*** {Phoenix Project BBS Message Base File 1 of 3} *** _____________________________________________________________________________ Copyright (C) 1993 LOD Communications. No part of this Work may be distributed or reproduced, electronically or otherwise, in part or in whole, without express written permission from LOD Communications _____________________________________________________________________________ Phoenix Project BBS Message Base File Table of Contents I. General Remarks About the BBS Message Base Files (File 1) II. Phoenix Project BBS Pro-Phile by Erik Bloodaxe (co-sysop) (File 1) III. Messages from the First Incarnation of the Phoenix Project: 100 Messages from the Packet Switched Networks Sub-Board (File 1) 58 Messages from the General Discussion Sub-Board (File 1) 39 Messages from the 'Instructor' Sub-Board (File 1) IV. Some G-Philes written by the sysop, The Mentor: (File 1) 1. The Conscience of a Hacker (aka The Hacker's Manifesto) 2. A Novice's Guide to Hacking (1989 Edition) 3. A Multi-User Chat Program for DEC-10's 4. DCL Utilities for VMS Hackers V. Messages from the Second Incarnation of the Phoenix Project: 132 Messages from the General Discussion Sub-Board (File 2) 26 Messages from the 'We the People' Sub-Board (File 2) 77 Messages from the Basic Telecom Sub-Board (File 2) 58 Messages from the Hacking Sub-Board (File 2) 46 Messages from the Phone Company Sub-Board (File 2) 80 Messages from the SprintNet Packet Network Sub-Board (File 2) 49 Messages from the BT Tymnet Sub-Board (File 2) 31 Messages from the Internet Sub-Board (File 3) 60 Messages from the Other Packet Networks Sub-Board (File 3) 69 Messages from the UNIX Sub-Board (File 3) 18 Messages from the VAX/VMS Sub-Board (File 3) 28 Messages from the Primos Sub-Board (File 3) 41 Messages from the HP-3000 Sub-Board (File 3) 42 Messages from the Other Operating Systems Sub-Board (File 3) 27 Messages from the Programming Sub-Board (File 3) 27 Messages from the Social Engineering Sub-Board (File 3) 72 Messages from the Electronic Banking Sub-Board (File 3) 32 Messages from the Radio & Electronics Sub-Board (File 3) 11 Messages from the PC's Sub-Board (File 3) 35 Messages from the Altered States Sub-Board (File 3) 59 Messages from the Security Personnel Sub-Board (File 3) 59 Messages from the Phrack Sub-Board (File 3) 49 Messages from the 'Friends of the Family' PVT Sub-Board (File 3) VI. Directory of Downloadable Files Online (2nd Incarnation) (File 3) 1325 Messages Total _____________________________________________________________________________ *** {General Remarks About the BBS Message Base Files} *** The following paragraphs are contained within each BBS Message Base File. The information will help those unfamiliar with some of the terminology and format of the Hack/Phreak BBS's and their message bases to better understand them and the general organization of this File. While perusing through the following messages you may notice that the message numbers are not always sequential. However, the dates that the messages posted should be in chronological order. The reason for this is that during the time that most of these Boards operated, the computer systems had fractions of the disk drive capacity of those today. Therefore, it became necessary to delete old messages, usually automatically, when a specified number of messages were posted or when the disk became full. A renumbering of the messages would then follow. It is entirely possible for two individuals to have downloaded the same message with different message numbers if one person called before a message base renumbering, and one called after. Nevertheless the post date should be the same. Users of these bulletin boards typically called them on an irregular basis and although every effort has been made to compile a complete set of messages posted on a specific BBS, there usually are gaps in the collection. Some gaps in dates are due to the system being offline for various reasons and therefore no messages are missing and some gaps are due to a lack of availability. Finding someone who still has bbs messages from years ago (and in some cases a decade ago) is quite a challenge! Additional messages may materialize in the future which can be integrated into the current set. The price of this particular message collection is based on the following factors: number of years ago the BBS operated, its popularity, whether the bbs or portions thereof were deemed "Elite" and therefore restricted access to but a small number of users, the quality of messages, and the total number of messages compiled. For those BBS's that operated in the period from 1983 to 1985, it should be noted that the majority of the users were typically in the 15-18 year old age range. This is sometimes obvious due to the message content. One thing that is interesting however, is to note the progression of certain individuals over a length of time with respect to the knowledge they had acquired (and therefore the quality of their posted messages) and how they became more responsible and mature in later years. One of the difficulties encountered during the organization of the many small files that went into some message bases was determining which Sub-Board the messages were from. For those unfamiliar with the term "sub-board" a description follows. Sub-boards of the main BBS were smaller more specialized portions of the system. Many hacker BBS's had only a Main board, others had a number of sub-boards in addition to the main message base. The reasons for having sub-boards were twofold: 1) To allow users to focus on certain topics such as Packet Switching Networks, the Unix Operating System, etc. as opposed to mixing messages about all these topics together in one 'place' which is confusing. 2) To allow a smaller sub-set of users to access higher level topics and discussions. Sub-boards allowed the system operator to maintain some level of security by allowing those "worthy" either in trust, knowledge, or both; access to more sensitive information which the general user population either was not interested in, or was not deemed responsible enough to see. For those systems that had sub-boards for which we have messages from, the sub-boards are labeled and separated from each other by a line. The purpose of these Underground Bulletin Board Systems was to disseminate and trade a variety of typically illicit information. Many times the information was simply of a how-to nature or of some technical aspects of how a certain technology (typically telephone switching and computer systems) worked. However out-and-out illegal information such as long distance access codes and passwords to various computer systems were posted especially on the BBS's in operation before 1986. Under the advice of the appropriate computer civil liberties organizations along with actual legal counsel from practicing attorneys, messages were minimally edited to eliminate the possibility of long distance access codes, phone numbers, or computer passwords being currently valid. Except for these specific cases and the few times where text was garbled during download of the messages (line noise many years ago) and/or during our recovery operation, the messages were left as is, spelling errors, offensive language, inaccuracies of various kinds, and ALL. A compact listing of users (ie: The Userlist) sometimes accompanies the BBS Message Base and if present is located near the end of this File. The userlist of most board's were quite dynamic as users came and went for various reasons. Some BBS's would automatically delete users who did not log on for a specified period of time. The listing that may be contained herein was downloaded at an unspecified date in time. Therefore some users who were on the system either before or after the list was obtained may not be shown. Any comments in squiggly brackets and asterisks: *** {} *** were made by LODCOM to inform you of any changes within the message base of interest such as a change in sub-board. Therefore, these comments were not present on the actual Bulletin Board at the time of download. It is hoped you will enjoy the following messages which are presented solely for informational, educational, and historical purposes only. LOD Communications takes no responsibility whatever for the content or use (abuse) of posted messages nor hacking/phreaking "G-Philes" (if present these are located at the end of this file) included in this Work. FINAL NOTE: As shown above, this Work is COPYRIGHTED (C) 1993 by LOD Communications. A tremendous amount of time and effort has been involved by many parties to collect, transfer or type from printouts, organize, splice, etc. the following collection of BBS Message Base, Userlist, and G-philes. It is sometimes difficult for people today to realize that years ago you could not call up a hacker BBS using 8MB RAM systems with 14.4 KiloBaud modems and 250 MegaByte hard drives and download everything on said BBS in minutes. Most of those who donated messages to this effort used systems with 64 KB main memory, 300 or maybe 1200 baud modems, and 143K disk drives. File sizes were typically 15 KB or less due to memory constraints among other things. Therefore one can begin to appreciate the magnitude of this undertaking. Not to mention the many BBS Pro-Philes (explained next) which were written and required time and phone calls to track down Sysops and others who were aware of the various tid-bits of background information for each BBS. The principals involved in the project are all quite busy in their respective pursuits of work and/or college and had to make a commitment to donate any spare time they had (have) to this venture. It has been a long road and we are not at the end of it yet. Not everyone will abide by United States Copyright Law, however it is our hope that those who agree that Lodcom: 1) Is providing a service that requires a significant amount of time and monetary resources to get to this point and to proceed. 2) Is helping to provide a better understanding of certain portions of Cyberspace and its community. 3) Is charging reasonable prices for the initial gathering, organization, and presentation of the information and to cover the costs for diskettes, mailing containers, postage, and time to fill orders. will 'do the right thing' which will allow Lodcom to continue to document the History of the Computer Underground. Without your understanding and support, this effort may not be able to sustain itself long enough to complete the project. End plea. For most files, you will next see, the "BBS Pro-Phile". This is a few paragraph description providing little known and historical information about the particular BBS. The BBS Pro-Phile was either written by LODCOM or someone affiliated with the System itself, usually the SYSOP(s) (System Operator). Many people helped contribute the very interesting and informative BBS Pro- Phile specifically for this project. Thus, the following description was not present on the original BBS System and can only be found in these Files: _____________________________________________________________________________ *** {The Phoenix Project BBS Pro-Phile} *** The Phoenix Project (Excerpt from PHRACK, 1988) Just what is "The Phoenix Project?" Definition: Phoenix (fe/niks), n. A unique mythical bird of great beauty fabled to live 500 or 600 years, to burn itself to death, and to rise from its ashes in the freshness of youth, and live through another life cycle. Project (proj/ekt), n. Something that is contemplated, devised, or planned. A large or major undertaking. A long term assignment. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Why is "The Phoenix Project?" On June 1, 1987 Metal Shop Private went down seemingly forever with no possible return in sight, but the ideals and the community that formed the famous center of learning lived on. On June 19-21, 1987 the phreak/hack world experienced SummerCon'87, an event that brought much of the community together whether physically appearing at the convention or in spirit. On July 22, 1987 the phreak/hack community was devastated by a nationwide attack from all forms of security and law enforcement agencies...thus setting in motion the end of the community as we knew it. Despite the events of July 22, 1987, PartyCon'87 was held on schedule on July 26-28, 1987 as the apparent final gathering of the continent's last remaining free hackers, unknown to them the world they sought to protect was already obliterated. As of August 1, 1987 all of the original members and staff of the Metal Shop Triad and Phrack Inc. had decided to bail out in the hopes that they could return one day when all would be as before... THAT DAY HAS COME... A new millennium is beginning and it all starts on July 22, 1988. How fitting that the One year anniversary of the destruction of the phreak/hack community should coincidentally serve as the day of its rebirth. (End Excerpt) ----------------------------------------------------------------------------- The Phoenix Project was probably one of the most famous hacker bulletin boards in the history of the underground. The format of the BBS sparked what would become a trend in future hacker BBSes. No illegal information would be tolerated, IE: no codes, passwords, cards, etc... just general information about items of interest to computer and telephone enthusiasts. Even with such a seemingly large limitation, the board hosted hundreds of users and had the most active message bases in the world. Another first for the Phoenix Project was the open invitation to any and all security officials. This open door policy provided the first real forum for hackers and security to freely quiz each other about why they do the things they do. Security from many telco-entities such as NYNEX, AT&T, Bellcore and Sprint as well as Federal Agents participated openly in discussions with hackers, and through this interaction, both sides gained a great deal of understanding. The Phoenix Project went through two basic incarnations, the first was run solely by The Mentor and followed a move from San Marcos to Austin, TX. The second incarnation was also sysoped by The Mentor and co-sysoped by Erik Bloodaxe. During the latter part of 1989, several raids directed at members of the hacker group The Legion of Doom caused a stir in the computer underground. After reaching a conclusion that Bill Cook was indeed focusing his attentions on LOD, The Mentor decided that a board that was so flagrant about its nature, albeit legal in all respects, and run by two of the most prominent LOD members would certainly be caught up in subsequent raids. The Mentor took down The Phoenix Project after Erik Bloodaxe made a