_____________________________________________ / \ | ___________________________________ | | | | | | | | | | | | | | | | | | | | | _________| | | | | | / \ | | | | / \ | | | | / \ | | | |__________/ \__________| | | / | \ | | / | \ | | / | \ | | /______________|______________\ | | | | Computer Academic Underground | | | | Electronic Magazine | | #0005 | | 1215.96 | \ _____________________________________________ / ############################################################################## %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ============================================================================== ------------------------------------------------------------------------------ .............................................................................. Table of Contents Foreward General Announcement! Where CAU can be Found Viral Overview Plans of Revenge Hacking 817.485.XXXX My Finger Phreaking Disconnecta de payfone Closing NOTE: Sorry there's not much in this one, but hey, it's Christmas... (: ############################################################################## Foreward Welcome to CAU's 5th electronic magazine. I hope you've enjoyed our previous zines, and hope that you'll continue to read our releases in the future. I'm sorry for the delay of our fifth issue, but due to unforseen problems such as a hard drive crash resulting in the loss of 95% of my data, I have been extremely busy in the rebuilding of my system and have had very little free time of my own to work on the zine. Thanks go out to everyone that pitched in and contributed to this issue of the CAU zine. If you have read some of our previous work, your probably asking yourself some questions right about now, mainly "What happened?" In the next few paragraphs I'll attempt to explain... First of all, the format change. While our previous releases were pretty dos executables that scrolled and generally looked pretty, we have decided to change that. At first the zines were encrypted and put into an executable for one simple reason: We didn't want anyone changing the text that we released. I hope that by now we have earned at least enough of your respect as to make it so that no one will re-release our zine with their own modfications. The second reason for the format change is due to recent happenings in the 817 area code. CAU has chosen to de-associate ourselves with Scion Kai for reasons that I will not mention here. The third reason for the format change is to make our releases 'world readable' by everyone on every computer platform. By releasing 'plain text' zines, I believe we have accomplished this. Next we come to the Forward, which you are reading now. From now on, every zine will contain a Forward and Closing, written my me, the Editor. I hope this will improve the quality of our releases by giving our readers updates on not only the group, but everything we do. Finally we come to the name of our group. We originally adopted the name 'Computer Anarchist Underground' from a group in the 713 NPA when it died about 7 months ago. But that is not what CAU is about. We are about information, knowledge, and education. Our purpose is to attempt to educate not only ourselves, but the world around us. So CAU became the Computer Academic Underground, and that we will remain. I)ruid ############################################################################## General %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Announcement! I'm proud to announce that CAU now has our own server on the internet. We should have a domain name soon, but for now, you can connect to cau.psyberlink.net or 205.241.30.231 for our home page. The FTP site is not open at this time, but will be shortly. I)ruid %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Where CAU can be Found The purpose of this section is that I want to make it known where CAU and it's members can be found. This section should take care of that quite nicely... _______________________________________________________________ / \ | WHERE CAU CAN BE FOUND | /===============================================================\ | I)ruid root@cau.psyberlink.net | | Admin: cau.psyberlink.net | | Sysop: Paranor - 817.249.6716 | | IRC: Druid_817 | | Crimson Assassin root@crimson.fortworth.dfw.net | | Admin: crimson.fortworth.dfw.net | | IRC: Crimson_A | | Ultra Violet uv@leper.org | | Admin: chuck.leper.org | | IRC: uv, uv_ | | Fizban fizban@ttu.edu | | IRC: Fizban^ | | Jacknife jacknife1@juno.com | | Seven s3v3n@juno.com | | IRC: Seven, _7_ | |---------------------------------------------------------------| | CAU can usually be found in IRC on EFnet servers in channels | | #817 or #CAU | |---------------------------------------------------------------| | CAU's home page is http://cau.psyberlink.net | \_______________________________________________________________/ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Viral Overview Logic Bombs, Trojan Horses, Virii, Worms and Rabbits. Well by now if yir reading this you probablly already know what a virus is but, you may not know how it worx or what it does. I want you to know that most of this information came out of the book Practical Unix & Internet Security. A book you can pick up at any major book store. Logic Bombs. Logic bombs are programmed threats that lie dormant in commonly used software for an extended period of time until they are