Copy Link
Add to Bookmark
Report
Critical Mass 5
_____________________________________________________________________________
\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
\ Critical Issue # 05 A Technical Text /
\ Mass ~~~~~~~~~~~ File Newsletter. /
\________________________________|____________________________________/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__________________________
__________ l___________ | ___________l
// \ _______ _____ l|l _____ ______ ___
// /~~~~~~~\_\ l \ l l l|l l l // \ _ l l
// / l [] / ~l l~ l|l ~l l~ // /~~~\_\ / \ l l
<<<< ritical l / l l l|l l l // / / \ l l
\\ \ l < l l l|l l l <<<< / ___ \ l l
\\ \_______/~/ l l\ \ l l l|l l l \\ \____/~/ / / \ \ l l_____
\__________/ l__l \_\ l___l l_l l___l \_______/ /_/ \_\ l_______l
==--> ==-->
____ __ ____ ==--> (12/11/91)
l \ / l ass ==-->
l \ / l __ ______ ______
l \ / l / \ / \ / \ A Technical
l l\ \ / /l l / \ / /~~~~~~ / /~~~~~~ text file newsletter
l l\\ / l l / ____ \ \ ~~~~~~/ \ ~~~~~~/ ~~~~~~~~~~~~~~~~~~~~
l l \\____/ l l / / \ \ ~~~~/ / ~~~~/ / Issue: 5
l l l l /_/ \_\ /~~~~ / /~~~~ /
~~~~ ~~~~ ~~~~~~ ~~~~~~
_____________________________________________________________________________
l Writters l Special thanks to.... l
l__________________________l________________________________________________l
l l l
l The Beaver l The Shadow Hacker, Erokoes, Abigail, Dementia l
l Dementia Meister l Meister, Section 8, and all the TLH area l
l l hack types. l
l__________________________l________________________________________________l
Disclaimer: If thou does not like this or any Critical
Mass issue then simply do not download
future issues. Prosecutions due to the use
of the information given in this newsletter
is not the fault of the editor or writters.
Basically, we take no responsibility in legal
problems that you have by using the information
given, and if you don't like this newsletter,
then sue me.
Writters Wanted: We are alway looking for intresting articles to
use in Critical Mass, and if you feel that
you have information that might be useful in
someway, then please contact me and we will see
if it is good enough for a up comming issue
of Critical Mass.
The Beaver
Send Email To:
(904)997-6127
The Back Door BBS
In this issue of Critical Mass.....
___________________________________________________________________________
l l l
l Editorial /The Suchan Busts l Hacking Offa LUIS Terms l
l Few Tid-bytes about Unix l
l Hacking Offa LUIS Terminals l
l Hacking AF Gateways l
l Hacking Extenders l
l_________________________________________________________________________l
______________________________
l l
l Editorial l
l By The Beaver l
l____________________________l
Boy has it been a pretty lame time for Tallahassee and it's local
computer users. The problem, Taylor Suchan, the "hacker" busted recently,
or at least that's what the Tallahassee Democrat would like you to believe,
that he is some sort of whiz kid with a computer and a "hacker" among "hackers".
Personally, I don't think the boy would know a VAX if you hit him
on the head with one. Not to mention the fact, from what I understand, he
couldn't produce a simple piece of BASIC code if his life depended on it. So
where does the Democrat get off calling this lad a computer whiz kid. It
seems that he used his superior intellect to break into local computer stores
here and town and steal computer hardware. How does that make him a computer
whiz kid? Your guess is as good as mine.
The best description I have heard so far was at a keg party where
and friend of mine was chatting with me about this recent bust. He said,
"So they called him a computer hacker because he broken into a bunch of places
and stole computer equipment? Hmm, that's strange, that's about equal to me
stealing this keg of beer and having the TPD and the Democrat call me a
excellent brewer, and not just a keg thief". I must say, I have to agree with
that.
The worst part it seemed to me was that he really did not seemed to
be bothered by businesses in town that where having trouble making ends meet.
A matter of fact, he went to the Democrat and proclaimed that he was a
victim himself.
It is to my knowledge that the guy has never been in a hacking
organization in his life. Not the SAOO or the SH/CA or PALS to my knowledge.
