_____________________________________________
/ \
| ___________________________________ |
| | | | | |
| | | | | |
| | | | | |
| | _________| | | |
| | / \ | |
| | / \ | |
| | / \ | |
| |__________/ \__________| |
| / | \ |
| / | \ |
| / | \ |
| /______________|______________\ |
| |
| Computer Academic Underground |
| |
| Electronic Magazine |
| #0012 |
| 1015.97 |
\ _____________________________________________ /
##############################################################################
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
==============================================================================
------------------------------------------------------------------------------
..............................................................................
Table of Contents
Foreward I)ruid
General
Member Listing
817 2600 Meeting I)ruid
The Hatters Manifesto MrMadness
Modular Website Design I)ruid
How Big Brother Watches Us broken-
Hacking
GTE CyberCenters I)ruid
Phreaking
Tricking SprintConf I)ruid
Closing I)ruid
##############################################################################
Foreward
Kinda ironic, in last zine's Forward, I stated that we weren't one
of those groups that puts out a few zines and then gives up. And then we
didn't put out an issue for a couple months and it seemed as if we had
given up. No, we did not give up, the hard drive on the CAU server
crashed and burned. I lost the entire website, which I am now rebuilding
from scratch, all the previous zines (which I was happy to find out that
yes, people actually read them and had them on their personal machines so
I could get them back), and a LOT of my own source code. Don't worry, it
set us back a bit, but i'm planning a BIG release of some high-tech
security tools and applicatons soon, such as a unix port of PageIt! (the
old app i wrote for the DOS platform) and a few others which I will not
mention here.
Also, CAU has a new domain: caughq.org. Our website can be found
at www.caughq.org. I will be re-designing the CAU local area network to
allow us to code/test our applications before release and make a better
general learning area for us as well as our associates. We also now
control cau.net, which I am using basically for the CAU Global Network, by
assigning hostnames in the cau.net domain to anyone that has a static IP
and wants to join the CAU Network. Resistance is futile, you will be
assimilated... Check the website for infoz on how to join.
Also in the news, a member of The CAU has been arrested and is
being accused of a lot of bullshit. He was raided by local police, and a
few people from the local scene have been interrigated, and a lot of shit
has gone down since you have last heard from us. But no, a simple raid or
arrest will not make the CAU disband, it will NOT shut us up, we are here
to stay, and they will have to cut off all my fingers if they want me to
stop producing this zine, for hackers, by hackers. And if they do (in
their biggotist governmental way) find a way to cut off all my fingers,
they will have to cut out my tounge because I can garuntee that I will NOT
shut up about it. The Fort Worth Star Telegram has put out 5 articles so
far on this case, as well as the Dallas Morning News. Hopefully it'll go
national, although probably not, and we can open some people's eyes to the
facts. Now that I've stated my opinion on the whole thing, here's what
acually happened:
Flash Net Internet Service Provider in Ft. Worth got hacked. No
credit card files were taken, no login or password files were taken, the
only thing changed was the web page. A hat was put on the flash net logo,
a big, poofy, Dr. Seuss hat. That and the phraze "All we got to say is,
We got HATS now!" No profanity. No sexually explicit graphics. The
remainder of their main webpage was left untouched (you can view this
without the niphty graphics at: http://www.flash.net/index2.html and if
we can get ahold of the graphics again, a reproduction of the page will
appear on the CAU website), and the person that did this is facing a
possible 2 to 10 year prison sentence and a fine of up to $10,000. Now if
YOU think that 2 to 10 is COMPLETELY AND OUTRAGIOUSLY ABSURD for putting a
Hat on a logo on a webpage (misdemeanor graffiti), then you share the same
opinion as a LOT of people, but not the same opinion as Flash Net and the
Authorities. I urge EVERYONE to call The Fort Worth Star Telegram at
817.390.7400 and express your opinion and donate to the defense fund, or
call Flash Net at 817.332.8883 or 817.332.8863 and tell them that they
suck a big fatty. Anyway, that's all for this month, so I'll get off my
soap box now and continue to compile this zine.
