|
==Phrack Inc.== Volume 0x0e, Issue 0x43, Phile #0x10 of 0x10 |=-----------------------------------------------------------------------=| |=----------------------=[ International scenes ]=-----------------------=| |=-----------------------------------------------------------------------=| |=------------------------=[ By Various ]=------------------------=| |=------------------------=[ <various@nsa.gov> ]=------------------------=| |=-----------------------------------------------------------------------=| Look at the last Phrack issues. Look at 2010 security CONs. Look at any kind of public activities involving hackers. West Europe, North America, Asia are shining. No need to run an agency to see that and sharing informations with the according scenes is child's play. But what about sharing with other countries? For the 25th birthday of Phrack, we're very proud to present you two oustanding scene philes. One will describe you the hacking scene of the amazing India which can't be ignored anymore on the IT playground. The other one will describe the Greek scene. Yes you've heard of them through blog posts, CONs and even Phrack. You simply didn't pay attention ;) Enjoy the reading of this phile. -- The Phrack Staff --- The Indian Hacking scene Unofficial memoirs of the Desi h4x0rs By anonymous null community member 1. Preamble 2. Introduction 3. Hacker Groups 4. Hacker Cons 5. Memoirs of the underground 6. Future --[ 1 - Preamble Jai Jawan Jai Kissan (no it has nothing to do with the song Jai Ho :-P, just felt like writing something in Hindi). This article is a composition of interviews with/text directly taken from the hackers in the Indian underground (and the above-ground :-P). If it offends the reader in anyway.........feel free to complain to your mom about it:-P. --[ 2 - Introduction Before I start I must admit that we have been really really late in the hacking scene as a whole. Some say it has to do with the cultural ethos and the prevalent business culture in India, while some propose that Indians culturally have been known as non aggressive & peace loving (Doh! Yeah right..Like the F#@$ing stereotypical dumb Indian characters in hollywood movies) and focus has been on ethical hacking and creation of software to benefit world at large rather than cause destruction. The activities of hacker groups started to emerge with the beginning of year 2K. --[ 3 - Hacker Groups There have been many hacker groups in India since 2k. Some are noted for their notorious behavior. 1. Indian Snakes. Indian snakes was a closed underground community of hackers who were on the top of the scene in the early 2000s. They are also noted for the YAHA worm that they had written. 2. hacking-truths.net (2005-2008) stopped because of personal problems. Restarted in 2010. Activities malware dev/hacking. 3. h4cky0u. It started around 2003 Website: h4cky0u.org. The activities included defacing, exploit dev, botnets etc. It died in 2006 due to some personal differences between the staff. It was reopened as h4ck-y0u, sadly h4ck-y0u also stopped after one year of its existence due to cyber crime activities, financial issues. H4cky0u was started again by an American who went by the handle "Big Boss" and we haven't heard much about it after that. 4. n|u (null security community). It started in 2008 and has spread to 6 cities in India namely Bangalore, Pune, Delhi, Mumbai, Hyderabad and Bhopal. Their activities include vulnerability research, exploit dev, projects, disclosures, nullcon hacker conference. It is more of an OWASP style community sans the limitation of only web app security research. It is also registered with the Govt. Of India as a non-profit organization. 5. Andhra hackers. Started in late 2000s. It is a forum like portal. Activities include sharing security information. 6. ICW (Indian Cyber warriors) is an off-shoot of Andhrahackers and started around 2008. This is a hactivist group with activities including defacing Pakistani websites. 7. Securitytube.net. It is not a group per se. It is a portal that has lots of security videos, question/answer section much like stackoverflow. It was started somewhere around 2008 or 2009. 8. Indishell. It started in 2009. The main guys behind indishell are Lucky, mr. 52, jackh4xor, silentp0sion. It is again a hacktivist group and majorly into defacing pakistani websites. It was recently stopped due to some unknown issues and has re-emerged at the time of writing this article. Activities include defacing websites. 9. ICA (Indian Cyber army) is an off-shoot of Indishell with mostly the same staff as Indishell. It is also a defacer group. Noted for defacing sites including Pakistani ISP national telecommunication corporation pakistan (Defaced page http://www.ntc.net.pk/news.html) 10. Fake ICA. There is yet another ICA (cyberarmy.in) which is announced as fake ICA by the actual ICA group. One glance at the website content tells you that there is some truth to what the actual ICA(indishell) guys and other say and reminds you of the infamous plagiarism cases (Ah! Any Indian h4x0r's favourite topic when they feel like bitching about something :-P) --[ 4 - Hacker Cons 1. ClubHack. http://clubhack.com The first in the series of hacker cons. It is held in Pune, one of the software hubs in India. It started in 2007 and is running it's 4th edition this dec (2010). 