.oO Phrack 50 Oo. Volume Seven, Issue Fifty 2 of 16 Phrack Loopback ----------------------------------------------------------------------------- Hi, I have a story of violations of freespeech and censorship and if I am busted unjustly, please publish this story to the public. Yesterday some faggot e-mailed me with a ton of ascii crap that took me an hour + to DL. WHen I finished DLing it, windoze stalled and I had to restart.. So naturally I was pissed off. The reason this guy said he did this was because I posted a cheat program for the game Diablo on my webpage and he doesn't like cheaters. Today he e-mailed me again with ascii crap.....I was beyond pissed....so I did what anyone in my position would do....Imailbombed him ... about 600 msg's or so. I used Kaboom3 and an SMTP I thought (Looked like it from port 25) was anonymous and untraceable. As it turns out, 2 hours later the head of security at Earthlink (my current ISP) called and said that someone from my account had e-mail bombed this person. The security guy said that the person I bombed complained to his ISP because it "put out his business for hours." His ISP traced it to Earthlink and then to me, by contacting the earthlink security guy and having him look in the logs for who was connected to the ip (dynamic) they saw in the bomb messages at the time the bombing occurred. He also said that the guy I bombed called the FBI and got them involved in it. Is this sounding fucking ridiculous yet? First of all, any reputable business presumably has a better-than-28.8 connection, which means it would have taken this guy a couple seconds to DL my bomb. Secondly, even if he doesn't have a T-1, at 28.8 it would take 2 hours or so, maybe less. But the FBI is involved..... I can't fucking believe it! So naturally the first thing I do is e-mail all the reputable hackz known to me. This is ridiculous, this is oppressive, this is BIG BROTHER! Yours, GrEeNbEaSt [ So, what exactly is it that you want us to do, besides burst into fits of uncontrollable for several minutes at a time? ] ----------------------------------------------------------------------------- Hey, in phrack 48, the article on IP spoofing says you need to sample to TCP sequence numbers of the host you are attacking. The method is suggests is to connect via SMTP and then drop the connection. There is a problem with this - sendmail usually logs failed mail transfers, so the host will probably be able to correlate this with the time of the attack and find out who you are. Further, this connection must be done from a non-spoofed IP address to guarantee you get a returned packet. There are two options available here: 1) Forge the sequence sampling connection as another host on your subnet (although if they contact your provider and your provider logs massive data, you're busted - also this will not work if the local network uses an active hub) 2) Make sure to remove these traces if you manage to crack the machine - this is all or nothing - if you fail to crack it, but left indicators of an attack, you are screwed. (again only if your provider logs heavily) If you want to circumvent these dangers altogether, simply sample the sequence numbers from some highly non-logging port. The standard inetd server for UNIX runs a TCP echo, discard and chargen service, which you can get sequence numbers from, and does not log anything. There are two complications to this attack which are becoming increasingly used, and which effectively prevent it. 1) Some providers do not allow foreign IP addresses to go out of their subnet as source IP addresses - this is done through router blocking. Most sites just don't give a damn or are too stupid to figure out how to do it, but the number of providers doing this is increasing. You could try to hack their router - easy to find, do a traceroute, but chances of success are slim if it doesn't allow remote logins. Also, your ISP will know if this happens, and may take additional precautions immediately (such as grabbing your ethernet address if you are on a local network - then you are f!!ked) We don't want any minors reading this to see any offensive words, do we - oh lord, they might even ban phrack in the state of Texas. No offense to anyone from Tx unless they deserve it. 2) Some OS's use pseudo-random number generators to create TCP sequence numbers at the beginning of each connection. This is easy to do under Linux, and I think some commercial OS's might even be doing this now (anyone have confirmation of the rumor that Solaris now does this?) Now, this is easy to check for - connect twice in immediate succession and see if you get two sequential (or close) numbers. However, a workaround for this would be to generate pseudo-random sequence numbers for the first connection from a given IP address (and then again when the IP layer no longer has any knowledge of this IP address) If a site was running non-crypto pseudo-random sequences, it would be possible to analyze it using a spectral test to try to predict sequence numbers, but if they use a cryptographically secure sequence generator, you would have to break it (probably not too hard since any highly secure crypto sequence would make IP response time unreasonably slow) A counter-solution to this would be to generate random numbers in low cpu load time, and have a buffer of them for later use. Here, we could probably go on forever with attacks and countermeasures, so lets stop now, as a cure for sanity. As an aside note for the highly paranoid: ethernet spoofing Note: some of this is theorized, and might not be 100% accurate - if you get the jist of it, you should be able to figure out if it works for you. It is possible to spoof ethernet hardware addresses as well. Some cards will allow you to do this easily, but you need to have card programming docs (check the Linux kernel source for your card driver-!!). Others won't let you do it at all, and require a ROM change, or worse it might be solid state logic on the card - EVIL. Course you might be able to get around solid state stuff by recoding the ROM, but I wouldn't recommend it unless you don't have the $70 to buy a new card, and have a month or two to spend in the basement. If you make up an ethernet address, you should probably use a real card identifier (the first three bytes). This is because some sniffing software raises warning flags when unknown card identifiers pop up, and this software is run by more network admins than I'd like to think. Some new hub technologies may limit this type of spoofing- most notably, active hubs wouldn't allow it at all. Other new hub designs use mappings of ethernet address to specific ports on the hub, so you might not be able to change the address without turning off the machine, waiting for the hub to time out the address, and rebooting. Ethernet hardware address spoofing will make a