1411 lines
58 KiB
Text
1411 lines
58 KiB
Text
.oO Phrack 50 Oo.
|
|
|
|
Volume Seven, Issue Fifty
|
|
|
|
2 of 16
|
|
|
|
Phrack Loopback
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
Hi,
|
|
I have a story of violations of freespeech and censorship and
|
|
if I am busted unjustly, please publish this story to the public.
|
|
Yesterday some faggot e-mailed me with a ton of ascii crap that
|
|
took me an hour + to DL. WHen I finished DLing it, windoze stalled and I
|
|
had to restart.. So naturally I was pissed off. The reason this guy
|
|
said he did this was because I posted a cheat program for the game
|
|
Diablo on my webpage and he doesn't like cheaters. Today he e-mailed me
|
|
again with ascii crap.....I was beyond pissed....so I did what anyone in
|
|
my position would do....Imailbombed him ... about 600 msg's or so.
|
|
I used Kaboom3 and an SMTP I thought (Looked like it from port 25) was
|
|
anonymous and untraceable.
|
|
As it turns out, 2 hours later the head of security at Earthlink
|
|
(my current ISP) called and said that someone from my account had e-mail
|
|
bombed this person. The security guy said that the person I bombed
|
|
complained to his ISP because it "put out his business for hours." His
|
|
ISP traced it to Earthlink and then to me, by contacting the earthlink
|
|
security guy and having him look in the logs for who was connected to
|
|
the ip (dynamic) they saw in the bomb messages at the time the bombing
|
|
occurred. He also said that the guy I bombed called the FBI and got them
|
|
involved in it. Is this sounding fucking ridiculous yet? First of all,
|
|
any reputable business presumably has a better-than-28.8 connection,
|
|
which means it would have taken this guy a couple seconds to DL my bomb.
|
|
Secondly, even if he doesn't have a T-1, at 28.8 it would take 2 hours
|
|
or so, maybe less. But the FBI is involved..... I can't fucking
|
|
believe it! So naturally the first thing I do is e-mail all the
|
|
reputable hackz known to me. This is ridiculous, this is
|
|
oppressive, this is BIG BROTHER!
|
|
|
|
Yours,
|
|
GrEeNbEaSt
|
|
|
|
|
|
[ So, what exactly is it that you want us to do, besides burst into fits
|
|
of uncontrollable for several minutes at a time? ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
Hey, in phrack 48, the article on IP spoofing says you need to sample to
|
|
TCP sequence numbers of the host you are attacking. The method is
|
|
suggests is to connect via SMTP and then drop the connection. There is
|
|
a problem with this - sendmail usually logs failed mail transfers, so
|
|
the host will probably be able to correlate this with the time of the
|
|
attack and find out who you are. Further, this connection must be done
|
|
from a non-spoofed IP address to guarantee you get a returned packet.
|
|
There are two options available here:
|
|
|
|
1) Forge the sequence sampling connection as another host on your subnet
|
|
(although if they contact your provider and your provider logs massive
|
|
data, you're busted - also this will not work if the local network uses
|
|
an active hub)
|
|
|
|
2) Make sure to remove these traces if you manage to crack the machine -
|
|
this is all or nothing - if you fail to crack it, but left indicators of
|
|
an attack, you are screwed. (again only if your provider logs heavily)
|
|
|
|
If you want to circumvent these dangers altogether, simply sample the
|
|
sequence numbers from some highly non-logging port. The standard inetd
|
|
server for UNIX runs a TCP echo, discard and chargen service, which you
|
|
can get sequence numbers from, and does not log anything.
|
|
|
|
There are two complications to this attack which are becoming
|
|
increasingly used, and which effectively prevent it.
|
|
|
|
1) Some providers do not allow foreign IP addresses to go out of their
|
|
subnet as source IP addresses - this is done through router blocking.
|
|
Most sites just don't give a damn or are too stupid to figure out how to
|
|
do it, but the number of providers doing this is increasing. You could
|
|
try to hack their router - easy to find, do a traceroute, but chances of
|
|
success are slim if it doesn't allow remote logins. Also, your ISP will
|
|
know if this happens, and may take additional precautions immediately
|
|
(such as grabbing your ethernet address if you are on a local network -
|
|
then you are f!!ked) We don't want any minors reading this to see any
|
|
offensive words, do we - oh lord, they might even ban phrack in the
|
|
state of Texas. No offense to anyone from Tx unless they deserve it.
|
|
|
|
2) Some OS's use pseudo-random number generators to create TCP sequence
|
|
numbers at the beginning of each connection. This is easy to do under
|
|
Linux, and I think some commercial OS's might even be doing this now
|
|
(anyone have confirmation of the rumor that Solaris now does this?)
|
|
Now, this is easy to check for - connect twice in immediate succession
|
|
and see if you get two sequential (or close) numbers. However, a
|
|
workaround for this would be to generate pseudo-random sequence numbers
|
|
for the first connection from a given IP address (and then again when
|
|
the IP layer no longer has any knowledge of this IP address) If a site
|
|
was running non-crypto pseudo-random sequences, it would be possible to
|
|
analyze it using a spectral test to try to predict sequence numbers, but
|
|
if they use a cryptographically secure sequence generator, you would
|
|
have to break it (probably not too hard since any highly secure crypto
|
|
sequence would make IP response time unreasonably slow) A
|
|
counter-solution to this would be to generate random numbers in low cpu
|
|
load time, and have a buffer of them for later use. Here, we could
|
|
probably go on forever with attacks and countermeasures, so lets stop
|
|
now, as a cure for sanity.
|
|
|
|
As an aside note for the highly paranoid: ethernet spoofing
|
|
|
|
Note: some of this is theorized, and might not be 100% accurate - if you
|
|
get the jist of it, you should be able to figure out if it works for
|
|
you.
|
|
|
|
It is possible to spoof ethernet hardware addresses as well. Some cards
|
|
will allow you to do this easily, but you need to have card programming
|
|
docs (check the Linux kernel source for your card driver-!!). Others
|
|
won't let you do it at all, and require a ROM change, or worse it might
|
|
be solid state logic on the card - EVIL. Course you might be able to
|
|
get around solid state stuff by recoding the ROM, but I wouldn't
|
|
recommend it unless you don't have the $70 to buy a new card, and have a
|
|
month or two to spend in the basement.
|
|
|
|
If you make up an ethernet address, you should probably use a real card
|
|
identifier (the first three bytes). This is because some sniffing
|
|
software raises warning flags when unknown card identifiers pop up, and
|
|
this software is run by more network admins than I'd like to think.
|
|
|
|
Some new hub technologies may limit this type of spoofing- most notably,
|
|
active hubs wouldn't allow it at all. Other new hub designs use
|
|
mappings of ethernet address to specific ports on the hub, so you might
|
|
not be able to change the address without turning off the machine,
|
|
waiting for the hub to time out the address, and rebooting.
|
|
|
|
Ethernet hardware address spoofing will make a machine completely
|
|
undetectable, provided it is not the only machine on a network that is
|
|
being monitored.
|
|
|
|
There may be a way around active hubs, and this is multicast ethernet
|
|
addresses. Any network card capable of multicast should be able to send
|
|
packets with an ethernet multicast address. This address is not
|
|
specific to each card, as many cards can send and receive on the same
|
|
multicast address. The problem here is router and hub technology may
|
|
have already advanced to the point where it can distinguish multicast
|
|
ethernet addresses and convert them to multicast IP addresses, which
|
|
would not allow you to spoof. This is only theoretical - I haven't
|
|
tried it, don't know anyone who has, and have never even heard rumors
|
|
about it.
