UNITED PHONE LOSERS E-ZINE issue no. 18 - April 20, 2000 this issue edited by Rufus T. Firefly
Here we are, another exciting-packed UPL issue. Lots of things have happened since last we spoke. First and foremost, I must impart the sad news that our beloved nawleed is no longer with us. As revealed by one White Box Willy below, even we anarchistic underground street-gangs of the information superhighway are not without our particular blend of complex politics. Second, you probably asked yourself while downloading this, "Self, isn't this issue unusually huge?" And the answer is a loud and clear "Hell, yes it's huge!" It's our UPL super special motherfucker issue. Don't print this one out without spare el-cheapo printer-warranty-voiding ink-cartridge-refilling kits, folks. Over seventeen bits and pieces from various corners of the continuum came together to form this issue, not the least of which is a huge update on RedBoxChiliPepper's Network Solutions article from UPL 017. Yes, we are happy to report that it is easier than ever for your average drooling idiot to screw with other people's domains with little or no risk. Thanks, Jolly Spamhead! We've also got a couple of nuggets from textphile-veteran The Mob Boss, along with some truly vital information from our good pals spyg0ddess, Nitephreak, and more. Day-amn! Thirdly, you may well ask "Isn't this that Firefly jeroff editing the zine again?" Yes, you may well ask that, and well you may. Because I am, since poor old linear is still dead. Fortunately, he was able to send in a couple of articles, since we replaced his keyboard with a Ouija board. And another of my dreams has come true... thanks to JJ, we now have an official UPL recipe!!! And it involves lots of fire, which is cool. Kids, TRY this at home!!! Don't you DARE ask your parents!!! Wheee... --- by Rufus T.
Firefly
As most know, nawleed was recently kicked out of UPL for reasons unknown. Unknown, until now that is! Yes, I, White Box Willy, the man behind the scenes, am here to tell you all about the tragic day, when linear lost his mind, and nawleed lost a shoe. There we were, me, linear, and nawleed, chilling in #jen (linear insists we hang out in there every time he goes on IRC). Nothing unusual, the normal conversation... <wBw> So,
linear, what's new?
<linear> nothing at all. i hate my girlfriend.... blah <nawleed> why don't you just dump her, jackass? <linear> because of my inability to change my station in life, remember? <nawleed> ooooh yea. i forgotededed!@$#% <linear> so anyways.... <wBw> can i have your girlfriend? <linear> yea, i guess. And so on.... Yes, this is what talking to the real linear is like. What a dumbass, eh folks? Anyway, being good friends with both linear and nawleed, i decided to ask some personal questions.... <wBw> hey
nawleed, don't you ever get tired of being linear's bitch?
<nawleed> why, whatever do you mean, White Box Willy? <linear> HEY! <wBw> Well, i mean, linear really takes advantage of you.... i mean, look at all you've done for UPL, and do you ever get credit? a thank you? NO! Just a slap on the ass and another chore! <nawleed> hey... you're right... <linear> DON'T LISTEN TO HIM YOU WHORE! You love being part of the UPL collective conciousness and you know it! Now get back to making the new UPL brand shoes. I want them double-stitched! <nawleed> COLLECTIVE CONSCIOUSNESS?!@#$% More like you making the rest of us your jail-bitches and doing your shit work as you get all the women, money and power! I'm sick of it dammit! TO HELL WITH THE UPL SHOES! <linear> DAMN IT NAWLEED, I SWEAR TO GOD, IF I HAD LEGS, I'D BE KICKING YOUR ASS! <nawleed> FUCK YOU, LINEAR! You vegeterrian fuck-face! You god-damn granola- head! <linear> Goddammit! That's it mother fucker! YOU MEAT-EATING BITCH! YOU'RE OUT OF UPL! <wBw> uhm, guys... <nawleed> good! i'm sick of your shit anyways! you tyrannical overlord JEROFF! *** nawleed has left #jen *** linear sets mode: +b *!*@xxxxx.xxxxx.xxxx.com And so you see, I made a joke and it went too far. Me and linear don't talk much anymore, and linear and nawleed can no longer stand one another. Me and nawleed don't talk much either, come to think of it. Sometimes i sit alone in my bed at night and cry. Surely, I'm going to hell for what I've done. --- by White Box
Willy
"UPL sucks, linear. You think
I'm joking, but serious - UPL really does suck"
So for over a year now, I've been doing UPL. Numerous times, I've told people openly that UPL sucks. I don't think I know anyone who mocks UPL more than me. But for some reason, people still feel obliged to remind me that UPL sucks. I know UPL sucks, dammit! You can stop telling us! But, perhaps this subject needs to be examined a little more closely... UPL first started as a joke. A cheap PLA knock-off that was never suppose to be taken seriously. But before I knew it, UPL gained a large following, gets its own domain, and is all the sudden something very legitimate. Weird, we all thought, but we sat back and enjoyed the ride anyway. Of course, as can be expected, with all of UPL's newfound popularity came a whole lot of people who hate us. Some hate us because we disgrace the PLA name. Some hate us because much of our information is lame and/or newbie related. Some hate us because we just flat-out suck. All true. But now that the UPL files have taken on a 'zine format, and large majority of the content is reader-submitted, it's no longer entirely our fault that it sucks. It's your fault! If our zine sucks so bad, it's because you're submitting shitty articles, or, more likely, you're not submitting anything at all. So if there's something you'd like to see in UPL, then by all means, send it in! Otherwise stop bitching about it. The only way UPL will improve is if your submissions improve! UPL doesn't suck! YOU suck!! --- linear
So you're sitting there bored surfing the web looking up dinosaurs and gay porn and decide you want to try out some basic hacking but you don't know where to start? Well now you do. This is a simple hack that anyone can do...even a phone loser. =) First, you need to get yourself a real domain scanner that will allow you to scan for a certain port. No not the shit Proggys the 31337 Mirc kiddies downloaded from www.warforge.org to sit next to their trojan infected winnuke programs. No go get Ostrosofts Internet Tools located at www.ostrosoft.com for this evil purpose. Set it to scan a domain to find a open port 139 and then save a list of those ips that it finds. If you need help finding a domain to scan, load up IRC and head to #chatzone or #teen and do a /who #(channel). Find a domain that looks interesting and a easy target and type /dns (domain). Next copy and paste that domain into Ostrosoft and set it to scan the entire domain. Depending on your connection, you are bound to have about 30-40 computers with port 139 open on any given domain. Next goto to the START/RUN.....and type nbtstat -A ip <----
IP With port 139 open