machine completely undetectable, provided it is not the only machine on a network that is being monitored. There may be a way around active hubs, and this is multicast ethernet addresses. Any network card capable of multicast should be able to send packets with an ethernet multicast address. This address is not specific to each card, as many cards can send and receive on the same multicast address. The problem here is router and hub technology may have already advanced to the point where it can distinguish multicast ethernet addresses and convert them to multicast IP addresses, which would not allow you to spoof. This is only theoretical - I haven't tried it, don't know anyone who has, and have never even heard rumors about it. Note : this information is in no means comprehensive - I don't have the time or resources to study it, but most likely results in ethernet spoofing vary by the manufacturers of the network hardware all the way down the local line - (i.e - ethernet card all the way to the first gateway) Another aside: return path rerouting In return path rerouting, the IP spoofing attack follows the same general principal, except that the attacking machine gets reply packets, and does not need to operate blind. There are three ways to make this work: 1) Pretending to be a trusted host on your subnet Easy, just pick up packets destined for the trusted machine which look like responses to your forged packets, and send on their IP address, and SYN flood their machine. This will even work past blocking ISP's 2) Source routing attack Medium difficulty, you have to construct a path between your machine and the target, and a path between your machine and the trusted host (although the last part can be made up). Use this and either the strict or loose IP routing option, and all packets will come back to=20 you. This will not work nearly as much, since many hosts and=20 routers discard source routed packets (it is a well-known flaw in=20 TCP/IP now). However, mightn't buggy implementations only discard one type of source routing? 3) Experimental - ICMP redirect attack Try using ICMP redirects to redirect the packets back to the=20 attacking machine. ICMP redirects should only be accepted to=20 machines on a local subnet, but buggy implementations might not do this correctly (actually, I think the Host Requirements RFC says=20 this is recommended, not required). Also, it may be possible to =20 create a path using redirects or forged routing updates to direct traffic to a trusted site back to the attacking site. After the attack, the routing information could be repaired, making it seem like a temporary network failure. If anyone followed this and knows what I mean, let me know if you think it's possible. =20 Thanks Zach [ Zach, you have good ideas and points. Now, why haven't YOU written an article for Phrack??? You should...<hint><hint> ] ----------------------------------------------------------------------------- DEATH TO THE INNOCENT I WENT TO A PARTY, MOM, I REMBERED WHAT YOU SAID. YOU TOLD ME NOT TO DRINK, MOM, SO I DRANK SODA INSTEAD. I REALLY FELT PROUD INSIDE, MOM, THE WAY YOU SAID I WOULD. Either way, it gives you someone to subject to your drunken ravings. Now why this was sent to Phrack, I have no idea. ] ----------------------------------------------------------------------------- I just have one question, i just moved back down to Texas from NY,,, is there any one at phrack that knows local BBS numbers for san antonio??? thanx for the help, [In almost any city with running water and electricity (and yes, even San Antonio qualifies as of this writing), in any local computer store you will find local compu-nerd publications. I think in San Antonio its "Computer User." In any case, in the back are usually listings of local bulletin boards. Start with these, and eventually you will come across the kinds of bulletin boards you really want. ] ----------------------------------------------------------------------------- The trial of the Danes arrested in the article I wrote in #47 has now ended. No jail sentences, just community service up to 200 hours (me) and a fine of 30.000Dkr. (apx. $5000). Anyway, remember I wrote you about the article being quoted and translated to Danish in a Danish magazine? Well, after the same magazine published our REAL names, adrs with the advice not to hire us for any jobs I got pretty sick of them and sent them a bill of DKr 5000, billing them for my article.=20 Of course, they won't pay me (would rather go to court) so now I'm considering taking them on their word. The company I'd be going after is a daughtercompany of Coopers & Lybrand and is called Institute of Datasecurity. Most of their employees seem to be notorious idiots, always proclaiming themselves in the media with the anecdotes of yesterday. They even gave out an award (money) to the DA who prosecuted us for doing a nice job!=20 Well, since they didn't only violate my personal copyright but also the restrictions of Phrack Magazine itself, I wanted to know if I could get your support? Just some kind of written statement about the policy of the magazine, whether or not they paid you for it, etc. In a hurry, dont mind the mistakes, Le Cerveau [ Can you please send a photocopy of that article to us at the Phrack mailing address? Maybe we can help. I really don't have much respect for the accounting firms "computer security" teams, and never have. In the years they've been doing this work, they STILL don't get it. It's too bad you aren't in America. You could probably sue the living= hell out of everyone involved, if they really did publish your names and advise people not to hire you for work. ] ----------------------------------------------------------------------------- HEY Whats up, I was wondering if U could tell me how to e-mail bomb Please!!!!=20 [No, that's a stupid thing to do. But, if you insist.... Go do a WWW search for the program "UpYours" This should suit your needs just fine. ] ----------------------------------------------------------------------------- Hello, I was wondering if you know where i can get copies of "The Journal of Privileged Information"? I have issues 1-5, and i`m looking for 6 - present. If you know where i can get them, it would be greatly appriciated!! thanx techcode [ I'm not really familiar with this magazine, but if anyone out there has copies of this, email us with information on where to get more. ] ----------------------------------------------------------------------------- Dear Phrack, Great job on issue 49. I enjoyed the section in Line Noise about ID machine hacking. Anyway, I wanted to say that Phrack rules; it is by far my favorite computer hobbyist magazine. By the way, I remember reading= a letter that a reader sent in, about some queer selling bound volumes of= Phrack, LOD Tech Journals, and virus source code. A similar