I)ruid
[ EDITOR'S NOTE: After writing the forward, I found out that the charge
has been upped to a second degree felony at $35,000 and 10 to 20 years in
prison. Now if you don't find that completely absurd, stop reading this
and burn your computer right now, because you don't deserve one. ]
##############################################################################
General
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Member Listing
Handle IRC Nick E-Mail
--------------------------------------------------------------
I)ruid I}ruid druid@caughq.org
uv uv_ uv_817@hotmail.com
Crimson Assassin Crimson_A crimson@caughq.org
Fizban Fizban^ fizban_cau@hotmail.com
int3l int3l int3l@caughq.org
Sublime sublime sublime@caughq.org
--------------------------------------------------------------
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
817 2600 Meeting
First Friday of Every Month
6:00pm until 9:00pm
Cafe Cybre
481 Harwood Road
Hurst, Texas
Phone: METRO: 817.268.0060
So Be There!!
I)ruid
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
The Hatters Manifesto
Another hat got worn today, it's all over the papers. "Teenager
Lives Life in a Fish Bowl", "Second Hacker Arrested in Hat Hacking"....
damn kids. They're all alike. But did you, in yo' three piece suit, and
$20.00 shoes, ever take a look at whats behind the hat? Did you ever
wonder what made his ass tick? What hoes chapeau'd him, what molded him?
I have a hat, enter my world... Mine is a world that begins with horton
hears a who and the cat in the hat... I'm smarter than most of the other
5th graders, this niggah can read about hozzels and dweezits.... damn
underacheiver, they're all alike. I'm either high or real high. I've
listened to mo'fuqahs explain for the fifteenth time how to cut a
crackrock. I understand it. "No Mr Smith, i didn't shoot it up, I ate it."
Damn kid... probably snorted it. They're all alike.
I made a discovery today: I got some hats now. Wait a second,
this is cool. It does what I want it to. If it falls off, its because I
fell, not because it doesn't like me, or feels sweated on by me, or thinks
i'm a smart ass, or doesn't like preaching and shouldn't be here... damn
kid... all he does is want to wear pants... they're all alike. And then
it happened... a door opened to a world... rushing to my head like heroin
through an addict's veins, an electric pulse is sent out. A refuge from
the day-to-day incompetencies is sought... A hat is found. This is it...
this is where it belongs. I know everything here... even if i've never
worn them, never played with them, may never wear them again... I know it
all... Damn kid. Taking the hats again. They're all alike.. you bet yo
mo'fuqn ass wez all alike... We've been spoon fed with baseball caps when
we hungered for big hats... The bits of the hats you did let slip through
were stanky and nasty. We've been dominated by anti-hatness, or ignored
by the apathetic. The few that had something to wear found us wearing
pupils, but those are few like hats on a sad sad day...
This is my hat now... The hat with the stripes and the dots, the
booty of the broad. We make use of apparrel already existing without
paying for what could be dirt-cheap if it wasn't run by profiteering
gluttons, and you call us niggahs. We explore... and you call us niggahs,
we exist without skin color, without nationality, without religious
bias... and you call us niggahs. You build atomic bombs, you wage wars,
you murder, cheat, and lie to us and try to make us believe it's for our
own good, yet we's niggahs.
Yes, I am a niggah. My crime is that of being different. My
crime is that of judging people by the kind of hat they wear, not what
they act like. My crime is that of outsmarting you, something you will
never forgive me for. We got some hats now, and that is something you
will never forgive us for. You may get my hat, but you can't get them
all... after all, theyz all alike...
MrMadness
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
This is a reprint of an article from CScene #3 :
http://www.ccs.neu.edu/home/cloder/cscene/
------------------------------------------------------------------------------
Modular Website Design Using CGI
First of all, i would like to state that this is more of a design
article rather than an article about C, even though all code used in this
website system was coded by myself in C. I won't necessarily go into code
unless there is a specific reason, and if your not familiar with basic
CGI, i would suggest reading the article "CGI Tutorial" by Brent York in
Cscene #2, and also the book "CGI Programming on the world wide web" by
O'Reilly & Associates, Inc.
To start off, let me explain the theory behind this websystem.