2. nullcon. http://nullcon.net The first community driven hacking conference, organized and managed by null community members. It started this year and the next edition is in Feb 2011. It is held in Goa. The party hub of India. 3. Cocon. http://www.informationsecurityday.com/c0c0n/ 1st edition held in Aug 2010. earlier held as part of information security day. It is held in Cochin. 4. Owasp + Securitybyte Appsec Asia http://securitybyte.org. More of a corporate conference with the suited people around :-). --[ 5 - Memoirs of the underground - By dot =[ Past.. that's where all the nostalgia and fun lies :) So it all started sometime during late 2001 when a new variant of Yet Another "Hello World" Application spread rapidly via mostly social engineering mails and Outlook Express invalid MIME type exploit (similar to Klez.?). AV technology was not really matured back then, Kaspersky was not there with its PDM modules or its emulation heuristics, Symantec did not conceived SONAR or its Reputation Technology, it was practically open season for anybody with some programming skills to write and spread a successful worm. But amazingly a very nice and simple HTTP ping module was built into the program which used infected systems to ping (simple GET /) certain government website across the border towards the friendly neighbourhood creating a DDoS condition. News !!! News !! News !!! Cyber War between two countries.. Beware! iNDian sNakes are here !!! Hackers hacking each other's websites. Unicode double escape? Front Page is cool, lg7 (but where is the pass? :P)? dtspcd? little they knew, early stage script kids playing with public tools and little common sense without basic computer science background. I don't speak for the unknown elites before me who might be able to represent the scene in a much better way than me leaving me to a 1337-wannabe state.. I don't even speak for the Indian Snakes guy(s) who taught me quite a lot during my early days but I think we started quite late. Aleph1 had already written about how to smash the stack, Solar Designer had already found and exploited a heap overflow bug, Format String exploitation technique was also known among multiple circles, the world was filled with 7350*.c.. But fortunately Security Industry was not there yet or at least not so prevalent in this part of the world. We are lucky to be driven by the curiosity hormones to explore the black arts of hacking which ofcourse later turned out to be obvious computer science with a bit of innovation and passion to solve difficult problems. I remember playing with some MSN Trojan to steal passwords, I remember installing Barok in various Cyber Cafes, I remember installing Red Hat 6.2 and feeling elite after I could connect to my dial-up internet and browse the web, infact I remember doing almost everything for being a perfect script kid. I also remember finding myself neglecting everything in life and reading Phrack during all those sleepless nights.. Smashing the stack, Voodoo Malloc Tricks, Once upon a Free.. Then after sometime actually solving PTP/0xbadc0ded exploitation challenges and hanging around with those awesome and nice people in their IRC.. but that was kind of late, a bit surpassed the prime time for ideal initiation. So getting back to the history part, here is how it goes: If you write a worm and leave an e-mail address in messages it drops, you are bound to get a lot of fan/hate mails. It is actually a good methodology to build a community of rebels (??) or oh well people who liked Fight Club :) I think the creators of Yaha did not initially expected to build a community, their entire purpose was to retaliate to web defacer groups like G-Force, AIC etc. but they actually ended up building a small and highly closed/private community and am happy to have known few of them. Although we had some Israeli friends (hi root, hi dak :)) the privateness of the group actually created a problem, we were starved ! Defacing seemed boring, writing exploits for public vulnerabilities were fun but quite challenging at that time, their weapons were old and obsolete. So we decided to look around and the obvious result was #darknet :)) Haha.. dvdman, nolife and the massive list of ops there. Immediate learning from #darknet was to idle in #phrack as well for possible 0day drops :P.. Next learning was to read ~el8 and be an anti-establishment, anti-security-industry h4x0r !! Armed with newly made l33t friends and their dropped exploits (yo! we had 0days..) it was time to restart the so called cyber war in retaliation to multiple groups spreading anti-India propaganda via defaced websites.. thus born "Indian Hackers Club" :) Along with a new group name, an IRC server was created on a box with 128kbps or so ADSL line at a friend's (hi rex) work place (truly BoFH) which later got shifted to a .il server. We began meeting like minded individuals and groups... came across with Cyber Yoddha, Hindustan Hackers Organization (IIT had massive resources for hacking huh? :P), Emperor (baap of all h4x0rs? :)), Nirvana (our own govboi :D) and slowly our IRC