occurance happended to me when I found that some wannabe-elite pseudo-hacker was selling printed copies of Phrack, 40 Hex, Digital Free Press, and Xeroxed copies of= alt.2600. I was curious, to say the least, and felt compelled to defend the honor of those aforementioned publications. I talked to the fag, and I gained his trust by using undecipherable hacker jargon that he seemed awed by. It= turns out that he had been distributing pirated junk on his PC, using an= unregistered copy of Serv-U. I gave him a registration crack, and in return he gave me= an account on his machine, so I could download his warez. I logged on to his PC one day, and I quickly found the serv-u.ini file with the encrypted passwords. Since Serv-U uses Unix style encryption, I cracked his personal account in about 17 minutes. He kept a TCP/IP connection open from 4pm to 11pm every evening, and I logged on as him one day. I uploaded a virus to the windows system directory and renamed it something benign, and then I edited his autoexec.bat to execute it (I also used Fixtime from the Nowhere Utilities 2.0 to make it smooth). I haven't heard from him since. That one was a simple job to protect the rights of cool magazines like Phrack! Take it easy, and keep the issues coming. dethbug [ If only all readers were as loyal. Or better yet, if only all readers sent us a dollar! Seriously though...a virus was a bit much, but since we weren't there to sue to protect our copyright... But uh, let it be known that you were not directed by, nor acting as an agent of Phrack Magazine, and any and all such behavior was done purely on your own behalf. :) ] ----------------------------------------------------------------------------- Does this cost anything ?=20 LORDCYBRON [ Unfortunately it does, but only your mortal soul. ] ----------------------------------------------------------------------------- Phrack, We would like permission to republished Chris Goggans' (Erik Bloodaxe) editorials from issue 4.42 to issue 7.48 in Node9: An E-Journal of Writing and Technology. http://node9.phil3.uni-freiburg.de There is a lot of interest in hacker culture in cultural studies, and Chris Goggans' editorials give a good snapshot of the hacker's side of the from last three years.=20 We could tell our readers to simply go to Phrack and get the editorials themselves, but putting the editorials together makes them more effective. Plus, for many of our readers, a number of names, terms, events need to be annotated. Jon Adams=20 [ Well Jon, Phrack has always had a policy of letting people reprint articles / editorials / whatever as long as all pieces remain intact with all credit given to the original author and to Phrack Magazine. If you can do that, feel free to use the editorials. ] ----------------------------------------------------------------------------- Hi Hackers =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D I have only one question for you, please answer me. I read in your magazine > =3D=3DPhrack Magazine=3D=3D > > Volume Seven, Issue Forty-Eight, File 10 of 18 > > Electronic Telephone Cards: How to make your own! > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Its very excelent for people who live in country when used the cards from=20 Gemplus, Solaic, Schlumberger, Oberthur: (French cards 256 bit). But I live= in=20 Slovak Republic and in this country we use The cards from ODS, Giesecke &=20 Devrient, ORGA Karten systeme, Uniqua, Gemplus, Schlumberger and Oldenbourg= =20 Kartensysteme (German cards 128 bit). I am was reading in some paper that some people have emulator of these=20 telephone cards (German card). Emulator with PIC procesor. But I very very long time searching Internet and I have not information how= =20 I make this emulator. Only in your magazine I found help how I make=20 emulator but emulator which emulate french telephone card but I need=20 emulator which emulate german telephone card. Please help me if You know some adress where I can find information=20 HOW I MAKE TELEPHONE CARD EMULATOR (WITH PIC PROCESSOR) WHICH EMULATE=20 TELEPHONE CARD TYPE GERMAN TELEPHONE CARD (128 BITS). Thanks very much, for your answer. realllly thanks, i am waiiiiting. !!!!! M A X O !!!!! [ Actually, we don't but perhaps this request will bring in some information from people in Germany. ] ----------------------------------------------------------------------------- Can you please send me some hacker stuff that I can use on AOL. THANX [ The most important tool a hacker can have is a brain. Unfortunately, since you are on AOL, it appears that your tool box is empty. Perhaps you'd be more interested in some cool beavis & butthead .WAV files... ] ---------------------------------------------------------------- Looking for talented hackers for special projects. First project concerns breaking source code. Please respond. Justin Raprager=20 <adamas@raprager.com> [ You probably can't afford any of us on the Phrack Staff. Your request is being passed on the the readers. ] ----------------------------------------------------------------------------- Is your web site the best kept secret on the Internet? We'll promote it to 50 search engines and indexes for $85 and complete the job in 2 business days. Satisfaction is guaranteed! Owl's Eye Productions, Inc. 260 E. Main Street Brewster, NY 10509 Phone: (914) 278-4933 Fax: (914) 278-4507 Email: owl@owlsnest.com [ Now, if our site is a secret, then how did you morons know about us? I think a better sales pitch is: "Is your Web Site Secure?" We'll give your info to several million hackers for FREE who will be sure to subject it to an extesive battery of security testing ranging from exploitation of remote security vulnerabilties to denial of service attacks. Your site will be profiled continuously for months until people grow tired of causing you grief. Would Owl's Eye Productions, Inc. care to be the first for this amazing new service? Let us know. ] ----------------------------------------------------------------------------- From: Ray Wardell <ray.wardell@novix.com> To: phrack@well.com Subject: FUCK YOU FUCK YOU ... YOU DUMB ASS SHIT HEAD... FUCK WITH ME AND DIE... [ Uh, ok. ] ----------------------------------------------------------------------------- Hi, I would like to become a hacker. I just watched that movie HACKERS. It got me all siked up. If you could give me some information on how to become one, I would be apreciative. [ So if you had watched "Buttman Goes To Budapest" then Stagliano would be getting this email instead of Phrack? Dude...it was only a movie. And a bad one at that. ] ----------------------------------------------------------------------------- Hi there ! Your article of the PIC16C84-Phonecard includes a uuencoded part that contains the file "telecard.zip". telecard.zip contains the file telecard.pcb which was created with Tango PCB