Run that command on each IP with port 139 open to see if file sharing is enabled <20>. Once you finally find a computer, and I know you will (trust me over 10% internet users leave it on). Goto Start/Find/Computer/ type in "\\xxx.xxx.xxx.xx". If the file sharing is not password protected that person's shared drive will pop up on your computer. If the server is password protected, don't even fuck with it as your ip will be logged, just move on. Since you now have the access to the person's shares, the C drive hopefully, you can have some power at your hands. IMPORTANT THINGS TO KNOW WHEN YOU GET IN! I guess the "Right thing" to do is to let the person know you were there and how you got in... I usually do this by leaving a text file on their desktop, or by finding the ICQ/AIM directory and getting their ICQ number and sending them a message. BUT! Not before going into their mirc.ini file and stealing their nickserv or chanserv passwords for personal use! *GRIN* If they are running a port sniffer they have already logged your IP address.. find the sniffer files and delete them as quickly as possible. Also, find the log file (nuke nabber keeps it on the desktop as nn.txt and also keeps a folder on the desktop named "reports" if they have selected that option) and delete those as well. You may also want to del netstat.* in their windows folder which prevents them from catching you with the netstat -A command. In addition, if you really wanna fuck them over. attrib windows\user.dat -r
-a -s -h
ren windows\user.dat *.abc This effectively screws their registry files and if they try to reboot they're gonna be fucked big time! Keep in mind that any files over 100K are gonna take FOREVER to open so you don't want to try to spawn any real applications from their system. While you are there though, take a look around at the .ini files for their applications - you can find lots of good stuff in there (if they are running serv-u FTP for example, the user names and passwords are stored in plain text in the servu.ini file...which you can then download serv-u and decode their encrypted password and maybe hack a webpage the lame way. Remember anything you place in the victims windows\start menu\programs \startup folder or win.ini "RUN=" line will run automatically next time the user loads windows - this is a good place to upload trojanized files. AkA adding "RUN= con/con" shutting down the system forever. Get creative...the world of Jolly Spamhead is yours! Some Evil Jizz Monkey Typed this when I was chowing down on some soul food "OstroSoft Internet Tools v4.0 : Name: dlw dc Email: destructive@email.com s/n: 157678339". ()()
B L A C K P O W E R! --- Jolly Spamhead
The other day I was sitting in class and I was bored out of my head so I picked up a dictionary. I was curious to see how a hacker was defined, considering that seems to be one of the most passionately fought arguments, good against evil, hackers against crackers. I found the definition to be "A computer enthusiast, someone who breaks into computers". Not suprising but when I went to look for "Phreak" and "Phone Phreak", low and behold, it was not there. This seems to be common these days. Everyone is shaking in their boots about big, bad, evil hackers and what might happen to their home or business computer, but no one ever stops to think about the phone system. This article is not geared towards anyone specific, in fact this is just an abstract to guide all those who are interested in general security, privacy, and h/p. Whether your a small business owner, a homemaker, or an executive, there is something here that you should know, if you don't already. Phone Phreaking can be loosely defined as the exploration and exploitation of the phone system and everything that goes along with it. Back in the 60's and 70's there was blue boxing, back in the eighties and early nineties there was red boxing, but nothing compares to the things that are here now, in the early part of the 21st century. Seems everything is hooked up to the phone system one way or another these days. People are sporting voicemail, pagers, cell phones, home answering machines, fax machines, computers hooked up to the internet, cell phones hooked up to the internet, and there are plans to have cars on the internet pretty soon as well (i.e. 2600 issue 16:4, I OWN YOUR CAR). 1984 is here, just a little late . Now considering all that why would someone ignore learning about the phone system considering the whole backbone of telecommunications is the phone system. Thet's a mistake a lot of companies and individuals make. Besides theft of phone service, as there are so many legal ways to make a free call these days, but how about privacy. How would you like someone monitoring your business via the voicemail system or maybe monitoring your house by using the remote access feature on your answering machine to actually listen in on what's going on. How about someone tapping your analog cell phone or old cordless phone? Now from the attackers point of view, what better way to watch a target? You want to break into a computer network, monitor the voicemail systems for possible technical information and logins. You want to break into a house, listen to messages on the answering machine to find out the patterns of those who reside there. Want to blackmail, extort, and steal, well then there are tons of possibilities for you. Lets start at home. What communication devices do you own? Cordless phone, PC, Fax machine, answering machine? I'm willing to bet you have at least one or all of those items in your home. First I will touch on answering machines, personally I could live without it. Most people hate talking on answering machines , and when its not meant to be its not meant to be. But I still own one and the first thing I did when I learned about breaking into answering machines was to check my manual to see if my machine had remote access. As it turned out, it did have remote access but lucky for me it has a strong security policy, two bad tries will boot you off, plus the code is a good one. Now machines I have encountered in businesses and homes were as easy as dialing 123 after the tone. So what you say? You have nothing to hide? Well privacy is privacy and either way I don't want some thug hearing when I'll be at the dentist or vacation. This is twice as bad if you're a business and you have customers leave orders on the phone after hours. Credit card fraud has been booming since the 1980's and two decades later its still a problem, and its a safe bet that it always will be a problem. Here is an easy to follow system for getting into an answering machine, out of the many techniques I have read, tried, or heard of this one is the most rewarding... after the tone start dialing this sequence, 9876543210000123456789 then 2000, 3000, till you hit 9000, then 1111, 2222, and so on till you hit 9999. That technique will break into answering machines in the homes of government officials, mail order stores, and places that should be more secure. Try that on your machine or a friends (with his permission of course) and see how secure that answering machine really is. Another problem that has been around for many years is that of people tapping cordless phones with simple frequency scanners. Now this problem has been dying out but when I flip on the Ol' Bearcat I still hear morons yacking away on there old, ten dollar, garage sale, cordless phones. These aren't wholesome conversations either. Drug deals, phone sex, and fights. I guess it all depends on where you live but just the same there are a lot of possibilities here. Like I said, this is not a new problem, but its still wide spread even though a whole decade of cordless terror has gone by. By programming the following frequencies into your scanner you'll hear many conversations:
Base Handset