complete copy of all current messages. Then for grins he overwrote every sector of his hard drive with the message "Legion of Doom" should anyone ever decide to read it. On the morning of March 1, 1990, the homes of The Mentor and Erik Bloodaxe, as well the business of Mentor's employer Steve Jackson Games, were raided by the US Secret Service. The Mentor lost all his computer equipment in the raid which still has not been returned. The raid on Steve Jackson Games launched an EFF supported lawsuit against the United States Government which ended with a ruling for Jackson, et. al., in which the SS agents involved were publicly reprimanded by the jugde for their negligence in the handling of the investigation. The Phoenix Project has been mentioned in "The Hacker Crackdown" by Bruce Sterling and "Approaching Zero" by Brian Clough and Paul Mungo and will ultimately be remembered as one of the true landmark bulletin boards of the computer underground. _____________________________________________________________________________ *** {Packet Switched Networks Sub-Board} *** 1/100: how Name: Knightmare #21 Date: 3:12 am Wed Jul 13, 1988 Just to be curious, how is everyone attaining their NUI's? I mean the originals.. Read:(1-100,^1),? : 2/100: Obtaining NUIs Name: Epsilon #12 Date: 8:27 am Wed Jul 13, 1988 Originally, people would make PAD-PAD connections on Telenet and imitate the network, so that when they'd enter their NUI, we'd get it. Unfortunately, that method doesn't work anymore, due to some software changes on the network. Epsilon Read:(1-100,^2),? : 3/100: engineer Name: The Mentor #1 Date: 5:48 pm Wed Jul 13, 1988 Quite a few people engineer them apparently. For those of you who may be new, 'engineering' is short for 'social engineering', which is long for 'bullshitting'. Epsilon was describing a method involving nothing more difficult than leaving mail to another user in the same group as your hacked account asking to borrow his NUI, yours won't work. Mentor Read:(1-100,^3),? : 4/100: .../\... Name: Necron 99 #9 Date: 2:17 pm Fri Jul 15, 1988 engineering is a lost art. i persanally can't do it worth a damn. (lords, he admitted he isn't perfect. what will he do now?) i recall finding some in mail on a telenet system once, however. if you're on a system, read all the files that you can get your hands on. you never can tell what you can find. AT&T Read:(1-100,^4),? : 5/100: Engineering Name: Epsilon #12 Date: 9:48 pm Fri Jul 15, 1988 Engineering is a great (and powerful if used correctly) way of obtaining information. It is widely practised, and that's what's kinda scary. I hope people don't mess it up for the rest of us. Read:(1-100,^5),? : 6/100: EPSILON Name: Twisted Sector #51 Date: 12:51 am Tue Jul 26, 1988 What do you mean when you say PAD to PAD? Read:(1-100,^6),? : 7/100: ///..\\\ Name: Necron 99 #9 Date: 9:58 am Tue Jul 26, 1988 a while ago, (as in last christmas, anyway) you could connect to someone's pad (packet assembler disassembler) by using judicious use of `stat`. actually, stat let you find them, then with an id, and a decent `set`, you could intercept data that the other person typed, enabling you to get a lot of shit. Unfortunatly, this no longer works (on telenet), it printed a banner saying 'connected from ', and you had to simulate telenet.not a major problem, but hey. . if anyone has any dialups that look like telenet OR tymnet but they aren't, let me know, we'll be able to work something out. -n99 ToK, LOD. so there, nyahh. Read:(1-100,^7),? : 8/100: PAD/PAD Name: Epsilon #12 Date: 5:04 pm Tue Jul 26, 1988 Yeah, that's basically it. So in essence, you would just emulate the connect/login procedures of the host they were trying to connect to. You could actually see what they were typing, so if they typed C XXX202 You would respond with.. XXX202 CONNECTED (Telenet style.. Bahah..) Then you would type.. User ID: (Now they'd enter their User ID..) Password: (Now they'd enter their password..) And there you have it. Intercepting Telenet X.25 calls. Welp, it's defunct now anyway unfortunately, so giving you instructions wouldn't help. Epsilon Read:(1-100,^8),? : 9/100: ? Name: The Mentor #1 Date: 6:26 pm Tue Jul 26, 1988 What are all the psn's that have 800 dialups? Telenet- 1-800-XXX-9494 (1200 7E1) Tymnet- 1-800-XXX-0555 What else? Mentor LOD! Read:(1-100,^9),? : 10/100: 800 Dialups Name: Arcane Hierophant #28 Date: 3:29 pm Wed Jul 27, 1988 Isn't 800-XXX-9478 a Telenet dialup? Read:(1-100,^10),? : 11/100: Autonet Madness! Name: Epsilon #12 Date: 9:04 pm Wed Jul 27, 1988 800/XXX-2255. Play. Fun fun fun. Read:(1-100,^11),? : 12/100: PAD Name: Knightmare #21 Date: 12:41 am Thu Jul 28, 1988 I hope this helps.. like everyone was saying before, the pad assembles/disassembles data. A closer look at the structure of the data is what I'm gonna try to explain. Now in different networks, the packets of data are sent in certain sizes, all depending on the network you're on. Telenet, which is X.25 (CCITT standard), sends data in 128k packets. Each packet (frame) can be broken down into different parts. There are different techniques as to how to configure each packet. I'll give an example of HDLC (higher-level data link control) which is a standard. A packet using HDLC standard consists of a frame header, an address, control field, the data, error detection coding, and end the frame flag. frame header is 8 bits, control field is 8 bits, error detection coding is 16 bits and the ending frame is 8 bits. This leaves 88 bits for the data your sending. As your enter data from your terminal the PAD breaks the data down and reassembles it into a frame(packet) and then it sends it off in shortest path. The packet is never disassembled again until it reaches its destination. Sometimes a packet doesn't go directly from it sending node to the destination node, and is rerouted to different nodes but this still doesn't affect the packet. Shit,I'm confusing myself now.. Well anyways, that's a little closer look at how it works. Read:(1-100,^12),? : 13/100: Makes sense..but Name: Twisted Sector #51 Date: 5:00 pm Thu Jul 28, 1988 How could one benifit from such a device? Read:(1-100,^13),? : 14/100: Using PADS Name: Mr. Slippery #5 Date: 4:29 pm Sat Jul 30, 1988 A PAD is what you connect to when you dial tymenet or telenet. It puts your conversation together with others and sends it over the network. Some minicomputers and mainframes have PAD boards built in but PC's typically don't. I hope this answers the question about what they are good for. Read:(1-100,^14),? : 15/100: MABYE Name: Twisted Sector #51 Date: 12:56 pm Sun Jul 31, 1988 I should be asking how such a device can be exploited? Read:(1-100,^15),? : 16/100: Autonet? Name: Arcane Hierophant #28 Date: 4:42 pm Tue Aug 02, 1988 Forgive me for asking, but is the Autonet of any worth? I live in an area with no Telenet/Tymnet and I basicaly pay for my calls unless I get lucky and some local schmuck gives me something to use. This can be rather irritating, and it makes it hard to gain any hacking proficency when you can't make a local call to a 'puter. the Arcane Hierophant Read:(1-100,^16),? : 17/100: How exactly do I go.. Name: Rockin Dude #18 Date: 5:46 pm Tue Aug 02, 1988 about hacking at telenet? I desperatly need some nui's or pcp accounts. Thank you very much. I am sort of new to this so give me as much detail as you can. Thanks so much. Later! Rockin Dude Read:(1-100,^17),? : 18/100: ...\/... Name: <<< Necron 99 #9 >>> Date: 6:03 pm Tue Aug 02, 1988 a hint: hacking telenet as your your first system is not a good idea, considering what the nice people at gte are doing. so be reasonable. the best way to hack telenet, i must admit, is through prime's netlink program. but ask somebody else about that one. Read:(1-100,^18),? : 19/100: Hacking Telenet Name: Epsilon #12 Date: 5:41 pm Wed Aug 03, 1988 I suppose that's one of the safest methods of hacking the network. Either that, or scan when you think network traffic would be at a high rate. Say, in the afternoon on Monday, or any weekday for that matter. Hacking Telenet is not such a hard thing to do. Just scan by area codes, and hack what you find interesting. E Read:(1-100,^19),? : 20/100: What do you mean scan? Name: Rockin Dude #18 Date: 6:28 pm Thu Aug 04, 1988 I won't to find PCP accounts and NUI's however you find them. Or I'll never be able to call long-distance again. Help!! Please help me.. Rockin Dude Read:(1-100,^20),? : 21/100: scan Name: The Mentor #1 Date: 9:19 pm Thu Aug 04, 1988 You scan by picking an area code, say 301, and checking addresses. @c 301 XXX @c XXX 112 @c XXX 113 etc... mentor lod Read:(1-100,^21),? : 22/100: PCP Name: The Leftist #3 Date: 12:09 pm Fri Aug 05, 1988 sounds like what he wants is pcp accounts, or a way to hack them. none known yet. Read:(1-100,^22),? : 23/100: Once I 've scanned.. Name: Rockin Dude #18 Date: 3:23 pm Fri Aug 05, 1988 then what are those #'s for and what do they do? God I must be really stupid not to know this stuff, eh? Well later! Rockin Dude Read:(1-100,^23),? : 24/100: Scanning Telenet Name: Epsilon #12 Date: 3:46 pm Fri Aug 05, 1988 Well, you can keep them for reference. Say you scan a whole area code on Telenet, and you record your results. Now say a month later, you suddenly become interested in Prime computers for some reason, then you can go look in your notebook or whereve, and find all the Primes you scanned, and go connect and try to get into them. Just try getting into whatever you think looks like it might be an interesting system. I mean, that's why you scan, to find neat things. E Read:(1-100,^24),? : 25/100: Various things... Name: Tales Gallery #74 Date: 1:29 am Sat Aug 06, 1988 Tommorrow maybe I'll write a quick program that will call your Telenet, and sequentially scan however you set it up to do it. And then capture eveything to a nice little capture buffer, in which you can later look at. Nothing special, just something to make life a little easier to you all. OR is this a stupid idea?. Hmptht. Tales Gallery. Read:(1-100,^25),? : 26/100: !! Name: Epsilon #12 Date: 8:25 am Sat Aug 06, 1988 No. This is good. Write the program. There are already too many code hacking programs out there, why not write a Telenet scanner. Sounds great. Hayes modem, eh? Read:(1-100,^26),? : 27/100: Yeah, great idea. Name: Rockin Dude #18 Date: 12:41 pm Sat Aug 06, 1988 So after I've scanned all I want to then those #'s I come up with will be connected to computers that I can hack, right? If that is that's cool. Well that's a good idea of writing a program to scan telenet. Could that program also scan for PCP's also? That's what I need, definetly. Thanks. Later. Rockin Dude Read:(1-100,^27),? : 28/100: ... Name: Epsilon #12 Date: 10:18 am Sun Aug 07, 1988 Well, you'll be old and gray before you ever hack a PC Pursuit account, so don't bothertrying. Rockin Dude - Yeah, when you connect to a computer, just play with it if it looks interesting, and if not, just write it down and forget about it for the time being. Just a question.. Have you ever done this before? Because scanning Telenet is not a hard concept to grasp. Thanks. Ep Read:(1-100,^28),? : 29/100: Netlinking for searching Name: Prime Suspect #70 Date: 2:45 pm Sun Aug 07, 1988 Using netlink to scan Telenet is stupid. It's a good way of losing the Prime account that could be used much better. It's like making toll calls for data from within a Phone Company computer and that's it. If you're going to scan just scan from a regular port dialup. Then when you have all of those refused collect connections (and some illegal address errors work as just regular destinations) then you may wish to use netlink to give it a shot and see what you found. But depending on the revision of primos you're using, and the destination system... you may lose that account just for trying to get in the other system so many times. Prime Suspect TOK & LOD/H Read:(1-100,^29),? : 30/100: Telenet Scanning Programs Name: Prime Suspect #70 Date: 2:49 pm Sun Aug 07, 1988 If you can write a good telenet scanning program, good luck. It's more than just sending those #'s over sequentially... and even though you plan on capturing everything which is a great idea, you'll still need to analyze situations and know when to send a break or an escape such as "@@". BTW: For those of you that hate why you can't backspace through Telenet because it screws everything up. Do a: "SET?" or "PAR?" You'll notice one setting is set to: 127 I think it's setting 18 or whatever is on the very right side of an 80 col screen. Just change it with: SET 18:8 To equal a CTRL-H if 18 is the proper #. Prime Suspect Read:(1-100,^30),? : 31/100: ... Name: Necron 99 #9 Date: 8:19 pm Sun Aug 07, 1988 primenet: i disagree. some of us don't know prime, eh. but that is a good point. i've never had a problem with backspacing and all. and calling a port local & staying on there for half an hour is not a brilliant idea to just hack addresses, but that may just be my view. if you can come up with a way to send a hard break to the hayes, that alone would be worth seeing. Read:(1-100,^31),? : 32/100: Hmmm... Name: Tales Gallery #74 Date: 9:49 pm Sun Aug 07, 1988 Prime Suspect- I wasn't expecting it to be "that" easy. Obviously I'm going to have to design a method of interpreting where I am, and what the escape is. Not to mention having the system NOT mark numbers that don't have connections. This is how I figure it. Get on TeleNet with a dumb terminal, and then proceed with various operations. Simulate my software. Easy actually. Of course their will be initial flaws - but nothing is perfect, and if it were, we wouldn't have any place in TeleCom, or rather, any special place. Tales Gallery. Read:(1-100,^32),? : 33/100: try..203..whoever hasked Name: Knightmare #21 Date: 10:50 pm Sun Aug 07, 1988 Whoever was asking about scanning I suggest 203. There are a lot of systems in there. i think XXX20 is a VM/370 and XXX21 is a VAX.. Read:(1-100,^33),? : 34/100: Necron pnet reply... Name: Prime Suspect #70 Date: 1:33 am Mon Aug 08, 1988 Necron: What do you disagree about Primenet? Or using netlink I should say I guess. Are you saying that it's better to use netlink vs a dialup PAD or vice-versa? (confused) Does anyone know any hard facts about tracing being done from a Telenet dialup? The 414's was a case of other sorts of abuse that (according to the press) could have lost lives. With a case like that known, tracing could have been a thought for things other than network access. I'm not promoting actually using a local dialup for access to a network port. Because then if there is trouble they know the general area where you may be from. But is that or using an LD service more dangerous. Looks like too many possibilities eh? Read:(1-100,^34),? : 35/100: Scanning Name: Epsilon #12 Date: 7:55 am Mon Aug 08, 1988 Write your program so that it will time out after say, five seconds, then send a hard break to return you to the prompt, then send a 'd', and then try the next address in its queue (unless it's generating them randomly). Yeah, Prime's right, using another computer to scan the network is not a smart move at all. It's not futile, but it will get your account noticed and possibly killed (if they're nice. They may decide to watch you for awhile). Prime - Thanks for the SET tip. It really annoys me when I type something, then go back, correct it, and then hit return and it gives me that damned '?'