_____________________________________________ / \ | ___________________________________ | | | | | | | | | | | | | | | | | | | | | _________| | | | | | / \ | | | | / \ | | | | / \ | | | |__________/ \__________| | | / | \ | | / | \ | | / | \ | | /______________|______________\ | | | | Computer Academic Underground | | | | Electronic Magazine | | #0017 | | 0315.98 | \ _____________________________________________ / ############################################################################## %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ============================================================================== ------------------------------------------------------------------------------ .............................................................................. Table of Contents Foreward General Member Listing -= CAU =- 817 2600 Meeting (New Info!) -= CAU =- The U.S. Postal Service and You I)ruid Loose Pants and Colored Headgear protocol Digital Vegetation ghostxxx Software Review: x11amp uv Hacking Java Insecurity protocol Exploit of the Month -= CAU =- Phreaking 817.955.99XX I)ruid Closing ############################################################################## Foreward Allright, first things first this month. I'd like to announce a new site that is sponsored by the CAU. One-Dollar.Com is is fun! So go check it out at http://www.one-dollar.com and see what you get. Also, I'd like to announce the FreeBSD port of HackIt! with a Solaris port and a Windows 95/NT port under development. To keep updated on HackIt! information, join the HackIt! mailing list. To find out how, check the HackIt! development pages on the CAUGHQ website under 'Projects'. I've had MUCH more time to actually sit down and code lately due to some employment problems, and have gotten a lot done recently. I recently released DialIt (a wardialer for UNIX platforms), which is creating a new prefix-scan as I type this for a future issue of the CAU E-Zine. If you want a copy of DialIt!, just check the CAU ftp site, or run a search for it on the web ftp interface on the CAU site. Basically, I'm sick of the one-sidedness of the 817 scene. Around issue #3 or so, the 817 scene wasn't into the computer side of the scene at all, and it was all phones. Recently, it has completely changed positions. Now everyone's into the computer stuff, and no one's even thinking twice about phone stuff. So I'm going to attempt to sway some interest back over to the Phreak realm just like I did way back then when I attempted to sway some interest over to the Hacking realm. So also look forward to a UNIX port of PageIt! now that I have had time to code up some working modem/comm routines, as well as possibly a few other Phone related utils. Also, we are re-starting the including of a prefix scan with every issue. I can do this now that I have a working wardialer (DialIt!), and we will include one, even if I have to do all the scans myself. However, we would appreciate any scans of other area codes/prefixes, because I can only scan local to myself. The scan that has been included with this month's zine was scanned by myself, by hand. Isn't that fun? Well, enough of my insane rambling, on to the good stuff. I)ruid ############################################################################## General %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Member Listing (In the order in which they were brought into the CAU) Handle IRC Nick E-Mail -------------------------------------------------------------- I)ruid I}ruid druid@caughq.org Ultra Violet uv_ uv@caughq.org Crimson Assassin Crimson_A crimson@caughq.org Fizban Fizban^ fizban@caughq.org Sublime sublime sublime@caughq.org int3l int3l int3l@caughq.org MajestiX maJesTix majestix@caughq.org -------------------------------------------------------------- -= CAU =- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 817 2600 Meeting First Friday of Every Month 6:00pm until 9:00pm North East Mall Food Court N.E. Loop 820 @ Bedford Euless Rd. Hurst, Texas Payphone: 817.???.???? Just so you know, we've moved the 817 2600 meeting for the following reasons: 1) Cafe Cybre's Management decided that they like to harass their customers until they buy something, or ask them to leave. 2) There's not enough good food at Cafe Cybre anyway. -= CAU =- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% The U.S. Postal Service and You The United States Postal Service is one of the most widely used means of communication in the United States. Aside from communication, it is also the number one choice for getting bills to where they need to go, paying bills, and other such 'cost of living' type stuff. In this article, I will go into a few subjects such as how to avoid paying postage, address 'spoofing' (for lack of a better term), and other fun stuff you can do with the U.S. Postal Service. No wonder so many of their employees snap and bring A-K's and UZI's to work. First, I'll address the topic of avoiding postage. There are many ways to do this, and I'm sure the intelligent ones of you can come up with some original ways on your own, so I won't mention them all here. Two of my favorite, however, are the infamous return address swap, and the 'matter of the handicapped'. The return address swap method is quite simple: Rather than put the destination address where it is supposed to go and the return address where it is supposed to go, swap them. Then you simply drop the letter in a mailbox somewhere (preferably a LARGE post office) and because there is no postage on the letter, it will be returned to the return address, marked "insufficient postage", which of cource, is not the return address, but the destination address. This method usually reqires the recipient of your letter to know that your doing this, so that they don't call the Post Office and complain that they never sent this crazy letter that got returned for