[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: Line Noise Part II ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ]
Current issue : #44 | Release date : 1993-11-17 | Editor : Erik Bloodaxe
IntroductionErik Bloodaxe
Phrack Loopback / EditorialPhrack Staff
Line Noise Part IPhrack Staff
Line Noise Part IIPhrack Staff
Computer Cop ProphileThe Grimmace
Conference News Part Ivarious
Conference News Part IIvarious
Conference News Part IIIvarious
Intro to Packet RadioLarry Kollar
The Moeller PapersErhart Moller
Sara Gordon v. Kohntark Part IKohntark
Sara Gordon v. Kohntark Part IIKohntark
Northern Telecom's FMT-150B/C/DFyberLyte
A Guide to Data General's AOS/VS Part IHerd Beast
A Guide to Data General's AOS/VS Part IIHerd Beast
An Interview With Agent StealAgent 005
Visionary - The Story About HimVisionary
Searching The Dialog Information ServiceAl Capone
Northern Telecom's SL-1Iceman
Safe and Easy CardingVaxBuster
DatapacSynapse
An Introduction to the Decserver 200Opticon
LOD Communications BBS Archive Informationunknown
MOD Family Portraitunknown
Gail Takes A Breakunknown
International Scenesvarious
Phrack World NewsDatastream Cowboy
Title : Line Noise Part II
Author : Phrack Staff
                         ==Phrack Magazine==

              Volume Four, Issue Forty-Four, File 4 of 27


                           //   //  /\   //   ====
                          //   //  //\\ //   ====
                         ==== //  //  \\/   ====

                     /\   //  // \\    //  /===   ====
                    //\\ //  //   //  //   \=\   ====
                   //  \\/    \\ //  //   ===/  ====

                                PART II
******************************************************************************

<Retyped From an Actual SWBT Handout>

SOUTHWESTERN BELL TELEPHONE

Computer
Security
Guidelines

Computer Security is YOUR Responsibility.

These guidelines are designed to help you know and meet your corporate
obligation.

Prepared by:  Information Systems
              Computer Security Administration
              One Bell Center 22-H-8
              St. Louis, MO 63101

For Users
---------

Keep your logon and password information private.
Do not write down passwords, but if you must, keep them in a locked place.
Do not store your password in the computer.
Make sure no on sees you enter your passwords.
Pick non-obvious, non-guessable passwords.
Do not share your logons or passwords.
Change passwords periodically, at least every thirty days.
Open new computer logons for computer resources only when you have a
  real need.
Close computer logons you no longer need.
Make sure you have proper protection settings on sensitive computer files.
Do not send confidential information through electronic mail or computer
  news systems.
If you suspect security violations, tell management immediately.
Be sure that use of computing resources is for company approved purposes
  only.
Do not access any information that your management has not authorized you
  to have.  When in doubt, ask!
Logoff when you leave your terminal.
If you dialed in, disconnect when you are finished working.

For Managers of Computing Facilities
------------------------------------

Provide procedures to control access to computing resources.
Provide facilities to let users protect proprietary information from
  disclosure to unauthorized persons.
Be sure that connection of a computer to any network does not diminish
  the control a user has over programs and data.
Provide appropriate security facilities and procedures to protect
  computing hardware against damage.
Provide facilities to protect user's data and programs from undesired
  changes or destruction.
Ensure that computing resource use has been authorized by a member of
  supervision.
Make sure that computing resource use can be tracked to individuals.
Report to managers regularly on the extent of computing resource use.
Provide appropriate backup facilities for data and programs.
Provide audit trails which identify violations and security breaches
  and examine them regularly.
For assistance in coordinating computer security activities, contact the
  Computer Security Administrator.

For Managers
------------

Make sure you authorize all use of computing resources and that you require
  separate logons for each individual.
Make sure that the user of computer resources understands responsibilities
  with respect to proper use and security consciousness.
Review computing resource usage reports and the security practices of the
  users for which you are responsible.
When a user's employment or need for access ends or changes, make sure
  access to computer resources is promptly changed by notifying your
  System Administrator.
Report security violations to the General Security Manager and to the
  Computer Security Administration Group.

For Information
---------------

The Information Systems Organization provides security and disaster recovery
  services to establish, monitor, and audit computer security standards.
If you have any comments or questions regarding computer security, please
  contact the Computer Security Administration.

