I always wished, and always will that I would have the pleasure to own
all the bell equipment. And so I decided that I would make a checklist of all
the equipment that I knew of, well then the thought came to mind, I bet every-
one else would enjoy it do. So here is a dictionary of all Bell equip that I
know of, if I missed something find me on dal.net in #npa, #phreaks, or where-
ever I am.
DICTIONARY
----------
Bell 11mm, 3/8= A single driver, an 11mm on one end and a 3/8 on the opposite
Bell Blue= Scematic blue prints of a specific areas' wiring system
Bell Emitter= A box that emits signals for the Bell Wireless Tester, it is a
tester, for the tester.
Bell Hard-Hat= Ummm... let me think...
Bell Hex= An allen wrench that has a hole drilled in the center.
Bell Lap= A piece of crap with a 1200 kbps and shit mem. Contains Bell 800
bbs #'s and other useless programs.
Bell Tester= Uses light too represent voltages, 10-12, 0, 48, etc.. Has
modular and clips.
Bell Thing= A large steel piece of equip which conects pieces of plastic
holding copper wires in the center (between the 2 plastic things)
___________________________
| |
|***************************|
|___________________________|
(cont..) there by keeping the wires with there group & reducing "Jumbbled Up"
wiring.
Bell Wirerless Tester: Uses tones to represent voltage.
DRACON: A Bell linemans hand set with attached Beige. Some dracons contain 4
extra buttons, rcl, snd, ect... Name recived due to the fact that they are
made by the Harris Dracon Co.
___
FILE WROTE BY: Kosmos, for, |\ | | \ |\ AMD FOR EVERYONE THAT WISHES TO
| \ | |___/ |_\ LEARN.
| \| | | \
REMEMBER, if I left somthing out, no matter what it is, find me and tell me.
Advanced CGI Exploitation Techniques
By: IsolationX
Common Gateway Interface (cgi) is a type of scripting language. Cgi is not its "own" language, it is a combination of perl, C, and shell commands. Cgi scripts are normaly stored in the /cgi-bin/ directory, this directory is exacutable via http. When there is not a /cgi-bin/ directory it is normaly due to the admin changing the location of where the scripts are held or the server does not support cgi. Cgi is commenly used for webpages but it can be used for many more types of things. Since cgi is very commen it will, of course, produce major security flaws. These flaws are normaly do to a amature scripter who knows very little about cgi and the security aspects of it. Thus I have decided to write a indepth artical on cgi security and the ways to exploit it. Lets begin.
Lets say you stumble onto Ms. Marry's webpage and it contains the following form...
This is a simple form that asks the user to input a message, which is sent to a script called form1.pl. Lets say that in the source of this script contains the following line (assume that the variables have already been parsed out of the input stream)....
This puts what the user has entered into a temp file, then e-mails it to Ms. Marry. Consider what you can do with this script. Here is one way you could do exploit it http...
<input type = "submit" value="Get the passwd file">
</form>
I have just demenstrated a 'system call hole'. The "system" call in perl, spawns a Unix shell and, in this case, exacutes the commands in the 'value' field, mailing the passwd file to hacker@host.com. Just for refernece, the semicolons in the 'hidden value' field act as delimiters, which separate the commands.
Any cgi system call is inherently exploitable if not correctly coded (which it rearely is). Consider the following line of code within a cgi script...
print `/usr/local/bin/finger $userinput`;
This could be taken advantage of by using the same type of maliciuos input as before. In genral if any of the following characters are included in a system call it is most likely exploitable in some means.
; > < & * ` | $ #
Anyway, enough on system calls, lets move on.
Opening a file on a system remotely is always a plus for the hacker, so let me show you a quick example of how to get read access to a most any file on a system by exploiting a small script. Say that you are writing a script that stores a message based on the username of the user entering it, and you add the following line to your script...
open(FILE,"> /usr/local/message/data/$username");
Well what if the user was to type in ../../../../etc/passwd as his username? You would, ofcourse, get read access to /etc/passwd. Simple enough but very affective, need I say more...?
A good trick to know off hand is to subvert the systems variables to point to a trojan horse in another directory. Here is a quick and pretty straight forward line of code that is volnurable to this type of atack...
system("finger $untained_user");
Now I have been talking about the code for the cgi scripts and you are probaly thinking well how the hell am I going to get the code for custom scripts in the first placeLets say that Mr. Johnson just wrote a cgi script in EMACS or a simamler type of editor. Well when you write cgi scipt in one of those types of editors it automaticaly creates a backup of the file with the extention of ~. Now that you know this (I hope you did know this before now) you can sometimes stuble apon the source of custom cgi scripts and check them for voulnerbilitys.
Before I go let me say, allways watch for scripts that query a file on the remote system... It can be used to view files on that system (e.x. /etx/passwd or /etc/shadow). A example of this is the infamouse 'phf' bug. Anyway Keep it together.
Be Cool,
IsolationX
D. Operating Guide For Octel Voice Mail Systems
--------------------------------------------
Written By: De-Format
Ok... lots of companys use Octel as thier voice mail OS... and it's
pretty basic to operate. But there's some things within Octel that aren't
well known of. This file was written mainly for people who are just
experimenting in the voice mail field, or who wish to persue into it, and are
just starting. However, some "veteran" VMB hackers may wish to read this
also, it's all you really need to know about Octel.
Table Of Contents
-----------------
1) How you know you have an Octel VMB system.
2) The complete list of Octel commands.
3) Further explanation of selected Octel options.
4) General tips.
5) How you can reach Octel.
1) How you know you have an Octel VMB system.
---------------------------------------------
Most companys only put up there 1-800 VMB system after work hours, but
sometimes you'll get lucky and come across an automated system thats up 24
hours a day. So you call the 1-800 number, once you hear the greeting, press
the # key. If you get some bitchy voice saying "Please Enter Your Mailbox
Number", then you've probably got an Octel. (You'll recognize the voice from
other places) Now it's all upto you. There's a million and one ways you
can get someone's mailbox number and sometimes even their password. Phone up
during business hours and get connected to some company worker, tell them your
the sysadmin and tell them the voice mail system had some sort of crash, or
start asking them question about the company and tell them you want to leave
them a message. (Get their box and your all set, you just have to hope they
have a default pw, or you can scan a bunch of nums until you find some un-used