1 43.720 48.760 2 43.740 48.840 3 43.820 48.860 4 43.840 48.920 5 43.920 49.000 6 43.960 49.080 7 44.120 49.100 8 44.160 49.160 9 44.180 49.200 10 44.200 49.240 11 44.320 49.280 12 44.360 49.360 13 44.400 49.400 14 44.460 49.480 15 44.480 49.500 16 46.610 49.670 17 46.630 49.845 18 46.670 49.860 19 46.710 49.770 20 46.730 49.875 21 46.770 49.830 22 46.830 49.890 23 46.870 49.930 24 46.930 49.990 25 46.970 49.970 Obviously you want to listen into the base frequencies so that you hear both sides of the conversation. Now you may say well I don't have an old phone, "I have a brand new cordless phone that runs on the 900mhz band and scrambles the conversation". The only thing I have to say to that is, what if your business partner, mistress, and/or accomplice are using a old cordless phone, then your security measures mean nothing and its out there. That's why you have to analyze security from afar, missing the big picture will really screw you up. Are you running a dialup server at your residence or small business? If you think its safe because no one but you had the dialup then you my friend are dead wrong. For years people have been using programs called war dialers (i.e. ToneLoc) to scan exchanges looking for computers and just because times have changed and the internet seems to dominate all doesn't mean that people have stopped looking to their local exchanges either. In fact much can still be found by having a war dialer go for a few hours and attackers know this. A company can have a big fancy firewall but a dialup sticking out like a sore thumb a few numbers up from their main switchboard number. That kind of ignorance can be very very costly and it would be wise to see how your computers are set up. If a dialup server is necessary be sure to pick strong passwords and keep up with a good policy for protecting that data, physically and remotely. Lets move on to your small (or large) business. Most businesses worth anything at least have a small PBX and voicemail system, plus the kind of stuff you may have at home, as all the same of rules of home security apply at the office as well. Its very important that a person takes his sweet time with setting up the phone system, baby it just as much you would the computer network because leaving the phone system open will lead the path to your precious network. If someone gets into your phone system what do you have to lose? Privacy, valuable information about customers (credit card information), use of your lines to call Europe and what not. I must say that PBXs are more challenging now then they were ten years ago but considering most voicemail systems run hand in hand with the PBX, having weak passcodes on your voicemail system can lead to exploitation of your PBX services. Meridian Mail, which is put out by Nortel (www.nortel.com), for instance has a nice little feature where you can set the operator assistance number, which in what I have seen is local numbers, just the same it can be useful for bouncing through to avoid tracing. I don't think anyone wants their phone system used as a jumping off point for attack against something big. The same rules of breaking into answering machines applies to voicemail, but one can get more creative here. There is usually multiple accounts on a system so if you can't get into one, more onto another. 999 or 9999 is usually an administrators box and 100 or 1000 is usually a general delivery box. Its been my experience that the general delivery box can be the most influential as that's where your general information can be obtained and that's also a very easy box to get into, a lot of the time the passcode is just 1000. In general though some passcodes to try are the number of the box as the passcode, 1234, 1111 to 9999, 1000 to 9000, the name of the person or company in DTMF, and the last four digits of the phone number. Knowing that, its possible to use these private phone networks for a lot of different things and I think its very clear why someone should take this into consideration. Ok now that its clear that your everyday conversations are at risk lets talk about some of the ways we can insure that our distant party is the only other person to hear the conversation. Remember the only secure conversation is one in person, free of any monitoring. Getting back to the point, one must consider what level of security is needed for a conversation before they begin to put security measures in place. For instance I doubt you need to encrypt a voice conversation with your grandmother (unless she works for a three letter agency) nor do I think you want to be on that old cordless phone while buying arms from third world terrorists (not that I'm advocating that). Lets say you are interested in securing voice communication, here are some ideas on what you can do to protect your privacy. The first method is accomplished through PGPphone, a nice little program from the makers of PGP (Pretty Good Privacy). This program allows for secure modem to modem or tcp/ip based voice communication. Using PGP keys at the strength preselected the conversation can be encrypted and secured from prying ears. Only drawback is that there is a little bit of lag and the stronger the key, the more static and breakup you will get. Another idea for shaking any taps on your phone line or your counterparts phone line is through the use of a number of payphone. If you keep a good list of payphone numbers in your area that allow for incoming calls you can be at a certain payphone at a preselected time to receive that call. If its busy you can always have a backup payphone not too far away or your contact will simply try back every two minutes. In my area at least there are still some neighborhood COCOTs (customer owned coin operated telephone) that still take in calls. Your best bet is to call a voicemail number that has ANI every time your at a payphone. When you get home call all the payphone numbers you accumulated and see which ones take in calls. Some owned by the Telco will not allow the call to go through, some COCOTs will have a modem pick up. As another approach you could always invest in one of those expensive communication devices that hook up to the telephone and allow you to call another telephone with the device. The price is definitely a drawback ($500 area) so using one of the less expensive methods is most likely the best way to go). Be creative and use your common sense, doing that you'll come up with many creative ideas. This was meant simply as a primer to phone security. Yes these are old problems but they needed to retouched on because it seems many people are still mystified by simple phone phreaking techniques. There are other phone risks, such as beige boxing and social engineering, but those topics have been covered already in some very well detailed articles that are available on sites all over the internet and fine BBSs like Ripco. I hope this has opened your eyes to the dangers out there or at least refreshed your memory. And to cut off all those flames that I ripped this information off and what not, I have spent many hours on the phone testing and perfecting these techniques, there is nothing here that I don't have first hand knowledge of. I'd like to leave off with these words that good friend recently told me, "When you take from one its plagiarism, but when you take from many its research.". Appendix PGPphone Phreaking Info Special Thanks To...