|
|
|
|
Note : this information is in no means comprehensive - I don't have the
|
|
time or resources to study it, but most likely results in ethernet
|
|
spoofing vary by the manufacturers of the network hardware all the way
|
|
down the local line - (i.e - ethernet card all the way to the first
|
|
gateway)
|
|
|
|
Another aside: return path rerouting
|
|
|
|
In return path rerouting, the IP spoofing attack follows the same
|
|
general principal, except that the attacking machine gets reply packets,
|
|
and does not need to operate blind. There are three ways to make this
|
|
work:
|
|
|
|
1) Pretending to be a trusted host on your subnet
|
|
Easy, just pick up packets destined for the trusted machine which
|
|
look like responses to your forged packets, and send on their IP
|
|
address, and SYN flood their machine. This will even work past
|
|
blocking ISP's
|
|
|
|
2) Source routing attack
|
|
Medium difficulty, you have to construct a path between your machine
|
|
and the target, and a path between your machine and the trusted host
|
|
(although the last part can be made up). Use this and either the
|
|
strict or loose IP routing option, and all packets will come back to=20
|
|
you. This will not work nearly as much, since many hosts and=20
|
|
routers discard source routed packets (it is a well-known flaw in=20
|
|
TCP/IP now). However, mightn't buggy implementations only discard
|
|
one type of source routing?
|
|
|
|
3) Experimental - ICMP redirect attack
|
|
Try using ICMP redirects to redirect the packets back to the=20
|
|
attacking machine. ICMP redirects should only be accepted to=20
|
|
machines on a local subnet, but buggy implementations might not do
|
|
this correctly (actually, I think the Host Requirements RFC says=20
|
|
this is recommended, not required). Also, it may be possible to =20
|
|
create a path using redirects or forged routing updates to direct
|
|
traffic to a trusted site back to the attacking site. After the
|
|
attack, the routing information could be repaired, making it seem
|
|
like a temporary network failure. If anyone followed this and knows
|
|
what I mean, let me know if you think it's possible. =20
|
|
|
|
Thanks
|
|
|
|
Zach
|
|
|
|
[ Zach, you have good ideas and points. Now, why haven't YOU written
|
|
an article for Phrack???
|
|
|
|
You should...<hint><hint> ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
DEATH TO THE INNOCENT
|
|
|
|
|
|
I WENT TO A PARTY, MOM, I REMBERED WHAT YOU SAID.
|
|
YOU TOLD ME NOT TO DRINK, MOM, SO I DRANK SODA INSTEAD.
|
|
I REALLY FELT PROUD INSIDE, MOM, THE WAY YOU SAID I WOULD.
|
|
I DIDN'T DRINK AND DRIVE, MOM, THOUGH THE OTHERS SAID I SHOULD.
|
|
I KNOW I DID THE RIGHT THING, MOM, I KNOW YOUR ALWAYS RIGHT.
|
|
NOW THE PARTY IS ENDING, MOM, AS EVERONE IS DRIVING OUT OF SIGHT.
|
|
|
|
AS I GOT INTO MY CAR, MOM, I KNEW I'D GET HOME IN ONE PIECE.
|
|
BECAUSE OF THE WAY YOU RAISED ME, SO RESPONSIBLE AND SWEET.
|
|
I STARTED DRIVING AWAY, MOM, BUT AS I PULLED INTO THE ROAD,
|
|
THE OTHER CAR DIDN'T SEE ME, MOM, AND HIT ME LIKE A LOAD.
|
|
AS I LAY HERE ON THE PAVEMENT, MOM, I HEAR THE POLICE MAN SAY,
|
|
THE OTHER GUY IS DRUNK, MOM, AND NOW I'M THE ONE WHO WILL PAY.
|
|
I'M LYING HERE DYING. MOM, I WISH YOU'D GET HERE SOON.
|
|
|
|
HOW COULD THIS HAPPEN TO ME, MOM? MY LIFE JUST BURST LIKE A BALLOON.
|
|
THERE IS BLOOD ALL AROUND ME, MOM, AND MOST OF IT IS MINE.
|
|
I HEAR THE MEDIC SAY, MOM, I'LL DIE IN A SHORT TIME.
|
|
I JUST WANTED TO TELL YOU, MOM, I SWEAR I DIDN'T DRINK.
|
|
IT WAS THE OTHERS, MOM. THE OTHERS DID NOT THINK.
|
|
HE WAS PROBIBLY AT THE SAME PARTY AS I.
|
|
THE ONLY DIFFERENCE IS, HE DRANK AND I WILL DIE.
|
|
|
|
WHY DO PEOPLE DRINK, MOM? IT CAN RUIN YOUR HOLE LIFE.
|
|
I'M FEELING SHARP PAINS NOW. PAINS JUST LIKE A KNIFE.
|
|
THE GUY WHO HIT ME IS WALKING, MOM, AND I DON'T THINK IT'S FAIR.
|
|
I'M LYING HERE DYING AND ALL HE CAN DO IS STARE.
|
|
|
|
TELL MY BROTHER NOT TO CRY MOM, TELL DADDY TO BE BRAVE.
|
|
AND WHEN I GO TO HEAVEN, MOM, PUT DADDY'S GIRL ON MY GRAVE.
|
|
SOMEONE SHOUYLD HAVE TOLD HIM, MOM, NOT TO DRINK AND DRIVE.
|
|
IF ONLY THEY HAD TOLD HIM, MOM, I WOULD STILL BE ALIVE.
|
|
|
|
MY BREATH IS GETTING SHORTER, MOM. I'M BECOMING VERY SCARED.
|
|
PLEASE DON'T CRY FOR ME, MOM, WHEN I NEEDED YOU, YOU WERE ALWAYS THERE.
|
|
I HAVE ONE LAST QUESTION, MOM, BEFORE I SAY GOODBYE.
|
|
I DIDN'T DRINK AND DRIVE, MOM, SO WHY AM I THE ONE TO DIE?
|
|
|
|
[ Interesting...booze, violence. Now, if only this little story had
|
|
some forced sodomy of teenage schoolgirls...
|
|
|
|
Man, I have no shame...drinking and driving is evil, and will get you
|
|
shot in Central America for attempted homicide. That's why I take
|
|
cabs or hang around with 12-steppers or mormons. Either way, it gives
|
|
you someone to subject to your drunken ravings.
|
|
|
|
Now why this was sent to Phrack, I have no idea. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
I just have one question, i just moved back down to Texas from NY,,,
|
|
is there any one at phrack that knows local BBS numbers for san antonio???
|
|
|
|
thanx for the help,
|
|
|
|
[In almost any city with running water and electricity (and yes,
|
|
even San Antonio qualifies as of this writing), in any local computer
|
|
store you will find local compu-nerd publications. I think in San Antonio
|
|
its "Computer User." In any case, in the back are usually listings of
|
|
local bulletin boards. Start with these, and eventually you will come
|
|
across the kinds of bulletin boards you really want. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
The trial of the Danes arrested in the article I wrote in #47 has now
|
|
ended. No jail sentences, just community service up to 200 hours (me)
|
|
and a fine of 30.000Dkr. (apx. $5000).
|
|
|
|
Anyway, remember I wrote you about the article being quoted and
|
|
translated to Danish in a Danish magazine? Well, after the same magazine
|
|
published our REAL names, adrs with the advice not to hire us for any
|
|
jobs I got pretty sick of them and sent them a bill of DKr 5000, billing
|
|
them for my article.=20
|
|
|
|
Of course, they won't pay me (would rather go to court) so now I'm
|
|
considering taking them on their word. The company I'd be going after
|
|
is a daughtercompany of Coopers & Lybrand and is called Institute of
|
|
Datasecurity. Most of their employees seem to be notorious idiots, always
|
|
proclaiming themselves in the media with the anecdotes of yesterday. They
|
|
even gave out an award (money) to the DA who prosecuted us for doing
|
|
a nice job!=20
|
|
|
|
Well, since they didn't only violate my personal copyright but also the
|
|
restrictions of Phrack Magazine itself, I wanted to know if I could get
|
|
your support? Just some kind of written statement about the policy of
|
|
the magazine, whether or not they paid you for it, etc.