triggered; at this point, they perform a function that is not the intended function of the program in which they are contained. Logic bombs usually are embedded in programs by software developers who have legitiamte access to the system. Conditions that might trigger a logic bomb include the presence or absence of certain files, a particular day of the week, or a particular user running the application. The logic bomb might check first to see which users are logged in, or which programs are currently in use on the system. Once triggered, a logic bomb can destroy or alter data, cause machine halts, or otherwise damage the system. In one classic example, a logic bomb checked for a certain employee ID number and then was triggered if the ID failed to appear in two consecutive payroll calculations(i.e., the employee had left the company). Time-outs are a special kind of logic bomb that are occasionally used to enforce payment or other contract provisions. Time-outs make a program stop running after a certain amount of time unless some special action is taken. The SCRIBE text formatting system uses quarterly time-outs to require licensees to pay their quarterly fees. Trojan Horses Trojan horses are named after the Trojan horse of myth. Analogous to their namesake, modern-day Trojan horses resemble a program that the user whishes to run a game, a spreadsheet, or an editor. While the program appears to be doing what the user wants, it actually is doing something else unrelated to its advertised purpose, and without the user's knowledge. For example, the user may think that the program is a game. While it is printing messages about initializing databases and asking questions like "What do you want to name your player?" and "What level of difficulty do you want to play?" the program may actually be deleting files, formatting a disk, or otherwise altering information. All the users sees, until it's too late, is the interface of a program that the user is trying to run. Trojan horses are, unfortunately, as common as jokes within some programming enviroments. They often planted as cruel tricks on bulletin boards and circulated among individuals as shared software. Viruses A true virus is a sequence of code that is inserted into other executable code, so that when the regular program is run, the viral code is also executed. The viral code causes a copy of itself to be inserted in one or more other programs. Viruses are not distinct programs--they cannot run on their own, and need to have some host program, of which they are a part, executed to activate them. Viruses are usually found on personal computers running unprotected operating systems, such ass the Apple Machintrash and the IBM PC. Although viruses have been written for UNIX systems, traditional viruses do not currently appear to pose a major threat to the UNIX community. Basically, any task that could be accomplished through other, less difficult means. While UNIX binary-file viruses have been written as an intellecutal curiosity, they are unlikely to become a major threat. Worms Worms are programs that can run independently and travel from machine to machine across network connections; worms may have portions of themselves running on many different machines. Worms do not change other programs, although they may carry other code that does (for example, a true virus). We have seen about a dozen network worms, at least two of which were in the UNIX enviroment. Worms are difficult to write, but can cause much damage. Developing a worm requires a network environment and an author who is familiar not only with the network services and facilities, but also with the operating facilities required to support them once they've reached the machine. Bacteria and Rabbits Bacteria, also know as rabbits, are programs that do not explicitly damage any files. Their sole purpose is to replicate themselves. A typical bacteria or rabbit program may do nothing more than execute two copies of itself simultaneously on multiprogramming systems such as linux or UNIX, or perhaps create two new files, each of which is a copy of the original source file of the bacteria program. Both of those programs then may copy themselves twice, and so on. Bacteria reproduce exponentially, eventually taking up all the processor capacity, memory, or disk space, denying the user access to those resources. MaJeSTiK i2 TRiCK %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Plans of Revenge Ok well this is uv again... Not much to the cau mags in the late. Probably cuse we are too damn busy with stupid stuff like relationships etc etc (least thats my excuse for now) any way.. here is the story: One day me(uv) was walkin down a hall up at muh skewl(dressed in muh favorite cordiroy jacket, back nails, eyeliner ready to go do sum crazy stuff on a friday afternoon) when this kid sittin next to the wall calls me a homosexual!(using a much lower level of vocabulary) any way... this doens't piss me off I go off to muh girrlie girl I was gonna go talk to. On my way back 10 mins late for class.. he is still there waiting for me. Again he persists in threating my sexualitly. THe thought of him doing this makes me giggle in ways I wish not to explain. Well to see what Happens I respond to this verbal assault with a frase that lacks class or intelegence, FUCK U! :) any way he continues to say "Do you know who I am??" in a surprised manor.. I of cource come back with a much more intelegable responce, he goes on to attempt to trip me..