I do know that for a short while, he was trying to get a back board
started on his old BBS before he was busted "The Gothic PlayGround", but I
think lucky for all of us, it never really got off the ground.
Well, all is safe now. Taylor has been arrested, and with an luck,
the computer stores will get there equipment back, but knowing the TPD and
FDLE (Florida Department of Law Enforcement), that might still be a while
from now. My own personal opinion about there investigations on computer
crimes, is that they are not to swift with handling these types of cases. A
source told me that the first time Taylor was busted, they found two Paradyne
9600 baud modems and it took them a few minutes to figure out that they where
leased line modems, and probably bought them at a state warehouse sale or
something.
Well, any rate, I have not had this much fun watching a bust since the
mid-80's Steve Lewis busts for those of you who can remember that. I didn't
like that guy much. The same source that told me about the Paradyne modem
story also informed me that FDLE know has ever issue of Critical Mass and
The IBM Home Destruction Kit, not to mention a few buffers hack buffers of
various hack boards to say the least, so I guess they are having some i
interesting reading, but that does not really bother me to much. So what's
the moral..... Keep them deck's locked in at night and have fun.
In other interests, Shadow and I are working on a underground internet
BBS, but this is still in the making. Should be interesting though. It will
be running on a VAX/VMS somewhere in America, but as I said this is still
in the making. If you wish to can details on it, please contact I or the
Shadow Hacker at one of our interesting BBS's here in town. I am personally
hoping that it works out. Talk about a FAST board.... Yesh! We are hoping
to have types from all over the country to hang out there after a late night
of wondering though that maze we love... Internet. Hopefully, we will have
the hack types from Chicago at Terminal Enterprises call along with many
others. As I said, just drop me a line.
Well, other than that, there ain't to much going one, so lets go
ahead and let this issue of Critical Mass unfold......
_____________________________
l l
l A Few Tid-Bytes On UNIX l
l By The Beaver l
l___________________________l
I myself am not particularly fond of Unix OS, but it sure as hell
beats MS-DOS any day. This OS was created by Bell Labs in the 60's, and is
now one of the most popular OS on mini's today. The great thing about it is
is that is can support multiple users, has nice multi-tasking capabilities,
and is generally fun to hack. It can be used on anything to your average
IBM PC to a VAX 6320, and is great for networking, because on one Unix
operating machine, you can probably run the same programs on another Unix
machine. There are many other types of Unix look a likes (I.E. - the
Ultrix, etc) but they all pretty much run the same. If you have no idea what
Unix looks like, or what commands or, go to your local library and check out
a book or to. This is another feature that makes Unix type systems nice.....
Theres lots of info....
First off, we will start with a system that we have found that all
we have is front door access (I.E. - You can't connect up to it though
internet and do fingers on it so you have no idea what you are dealing
with.)
I start here because as I always stress, you must look for the most
obvious things first, such as test accounts, etc on the system. Besides this
there are also a few users that you should always try, because they are
almost always there. They are......
uucp
nuucp
who
nobody
guest
root
Note: Unix systems ARE case sensitive, so keep this in mind, when I
say something about Unix, be it a command or username, the
casing IS important.
The first one you will notice is "uucp". This is a Unix networking
protocol to send files from one Unix machine to Another, a lot like FTP in
some cases. Now, this will almost always be on there and a lot of times you
will find them to be open access. Now, I know your thinks, damn just type
uucp and I am in on a Unix machine? Well, no. This is not always the case.
During setting up the system, the system administrators are supposed to set
up the account with a "public/uucp/spool" access, or no shell. When you use
a Unix machine, with a username, you get a certain shell, be it a 'sh' shell
or better yet a 'ksh' shell. Imagine what happens to you when programing in
BASIC on your IBM and you type the word "shell". What happens??? It loads
your command interpreter and gives you a DOS prompt, or in BASIC's case
a DOS Shell Prompt. Now imagine when you connect up to a Unix machine,
after you enter your username and password, it looks at your access and
shell capability (if you have any) and then says "Ok, he has access to 'sh'"
('sh' being the shell type, see your Unix manual you got at the library), and
it loads up a 'sh' shell. Now lets say I give it no shell but a program to
run, say uucp? How can you get to a shell when you have no access to one?