idlers list grew. Just like any other similar IRC, we began exercising power, control and ego... Ops were considered to be l33t, +v dudes were considered decent and the rest were considered to be wannabe creatures for the operator's show off needs. Then came the day of IIS WebDAV vulnerability: Kralor probably wrote the first public exploit which we took, modified it to support different shellcodes, tested it extensively and developed an internal kiddie friendly version and so began a moderate scale defacing of friendly neighbourhood websites and confrontation with FBH (Federal Bureau of Hackers later turned Federal Black Hats (too much PHC influence?)). Netcraft was used to find suitable targets then instant connect back shells and tftp in the backdoor and defacement page :) Later I learned FBH guys also used the similar vulnerability to deface Indian websites during that time however they either wrote or managed to obtain a mass rooter version of it. Unfortunately (perceptions change with age though) we didn't really have a lot of CVV2s back then else we could have also used techniques like: buy a shared web space on target box and use kernel exploits (ptrace_kmod fun!) to root and deface for l33t show off. But yes, we would like to laughingly say we pwned r4t's brand new shell server before the h0no guys using trojaned exploits.. err oh well, we pwned a lot of funny people with trojaned/fake exploits. I remember once dec0der @ #ukr (or something i forgot) told me that I change boxes like he change underwares considering I was logging in from brand new boxes every other day. Later on many of us made friends with people at #darknet, #m00, #c/c++ and even some old timers from #phrack. One of the funny moments happened when I was working for an .eu company along with another guy hired by them and after working for a few days I found that guy is dvorak.. and we had a nice laugh. So all in all, during my time, the underground here in India was very small and pretty much a closed group. Although we saw a couple of guys popping up with security forums or websites once in a while we never really interacted too much. We made a lot of friends world wide but the state of underground here during those days was no way significant compared to .eu or .us. =[ The evolution.. Towards sanity The Last Stage of Delirium (LSD-PL) changed many of us! The 5th Argus Hacking challenge, the Solaris LDT bug (reminds me of http://git.kernel.org /?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dc63b52673d71f9d 49b9d72d263a9f32df18c3ee) exploitation writeup, Win32/Unix Assembly Component Development, JVM Vulnerabilities etc were awesome and inspiring (yea I remember GOBBLES too :)) We decided its time to grow up and learn something real. Enough of (0xc0000000 - blah blah) type local stack overflows, enough of exploitation challenges (PTP was good.. ok!) and thus we created a so called Research Team with a website and a bunch of exploits written for public vulnerabilities. Proving lighthttpd header folding bug to be exploitable was an interesting achievement (Securityfocus initially ranked it as DoS only). Learning about exploitation techniques for NULL pointer dereference kernel bugs from an .eu friend and realizing the obvious sometime before the first public exploit posted on DailyDave list was also something to remember. Goin a bit back in the history, one of us worked on a hobby OS project (based on Bach's Design of Unix OS) which actually made rest of us (at least me) learn a lot and spend a lot of time on websites like osdever.net etc to learn something real, learning to debug an OS kernel was something which helped me solve a lot of problems in later days. Finally reached a state where the Intel Manuals seemed to be useful. Starting from 2005 onwards or so, Security Companies started getting prevalent here, through various contacts an IPS startup contacted many of us for job offers. It was my early college days back then so I could not consider but others went ahead and that was probably the first time many of us learned to go ahead with bigger and better things in life like having a full time security job or in other words hack even when it doesn't makes you happy, although yes much later we learned hacking at workplace on a daily basis is an opportunity which is not easily achievable not just in India but throughout the world... oh I must also mention, by now we learned to use the word "hack" in a bit more "generic" and "abstract" sense :D =[ Present.. The era of selling out.. Just like anywhere else, Security Industry is pretty much here now. A lot of security startups and moderately matured companies has been developed here working on consultant driven pentesting to security products development etc. Most of the old guys are either working either for some Security company or working as programmers in some software development company. As far as I know, there is no significant underground here although there are people who are pretty much involved in interesting stuff but at a different scale in multinational groups. Web Application Security is so hot these days that I see most of the younger people are focusing totally on Web Application security vulnerabilities