(u member the third grade trick where you attempt to trip some one by kicking the back of thier feet) this made me laugh aloud.. any way.. that seemed to piss the kid off just alittle more than I knew.. The following friday: Welp all had been well and I was on my way home... Then the kid and 2 of his 'friends' follow me home in thier little red pickup.. and they continue to verbally assault me(I was having a ball) any way.. finnaly after a little mockin on my part I guess the kid felt like he had to defend his pride so he continues to follow me ( we passed muh hose bout 5 houses down, to fun to go home) he gets out and asks if I am gonna call the cops as soon as I go home.. I say "do I have a reason to?" him: "yea when I clock you ( guess thats means punch)" me: "again do I have a reason to notify the police?" he didn't like that.. so he did what I expected him to.. heh he hit me.. HAH.. I could help but laugh.. and his firends felt the same way.. His face got red as hell.. and I found out that seinors aren't all they are crack up to be...heh.. so now what I want is ideas to piss the kid off more.. though this has nothing to do with cau or hp in general it kould eventually.. I have a few ideas of my own.. but I'd like some feed back.. so if you kids have any ideas.. mail me : uv@druids board uv@cau.psyberlink.net uv@crimson.fortworth.dfw.net uv@leper.org l8r uv ############################################################################## Hacking %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 817.485.XXXX 485-7201 485-9818 485-9587 485-7289 485-9972 485-4905 485-4205 485-1422 485-5412 485-1653 485-0649 485-8841 485-7793 485-8112 485-5540 485-3087 485-0803 485-8303 485-5481 485-2564 485-3827 485-1716 485-3070 485-0865 485-8843 485-2537 485-2117 485-2435 485-9916 485-6693 485-3276 485-3497 485-4841 485-2587 485-2547 485-7905 485-3340 485-1045 485-9084 485-3136 485-4413 485-6379 485-0475 485-8895 485-3177 485-0147 485-7759 485-8924 485-5963 485-7552 485-7118 485-9276 485-9256 485-9971 485-3120 485-2042 485-6609 485-8672 485-4097 485-8817 485-0956 485-5574 485-9893 485-5043 485-1358 485-2739 485-6906 485-2467 485-5207 485-2328 485-6558 485-3361 485-7612 485-6371 485-9936 485-4021 485-2401 485-2380 485-5062 485-3107 485-4950 485-9945 485-1395 485-9682 485-3190 485-1867 485-5645 485-9698 485-3204 485-6489 485-1148 485-3175 485-3015 485-2577 485-7908 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% My Finger I would just like to take this time to point out (no pun intended) the finger command. It seems that alot of people of late have no clue whatsoever what the finger command is capable of. While I will not go into detail of the extended uses of the finger command (I'll leave that up to the ones that wish to educate themselves), I would like to point out the basic uses, and cite a short example that happened to me lately... First of all, finger can be used to simply see if a user exists on a certain server or site, and return some information about them. Some sites, however, have finger querries disabled from the general public and only allow finger querries from certain domains. One thing I have found (which you will shortly see in the example I am about to give) is that universities and schools are extremely loose on the type of information that they give out about their students through finger querries. I was sitting in irc one day, minding my own business, and up comes some ass-hole that thinks he's a big, bad, irc warrior. So he floods me off. Now that normally dosn't bother me too much, but what got me a little pissed was when I rejoined irc to find that he had stolen my nick. Now I don't use a common nick, I use `Druid_817'. When I first started in the irc scene, I chose to use just `Druid'... now of cource that was kind of broad, and of cource other people wanted to use it. So I became `Druid_817': A nick that no one would use. Anyway, he pissed me off, so I decided to do a little info gathering. First, I simply did a /whois in irc to get where he was coming from: /whois Druid_817 (irc) --------------------------------------------------------------------------- *** Druid_817 is ajk2@Isis.MsState.Edu (The big Cypress on top of the Hill deep in the gra) *** on channels: #phreak *** on irc via server irc.ionet.net ([208.129.64.25] with new improved ingredients) *** Druid_817 is away: Druid_817 Hes sinking under the ocean waves... Okay, so we had a colledge boy... I remembered that colleges seemed to like finger, so I pried a little deeper: /finger ajk2@Isis.MsState.Edu (irc) --------------------------------------------------------------------------- Login name: ajk2 In real life: Andrew J. Keith Directory: /home/ce/ajk2 Shell: /bin/tcsh On since Nov 26 04:42:27 on ttyp5 from Port32.TS2.MsSta 30 seconds Idle Time Mail last read Tue Nov 26 02:09:34 1996 No Plan. Now here we can see that the real name on the account that this guy was using was Andrew J Keith. We can also see that he is connected to Port32.TS2.MsSta, which if were allowed to continue would finish Port32.TS2.MsState.edu. So we finger a little deeper (whoa, this is getting sexual): finger @ts2.msstate.edu (shell) ----------------------------------------------------------------------------- Line User Host(s) Idle Location 0 con 0 idle TS2 console 1 tty 1 Async