Well, any rate, the whole point is that sometimes they forget the
'public/uucp/spool' and give you a 'public/uucp/sh' and you can not only
use uucp to transfer files with, but also at there 'login:' prompt , enter
the system by simply typing 'uucp', and if a shell is there. Tada! You
got a account!
Now, lets look at another nice feature about Unix outside the Box
on internet. We will use the command 'finger'. For our example here, the
internet address will be "The.Unix.We.Want". Now sometimes you can get Unix
to do really nice stuff for you one internet, if the machine that you are
targeting is on internet. I have seen quite a few machines that will actually
hand you user listing right off there machine no questions ask. On some Unix
systems, if they will let you, you can 'finger' certain people off of a
certain machine. That is to say, on our example system, we will say that
there is a guy named "bob" on the remote system that we want. First, just
to show the less experienced, we will do a full finger of all current users
on-line... So we would do the following.....
finger @The.Unix.We.Want
This will give all the current users on-line. Now we want to finger
"bob". Note: It doesn't matter if bob is on-line or not, it user arguments
are permitted, it will tell you what it knows about "bob"...... We would
type this......
Login: bob In real life: Bob Smith
Last Time On: Sept 18, 1991 From tty04a
Plan: I have no plan.
Or something to this degree. It will sometimes include other things
like plans and phone numbers, but this shall due (remember phone numbers, you
can sometimes use them for a social engineer). Now here is where it can get
interesting on some machines.... Lets say that there is more than on we with
the name "In real life:" of "bob". I have found in many cases it will show
you ALL the users with the name "bob"! So from here, open a buffer and
start fingering common names such as bob, john, dave, david, mary, etc. One
time I entered "student" and got over 400 usernames on a system and was
in it the next day.
Ok, know your inside the machine. What do you do? Get all the
usernames! Easy, the password file is a public access file, and anyone
can get it, BUT all the passwords are encrypted, so all you really get
it there Login Name:Encrypted Password:ID:Group ID:Name/Login Dir". To get
this file, I would use the command "cat". This is sorta the equivalent to
the command "type" on a IBM machine. The password file will be in the
"/etc" directory. So to get the password file, type......
cat /etc/passwd
Make sure that buffer is open. You will notice that all the passwords
will be complete gibberish, but after getting the file, the first thing I
do is look for is accounts with no passwords. This is easy to spot, because
if the account has a password, Unix will have something to encrypt... If
not, it will leave it blank. For example, will say "bob" did have a password
, so his name in the passwd file will look something like.......
bob:!Wrf$QAASj$:12:12:Bob Smith:/sh
Note the format, the ":" separate everything..... Like thus.....
LoginName:Password:ID:GroupID:Name:Dir(Shell)
So.........
bob:!Wrf$QAASj$:12:12:Bob Smith:/sh
^ ^
LoginName Password (Encrypted)
But Lets say "john" has no password (keep in mind the format), his would
be something like......
john::12:12:John Doe:/sh
See the "::"? There ain't know password. You can usually pick up
a few accounts by doing this....
Now there are even other ways. But these take a little C programing
knowledge and use of a function called "crypt". I once read by a hacker in a
book that you can do a method called "Hashing Passwords" on Unix systems.
Though I have never tried it, heres how it is done......In the authors words.
" In that file, the password is HASHED... It would be a pain in the
%$@# to find a hashed password... But I think that it can be done.
on smaller systems all you have to do to get a password is find the
ROOT:#####: where #### will be gibberish. To DE-crypt the Unix
, put that gibberish in a file and type CRYPT Unix<filename. (Unix
is Unix will a cap "U" and lower "inx".)
[The Article Continues]
Seems that some college student got real bored and figured it all
out..... Also seems a real bitch to remove it... except by adding
protection.... but all passwords hashed by the "Unix"... I don't
Think this can be altered - Agrajag"
But, this article was written a while back, and I have not used
this method myself because I can't seem to find that perfect system that
he is talking about.
At the end of this method is a program that will use another method
in that you do not need to know the encryption password. What it does it
encrypts a list of passwords one by one and compares to see if anyone has
that password. If so, it records it... If not, it moves on...