*******************************************************************************

                     RBOC ORGANIZATIONAL ARCHITECTURE

                               Compiled By

                             Phrack Magazine


In an effort to assist the hacking world in their understanding of the
organizational mess created by our fabulous friends at the RBOCs, we have
compiled a list of the various organizations, what their functions are,
which centers they are made up of, and which computer systems they use.

-----------------------------------------------------------------------------

                         Planning and Engineering

            Defines network resources available for assignment

Functions:

  Long range and current planning for outside plant, wire centers,
    interoffice network, special services, interexchange access
    services, and message trunks
  Exchange network design
  Coordination of activities connected with installation and/or modification
    of exchange network components

Centers:

  DSPC
  SCPC
  WCFPC
  CAC
  IFFPC
  IFCPC
  TEC
  MEC
  DSDC
  EEC
  CSEC

Systems:

  LEIS
  NPS
  FEPS
  LSRP
  INPLANS
  INFORMS
  DFDS
  SSFS
  PICS
  LATIS
  CAMIS
  CUCRIT

-----------------------------------------------------------------------------

                           Service Provisioning

              Allocates assignable existing network resources

Functions:

  Circuit design and routing
  Verification and assignment of network elements
  Controlling and tracking orders during assignment process

Centers:

  CPC - Circuit Provisioning Center
  LAC - Loop Assignment Center

Systems:

  TIRKS
  SOAC
  SWITCH
  COSMOS
  WM
  LFACS
  LOMS

-----------------------------------------------------------------------------

                             Network Operations

           Controls installation, maintenance and testing of circuits

Functions:

  Coordination and performance of the activities required to provide service
  Surveillance and control of network equipment and facilities
  Analysis, sectionalization, and repair of switching and transmission
    facilities
  Status reporting on service order and/or service restoration activities

Centers:

  CRSAB
  ICC
  MC
  NAC
  RCMAC
  SEAC
  SSC
  FMAC
  STC
  DNCC
  FCC
  SCC

Systems:

  McTE
  GDS
  LMOS
  EADAS
  TAN
  RSA
  CRAS
  CIMAP
  NDS
  SEAS
  MAS
  MIZAR
  SARTS
  TCAS
  CAROT
  NMA
  NMPS
  SCCS

-----------------------------------------------------------------------------

                               Customer Services

                     Direct company contact with customers

Functions:

  Service negotiation with customers
  Creating and routing associated service orders
  Creating and maintaining customer records
  Reporting the provisioning status to customers
  Initiating billing and collection processes
  Handling billing and general service inquiries

Centers:

  RSC - Residence Service Center
  BSC - Business Service Center
  ICSC - Interexchange Carrier Service Center

Systems:

  BOFADS - Business Office Force Administration Data System
  PREMIS - Premises Information System
  SOP - Service Order Processor
  CABS - Carrier Access Billing System
  BOSS - Billing and Order Support System
  CRIS - Customer Records Information System
  BRIS - Business Revenue Information System
  CLAIMS

-----------------------------------------------------------------------------

                            Quick Breakdown

Process                    Center                   System
-----------------------------------------------------------------------------

Planning & Engineering

    IOF                    IFCPC  IFFPC  IOF/EDC    FEPS  NPS-F

    Switch                 SCPC  WCPC  EEC          LSD&F  LSRP  NDS
                                                    TNDS/EQ  NPS-W

    Distribution           DSPC  DSDC               LATIS  LEIS  NPS-D

Service Provisioning

     IOF                   CAC                      TIRKS

     Switch                LAC                      COSMOS

     Distribution          LAC                      LFACS

Network Operations

     IOF                   FMAC                     CAROT   CIMAP   TCAS
                                                    TNDS/TK

     Switch                NAC  RCMAC  SCC          EADAS  NDS  MAS  MIZAR
                                                    TASC  CIMAP  NMA  NMPS
                                                    SCCS

     Distribution          ICC  MC                  GDS  CRAS  LMOS/MLT
                                                    PREDICTOR  TAN

*******************************************************************************

    -IS- Blue Boxing Dead?