Series 2. My version of Accel Tango PCB Version 12 is not able to read this file. So, I want to ask you, if its possible to send me this file in ASCII-Format or (better) in a graphic-format like PCX or GIF. A HP-Laserjet-prn-viewer would be useful, too. I was also not able to read the schematic-file. Maybe you know a location on the internet where I can get an evaluation version of the older version of Tango PCB Series II. [ Actually, we've got the same problem here at Phrack. Anyone out there who can help, please send us email and we'll get it out to the masses! ] ----------------------------------------------------------------------------- Hi my name is Konrad. I live in Ottawa, Onratio (Canada). I have a question about one thing. When I download a trial program from internet, it is only good for 30 days, and when it expires it writes that, to some file so I tried reinsalling and redownloading the program, but when I tried to run it, it gave me a message that this version is expired and that I have to purchase the program. Do you know, to what file it registers that it has expired, and how to disable it. If you don't know how to do it, maybe you know someone that might be able to do it, and forward my address to them. It is very important to me, because I'm finishing a home page called Teen Online and my graphic program expired (TrueSpace2) and there is no way that I can afford it, so I rather stick to trial version. Ok... Thanks for your time.=20 Konrad [ Usually you can simply reinstall these trial programs and use them for another 30 days. With others, you can change your system date back, or edit a date in an INI file. It all depends on the program. Try some of these things and let us know what works. ] ----------------------------------------------------------------------------- Why don't you write somthing for the bulgarian hackers? (recent:take a look at everything that happened in Varna, Bulgaria this= year) M a n i a X K i l l e r i a n [ We'd love to print something about the Bulgarian scene. Honestly, I have no idea what happened in Varna, nor would I know where to look. Here's a novel idea: Since you are IN Bulgaria, why don't you write something about it for us! ] ----------------------------------------------------------------------------- I'm using BPI Accounts Receviable System Version 1.10 for IBM Released September 1983 It has whats called a "key disk" that allows only the person with that disk to closeout the program or month. The problem is this, when I make a copy of this Key Disk the files match the original to the T.. There are only 2 files involved. But, when I try to closeout, BPI asks me to insert the Key Disk and press enter to proceed. When I do this with the "copy" of the Key Disk the BPI program tells me that the copy is not a Key Disk. This only happens with the copy, any ideas?=20 Both Key Disks contain the same information. If I try to activate the close directly from the Key Disk Copy it tells me that it can't find a file, basrun.exe I checked and this file is part of the BPI Directory on C: I've used this accounting software for many years and it works well. But I'm afraid the good Key Disk may go bad one day and I'll be stuck. Thats why I'm trying to make a copy. Any help would be appreciated. [ Obviously there is something else on that disk that a normal copy is not getting. Maybe something as simple as a volume label or some hidden files. The easiest thing to do to get around this is make a sector by sector copy to a disk image file using some kind of program like the UNIX command "dd" and then copy that image back onto a blank diskette. ] ----------------------------------------------------------------------------- Hi! Here I have something for you, which may be interesting in your news= section. Sometime during the night between Saturday April 5th and Sunday April 6th, hackers broke into one of Telenor Nextel's webservers and deleted the= homepages of 11.000 private customers and 70 corporate customers, among them the= homepages of Norway's two largest newpapers VG and Dagbladet, and the largest online= news magazine, Nettavisen. The hackers somehow got access to hidden scripts, and after modifying and manipulating them ran them, thereby deleting all the files mentioned. Early Sunday, the ISP Telenor Nextel started restoring files from a backup= made Saturday, but after encountering problems with that one, they had to restore from Tuesday's backup. Saturday's backup will be added sometime during= Monday. =D8kokrim, Norwegian police's department for Economic Crime has been= contacted. =09 Reactions: Sverre Holm of Norway's Organization for Internet Users (http://www.ibio.no) criticize Telenor for lack of proper information, as well as an unhealthy attitude. In response to Telenor's comment that they can't guarantee this= won't happen again, he says, "Such an attitude can't be tolerated. If this is what Telenor means, then we have a serious problem here." Other reactions will surely come in the next days. References (all in Norwegian): Telenor Internett: http://internett.telenor.no/ Scandinavia Online: http://www.sol.no/ (Telenor's online service) SOL Direkte: http://www.sol.no/snpub/SNDirekte/index.cgi?kategori=3DNett-Nytt Nettavisen: http://www.nettavisen.no/Innenriks/860330846.html I hope this could be interesting to you, and a candidate for your news flash pages. Unfortunately, any references included are to pages in Norwegian, but anyone with you speaking either Norwegian, Swedish, or Danish should be able= to get more information. Cheers, O L I K [ We here at Phrack always want to know what is going on out there on planet Earth. Keep us informed of anty other developments! ] ----------------------------------------------------------------------------- I'm investigating some informatic viruses who infect images generating new fractalized images with a never seen beauty and singularity. Or may=20 be they investigate me. These viruses could broke sohemer in many diverse=20 disciplines like art, artificial life, fractals maths, digital image..=20 if you look web's images http://antaviana.com/virus/angles.htm you will=20 understand everything. I would be acknowledged if you could help me, and=20 it is posible i would like you to diffusse this subject in your interesting publication. In the name of biodiversity, if you have these VIRUSES, PLEASE DON'T DISTROY THEM. [ Ok. We won't. ] ----------------------------------------------------------------------------- Hi ! I read In Volume Seven, Issue Forty-Eight, File 11 of 18 - How to make own telephon card . But when i try to make it , this card didnt work ! I try all things, and i try to find more informations about telephone cards, but i still dont know what's wrong ! But today i found on http://www.hut.fi/~then/electronics/smartcards.html that there is some errors, but there is no information what's wrong.