The general idea is to minimize the size of the entire website so that it
takes up as little space as possible, while also making global changes to
the entire website possible with minimal effort. I have seen some systems
that were similar, but none really did exactly what I wanted to do. The
way I designed this system was to have a central CGI that runs the entire
site. What this CGI does is simply check to see what it's name is, then
based on it's name, grab chunks of html from given directories. The
directory structure I use is:
/www/cgi-bin/headers/
/www/cgi-bin/breakers/
/www/cgi-bin/html/
/www/cgi-bin/footers/
In each of these directories there is a file simply named "default". Now
I'm getting a little ahead of myself. First of all, we have the main CGI
that grabs chunks of html, puts them together, and sends them via printf()
to the webserver. I chose to name my engine "webit". Let's say that I
want to create my main index page. I would create a link to webit called
"index". Now for the main index page, you obviously have to set up your
server to use the CGI as the default index and not look for index.html.
My system only uses document root for such things as maybe an images
directory or a files directory; ALL of the html is stored in chunks in the
cgi-bin directory. If you do not know how to ScriptAlias your server to
use a CGI as the default index page rather than index.html, I suggest you
read the helpfile or FAQ for your webserver.
Ok, so now we have our server pointing to /cgi-bin/index as the
default index page. Let me explain what index is and does.
/cgi-bin/index, as I have said before is a link to webit. When the server
executes /cgi-bin/index, the first thing it does is check it's name
( argv[0] == "index" ).
The first thing it outputs is the Content-Type line (once
again, refer to CGI Tutorial in Cscene #2), and then looks at the
/www/cgi-bin/headers/ directory. If there is a file that matches it's
name (in this case, "index" ), the webit engine will grab that file and
send it to stdout. If there is not a file that matches its name, it grabs
the file called "default" and sends it to stdout. If "default" does not
exist, a hardcoded version is sent to stdout.
Here is a quick example of how to do this:
sprintf( deffilename, "/www/cgi-bin/headers/default" );
sprintf( filename, "/www/cgi-bin/headers/%s", argv[0] );
spew_file( deffilename, filename )
Repeat the above for the headers dir, breakers, html, breakers again and
then the footers dir. spew_file() consists of something like this:
spew_file( char *def, char *filename )
{
FILE *f1;
char buffer[1024];
if( access( filename, 0 ) == 0 )
{
f1 = fopen( filename, "r" );
while( fgets( buffer, sizeof(buffer), f1 ) != NULL )
printf( "%s", buffer );
fclose( f1 );
}
else
{
if( access( deffilename, 0 ) == 0 )
{
f1 = fopen( filename, "r" );
while( fgets( buffer, sizeof(buffer), f1 ) != NULL )
printf( "%s", buffer );
fclose( f1 );
}
else
{
/* hardcode some html here... (: */
}
}
}
You get the idea...
This process is repeated for /www/cgi-bin/breakers/, then the
/www/cgi-bin/html/ directory, then /www/cgi-bin/breakers/, and then the
/www/cgi-bin/footers/ directory. By now you should be getting the general
idea. Normally all pages on the site should use the default files in
headers, breakers, and footers, unless you want that specific page to have
it's own uniqe headers and footers, or for instance a page that is simply
some frameset calls, in which you would want empty files for the headers,
footers, etc. What this allows is on-the-fly building of each individual
page as the user requests it. Let's say 40 people are accessing your
website, and you decide you don't like the background color. Simply edit
/www/cgi-bin/headers/default (where the stuff would be), and change
the background color. Instantly after saving the new version of that file,
EVERYONE that accesses a page would recieve a page with the new background
color. Also, this minimizes the size of the website, by eliminating the
header and footer html from each individual page, and putting it in one
place. Links to the engine cgi also allows for use of the same cgi engine
over and over (saving space), yet having it react differently based on the
link's name. Here's a quick breakdown of generally what I like to include
in the default files:
/www/cgi-bin/headers/default :
The Open HTML tag
The title tags
Body tags, such as text color,
background color, etc.
A center tag (I like all my pages
to be centered.)
![]()
or Text Some header image or text, maybe
something stating the
Company Name, etc.
/www/cgi-bin/breakers/default :
or ![]()
Either a
or bar image,
something to break the
header from the html.
/www/cgi-bin/html/default :
![]()
An under construction image
obviously, this page
is linked to the driver
but the html isn't ready.
/www/cgi-bin/footers/default :
Some links to the main selections
of the website.
A mail link to the webmaster(s)
Text Some copyright info
Remember from the header?
My close html tag.
Once again, the default files are only used if a html chunk by the same
name as the link to the cgi does NOT exist. This way, you can make all
your links to the cgi driver, and if you have not created the actual html
for the /www/cgi-bin/html/ directory yet, it will use the default, which
would be a page with an under construction symbol.