|
|
|
|
In a hurry, dont mind the mistakes,
|
|
|
|
Le Cerveau
|
|
|
|
[ Can you please send a photocopy of that article to us at the Phrack
|
|
mailing address? Maybe we can help.
|
|
|
|
I really don't have much respect for the accounting firms "computer
|
|
security" teams, and never have. In the years they've been doing this
|
|
work, they STILL don't get it.
|
|
|
|
It's too bad you aren't in America. You could probably sue the living=
|
|
hell
|
|
out of everyone involved, if they really did publish your names
|
|
and advise people not to hire you for work. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
HEY Whats up,
|
|
I was wondering if U could tell me how to e-mail bomb Please!!!!=20
|
|
|
|
[No, that's a stupid thing to do.
|
|
|
|
But, if you insist....
|
|
|
|
Go do a WWW search for the program "UpYours" This should
|
|
suit your needs just fine. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hello,
|
|
|
|
I was wondering if you know where i can get copies of "The Journal of
|
|
Privileged Information"? I have issues 1-5, and i`m looking for 6 -
|
|
present. If you know where i can get them, it would be greatly
|
|
appriciated!! thanx
|
|
|
|
techcode
|
|
|
|
[ I'm not really familiar with this magazine, but if anyone out there
|
|
has copies of this, email us with information on where to get more. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Dear Phrack,
|
|
|
|
Great job on issue 49. I enjoyed the section in Line Noise about ID
|
|
machine hacking. Anyway, I wanted to say that Phrack rules; it is by
|
|
far my favorite computer hobbyist magazine. By the way, I remember reading=
|
|
a
|
|
letter that a reader sent in, about some queer selling bound volumes of=
|
|
Phrack,
|
|
LOD Tech Journals, and virus source code. A similar occurance happended to
|
|
me when I found that some wannabe-elite pseudo-hacker was selling printed
|
|
copies of Phrack, 40 Hex, Digital Free Press, and Xeroxed copies of=
|
|
alt.2600.
|
|
I was curious, to say the least, and felt compelled to defend the honor of
|
|
those aforementioned publications. I talked to the fag, and I gained his
|
|
trust by using undecipherable hacker jargon that he seemed awed by. It=
|
|
turns
|
|
out that he had been distributing pirated junk on his PC, using an=
|
|
unregistered
|
|
copy of Serv-U. I gave him a registration crack, and in return he gave me=
|
|
an
|
|
account on his machine, so I could download his warez. I logged on to
|
|
his PC one day, and I quickly found the serv-u.ini file with the encrypted
|
|
passwords.
|
|
|
|
Since Serv-U uses Unix style encryption, I cracked his personal account
|
|
in about 17 minutes. He kept a TCP/IP connection open from 4pm to 11pm
|
|
every evening, and I logged on as him one day. I uploaded a virus to the
|
|
windows system directory and renamed it something benign, and then I edited
|
|
his autoexec.bat to execute it (I also used Fixtime from the Nowhere
|
|
Utilities 2.0 to make it smooth). I haven't heard from him since. That
|
|
one was a simple job to protect the rights of cool magazines like Phrack!
|
|
|
|
Take it easy, and keep the issues coming.
|
|
|
|
dethbug
|
|
|
|
[ If only all readers were as loyal. Or better yet, if only all readers
|
|
sent us a dollar!
|
|
|
|
Seriously though...a virus was a bit much, but since we weren't there
|
|
to sue to protect our copyright...
|
|
|
|
But uh, let it be known that you were not directed by, nor acting as an
|
|
agent of Phrack Magazine, and any and all such behavior was done
|
|
purely on your own behalf. :) ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Does this cost anything ?=20
|
|
LORDCYBRON
|
|
|
|
[ Unfortunately it does, but only your mortal soul. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Phrack,
|
|
|
|
We would like permission to republished Chris Goggans'
|
|
(Erik Bloodaxe) editorials from issue 4.42 to issue
|
|
7.48 in Node9: An E-Journal of Writing and Technology.
|
|
|
|
http://node9.phil3.uni-freiburg.de
|
|
|
|
There is a lot of interest in hacker culture in
|
|
cultural studies, and Chris Goggans' editorials give
|
|
a good snapshot of the hacker's side of the from
|
|
last three years.=20
|
|
|
|
We could tell our readers to simply go to Phrack and get
|
|
the editorials themselves, but putting the editorials
|
|
together makes them more effective. Plus, for many of
|
|
our readers, a number of names, terms, events need to
|
|
be annotated.
|
|
|
|
Jon Adams=20
|
|
|
|
[ Well Jon, Phrack has always had a policy of letting people reprint
|
|
articles / editorials / whatever as long as all pieces remain
|
|
intact with all credit given to the original author and to Phrack
|
|
Magazine. If you can do that, feel free to use the editorials. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hi Hackers
|
|
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
|
|
|
|
I have only one question for you, please answer me. I read in your magazine
|
|
|
|
> =3D=3DPhrack Magazine=3D=3D
|
|
>
|
|
> Volume Seven, Issue Forty-Eight, File 10 of 18
|
|
>
|
|
> Electronic Telephone Cards: How to make your own!
|
|
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Its very excelent for people who live in country when used the cards from=20
|
|
Gemplus, Solaic, Schlumberger, Oberthur: (French cards 256 bit). But I live=
|
|
in=20
|
|
Slovak Republic and in this country we use The cards from ODS, Giesecke &=20
|
|
Devrient, ORGA Karten systeme, Uniqua, Gemplus, Schlumberger and Oldenbourg=
|
|
=20
|
|
Kartensysteme (German cards 128 bit).
|
|
|
|
I am was reading in some paper that some people have emulator of these=20
|
|
telephone cards (German card). Emulator with PIC procesor.
|
|
|
|
But I very very long time searching Internet and I have not information how=
|
|
=20
|
|
I make this emulator. Only in your magazine I found help how I make=20
|
|
emulator but emulator which emulate french telephone card but I need=20
|
|
emulator which emulate german telephone card.
|
|
|
|
Please help me if You know some adress where I can find information=20
|
|
HOW I MAKE TELEPHONE CARD EMULATOR (WITH PIC PROCESSOR) WHICH EMULATE=20
|
|
TELEPHONE CARD TYPE GERMAN TELEPHONE CARD (128 BITS).
|
|
|
|
Thanks very much, for your answer. realllly thanks, i am waiiiiting.
|
|
|
|
!!!!! M A X O !!!!!
|
|
|
|
[ Actually, we don't but perhaps this request will bring in some
|
|
information from people in Germany. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
Can you please send me some hacker stuff that I can use on AOL.
|
|
|
|
THANX
|
|
|
|
[ The most important tool a hacker can have is a brain. Unfortunately,
|
|
since you are on AOL, it appears that your tool box is empty. Perhaps
|
|
you'd be more interested in some cool beavis & butthead .WAV files... ]
|
|
|
|
----------------------------------------------------------------
|
|
|
|
Looking for talented hackers for special projects.
|
|
First project concerns breaking source code. Please respond.
|
|
|
|
Justin Raprager=20
|
|
<adamas@raprager.com>
|
|
|
|
[ You probably can't afford any of us on the Phrack Staff.