=20 So i decidet to write to Phrack magazine , becouse in article is eriten to mail all questions to Phrack....=20 Please send me info what is wrong, and how i must change the ASM program to work correctly or just PLEASE send me email of contact person who knows how to !! Thanx in advance ! Marko [ Obviously that little smartcard article caused a stir. We've got all= kinds of email about it. We'll see what more we can dig up, but we are going to really need some help from Europeans and South Americans. (Smart cards are not in use here in America!) ] ----------------------------------------------------------------------------- LOA is back!!! Visit our new page at: http://www.hackers.com/LOA Check it out and be sure to send your comments to revelation@hackers.com Volume 2 of The Ultimate Beginner's Guide To Hacking And Phreaking has been released as well, so be sure to download it and send me your comments. Be sure to check out the LOA Files section to view and download past, present, and future LOA Projects. Take it easy all... [ No offense intended, but did you ever wonder why there were so many "Legions of" whatever after LOD? We'll put a link up to your page though... ] ----------------------------------------------------------------------------- Hey, did you know that Juno (the nationwide free email service) has PPP access? Free? To superusers only? Who login directly to their terminals that have no ANI? And that they are complete fucking idiots, because in every juno.ini file buried deep in the /juno/user00000x/ directory there is a section called "Variables" which lists at least one Juno server account, i.e. "junox14" and a password for it. These work. Not that I've tried them, or do this, or can be held in any way legally responsible for my non-PGP encrypted actions, which do not show my views, and are protected under the 1st Amendment. Sorry, didn't feel like using alternate caps today. l8r, -dArkl0rd- [ Interesting. We'll have to get the Juno software and play without the advertisements! Thanks, Mr. Shaw ] ----------------------------------------------------------------------------- Hi. I've got a strange request. We're putting together a case that encourages the U.S. to loosen its encryption export policies. Do you know of any written resources that discuss the ability of hackers to break into NASA, tamper with launches or satellites? The folks at infowar.com insist that it is possible, but say that confidentiality won't allow them to publish that fact. We need written evidence to document the case, you understand. Anyway, I'd appreciate hearing from you. Jonathan [ I'd suggest you talk to Emmanuel Goldstein at 2600. The whole satellite thing came from a bogus post back in the early 80's on a BBS in New Jersey called "The Private Sector." Reporters siezed on it, resulting in headlines like "Wiz Kids Zap Satellites." 2600 wrote about this in I believe 1984 or 1985. Check with them for better details. ] ----------------------------------------------------------------------------- Queridos crackeadores: Les quiero pedir si no saben de donde puedo sacar programas para crackear y phrackear. =20 Desde ya mucahas gracias: Mauricio [ Existan muchos programas en sitos de FTP y WWW en todos los piases del mundo. No sabes de donde puedes sacarlos? Compredes "Webcrawler" o "Excite"? Dios mio. ] ----------------------------------------------------------------------------- Hi Phrack; Intro to Telephony and PBX systems in Phrack#49 was excellent, pulled a=20 lot of things together for me. That's probably the clearest, most=20 concise explanation of the phone system that I've ever read. Hopefully=20 Cavalier will be up for many more articles like that in the future. respects, jake [ Thanks! Hopefully we can continue have more telephony related articles in the future. It is fast becoming a lost art in today's hacker community. ] ----------------------------------------------------------------------------- hey.. a Note To Say, 1-Greetings From IreLand.. 2-Thanks A million.. I love Phrack.. 3-Where Is The NexT Issue.. Whats up doc..=20 4-do ya have info/schematics on the shit that allows one to break into cellfone conversation and chat briefly to callers, as described in winn schwartaus excellent article on Defcon ][ ?Cellfone 5-Is Phrack on a Mailing List?? if so, Can ya Stick me On it? Many ThanKs NasTy Nigel, [PhreaK PowEr] [ 1. Greetings to you too gobshite! 2. Thanks! 3. You're reading it. 4. Not that I was in the room making those calls mentioned in that article or anything, but... :) An Oki-900 with CTEK cable hooked to a PC running omnicell tracking calls. A motorola brick phone in debug mode, hooked to a 25db gain yagi antenna (on a tripod) pointed out the window. As Omnicell locked in on interesting calls, the Motorola was tuned to the corresponding channel, Tx Audio turned on, various humorous interrupts were uttered, and Tx Audio turned off so the party being "contacted" wouldn't be thrown off their cell channel by our more powerful broadcast. Very simple. 5. The mailing list now is so huge that it will only serve to let people know when issues are going out, special bulletins, etc. Mailing out a meg to almost 30,000 people causes serious problems to the Internet, so we decided to make the change. ] ----------------------------------------------------------------------------- I just wanted to drop a line and say that you guys are doing a great job with the zine. I just got issue 49 and I'm looking forward to reading it. I'm sure you've heard of The Works, the bbs with the most text files in the US. Well, it's finally back online, after six months in the gutter. For the best text files and the coolest users east of the Mississippi, call us up. +1 617 262 6444. You can't go wrong with the Works. We want you to call. [ It's amazing that BBSes like The Works are still around, even with a bit of down time. What's it been? 10 years? Geez. You're approaching the longevity of Demon Roach or P-80. ] ----------------------------------------------------------------------------- I'm doing research on hackers for my LIB 105 class and have come across some of what I guess is tech speak or jargon. I've noticed that the letters 'PH' are frequently used to intentionaly mispell the words phreak, lopht, and in Phrak Magazine. Is there a reason behind all of these PHunny spellings? [ Uh, PH as in Phone. From the old Phone "Phreak" subculture of the late 60's, early 70's.] ----------------------------------------------------------------------------- I think a great idea for a future article would be how to make a decoder card for a DSS sattelite reciever with some easy commercial stuff and a cmos Z-80 I.C. ... [ If it were that easy, there would be a bigger number of players in the billion dollar industry of satellite piracy. A key figure in that