without looking into lower level software security. --[ 6 - Future The recent shift in the mind set of some of the Govt. intel agencies towards opening up to the hacker community has brought about a lot of changes in the hacker scene in India. This collaboration is only going to increase the moral of the hacker community and thereby also helping the govt. in it's own way. As I mentioned we started a little late which is applicable for the Govt. as well, but as they say - better late than never. Things have started to pick up and we will see more of intel-hacker collaboration in the future which may prove to be good/bad for some, but yes the intent is to establised cyber warfare strategies and action plans, which we will start to see in the next 5 years. --------------------------------------------------------------------------- An overview of the Greek computer underground, part 1 by two (not really) anonymous G(r)eeks - anonymous_gr@phrack.org --[ Table of contents 1 - Introduction 2 - Present 2.1 - GRHACK 2.2 - Meetings 2.2.1 - 0x375 2.2.2 - AthCon 2.2.3 - 2600 2.3 - Online forums 2.4 - Controversial groups 2.5 - Demo scene 2.6 - Pentesting community 2.7 - Open source related events 2.8 - Academia 3 - Conclusion, what does the future hold 4 - References --[ 1 - Introduction In this brief article we will attempt to give an overview of the current state of the Greek computer underground scene. However, since the strictly underground scene in Greece is very small, we will also include some information about other active IT security related groups and forums. There is a going to be a second part to this article at a future issue in which we will present in detail the past of the underground Greek scene in all its gory glory. Before we continue let's get something out of the way. We know that a lot of people act offended when they hear the words "Greek" and "scene" in the same sentence. They flat out reject that anything is currently happening in the Greek underground and mumble about how much better things were during the past years. We are sure that the exact same behavior exists in the scene of other countries as well. We do not agree with this behavior. Yes, the present Greek "scene" is small, obscure, full of ignorant and incompetent people. But that was also the case in the past. But there were and there are exceptions. If you are part of the scene (Greek or international) you probably know the exceptions. We need to focus more on what is good and try to bring that forward. Yes, that means you too. --[ 2 - Present In this section we will introduce you to the present and recent past of the Greek hacking scene, roughly from 2005 to 2010. We will avoid mentioning nicknames and handles of specific people since we feel that this has led to fragmentation of the scene in the past. Instead we will only mention group names. ----[ 2.1 - GRHACK One of the most interesting things to note about the Greek underground scene, was the fact that although there were plenty of skilled individuals, no one ever tried to unite them. Most of them used to work alone, isolated from the rest. It was obvious that something had to be done to help those individuals come together, exchange ideas, cooperate and contribute. It was then, about two years ago, when two guys from the Engineering school of A.U.Th. (Thessaloniki, Greece) grabbed a bunch of redundant boxes, set up a CVS server, a website, an IRC network and published an open invitation [GRH]. GR Hack was born. The fact that Greek Universities are modern sanctuaries and the fact that academics are protected by asylum laws, made the location an ideal place for a hacking community. Although not a team in the strict sense, the GR Hack community is still a very active think tank composed of well known and respected Greek hackers. Members and friends of GR Hack have published work in Phrack ([ARG], [ITH], [HUK]), have participated in security conferences like AthCon and Black Hat and have had a great time meeting in real life, drinking alcohol and sharing knowledge. The core of the community consists of a circle of trusted individuals (software analysts/reverse engineers, old school hackers, administrators etc.) who are more than willing to cooperate with other people that take security seriously and have a passion for hacking. ----[ 2.2 Meetings ------[ 2.2.1 0x375 The need for an event came as no surprise. Everyone agreed that the local underground scene had been inactive for quite a long time and that a meeting (preferably with a catchy name!) would be the ideal motive for all those who were willing to share their ideas but never had the chance to. The place was Thessaloniki, and the name was picked to be Thessaloniki Tech Talk Sessions or just TTTS. Since TTTS was not cool enough, the final name for the meeting was chosen to be 3TS and was later settled to 0x375 (almost overnight!). During 0x375 meetings people give presentations on technical topics, have an open discussion and an afternoon full of fun. Currently, the Greek underground scene is preparing for 0x375 0x03 but the lack of people willing to contribute has made the whole process a difficult task. 0x375 material is published at [375]. ------[ 2.2.2 AthCon