Australia Direct        800-682-2878
Austria Direct          800-624-0043
Belgium Direct          800-472-0032
Belize Direct           800-235-1154
Bermuda Direct          800-232-2067
Brazil Direct           800-344-1055
British VI Direct       800-248-6585
Cayman Direct           800-852-3653
Chile Direct            800-552-0056
China Direct            800-532-4462
Costa Rica Direct       800-252-5114
Denmark Direct          800-762-0045
El Salvador Direct      800-422-2425
Finland Direct          800-232-0358
France Direct           800-537-2623
Germany Direct          800-292-0049
Greece Direct           800-443-5527
Guam Direct             800-367-4826
HK Direct               800-992-2323
Hungary Direct          800-352-9469
Indonesia Direct        800-242-4757
Ireland Direct          800-562-6262
Italy Direct            800-543-7662
Japan Direct            800-543-0051
Korea Direct            800-822-8256
Macau Direct            800-622-2821
Malasia Direct          800-772-7369
Netherlands Direct      800-432-0031
Norway Direct           800-292-0047
New Zealand Direct      800-248-0064
Portugal Direct         800-822-2776
Panama Direct           800-872-6106
Philippines Direct      800-336-7445
Singapore Direct        800-822-6588
Spain Direct            800-247-7246
Sweden Direct           800-345-0046
Taiwan Direct           800-626-0979
Thailand Direct         800-342-0066
Turkey Direct           800-828-2646
UK Direct               800-445-5667
Uruguay Direct          800-245-8411
Yugoslavia Direct       800-367-9841 / 9842

This file brought to you by The Phone Company

*******************************************************************************

              *****************************************
              * Step-by-step Programming Instructions *
              *      For the EO Cellular Module       *
              *****************************************

1.  Unbox and attach the EO Cellular Module to the EO Personal
    Communicator 440/880.

2.  Once the EO Cellular Module is attached turn on the EO Personal
    Communicator 440/880.

3.  Open EO Phone.

4.  Tap "Options."

5.  Tap "Authorized Dealer."

6.  Write Dealer Code in space provided.  Dealer code is *12345678#.  To edit
    mistakes, draw a small circle around 2 or 3 of the numbers entered.
    This will bring up an edit box and allow easier entry of the number.
    Once you have made your corrections, tap "OK."

7.  Tap "OK" on the "Authorized Dealer Code" pop-up.

8.  Wait approx. 30 seconds and programming screen will appear (The "busy
    clock" will appear on screen).

9.  If invalid code entry screen appears, the programming screen will be
    blank and the "Apply" and "Apply and Close" buttons at the bottom
    will be greyed out.  Close the programming screen by tapping on the
    upper left blacked out corner of the screen.  Re-do steps 4 through 7
    (refer to the TIP below for a guaranteed method of accurate entry).
    A common problem is to enter an "l" instead of a "1" because they appear
    to be very similar.  To make sure that you have entered a one, check to
    see that the character is the same height as the other numbers.  The
    letter "l" will be slightly taller.

TIP:  To insure that you have entered the correct digits (one versus letter
      "l" problem above) you can use the accessories keyboard.  To use the
      keyboard for the Dealer Code entry do the following (replaces steps
      4, 5, and 6 above):

      a.  Tap Accessories in the lower bookshelf.
      b.  Tap Keyboard.  This will bring up the pop-up keyboard.
      c.  Tap Options at the top of the EO Phone window.
      d.  Tap Authorized Dealer.  This will bring up the Dealer Code pop-up.
      e.  Tap on the line in the Dealer Code box.  A dot (or character) will
          appear and now entry from the keyboard will appear in the Dealer
          Code box.
      f.  Now use the keyboard to delete the dot (or character).  The Delete
          key is the upper right most key on the keyboard.
      g.  Now use the keyboard to enter the dealer code - *12345678#
          (the * and the # keys can be found by tapping the shift
          (up arrow) keys.)
      h.  GO TO STEP 7 and continue.

NOTE:  When programming the following entries always use the circle gesture
       to change the entry.  In other words, circle the existing entry
       to bring up the edit combs.  Then correct each digit by writing over
       the existing digit.  This will insure that the number of digits for
       each entry is correct.  If an entry has an incorrect length then
       none of the programed entries will be accepted.

10.  Enter the assigned telephone number in the first field.  Use the
     circle gesture to bring up the edit combs to edit the existing
     telephone number.  Change each digit by writing over it in the edit
     combs.  When complete tap "OK."