. Epsilon Read:(1-100,^35),? : 36/100: Others . . . Name: Tales Gallery #74 Date: 9:00 pm Mon Aug 08, 1988 I know exactly how I'm going to be accessing TeleNet. If others chose other ways, thats absolutely fine, but personally, I have security completely figured out. Just for the record. I didn't exactly catch that talk about the "other computer"? Read:(1-100,^36),? : 37/100: .../\... Name: Necron 99 #9 Date: 6:23 pm Tue Aug 09, 1988 you have telenet security completely figured out, huh. i'll be sure to visit you in jail. Read:(1-100,^37),? : 38/100: Hey, Tales so what are you .. Name: Rockin Dude #18 Date: 6:42 pm Wed Aug 10, 1988 doing to have this all planned out? I'm sure we would all like to know. Rockin Dude Read:(1-100,^38),? : 39/100: WELL Name: The Leftist #3 Date: 12:36 pm Thu Aug 11, 1988 yeah, there are some pretty safe ways to dial into telenet, but its just like making any other local and I dont think I want to go into ways of avoiding being traced on a local call... Read:(1-100,^39),? : 40/100: ... Name: Epsilon #12 Date: 12:57 pm Thu Aug 11, 1988 Being traced on a local call (if they really want you) is basically inevitable. You could always use an extender if you want. This is a lame discussion. Read:(1-100,^40),? : 41/100: Exactly . . . Name: Tales Gallery #74 Date: 3:10 pm Thu Aug 11, 1988 . . . Why I said I have it all planned out, and not to worry about. "See me in jail"? Gee, ok. You must be right, how could anyone be right other than you? Oh, I am so sorry "sir". How could I have ever said something without your assistance of skill and advancement. I am so sorry. No, really. Read:(1-100,^41),? : 42/100: Tsk tsk tsk. Name: Epsilon #12 Date: 5:43 pm Thu Aug 11, 1988 If I'm correct, I sense a conflict here. Take it away Necron.. Don't get blood on this base. I happen to like Packet Switching. Read:(1-100,^42),? : 43/100: ... Name: The Mentor #1 Date: 6:56 pm Thu Aug 11, 1988 This is the only warning. The war stops here. Take it to email. Mentor Read:(1-100,^43),? : 44/100: my gosh. Name: Necron 99 #9 Date: 7:18 pm Fri Aug 12, 1988 i don't even get to post a reply. hmm.. bad loyd, bad loyd. Read:(1-100,^44),? : 45/100: email it... Name: The Mentor #1 Date: 5:11 pm Sun Aug 14, 1988 Send it in Email... remember what MSP started looking like toward the end of its existance? I want to avoid that... Mentor lod! Read:(1-100,^45),? : 46/100: /// Name: Epsilon #12 Date: 8:16 am Mon Aug 15, 1988 Doesn't anyone want to know anything about packet switching anymore? This is depressing. Read:(1-100,^46),? : 47/100: Yes. Name: Dark Sorcerer #79 Date: 10:32 am Mon Aug 15, 1988 I've heard you can somehow break into the Telenet service node and retrieve NUI's. How is this done..? Read:(1-100,^47),? : 48/100: Telenet Scanning Name: The Traxster #92 Date: 8:07 pm Mon Aug 15, 1988 Dude find someone which is into telenet scanning and they will tell you. Now a day I heard it is kind as safe as it used to be. Read:(1-100,^48),? : 49/100: Dark Sorcerer Name: Epsilon #12 Date: 9:30 pm Mon Aug 15, 1988 Please do not bring up the topic of service nodes at all. I would really rather not discuss this, because I know you will find out about this information before you're supposed to. Everyone will. I'm not making this statement directly towards you, I'm just trying to clarify the fact that I do not wish to discuss this right now. Thanks for understanding. Read:(1-100,^49),? : 50/100: eps, do you.. Name: Knightmare #21 Date: 6:50 pm Tue Aug 16, 1988 Espsilon, do you have the knowledge to convert packed packets of info. on an x25 network back to it's original ascii form? I know someone who is working on it right now but maybe someone else knows?? Read:(1-100,^50),? : 51/100: .... Name: Necron 99 #9 Date: 8:15 pm Tue Aug 16, 1988 hey, waihey, wait a minute, eps. i thought only i had a liscense to act like this. has anybody talked to empty promise lately? i lost his number. he was suppoesed to call me last week. with telenet, i wouldn't put anything past them. they haven't been fucking with their software just to lock out the pad-pad things, eh. Read:(1-100,^51),? : 52/100: Hey Nec Name: Epsilon #12 Date: 8:54 am Wed Aug 17, 1988 I can be equally as obnoxious as you can, so phhhhtt.. Knightmare - No, I'm afraid I don't know how the X.25 protocol is converted to ASCII format.. I should read up on that a bit. What are you planning to do, build your own PAD? Read:(1-100,^52),? : 53/100: Oh.. joy. Name: Dark Sorcerer #79 Date: 11:01 am Wed Aug 17, 1988 With my luck, by the time i find out, everyone else will be getting NUI's too. So, when do you want to discuss this, eps? .s .shit Read:(1-100,^53),? : 54/100: ... Name: Epsilon #12 Date: 6:06 pm Wed Aug 17, 1988 Don't worry. It's not working correctly from what I hear right now, so there's really not much of a point in discussing it. Read:(1-100,^54),? : 55/100: Welp.. okay. Name: Dark Sorcerer #79 Date: 10:01 am Sat Aug 20, 1988 Whatever. Read:(1-100,^55),? : 56/100: X.400 vs X.25 Name: <<< Prime Suspect #70 >>> Date: 12:09 am Mon Aug 22, 1988 Does anyone here even know the workings of a packet net such as the protocols used to bring things about to the right place? Overseas they seem to use X.400 and here we're using X.25. I don't know this... but what are the differences of X.400 and X.25? I think there was some documentation on this on several of the network information centers... if you don't know about those then don't bother asking. Read:(1-100,^56),? : 57/100: Hmm. Name: Epsilon #12 Date: 11:21 am Mon Aug 22, 1988 You sure about that? I was always thinking that the other networks, over- seas, also used the same X.25 packet protocol. Great, now I'm confused. Thanks a lot. :-) Read:(1-100,^57),? : 58/100: Packet Routing Name: Epsilon #12 Date: 11:40 am Mon Aug 22, 1988 Alright. Whoever asked about how packets get to the right place.. All packets sent have some data at the beginning called a header. Each header contains the origination and destination virtual addresses of the packet, along with some other information. When the packet is sent, the header gets stripped off, interpreted, and the data is received in its entirety at the destination host. Read:(1-100,^58),? : 59/100: x.25 documentation Name: Knightmare #21 Date: 1:53 pm Mon Aug 22, 1988 i have some x25 documentation, i have about 75k of it, the other 20 k is lost in space. But I'm sure I can get the rest of it. (of one of those inofrmation centers) Epsi, no, i'm not bulding a pad.. it's for something else which you already know about. Read:(1-100,^59),? : 60/100: x.400 Name: Mr. Slippery #5 Date: 12:34 pm Sat Aug 27, 1988 X.400 is a mail transfer protocol. It specifies how to address mail and such. It is therefore level 7 (I think) of the 7 layer OSI model. X.25 is the lower 3 (4?) layers of the model. Hope this helps. Read:(1-100,^60),? : 61/100: level 7??? Name: Knightmare #21 Date: 12:45 am Sun Aug 28, 1988 If i recall correctly I didn't think level 7 was transfer protocals or anthing associatd with transfers. Level 7 is what happens with the information after it reaches the user and is stripped. It's been a while since I've updated myself to standards so I may be wrong. You can say x.25 is 3 or 4. no wrong or right answer to that one. Read: (1-100,^61),? : 62/100: Way way back Name: Amadeus #96 Date: 5:00 pm Mon Aug 29, 1988 This response goes way way way way back: Autonet from Telenet: XXX240XXX09 Other Telenet nums: 1-800-XXX-0631 (2400 baud) 1-800-XXX-6751 (all bauds 2400 and below, pcpid or nui required) Tymnet from Telenet: XXX31 or XXX249 Later . . . Amadeus Read:(1-100,^62),? : 63/100: ... Name: Necron 99 #9 Date: 7:10 pm Mon Aug 29, 1988 i need a list of all the gateways off telenet (mainly the intl things, the ones that you have to do something like XXX051300013 and so on) any takers? most of this is fairly public, but i lost my old lists. please reply in mail if not a pulic gateway. hm. that would be "public" Read:(1-100,^63),? : 64/100: DataPac from Telenet Name: Amadeus #96 Date: 5:45 pm Tue Aug 30, 1988 I can't remember who it was that found this, but you can attempt to hack your way through XXX68 (on Telenet) into Datapac or IPSS. Also, on Tymnet, you can access Datapac by typing "dpac;". I would like to know if anyone knows how to enter a nui through this gateway. Later . . . Amadeus Read:(1-100,^64),? : 65/100: PCP/Canada Name: The Cutthroat #101 Date: 11:22 pm Tue Aug 30, 1988 Does anyone out there know how to call 416 (Toronto, Canada) through PcPursuit ? Telenet has a port here in town, but I have to call Buffalo to get access cause Datapack won't let me. I know the routing code for Datapac but It won't let me on PCP. I think I have to get a DP NUI. The reason I am asking is that Swashbuckles is going back up and I would like to have a way people could reach me if they got a PCP account. I heard it could be done but you had to go out another area code (216 I think) to get to 416. Read:(1-100,^65),? : 66/100: not a veiled threat. Name: Necron 99 #9 Date: 3:43 pm Wed Aug 31, 1988 final request, on behalf of our generous sysop: if anybody posts any accounts (or phone numbers, or nua's ), the message will be deleted, and so will the user . so use really vague mentions, and send things through the mail, or talk voice, or something. something YOU may consider to be legal may not be, and i'm fairly sure mentor doesn't want to pay for your error. am i getting boring about this? Read:(1-100,^66),? : 67/100: x.25 Name: The Leftist #3 Date: 1:16 am Thu Sep 01, 1988 x.25 protocal hiercy level definition 7 Application protocal 5 Session Protocal 4 Transport protocal 3 x.25 layer 3 2 x.25 layer 2 1 x.25 layer 1 the physical layer defines how 0 and 1's are defined how contact is established with the network timing aspects etc.. the frame layerjF is the data lin~p layer. its job is to insure reliable communication with the data terminal equipment and the data communications equipment packet layer deals with the format and meaning of the data field contained wiithineach field the packet layer provides for routing and vitual circuit management I'll go further into the tech side if anyones interested. The Leftist Legion of Doom hackers Read:(1-100,^67),? : 68/100: It looks like.. Name: Dark Sorcerer #79 Date: 8:04 pm Sun Sep 04, 1988 The C APPLE on telenet doesn't work anymore. Does anyone have the new address? I'm interested in that system. (which is, BTW if you're slow, Apple Computer Corp.'s UNIX mainframe.) Read:(1-100,^68),? : 69/100: Telenet Name: The Dictator #115 Date: 8:44 pm Sat Sep 10, 1988 Hey...are the rumors true??? I have heard people saying that Telenet can now effectively trace a caller on the system at any given point in time? This message isnt here to scare anyone...But with all the rumors around, its always good to ask... BY THE WAY..... Using P.C. Pursuit....Take your dial-up and loop through the Seatle port. Heh heh...your be amazed at the features. The Dictator Read:(1-100,^69),? : 70/100: Information on packet netets Name: Ani Failure #50 Date: 2:54 am Sun Sep 11, 1988 I can get tons of info on packet nets, so I think I might start contributing on this sub.... anif Read:(1-100,^70),? : 71/100: Telenet and ANI?? Ha!!! Name: Ground Zero #78 Date: 10:19 pm Sun Sep 11, 1988 Nah. As far as I know, if necessary, they can arrnge to have a questionable call traced back to the telenet node, then the local company can trace the call in progress. But, as said before by someone else, they don't do it for fun. There's someone who calls Atger and Althh chat systems in Germany who just sits there and asks people what they are using to call there. He tries to nail Americans using Telenet to call there. He admitted there are no feature groups on Telenet dialups, but threatened that Telenet plans to add FGD to all their dialups. That'll be the day!! When he said that, I said "Nah, that would be too difficult and expensive". He just said "We can handle it. We're GTE". Heh.. -gz Read:(1-100,^71),? : 72/100: P.S. Name: Ground Zero #78 Date: 10:22 pm Sun Sep 11, 1988 For those of you that don't know, the Telenet security agent who calls the chats uses the handle "Mike.P". Be on the lookout! Or maybe big, bad GTE will pounce on you!! :) Read:(1-100,^72),? : 73/100: Telenet Name: The Dictator #115 Date: 1:25 am Mon Sep 12, 1988 I am a big Telenet phreak...I love the system...there are some neat tid bits about the system.... It is possible to call a local node in your area, and then use that node to access another Telenet node, and THEN make your call to a company, or use PC Pursuit. Now, this does one nice feature....Telenet has a limited ANI...Companies can now pay Telenet to trace a series of calls to it during a certain period of time...if you use the multiple node, the ANI traces to the second node you accessed, and not the first... Comes in handy.... The Dictator Read:(1-100,^73),? : 74/100: Telenet. Name: Epsilon #12 Date: 9:45 am Mon Sep 12, 1988 Big shit. The destination host already knows the virtual address of the PAD you are calling from in the first place. Remember what I said about packets? In the packet header, there's the network address of the origination, and the destination. Besides, I don't think it's quite possible to have Feature Group D installed on a POTS number (?). Anyone have any theories on this? Read:(1-100,^74),? : 75/100: Telenet/FGD Name: Ground Zero #78 Date: 2:03 am Tue Sep 13, 1988 Yes, I believe it can be done, however, at great expense. So I doubt it will happen. As far as headers go, Eps, I'm confused! Now, let's say I call up a Telenet node and then use it to connect to an outdial. Then I use the outdial to call the dialup of another Telenet node. Is what you're saying that the original NUA I am calling from is on the header of each packet? I don't understand how. Beacuse I am assuming that when I use the outdial to call the second Telenet node that all the header junk gets taken off, since it's assumed that I'm using the outdial to call another computer that has no