closed community once told me that it cost them about $1,000,000 US to crack each new rev of smart card. (But when you figure that means only selling 10000 pirate cards at 100 bucks, the cost of doing business is minimal, compared to the cost of the service provider sending out new software and cards to each subscriber.) ] ----------------------------------------------------------------------------- Hi, I am a Primestar installer, I was wondering if you knew anything about how to stop Primestar from de-authorizing their unused IRD's? I know of 2 installation screens accessable through the password screen using #'s 996 & 114, do you know of any others? I would appreciate any info you might have. Thanks, [ And Phrack would appreciate ANY info you have! ANYTHING! EVERYTHING! As an installer, you probably have some insights into the cards/recievers that we don't. Write them up! ] ----------------------------------------------------------------------------- For certain reasons, some people may want to create a new anonymous mail box. Did they considered to create it in France? A lot of IPS offer the possibility to create mailboxes to those who have no computers by using a primitive look-alike telnet system: the French Minitel. This is convenient because a couple millions of Minitel have been freely distributed in France during the last ten years. The only cost is that an overcharge is billed to your phone bill of approx 35cents per minute. But this is perfectly legal and hard to trace back. Hyperterminal (at least in its french version) emulates the french minitel. The only thing is to dial 3615 in France and use one of this server: ABCNET, ACENET, ADNET, ALTERN,FASTNET,EMAIL... For example, EMAIL creates an e-mail adresse like: pseudonym@xmail.org. The only thing is that you have to know a little bit of French to use it, but just a little bit. The cost of a call (International and Minitel overcharge) should not be a problem to some of you. LeFrenchie [ This is a good idea. People outside of France don't know much about Minitel, (Or any videotext systems) since they failed in a big way here in the states and most other countries. Many old hackers might remember some of the Minitel Chat systems also accessible over X.25 such as QSD (208057040540), but without emulation software wouldn't have ever had access to the real Minitel. ] ----------------------------------------------------------------------------- Two questions 1 How can I connect to an IRC server though a firewall? 2 How can I intercept messages sent to chanserv and nickserv on Dal.net? Thank you. [ 1. Open up ports 6665-6667 2. Set up a hacked IRC server. Get someone important to add it to the EFNET server hierarchy. Look for PRIVMSG to whomever you want. ] ----------------------------------------------------------------------------- Hello, A modem has a light buffer between the copper wires of the telephone line and the rest of the copper printed circuit ( mother) board. How ( or does) does a firewall prevent hacks on a system or is this just a matter of Modern (Mastodon) buffalo hunting: They go down the same big or small. Specifically , beyond smart self learning systems can a server realy prevent contamination without the intervention of beings? My sister a suposed Webmistress says there are intervening buffers, I still see that between what ever, there is a very big freaking leap of faith.. Senor Please Elucidate Richard [ Uh, if you think the "firewall" is that light buffer between the wires, then you have missed the point. A firewall in the networking context is not the same as the metal firewall in your automobile....it is merely a metaphor that has been adopted as the term d'jour. Please read: Building Internet Firewalls by Brent Chapman & Elizabeth Zwicky or Firewalls & Internet Security by Cheswick & Bellovin ] ----------------------------------------------------------------------------- > Drop us a line on what you think of 49. Comments are encouraged. I think issue 49 was great, not to mention getting it out on time. I do have a suggestion though. The past few issues of Phrack have focused mainly on=20 UNIX and not much else. I think UNIX is a great OS, but it would be cool if occasionally you would print a few articles about other systems. I would=20 write one myself but right now I don't have anything new to contribute.=20 Later, Tetbrac [ This has been a request for a long time. Hopefully we'll get some articles on other operating systems some day. Personally, I'd like to see VMS, MVS and OS-400. Any takers? ] ----------------------------------------------------------------------------- I just finished reading issue 48, and congratulate you on some excellent techinical articles. I have only one (rather insignificant) comment: within the article #13 on project neptune, it was stated: "[the urgent pointer] is TCP's way of implementing out of band (OOB) data." Actually, URG pointers are in band (specification-wise), however most (but not all) TCP implementations map the URG flag to out of band. While this point is irrelevant to SYN flooding, I thought I would present it in case anyone who read the article is interested in pursuing any nuts & bolts transport layer implementations. Keep up the good work, and keep turning out more of this kind of technical information. ammit-thoth [ Point noted. Thanks! ] ----------------------------------------------------------------------------- Listen... you've probably been noticing that I've mailed you guys a couple times asking for help with hacking. Before I have never recieved any mail back. You have got to please mail me back this time. I found something on accident that is really out of my league. You guys are the best I know of that might be able to help me. I really need your help on this one. I was fucken around on Telnet just typing in numbers in the Chicago area code. On accident I typed in numbers and I entered a NASA Packet Switching System ( NPSS). It said it was a government computer system and to leave right away. Please mail me back for the numbers. I need your help to get into this system.... I need yer help. [ Let me guess, you typed the prefix 321 instead of 312 while playing on Telenet. The systems you'll find on that prefix have been hacked at for nearly two decades now. Systems on the network were targeted in the 80's by Germany's Chaos Computer Club, and I personally know they have been poked at by groups in the US, UK and Australia starting back in 1981. What I'm trying to say is, after so many years of people beating on the same few systems, shouldn't you look for something a bit less stale? ] ----------------------------------------------------------------------------- Dear phrack, I want to be added to the list. I was also wondering if you had ay publications or information on TEMPEST monitoring? Also know as Van Eck monitoring. [ We