|
|
Your request is being passed on the the readers. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Is your web site the best kept secret on the Internet?
|
|
|
|
We'll promote it to 50 search engines and indexes for $85
|
|
and complete the job in 2 business days. Satisfaction is
|
|
guaranteed!
|
|
|
|
Owl's Eye Productions, Inc.
|
|
260 E. Main Street
|
|
Brewster, NY 10509
|
|
Phone: (914) 278-4933
|
|
Fax: (914) 278-4507
|
|
Email: owl@owlsnest.com
|
|
|
|
[ Now, if our site is a secret, then how did you morons know about us?
|
|
I think a better sales pitch is:
|
|
|
|
"Is your Web Site Secure?"
|
|
|
|
We'll give your info to several million hackers for FREE who will be
|
|
sure to subject it to an extesive battery of security testing ranging
|
|
from exploitation of remote security vulnerabilties to denial of service
|
|
attacks. Your site will be profiled continuously for months until
|
|
people grow tired of causing you grief.
|
|
|
|
Would Owl's Eye Productions, Inc. care to be the first for this
|
|
amazing new service? Let us know. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
From: Ray Wardell <ray.wardell@novix.com>
|
|
To: phrack@well.com
|
|
Subject: FUCK YOU
|
|
|
|
FUCK YOU ... YOU DUMB ASS SHIT HEAD... FUCK WITH ME AND DIE...
|
|
|
|
[ Uh, ok. ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
Hi, I would like to become a hacker. I just watched that movie HACKERS. It
|
|
got me all siked up. If you could give me some information on how to
|
|
become one, I would be apreciative.
|
|
|
|
[ So if you had watched "Buttman Goes To Budapest" then Stagliano would
|
|
be getting this email instead of Phrack?
|
|
|
|
Dude...it was only a movie. And a bad one at that. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hi there !
|
|
|
|
Your article of the PIC16C84-Phonecard includes a uuencoded part
|
|
that contains the file "telecard.zip". telecard.zip contains the file
|
|
telecard.pcb which was created with Tango PCB Series 2.
|
|
My version of Accel Tango PCB Version 12 is not able to read this file.
|
|
So, I want to ask you, if its possible to send me this file in ASCII-Format
|
|
or (better) in a graphic-format like PCX or GIF.
|
|
A HP-Laserjet-prn-viewer would be useful, too.
|
|
I was also not able to read the schematic-file. Maybe you know a
|
|
location on the internet where I can get an evaluation version of the
|
|
older version of Tango PCB Series II.
|
|
|
|
[ Actually, we've got the same problem here at Phrack. Anyone out there
|
|
who can help, please send us email and we'll get it out to the
|
|
masses! ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hi my name is Konrad. I live in Ottawa, Onratio (Canada). I have a
|
|
question about one thing. When I download a trial program from internet,
|
|
it is only good for 30 days, and when it expires it writes that, to some
|
|
file so I tried reinsalling and redownloading the program, but when I
|
|
tried to run it, it gave me a message that this version is expired and
|
|
that I have to purchase the program. Do you know, to what file it
|
|
registers that it has expired, and how to disable it. If you don't know
|
|
how to do it, maybe you know someone that might be able to do it, and
|
|
forward my address to them. It is very important to me, because I'm
|
|
finishing a home page called Teen Online and my graphic program expired
|
|
(TrueSpace2) and there is no way that I can afford it, so I rather stick
|
|
to trial version. Ok... Thanks for your time.=20
|
|
Konrad
|
|
|
|
[ Usually you can simply reinstall these trial programs and use them
|
|
for another 30 days. With others, you can change your system date
|
|
back, or edit a date in an INI file. It all depends on the program.
|
|
Try some of these things and let us know what works. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Why don't you write somthing for the bulgarian hackers?
|
|
(recent:take a look at everything that happened in Varna, Bulgaria this=
|
|
year)
|
|
|
|
M a n i a X K i l l e r i a n
|
|
|
|
[ We'd love to print something about the Bulgarian scene. Honestly,
|
|
I have no idea what happened in Varna, nor would I know where to look.
|
|
|
|
Here's a novel idea: Since you are IN Bulgaria, why don't you
|
|
write something about it for us! ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
I'm using BPI Accounts Receviable System Version 1.10 for IBM
|
|
Released September 1983
|
|
|
|
It has whats called a "key disk" that allows only the person with that
|
|
disk to closeout the program or month. The problem is this, when I make
|
|
a copy of this Key Disk the files match the original to the T.. There are
|
|
only 2 files involved. But, when I try to closeout, BPI asks me to insert
|
|
the Key Disk and press enter to proceed. When I do this with the "copy"
|
|
of the Key Disk the BPI program tells me that the copy is not a Key Disk.
|
|
This only happens with the copy, any ideas?=20
|
|
|
|
Both Key Disks contain the same information. If I try to activate the
|
|
close directly from the Key Disk Copy it tells me that it can't find a
|
|
file, basrun.exe I checked and this file is part of the BPI Directory on C:
|
|
I've used this accounting software for many years and it works well.
|
|
But I'm afraid the good Key Disk may go bad one day and I'll be stuck.
|
|
Thats why I'm trying to make a copy. Any help would be appreciated.
|
|
|
|
[ Obviously there is something else on that disk that a normal copy
|
|
is not getting. Maybe something as simple as a volume label or
|
|
some hidden files.
|
|
|
|
The easiest thing to do to get around this is make a sector by sector copy
|
|
to a disk image file using some kind of program like the UNIX command "dd"
|
|
and then copy that image back onto a blank diskette. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hi!
|
|
|
|
Here I have something for you, which may be interesting in your news=
|
|
section.
|
|
|
|
Sometime during the night between Saturday April 5th and Sunday April 6th,
|
|
hackers broke into one of Telenor Nextel's webservers and deleted the=
|
|
homepages
|
|
of 11.000 private customers and 70 corporate customers, among them the=
|
|
homepages
|
|
of Norway's two largest newpapers VG and Dagbladet, and the largest online=
|
|
news
|
|
magazine, Nettavisen.
|
|
|
|
The hackers somehow got access to hidden scripts, and after modifying and
|
|
manipulating them ran them, thereby deleting all the files mentioned.
|
|
|
|
Early Sunday, the ISP Telenor Nextel started restoring files from a backup=
|
|
made
|
|
Saturday, but after encountering problems with that one, they had to restore
|
|
from Tuesday's backup. Saturday's backup will be added sometime during=
|
|
Monday.
|
|
=D8kokrim, Norwegian police's department for Economic Crime has been=
|
|
contacted.
|
|
=09
|
|
Reactions:
|
|
|
|
Sverre Holm of Norway's Organization for Internet Users (http://www.ibio.no)
|
|
criticize Telenor for lack of proper information, as well as an unhealthy
|
|
attitude. In response to Telenor's comment that they can't guarantee this=
|
|
won't
|
|
happen again, he says, "Such an attitude can't be tolerated. If this is what
|
|
Telenor means, then we have a serious problem here."
|
|
|
|
Other reactions will surely come in the next days.
|
|
|
|
References (all in Norwegian):
|
|
|
|
Telenor Internett:
|
|
http://internett.telenor.no/
|
|
Scandinavia Online:
|
|
http://www.sol.no/ (Telenor's online service)
|
|
SOL Direkte:
|
|
http://www.sol.no/snpub/SNDirekte/index.cgi?kategori=3DNett-Nytt
|
|
Nettavisen:
|
|
http://www.nettavisen.no/Innenriks/860330846.html
|
|
|
|
I hope this could be interesting to you, and a candidate for your news flash
|
|
pages. Unfortunately, any references included are to pages in Norwegian, but
|
|
anyone with you speaking either Norwegian, Swedish, or Danish should be able=
|
|
to
|
|
get more information.