--- The Mob Boss
here's my lesson for the day when typing something to spyg0ddess, the nick is as follows
thank you for your time, i hope you all found that informative. --- spyg0ddess
Background
IRC users can crash IRC Fserves on Windows 98.* systems at will using special crafted path-strings that refer to device drivers being used. Upon parsing this path the Ms Windows OS will crash leaving no other option but to reboot the macine. With this all other running applications on the machine will stop responding, crashing the fserver as well. =) Problem Description When the Microsoft Windows operating system is parsing a path that is being crafted like "c:\[device]\[device]" it will halt, and crash the entire operating system. Four device drivers have been found to crash the system. The CON, NUL, AUX, CLOCK$ and CONFIG$ are the two device drivers which are known to crash. Other devices as LPT[x]:, COM[x]: and PRN have not been found to crash the system. Making combinations as CON\NUL, NUL\CON, AUX\NUL, ... seems to crash Ms Windows as well. DEVICE DRIVERS
-------------- These are specified in IO.SYS and date back from the early Ms Dos days. Here is what I have found. Here is a brief list; CLOCK$ - System clock CON - Console; combination of keyboard and screen to handle input and output AUX or COM1 - First serial communicationport COMn - Second, Third, ... communicationport LPT1 or PRN - First parallel port NUL - Dummy port, or the "null device" which we all know under Linux as /dev/null. CONFIG$ - Unknown Any call made to a path consisting of "NUL" and "CON seems to crash routines made to the FAT32/VFAT, eventually trashing the kernel. It seems that the Windows98 kernel is going berserk upon processing paths that are made up of "old" (read: Ms Dos) device drivers. Reproduction of the problem <Bknight17>
[v2.3b] Fserve Trigger: !Porno Ratio: 1:5 Start
Credit: 50000
Offering: Type !Porno for all your porn needs. Ratio 1:5 and 50000 starting credit [ 5 of 7 slots in use ] DCC Chat session - Client: Bknight17 (24.93.178.144) - Acknowledging chat request... DCC Chat connection established - <Bknight17> Panzer Fileserver v2.3b <Bknight17> Special Commands: <Bknight17> Credit Your Current Credit <Bknight17> Mstat Your Stats On This Fserve <Bknight17> Fstat This Fserve's Stats <Bknight17> Top10 10 Most Downloaded Files <Bknight17> Dn10 10 Best Users - Downloads <Bknight17> Up10 10 Best Users - Uploads <Bknight17> URL Download sites of PaNzEr <Bknight17> <Bknight17> Current Credit: 50000 Ratio is: 1:5 <Bknight17> mIRC32 v5.61 File Server K.Mardam-Bey <Bknight17> Use: cd dir ls get read help exit <Bknight17> [\] <Jspamhead> get /nul/con <jspamhead> dir <jspamhead> Bye Bye Pervert!! - DCC session closed (2 seconds later in the channel) *** Bknigh17 has quit IRC (Read error: Connection reset by peer) Impact This backdoor at this point in time gives any idiot the ability to slow down or if not stop productivity in Porn, Rom, MP3 and others channels running Fservers. Simply by disconnecting all the unpatched fserves in the channel! Solution Don't run a windows based fserve on IRC or try installing the patch from micro$oft. Doubt the patch works though! ;) Credits Initial "con" bug found in Internet Explorer by Suigien -*- Remote Crashing using FTPd, HTTPd, EMail, Usenet by Zoa_Chien Path0s, Necrite, Elias and ToSH -*- Byte hack IO.SYS workaround by Zoa_Chien -*- Advisory, IO.SYS exe/testing and aux/nul/clock$/config$ detection by vorlon. The 80's are forever remembered in our hacking and phreaking history as the good old days. Times of wide spread knowledge, great ezines, terrific research, and most importantly the time of BBSing. Bulletin Board Systems were the way most hackers and phreakers learned great things. Many started as newbies and by the end were experts assisting other newcomers. But those days are over, the great boards of yesteryear are nothing more but ANSI filled memories right? Wrong. Believe it or not, here in the year 2000 BBSing is not dead. Of course its not what it used to be, but its something for us who missed those days can look at and enjoy. In fact I maintain a growing list of BBSs around the world, telnet and dialup boards in fact. Some great discussions are held on these boards every day, from California to Germany, some people are still keeping the BBS scene alive. This article is meant as a guide for dialing/telneting to these boards, how to get around once your on, and proper etiquette. This article is geared for those with Windows 95/98, sorry to you UNIX folks but I am not familiar with the terminal programs for it. Lets get started. The terminal program we are going to use is hyperterminal because if you are running windows you already have it. To start it up go to Start -> Program Files -> Accessories -> Communications -> Hyperterminal. Run hypertrm.exe and it will bring up the program with a new connection window. Name it whatever you like, use whatever icon. Now the connect window will pop up. Now the question is, "What kind of board are you connecting to?". For now I will assume you are connecting using your modem, hence a dialup BBS. Now since whatever dialup BBS you are calling is most likely long distance, I am going to explain how to set this up so that you can do whatever you have to do to make the call and not connect until the number of the BBS is actually ringing. Since you'll be using the operator assisted dial feature it doesn't matter what area code and number you put in, but to keep things neat you might as well put in the number of the BBS. If you don't trust me or yourself and don't want to accidently be calling Germany directly then just stick in your home phone number, so that if the operator assisted dial feature was forgotten to be checked it will simply get a busy signal. Also make sure you have selected your modem on the pull down menu "Connect Using:". Now you will have a connect window once you hit ok. Now lets go to modify. This will put you in the Properties window. Click configure which is located under the "Connect To" tab. Now first I suggest you turn up the modems speak volume if you usually don't. Like a mechanic with a car, listening to a modem can tell you a lot. Under the "Connection" tab, it should read Data Bits 8, Parity None, and Stop Bits 1. Now go to the "Options" tab, check off Operator Assisted Dial. Hit Ok. Then hit Ok on the properties window. This will bring you to the "Connect To" window again. Now when you hit dial a new window will come up, "Manual Dial". Now simply pick up the reciever, do whatever you plan on doing. Hopefully you'll be legally calling your legally bought prepaid calling card (hehe). Once the BBS number