use for the information contained in the header! Could you explain this more? -gz Read:(1-100,^75),? : 76/100: Ground Zero Name: The Prophet #91 Date: 4:04 pm Tue Sep 13, 1988 GZ- I believe Epsilon means that the nua of your pad is transmitted to each other nua you call -- not over a phone line (as when using pcp). -TP 6o1hadoto Read:(1-100,^76),? : 77/100: PCP Name: St.Elmos Fire #32 Date: 3:24 pm Wed Sep 14, 1988 WELL, IF YOUR SO WORRIED ABOUT PCP, THEN CALL THROUGH AN EXTENDER, AND ALSO CALL A DIAL-UP IN A DIFFERENT AREA THEN YOURSELF... Read:(1-100,^77),? : 78/100: trick Name: The Leftist #3 Date: 9:43 pm Wed Sep 14, 1988 the trick is to seperate the node of the network that you are on from another node of telenet, and do all your dirty work from the second node.. of course you have to be sure the link between the two nodes is made in a safe manner.. The Leftist Legion of Doom Hackers! Read:(1-100,^78),? : 79/100: PCP Name: The Prophet #91 Date: 9:58 pm Thu Sep 15, 1988 If you have a working extender, why use PCP? -TP 6o1hadoto Read:(1-100,^79),? : 80/100: ^good point, prophet! Name: Ground Zero #78 Date: 10:56 pm Thu Sep 15, 1988 Heh. Anyways, I think that clears it up. I think! -gz (wondering what the significance of "6o1hadoto" is!) Read:(1-100,^80),? : 81/100: WHY USE PCP? Name: St.Elmos Fire #32 Date: 10:47 am Sat Sep 17, 1988 WELL, ONE REASON TO USE PCP IS TO TRY AND FIND DIFFERENT SYSTEMS AND THEIR CODES(NUMBER YA HAFTA PUT IN TO MAKE IT CALL, DIDNT KNOW THE TERM>. ALSO, IF YOU DIDNT HAVE AN ACCOUNT, IT WOULD MAKE THINGS ALOT SAFER. ESPECIALLY NOW THAT SOMEONE MENTIONED THEY COULD TRACE CALLS. Read:(1-100,^81),? : 82/100: . Name: Epsilon #12 Date: 6:53 pm Sat Sep 17, 1988 Thanks for clarifying my message, Proph. BTW, what exactly is 6o1hadoto? Just curious as always. Read:(1-100,^82),? : 83/100: DPAC. Name: The Keeper #135 Date: 8:56 pm Sat Sep 17, 1988 Greetz... Well Who Ever Wanted The DPAC info, Leave Me E-Mail And I can Explain DpAC To You, I Use it every Day, And It was a Real Cool System. If You Need a NUI for Dpac Then I Guess You Could Leave Me E-Mail To. The Keeper. Telcom Canada. P.S. Right now i am Using The Canadian Goverments Modem Pool Number to Call Here, Its a Real CooSystem As Fell. Read:(1-100,^83),? : 84/100: you guys Name: <<< Ani Failure #50 >>> Date: 3:02 am Sun Sep 18, 1988 you guys are going to get into some shit if you keep posting numbers and specific information on the systems you are in....don't you know that everyone is on this board (s.s, fbi, bell security, sprint, etc. and more, I'm sure) Think about it, this is a perfect place for people to keep tabs on hackers/and phreaks. so watch what you post Read:(1-100,^84),? : 85/100: agreed. Name: Ground Zero #78 Date: 11:56 am Sun Sep 18, 1988 Can someone delete our friend's post up there? -gz Read:(1-100,^85),? : 86/100: aksjgdyr Name: Necron 99 #9 Date: 1:31 pm Sun Sep 18, 1988 do not post numbers. if you disagree with this, please send mentor mail. or me mail. Read:(1-100,^86),? : 87/100: SURE.. Name: St.Elmos Fire #32 Date: 3:27 pm Sun Sep 18, 1988 I AGREE, A PERSON SHOULDNT POST A CERTAIN NUMBER, BUT THERE IS ABSOULUTLY NOTHING WRONG WITH TRADING INFORMATION ABOUT THE SYSTEM, IT IN NO WAY COULD GET YOU IN TROUBLE. UNLESS OF COURSE YOUR {STUPID, AND POST AN ACCOUNT AND PASSWORD. -FIRE Read:(1-100,^87),? : 88/100: ... Name: The Mentor #1 Date: 6:02 pm Sun Sep 18, 1988 The point is, if you post that you are into the IRS's computers (or whatever), that is probable cause, and reason enough to *minimum* put a DNR on the line... The Mentor LOD/H! Read:(1-100,^88),? : 89/100: THE KEEPER.. Name: Electric Warrior #134 Date: 6:01 am Mon Sep 19, 1988 All Canadian phreaks aren't like that, really.. While Datapac is a realativly intelligent network, there is just to much diversity for it to be considered a good packet switching net. Different types of datapac ports, XXX0, XXX1, XXX1, etc, all have their own modem ports. Most packet sizes are 256 instead of the (I assume) usual telenet 128.. Can't you guys reach Datapac address' with reverse charging on them through C XXX20 XXXXXXXX ? Most of our numbers accept collect calls, but fewer will accept anything from an international call.. Read:(1-100,^89),? : 90/100: Oy Vey. Name: Master Micro #10 Date: 12:06 pm Mon Sep 19, 1988 For the sake of information, let's say, i'm interested how you changed your set's to 'Pad To Pad' and see the other person's information. I remember very well when you could connect to someone's NUA and just talk to them, but i'm unaware of how you went about monitoring their information (without them knowing?) For information purposes, i'm interested in how you used to do this. Might come in handy with an x.25/x.29 compatible server I found. Mm (Bellcore/Ua) Read:(1-100,^90),? : 91/100: WANTED Name: Doc Telecom #71 Date: 12:57 pm Mon Sep 19, 1988 I have the NCC's and Accounts on them for a few of the major PSN's [Packet Switching Networks], allong with the documentation for creation of links,paths,nuas,ect. I am willing to trade, well since i don't trade, i will be willing to give this information, if anyone can get me the NCC for Tymeshares Tymnet . Thanx, Doc Telecom/BC CREATE LINK altos using 5 DCE SP=XXX00 LOCAL=9 REMOTE=11 NUA=XXX2458XXX40004 NOOC PCV=1-48 SVC=49-XXX TRANS=100 Read:(1-100,^91),? : 92/100: ELF Name: Doc Telecom #71 Date: 5:33 pm Mon Sep 19, 1988 I am looking for the source for ELF [Engine Load Facility], Tymnet put it out in Dec 1987. I have the manuals [ELF Reference Manual, ELF Operators Guide, and the Engine Pocket Guide] But i Need the source so i can put a patch in it, In my last message I said I was looking for the NCC, I was refering to the "main" NCC, not all those little fucking [Can we cuss here to or do those messages get deleted to ?] things. [MUX Modifier Ports, or CMF's {a CMF is a Configuration Management Facility}], If anyone has this or any info on "Uninet" Leave me E-Mail. and here is a sprint: DOCI SBRA INDE AD Gotcha! Necron99! Read:(1-100,^92),? : 93/100: ahem? Name: Master Micro #10 Date: 4:04 pm Tue Sep 20, 1988 Hmmm.. thought we weren't going to be posting codes, numbers, passwords, etc.? Anyways, my PSN question..? Anybody know? Read:(1-100,^93),? : 94/100: ... Name: The Mentor #1 Date: 5:37 pm Tue Sep 20, 1988 He isn't... that is a bogus code, getting ready to be a deleted code... Doc, one warning. You can fuck with Necron all you want in mail. Posting that (yes, I know it isn't valid.) is risking getting me in a lot of trouble. Capice? The Mentor LOD/H! Read:(1-100,^94),? : 95/100: ANSWERING MACHINES Name: Tinman #132 Date: 6:10 am Thu Sep 22, 1988 I know that Rip Shack sold answering machines a few years ago that allowed you to call the machine, and when IT hung up, you were left with that persons dial tone, Ergo, all calls were made at the expense of the owne{r{ of the machine. I haven't run into to many lately. Anybody know if other machines do the same thing ? Also I notice the posting of SERVICES and CODES. Looks like bad news to me. These phone companies are really staarting to w{is{e up. Oh well who the hell cares ? It just makes life more challenging. Who is this "Rockin Dude" anyway ? Read:(1-100,^95),? : 96/100: or perhaps Name: Necron 99 #9 Date: 12:34 pm Thu Sep 22, 1988 we could ask "who is this tinman dude anyway"? Read:(1-100,^96),? : 97/100: answering machines Name: Norman Bates #58 Date: 2:49 am Sat Sep 24, 1988 The only way you could get someones dialtone through their answering machine is if they had a call forwarding service on it, or if it handled two lines and was made to accomodate that kind of traffic. It is not possible to overide someone who only has one line... You have to have a line to come in on, and a line to go out on you know... ...Norman/619 Read:(1-100,^97),? : 98/100: yep Name: Brimstone #149 Date: 10:27 am Sat Sep 24, 1988 I guess the last message was true.. something related.... voice mail systems... you could hook up to an extension, you could also hook up to a box... but call those systems that have both (extensions that hook you up to people, and a system that has mailboxes also).. Also after you dial an extension or mailbox, it has to ring... thos kinds of systems can be used as divertors sometimes.. I have found a few systems like that. I found one system that all of the extensions that I've tried could've been used as a divertor... but I have other systems which only one or a few boxes could be used.. so these things still exist Read:(1-100,^98),? : 99/100: DataPac Name: Creative Chaos #152 Date: 8:26 am Sun Sep 25, 1988 Isn't DataPac the network that you type CHR$(13)"." to start with? Well, here I go again, I have this system sitting on my shelf somewhere, it's only identifing feature is "DataStream" the password is 4 digits to the system. ALL I WANT TO KNOW... is why didn't I cna the bitch already... No, no Has anyone ever encountered a system like this ??? (this system required something like a CHR$(13)"." to get started.) Creative Chaos The Punk Mafia Read:(1-100,^99),? : 100/100: ... Name: The Mentor #1 Date: 11:53 am Sun Sep 25, 1988 I've run into systems that take '....' to get their attention... strange. The Mentor LOD/H! Read:(1-100,^100),? : 100/100: ... Name: Lex Luthor # Date: 3:31 pm Sun Sep 25, 1988 Doc Telecom, I believe I have access to ELF source along with a lot of other information regarding TYMNET. IE: DECLOD which was no big deal even though it was against my style to add accounts such as that one. However after checking to see that there are hundreds of accounts similar to DECLOD and entering a somewhat valid application for an account, I believed it was safe to do so along with it being a learning experience as far as what could be accomplished by a non-employee of either TSN or TYMNET Lex Read:(1-100,^100),? : < Electronics Q-scan done > < Q-scan Packet Switched Nets #4 - 100 msgs > _____________________________________________________________________________ *** {GENERAL MESSAGE SUB-BOARD} *** 42/100: ANI Name: Chance #128 Date: 1:00 pm Tue Sep 20, 1988 Well.. if you are in an ESS area (Identify it by whether you can have custom calling features) Then US Sprint 800 service CAN obtain your ful phone number... That's all there is to it.. Read:(1-100,^42),? : 43/100: ... Name: The Mentor #1 Date: 5:36 pm Tue Sep 20, 1988 ummm... The ANI isn't transmitted unless you're in an equal access area... ESS has nothing to do with it... The Mentor LOD/H! Read:(1-100,^43),? : 44/100: ANI & Sprint Name: The Cutthroat #101 Date: 6:47 pm Tue Sep 20, 1988 Well I'm in ess but can't be in equall access, I'm calling from another country. Though anything comming from Canada could be routed through an equall access area. E.G. Sprint owns the entire 800 exchange that they are in. Read:(1-100,^44),? : 45/100: RNS Name: Doc Telecom #71 Date: 12:41 am Wed Sep 21, 1988 Hacking CONTELS RNS Have you ever ran accross dialup that says "RNS$#5$$New$York$City" that is the Switch that Contel uses for there Carlson/Stromberg CPX5,Etc Switches...Most accounts on the network cannot be accessed From Remote, but usually there is atlease one or two that give You Remote Access. Every RNS I have been in have it so *all* accounts have full privliges...The defaults set by CS are: ADMIN/ADMIN SECURE/SECURE TMRS/TMRS DOC/TELECOM SCAT/SCAT MAINT/MAINT STATUS/STATUS NAC/NAC ESPF/ESPF. Also if someout drops carrier and doest $logoff there account remains active for the next user. Once in you will get a "MON>" Prompt and after every thing you type you will always get the MON Prompt. To Execute commands you must put a "$" in front of every thing at MON Level, there is no help provided by the System at MON level [But everything else is menu driven] To learn the Overlays ($) you must do a dir to get everthing, the system is devded into hundreds of sub systems (300 Megs). Here ara few of the subsystems [Overlays {$}]. $DBUTL - DataBase Utility $FILSYS - All disk Access [Dir, Type, Format, Copy, Etc] $PASSWM - List Users/Passwords, and other goodies. $ADMIN - Switch Administration $CBUG - Used to Debug/Patch the Switch Zi6/help iDi Read:(1-100,^45),? : 46/100: STAR CODES Name: The Leftist #3 Date: 6:54 am Wed Sep 21, 1988 Well, if Im not mistaken, there is a standard for the * codes, heres a partial list & *70 turn off call waiting *71 3 way calling at 50 cents a pop *72 xxx-xxxx initiate call forwarding *73 cancel call forwarding *74 + 1-9 program speed calling optioons Leftist Legion of Doom Hackers! Read:(1-100,^46),? : 47/100: Sprint Name: Sandy Sandquist #85 Date: 9:02 am Wed Sep 21, 1988 I recently had a meeting with the local FBI SAIC. He mentioned something that I thought many of you would be interested in or at least should know. One of the problems that the FBI has in hacker cases is as a case develops it is very difficult to tell the difference between a hacker and an individual that is involved in espionage. It seems that those involved in espionage hacking are following the same patterns that many of you follow. When an audit trail is created there is no difference. Until they investigate much deeper they can't tell the "casual hacker" from the professional hacker involved in espionage. Ergo, if you are into government systems and think that you are not doing any damage, maybe you should reconsider. ================Food For Thought===================== Read:(1-100,^47),? : 48/100: ... Name: The Mentor #1 Date: 10:11 am Wed Sep 21, 1988 I don't know anyone who hacks government computers except by accident... At least none of the people *I* work with are that foolish... The Mentor LOD/H! Read:(1-100,^48),? : 49/100: ... Name: The Mentor #1 Date: 1:31 pm Wed Sep 21, 1988 I'd like to welcome the second acknowledged security person on Phoenix. Jay Stenger is a security manager for NTS (National Telecom Service??? Forgive me, I forgot the acronym...). Anyway, perhaps he will field some questions also and take some of the load off of Sandy... I'll start it off... Jay, what exactly does NTS do, are they regional or nationwide, and what does your job consist of for the most part? The Mentor Read:(1-100,^49),? : 50/100: Hello Jay Name: Sandy Sandquist #85 Date: 2:29 pm Wed Sep 21, 1988 Hello Jay, welcome "above board". For those of you who don't know, Jay was a US Sprint Security Manager until NTS made him a deal he could not turn down. You will find that Jay knows this business and will be responsive to your questions,,,That is if he ever learns to return his calls on time. (a little inside jab at Jay from an old friend.) Read:(1-100,^50),? : 51/100: mymym Name: The Leftist #3 Date: 4:19 pm Wed Sep 21, 1988 We seem to be geting real popular with the security people all of a sudden.. I guess the word has gotten around that theres good hackers here who DONT spend all their time obtaining ill gotten phone cards.... Leftist Read:(1-100,^51),? : 52/100: Bioc Agent 007 Name: The Prophet #91 Date: 5:35 pm Wed Sep 21, 1988 Sandy- Hey, I never question a Special Agent in Charge, but are there really any "professional hackers" involved in espionage? To my knowledge, no one has ever been tried and convicted for gaining unauthorized access to a system with "espionage" as the motive. Hacker hobbyists aside, the rest of the crimes are committed by disgruntled employees. By the way, someone (can't remember the name) wrote a fascinating book on one such case, called The Great Bank of America Telex Heist. -TP 6o1hadoto Read:(1-100,^52),? : 81/100: Hackers.... Name: Doc Telecom #71 Date: 3:51 am Wed Sep 28, 1988 I think that the hackers they were talking about were not true hackers but just pirates/c0de abusers/ and warez dudes.. Most of the true hackers out there don't even abuse codes....And most Phone Phreaks don't have a need to Shit! The phone company provis so many alternitive ways to place phone calls! [That reminds me..