|
|
|
|
Cheers,
|
|
O L I K
|
|
|
|
[ We here at Phrack always want to know what is going on out there on
|
|
planet Earth. Keep us informed of anty other developments! ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
I'm investigating some informatic viruses who infect images generating
|
|
new fractalized images with a never seen beauty and singularity. Or may=20
|
|
be they investigate me. These viruses could broke sohemer in many diverse=20
|
|
disciplines like art, artificial life, fractals maths, digital image..=20
|
|
if you look web's images http://antaviana.com/virus/angles.htm you will=20
|
|
understand everything. I would be acknowledged if you could help me, and=20
|
|
it is posible i would like you to diffusse this subject in your interesting
|
|
publication.
|
|
|
|
In the name of biodiversity, if you have these VIRUSES,
|
|
PLEASE DON'T DISTROY THEM.
|
|
|
|
[ Ok. We won't. ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
Hi !
|
|
|
|
I read In Volume Seven, Issue Forty-Eight, File 11 of 18 - How to make own
|
|
telephon card . But when i try to make it , this card didnt work ! I try
|
|
all things, and i try to find more informations about telephone cards, but
|
|
i still dont know what's wrong !
|
|
But today i found on http://www.hut.fi/~then/electronics/smartcards.html
|
|
that there is some errors, but there is no information what's wrong.=20
|
|
So i decidet to write to Phrack magazine , becouse in article is eriten to
|
|
mail all questions to Phrack....=20
|
|
Please send me info what is wrong, and how i must change the ASM program to
|
|
work correctly or just PLEASE send me email of contact person who knows how
|
|
to !!
|
|
|
|
Thanx in advance !
|
|
|
|
Marko
|
|
|
|
[ Obviously that little smartcard article caused a stir. We've got all=
|
|
kinds
|
|
of email about it. We'll see what more we can dig up, but we are going
|
|
to really need some help from Europeans and South Americans. (Smart
|
|
cards are not in use here in America!) ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
LOA is back!!! Visit our new page at:
|
|
|
|
http://www.hackers.com/LOA
|
|
|
|
Check it out and be sure to send your comments to revelation@hackers.com
|
|
Volume 2 of The Ultimate Beginner's Guide To Hacking And Phreaking has been
|
|
released as well, so be sure to download it and send me your comments. Be
|
|
sure to check out the LOA Files section to view and download past, present,
|
|
and future LOA Projects. Take it easy all...
|
|
|
|
[ No offense intended, but did you ever wonder why there were so many
|
|
"Legions of" whatever after LOD?
|
|
|
|
We'll put a link up to your page though... ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
Hey, did you know that Juno (the nationwide free email service) has PPP
|
|
access? Free? To superusers only? Who login directly to their terminals
|
|
that have no ANI? And that they are complete fucking idiots, because in
|
|
every juno.ini file buried deep in the /juno/user00000x/ directory there is
|
|
a section called "Variables" which lists at least one Juno server account,
|
|
i.e. "junox14" and a password for it. These work. Not that I've tried them,
|
|
or do this, or can be held in any way legally responsible for my non-PGP
|
|
encrypted actions, which do not show my views, and are protected under the
|
|
1st Amendment.
|
|
|
|
Sorry, didn't feel like using alternate caps today.
|
|
|
|
l8r,
|
|
|
|
-dArkl0rd-
|
|
|
|
[ Interesting. We'll have to get the Juno software and play
|
|
without the advertisements!
|
|
|
|
Thanks, Mr. Shaw ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
Hi. I've got a strange request. We're putting together a case that
|
|
encourages the U.S. to loosen its encryption export policies.
|
|
|
|
Do you know of any written resources that discuss the ability of hackers
|
|
to break into NASA, tamper with launches or satellites? The folks at
|
|
infowar.com insist that it is possible, but say that confidentiality
|
|
won't allow them to publish that fact.
|
|
|
|
We need written evidence to document the case, you understand.
|
|
|
|
Anyway, I'd appreciate hearing from you.
|
|
|
|
Jonathan
|
|
|
|
[ I'd suggest you talk to Emmanuel Goldstein at 2600. The whole
|
|
satellite thing came from a bogus post back in the early 80's
|
|
on a BBS in New Jersey called "The Private Sector." Reporters
|
|
siezed on it, resulting in headlines like "Wiz Kids Zap Satellites."
|
|
|
|
2600 wrote about this in I believe 1984 or 1985. Check with them for
|
|
better details. ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Queridos crackeadores:
|
|
|
|
Les quiero pedir si no saben de donde puedo sacar programas para
|
|
crackear y phrackear.
|
|
=20
|
|
Desde ya mucahas gracias:
|
|
Mauricio
|
|
|
|
[ Existan muchos programas en sitos de FTP y WWW en todos los piases
|
|
del mundo. No sabes de donde puedes sacarlos? Compredes
|
|
"Webcrawler" o "Excite"? Dios mio. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hi Phrack;
|
|
|
|
Intro to Telephony and PBX systems in Phrack#49 was excellent, pulled a=20
|
|
lot of things together for me. That's probably the clearest, most=20
|
|
concise explanation of the phone system that I've ever read. Hopefully=20
|
|
Cavalier will be up for many more articles like that in the future.
|
|
|
|
respects,
|
|
jake
|
|
|
|
[ Thanks! Hopefully we can continue have more telephony related articles
|
|
in the future. It is fast becoming a lost art in today's hacker
|
|
community. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
hey.. a Note To Say, 1-Greetings From IreLand..
|
|
2-Thanks A million.. I love Phrack..
|
|
3-Where Is The NexT Issue.. Whats up doc..=20
|
|
4-do ya have info/schematics on the shit that allows one
|
|
to break into cellfone conversation and chat briefly
|
|
to callers, as described in winn schwartaus excellent
|
|
article on Defcon ][ ?Cellfone
|
|
5-Is Phrack on a Mailing List?? if so, Can ya Stick me
|
|
On it?
|
|
Many ThanKs
|
|
NasTy Nigel,
|
|
[PhreaK PowEr]
|
|
|
|
[ 1. Greetings to you too gobshite!
|
|
2. Thanks!
|
|
3. You're reading it.
|
|
4. Not that I was in the room making those calls mentioned
|
|
in that article or anything, but... :)
|
|
An Oki-900 with CTEK cable hooked to a PC running omnicell tracking
|
|
calls. A motorola brick phone in debug mode, hooked to a 25db gain
|
|
yagi antenna (on a tripod) pointed out the window. As Omnicell locked
|
|
in on interesting calls, the Motorola was tuned to the corresponding
|
|
channel, Tx Audio turned on, various humorous interrupts were uttered,
|
|
and Tx Audio turned off so the party being "contacted" wouldn't be
|
|
thrown off their cell channel by our more powerful broadcast.
|
|
Very simple.
|
|
5. The mailing list now is so huge that it will only serve to let people
|
|
know when issues are going out, special bulletins, etc. Mailing out
|
|
a meg to almost 30,000 people causes serious problems to the Internet,
|
|
so we decided to make the change. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
I just wanted to drop a line and say that you guys are doing a great job
|
|
with the zine. I just got issue 49 and I'm looking forward to reading it.
|
|
I'm sure you've heard of The Works, the bbs with the most text files in the
|
|
US. Well, it's finally back online, after six months in the gutter. For the
|
|
best text files and the coolest users east of the Mississippi, call us up.
|
|
+1 617 262 6444. You can't go wrong with the Works. We want you to call.