insufficient postage. My second favorite method is also quite simple: Rather than paste postage on the letter, write the words "Matter of the Handicapped" where the postage should be. Your letter will be delivered to the destination address free of charge. Do not abuse this one however, because it is intended to be used by handicapped people, and we would hate to see all of us lose the privelage of this loophole because too many people like to send bricks back and forth to each other through the mail as a 'matter of the handicapped.' But anyway, I'm sure you can see the possibilities here, so I'll leave further techniques up to the imagination. Next, I will go into what I like to call 'Address Spoofing' (for lack of a better term). Let me go into a little background. Let's say that you wanted to order something, but you don't want the company your ordering from to know your real address. NO, this is not for credit card fraud purposes, because YES, the postal service will be able to track you down if need be. This technique is simply for corporate anonymity. The first step would be to 'create' an address that dosn't exist. I prefer a real address with something tagged on like "suite 356" or "apartment B" or some such nonsense. Now that you have created an address, go to the post office, and put in a mail forwarding request from the made up address to your real address (or if you wanted to be dificult, you could daisy-chain multiple fake addresses then forward the last of them to a P.O. Box or something). This should forward your mail from the fake address to your real address. To test this, use one of the methods described in the first part of this article to send yourself an empty envelope to the fake address. If all goes well, and your local Post Office is completely ignorant like mine is, you will recieve the envelope at your real address. Obviously, like I pointed out before, you don't want to use this technique for anything illegal, because if suspicion were aroused, it would not be hard at all to trace the mail forwarding to your real address or P.O. Box. Well, that's all I feel like covering in this article. I'm sure the halfway intelligent ones of you can come up with a few more tricks to use with the Postal System. For now, however, I have better things to do than write articles (like code new apps for example). (: I)ruid %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Loose Pants vs Colored Headgear vs Porn Star Well, I thought I'd breech the dangerous subject of "DISTRABUTIONS" and I'd like a little feedback on this one. I've talked with Druid bout printing the replys about this subject in next months issue (send them to letters@caughq.org). Well here goes: Slackers I am currently using slack on one machine (or was till Druid borrowed it) and it has been working flawlessly no problems other than an annoying backspace problem in X (if you know what the fix is on this please tell me, I already tried what I could find in the docs) and a problem with the soundcard (proably because I have a multiboot and win95 resets the soundcard. Plug and Pray garbage. Give me a small black plastic jumper anyday) but otherwise no complaints other than some software; no matter what I do I can't get to compile. Crimson Fedora I have been using RH5 on one machine at home for a while and have actually liked it quite well. I know this turns some peoples stomachs, but isn't it better for someone to use Linux from somewhere instead of anything from Redmond? What about RPMs? I love them. I know alot of people don't and I can see thier point. If people made Linux like the MAC where everything that actually happens is several steps removed from the user that would be a bad thing. I remeber using DOS and feeling kinda close to the machine. When windows came out I used that and I remeber feeling isolated from my computer; more distant. Then I got a shell account on an ISP. I never felt so close to a machine before and I never even laid eyes on it. It was amazing source for everything; pipes the flow of information completly visable as deep as I wanted to go and always more. Even if you thought you knew alot about a flavor there was a whole slew of others to explore; it was like Baskin Robbins (pun intended). That's why I don't feel any Distrabution is bad, just different. Sometimes I want a Dr. Pepper and sometimes I want a Margurita. Both are good drinks. Both have there purpose and the world would be a much worse place without both of them. The major difference I see between RH and Slack is a type of attitude. RH wants to make things easy and Slack wants to give you control. It's funny but, my company (same one Mr C-rim and Mr Green Jeans work at) are trying to make a software product and it's this fine line we are walking on. I always want to make the software as flexable as possible while others want to keep it easy for people to use. This is good. It is the struggle which defines things. Keeps things interesting. So I say keep going Slack and keep going RH. Debbie does Linux I actually know next to nothing about this except they use Deb (I knew a Deb once back in '59 she was...) files which are like RPMs. Maybe somebody who likes or hates it can e-mail CAU. And remeber... "You could be sitting on a Timebomb!" (inside joke). protocol %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Digital Vegetation In the last few years, I have seen the 'net' grow in leaps and bounds. Where at one time, only a few of us computer geeks were awe-stricken over transfer rates of a 14.4 modem, saving out cash for a 28.8bps thinking that nothing could be faster. I remember finding a kick ass bbs was like finding ten dollars in your pocket. I remember when William Gibson was known only to a select few. I remember a time before 'cyber' was a household term. Back then, most of the idiots were self contained within their own little worlds: Compuserve, Prodigy, and most prominently AO-hell. No one thought much of them because the only access with the outside was e-mail, and even that wasn't (and still isn't) that reliable off of their servers. Then, in late 1995 or 1996 one of these 'big three' allowed world wide web access, sticking their foot into the proverbial door. At first it was unnoticeable. Perhaps a small few would publish a web page here and there, but it was so far and few between, no one noticed. Then wonderful online services like GNN came into being giving full TCP/IP access to the intellectually devoid. AOL and the others followed suit soon thereafter. About this time is when everything started getting fowled up. News feeds were becoming hopelessly cluttered with spam. IRC was filling up at unprecedented rates; mIRC, the default choice of the average Windows IRC user, was responsible for nearly 90% of the IRC protocol violations. The 'web' was all of a sudden cluttered with garbage. Pages that used to be available to everyone were now restricted (yes all you gasping kiddies, I'm speaking of pornography sites). Bandwidth is being sucked up by perverts and gamers. Oddly enough, my point is not that I want these people gone... that is an impossibility, a plague that everyone must now live with. My meaning is to mourn for a lost place that so very few of us remember well. The Internet is now a breeding ground for stupidity and its master is mister Billy G. Excuse me whilst I clean my gun and go pick some flowers. ghostxxx %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Software Review: x11amp Ok I'm actually putting something in the zine. (ARE YOU HAPPY DRUID) :) x11amp- is a x11 version/hack of the popular windows mp3 player winamp. current features (ripped straight from the web page): Nice file requester Seeking in files Volume/Balance Shuffle play Repeat play Playlist editor Spectrum Analyzer Realtime Playing The current version is 0.65r2. By far the windows version has more features, but the x11 version is getting better (slowly). The main problem I have with it is that it only plays realtime which abuses my cpu (p100), but I hardly ever get a skip so I guess its all good. Don't expect anything hi-tech on this.. there is no preferences. The features above are just about all it has right now. Future featues (also ripped from the webpage): Streaming from the web/ftp (not started) Wharf (afterstep) version! (in progress) Convert it to other unix's (in progress) Plug-in system (in progress) 256 bands spectrum analyzer with VU-meter (in progress) Fast jump in playlist (in progress) The current site (march-98): http://www.x11amp.ml.org From what I have gathered x11amp is a hack of 'amp' (older command line mp3 player for linux non-x). There is also an exploit in an earlier version, but I didn't take the time to find it so too bad. Over all I would say this program is rather pimp. So decide for yourselves. See ya. -uv ############################################################################## Hacking %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Java Insecurity Well well here we are again. This time I thought I would talk a bit about that four letter language you love to hate; JAVA. The JAVA security (ha) model will not allow you to connect to other machines other than the one you D/L it from. So one way to compromise security on a server would be to make an applet that everybody would love and copy to thier server which when D/L could then use exploits on that server to gain access. Such exploits that might be fun to code would be a PHF hack to crack a passwd on the server itself (see cau #15). This being launched from the applet itself would appear to come from the unexpecting user. Police raids on little old ladies who surf the web by FEDs, ATF, and SS. Well maybe not, but the interesting thing about this is that they won't be able to control this without making applets completely useless. Even if they make it only talk on the port it was D/L from it still can attack the web server. Well I was determined to mention PHF again. protocol %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Exploit of the Month Allright, this month's Exploit of the Month award goes to DEFAULT PASSWORDS! We know that logging in with default usernames and passwords isn't really considered an exploit, however, it is an excersize in general stupidity. Because of the recent rise in local hacking, I noticed that a lot of machines that have dialin access still have logins with their passwords being the same as the login. Do people think that no one is going to find an dial up to these systems? One favorite is uucp/uucp... are people really this dumb? -= CAU =- ############################################################################## Phreaking %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 817.955.99XX Allright, way way back in issue #2 or so (somewhere around there, I'm too lazy to actually check), I mentioned during an article about random fun numbers here in the 817 area code, the phone number range 955-99XX. I mentioned that these were a bunch of random telephone error messages and such. Anyway, due to the lack of phone related articles recently, I have decided to inventory all of these numbers for everyone to enjoy. A lot of these can be pretty useful, especially if you have the call forwarding feature enabled on your phone line. I like to forward my phone to 955.9906 while wardialing. I'm sure the people that actually have the nerve to call back LOVE that little message they get. Some of these are actually kinda funny. (: Oh, and by the way, I actually hand-scanned all of these in my spare time. Now THAT is fun for the whole family. Remember, these are as-dialed from the 817 Bedford area... Some of these may be different in your area. Anyway, here's the list: 955.9900 We're sorry, it is not neccissary to dial a 1 or a 0 when calling this number. Will you please hang up and try your call again. 