is ringing hit Connect on the manual dialing window and hang up the handset. You may hear another ring or two through the modem speaker but when it picks up your modem should connect to the BBS. This seems to be better the instructions by MS to wait until the BBS picks up to hit connect and hang up. Now if all goes well then you should be greeted by an exciting ANSI opening screen with instructions for opening a new account. If not just put in the handle you want, when it then says that you are not from the board, it should prompt you to open up a new account. Now if you weren't able to connect, keep on trying. Many things can go wrong. You may have made a mistake in dialing, linenoise could have prevented the connection (that will happen a lot of transatlantic calls or ones that make a lot of hops through different systems), or possibly the BBS had a problem. Now for those who rather not be calling Europe all the time the telnetable BBSs may be a better choice. Some are text based, some are ANSI-based. So to connect to one of these babies, start up a new connection as we did earlier. This time though rather then selecting your modem, select TCP/IP (Winsock). I have heard conflicting stories of some versions not having this. If not then try upgrading. When you select TCP/IP you'll be presented with a box asking for the host and port. Enter those in and hit connect. Viola your connected. Ok so now we are sitting at that ANSI screen. What do we do? Well we sign up for a new user account. Procedures vary. Boards like Sacrifical Lamb and L0pht will give you immediate access. Boards like this have several discussion boards, mail, and real-time chat. Boards like Subcultural Niche for instance in Denmark however are more old fashioned in their procedure. Once you fill out the new user information form you'll have to wait to be granted full access which includes, discussion boards, mail, files, chat, BBS Lists, etc. Usually access is granted within 24 hours. Now when filling out the form it asks a lot of information. Name, address, voice number, data number, so on and so on. For your name put your handle, for address feel free to put your city and state, but don't feel obligated to put your street address. As for voice number there is no reason not to have a number to give them. With the abudance of free voicemail and fax numbers these days, I'm sure everyone has a number they can give. If you are giving a test on acronyms or they ask questions like "Why should we grant you access", just be sincere. Don't bug out if you don't know all the answers but make a habit of finding out what the answers were, thats what learning is all about. If you weren't granted access for some reason, feel free to find out why but don't dwell on it or get angry, probably wasn't worth being apart of anyways. Being turned down is pretty rare though so as long as you don't say, "i aM h3R3 f0r y0 wAr3Z f00l5" then you should be fine. Once you have access to a board, look around, read the help files so you learn how to move around the board with ease. Most boards have the same commands or similar ones so once you learn one or two you'll be all set. Set up your file transfer protocol the first time you upload/download something. Zmodem is probably what you wanna go with since its pretty automatic. When you first get on the board with a file area its polite to upload a few good texts that you have. Don't upload crap, upload things that you read and truly enjoyed or learned from. Some boards have ratios so uploading is not just curteousy but nessecary if you want to download anything. For those who do not know how to send a file, simply go to the upload menu following the prompts. When its ready for you to send the file just go to transfer, send file, and choose the file you want to send. Again reading the help files will help a great deal in manuevering around the board. Once you uploaded a few files and had a chance to look around, introduce yourself to the sysop or if he's not online post a message introducing yourself. Lurking around makes people suspicious and resenting of you. If you can answer someones question, go for it. Don't get involved in flame wars if you can withstand the urge. And always treat the BBS as you would your own system. Crashing BBSs or trying to break into them is very retarded, very few are around so breaking the few we have is not only wrong but retarded. Again this is simply an introduction and wake up call to all those who thought BBSs were dead. They are alive and they are great. I have learned a great deal from boards like Sacrifical Lamb and Ripco. At the end of this file is a list of BBSs I currently know of that are alive. However for an up to date list check out http://come.to/mobdomain. Now once you get into BBSs a bit and see whether or not you enjoy them, consider opening one yourself. All that is required is a server with decent uptime or a spare phone line. If you can spare the time and resources go for it. Its a damn shame that there are no dialup BBSs in North America and few telnet boards. If you do decide to open one let me know and I'll assist in any way I can. Thanks to all those Sysops who helped me in my quest for BBSs and to all those who have take the time to keep this great art going. Special Thanks To Deo, Glock, And Tron Visit These Fine Bulletin Boards... Ripco BBS ripco2.ripco.com Northland Underground BBS nub.dhs.org L0pht BBS bbs.l0pht.com The Sacrifial Lamb Login as BBS english.gh0st.net Post Cards From the Edge Login as BBS luna.iirg.org Subcultural Niche +45-3888.9120 Freedom Fortress freedom.darktech.org Perpetual Illusion +45-9816.2348 Euphoric illusion +45-5852.0573 West BBS +45-971-53471 Voodoo Lounge +31-344-634429 lounge.myip.org (Not 24/7) Virtual Distortions vdbbs.dynu.com Death Chamber +49-5374-672979 excidium.wolfsburg.de port: 666 System Password: exmrocks Snow +31-20-6814216 Fuct Image fuctimage.darktech.org --- The Mob Boss
Tell me, how many times have you wished: "I wish I could truthfully say I shower everyday but not have to put up the recent fads of self hygiene." well too many if you ask me. I give you the shower exploit for Hackers on the go. When you shower, start at 11:55 pm so it lasts until after midnight and technically you've showered on both days, so no matter how much you reek, you shower daily. Coming soon
"No time, no problem!" --- Nitephreak
Now many of you may
be asking yourself, "What the hell is Lowes?" For those of you that
don't know, Lowes is a Home Improvement Store very similar to Home
Depot. What separates Lowe's from other stores is that their
workers carry around Spectralink phones all hooked into their store PBX
system.