I have also not tested this either, but according to a northern
hacker (a friend of mine) named errokos, he says it works quit well.
A method that I was think might work it to change YOUR password
many times and compare, because remember, when you change your password,
it has to go though the encryption routine also.
One neat thing also about Unix, is that some systems do not or
do not use proper protections on mail, so you can read other peoples
mail many times. Shadow hacker and I had to figure this one out many
moons ago, but we didn't discover it. All mail is usually stored in the
/usr/mail directory. To find out who has mail type....
ls -l /usr/mail
This should display (I am a little rusty with Unix) who has mail
and if you can read it (if it has a "r" in there, that means read, you
can get to) To get to a persons mail, types ....
cat /usr/mail/(username here)
If all goes well..... You can read that persons mail.
And heres the last little bit of info on Unix that I came across.
This was also written a good while back, but might actually be worth looking
into. Once again, I still have to check this out myself. This was written
in TAP #91 by BIOC Agent 003... It goes as follows...
"Every UNIX system is capable of communicating with other UNIX
systems though a series of programs called uucp.
Once inside a UNIX system, type:
ls /usr/lib/uucp
to list the support files in conjuction with the uucp programs.
The two most important files (from a hacker's point-of-view) are:
L.sys
and
L-dailcodes
It is these files that other UNIX systems stores numbers and
passwords to other UNIX systems!
The first file (L.sys) contains: 1) the name of the remote system
2) the time that the first UNIX system should be called 3) the hard-
ware device that should be used for the call (i.e.- modem port #)
4) baud rate 5) phone number, and 6) the login information. For
example, the file might look like [Editor not, us "cat"]:
MaBell MoTu tty99 300 dc2638 login uucp ssword: it
In the example, the system called Ma Bell can be called on Monday
or Tuesday. You can probably call anytime you want though. The UNIX
system is to dial in though tty99 (not important to us). The baud
rate is 300. The number is dc2638. It will wait for the string
"login" and send "uucp" (the username); it will then wait for the
string "ssword:" [Note: pa(ssword)] and send the password "it".
As you may have noticed, the phone # (dc2638) is non-standard. This
is because the system uses abbreviations from "L-dialcodes" file.
A typical file might look like this [Editor Note:Use "cat" again"]
tn 9w18005218400w12345678w
dc31155-
In this case dc2638 is really 311-555-2638. Also, some extenders
may be thrown into the file! the "w" mean to wait for dialtone.
To list these files you would type:
cat /usr/lib/uucp/L.sys
cat /usr/lib/uucp/L-dialcodes
[Article Continues]
In most cases, these files are unprotected - but intelligence is not
prerequisite for UNIX administrators!
[Article Continues]
If you are successful in obtaining these files you will have expanded
you directory of UNIX systems, passwords, and possible SCC's and WATS
extenders! If you master uucp commands (as opposed to the shell
commands) you can copy and file! Once on another system, the could
work in a vicious cycle (vicious for them that is)"
Well, that's it for the little bit of UNIX info that I have. As I
stated, I don't like to hack UNIX to much, but check these ideas and methods
out and tell me what you think. I think I am right now going to check out
that last method now! Jezz, how could I have over looked that article! Chow
---==<Beaver>==---
Note: I am starting a series of articles on a system I have pretty much
mastered. Hacking VMS, inside and out. Coming Soon. That should be
huge and filled with all sorts of stuff for ya, with only new methods
that I know about along with a few others!
_______________________________
l l
l Hack'in Offa LUIS Terminals l
l By The Beaver l
l_____________________________l
First off, I ain't talking about hacking LUIS (Library System
for Florida Universities), because that would not only be bored, but stupid,
considering they ARE public access terminals, but rather how to go up to
ANY luis terminal and hack off of it.
First let me tell you about Me and Shadow Hackers little hack
adventure. One day we decided to go to one of the FSU libraries to do some
goofing off basically. We were there to look up some information and where
using the LUIS terminal. The deal was that we found a "reset" button (open
cover on the front) and went, "hey, lets watch this thing reboot and see what
it does!". A normal question for typical hackers to ask. So we did it. As
it rebooted, I saw something that looked real interesting. I saw it say
for a split second, "NERDC ACTIVE", but then it auto-signed on. I told
Shadow what I saw and we knew what it meant, and so shall you in a moment.
