to the new address where you are picking
up mail. Abuse the hell out of that card. Use it on anything/everything
you can. When the bill comes, just ignore it. You should get several
months of use out of it or until you max it. When that happens, call
in and change your address again and tell them the check is in the mail.
By the time the person knows they have that card, gets the bill, there
will be a huge amount to pay, interest on it all, and a mark on their
credit records indicating late/delinquent pay.
3) Using their existing credit cards, make as many purchases on them as you
can. Key here is to make as many that can't be disputed. Make phone
calls from local payphones with their CC#. Doing this it becomes
very hard for them to prove they didn't do it. Use it at gas stations
that have the new pumps with built in credit card payment options.
The more they can't dispute, the more they pay. Card as many goods
as you can. Get stuff that you need, or use their own card to do some
of the other things mentioned above.
4) If all else fails, spread their credit card/calling card numbers as
far as you can. Let other people abuse them as much as possible. When
they change accounts, do another CBI and respread their info. The more
you do this, the more that will rack up on their bills and the harder
it will be for them to dispute the bill, and the more of a hassle it is
for them to clear their name.
._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.
Misc.
If you have their full info, which shouldn't be a problem if you have
their name/phone number/address etc, employ a few more harassing
ideas.
1) Report their car as stolen. Tell the police the info, that you parked
it at some office and when you came out your car was gone. Next time
the victem is driving down a road, if a cop ID's the car, they will pull
the victem over and harass him.
2) If the person is making a road trip, call Crime Stoppers and give
an anonymous tip that the person is trafficking drugs, and has them
well hidden in the car. Be somewhat vague but make it believable.
3) Steal their mail whenever you can. Sign them up for any magazine/club
offer that comes to them. If they are a member of any existing clubs,
then sign them up for additional years, order more merchandise, etc.
This works well with Columbia House and the like because the order
forms have their info, and just blanks to fill in part
numbers/catalog numbers.
4) Their car. Using a wrench and five minutes or so, do one/all of the
following:
A) Remove bottom bolt from engine mounts. When they start their car,
the engine will launch almost straight up into the hood of their
car if they have enough torque on their engine. V8's and 350's
will rip the hood right off the car. :)
B) Remove oil plug, drain oil into container. Make sure you don't
leave any sign of what you did. When they start their car and take
off, it won't take long before parts start heating, and the engine
will overheat, and the pistons will crack.
C) Siphon all their gas, and fill their tank with urine/salt/sand.
This will clog their entire system, and take some time to flush
the system, and get their car operating again.
D) Drain brake fluid, replace with water. It will take a few miles
before the person realizes his brakes won't work.
E) Remove screw on clutch fluid tap. When they try to clutch, it will
'spooj' clutch fluid out the bottom of their car and they will
lose pressure.
F) Remove drive shaft bolts near transmission. A little ways down the
road, they may notive their drive shaft fall to the ground, or
hopefully rocket through the back of your car.
G) Remove pins in tire stems after letting air out. Not only do they
have a few flats, they can't fill up the tires.
H) If they leave their window cracked, or you see a prime way to
make a small hole in their windows, fill it with urine, a fire
extinguisher, or just water. Plenty of fun when they come out
the next morning.
5) Card all sorts of shit to their house. Some of the better things to
card to them: 50lbs of raw meat, urinals, male strippers, gay porn
catalogs, singing telegrams, flowers(pansies), fireworks, cases of
toilet paper, bibles, a coffin, sexual toys, bags of cow manure,
6) Get their neighbor's info, and pose as them. Make any/all of the following
calls:
A) Call the police and tell them you saw the person dragging a dead
body through the back yard.
B) Call the police and say the person was running through the house
waving a machete and holding a gun.
C) Call the police and mention that 'shady' characters keep buying
stuff in their back yard.
7) Call a local landscaping company, and have them bring a few tons of
granite rocks to their house, and re-landscape their front yard while
the person is at work. Have them rip up the current grass or whatnot,
and dump rocks there.
8) Go to your local book store or 7-11 and get about 100 magazine subscription
cards. Fill each one out with the person's info, and send them off.
9) With their full info, call down to public works and tell them that you
are going out of town for a few weeks, and need your utilities shut
off for the duration. No water, gas, electricity, etc is always a
fun thing to overcome. Especially if they don't have use of their phones.
I am always looking for 'phresh gnu ideas' on revenge, and as you can see,
this is version 1.3 for now. When I add more, I will change the version
number and spread it around as far as possible. In future CoTNO's, I may
just have 'adder files' with more ideas, and not reprint the whole thing.
Thanx goes out to Deadkat, Rage-303, Cavalier, and Synergy for their
contributions to the file.
DisordeR
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
End of CoTNo #05
We hope the long wait for this issue (6 months) was worth it. Now that TNO
has reorganized, we will be producing CoTNo's on a more regular basis. Be
sure to check out our other TNo sponsered publications though:
#Hack FAQ - The complete reference of Frequently Asked Questions for
#hack and alt.2600
F.U.C.K. - Fucked Up College Kids, a collection of Rants about modern
American society ranging from the serene to the obscene.
Now that we have finished this issue we are off to HoHoCon 94! If your
lucky, you'll see us there. And if you ARE going, remember Voyager's
sound words of wisdom, "Don't lick the strippers, you don't know where
they've been."
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
Reference in New Issue View Git Blame Copy Permalink