So just how in the hell do you get into this PBX? Well there are various ways you could go about doing this. First, you could simply buy a Spectralink phone and go to Lowe's parking lot and link into their PBX. Now I'm not sure if the phones have to be programmed to hook into a certain PBX, but if they do, contact Spectralink and tell them that you are a manager at Lowes and your phone got stolen and you need a replacement. If they ask for an extension number tell them it's any number ranging from 800-805. (800-805 are the store manager's numbers.) Or you could simply get a department phone. The extensions are all listed at any cash register or phone in Lowe's. Just swipe the sheet for reference. Now, when you're ordering your Spectralink phone you'll also need a battery and a charger to keep the phone going. Remember though that simply ordering the phone is an expensive way of going about the whole thing. I suggest simply stealing one of the phones. Many workers just simply leave them lying around store and it's a sure bet if you walk around the store long enough that you'll find one somewhere. Also if someone isn't in the store that day you could probably find their phone laying at the service desk. Getting the phone there could be a problem. Store management usually hangs out around the service desk. It would probably be a good idea if you just walked around the store in search of a vacant phone. As I said before, you can usually find them laying around. However you go about it, you have to have one of these Spectralink phones to break Lowe's PBX. Once you have one of these phones with a battery equipped, take your ass to Lowe's parking lot and try to remain unseen with your phone. Service through the PBX should still be accessible in the lot. I have yet to figure out how to modify the phone to amplify the antenna further, but I am working on it. Ok, so you're in the parking lot? Now what? Well, press START on the phone and you have a dial tone. Now press 9 and you have access to the outside line. WOO HOO! You have access to all local calls on Lowe's line. Local Calls? Local Calls you say? SCREW THAT! Well, getting access to the PBX long distance codes will require some social engineering on your part. Stay in the parking lot and call 801-804 till you find a manager that is in. Exclude 800 and 805, because this is the store manager and co-manager and they usually know everyone in the store. When you get someone on the line, tell them that you need to call back someone about an installation or something of the sort and your long distance dial out pin isn't working and that you need a new one. Most managers are so damn stupid that they won't even think about it and will give you the info you need to dial out long distance. If it doesn't work though, go back to your extension sheet and call random departments till you find someone who does know the pin. The pin will be 5 digits. You hit 9, get a dial tone, dial the long distance number and you'll hear a humming tone. At this point enter the pin and if the pin is valid, your call will go through. Now be smart with the long distance dial out and don't call people you know. You could set up a conf through the line, but the operator cannot dial the line direct from outside. So simply tell her to call the store itself and to reach you at the extension phone that you have. WA-LA, a conf charged to Lowe's! On another note Lowe's does NOT shut down it's PBX at night so you will have 24 hour access to PBX. Another fun thing to do would be to get on Lowe's PA system and harass the hell out of them. The number for Lowe's PA is 89. Simply dial 89 on your Spectralink Phone and harass till your heart's content. Or you can forward people you know long distance phone calls. As I stated before though, I wouldn't call people's houses that i know. So what do you do? Tell your friend to go the payphone and call him up with the Spectralink phone. The conversation should go something like this: (Ring,
Ring, Ring!)
Friend: Hello, where's my free long distance phone call? You: It's coming right up motherfucker. Settle your ass jack. (You push Function 2 on the phone for call forwarding. Hit 9 for an outside line. Dial the full number that your friend requested. Hear a humming noise, enter your PBX code. The line starts to ring and you press end to connect your friend to the ringing line. Wham bam, your friend has a free long distance call all courtesy of you and he will kiss your ass the rest of his life.) Basically once you have the spectralink phone and the pbx code, the possibilites are endless. Now this whole process will be a lot easier if you scope out the store and try to get the names of people with power in the store and what department they work in and such. It will also be easier if you actually have a friend that works in the store that would be willing to aid you in your war against Lowe's. I'm sure you can find other various things to do for fun on Lowe's PBX once you get your Spectralink Phone. Just don't be stupid and get caught while doing it. Well, I hope this article has provided you with enough info to satisfy your phreaking needs and as always happy phreaking! --- Reverend Dope
Hat
By now, we've all
gotten these in our email. "Make zillions of dollars by
sending a dollar to each name on the list, blah blah blah..."
Basically, they're annoying spam. But, they're also a great
way to kill boredom, and school a spammer in the process.