955.9901 We're sorry, you must first dial a 1 or a 0 when calling this number. Will you please hang up and try your call again. 955.9902 We're sorry, your call cannot be completed as dialed. Please check the number and dial again. 955.9903 (same as 955.9902) 955.9904 (same as 955.9902) 955.9905 (same as 955.9902) 955.9906 The call you have made requires an initial deposit. Please hang up momentarily, listen for dialtone, deposit the amount specified on the instruction card, and dial your call again. 955.9907 We're sorry, your call cannot be completed as dialed from the phone you are using. Please read the instruction card and dial again. 955.9908 We're sorry, due to telephone company facility trouble, your call cannot be completed at this time. Will you please try your call again later. 955.9909 (The same as 955.9908, only slower) 955.9910 If you'd like to make a call, please hang up and try again. If you need help, hang up and then dial your operator. 955.9911 We're sorry, your call did not go through. Will you please hang up and try your call again. 955.9912 955.9913 955.9914 Please dial your call with the access code. We're sorry, a long distance company access code is required for the number you have dialed. Please dial your call with the access code. 955.9915 We're sorry, your call cannot be completed as dialed. Please check the number and dial again, or call your attendant to help you. 955.9916 We're sorry, all circuts are busy now. Will you please try your call again later. 955.9917 (No Answer) 955.9918 We're sorry, the long distance company you have selected is unable to complete your call at this time. Please contact your long distance company for assistance. 955.9919 We're sorry, your call cannot be completed as dialed. Please check the number and dial again, or call your attendant to help you. 955.9920 We're sorry, it is not neccissary to dial the area code. On long distance calls, please dial a 1 or a 0 first, then the number. 955.9921 We're sorry, the long distance company access code you dialed must be preceded by the digits 9 5 0. Please hang up and try your call again. 955.9922 We're sorry, it is not neccissary to dial the digits 9 5 0 before dialing the long distance company access code. Please hang up and dial your call again. 955.9923 Telephone numbers for the City of Bedford have been changed. For the new numbers, please dial 952, plus the same last four digits. 955.9924 We're sorry, it is not neccissary to dial a long distance company access code for the number you have dialed. Please hang up and dial your call again. 955.9925 (Automated Number Announcement Circut) 955.9926 We're sorry, due to network difficulties, your call cannot be completed at this time. Please try your call again later. 955.9927 (same as 955.9926) 955.9928 The area code for the number you dialed is 254. Please hang up and dial 254 and the number you wish to call. 955.9929 The area code for the number you dialed is 972. Please hang up and dial 972 and the number you wish to call. 955.9930 We're sorry, we are unable to complete your call as dialed. Dial 1 or a 0 first, then the area code and telephone number. 955.9931 We're sorry, your call cannot be completed as dialed. Please check the number and dial again, or call your attendant to help you. 955.9932 We're sorry, you have reached a number that has been disconnected or is no longer in service. If you feel you have reached this recording in error, please check the number and try your call again. 955.9933 We're sorry, you have dialed a number which cannot be reached from your calling area. 955.9934 (No Answer) 955.9935 (same as 955.9932) 955.9936 We're sorry, we are unable to complete your request for call return, auto-redial, or call trace. The number you have dialed or attempted to trace is not available with theses services, or has call forwarding activated. 955.9937 We're sorry, the line you are trying to reach has again become busy. You will need to re-activate your feature. 955.9938 We are sorry, the line you are using is not equipped for this service. 955.9939 We're sorry, the party you are calling is not accepting calls at this time. 955.9940 955.9941 Thank you. Your auto-redial or call return request has been canceled. 955.9942 Thank you. The number you are trying to reach is busy. If it becomes free in the next 30 minutes, you will recieve a special ring. 955.9943 Thank you. We have completed your call trace request. Please call 1.800.773.5550 if you wish to take legal action. An 8 dollar charge will be billed to you for each successful call trace. 955.9944 We are sorry, your call forwarding and selective call forwarding features cannot be active at the same time. 955.9945 - 955.9948 (same as 955.9932) 955.9949 We're sorry, your call cannot be completed as dialed. Please check the number and dial again. 955.9950 (wouldn't hang up for about a minute) 955.9951 - 955.9959 (same as 955.9932) 955.9960 955.9961 (very faint) 955.9962 - 955.9982 (same as 955.9923) 955.9983 (No Answer) 955.9984 - 955.9989 (same as 955.9932) 955.9990 (Silence... NO ring..) 955.9991 - 955.9999 (same as 955.9932) ############################################################################## Closing Well, that's it for this month. The Windows 95 port of HackIt! is coming along nicely, and should be done soon. This was a pretty good issue in my opinion, based on the fact that it is the first zine in months that has had some phone-related information in it. Hopefully this will be a recurring theme. Anyhow, until next time... I)ruid ############################################################################## ____ ____ __ __ / \ / \ | | | | ----====####/ /\__\##/ /\ \##| |##| |####====---- | | | |__| | | | | | | | ___ | __ | | | | | ------======######\ \/ /#| |##| |#| |##| |######======------ \____/ |__| |__| \______/ Computer Academic Underground