interface 0 325-0352 4 tty 4 RA 0 325-0355 6 tty 6 Async interface 5 325-0357 9 tty 9 Async interface 4 325-0360 21 tty 21 Async interface 0 325-0372 29 tty 29 idle 0 325-0380 32 tty 32 Async interface 0 325-0383 39 tty 39 Async interface 0 325-0390 42 tty 42 Async interface 0 325-0393 63 tty 63 Async interface 0 325-0349 * 66 vty 0 idle 0 FW-166-1.FASTLANE.NET This type of finger response I have noticed from MANY universities and schools that I have happened to send a finger querry to. Now from this interesting finger response we can see what appears to be, what is this?!? PHONE NUMBERS?!?!? and each phone number associated with a seperate tty... now from the previous finger, we know that he was connected to port32... now that I had a 7 digit phone number associated with his tty, I decided to find out what the number was for. Now I'm not too smart, and I have no idea what area code Mississippi State is in... so we do a little web browsing: http://www.msstate.edu (lynx) ------------------------------------------------------------------------------ Mississippi State University Mississippi, 39762 NPA: 601 Allright... 601.325.0383 so I called it: Dialed: 601.325.0383 (phone) ------------------------------------------------------------------------------ Recieved: Busy Signal Well, it's busy. That's a good sighn. Now I still had no idea if this was the guy's dorm room number or what, so: Operator Assisted Line Interuption (AT&T) ------------------------------------------------------------------------------ When broken in, was indeed a data connection. Well, it was data, and when I broke in, the man with my nick promptly dropped his irc connection. I later found out that the phone number that I had broken into was the dial in to the university's internet service. Mississippi State did not have very good quality roll-overs, so instead of taking his connection to the next avialiable line, it promptly dropped his connection. After all this I was getting a little pumped, so I decided to just go wakky-crazy on his ass: http://www.switchboard.com (from lynx) Querry=Keith in Mississippi ------------------------------------------------------------------------------ Keith, A Highway 12 W Durant, MS 39063 (601)653-4157 Keith, Andy Po Box 941 Verona, MS 38879-0941 (601)###-#### <---- Number Withheld because He didn't piss me off THAT much.... So i used a little logic and assumed that the one with the P.O. Box was the college student. So I called him and bitched him out a bit... Anyway. After reading this quick review of what I had accomplished with just the finger command in under 15 minutes, maybe some people will stop coming to me to get people's info on irc, and start working for themselves. I)ruid ############################################################################## Phreaking %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Disconnecta de payfone This is a little story about how me and muh bud Canteen boy disconnected a pay fone. One day me and Cb were pimpin at the mall and he got a page.. so we go off to find the nearest swb pay fone(for obvious reasons).. finnaly after searching half the freakin mall we find one.. Well there Cb is pluggin in da "coins" when the op comes on and starts to bitch.. About this time a couple girlie girls walk in.. I noticed they were staring at Cb and his "bag o coins".. Any way after the Op bitches a little more we deside to let the girlies use the fone(besides thats what they were there for).. then one says: "Your hackers aren't you?" us: "what???? whats a hacker??" them: "yea... thats what you are.. don't lie.. (the funny part) I SAW THE MOVIE I KNOW EXACTLY WHAT YER DOING" at this point I couldn't help but laugh muh ass off .. Cb felt the same... well going back to business we persisted to piss of the operator.. us: "U know we're not gonna pay for the call, so why dont you just put it though" her: "There isn't a way to make a call for free" heh.. little does she know.. Then we start bitchin a little more.. and finnaly click.. there you have it.. she disconnected the pay fone?!?! hehe.. not exactly on the general topic.... but if you have no better means to do it this is a fun way to disconnect pay fones... for a temp time... -uv btw- the girls didn't like the fact they couldn't use the fone ############################################################################## Closing Well, I hope you have enjoyed our fifth release to the public, and will continue to search out and find our future releases. As always, we are open to all forms of feedback, good or bad, and we do want to hear from you. We are also open to article submissions, as we believe that anyone should be able to write if they choose to, and we would be happy to publish (as long as space allows). I personally have been getting alot of feedback already, and am thinking about starting a letters section in the zine. Also because of this, i have opened 3 e-mail accounts on my bawx to support the zine: zine@cau.psyberlink.net General Feedback letters@cau.psyberlink.net Letters articles@cau.psyberlink.net Article submissions ############################################################################## ____ ____ __ __ / \ / \ | | | | ----====####/ /\__\##/ /\ \##| |##| |####====---- | | | |__| | | | | | | | ___ | __ | | | | | ------======######\ \/ /#| |##| |#| |##| |######======------ \____/ |__| |__| \______/ Computer Academic Underground