11.  Use the same procedure in step 10 to enter the appropriate SID
     in the second field.

12.  Use the same procedure in step 10 to enter the corresponding IPCH
     (0333 for the non-Wireline or A side provider; 0334 for the Wireline
     or B side provider) in the third field.

13.  Leave the remaining fields intact as already programed from the
     factory unless instructed to change them by the cellular service
     provider.  Use the circle/edit method to change any necessary
     entries.  The factory defaults are:

     Field Title        Default Value
     -----------        -------------
     ACCOLC             00
     Group ID           15
     Lock Code          1234
     SCM                1010
     Security Code      123456
     Emergency Code     911

14.  Tap the "Apply" button on the bottom of the screen.  The programming
     information you have entered is now being saved in the EO Cellular
     Module.  This will take approximately 20 seconds.

15.  Close the programming screen by tapping the blackened area in the upper
     left hand corner of the programming screen.

16.  Now set the approximate Roaming Option.

17.  Tap Options.

18.  Tap Roaming.

19.  Enter Security Code.  Default is 123456.

20.  Tap "OK."

21.  Tap next to appropriate roaming option.  A check mark will appear.

22.  Tap "Apply" button.

23.  Close window.

24.  Check status line in EO Phone for appropriate indications.

25.  Tap "Keypad" tab on right side of EO Phone window.  This will bring
     up a keypad display which can be used to place a voice call.

26.  Make sure that the Cellular Icon is boxed (as opposed to the Phone
     Icon in the lower left hand of EO Phone.)

27.  Tap the keypad buttons to enter the number to be dialed.  The digits will
     appear in the dial box at the middle bottom of the EO Phone window.

28.  Pick up the handset and tap "DIAL" button in the lower right hand
     corner of the screen.  This button is just like hitting SEND button
     on a cellular phone.  This will place a voice call using the number
     in the dial box.

29.  When call is complete tap "Hang-up" (the DIAL button to "Hang-up" after
     the call is connected to the network.)  This is just like pressing END
     on a cellular phone.

30.  Close EO Phone.

31.  Programming and testing is now complete.

Helpful Information

The EO Cellular Module contains an OKI 910 cellular phone housed in
specially designed, plated plastics with custom connections into the
proprietary port on the phone.

All programming of this module is done via the EO Personal Communicator
440 or 880.  All programming/configuration information for the phone is
stored in the EO Cellular Module and not in the Personal Communicator.
This means that once the EO Cellular Module is programed it can be removed
from the EO Personal Communicator and reattached to any other EO Personal
Communicator without re-programming.

The ESN for the EO Cellular Module can be derived from the Serial number
in the window on the bottom of the module.  The cellular module ESN is 129
followed by the last eight digits of the serial number in the window.  These
eight digits will usually begin with 013.  This eleven digit number should
be provided to the people that will actually assign the telephone number
and activate the EO Cellular Module on the cellular network.

*******************************************************************************

THE HACKER CHRONICLES CD-ROM

Well, he said he was going to do it, and he did.

Scan Man put out a CD-ROM of info collected from the
underground.  I had kind of forgotten he was going to
do it, but once I heard rumors of such a thing, I knew he
had.

At HoHo Con last year, Bootleg was very excited about
compiling data from the community for the project he
and Scan Man were working on.  As things progressed
however, Bootleg would soon find out that Scan Man
had no intention of working with him, and cut him out of
the project.

This is how it was explained to me.  I hope that it is
not true, since Bootleg is back in jail and wouldn't
have the ability to fly out to West Virginia and throttle
Scan Man about the head and neck.

[Description from the Jewel Box]

WARNING!

This material is controversial in nature and may be offensive
to some viewers.  Not that the information in and of itself is
not illegal.  Quite often the usage of certain information is
illegal.  The Hacker Chronicles is for informative and educational
purposes only.  All documents and programs in this compilation were
legally available to the public prior to his publication.  None of
these criminal acts described on this disc are in any way
condoned or should be attempted.

  Over 12 YEARS in the making - this software package contains stories
  of how they did it, actual break-ins, arrests, and prosecutions.  Most
  of the articles were written by the actual people who committed these
  acts.  Access articles and software with an easy-to-use menu system.