Alas, I grow weary of writing, and by now you should understand
the concept. I will write a followup article to this one in the near
future based on feedback from this article, attempting to explain what
readers did not understand or wish me to elaborate on. But for now, I
must get back to my code.
"May the source be with you..."
I)ruid
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
How Big Brother Watches Us
/\ \ Transactions / /\
/\ \ by:broken- / /\
Hey hows it going this is my first article in any zine ever so here goes
without all the bullshit.....
How Big Brother Watches Us~#>cat bigbro
Well i have to say there have been numerous articles in the past
about how Big Brother tends to keep track of ones' whereabouts 24/7/365.5
days a year. Well this one is in fact true to all my belief... :o)
Ok Lets get started... It's a sunny saturday and John Doe is happily
spending his hard earned money shopping for groceries at the local grocery
store and since this is in the U.S. he is probably writing a check since
most grocery bills are fairly high (ie: 100.00+ dollars). SO he has
written a check for 256.00 to the Local Grocery Store and they are now
running it through a machine which displays risk levels of the check (ie:
isk 5 insuffciant funds)... Ok keep in mind thier is a unix dumb terminal
as the register... With a register program as the shell.... The register
logs it's sales' product name, price, description, an even exp. date down
to the penny an even the upc code. Well at the Local store I worked at we
did mega transfers over the internet to the central office for product
research. Well thats gig's of transfers a day but no problem we had a
full 45 mega bit FDDI node running into the store (werid huh) Well, me
being the little explorer I am I was looking in the uucp logs to see
why we were sending these huge trasnfers of account's (ie: checks, sales,
times, dates, wut, when & who we were sending it to). Well seems we
sent it to 3 places: Check's and such went to the FBI for possible fraud
detection supposedly quicker.. heh... Well anyways to get the long story
shorter the FBI knows what you bought, where you bought it, and when and
how you payed for it (check/credit/debit card, etc) and such... So
once again big brother knows all about everyone as if they didn't already
know it from past references... heh :o).... But you ask how can I hide
from this... Well pay cash an go during the changeover. Stores that
are 24 hours close at 1:30 - 1:45 for changeover. Changeover is when
the computers all reboot an change to the correct date an also when we
start the uucp to Main Office... Well what if you have to pay by check?
Well your screwed, not really, but you get the point... Hell, grow your
own food like me... And when you want a hamburger, go kill a cow or
somethin...
~#>peace
~#>broken-
~#>logout
:Connection Closed By Foreign Host
broken-
##############################################################################
Hacking
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
GTE CyberCenters
Recently, I was taking a trip with int3l, and while waiting for
our flight out of D/FW International Airport, we noticed a pyramid shaped
thing near the phones that had a couple of screens and keyboards and had
GTE CyberCenter written all over it. We walked over to the two terminals
that it had, and they basically had a screen, keyboard, and touchpad mouse
like alot of laptops have. They were connected via ISDN through GTE, and
had a lot of options to choose from, such as telnet, pop3 email checking,
web access, etc. But no matter what you clicked on, it would come up with
a screen for you to swipe your major credit card or some other plastic
form of payment before it would let you continue. I was trying telnet and
web, and i was able to enter telnet for about 8 seconds before it realized
that I had swiped an ATM card and it decided it wouldn't accept my card.
Unless you can actually make a connection and do something useful in 8
seconds, this is of no use. The second thing I noticed was a "Free Stuff"
button. I clicked on the Free Stuff button and it gave me a menu of crap,
mainly webpages to go to. I clicked on one of them, and it brought up a
browser (Microsoft IE) with a few modifications. For one, it had no
Location Bar for you to type in destinations. It also had no dropdown
menus like a normal browser. Basically all the options available were
Forward, Back, and Stop. Also, if you tried to click on a link going out
of the current website, it would not allow you to do so. I checked out a
few more of the advertisements, and I found one that went to a page with
frames. I had already figured out that the browser would not allow
anything outside the site to be loaded in the browser, but I thought it
might allow it to be loaded into frames. Only problem was, this one
didn't have any links going outside of the site. My main goal was to
follow links and make my way back to a search engine. So I went through
another Free Stuff site, and VIOLA!@$ They are Stupid. A site using
frames, had a text field and button to search on infoseek. So I typed in
www.yahoo.com (yahoo being my favorite Search Engine), and hit search...