|
|
|
|
[ It's amazing that BBSes like The Works are still around, even with a bit
|
|
of down time. What's it been? 10 years? Geez.
|
|
|
|
You're approaching the longevity of Demon Roach or P-80. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
I'm doing research on hackers for my LIB 105 class and have come across
|
|
some of what I guess is tech speak or jargon. I've noticed that the
|
|
letters 'PH' are frequently used to intentionaly mispell the words
|
|
phreak, lopht, and in Phrak Magazine. Is there a reason behind all of
|
|
these PHunny spellings?
|
|
|
|
[ Uh, PH as in Phone. From the old Phone "Phreak" subculture of the
|
|
late 60's, early 70's.]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
I think a great idea for a future article would be how to make a decoder
|
|
card for a DSS sattelite reciever with some easy commercial stuff and a
|
|
cmos Z-80 I.C. ...
|
|
|
|
[ If it were that easy, there would be a bigger number of players in the
|
|
billion dollar industry of satellite piracy. A key figure in that
|
|
closed community once told me that it cost them about $1,000,000 US to
|
|
crack each new rev of smart card. (But when you figure that means only
|
|
selling 10000 pirate cards at 100 bucks, the cost of doing business
|
|
is minimal, compared to the cost of the service provider sending out
|
|
new software and cards to each subscriber.) ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hi, I am a Primestar installer, I was wondering if you knew anything about
|
|
how to stop Primestar from de-authorizing their unused IRD's? I know of 2
|
|
installation screens accessable through the password screen using #'s 996 &
|
|
114, do you know of any others? I would appreciate any info you might have.
|
|
|
|
Thanks,
|
|
|
|
[ And Phrack would appreciate ANY info you have! ANYTHING! EVERYTHING!
|
|
As an installer, you probably have some insights into the cards/recievers
|
|
that we don't. Write them up! ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
For certain reasons, some people may want to create a new anonymous mail
|
|
box. Did they considered to create it in France?
|
|
A lot of IPS offer the possibility to create mailboxes to those who have
|
|
no computers by using a primitive look-alike telnet system: the French
|
|
Minitel. This is convenient because a couple millions of Minitel have
|
|
been freely distributed in France during the last ten years. The only
|
|
cost is that an overcharge is billed to your phone bill of approx
|
|
35cents per minute. But this is perfectly legal and hard to trace back.
|
|
Hyperterminal (at least in its french version) emulates the french
|
|
minitel.
|
|
|
|
The only thing is to dial 3615 in France and use one of this server:
|
|
ABCNET, ACENET, ADNET, ALTERN,FASTNET,EMAIL...
|
|
For example, EMAIL creates an e-mail adresse like:
|
|
pseudonym@xmail.org.
|
|
|
|
The only thing is that you have to know a little bit of French to use
|
|
it, but just a little bit. The cost of a call (International and
|
|
Minitel overcharge) should not be a problem to some of you.
|
|
LeFrenchie
|
|
|
|
[ This is a good idea. People outside of France don't know much about
|
|
Minitel, (Or any videotext systems) since they failed in a big way
|
|
here in the states and most other countries. Many old hackers might
|
|
remember some of the Minitel Chat systems also accessible over X.25 such
|
|
as QSD (208057040540), but without emulation software wouldn't have
|
|
ever had access to the real Minitel. ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Two questions
|
|
|
|
1 How can I connect to an IRC server though a firewall?
|
|
2 How can I intercept messages sent to chanserv and nickserv on Dal.net?
|
|
|
|
Thank you.
|
|
|
|
[ 1. Open up ports 6665-6667
|
|
2. Set up a hacked IRC server. Get someone important to add it to the
|
|
EFNET server hierarchy. Look for PRIVMSG to whomever you want. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hello,
|
|
A modem has a light buffer between the copper wires of the
|
|
telephone line and the rest of the copper printed circuit ( mother)
|
|
board. How ( or does) does a firewall prevent hacks on a system or
|
|
is this just a matter of Modern (Mastodon) buffalo hunting: They
|
|
go down the same big or small. Specifically , beyond smart self
|
|
learning systems can a server realy prevent contamination without
|
|
the intervention of beings? My sister a suposed Webmistress says
|
|
there are intervening buffers, I still see that between what ever,
|
|
there is a very big freaking leap of faith..
|
|
Senor Please Elucidate
|
|
Richard
|
|
|
|
[ Uh, if you think the "firewall" is that light buffer between the wires,
|
|
then you have missed the point. A firewall in the networking context is
|
|
not the same as the metal firewall in your automobile....it is merely
|
|
a metaphor that has been adopted as the term d'jour.
|
|
|
|
Please read: Building Internet Firewalls by Brent Chapman &
|
|
Elizabeth Zwicky or Firewalls & Internet Security by Cheswick & Bellovin ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
> Drop us a line on what you think of 49. Comments are encouraged.
|
|
|
|
I think issue 49 was great, not to mention getting it out on time. I do have
|
|
a suggestion though. The past few issues of Phrack have focused mainly on=20
|
|
UNIX and not much else. I think UNIX is a great OS, but it would be cool if
|
|
occasionally you would print a few articles about other systems. I would=20
|
|
write one myself but right now I don't have anything new to contribute.=20
|
|
|
|
Later,
|
|
Tetbrac
|
|
|
|
[ This has been a request for a long time. Hopefully we'll get some
|
|
articles on other operating systems some day. Personally, I'd like
|
|
to see VMS, MVS and OS-400. Any takers? ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
I just finished reading issue 48, and congratulate you on some excellent
|
|
techinical articles. I have only one (rather insignificant) comment:
|
|
within the article #13 on project neptune, it was stated: "[the urgent
|
|
pointer] is TCP's way of implementing out of band (OOB) data." Actually,
|
|
URG pointers are in band (specification-wise), however most (but not all)
|
|
TCP implementations map the URG flag to out of band. While this point is
|
|
irrelevant to SYN flooding, I thought I would present it in case anyone who
|
|
read the article is interested in pursuing any nuts & bolts transport layer
|
|
implementations. Keep up the good work, and keep turning out more of this
|
|
kind of technical information.
|
|
|
|
ammit-thoth
|
|
|
|
[ Point noted. Thanks! ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Listen... you've probably been noticing that I've mailed you guys a
|
|
couple times asking for help with hacking. Before I have never recieved
|
|
any mail back. You have got to please mail me back this time. I found
|
|
something on accident that is really out of my league. You guys are the
|
|
best I know of that might be able to help me. I really need your help on
|
|
this one. I was fucken around on Telnet just typing in numbers in the
|
|
Chicago area code. On accident I typed in numbers and I entered a NASA
|
|
Packet Switching System ( NPSS). It said it was a government computer
|
|
system and to leave right away. Please mail me back for the numbers. I
|
|
need your help to get into this system.... I need yer help.
|
|
|
|
[ Let me guess, you typed the prefix 321 instead of 312 while playing
|
|
on Telenet. The systems you'll find on that prefix have been hacked
|
|
at for nearly two decades now. Systems on the network were targeted
|
|
in the 80's by Germany's Chaos Computer Club, and I personally know
|
|
they have been poked at by groups in the US, UK and Australia
|
|
starting back in 1981.
|
|
|
|
What I'm trying to say is, after so many years of people beating on the
|
|
same few systems, shouldn't you look for something a bit less stale? ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Dear phrack,
|
|
|
|
I want to be added to the list. I was also wondering if you had ay
|
|
publications or information on TEMPEST monitoring? Also know as Van Eck
|
|
monitoring.
|
|
|
|
[ We published a Dr. Moeller's paper continuing on Van Eck's work
|
|
in Phrack issue 44.