(NOTE: In case you didn't think of this before, hit yourself in the head with a large brick, because it's very simple and dumb and everyone knows it. I'm just putting the idea in print because I feel like typing.) The point of the scam requires that the spammer put his/her mailing address on the thing. So skim through the email until you get to the part with 5 or so names and addresses. Each and every one of those people is or was a spammer, and deserves to die of syphillis. So, run all the names and addresses through some internet-based directories. Try all the main databses such as infospace.com, anywho.com, whowhere.com, etc. A really good place to start is RBCP's Private Investigator page at http://phonelosers.org/pi.html where he has swiped forms from many of the best databases. Forget the PO boxes, you'll almost always get at least half of the spammers' real street addresses, and with those you can score some phone numbers. Once you have those, the rest is cake. You could stick to the basic harassment techniques, or you could have more fun by asking them about the emails. Act like you need further explanation of how to do it, what to write where, how to fold the dollar bills you're sending to everyone, etc. Ask them if they're that "lawyer" who always writes that section on how it's so legal. Or, you could shake them up by being a Postal Fraud investigator, making sure they're home so your riot squad doesn't waste a trip. Whatever you do, you'll come out of it feeling less pissed about the spam... --- Rufus T. Firefly
Network Solutions Followup and Free Domain Hosting Seems like our good old friend Network Solutions (http://www.networksolutions.com) still doesnt give a good fuck about its good honest racist constumers as the domain www.whitepower.com was recently HiJacked and defaced. A whois lookup on the domain shows the following: Registrant:
whitepower.com (WHITEPOWER6-DOM) Hackers Against Racist Dicks New York, NY 31337 US Domain Name: WHITEPOWER.COM Administrative Contact, Technical Contact, Zone Contact: Hicks, Roy (RHS377) nanoblaze@YAHOO.COM PETA 421 luke street Little Rock , AK 31337 1-800-635-9873 Billing Contact: Hicks, Roy (RHS377) nanoblaze@YAHOO.COM PETA 421 luke street Little Rock , AK 31337 1-800-635-9873 Record last updated on 26-Mar-2000. Record created on 03-Apr-1999. Database last updated on 29-Mar-2000 14:20:16 EST. Domain servers in listed order: NS1.NETFIRMS.COM 216.32.198.6 NS2.NETFIRMS.COM 216.32.198.7 Another disturbing Whois lookup is on www.dare.org: registrant:
Drug Abuse Resistance Education (DARE-AMERICA-DOM) DOPE YOUR KIDS ARE ON DRUGS Los Angeles, CA 90051-0090 US Domain Name: DARE-AMERICA.COM Administrative Contact, Technical Contact, Zone Contact: Lochridge, Ralph (RL10722) webmaster@DARE-AMERICA.COM D.A.R.E. America 9800 La Cienega Blvd., Ste. 401 Inglewood , CA 90301 (310) 215-0575 (FAX) (310) 215-0180 Billing Contact: Lochridge, Ralph (RL10722) webmaster@DARE-AMERICA.COM D.A.R.E. America 9800 La Cienega Blvd., Ste. 401 Inglewood , CA 90301 (310) 215-0575 (FAX) (310) 215-0180 Record last updated on 28-Mar-2000. Record created on 23-May-1996. Database last updated on 29-Mar-2000 14:22:37 EST. Domain servers in listed order: AUTH03.NS.UU.NET 198.6.1.83 AUTH50.NS.UU.NET 198.6.1.161 This leaves me in shock that as long as some bored kid who has 2 minutes to fill out a form to make some free domain space for example on Netfirms Free Domain Webhosting (http://netfirms.com) and has read the recently published UPL article on Domain Stealing (UPL issue 16) by the twisted RBCP can own and/or deface just about any major .org .com or .net domain or fuck tmaybe even steal a goverment domain. =) Network Solutions is like the church today in america, they are greedy basterds with a clueless or I could careless tech support attitude. I wouldn't even bother calling to inform this about this security hole as many people are informing me it was posted ot BugTraq and CERT about 3 years ago!! So go make some free accounts on Netfirm and get to work on some big boys like Yahoo and Ebay! =) When netfirms.com eventually dies from abuse please submit more free web hosting sites so us Phone Losers can move our stolen domains to somewhere or be nice and donate some hosting space and submit to the zine. God im sounding like the church now! Well anyway longlive the 860 scene, PLA ,and Tupac and hmm the Norway band Mayhem forever. Peace! List Of Free Domain Hosting Providers to Host Stolen Domains If one steals a domain from Network Solutions you gotta place it somewhere right? What fun is it to own someone else's domain and not fuck with it a little or alot? =) Why not switch hostname information and upload your own HTML and be a phat hacker like "coolio!" He's a punk ass bitch for using this easy trick to take dare.org and now he is as famous as mitnick! He had no skills but that's just my opinion and people tell me all the time that means nothing. Anyway these 100% Free Web Domain hosts on this list will provide you with a hostname and ip to change in Network Solution's Terms Of Service form on with ease. Im gonna keep writting articles spanking Network Solutions ass until they fix this 3 year old backdoor! Fuck NS! List Of free Domain Hosting Providers
When tranferring your stolen domain to netfirms.com click do not register with internic I will do it myself on the contact form. Otherwise shit gets screwed up in the host tranfer process. Using NS as a Web Domain Denial of Service Attack This is just a simple followup to RBCP's breakthrough first article and my articles in this current issue of UPL on abusing internic or network solutions current wideopen contract form Email forging bug. I figured out that by simply going to Network Solutions /make changes/domain (Victim's domain)/expert/Contract Agreement one can just type in bullshit for the Hostname and Ip therefore rendering the domain once internic updates its records in 72 hours unresolvable. Making for a nice Web Domain DoS attack. I wish someone would fuck with Yahoo, or another high profile site that gets alot of hits per day...as im not touching those sites with a 10 foot cock, but im sure a few are open for the taking. NS is stupid, but the company has to have ip logs of mails sent to hostmaster@networksolutions.com laying around somewhere, can't be all automatic as that is just too simple. I just get dreams of taking yahoo and just putting up a index.html that just consisted of a meta redirect refresh tag to c:\con\con\ crashing millions of unaware windows users worldwide. Would that make CNN? I think so? Would that force NS to close the bug? I think so! ;) One word of advice, try to make sure the fake Hostname and Ip you enter looks somewhat legit just incase the owner decides