In the main frame of the current website, it brought back the results from
the search. And so I went to Yahoo, and continued on to anywhere on the
web I wanted to go. The only restriction I ran into, was that if a link
was targeted to "_top" (_top being the main browser window), the link
would not work in the GTE Microsoft IE browser. If you had a webpage
specifically designed to Meta-Refresh you to any site you typed in, you
could then emulate a Location Bar quite efficently. Before I had any more
time to play with it, our flight was leaving, and I had to go. But this
was a quick and easy way around the payment for Web access from the GTE
CyberCenter. When I get a chance, I will play with it some more, as well
as write a few CGI's and put them on my site so I can go to them and have
them tell me all sorts of info about the GTE CyberCenter (knowing what IP
that particular center is could be useful, as well as knowing the
version of browser, etc). I'll leave the programming, CGI, and browser
exploitation stuff up to you, but if you are in D/FW International airport
anytime soon, I suggest you check out these "CyberCenters" and see what
you can make them do for you.
I)ruid
##############################################################################
Phreaking
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Tricking SprintConf
Sprint has a new service. If you go to www.sprintconf.com you can
read all about it. A brief summary is that this webpage allows you to
type in numbers of your own phone, friends, etc, and have an 8 port
conference call call them and connect you. For a price of cource. But,
if you look up in the top right hand corner of the webpage, you will see a
yellow "click here for a free trial" button. If you follow that link, the
page allows you to set up a free, 10 minute 8 port conference call. After
10 minutes SprintConf will disconnect you. What good does 10 minutes do
me? Absolutely no good at all. Also, you can only use this service once
from any given phone, or actually, you can only use the same number once
as the conference operator (the first number dialed). I have not found a
way around the second problem, as the first number dialed must be the
conference operator and when that line disconnects from the conf, the conf
dies. We have just used someone different every time we set up a conf. I
have found a way around the 10 minute limit. I foud that if I had the
conf call me, then my friend, and so on, but before the 10 minutes were
up, i used one of the conf ports to call a certain number (this number
will be explained shortly), for some unknown reason, the conf would not
disconnect after tha allowed 10 minutes. At one point we had a 3 hour
conf going, with 7 people online, for absolutely free, and was completely
legal. Now for this special number. What is wierd is, I found this
number in 2600 magazine, in the letters section, and 2600 insisted to the
author of the letter that the number did nothing. Well, it does exactly
what the author of the letter said it did when I tried it, and it seems to
be able to cause sprintconf's systems to screw up and allow for an
unlimited conf. There are other such numbers like the one I found in
2600, as I have found 3 more that produce similar results. One of these
numbers (for your dialing pleasure) is 800.649.9097. As stated in 2600,
this number (at least for me) states a number between 0 and 235, then
states a 10 digit number (starting with 711), then plays the number stated
in DTMF, beeps a couple 20 times or so, then hangs up. I'm not sure
exactly what this number is for or what it does, or the other ones I have
found like it, but if you tell sprintconf to dial it, it can turn your 10
minute free conf into an infinate free-conf.
Props tew: broken- (EFnet #817) for showing me SprintConf,
2600 Mag. for the lovely number that "dosn't work" (:
I)ruid
##############################################################################
Closing
Well, that's all for this month... The zine should be coming out
more regularly now that the CAU network is back up and my server is much
happier. I also would like to suggest once again that you check out
The CScene electronic magazine, especially if you are interested in C or
C++ programming, and especially if you are a beginner. This electronic
magazine is compiled and written by all the EFnet #C junkies. You can
find CScene #1, #2, and #3 at http://www.ccs.neu.edu/home/cloder/cscene/
or check the Programming Section or Phat Lynx section on the CAU homepage.
Also, remember that you can submit articles to the CAU e-zine by sending
them to articles@caughq.org, and letters should be sent to
letters@caughq.org. I apologize for the few days lateness of this month's
issue, but I was chillin' in Arkansas. Until next month.
I)ruid
##############################################################################
____ ____ __ __
/ \ / \ | | | |
----====####/ /\__\##/ /\ \##| |##| |####====----
| | | |__| | | | | |
| | ___ | __ | | | | |
------======######\ \/ /#| |##| |#| |##| |######======------
\____/ |__| |__| \______/
Computer Academic Underground