^C when you called me yesterday and said that you were paying for your calls...Well when we were hanging up and the operator said "Are you finished with your calls yet?" That seemed like the TSPS Maintence trick to me..!] By the way the TSPS trick is legal, except that you must not impersinate someone while doing it....If you can just confuse the shit out of the TSPS operator to place your call...it is considerd legal and the stupidity of the operator...Also note: That using a diverter is legal just as well..but it depends on your morals..I mean they do have to pay for that 1000 $$$ alience teleconfrencing bill. Essential Overload Read:(1-100,^81),? : 85/100: XMUX Name: Electric Warrior #134 Date: 6:36 am Thu Sep 29, 1988 The system you encountered (The XMUX, also sometimes labeled as VMUX) are the control modules behind SERVICE ID= prompts. I've seen several of these, and unless you know what you're doing, you cannot effect anything permanently. As near as I can tell, when you connect to an address that normally says SERVICE ID= at a certain time of day, you will be dropped into this system, made for the control of PAD's and the security protection of certain address's (Closed User Group: 'Access Barred' except to authorized users). Each XMUX usually has some kind of accounts listed in the Maintenance and Profile areas, such as CONSOLE or LOGGER. Like I said, it is hard to really change anything permanently (ie: access control protection) and they are very easy to crash. Do not try to dial into or supervise another address. This will cause the system to lock up, and you cannot usually regain control and most likely, the system will go back to saying SERVICE ID= permanently. Play around with it because it will probably not be there the next day. With no available help files, a lot of its functions remain a mystry (mabye because you are connected to the address usually used to outdial to other NA's, therefore causing a crash when the line is occupied...) and the system is realativly uninteresting. - Electric Warrior Read:(1-100,^85),? : 88/100: Hacking and Espionage Name: Lex Luthor #81 Date: 3:30 pm Sun Sep 25, 1988 I have not heard of anyone doing any hacking primarily for the purpose of passing that information on to a foreign nation. I personally, despise the thought of it, let alone its practice. However if there were/are those who hack for that purpose, who would hear about it anyway? I have come across information which I believe would be considered valuable to other nations, so I know the information (whether classified or non classified) is out there accessable to those with the correct access. When I say other nations, Of course I am speaking about the USSR but don't forget there are many other countries out there obtaining information about the US. For instance, our pals Isreal, of course they don't like to admit it. Anyways, for those who are interested, Issue #3 of the LOD/H Technical Journal WILL be out within a month. Period. Lex Read:(1-100,^88),? : 99/100: RNS Name: Doc Telecom #71 Date: 4:04 am Wed Sep 28, 1988 I figured I would Explain A bit more on how a Remote Node Switch connects To the Bell Operating Company (BOC) Maintence Centers. Within the BOC serveral interfaces are used to provide information of a individual Stored Program Controlled Switching System (SPCS). Which in the cas of RNS is the DCO system. The Remote Node Switch (RNS) uses the EADAS/NAC funtion to ensure that the Bell Operating System Switches arproperly equipped for thier network function. Each of primary datalinks used for data transfer [From RNS to BOC Sytems ] to EADAS/NAC has its own protocal. The RNS is also compatable with Remoteemory Administration System (RMAS) Interface. [The RMAS is an AT&T support system used by BOC's] The RMAS takes care of the administration of the database for the Telco Switches connected to it. Essential Overload Read:(1-100,^99),? : 100/100: They help themselves and us Name: Lex Luthor #81 Date: 1:53 am Wed Oct 05, 1988 For those security people who have the forsight to provide technical information to us via this bbs I salute you. Why? Because by educating phreaks on your phone systems, mainly on information pertaining to fraud detection and such, they are helping themselves and us. For instance, by telling everyone that their service has ANI on their 800 dialups and also by saying that they agressively persue all fraudulant cases, they alert those phreaks who would have unknowningly attempted or succeeded at abusing the service in question that the chances of being caught are high. By giving out this information, the security people reduce potential abuse of their systems and at the same time save those phreaks who would have ignorantly abused the service from the expense, embarrassment, etc. of a visit or arrest or possible litigation. Thus, the companies who do provide this information will reduce the amount of fraud, save money by not spending much needed resouces on chasing after those who would have abused their service, AND keep phreaks from getting into trouble. Now, for those companies who have lame security, well maybe faking that they have good security might help...yeah right. Maybe they should stop spending money on investigators and litigation and instead spend it on preventing the abuse in the first place, which of course means spending that money on SECURITY for a change. Lex Read:(1-100,^100),? : _________________________________________________________________________ *** {"INSTRUCTOR" SUB-BOARD} *** 1/38: this Name: <<< The Mentor #1 >>> Date: 11:25 pm Sat Jul 02, 1988 This is the top level board. If you are on here, you are one of the people I expect to be answering questions that the others ask on the lower boards. Without your help, this board will go nowhere... If you have suggestions about new subs, feel free to leave them here or in feedback. The Mentor Read:(1-38,^1),? : 2/38: Uhh.. Name: Epsilon #12 Date: 8:13 am Tue Jul 12, 1988 Well, the conversation is really kickin' in this base. I'll tell you.. Read:(1-38,^2),? : 3/38: ok Name: The Mentor #1 Date: 2:00 am Wed Jul 13, 1988 Ok, I suppose this would be a place to discuss anything that you don't want beginners playing with... what are the various forms of outdials from telenet? I've used the unix CU, VMS $set host/dial=dte, and am going to try pcp tonight... what others are there? Mentor Read:(1-38,^3),? : 4/38: Telenet X.25 Outdials Name: Epsilon #12 Date: 8:37 am Wed Jul 13, 1988 There are modems on Telenet used by PC Pursuit that call locally, and there are modems used by PC Pursuit that call long distance (god knows why). There are other outdials that you can find sometimes on a corporate LAN somewhere, or a terminal server which can be accessed via Telenet. For example.. Say the NUA XXX789 brings you to a DECServer. From that DECServer, you'd get a list of hosts to connect to. One of these choices may be a modem. I've tried 'c outdial', 'c modem', 'c dial', and some times it they work. Other servers may be used in place of a DEC. Like Bridge Systems LANs. They're all over Telenet, and are usually used in private exchanges. 122 (GTE) has many of them. So that basically covers outdials. We have.. 1) VAX/VMS 2) UNIX cu 3) PC Pursuit 4) Private Modems on LANs Anyone have anything to add? Epsilon Read:(1-38,^4),? : 5/38: Outdials Name: Phantom Phreaker #37 Date: 2:09 am Mon Jul 18, 1988 I have seen a system on Telenet that, when connected to, automatically logged into a unix system as 'uucp' and then dropped the user into an outdial program. I found out about the unix when I sent a hard break at the right time, I was dropped into the bourne shell prompt. There were no unpassworded logins, and uucp had a password too. I raided the L.sys/Systems file, the etc/password file, and then logged out via the @ sign on Telenet. I never could get back into the unix though, no matter what I did the applications program doesn't seem to be exitable to shell. Try it, XXX293...don't give this out if you can get the pw. Phantom Read:(1-38,^5),? : 6/38: That Outdial Name: Epsilon #12 Date: 10:00 am Mon Jul 18, 1988 That's kind of interesting, and fairly unique. I've never seen an address on Telenet that will drop into a host running an 'outdial' program. Fun fun fun. Read:(1-38,^6),? : 7/38: kind of Name: The Leftist #3 Date: 1:39 pm Tue Jul 26, 1988 Reminds me of when I called telenet, and instead of telenet, I found myself logged into a privelesged acct on a primos.. that was weird! Read:(1-38,^7),? : 8/38: ... Name: Epsilon #12 Date: 5:05 pm Tue Jul 26, 1988 Random fluke. Never happened to me. It'd be real cool to find out what actually happened. - LOD Groupie Read:(1-38,^8),? : 9/38: XXX293 Name: Prime Suspect #70 Date: 11:45 pm Tue Aug 09, 1988 I remember that system. It was a major bug I don't think it was really a Unix though. It's a different system now altogether though. I used to be able to type anything or a ctrl-c as a password and it would drop to the outdial. It would only allow one user at a time. The prompt turned out to be a "$" though. You say you found those files? That's weird. Was this recent or from the major past? Sounds recent to me. Read:(1-38,^9),? : 10/38: ... Name: Phiber Optik #86 Date: 10:02 pm Fri Aug 12, 1988 I'm sure many of you have outdials either on telenet or tymnet, so I encourage that some of you use ALTOS in Munich as a place for conversation. XXX2458XXX40004. Here is a gateway server, if needed: XXX40 (Caller ID Required) When connected... (example) c!128#2XXXXXX0040004 I have already run into Epsilon and Necron 99 many times. It would be nice to see more of you, as my geek-killing utilities ward off loosers and lamers, maybe some topics of interest may be discussed seriously. Optik Read:(1-38,^10),? : 11/38: Optik Name: Epsilon #12 Date: 8:36 am Sat Aug 13, 1988 Those utilities are quite nice. You know, we should create a program to run all the zaps simultaneously, so you don't have to kill each account individually. I don't know how feasible or practical that is, but it might work. Read:(1-38,^11),? : 12/38: that thiings Name: <<< Ani Failure #50 >>> Date: 3:02 am Sun Aug 14, 1988 it was last year sometime when I fucked with XXX293, i have the Systems (or was it L.sys, can't remember) and password files. ANIF Read:(1-38,^12),? : 13/38: Telenet internals Name: The Prophet #91 Date: 6:40 pm Tue Aug 30, 1988 Anyone have any information on Telenet's internal systems? (Primos, I believe.) NUA's would be appreciated. I've seen the innards of a net using the same software... The control software itself is called TDT or TDT2 (Telenet Diagnostic Tool). Nice, VMS-like online help facility should explain the capabilities easily. I'd like to have a crack at Telenet's own. -TP Read:(1-38,^13),? : 14/38: um, well Name: Magic Hasan #64 Date: 6:41 pm Wed Aug 31, 1988 i hope mentor and necron forgive me ..but here are a few nuas you should look into for Telents internal primes: XXX99 XXX101 XXX39 XXX138 XXX10 -MH Read:(1-38,^14),? : 15/38: ok. Name: The Mentor #1 Date: 8:34 pm Wed Aug 31, 1988 This sub is safe for mundane things like NUA's and phone #'s. Still no accounts... Nec, don't whine. The Mentor Read:(1-38,^15),? : 16/38: ... Name: Epsilon #12 Date: 9:30 pm Wed Aug 31, 1988 I have a scan that I did of 909, if you want that. Just ask. Read:(1-38,^16),? : 17/38: 909 Name: Epsilon #12 Date: 2:14 pm Thu Sep 01, 1988 I talked to a Telenet technician today in Seattle, WA. He said that the diagnostic systems in 909 will enable you to "look at anything you want". I assume that means that you are able to modify the network and the PADs, and hosts which are connected. He said the Prime computers in that exchange are used for network control and diags. Well, there you go. You now know what the systems do, so break out your defaults. Read:(1-38,^17),? : 18/38: Diagnostic systems Name: The Prophet #91 Date: 7:47 pm Thu Sep 01, 1988 You can indeed modify the x25 parameters for pads and hosts. Also routing, etc. Just what I always wanted to do... -TP Thanks, Hasan. Read:(1-38,^18),? : 19/38: ... Name: Epsilon #12 Date: 12:39 pm Fri Sep 02, 1988 Hasan? I posted that message. Heh.. Read:(1-38,^19),? : 20/38: yep Name: Magic Hasan #64 Date: 4:49 pm Fri Sep 02, 1988 But I posted the important nuas. heh. 'welcome -MH Read:(1-38,^20),? : 21/38: .. Name: Epsilon #12 Date: 10:21 pm Fri Sep 02, 1988 Well! Fine! Read:(1-38,^21),? : 22/38: telenet/nasa Name: Knightmare #21 Date: 3:21 am Mon Sep 05, 1988 I'm sure you all know of the nua, NASA. Is it some sort of mail system or something useful? I doubt the second. About dialing Telenet and running into a system upon connection; it has happened many times to me too. But I keep running into database services. Also, does OKX25OKX25OKX25..etc look familiar? I got that tonight when I attempted to call Telenet. btw, hello to all..