|
|
|
|
You might also want to check out http://www.thecodex.com
|
|
for a self-contained anti-tempest terminal for about 10K. ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
I just read your editorial in Phrack 48 and I feel like giving you my two=
|
|
cents
|
|
worth. I think you did an excellent critique on the "scene." As a person
|
|
who has been watching for a while, and as a person who has been through it,
|
|
I found it nice, to say the least, to find others who actually seem to have
|
|
their head on straight. This letter was originally much longer, but I
|
|
shortened it because I think you get the point.
|
|
|
|
I started programming computers in 1983 at the age of 6. I was running
|
|
DOS 2.0 and I had a blazing fast 1200 baud modem. At the time, I had
|
|
no mentors, no teachers, no friends that could teach me how to use that
|
|
incredible machine. The books of the time were cryptic, especially for an
|
|
age where most children could not read, much less program. But I did my=
|
|
best.
|
|
Ten years later, I was still on my own.
|
|
|
|
I didn't get ahold of a copy of Phrack until 1991. I thought it was really
|
|
cool that people like me would get together and exchange infomation, talk
|
|
computers, etc.
|
|
|
|
In '94, I got into viruses and prolly was one of the better independant
|
|
(i.e. not in a group) writers. It was about that time I got onto IRC.
|
|
Most of the time I would hang out in #virus, but every now and then I
|
|
would pop into #hack. I never stayed...I couldn't stand the arrogance.
|
|
|
|
Shortly before I went to school, I was in competition for control of a
|
|
new freenet versus a local hacker group. A month after I went to college,
|
|
that group got busted. I got lucky.
|
|
|
|
Earlier this year, I went on Good Morning America to talk about viruses.
|
|
Looking back, it is prolly the single dumbest thing I have done in my
|
|
whole life.
|
|
|
|
As much as I wanted to, I've never been to a 2600 meeting, never been to
|
|
a Con. Never really had any hacker friends. It's always been just me.
|
|
I'm sure I know less about breaking into computers than the guy who has
|
|
been doing it for a week but has access to tons of partners. But I still
|
|
consider myself a hacker. My interest has been one of learning about the
|
|
system. I've been learning longer than most. I rarely break into
|
|
a system. I have access to unix systems, and even a VAX. I don't want
|
|
the latest hacking tools. I write my own, with my theories. I don't
|
|
need much else. But I've never had anyone to share it with. But I think I
|
|
realize that the past is the past, and I won't ever get to attend the old
|
|
cons or sit on conference calls, as much as I'd love to. I won't bother
|
|
with the latest cons because I can get the same stuff at a college party.
|
|
|
|
Well, that is about it. I apologize if it is poorly written. Bad english
|
|
skills :) I hate writing these because I grow tired of getting slammed
|
|
by some arrogant asshole. Thats prolly why I have been doing this alone
|
|
for 13 years. After your editorial, I wonder how many people will stop
|
|
showing up at the cons...I hate the isolation, but I would never want to
|
|
be a part of a "scene" which has turned from mature goals to juvenile
|
|
ones. Just my thoughts...
|
|
|
|
Evil Avatar
|
|
|
|
[ Actually, I have more respect for the people who continue to stay in the
|
|
fringes, learning on their own rather than scurrying for attention
|
|
in the media and in the community. (Yes, like me.)
|
|
|
|
To be fair though, don't sell yourself short by avoiding Cons if you
|
|
really want to check them out. Despite all the ranting I did in that
|
|
editorial, I still have many friends in the community and enjoy
|
|
meeting new ones at conferences. Not everyone thinks it is cool
|
|
to trash a hotel, or to try to out "elite" one another. Unfortunately,
|
|
the loudest and most visible people at such events tend to be the
|
|
most juvenile. If you find this happening, do what I do: get the
|
|
hell out of the conference area and find a convenient bar. The older
|
|
hackers will eventually find you there, and you can all drink in peace
|
|
and actually talk unmolested. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
Dear Phrack --
|
|
|
|
Been a reader since the 80s, and I'm one of the originals... Would like
|
|
to submit a poem that I wrote that details the experience of a hacker
|
|
who left the scene for several years -- Coming back to find it in utter
|
|
Dissaray... Definitely not the way he left it... Well -- You guys will
|
|
let me know what you think
|
|
|
|
"Where Have All The Hackers Gone"?
|
|
----------------------------------
|
|
|
|
Original Poetry by: Jump'n Jack Flash -916-
|
|
|
|
|
|
On a cold night in the dead of winter a soul stumbles into #hack and asks:
|
|
'Where have all the Hackers Gone?'
|
|
|
|
Immediately the group recognizes him as one of the originals.
|
|
|
|
'Help us change our grades!' a voice calls out from the huddled masses.
|
|
'Help me hack root on a NYNEX system!' another voice asks.
|
|
|
|
The soul clutches his bowed head and covers his ears, trying to remember
|
|
back to before he involuntarily left the scene a few years ago.
|
|
|
|
'The only thing that kept me sane while I was imprisioned was the
|
|
thought of seeing my friends and fellow hackers, now I demand you tell
|
|
me Where Have All The Hackers Gone?' the soul begs the crowd of jubulent
|
|
newbies.
|
|
|
|
Silence is the only answer he receives,
|
|
For there are no real hackers here.
|
|
|
|
Then a voice speaks up and says,
|
|
'They're gone! You're the first we've seen!'
|
|
The soul asks,
|
|
'What do you mean?'
|
|
|
|
And Silence is the only answer he receives,
|
|
For there are now real hackers here.
|
|
|
|
And like a wall crumbling down it comes to him and he falls to his knees,
|
|
like hunting for human life after a Nuclear war he stumbles out of the room,
|
|
And he hurries to the place where only the Elite could go just a few years=
|
|
ago,
|
|
But when he arrives he is shocked and amazed,
|
|
There are no hackers here on this dark winter day.
|
|
|
|
And he stumbles into traffic,
|
|
feeling the snow crunch beneath his feet,
|
|
and he shouts into the night for the elite,
|
|
|
|
'Where Have All The Hackers Gone?'
|
|
|
|
And Silence is the only answer he receives,
|
|
For there are no real hackers here.
|
|
|
|
[ Nice poem man...thanks!
|
|
|
|
Where did the hackers go? They grew up and got real jobs... ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
I'd love to say that I'll miss Erik, but after that obnoxious, immature
|
|
rant, all I can say is good riddance. Now maybe Phrack will be useful
|
|
again.
|
|
|
|
[ Well, I guess not everyone agrees with me, which is a good thing.
|
|
But, uh, I'm not gone man...just narrowing my duties...so fuck you. :) ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
'' WARNING ''
|
|
COVERT EXTERMINATION OF THE POPULATION. !!!=20
|
|
THE UNITED NATIONS=3DNEW WORLD ORDER HAS TURNED AMERICA INTO A
|
|
EXTERMINATION CAMP. THE PENTAGON GERM '' AIDS '' WAS CREATED
|
|
AT A GERM WARFARE LAB AT FT, DETRICK, MD. AIDS AND CANCER CELLS
|
|
ARE BEING INJECTED INTO PEOPLE UNKNOWING UNDER THE GUISE OF VACCINES
|
|
AND SOME PHARMACEUTICALS.
|
|
|
|
SOMETIMES THE TRUTH IS SO UGLY WE DO NOT WANT TO BELIEVE IT. !!
|
|
AND IF WE DO NOTHING, THEN WE DESERVE IT. !
|
|
BELIEVE IT OR NOT. DISTRIBUTE WIDELY.