  Areas of information include:  PHONE PHREAKING (so called hobbyists
  who are into telephone technology of all types, well known for their
  ability to bypass telephone billing system), COMPUTER HACKERS
  (sometimes referred to as cyberpunks, interested in access to any on
  line computer system they can find), SATELLITE COMMUNICATIONS
  (hobbyists who sometimes employed test software designed for dealers
  to defeat scrambling systems), "UNDERGROUND" GENERAL INFORMATION (many
  subjects all very technical in nature and explained in detail, such as
  ATM's, credit cards, voice mail, hypnotism, bugging, skip tracing,
  phone taps, cellular phones, lock picking, social engineering,
  virus's, chemical substances, explosives, editorials, legal issues,
  alarm systems, spies, hardware, signal interception, private
  investigations, security, computer ethics, underground BBS's, TV cable
  piracy, boxing and much more!

-----

Uh, that kinda says it all, don't it?  CYBERPUNKS, VIRII, WAREZ & STUFF!
Uh, yeah.

Seriously, the disk itself has a shitload of files.  This
is rather cool, since now EVERY bbs in the world can put
OVER 650 MEGS OF G-FILES!  Heh.

The file on the disc that struck me the most was the
intro written by Scan Man.  He went talked about
a lot of things he's done in the past with the scene,
telephone companies, etc.  I know Scan Man from WAY back.
Pirate-80 was one of the first real Hacker BBSes I was
ever on.  (Remember when it was only up certain hours of the day?)
Reading that file was pretty informing for me.  It also
made me smile to see that he's still pissed off at Craig
for tearing him apart in a Phrack some years ago.

Remember, this is by no means a complete collection.
Thankfully, the CD does not have any issues of Phrack
magazine past issue 41 (or else, I would be enjoying
a piece of the revenue :) ).  It also, oddly enough,
does not have any LOD-TJ other than 4.  It DOES however
have a large collection of CUD, NIA & CDC.  Go figure.

The files do represent a neat history of our community
and for the curious neophyte, the nostalgic old-timer, or
anyone with 39 bucks, it might be something worth picking
up just to say you have it.  I mean, you never know when
you will need to find issue 12 of LOL, or plans for a
urine box.  It will save you the trouble of downloading.

The Hacker Chronicles - A Tour of the Computer Underground
should be available from any outlet that carries CD-ROMS.
Or hell, call P-80.  I'm sure Scan Man will sell you a copy:
304-744-7322.

*******************************************************************************

Packet Switched Data Networks
An Introduction and Overview
By: Cosmos


The abundance of networks both private and public has given the hacker
an almost infinite playground.  A popular type of network is the
packet switched network like SprintNet (TELENET) that allows local
users to access non-local machines.  These WAN's usually serve as
the backbone for many large corporations.  Understanding the way
in which they operate can aid many aspects of the hacker's knowledge.

Packet switching is a data networking technology in which user data is
segmented into small units (packets) and transmitted from the sending
user to the receiving user over shared communications channels.  Each
individual packet also holds additional information that allows the
network to correctly route the packet to the correct destination.  The
size of the packet is limited to a maximum number of characters set by
the individual sender.  Packets are measured in octets, which are 8-bit
bytes.  User data that exceeds this amount is divided into multiple
packets.

The difference between packet switching and circuit switching
(regular telephone lines) lies in the use of virtual circuits.
These circuits are given the term "virtual" because:

 1)  they are made up of bandwidth allocated on demand from
     a pool of shared circuits

 2)  no direct physical connection is made on a packet network

 3)  the connection is a logical one

Due to these facts, packet networks are commonly denoted as connectionless
networks.  There are three types of packet networks:  public, private, and
hybrid (a combo of the two previous ones).

A packet switched data network (PSDN) has five major components:

1) local access components (LAC)
2) packet assemblers/disassemblers (PAD)
3) packet switching nodes (PN)
4) network links (NL)
5) a network managment system (NMS)

LOCAL ACCESS COMPONENTS

To transmit data through a PSDN, the data must first move from the
end-user to a packet assembler/dissasembler (PAD) or to a packet
switching node with a built-in PAD function.  In order to achieve
this, three local access components are required.  First is the
end-user data terminal, or more plainly, your computer.  Secondly,
an end-user transmission device such as a modem.  Thirdly, a
local access facility or physical line (Telephone Line).  There are
three types of physical lines: switched analog lines (dial up), leased
analog channels (private lines), and leased digital channels (DDS circuits).