{epsilon,necron,mh,ani-f,prime,etc} Read:(1-38,^22),? : 23/38: ... Name: Epsilon #12 Date: 8:44 am Mon Sep 05, 1988 It seems like the results of some diagnostics that were being run on that particular PAD before you called it. That's kind of neat. I've never been connected to anything when I call the Telenet port. Leftist - What did you say you were connected to? Was it a Prime? That's so strange. Read:(1-38,^23),? : 24/38: gueess.. Name: Knightmare #21 Date: 2:01 am Tue Sep 06, 1988 ..Telenet has that same problem as Cosmos. Sure most modem do that..kinda gives us an edge. It was funny today, I was connected to thee Washington outdial for PCP. I bet there is no way to figure out which PCP account that the Telenet is using for the call to the outdial modem. Read:(1-38,^24),? : 25/38: ... Name: Epsilon #12 Date: 9:32 am Tue Sep 06, 1988 Knightmare - Telenet's software connects itself. It doesn't need any accounts. Heh. Also, do you think you guys could possibly post some exchanges that haven't been scanned (reachable via Telenet) as of yet? I'm interested in finding new stuff. I only have a few private prefixes. They are.. 122 223 224 422 909 That's it I think. Anyone? Anyone? Read:(1-38,^25),? : 26/38: Telenet Name: <<< Ani Failure #50 >>> Date: 4:51 pm Tue Sep 06, 1988 I don't think you can reach the 122xxx exchange on Telenet anymore, at least not on the dialup the I attempted to connected to one of the GS-1 Gateway server systems (XXX55). I (and others, like Epsilon) got into those things , and I was able to get medium privs on the thing (when you call normally and enter the server, you are in what I call the low level of privs). Anyway, I wrote a file about the GS-1 server5a if anyone wants to see it I could u/l it. ANI-F $LOD$ //s Read:(1-38,^26),? : 27/38: ... Name: Epsilon #12 Date: 2:15 pm Wed Sep 07, 1988 One way of achieving higher privs on a GS/1, CS/200, or any other make of Bridge Systams LAN Gateways is to use the command 'SET PR = G' (Set PRivileges = Global). In most cases this command will prompt the server to ask you for a password. I suppose guessing is the best way to gain full privs. Other neat things. 'SH NM -LONG' gives youa full network map. 'SH CHN' or 'SH N' (on a CS/200) gives you a list of attachable nodes. 'Sh SES' shows the current session. 'SH GLPAR' shows gloabal parameters. Use '?' to get a full list of commands, and parameters. Read:(1-38,^27),? : 28/38: y Name: The Mentor #1 Date: 5:20 pm Thu Sep 08, 1988 Who is No Remorse and why is he recommending that people (Necrovore) ask for access to this sub? Please keep the existance of higher-level than public boards a secret, thank you... No Remorse? Sounds like another one of Necron's aliases. Mentor Read:(1-38,^28),? : 29/38: hey, Name: Necron 99 #9 Date: 7:14 pm Thu Sep 08, 1988 wait a sec. he's a freind of mine. didn't you just talk to me last night & say " do you want this other guy up here..", i just thought it would make things simpler this way. or will i have to come over to your house and skin you alive, hm? Read:(1-38,^29),? : 30/38: ok Name: The Mentor #1 Date: 11:30 am Fri Sep 09, 1988 Ok... Nec, when you recommend people for high access, please leave me a note... I get calls regularly from people saying "The Leftist will vouch for me" or some such nonsense, then find out Lefty talked to them once on Altos... you know what I mean... Anyway, welcome to Necrovore, who *finally* has access up here after a long and bloody struggle... sorry about the delay, the 'No Remorse' thing threw me off... Mentor Read:(1-38,^30),? : 31/38: ... Name: Epsilon #12 Date: 1:51 pm Fri Sep 09, 1988 Yeah, well, we all know how Necron is. No remorse whatsoever. Read:(1-38,^31),? : 32/38: Tymnet Name: The Prophet #91 Date: 2:54 pm Fri Sep 09, 1988 If anyone has any information regarding a Tymnet internal system called elf, please leave me E-mail. -TP Read:(1-38,^32),? : 33/38: hmmm Name: The Mentor #1 Date: 8:11 am Tue Sep 13, 1988 Anyone know anything about Pink Death? a) Infrequent caller (1 time every week or so) b) Reads *everything*. c) Posts *nothing*. No email. No Feedback (except for validation). Nothing. This is a pattern I associate with someone more interested in buffering the board than actually learning anything... comments? The Mentor LOD/H! Read:(1-38,^33),? : 34/38: asdf Name: Necron 99 #9 Date: 9:32 am Tue Sep 13, 1988 kill him, and see what happens. Read:(1-38,^34),? : 35/38: urm.. Name: Necrovore #117 Date: 7:12 am Wed Sep 14, 1988 Yo guys. glad ta be here. er, I am pretty much more into teleco shit than hacking, but I am an avid PRIMOS enthusiast and have been involved in learning as much as possible about PRIMOS (down to the machine level, even).. so I guess I'll deal more with teleco than systems, but will also help out with the PRIMOS and Telenet questions.. By the way: go find and download Telecom Computer Security Bulletin issue #1 (TCSB for short). Concieved last friday night by me and Doctor Cypher and released (a little less than 200k, 96 printed pages) 40 hours later with 11 articles. A ew tech journal is what it is.. the Bellcore/Xtension tech journal. read.. it's good.. Necrovore Xtension Read:(1-38,^35),? : 36/38: yasd Name: Necron 99 #9 Date: 3:52 pm Wed Sep 14, 1988 upload it here when you have the time, ok, necrovore? Read:(1-38,^36),? : 37/38: AAAAAHHHHHHH!!!!! Name: Agent Steal #123 Date: 3:12 am Fri Sep 16, 1988 I'm here! Big deal right? Well some day I'll get busted and you will all hear about all the inovative, bold and crazy things I've done and can't talk about because most phreaks are narrow minded, bullshiting, inmature, fuck heads that would nark on there girlfriend if the shit came down! Present company not included of course. Well anyway you can say you knew me when... Read:(1-38,^37),? : 38/38: hey all Name: Knightmare #21 Date: 6:07 pm Tue Sep 20, 1988 ..i'm still here. If you thought I died. School is keeping me pretty busy.. gotta go. seeya guys. Knightmare Read:(1-38,^38),? : 29/31: underlord... Name: Doc Cypher #155 Date: 5:09 pm Fri Sep 30, 1988 That little DataPac fiasco was kind of disappointing. The account no longer works, and as you may or may not know, packet and frame level configuration is an important part of a network, and you fucked it up. You have no control of billing there by the way, and just to be a nice guy (and return a favor), im killing COOPNAT for you and all your friends once and for all, and leaving it in a CUG, something you have no control over. Enjoy the L/D calls to the U.S. The only reason that we (BC) kept changing it from a CUG to a user-level account was for a simple service to the canadian hacking community (we have our own accounts there) and out condition? Dont fuck with Datapac NOC systems. Well, youve ruined it for your friends and the canadian hacking community. Enjoy yourself. Ill be engineering the new gandalf account monday. Doctor Cypher %BC% Read:(1-31,^29),? : _____________________________________________________________________________ *** {Files Written by the Sysop, The Mentor} *** \/\The Conscience of a Hacker/\/ by +++The Mentor+++ Written on January 8, 1986 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal," "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me... Damn underachievers. They're all alike. I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me... Or thinks I'm a smart ass... Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us will- ing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike. +++The Mentor+++ _____________________________________________________________________________ ==Phrack Inc.== Volume Two, Issue 22, File 4 of 12 +++++++++++++++++++++++++++++++++++++++++++++++++ | The LOD/H Presents | ++++++++++++++++ ++++++++++++++++ \ A Novice's Guide to Hacking- 1989 edition / \ ========================================= / \ by / \ The Mentor / \ Legion of Doom/Legion of Hackers / \ / \ December, 1988 / \ Merry Christmas Everyone! / \+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/ The author hereby grants permission to reproduce, redistribute, or include this file in your g-file section, electronic or print newletter, or any other form of transmission that you choose, as long as it is kept intact and whole, with no ommissions, deletions, or changes. (C) The Mentor- Phoenix Project Productions 1988,1989 512/441-3xxx Introduction: The State of the Hack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After surveying a rather large g-file collection, my attention was drawn to the fact that there hasn't been a good introductory file written for absolute beginners since back when Mark Tabas was cranking them out (and almost *everyone* was a beginner!) The Arts of Hacking and Phreaking have changed radically since that time, and as the 90's approach, the hack/phreak community has recovered from the Summer '87 busts (just like it recovered from the Fall '85 busts, and like it will always recover from attempts to shut it down), and the progressive media (from Reality Hackers magazine to William Gibson and Bruce Sterling's cyberpunk fables of hackerdom) is starting to take notice of us for the first time in recent years in a positive light. Unfortunately, it has also gotten more dangerous since the early 80's. Phone cops have more resources, more awareness, and more intelligence than they exhibited in the past. It is becoming more and more difficult to survive as a hacker long enough to become skilled in the art. To this end this file is dedicated. If it can help someone get started, and help them survive to discover new systems and new information, it will have served it's purpose, and served as a partial repayment to all the people who helped me out when was a beginner. Contents ~~~~~~~~ This file will be divided into four parts: Part 1: What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it, Outdials, Network Servers, Private PADs Part 3: Identifying a Computer, How to Hack In, Operating System Defaults Part 4: Conclusion; Final Thoughts, Books to Read, Boards to Call, Acknowledgements Part One: The Basics ~~~~~~~~~~~~~~~~~~~~~ As long as there have been computers, there have been hackers. In the 50's at the Massachusets Institute of Technology (MIT), students devoted much time and energy to ingenious exploration of the computers. Rules and the law were disregarded in their pursuit for the 'hack.' Just as they were enthralled with their pursuit of information, so are we. The thrill of the hack is not in breaking the law, it's in the pursuit and capture of knowledge. To this end, let me contribute my suggestions for guidelines to follow to ensure that not only you stay out of trouble, but you pursue your craft without damaging the computers you hack into or the companies who own them. I. Do not intentionally damage *any* system. II. Do not alter any system files other than ones needed to ensure your escape from detection and your future access (Trojan Horses, Altering Logs, and the like are all necessary to your survival for as long as possible). III. Do not leave your (or anyone else's) real name, real handle, or real phone number on any system that you access illegally. They *can* and will track you down from your handle! IV. Be careful who you share information with. Feds are getting trickier Generally, if you don't know their voice phone number, name, and occupation or haven't spoken with them voice on non-info trading conversations, be wary. V. Do not leave your real phone number to anyone you don't know. This includes logging on boards, no matter how k-rad they seem. If you don't know the sysop, leave a note telling some trustworthy people that will validate you. VI. Do not hack government computers. Yes, there are government systems that are safe to hack, but they are few and far between. And the government has inifitely more time and resources to track you down than a company who has to make a profit and justify expenses. VII. Don't use codes unless there is *NO* way around it (you don't have a local telenet or tymnet outdial and can't connect to anything 800). You use codes long enough, you will get caught. Period. VIII. Don't be afraid to be paranoid. Remember, you *are* breaking the law. It doesn't hurt to store everything encrypted on your hard disk, or keep your notes buried in the backyard or in the trunk of your car. You may feel a little funny, but you'll feel a lot funnier when you when you meet Bruno, your transvestite cellmate who axed his family to death. IX. Watch what you post on boards. Most of the really great hackers in the country post *nothing* about the system they're currently working except in the broadest sense (I'm working on a UNIX, or a COSMOS, or something generic. Not "I'm hacking into General Electric's Voice Mail System" or something inane and revealing like that). X. Don't be afraid to ask questions. That's what more experienced hackers are for. Don't expect *everything* you ask to be answered, though. There are some things (LMOS, for instance) that a begining hacker shouldn't mess with. You'll either get caught, or screw it up for others, or both. XI. Finally, you have to actually hack. You can hang out on boards all you want, and you can read all the text files in the world, but until you actually start doing it, you'll never know what it's all about. There's no thrill quite the same as getting into your first system (well, ok, I can thinksavea couple of biggers thrills, but you get the picture). One of the safest places to start your hacking career is on a computer system belonging to a college. University computers have notoriously lax security, and are more used to hackers, as every college computer department ment has one or two, so are less likely to press charges if you should be detected. But the odds of them detecting you and having the personel to committ to tracking you down are slim as long as you aren't destructive. If you are already a college student, this is ideal, as you can legally explore your computer system to your heart's desire, then go out and look for similar systems that you can penetrate with confidence, as you're already familar with them. So if you just want to get your feet wet, call your local college. Many of them will provide accounts for local residents at a nominal (under $20) charge. Finally, if you get caught, stay quiet until you get a lawyer. Don't volunteer any information, no matter what kind of 'deals' they offer you. Nothing is binding unless you make the deal through your lawyer, so you might as well shut up and wait. Part Two: Networks ~~~~~~~~~~~~~~~~~~~ The best place to begin hacking (other than a college) is on one of the bigger networks such as Telenet. Why? First, there is a wide variety of computers to choose from, from small Micro-Vaxen to huge Crays. Second, the networks are fairly well documented. It's easier to find someone who can help you with a problem off of Telenet than it is to find assistance concerning your local college computer or high school machine. Third, the networks are safer. Because of the enormous number of calls that are fielded every day by the big networks, it is not financially practical to keep track of where every call and connection are made from. It is also very easy to disguise your location using the network, which makes your hobby much more secure. Telenet has more computers hooked to it than any other system in the world once you consider that from Telenet you have access to Tymnet, ItaPAC, JANET, DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other