published a Dr. Moeller's paper continuing on Van Eck's work in Phrack issue 44. You might also want to check out http://www.thecodex.com for a self-contained anti-tempest terminal for about 10K. ] ----------------------------------------------------------------------------- I just read your editorial in Phrack 48 and I feel like giving you my two= cents worth. I think you did an excellent critique on the "scene." As a person who has been watching for a while, and as a person who has been through it, I found it nice, to say the least, to find others who actually seem to have their head on straight. This letter was originally much longer, but I shortened it because I think you get the point. I started programming computers in 1983 at the age of 6. I was running DOS 2.0 and I had a blazing fast 1200 baud modem. At the time, I had no mentors, no teachers, no friends that could teach me how to use that incredible machine. The books of the time were cryptic, especially for an age where most children could not read, much less program. But I did my= best. Ten years later, I was still on my own. I didn't get ahold of a copy of Phrack until 1991. I thought it was really cool that people like me would get together and exchange infomation, talk computers, etc. In '94, I got into viruses and prolly was one of the better independant (i.e. not in a group) writers. It was about that time I got onto IRC. Most of the time I would hang out in #virus, but every now and then I would pop into #hack. I never stayed...I couldn't stand the arrogance. Shortly before I went to school, I was in competition for control of a new freenet versus a local hacker group. A month after I went to college, that group got busted. I got lucky. Earlier this year, I went on Good Morning America to talk about viruses. Looking back, it is prolly the single dumbest thing I have done in my whole life. As much as I wanted to, I've never been to a 2600 meeting, never been to a Con. Never really had any hacker friends. It's always been just me. I'm sure I know less about breaking into computers than the guy who has been doing it for a week but has access to tons of partners. But I still consider myself a hacker. My interest has been one of learning about the system. I've been learning longer than most. I rarely break into a system. I have access to unix systems, and even a VAX. I don't want the latest hacking tools. I write my own, with my theories. I don't need much else. But I've never had anyone to share it with. But I think I realize that the past is the past, and I won't ever get to attend the old cons or sit on conference calls, as much as I'd love to. I won't bother with the latest cons because I can get the same stuff at a college party. Well, that is about it. I apologize if it is poorly written. Bad english skills :) I hate writing these because I grow tired of getting slammed by some arrogant asshole. Thats prolly why I have been doing this alone for 13 years. After your editorial, I wonder how many people will stop showing up at the cons...I hate the isolation, but I would never want to be a part of a "scene" which has turned from mature goals to juvenile ones. Just my thoughts... Evil Avatar [ Actually, I have more respect for the people who continue to stay in the fringes, learning on their own rather than scurrying for attention in the media and in the community. (Yes, like me.) To be fair though, don't sell yourself short by avoiding Cons if you really want to check them out. Despite all the ranting I did in that editorial, I still have many friends in the community and enjoy meeting new ones at conferences. Not everyone thinks it is cool to trash a hotel, or to try to out "elite" one another. Unfortunately, the loudest and most visible people at such events tend to be the most juvenile. If you find this happening, do what I do: get the hell out of the conference area and find a convenient bar. The older hackers will eventually find you there, and you can all drink in peace and actually talk unmolested. ] ----------------------------------------------------------------------------- Dear Phrack -- Been a reader since the 80s, and I'm one of the originals... Would like to submit a poem that I wrote that details the experience of a hacker who left the scene for several years -- Coming back to find it in utter Dissaray... Definitely not the way he left it... Well -- You guys will let me know what you think "Where Have All The Hackers Gone"? ---------------------------------- Original Poetry by: Jump'n Jack Flash -916- On a cold night in the dead of winter a soul stumbles into #hack and asks: 'Where have all the Hackers Gone?' Immediately the group recognizes him as one of the originals. 'Help us change our grades!' a voice calls out from the huddled masses. 'Help me hack root on a NYNEX system!' another voice asks. The soul clutches his bowed head and covers his ears, trying to remember back to before he involuntarily left the scene a few years ago. 'The only thing that kept me sane while I was imprisioned was the thought of seeing my friends and fellow hackers, now I demand you tell me Where Have All The Hackers Gone?' the soul begs the crowd of jubulent newbies. Silence is the only answer he receives, For there are no real hackers here. Then a voice speaks up and says, 'They're gone! You're the first we've seen!' The soul asks, 'What do you mean?' And Silence is the only answer he receives, For there are now real hackers here. And like a wall crumbling down it comes to him and he falls to his knees, like hunting for human life after a Nuclear war he stumbles out of the room, And he hurries to the place where only the Elite could go just a few years= ago, But when he arrives he is shocked and amazed, There are no hackers here on this dark winter day. And he stumbles into traffic, feeling the snow crunch beneath his feet, and he shouts into the night for the elite, 'Where Have All The Hackers Gone?' And Silence is the only answer he receives, For there are no real hackers here. [ Nice poem man...thanks! Where did the hackers go? They grew up and got real jobs... ] ----------------------------------------------------------------------------- I'd love to say that I'll miss Erik, but after that obnoxious, immature rant, all I can say is good riddance. Now maybe Phrack will be useful again. Let's all arm up to prepare for the revolution! A healthy dose of AK-47's and PGP will save us all from the ZOG hordes when the balloon goes up. Hey, have you guys read the Turner Diaries by Andrew Macdonald? Get it from Barricade Books, 150 5th Ave, NY, NY 10011. Ahem. ] ----------------------------------------------------------------------------- i want a credit card generator [I want a pony] ----------------------------------------------------------------------------- Hello !!! I just read in P48-02 the letter of the russian subscriber who tells you=20 (the editors) the story about the FAPSI and they plan to order all=20 ISPs to provide for a possibilty for them to read all the mail. In the editor's note below that you say that you fear your country (I assume it's the USA) is also heading towards that goal.