PACKET ASSEMBLERS/DISASSEMBLERS

All data travelling through the PSDN must be routed through a
Packet Assembler/Disassembler (PAD).  The PAD's primary function
is to translate user data into network packet format and conversely to
convert network packets into user data.  Basically, a PAD serves
as the network translator between the user and the PSDN.  Other functions
performed by the PAD include: physical line concentration, call setup
and clearing functions, protocol conversion, code conversion, protocol
emulation, local switching functions, and local call billing functions.

PACKET SWITCHING NODES

The primary component of a packet switching network is the packet
switching node (PN).  The packet switching node ensures that each
packet is routed properly through the network.  Commonly, PN
configurations are installed in a redundant configuration.  This
provides for a convenient backup for network traffic.  Other functions
include: call billing, internal network diagnostics, support of
direct host computer access., and inter-network gateway connections.

NETWORK LINKS

Network links are the physical components that connect packet switching
nodes together.  Several transmission technologies can be employed
in network linking, including:  analog circuits, digital circuits,
microwave systems, and satellite systems.  The most common network
link technologies used are Digital Dataphone and other similar
interexchange carrier services, and point to point analog private
lines.  Speeds on network links range from 9.6 Kbps to 56/64 Kbps.
Network links are commonly denoted as the "backbone layer" or
the backbone packet network.  The local PAD's are termed the
"access layer" or access network.

NETWORK MANAGEMENT SYSTEM

Basically, the network management system (NMS) controls and monitors
the PSDN.  It primarily stores and performs maintenance on the
network database.  This database is the master copy of all the software
and configurations in each network node.  If a node fails or is
not functioning properly, the NMS can download backup information through
the various network links to solve the problem.  Thus, a unattended
network is formed.

This is all one needs to understand for a general knowledge of
a packet switched data network.  Additional topics can be
pursued further for increased knowledge but are not essential.
You might want to research some info on the standard X.25 protocol,
and other OSI stuff.  Anyways, I hope this brief intro article can
be of use in the general knowledge of computer networking.

Cosmos

*******************************************************************************

   Stacker Security.


How to Hack a Stacker disk that is password protected!

The 'Stacker' Software increases the space on your hard disk by using
on the fly compression on the data on the disk.  It does this by creating
a file called Stacvol.dsk on the hard drive.  All of the information that
is put on the disk is compressed and stored in the stacvol.dsk file.
When Stacker is installed on a hard drive, say C: all of the data on
the disk is compressed and stored in the stacvol.dsk file, which is
assigned as a virtual disk C:, the 'real' drive is then assigned D:.
The swapping taking place a boot time.

The Stacvol.dsk file is therefore stored on the D: drive and usually
takes up most of the drive. (ie: a 40M C: drive contains the stacvol.dsk
file of size around 5-39M the disks are swapped at boot time and
the C: drive that the user 'sees' is really the contents of the stacvol.dsk
file on the D drive assigned to C:, everything on the C drive (stacvol.dsk)
is compressed, thus obtaining an increased disk space.)

The point is this, at boot time the owner of the machine can set passwords
to allow the user to have no access, read/write or read-only access to
the C drive/stacvol.dsk file, if a wrong password is entered the stacvol
file is not mounted as the C drive and all a DIR will get you is a directory
of C:\ which will have a few files such as command.com etc, nothing
of any real interest.

So now for the interesting bit, how to get in without a password,
or getting read/write privs when you've only got read-only.

First, boot the computer and go through the password routine.
Get it wrong (you may as well try something like password though just in
case.)

The Stacvol.dsk file is hidden so change its file attributes so you
can edit it. (You'll need a floppy now with a utility such as Norton
diskedit on it)

Load in the diskeditor and get it so that you are editing the stackvol
file in a HEX mode.  The first bit of Hex just contains the usual sort of
boot record type rubbish, not too interesting.

The interesting bit is the bit which starts at offset 74

Now the information starting at 00040 is the interesting bit,
on a disk with a password set it will look like this....

00040   20 20 20 20 20 20 20 20 | 20 20 2D 2A 2D 0A 0A 1A
00050   72 AA 91 9C 0F 66 9A ED | AB 18 6E 6D E2 C3 2B 8B
00060   5E CD EF A9 37 1B 53 E2 | C6 F0 E8 9C A4 49 F6 9D
00070   4C F0 AB 32 21 47 FC 91 | 7E 8C 58 D8 D9 D7 DB D3

(All figures obviously in hex.)