Following the classic naming convention of other "cons", three people from Athens decided to organize AthCon, an IT security conference that would take place in Athens, Greece. The AthCon staff announced an open call for papers and promised everyone that it was going to be a cool event. And, yes, it was. The first ever AthCon took place in June 2010 and was actually the first "con" to take place in Greece. The event featured a capture the flag contest, a closing party and cool presentations. It's interesting to note that AthCon attracted a lot of people active in the international security scene [ATH] both as speakers or as part of the audience. AthCon was the perfect place for everyone to meet in real life and have fun. We would, definitely, like to see more security conferences taking place in Greece in the near future. ------[ 2.2.3 2600 According to the official Greek 2600 site [260], 2600 meetings started taking place in Athens back in 1999 and, as far as the authors know, they are still frequently organized. During 2600 meetings various people, mainly young inexperienced ones (and that doesn't really matter), meet to have a drink and talk about technical matters. Although we haven't personally attended any of those meetings lately, we believe that they serve a good purpose. ----[ 2.3 Online forums We live in the, so called, "century of information" and it seems that Greek hackers have kept up with the pace information travels. Fortunately, Greeks are quite active when it comes to setting up discussion forums and blogs. P0wnbox [PWN] is such a discussion forum. Although most of its members are freshmen (in a good sense), there are some interesting discussions on that board from time to time. Hey, we are pretty sure you already know xorl's blog, right? It's probably one of the most famous security blogs around and it's mostly dedicated to vulnerability analysis. The pace by which xorl posts stuff may cause you vertigo! Xorl is doing a great job and it's obvious that he spends a quite fair amount of his daily free time on posting things. His blog [XRL] is well worth visiting if you don't already know it. ----[ 2.4 - Controversial groups In the recent past there have been a number of groups doing defacements and fighting each other with childish insults. One of the most high profile cases of this is the CERN defacement. There are tons of articles on the Internet about the CERN incident and the events associated with the defacement of the lxplus.cern.ch web server. We will merely state the obvious. The content of the CERN defacement put blame on the same behavior that itself was perpetuating. Another recent trend in the Greek web defacement "scene" is the emergence of extreme nationalistic groups. These groups attack web sites associated with neighboring countries and deface them with nationalistic content and messages. One of these groups uses a name (Greek Hacking Scene) quite similar to a historic Greek hacking group (Greek Hackers Society). Their reasons for using a similar name are quite obvious. We personally believe that what nationalism stands for goes against the spirit of hacking, and we will leave it at that. Last but not least, Hack4Fame was a self-proclaimed hacking group supposedly composed of blackhat hackers from various countries including Greece. However, it was obvious to most of us who the single person behind Hack4Fame was. In February 2010, Hack4Fame used standard media tricks to publish data that were supposedly stolen after a hack in a Greek bank. The data, which in reality were circulating the Greek underground scene for more than 8 years, belonged to other individuals who either hacked the aforementioned bank in the past or had performed fully legal penetration tests. We don't know what the motive was for Hack4Fame but we definitely disagree with his behavior, especially when it comes to publishing third party private material belonging either to a company or to individuals. ----[ 2.6 - Demo scene The demo scene has always been very closely associated to the hacking scene having forked from it. While in the past the demo scene in Greece was quite active, several demo parties were organized in a yearly basis with the most famous one being The Gardening [GRD], it is currently in a state of hibernation. An example of this sad state of affairs is that the past Greek demo scene online home is now a web page full of advertisements [DMS]. However there is one Greek demogroup that isn't just currently active, but is also transcending the borders of Greece and is successfully participating in international demo scene competitions [ASD]. Andromeda Software Development (ASD) were formed in 1992 and participated for the first time in a Greek demo party in 1995 (The Gardening 1995). They originally developed demos on MS DOS with Borland Turbo Pascal and inline 16-bit assembly. In 2003 they competed for their first time in an international event (Assembly 2003) and in 2005 they won that year's Assembly demo party. Since then they regularly compete in international demo scene events and have won many times [AWP]. ----[ 2.6 - Pentesting community Although we all like to pretend that the commercial penetration testing community has little to