|
|
'' HACK OR CRACK THE UNITED NATIONS =3D NEW WORLD ORDER. ''
|
|
LONG LIVE THE POWER THROUGH RESISTANCE.'' !!!
|
|
|
|
SONS OF LIBERTY MILITIA
|
|
312 S. WYOMISSING, AVE.
|
|
SHILLINGTON, PA. 19607 U.S.A.
|
|
610-775-0497 GERONIMO@WEBTV.NET
|
|
|
|
[ It's about time we got some mail from some kind of Militia-types!
|
|
Let's all arm up to prepare for the revolution! A healthy dose
|
|
of AK-47's and PGP will save us all from the ZOG hordes when the
|
|
balloon goes up.
|
|
|
|
Hey, have you guys read the Turner Diaries by Andrew Macdonald?
|
|
Get it from Barricade Books, 150 5th Ave, NY, NY 10011.
|
|
|
|
Ahem. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
i want a credit card generator
|
|
|
|
[I want a pony]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hello !!!
|
|
|
|
I just read in P48-02 the letter of the russian subscriber who tells you=20
|
|
(the editors) the story about the FAPSI and they plan to order all=20
|
|
ISPs to provide for a possibilty for them to read all the mail.
|
|
|
|
In the editor's note below that you say that you fear your country (I assume
|
|
it's the USA) is also heading towards that goal.=20
|
|
|
|
Well, I live in Germany, and it has already happened here. That means,=20
|
|
every ISP (and this is not the exact term, as it also includes all sorts
|
|
of information providers, ie telephone companies - but excludes=20
|
|
private BBSs, I believe) are forced to provide a method that not only
|
|
- Allows the government/police to read everything that is written but also
|
|
- Without even the ISP noticing it (though I don't know how this would=20
|
|
be ensured, technically).
|
|
=20
|
|
OK, this is not the same as in Russia, as they don't copy ALL the mail and=
|
|
=20
|
|
news, but only that of persons suspected of a crime strong enough=20
|
|
to allow it, ie it's the same thing that's needed to open people's=20
|
|
mails. Still, I feel it's certainly a step in the wrong direction.
|
|
|
|
Note that cryptography is not (yet ?) forbidden in de.
|
|
=20
|
|
Regards,=20
|
|
=20
|
|
Thomas=20
|
|
|
|
[ Germany? Governmental rights violations? Say It isn't so! Should I get=
|
|
my
|
|
brown shirt out of the closet for my next visit to Berlin? :) ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
Hello, I want to be a hacker and I need some help. I have read
|
|
countless reports on UNIX, VMS, and all that other jazz but that still
|
|
doesn't help me with my problem.
|
|
|
|
I want to be able to hack into someone's home PC from my own home. Now,
|
|
most PC's aren't capable of doing this but, this person has a
|
|
connection on the internet and is also linked to his work in LONDON,
|
|
ONTARIO at a place called IAPA. (industrial accident prevention
|
|
association) Anyway, he runs WINDOWS 95' and is using NETCOM. Now I
|
|
know his password if that does me any good, but how do I go about doing
|
|
this?
|
|
|
|
SHAOULIN
|
|
|
|
[ When you say "I want to hack his home PC" what do you mean?
|
|
|
|
Just because he uses NETCOM, that doesn't mean you can find him. He is
|
|
probably being assigned a dynamic IP address each time he calls in to the
|
|
network. Even so, let's say you can discern his IP address. Even if
|
|
a computer is hooked into the Internet, it is only as insecure
|
|
as the services it offers to the world.
|
|
|
|
If your friend is running Windows 95, then you may only be limited
|
|
to attacking any SMB-style shared directories or perhaps via FTP.
|
|
In either case, if you know this person's password, then you can
|
|
probably read/write anything you want to on their system.
|
|
Run a port scanner against it and see what you can access, and
|
|
plan based on that. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
This message was sent to you by NaughtyRobot, an Internet spider that
|
|
crawls into your server through a tiny hole in the World Wide Web.
|
|
=20
|
|
NaughtyRobot exploits a security bug in HTTP and has visited your host
|
|
system to collect personal, private, and sensitive information.
|
|
=20
|
|
It has captured your Email and physical addresses, as well as your phone
|
|
and credit card numbers. To protect yourself against the misuse of this
|
|
information, do the following:
|
|
=20
|
|
1. alert your server SysOp,
|
|
2. contact your local police,
|
|
3. disconnect your telephone, and
|
|
4. report your credit cards as lost.
|
|
=20
|
|
Act at once. Remember: only YOU can prevent DATA fires.
|
|
=20
|
|
This has been a public service announcement from the makers of
|
|
NaughtyRobot -- CarJacking its way onto the Information SuperHighway.
|
|
|
|
[ Funny, my phone isn't ringing, and my credit is still only as screwed up
|
|
as it was when I got through with it. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Hi
|
|
|
|
I'm looking for some cellular pheaking information
|
|
but is verry hard to find god information
|
|
can giveme something to work on??? :-)
|
|
|
|
[ The best site going is Dr. Who's Radiophone site at:
|
|
|
|
http://www.l0pht.com/radiophone ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
I just have a question to ask. How would I bypass Surfwatch so that I
|
|
can go into web sites that I would like to see?
|
|
|
|
[ It is very easy to bypass SurfWatch. Stop using Mommy & Daddy's computer
|
|
and buy one of your own. ]
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
i was recently using A-Dial a couple of months ago, and came up with about
|
|
10 or 12 different numbers starting at 475-1072. Curious about this, I
|
|
called one back, using a mini-terminal. What I expected wasn't this. What
|
|
it said is in the file attached to the letter. It says the same thing with
|
|
all of the numbers. I could use some info on what the hell this is, because
|
|
I never heard of Annex. Thanx.
|
|
|
|
Data Case
|
|
|
|
[ What you have connected into is more than likely a kind of terminal
|
|
server. From there you can usually enter a system name to connect
|
|
directly into the specified system, or enter in "cli" to go into the
|
|
command line interpreter where you have more options to choose from
|
|
including "help." ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
Do you know where I can find texts on hacking into the California=20
|
|
Department of Motor Vehicle Records? My friend's identity was stolen=20
|
|
for credit card fraud and the person who did it even went so far as to=20
|
|
get a CA driver's license to impersonate her. The worst part is that=20
|
|
Visa won't release a copy of the fraudulent person's fake driver's=20
|
|
license to my friend, so she can't find out who this person actually is.=20
|
|
Do you know of any other ways we can get this person?
|
|
|
|
Binky
|
|
|
|
[ Gee, Binky. If VISA is involved and it was credit card fraud, then
|
|
is the Secret Service involved too? If so, then why on earth do you
|
|
(or your friend) want to get in the middle of it? You'll know soon
|
|
enough who the person is when they get charged, or is this just a
|
|
Charles Bronson style vigilante thing?
|
|
|
|
California's DMV (as well as most public records databases in that
|
|
state) is kept somewhat restricted to public queries due to the large
|
|
number of celebrities living in the state, or otherwise you could just
|
|
go buy the information directly from the state.
|
|
|
|
If you're thinking about pulling a "Mitnick" and breaking into such
|
|
a database, then you better know something about IBM mainframes and
|
|
know how to defeat RACF. Or be willing to dig around in the trash
|
|
until you locate a valid account. Even if you find a valid RACF userid,
|
|
you will have 3-5 tries per account to guess a valid password until the
|
|
account is locked out (which of course will let them know you were
|
|
trying to hack them.)
|
|
|
|
For an easier solution, you might want to looking in the yellow pages
|
|
for a private investigator and have them do a search on Information
|
|
America or NIA and get the listing for you, or bribe a civil servant. ]
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
EOF
|
|
|
|
|