to call up Network Solutions Tech Support to question the modification of his domain information. I tested this today myself on a stolen domain and was told I would have to go through alot of bullshit like 2 forms of ID and faxing to get my domain back. So always enter somewhat legit shit. If you change ownership of the domain, make sure the owner of the domain looks somewhat real too. Just change the name and email but keep the zip, state, phone #, etc. This is just to make it harder for the real owner to retrive his account without using the backdoor himself. I only wonder what would happens if NS closes up this bug with alot of stolen domains out in the wild? Can we say Chao's AD Here? :) Also I tried accessing network solutions today using the anonymous web browsing service and found NS's site is blocked out. So this means either alot of people use that fuckin service to access NS or alot of people are stealing domains and NS doesn't give a fuck...but your IP is logged. Be careful in your domain hacking..... --- Jolly Spamhead
Well, you see I've gone to this Japanese restaurant before, and they do this cool volcano thing. You cut an onion in half and take the top part. Now, cut the top part in half. From the top part, you will make a flaming volcano that will last for about 30 seconds, complete with smoke and a tower of flame. Now, take the most curved portion of the onion you cut up (very top part) and take out the inside 5 rings. (Note: the rings should be small because it's all part of the trick.) Once you have the rings, look at them. They should be highly curved on the outside so that the bottom of the ring is larger than the top, like so-- __________
/__________\ Now, stack each onion on top of each other until it looks like a small, white volcano, like so-- There should be a hole in the top of the top onion. So dont use the very top onion ring in the onion. Now, get some oil, not car oil, but some vegetable oil or some shit like that. Also grab some soy sauce. To make this work, you must have a flat stove, like a frying pan, but with no curves. Put the onion volcano on the flat surface and turn up the heat to 400 degrees. Let it heat up for a couple minutes, about 5, then get ready for some fire!%@#$ Pour the oil in first, since the stove is hot, it should start sizzling immeadieatley. Then as soon as possible, put the soy sauce in. Strike a match and hold it over the top of the volcano and BOOM, you now have a towering inferno. Depending on the amount of oil, the higher the flame and the longer the burn. Then when the flame is about to die, start pushing the volcano around on the flat surface, it will start to cook the onion really fast and a whole bunch of smoke will pour out of the top. It's really fun, you'll probably never do it, because it's just more useless information you'd like to have when you grow up. Wait, if you are reading this, you will probably never grow up. Wheeeeee! --- JJ
To the tune of "The Bad Touch" by The Bloodhound Gang. (Ha-ha, well now. We call this the act of phreaking. But there are several very effective methods of screwing the telephone company that you should know about...) (I'd appreciate your PIN code) Sweat, baby, sweat, baby, You got your red box out And now you'll do the kind of stuff That RBCP wrote about You put the tones to the phone And your heart skips a beat, Hear a ring, the call went through, And you are feeling so damn 'leet You've had enough of dropping coins, Now you're stealing calls with class, Call your friends, call your foes, And harass their silly ass But what the fuck did they do? Now the tones don't go through! Mouthpieces are mute on all the phones, Well, if that pisses you way off, My brother, you are not alone Do it now You and me baby, are telco abusers So let's do it like they do in the United Phone Losers. Do it again now You and me baby, are telco abusers So let's do it like they do in the United Phone Losers. Gettin' phreaky now Beige, the kind you hook up With roach clips and wire Now you've got a dial tone buzzing And you cant feel any higher Operator? Yell at that bitch later, Cause you were having a field day Until Mrs. Skolnek Picked up and heard your phone sex. Zip, unclip, and run away So if you're busted, can you be trusted, To tell no one where you learned how To own the system, Not from us, Must have been Cult of The Dead Cow What do you do now, don't wanna quit yet The night's young, don't admit defeat, 'Cause there's some stuff in that bell dumpster For the twenty-six-hundred meet. Do it now You and me baby, are telco abusers So let's do it like they do in the United Phone Losers. You and me baby, are telco abusers So let's do it like they do in the United Phone Losers. (repeat chorus until sick of it) --- Rufus T. Firefly
This is my last article im writting for awhile since im getting burn out from too much typing and staying up all night exploiting open file shares on fleet NT's. So i'll leave you with my most destructive and malicious article I have ever typed to date. In this article I'll show you how to make a very effective modem killer weapon, especially on crossbar phone systems (CPS). I take no responsiblity whatsoever if you kill yourself or get hurt in an attempt at trying to do this fucked up trick or for some reason it just doesn't work anymore as I haven't performed it since early 1998. A great person once said it is never too late to pass infomation on...so on wit the show bitch! What the fuck is this strange device? It's a Tesla Coil! Concentrated static electricity you f00l! The Tesla coil when properly used will generate litrally thousands of volts at very low amps. That just happens to be the right current to bake silicon chip cookies over a open camp fire strumming Bodycount songs! Construction:
This is guaranteed to fry the modem, the computer and any peripherals connected to it like Scanners, printers, 8-ball porn cams. =) So Fuck you all! l8r! --- Jolly Spamhead
So I've been gone for a while, and no one's really heard from me. So I decided I should make some comments just to let everyone know I'm still alive and well, for the most part. I've decided to answer some of the questions I seem to be getting most often when I do manage to get online for five minutes or so. Here we go....
That's about it for now, I guess. Like I said, I really don't know what's going on in the UPL scene right now, so I don't have much to say. BYE! --- linear
Your actions are your responsibility. We do not condone or encourage anything described within this text file. Anything that happens because of what you do, is because YOU did it. In short, none of it is our fault if you get locked in prison for four years without trial.
linear Jaded el caco Jc Rufus T. Firefly |