do with the underground, we all know that it actually has much to do with us. In Greece many, surely not all though, pentesters that work for security companies come from an underground hacking background. Others try to become part of the hacking scene in order to leech technical know-how, code and sometimes even ready-to-use weaponized exploits. Lately we have seen the emergence of a particular community of people that do a security MSc degree at a semi-respectable UK university (no need to mention it by name, it is well-known in security circles), return to Greece and pretend to know everything there is to know about "hacking". These people fail to understand the importance of the underground and their leeching behavior actively contributes to the demise of the already weak Greek scene. We all hope that Greek security companies will start to publish tools, give talks and generally support and contribute back to the underground hacking scene that has taught them so much in their early days. ----[ 2.7 - Open source related events The open source movement has seen a certain degree of acceptance and has gained several followers and evangelists in Greece. As part of this movement there have been several communities that have and still are organizing technical talks and events. Although these events are not primarily focused on security topics, there have been interesting security talks from time to time. The Software Libre Society at the University of Piraeus [SLS] deserves a special mention since it has been meeting on a regular basis and most talks presented there are of an acceptable to high technical level. ----[ 2.8 - Academia Last but not least, it's quite encouraging that Greek universities have recently started dealing with security more seriously. There are several opportunities for a student to do some serious research for a thesis, an MSc or a PhD that focuses on security both formally and practically. This is good news since a couple of years ago the phrase "applied security research" sounded alien to most academics. Namely, the Electrical and Computer Engineering Department of A.U.Th. (Thessaloniki, Greece) and N.T.U.A. (Athens, Greece) as well as the CS department of the University of Piraeus (Piraeus, Greece) are currently some of those places where one can treat security more academically. Another academic institute that is actively doing security research is ICS, FORTH in Heraklion, Crete [ICS]. Among their research topics are large scale malware analysis, the monitoring of Internet for malware traffic and malware epidemics. They have developed their own honeypot/honeynet software which runs on a host machine and binds several well-known ports that aren't used by the host. All the traffic that comes to these ports is forwarded to their own backend infrastructure for further analysis. Furthermore, they have recently started doing research on GPU-hosted malware. Unfortunately, due to certain narrow minded extremists that represent various political (and mostly partisan) views, Greek universities are still quite far from doing some real, valuable research and even further from collaborating with the very few capable security companies. Analysis of the Greek educational system is a very interesting topic that may teach you all how to respect the fact that you were born in a more civilized country :-) --[ 3 - Conclusion, what does the future hold The near future seems debatable for the Greek computer underground scene. The fact that it is so small means that it is flexible and adaptable, but also means that fragmentations and grudges between individuals can wound it gravely. The Greek scene cannot be forcefully resurrected, that would only lead to more mindless zombies with no motivation and no passion for hacking. We would like to conclude with a positive message and we feel that the conclusion of the "Underground Myth" article in issue 65 applies well to the current situation in Greece [UND]: "All that remains is to relax, to do what you enjoy doing; to hack purely for the enjoyment of doing so. The rest will come naturally, a new scene, with its own traditions, culture and history. A new underground, organically formed over time, just like the first, out of the hacker's natural inclination to share and explore." We hope you enjoyed this brief overview of the current state of the Greek security scene. Greets and thanks to the people that provided extra information on certain topics. You know who you are. Stay tuned for the second part of this article. --[ 4 - References [GRH] http://www.grhack.net/ [ARG] http://www.phrack.org/issues.html?issue=66&id=8#article [ITH] http://www.phrack.org/issues.html?issue=66&id=9#article [HUK] http://www.phrack.org/issues.html?issue=66&id=6#article [375] https://www.grhack.net/files/0x375/ [ATH] http://www.athcon.org/speakers/ [260] http://www.2600.gr/ [PWN] http://www.p0wnbox.com/ [XRL] http://xorl.wordpress.com/ [GRD] http://www.deus.gr/gardening.html [DMS] http://www.demoscene.gr/ [ASD] http://www.asd.gr/ [AWP] http://en.wikipedia.org/wiki/Andromeda_Software_Development [ICS] http://www.ics.forth.gr/ [SLS] http://rainbow.cs.unipi.gr/projects/oss/ [UND] http://phrack.org/issues.html?issue=65&id=13#article