home *** CD-ROM | disk | FTP | other *** search
-
- LLLLLLL OOOOOOOOOOOOO LLLLLLL
- LLLLLLL OOOOOOOOOOOOO LLLLLLL
- LLLLLLL OOO OOO LLLLLLL
- LLLLLLL OOO OOO LLLLLLL
- LLLLLLL OOO OOO LLLLLLL
- LLLLLLLLLLLLL OOOOOOOOOOOOO LLLLLLLLLLLLL
- LLLLLLLLLLLLL OOOOOOOOOOOOO LLLLLLLLLLLLL
-
- information exchange
-
- Prez DeadWhorse
- Prez Devil Locke
-
- e-mail lolie@freenet.hut.fi
-
- web: http://www.inmind.com/people/therock
-
- irc channel #lolie
- nick DedWhorse
-
- The Leigon of Lame information Exchange.
-
- The LoLie is a service provided free of charge to anyone with an e-mail
- account and an interest in computer security, freedom of information,
- and censorship.
-
- The LoLie is a forum where people can submit articles on almost any
- topic, as long as it relates to computers. The LoLie was set up to
- cater to people interested in computer security, networking, phone
- system security, etc.
-
- If you would like to recieve LoLie at your e-mail address, send a
- message to lolie@freenet.hut.fi LoLie depends on reader submissions.
- To keep LoLie the higest quality possible, you, the reader needs to
- write and submit articles, on whatever topic you specialize in. All
- supporting authors will be given credit.
-
- In this issue:
-
- Unix mail system security. -DeadWhorse
-
- NUAs revisited -DeadWhorse
-
- Directly accessing Direct access. -DeadWhorse
-
- AOL for dummies -Devil Locke
-
- --------------------------------------------------------------------
- Unix Mail Security
-
- There are many ways to get mail from a unix machine connected to
- internet. Normally you dial in and get your mail from a unix shell of
- one type or another. If you have a SLIP/PPP connection, you can use a
- mail client, which uses POP to get your mail, and SMTP to send it. The
- advantages of using a mail client are more than just nice pretty
- windows. If an account has a login, but the mail access is blocked for
- sending and recieving mail, i.e. guest accounts, then you can use that
- account to recieve and send mail.
-
- In your mail client, just put all the info for that account, if
- the account has no password, then there is no way that I know of to use
- it for mail, but most guest accounts have simple passwords, like the
- same as the login. If you are a sysadmin, and would like to block
- people from using low access accounts for mail, all you have to do is
- have no password. Most freenets have low access guest accounts of this
- type.
-
- Your mail client can also get mail from accounts which have
- "expired", but have not been deleted. You cannot log on the expired
- account, but if you finger it, it is still there. If you try to su to
- the account, it will tell you that the account is expired. Just use the
- account info in your mail client, and through the magic of POP, you can
- get to your mail. I believe you can send mail from the expired account
- too, someone e-mail me and tell me if it works. The most simple way to
- prevent this type of access is to change the password on the account
- before you expire it.
-
- Misc Mail info
- POP port 110
- SMTP port 25
-
- I'm sure you all know fakemail, so I won't go into how to do it with a
- mail client.
- -DW
- ----------------------------------------------------------------------
- NUAs Revisited
-
- Well I know NUAs are an OLD subject, but there is some little
- useful things that I have found. If you don't know what an NUA is, I
- recommend you read the old LOD/H guides. But on to the useful stuff.
- If you need the date and time, connect to 2151067, once you get the date
- and time, just disconnect, I'm not real sure what the computer is, if
- anyone wants to write an article on it, go right ahead. I have found
- the NUA that AOL uses to connect to the host is 83420178.83*windows 0001
-
- fter it connects, it just sits there, waiting for the aol client. If
- anyone wants to write their own version of the aol client, one that
- doesn't crash every ten minutes, and that takes less than ten minutes to
- load, again go right ahead. <G>
- -DW
-
- ------------------------------------------------------------------------
- Directly Accessing Direct Access.
-
- Direct access 5.1 is a popular DOS shell program, which is often
- used to control access to the dos prompt in a stand alone, and a
- networking environment. Usually the program is run from autoexec.bat,
- and if the person doing security has done his/her job right, then
- switches=/n is in config.sys, and floppy booting is disabled in CMOS.
- This locks up the computer pretty tight, and Direct Access is usually
- passworded on exit to dos, dos commands, maint, etc. The weakness in
- direct access is that when you press F10 and the enter password box pops
- up, DA reads the password into memory, in ascii. So the trick is to get
- your handy dandy TSR memory explorer into RAM. If you ever get a dos
- prompt on the computer, even a shell, you can load your memory TSR, and
- then load DA. Then it is a matter of hitting F10 to exit, and when the
- dialog box is on the screen, hit the hotkey of your mem explorer, and do
- a search for Enter Password. Once it finds that in ram, the password is
- usually not more than 50 bytes or so in either direction, you need to
- look a little for a string that looks like a password. You can repeat
- and get all the password on the system this way. This info is from the
- mem explorer I use. It is freeware I think.
-
- (NOTE: Direct Access is (c) Fifth Generation Systems, Inc.)