The data from 0004B to 0004E is a flag to the device driver to tell
it that a password is required.

From 0004f to 0005F are the encrypted passwords.
(the rest just being data)

NOW, for an unpassworded file this looks like

00040   20 20 20 20 20 20 20 20 | 20 20 20 20 20 0D 0A 1A
00050   49 F6 9D 4E EC B1 26 3D | 0F 6B B2 24 41 07 7B 92
00060   XX XX XX XX XX XX XX XX | XX XX XX XX XX XX XX XX
00070   XX XX XX XX XX XX XX XX | XX XX XX XX XX XX XX XX

Now all you have to do is take a copy of the data in this section
on the stacvol.dsk file you are hacking so that you can return it back to
its original state!

Patch the code above into the corresponding positions into the
file you are hacking, leaving the code denoted by XX alone, this is version
code and depends on the machine so leave it alone!

Save the changes and reboot the machine, it will no longer ask for a
password and you now have full access.

Afterwards re-patch the original code that you noted and if you've used
your common sense then the owner will never know you were there.

(By common sense I mean don't forget to restore time/date stamps etc.)

D2A  [D

*******************************************************************************

                       UNAUTHORIZED ACCESS ONLY

Computers are becoming an integral part of our everyday existence.  They are 
used to store a multitude of information, from credit reports and bank
withdrawals to personal letters and highly sensitive military documents.
So how secure are our computer systems?

The computer hacker is an expert at infiltrating secured systems, such as 
those at AT&T, TRW, NASA and the DMV.  Most computer systems that have a 
telephone connection have been under seige at one time or another, many 
without their owner's knowledge.  The really good hackers can re-route the
telephone system, obtain highly sensitive coporate and government documents,
download individuals credit reports, make free phone calls globally, read 
private electronic mail and corporate bulletins and get away without ever 
leaving a trace.

So who are these hackers?  Just exactly WHAT do they DO, and WHY do they do
it?  Are they really a threat?  What do they do with the information 
they obtain?  Are hackers simply playing an intellectual game of chess or
are hackers using technology to effectively take control of corporate and 
government systems that have previously appeared omnipotent?

Our group is in the course of filming "Unauthorized Access", a documentary 
that will demistify the hype and propoganda surrounding the computer hacker.  
We will expose the truths of this sub-culture focusing on the hackers 
themselves.  This will be a view from inside the global underground.  
We intend to shoot in the United States, Holland and Germany.

This documentary will be of the highest broadcast quality and is 
intended for international television, festival and theatrical distribution.

We are currently looking for additional financial backers interested in this
project. For more information about "Unauthorized Access" or if 
you are intrested in providing any information or support, please contact 
annaliza@netcom.com.

*******************************************************************************

Mitnick's Soliloquy

Intruder, or not Intruder: that is the question:
Whether 'tis more likely the system suffers
The misuses and malfeasances of outrageous crackers
Or that some user behaves anomalously
And, by so doing, causes false alarms.  To alert, to audit;
No more; and by an audit to say we find the attack,
And the thousand failed login attempts
That are seen on the network, 'tis a consummation
Devoutly to be decrypted.  To alert, to audit.
To audit, perchance to detect, ay, there's the rub.
For in that detection of attack what false alarms may come;
When we have dumped a million packets
Must give us pause, the analysis
That makes use of long CPU hours and many gigabytes
For who would bear the whips and scorns of time
The analysis by hand, the tired SSOs eyes sore,
The pangs of innocent users, the law's delay,
The insolence of phreaks, and the spurns
That patient merit of unworthy takes
When he himself might his quietus make
By a disconnected ethernet?  who would fardles bear
To grunt and sweat under C2 standards
But that the dread of worm after worm
The undiscovered bug from whose bourn
No Vandal turns, puzzles the testers,
And makes us rather ebar those ills we have
That crash the system and erase the hard drive?
Thus intrusion detection makes abusers of us all,
And thus the native hue of normal use
Is sicklied over with the red light of intruder,
and jobs of great size and duration
With this regard their patterns out of normal parameters,
and lose the name of legal system policy.

				After Hamlet's Soliloquy,
				By JJ

*******************************************************************************
[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2014, Phrack Magazine.