networks, all of which you can connect to from your terminal. The first step that you need to take is to identify your local dialup port. This is done by dialing 1-800-424-9494 (1200 7E1) and connecting. It will spout some garbage at you and then you'll get a prompt saying 'TERMINAL= '. This is your terminal type. If you have vt100 emulation, type it in now. Or just hit return and it will default to dumb terminal mode. You'll now get a prompt that looks like a @. From here, type @c mail and then it will ask for a Username. Enter 'phones' for the username. When it asks for a password, enter 'phones' again. From this point, it is menu driven. Use this to locate your local dialup, and call it back locally. If you don't have a local dialup, then use whatever means you wish to connect to one long distance (more on this later). When you call your local dialup, you will once again go through the TERMINAL= stuff, and once again you'll be presented with a @. This prompt lets you know you are connected to a Telenet PAD. PAD stands for either Packet Assembler/Disassembler (if you talk to an engineer), or Public Access Device (if you talk to Telenet's marketing people.) The first description is more correct. Telenet works by taking the data you enter in on the PAD you dialed into, bundling it into a 128 byte chunk (normally... this can be changed), and then transmitting it at speeds ranging from 9600 to 19,200 baud to another PAD, who then takes the data and hands it down to whatever computer or system it's connected to. Basically, the PAD allows two computers that have different baud rates or communication protocols to communicate with each other over a long distance. Sometimes you'll notice a time lag in the remote machines response. This is called PAD Delay, and is to be expected when you're sending data through several different links. What do you do with this PAD? You use it to connect to remote computer systems by typing 'C' for connect and then the Network User Address (NUA) of the system you want to go to. An NUA takes the form of 031103130002520 ___/___/___/ | | | | | |____ network address | |_________ area prefix |______________ DNIC This is a summary of DNIC's (taken from Blade Runner's file on ItaPAC) according to their country and network name. DNIC Network Name Country DNIC Network Name Country _______________________________________________________________________________ | 02041 Datanet 1 Netherlands | 03110 Telenet USA 02062 DCS Belgium | 03340 Telepac Mexico 02080 Transpac France | 03400 UDTS-Curacau Curacau 02284 Telepac Switzerland | 04251 Isranet Israel 02322 Datex-P Austria | 04401 DDX-P Japan 02329 Radaus Austria | 04408 Venus-P Japan 02342 PSS UK | 04501 Dacom-Net South Korea 02382 Datapak Denmark | 04542 Intelpak Singapore 02402 Datapak Sweden | 05052 Austpac Australia 02405 Telepak Sweden | 05053 Midas Australia 02442 Finpak Finland | 05252 Telepac Hong Kong 02624 Datex-P West Germany | 05301 Pacnet New Zealand 02704 Luxpac Luxembourg | 06550 Saponet South Africa 02724 Eirpak Ireland | 07240 Interdata Brazil 03020 Datapac Canada | 07241 Renpac Brazil 03028 Infogram Canada | 09000 Dialnet USA 03103 ITT/UDTS USA | 07421 Dompac French Guiana 03106 Tymnet USA | There are two ways to find interesting addresses to connect to. The first and easiest way is to obtain a copy of the LOD/H Telenet Directory from the LOD/H Technical Journal 4 or 2600 Magazine. Jester Sluggo also put out a good list of non-US addresses in Phrack Inc. Newsletter Issue 21. These files will tell you the NUA, whether it will accept collect calls or not, what type of computer system it is (if known) and who it belongs to (also if known.) The second method of locating interesting addresses is to scan for them manually. On Telenet, you do not have to enter the 03110 DNIC to connect to a Telenet host. So if you saw that 031104120006140 had a VAX on it you wanted to look at, you could type @c 412 614 (0's can be ignored most of the time). If this node allows collect billed connections, it will say 412 614 CONNECTED and then you'll possibly get an identifying header or just a Username: prompt. If it doesn't allow collect connections, it will give you a message such as 412 614 REFUSED COLLECT CONNECTION with some error codes out to the right, and return you to the @ prompt. There are two primary ways to get around the REFUSED COLLECT message. The first is to use a Network User Id (NUI) to connect. An NUI is a username/pw combination that acts like a charge account on Telenet. To collect to node 412 614 with NUI junk4248, password 525332, I'd type the following: @c 412 614,junk4248,525332 <---- the 525332 will *not* be echoed to the screen. The problem with NUI's is that they're hard to come by unless you're a good social engineer with a thorough knowledge of Telenet (in which case you probably aren't reading this section), or you have someone who can provide you with them. The second way to connect is to use a private PAD, either through an X.25 PAD or through something like Netlink off of a Prime computer (more on these two below). The prefix in a Telenet NUA oftentimes (not always) refers to the phone Area Code that the computer is located in (i.e. 713 xxx would be a computer in Houston, Texas). If there's a particular area you're interested in, (say, New York City 914), you could begin by typing @c 914 001 . If it connects, you make a note of it and go on to 914 002. You do this until you've found some interesting systems to play with. Not all systems are on a simple xxx yyy address. Some go out to four or five digits (914 2354), and some have decimal or numeric extensions (422 121A = 422 121.01). You have to play with them, and you never know what you're going to find. To fully scan out a prefix would take ten million attempts per prefix. For example, if I want to scan 512 completely, I'd have to start with 512 00000.00 and go through 512 00000.99, then increment the address by 1 and try 512 00001.00 through 512 00001.99. A lot of scanning. There are plenty of neat computers to play with in a 3-digit scan, however, so don't go berserk with the extensions. Sometimes you'll attempt to connect and it will just be sitting there after one or two minutes. In this case, you want to abort the connect attempt by sending a hard break (this varies with different term programs, on Procomm, it's ALT-B), and then when you get the @ prompt back, type 'D' for disconnect. If you connect to a computer and wish to disconnect, you can type @ and you it should say TELENET and then give you the @ prompt. From there, type D to disconnect or CONT to re-connect and continue your session uninterrupted. Outdials, Network Servers, and PADs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In addition to computers, an NUA may connect you to several other things. One of the most useful is the outdial. An outdial is nothing more than a modem you can get to over telenet -- similar to the PC Pursuit concept, except that these don't have passwords on them most of the time. When you connect, you will get a message like 'Hayes 1200 baud outdial, Detroit, MI', or 'VEN-TEL 212 Modem', or possibly 'Session 1234 established on Modem 5588.' The best way to figure out the commands on these is to type ? or H or HELP -- this will get you all the information that you need to use one. Safety tip here -- when you are hacking *any* system through a phone dialup, always use an outdial or a diverter, especially if it is a local phone number to you. More people get popped hacking on local computers than you can imagine, Intra-LATA calls are the easiest things in the world to trace inexpensively. Another nice trick you can do with an outdial is use the redial or macro function that many of them have. First thing you do when you connect is to invoke the 'Redial Last Number' facility. This will dial the last number used, which will be the one the person using it before you typed. Write down the number, as no one would be calling a number without a computer on it. This is a good way to find new systems to hack. Also, on a VENTEL modem, type 'D' for Display and it will display the five numbers stored as macros in the modem's memory. There are also different types of servers for remote Local Area Networks (LAN) that have many machine all over the office or the nation connected to them. I'll discuss identifying these later in the computer ID section. And finally, you may connect to something that says 'X.25 Communication PAD' and then some more stuff, followed by a new @ prompt. This is a PAD just like the one you are on, except that all attempted connections are billed to the PAD, allowing you to connect to those nodes who earlier refused collect connections. This also has the added bonus of confusing where you are connecting from. When a packet is transmitted from PAD to PAD, it contains a header that has the location you're calling from. For instance, when you first connected to Telenet, it might have said 212 44A CONNECTED if you called from the 212 area code. This means you were calling PAD number 44A in the 212 area. That 21244A will be sent out in the header of all packets leaving the PAD. Once you connect to a private PAD, however, all the packets going out from *it* will have it's address on them, not yours. This can be a valuable buffer between yourself and detection. Phone Scanning ~~~~~~~~~~~~~~ Finally, there's the time-honored method of computer hunting that was made famous among the non-hacker crowd by that Oh-So-Technically-Accurate movie Wargames. You pick a three digit phone prefix in your area and dial every number from 0000 --> 9999 in that prefix, making a note of all the carriers you find. There is software available to do this for nearly every computer in the world, so you don't have to do it by hand. Part Three: I've Found a Computer, Now What? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This next section is applicable universally. It doesn't matter how you found this computer, it could be through a network, or it could be from carrier scanning your High School's phone prefix, you've got this prompt this prompt, what the hell is it? I'm *NOT* going to attempt to tell you what to do once you're inside of any of these operating systems. Each one is worth several G-files in its own right. I'm going to tell you how to identify and recognize certain OpSystems, how to approach hacking into them, and how to deal with something that you've never seen before and have know idea what it is. VMS - The VAX computer is made by Digital Equipment Corporation (DEC), and runs the VMS (Virtual Memory System) operating system. VMS is characterized by the 'Username:' prompt. It will not tell you if you've entered a valid username or not, and will disconnect you after three bad login attempts. It also keeps track of all failed login attempts and informs the owner of the account next time s/he logs in how many bad login attempts were made on the account. It is one of the most secure operating systems around from the outside, but once you're in there are many things that you can do to circumvent system security. The VAX also has the best set of help files in the world. Just type HELP and read to your heart's content. Common Accounts/Defaults: [username: password [[,password]]] SYSTEM: OPERATOR or MANAGER or SYSTEM or SYSLIB OPERATOR: OPERATOR SYSTEST: UETP SYSMAINT: SYSMAINT or SERVICE or DIGITAL FIELD: FIELD or SERVICE GUEST: GUEST or unpassworded DEMO: DEMO or unpassworded DECNET: DECNET DEC-10 - An earlier line of DEC computer equipment, running the TOPS-10 operating system. These machines are recognized by their '.' prompt. The DEC-10/20 series are remarkably hacker-friendly, allowing you to enter several important commands without ever logging into the system. Accounts are in the format [xxx,yyy] where xxx and yyy are integers. You can get a listing of the accounts and the process names of everyone on the system before logging in with the command .systat (for SYstem STATus). If you seen an account that reads [234,1001] BOB JONES, it might be wise to try BOB or JONES or both for a password on this account. To login, you type .login xxx,yyy and then type the password when prompted for it. The system will allow you unlimited tries at an account, and does not keep records of bad login attempts. It will also inform you if the UIC you're trying (UIC = User Identification Code, 1,2 for example) is bad. Common Accounts/Defaults: 1,2: SYSLIB or OPERATOR or MANAGER 2,7: MAINTAIN 5,30: GAMES UNIX - There are dozens of different machines out there that run UNIX. While some might argue it isn't the best operating system in the world, it is certainly the most widely used. A UNIX system will usually have a prompt like 'login:' in lower case. UNIX also will give you unlimited shots at logging in (in most cases), and there is usually no log kept of bad attempts. Common Accounts/Defaults: (note that some systems are case sensitive, so use lower case as a general rule. Also, many times the accounts will be unpassworded, you'll just drop right in!) root: root admin: admin sysadmin: sysadmin or admin unix: unix uucp: uucp rje: rje guest: guest demo: demo daemon: daemon sysbin: sysbin Prime - Prime computer company's mainframe running the Primos operating system. The are easy to spot, as the greet you with 'Primecon 18.23.05' or the like, depending on the version of the operating system you run into. There will usually be no prompt offered, it will just look like it's sitting there. At this point, type 'login '. If it is a pre-18.00.00 version of Primos, you can hit a bunch of ^C's for the password and you'll drop in. Unfortunately, most people are running versions 19+. Primos also comes with a good set of help files. One of the most useful features of a Prime on Telenet is a facility called NETLINK. Once you're inside, type NETLINK and follow the help files. This allows you to connect to NUA's all over the world using the 'nc' command. For example, to connect to NUA 026245890040004, you would type @nc :26245890040004 at the netlink prompt. Common Accounts/Defaults: PRIME PRIME or PRIMOS PRIMOS_CS PRIME or PRIMOS PRIMENET PRIMENET SYSTEM SYSTEM or PRIME NETLINK NETLINK TEST TEST GUEST GUEST GUEST1 GUEST HP-x000 - This system is made by Hewlett-Packard. It is characterized by the ':' prompt. The HP has one of the more complicated login sequneces around -- you type 'HELLO SESSION NAME,USERNAME,ACCOUNTNAME,GROUP'. Fortunately, some of these fields can be left blank in many cases. Since any and all of these fields can be passworded, this is not the easiest system to get into, except for the fact that there are usually some unpassworded accounts around. In general, if