-
- Exerpt from doc file:
-
- {
- MEMORY 4.3
- Claudio Capiluppi
- University of Padova - ITALY
- caps@hal.stat.unipd.it
-
- Memory is a resident RAM explorer for DOS environment, which allows to
- understand interactively what a host process is doing and how it works, by
- means of several analysis functions.
- }
-
- Do not flood this guy's box with mail, i can send you a UUencoded
- version if you can't find one on the net. I think AOL has it in their
- libraries. Do a search on his last name.
- -DW
-
- --------------------------------------------------------------------------
- AOL For Dummies
- The Slightly Less Moronic Edition
-
- -by Devil Locke
-
- Ok, everyone in the entire world has gotten an AOL disk at some
- point in their natural-born life. Since around a year ago, it has
- become a natural law, much like that of gravity, that you will get a
- free trial disk on an average of once every month or so. But, AOL is
- useless, right? It's just a run-of-the-mill overpriced, lamer-ridden,
- online service, much like Prodigy and the rest of it's ilk, right?
-
- NOT SO! America Online is useless to anyone who is a moderately
- good "hacker", or anyone with an ounce of self-respect, BUT it's a
- great place where one could learn some of the qualities one needs to
- ever be a "hacker", such as patience, and caffeine/alchohol overloading
- during a night spent with utterly no re- sults. It's easy to get
- access to, and yet difficult to actually do anything you can brag about
- to your friends on.
-
- The first step one could use in accessing AOL is to use a fake
- checking-account # (note: the routing # must exist) to create an
- account that wont be connected to you, and then ask people for their
- passwords until the account gets logged off for violating AOL's rules.
- Trust me - there are people that stupid out there! Then you will have
- an account that will last a minmum of a few weeks, and you can start
- having epilectic seizures waiting for the hourglass to go away, when
- you logoff. (The log-off procedure has been known to take as long as 8
- minutes and 34 seconds on my DX-4/100, due to cheesy AOL coding) Log
- back on as one of your phishes, and then you can start having fun.
-
- If ya want to explore AOL, the first thing you need is a copy of
- Master.aol which ya can find in a 'warez' private room because with
- master.aol, you can invoke places that have no keywords, or anything
- like that.
-
- The first thing ya have to do, is find a database invoke #. To get
- one you can either generate number's off of the top of your head until
- you find a place that is there, or you can get a list of cool ones in a
- warez room, and be lazy.
-
- Once you've found one, just click on everything, and fuck around.
- The won- derful thing about an online service that has billions of bugs
-
- in the s/w is that some of the shit doesn't work for employees. That
- means that AOL has to jury-rig links to some of their inner-employee
- shit. For example, AOL has something called the America Online
- Resource Center, for employees. You can check out all the betas and
- shit that hasnt been implemented yet, download AOL training class logs,
- and stuff like that. You cant get to it because it has a security flag,
- and you have to have an 'internal' account to access it. But, at some
- point, their whole 'internal' system wasn't working, because through an
- online-technician-training area that you can access through an employee
- area of their Destination:Florida area, you can get to it, by clicking
- on a link to it that has no access requirements due to the fact that
- their other links to it weren't working. So you can find little
- backdoors like that all over the place on AOL. It's a great way to
- pass the time when you're wasted and bored.
-
- You can also find all kinds of strange things, and interesting
- things, and the 'flavor' of hacking is still there - that's what
- hacking is all about, right? Getting something you shouldn't be able
- to get to, through use of your intelligence and knowledge...the thrill
- of the hunt sorta thing. And on AOL, that's still there, it's just
- easier to accomplish. Hence, AOL is a great training ground for
- aspiring hackers, and bored drug-fiends alike.
-
- But what else is there to AOL? Well, guess what - there IS more!
- The AOL users are so absolutely moronic that one can employ that
- 'asking for pws technicque' (referred to as 'phishing') to credit
- cards. Hence, an unlimited supply for carders and their ilk. Also,
- with a CC from AOL, you can get an acct with a REAL internet provider,
- like, I dunno, NetCom or something, and from there, proceed to more
- enjoyable hacking (that, I might add, doesnt have as much lag <grin>).
- And you can meet new friends in the America Online virtual
- cyber-community! (just kidding).
-
- I hope this was of slight use to some moronic fucker out there.
-
- Layder.
- Devil Locke.
- ------------------------------------------------------------------------
-
- Aol for Dummies addendum
-
- -by Dead Whorse
-
- In case you didn't know, you can download the aol version of winsock in
- the winsock forum, and then you can use any winsock client with aol. The
- only catch is that Aol blocks access to most connections. You can use
- POP to check mail, but you can't use smtp to send it from Aol, stuff
- like that. One good thing is that you can use a telnet client to connect
- to a real ISP.
-
- Note: just put the aol winsock.dll in the client's directory, no need
- for tcpman.
- -DW
-
- ------------------------------------------------------------------------
-
- Well that's all for this issue, submit something, and you can be part
- of the next issue.
-
-
- ading slowly away.....
- LoL information exchange. Issue 1. 03/03/96
- -EOF-
- <HTML>
- <p><a href="http://www.inmind.com/people/therock/main.html"> Back to Main Page </a></p>
- </HTML>
-
-