=20 Well, I live in Germany, and it has already happened here. That means,=20 every ISP (and this is not the exact term, as it also includes all sorts of information providers, ie telephone companies - but excludes=20 private BBSs, I believe) are forced to provide a method that not only - Allows the government/police to read everything that is written but also - Without even the ISP noticing it (though I don't know how this would=20 be ensured, technically). =20 OK, this is not the same as in Russia, as they don't copy ALL the mail and= =20 news, but only that of persons suspected of a crime strong enough=20 to allow it, ie it's the same thing that's needed to open people's=20 mails. Still, I feel it's certainly a step in the wrong direction. Note that cryptography is not (yet ?) forbidden in de. =20 Regards,=20 =20 Thomas=20 [ Germany? Governmental rights violations? Say It isn't so! Should I get= my brown shirt out of the closet for my next visit to Berlin? :) ] ----------------------------------------------------------------------------- Hello, I want to be a hacker and I need some help. I have read countless reports on UNIX, VMS, and all that other jazz but that still doesn't help me with my problem. I want to be able to hack into someone's home PC from my own home. Now, most PC's aren't capable of doing this but, this person has a connection on the internet and is also linked to his work in LONDON, ONTARIO at a place called IAPA. (industrial accident prevention association) Anyway, he runs WINDOWS 95' and is using NETCOM. Now I know his password if that does me any good, but how do I go about doing this? SHAOULIN [ When you say "I want to hack his home PC" what do you mean? Just because he uses NETCOM, that doesn't mean you can find him. He is probably being assigned a dynamic IP address each time he calls in to the network. Even so, let's say you can discern his IP address. Even if a computer is hooked into the Internet, it is only as insecure as the services it offers to the world. If your friend is running Windows 95, then you may only be limited to attacking any SMB-style shared directories or perhaps via FTP. In either case, if you know this person's password, then you can probably read/write anything you want to on their system. Run a port scanner against it and see what you can access, and plan based on that. ] ----------------------------------------------------------------------------- This message was sent to you by NaughtyRobot, an Internet spider that crawls into your server through a tiny hole in the World Wide Web. =20 NaughtyRobot exploits a security bug in HTTP and has visited your host system to collect personal, private, and sensitive information. =20 It has captured your Email and physical addresses, as well as your phone and credit card numbers. To protect yourself against the misuse of this information, do the following: =20 1. alert your server SysOp, 2. contact your local police, 3. disconnect your telephone, and 4. report your credit cards as lost. =20 Act at once. Remember: only YOU can prevent DATA fires. =20 This has been a public service announcement from the makers of NaughtyRobot -- CarJacking its way onto the Information SuperHighway. [ Funny, my phone isn't ringing, and my credit is still only as screwed up as it was when I got through with it. ] ----------------------------------------------------------------------------- Hi I'm looking for some cellular pheaking information but is verry hard to find god information can giveme something to work on??? :-) [ The best site going is Dr. Who's Radiophone site at: http://www.l0pht.com/radiophone ] ----------------------------------------------------------------------------- I just have a question to ask. How would I bypass Surfwatch so that I can go into web sites that I would like to see? [ It is very easy to bypass SurfWatch. Stop using Mommy & Daddy's computer and buy one of your own. ] ----------------------------------------------------------------------------- i was recently using A-Dial a couple of months ago, and came up with about 10 or 12 different numbers starting at 475-1072. Curious about this, I called one back, using a mini-terminal. What I expected wasn't this. What it said is in the file attached to the letter. It says the same thing with all of the numbers. I could use some info on what the hell this is, because I never heard of Annex. Thanx. Data Case [ What you have connected into is more than likely a kind of terminal server. From there you can usually enter a system name to connect directly into the specified system, or enter in "cli" to go into the command line interpreter where you have more options to choose from including "help." ] ----------------------------------------------------------------------------- Do you know where I can find texts on hacking into the California=20 Department of Motor Vehicle Records? My friend's identity was stolen=20 for credit card fraud and the person who did it even went so far as to=20 get a CA driver's license to impersonate her. The worst part is that=20 Visa won't release a copy of the fraudulent person's fake driver's=20 license to my friend, so she can't find out who this person actually is.=20 Do you know of any other ways we can get this person? Binky [ Gee, Binky. If VISA is involved and it was credit card fraud, then is the Secret Service involved too? If so, then why on earth do you (or your friend) want to get in the middle of it? You'll know soon enough who the person is when they get charged, or is this just a Charles Bronson style vigilante thing? California's DMV (as well as most public records databases in that state) is kept somewhat restricted to public queries due to the large number of celebrities living in the state, or otherwise you could just go buy the information directly from the state. If you're thinking about pulling a "Mitnick" and breaking into such a database, then you better know something about IBM mainframes and know how to defeat RACF. Or be willing to dig around in the trash until you locate a valid account. Even if you find a valid RACF userid, you will have 3-5 tries per account to guess a valid password until the account is locked out (which of course will let them know you were trying to hack them.) For an easier solution, you might want to looking in the yellow pages for a private investigator and have them do a search on Information America or NIA and get the listing for you, or bribe a civil servant. ] ----------------------------------------------------------------------------- EOF