the defaults don't work, you'll have to brute force it using the common password list (see below.) The HP-x000 runs the MPE operating system, the prompt for it will be a ':', just like the logon prompt. Common Accounts/Defaults: MGR.TELESUP,PUB User: MGR Acct: HPONLYG rp: PUB MGR.HPOFFICE,PUB unpassworded MANAGER.ITF3000,PUB unpassworded FIELD.SUPPORT,PUB user: FLD, others unpassworded MAIL.TELESUP,PUB user: MAIL, others unpassworded MGR.RJE unpassworded FIELD.HPPl89 ,HPPl87,HPPl89,HPPl96 unpassworded MGR.TELESUP,PUB,HPONLY,HP3 unpassworded IRIS - IRIS stands for Interactive Real Time Information System. It originally ran on PDP-11's, but now runs on many other minis. You can spot an IRIS by the 'Welcome to "IRIS" R9.1.4 Timesharing' banner, and the ACCOUNT ID? prompt. IRIS allows unlimited tries at hacking in, and keeps no logs of bad attempts. I don't know any default passwords, so just try the common ones from the password database below. Common Accounts: MANAGER BOSS SOFTWARE DEMO PDP8 PDP11 ACCOUNTING VM/CMS - The VM/CMS operating system runs in International Business Machines (IBM) mainframes. When you connect to one of these, you will get message similar to 'VM/370 ONLINE', and then give you a '.' prompt, just like TOPS-10 does. To login, you type 'LOGON '. Common Accounts/Defaults are: AUTOLOG1: AUTOLOG or AUTOLOG1 CMS: CMS CMSBATCH: CMS or CMSBATCH EREP: EREP MAINT: MAINT or MAINTAIN OPERATNS: OPERATNS or OPERATOR OPERATOR: OPERATOR RSCS: RSCS SMART: SMART SNA: SNA VMTEST: VMTEST VMUTIL: VMUTIL VTAM: VTAM NOS - NOS stands for Networking Operating System, and runs on the Cyber computer made by Control Data Corporation. NOS identifies itself quite readily, with a banner of 'WELCOME TO THE NOS SOFTWARE SYSTEM. COPYRIGHT CONTROL DATA 1978,1987.' The first prompt you will get will be FAMILY:. Just hit return here. Then you'll get a USER NAME: prompt. Usernames are typically 7 alpha-numerics characters long, and are *extremely* site dependent. Operator accounts begin with a digit, such as 7ETPDOC. Common Accounts/Defaults: $SYSTEM unknown SYSTEMV unknown Decserver- This is not truly a computer system, but is a network server that has many different machines available from it. A Decserver will say 'Enter Username>' when you first connect. This can be anything, it doesn't matter, it's just an identifier. Type 'c', as this is the least conspicuous thing to enter. It will then present you with a 'Local>' prompt. From here, you type 'c ' to connect to a system. To get a list of system names, type 'sh services' or 'sh nodes'. If you have any problems, online help is available with the 'help' command. Be sure and look for services named 'MODEM' or 'DIAL' or something similar, these are often outdial modems and can be useful! GS/1 - Another type of network server. Unlike a Decserver, you can't predict what prompt a GS/1 gateway is going to give you. The default prompt it 'GS/1>', but this is redifinable by the system administrator. To test for a GS/1, do a 'sh d'. If that prints out a large list of defaults (terminal speed, prompt, parity, etc...), you are on a GS/1. You connect in the same manner as a Decserver, typing 'c '. To find out what systems are available, do a 'sh n' or a 'sh c'. Another trick is to do a 'sh m', which will sometimes show you a list of macros for logging onto a system. If there is a macro named VAX, for instance, type 'do VAX'. The above are the main system types in use today. There are hundreds of minor variants on the above, but this should be enough to get you started. Unresponsive Systems ~~~~~~~~~~~~~~~~~~~~ Occasionally you will connect to a system that will do nothing, but sit there. This is a frustrating feeling, but a methodical approach to the system will yield a response if you take your time. The following list will usually make *something* happen. 1) Change your parity, data length, and stop bits. A system that won't respond at 8N1 may react at 7E1 or 8E2 or 7S2. If you don't have a term program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE, with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one. While having a good term program isn't absolutely necessary, it sure is helpful. 2) Change baud rates. Again, if your term program will let you choose odd baud rates such as 600 or 1100, you will occasionally be able to penetrate some very interesting systems, as most systems that depend on a strange baud rate seem to think that this is all the security they need... 3) Send a series of 's. 4) Send a hard break followed by a . 5) Type a series of .'s (periods). The Canadian network Datapac responds to this. 6) If you're getting garbage, hit an 'i'. Tymnet responds to this, as does a MultiLink II. 7) Begin sending control characters, starting with ^A --> ^Z. 8) Change terminal emulations. What your vt100 emulation thinks is garbage may all of a sudden become crystal clear using ADM-5 emulation. This also relates to how good your term program is. 9) Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO, JOIN, HELP, and anything else you can think of. 10) If it's a dialin, call the numbers around it and see if a company answers. If they do, try some social engineering. Brute Force Hacking ~~~~~~~~~~~~~~~~~~~ There will also be many occasions when the default passwords will not work on an account. At this point, you can either go onto the next system on your list, or you can try to 'brute-force' your way in by trying a large database of passwords on that one account. Be careful, though! This works fine on systems that don't keep track of invalid logins, but on a system like a VMS, someone is going to have a heart attack if they come back and see '600 Bad Login Attempts Since Last Session' on their account. There are also some operating systems that disconnect after 'x' number of invalid login attempts and refuse to allow any more attempts for one hour, or ten minutes, or sometimes until the next day. The following list is taken from my own password database plus the database of passwords that was used in the Internet UNIX Worm that was running around in November of 1988. For a shorter group, try first names, computer terms, and obvious things like 'secret', 'password', 'open', and the name of the account. Also try the name of the company that owns the computer system (if known), the company initials, and things relating to the products the company makes or deals with. Password List ============= aaa daniel jester rascal academia danny johnny really ada dave joseph rebecca adrian deb joshua remote aerobics debbie judith rick airplane deborah juggle reagan albany december julia robot albatross desperate kathleen robotics albert develop kermit rolex alex diet kernel ronald alexander digital knight rosebud algebra discovery lambda rosemary alias disney larry roses alpha dog lazarus ruben alphabet drought lee rules ama duncan leroy ruth amy easy lewis sal analog eatme light saxon anchor edges lisa scheme andy erenity arrow elizabeth maggot sex arthur ellen magic shark asshole emerald malcolm sharon athena engine mark shit atmosphere engineer markus shiva bacchus enterprise marty shuttle badass enzyme marvin simon bailey euclid master simple banana evelyn maurice singer bandit extension merlin single banks fairway mets smile bass felicia michael smiles batman fender michelle smooch beauty fermat mike smother beaver finite minimum snatch beethoven flower minsky snoopy beloved foolproof mogul soap benz football moose socrates beowulf format mozart spit berkeley forsythe nancy spring berlin fourier napoleon subway beta fred network success beverly friend newton summer angerine bumbling george osiris tape cardinal gertrude outlaw target carmen gibson oxford taylor carolina ginger pacific telephone caroline gnu painless temptation castle golf pam tiger cat golfer paper toggle celtics gorgeous password tomato change graham pat toyota charles gryphon patricia trivial charming guest penguin unhappy charon guitar pete unicorn chester hacker peter unknown cigar harmony philip urchin classic harold phoenix utility coffee harvey pierre vicky coke heinlein pizza virginia collins hello plover warren comrade help polynomial water computer herbert praise weenie condo honey prelude whatnot condom horse prince whitney cookie imperial protect will cooper include pumpkin william create ingres puppet willie creation innocuous rabbit winston I hope this file has been of some help in getting started. If you're asking yourself the question 'Why hack?', then you've probably wasted a lot of time reading this, as you'll never understand. For those of you who have read this and found it useful, please send a tax-deductible donation of $5.00 (or more!) in the name of the Legion of Doom to: The American Cancer Society 90 Park Avenue New York, NY 10016 ******************************************************************************* References: 1) Introduction to ItaPAC by Blade Runner Telecom Security Bulletin 1 2) The IBM VM/CMS Operating System by Lex Luthor The LOD/H Technical Journal 2 3) Hacking the IRIS Operating System by The Leftist The LOD/H Technical Journal 3 4) Hacking CDC's Cyber by Phrozen Ghost Phrack Inc. Newsletter 18 5) USENET comp.risks digest (various authors, various issues) 6) USENET unix.wizards forum (various authors) 7) USENET info-vax forum (various authors) Recommended Reading: 1) Hackers by Steven Levy 2) Out of the Inner Circle by Bill Landreth 3) Turing's Man by J. David Bolter 4) Soul of a New Machine by Tracy Kidder 5) Neuromancer, Count Zero, Mona Lisa Overdrive, and Burning Chrome, all by William Gibson 6) Reality Hackers Magazine c/o High Frontiers, P.O. Box 40271, Berkeley, California, 94704, 415-995-2606 7) Any of the Phrack Inc. Newsletters & LOD/H Technical Journals you can find. Acknowledgements: Thanks to my wife for putting up with me. Thanks to Lone Wolf for the RSTS & TOPS assistance. Thanks to Android Pope for proofreading, suggestions, and beer. Thanks to The Urvile/Necron 99 for proofreading & Cyber info. Thanks to Eric Bloodaxe for wading through all the trash. Thanks to the users of Phoenix Project for their contributions. Thanks to Altos Computer Systems, Munich, for the chat system. Thanks to the various security personel who were willing to talk to me about how they operate. Boards: I can be reached on the following systems with some regularity; The Phoenix Project: 512/441-3xxx 300-2400 baud Hacker's Den-80: 718/358-9xxx 300-1200 baud Smash Palace South: 512/478-6xxx 300-2400 baud Smash Palace North: 612/633-0xxx 300-2400 baud ************************************* EOF ************************************* ==Phrack Inc.== Volume One, Issue Nine, Phile #7 of 10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ (512)-396-1xxx The Shack // presents A Multi-User Chat Program for DEC-10s Original Program by TTY-Man Modified and Clarified by +++The Mentor+++ October 6th, 1986 Intro: Unlike its more sophisticated older brother, the VAX, the DEC has no easy-to-use communication system like the VMS PHONE utility. The following program makes use of the MIC file type available on most DECs. Each user that wishes to be involved in the conference needs to run the program from his area using the .DO COM command. The program can be entered with any editor (I recommend SED if you have VT52 emulation), and should be saved as COM.MIC. The program does not assume any specific terminal type or emulation. You will have to know the TTY number of any person you wish to add to the conference, but this is available through a .SYSTAT command or .R WHO (see below.) SYSTAT This is an example of a SYSTAT to used to determine TTY#... Status of Saturn 7.03.2 at 7:27:51 on 03-Oct-86 Uptime 40:41:14, 77% Null time = 77% Idle + 0% Lost, 9% Overhead 27 Jobs in use out of 128. 27 logged in (LOGMAX of 127), 16 detached. PPN# TTY# CURR SIZE 19 [OPR] 6 OPR 56+39 HB 18 20 7,20 5 OPR 23+39 HB 24 $ 21 2501,1007 56 COMPIL 8+8 ^C 1:34 $ 22 66,1012 57 TECO 10+12 TI 39 23 66,1011 62 1022 16+55 TI 36 $ 24 [SELF] 64 SYSTAT 23+SPY RN 0 $ 26 [OPR] DET STOMPR 10+9 SL 2 27 16011,1003 DET DIRECT 17+32 ^C 30 $ 36 [OPR] DET FILDAE 17 HB 1:57 The TTY# is available in the TTY column... DET means that the user is detached and is unavailable for chatting... Below is an example of .R WHO to obtain the same information... /- jobs in use out of 127. Job Who Line PPN 20 OPERATOR 20 5 7,20 21 DISPONDENT 56 2501,1007 22 ADP-TBO 57 66,1012 23 ADP-MDL 62 66,1011 24 THE MENTOR 64 XXXX,XXX 27 GEO4440103 Det 16011,1003 In each case, I am on TTY# 64... Anyway, use the following program, it's more convenient that doing a .SEN every time you want to send a message. Also, to shut out an annoying sender, use .SET TTY GAG. To remove, .SET TTY NO GAG... pretty simple, huh? start:: ! !Now in loop: 'a 'b 'c 'd 'e 'f ! .mic input A,"Destination Terminal 1:" .if ($a="") .goto welcome .mic input B,"Destination Terminal 2:" .if ($b="") .goto welcome .mic input C,"Destination Terminal 3:" .if ($c="") .goto welcome .mic input D,"Destination Terminal 4:" .if ($d="") .goto welcome .mic input E,"Destination Terminal 5:" .if ($e="") .goto welcome .mic input F,"Destination Terminal 6:" .if ($f="") .goto welcome welcome:: !Sending Hello Message... sen 'a Conference Forming on TTYs 'b 'c 'd 'e 'f ... DO COM to these to join' sen 'b Conference Forming on TTYs 'a 'c 'd 'e 'f ... DO COM to these to join' sen 'c Conference Forming on TTYs 'a 'b 'd 'e 'f ... DO COM to these to join' sen 'd Conference Forming on TTYs 'a 'b 'c 'e 'f ... DO COM to these to join' sen 'e Conference Forming on TTYs 'a 'b 'c 'd 'f ... DO COM to these to join' sen 'f Conference Forming on TTYs 'a 'b 'c 'd 'e ... DO COM to these to join' ! !Type /h for help com:: .mic input G,"T>" !Checking Commands.. Wait.. .if ($g="/h") .goto help .if ($g="/k") .goto kill .if ($g="/l") .goto list .if ($g="/d") .goto drop .if ($g="/t") .goto time .if ($g="/w") .goto who .if ($g="/u") .goto users .if ($g="/q") .goto quit .if ($g="/r") .backto start .if ($g="/ac") .goto ack !Transmitting.. Wait.. sen 'a 'g sen 'b 'g sen 'c 'g sen 'd 'g sen 'e 'g sen 'f 'g .backto com help:: ! ! Internal Commands ! ! /H -> This Menu /K -> Kill ! /L -> List Terminals /U -> Users ! /W -> R who /AC-> Alert Caller ! /Q -> Quit ! /R -> Restart/Add ! /T -> Show Date/Time ! /D -> Drop Caller ! ! All Commands must be in lower case. ! .backto com list:: ! !Currently Connected To Terminals: 'a 'b 'c 'd 'e 'f ! .backto com who:: .revive .r who ' .backto com users:: .revive .r users ' .BACKTO COM QUIT:: ! !Call The Shack... 512-396-1120 300/1200 24 hours ! .mic cancel drop:: ! !Send Hangup Message:: Enter Terminal Number To Be Disconnected. ! .mic input h,"Destination Terminal Number:" .sen 'h <=- Communication Terminated at '