It meant that they where hooked up though NERDC (North West Regional Data
Center), better know as a "VTAM" type of a machine. I had hacked on it
before and knew of a few places to get too from it. Now it was time to
try and fool the server equipment. My idea was when it 'auto-signed on'
to give it a few extra characters, so it would never get to LUIS. We tried
it, but it failed. Shadow said to me "There has to be a way to break out".
About five seconds after this statement, with a little luck and skill, he
found it! Now where are in VTAM hell, or so we thought, until I should shadow
how to get to FIRN and then go to TYMNET and them go to TYMNET in Atlanta!
So where standing at this terminal, supposed to be looking up books,
but we are sitting on the TYMNET link to Atlanta! Ha! The world is open
to us, not to mention all the other data centers! Here is how it is done.
Walk up to ANY LUIS terminal and hit these key arrangements in order......
ALT - ATTN (the ATTN key will be in the far left side of the keyboard)
Return
ALT - ATTN
Return
Hit return (Note: the key that says "Return" on it, not the standard
place where the return key is!) a few times. You will now see "NERDC ACTIVE".
Here where you can have some fun. From here, you can type.....
FIRN
Bam, your at the beloved "FIRN". You can play there, but lets say
you want to go to tymnet, and the FIRN prompt type.....
TYMNET
Bam, your on tymnet net. You can play there (read "hacking tymnet")
Now lets say you get bored with Tallahassee tymnet, type... at the Tymnet
prompt.... (Tymnet is exactly the same a FIRN, for they are one and the
same).. type....
NEA
Bam, your at Tymnet in Atlanta. The options are endless! And pretty
safe to. There are other nets you can go to, like Florida State Government
systems. To disconnect and get help on all the "server" commands, hit a few
PF keys (right side of the keyboard) till you get the hang of it. Now go back
to the "NERDC ACTIVE" crap and type.....
NWRDC
Now your at North West Regional Data Center, and you can get to all
the Florida Data centers, but WARNING! You are on a NERDC terminal and all
the data centers work together! So if you are trying to hack CICS (Which
we did, then realized we could have seriously fucked up!), it will send what
terminal you are at! I don't just mean the City, I mean all the way to the
exact terminal! All they have to do is look it up and they can tell you
basically where you are currently standing/sitting! CICS for instance, is a
state accounting system, and they don't take kindly to being hack!
A little safer method to get to FIRN and all that is to connect
to FSU1, via username "IBM" and then go to NWRDC, but really, this ain't
no safer, but you can do all the exact same things. Considering Tymnet has
nothing to do with NERDC, the terminal identification will not be pasted on.
But though the terminals at FSU libraries (look for CDCnet
terminals), you can pretty much get anywhere you want from there, are you can
call from home and go to FIRN, though from home, it is a SLOW loop, but
works well to do safe hacking on tymnet. Anyway, just take this sloppy
article and copy down then commands and see what you can do. It very easy
to get the hang of and have fun. So the next time one of you young hackers
gets your deck taken away, say "hey mom, drive me to FSU so I can look up
some stuff" , then hack all day! Or if you are just in the region or outta
a line, go there! Have fun.
---==<Beaver>==---
_______________________________
l l
l Hacking AF Gateways l
l By Dementia Meister l
l_____________________________l
Hey here is a trick for using the miltary gateways. If you want to
go throught a miltary gateway, just TELNET to it, there is no login, only a
password check. When asked to enter the password, enter the name up to the
part '.AF.MIL'. IE... the IZMIR-GW.AF.MIL password is IZMIR-GW. This is a
way to use them as relays to reach 'not reachable host'(s). Have fun.
Here is a list of some Air Force Gateway's
-------------------------------------------------------------
academy-gw.af.mil
adelphi-gw.army.mil
afwl-gw1.af.mil
alconbury-gw.af.mil
altus-gw.af.mil
andersen-gw.af.mil
ankara-gw.af.mil
arinc-gw-an.af.mil
arinc-net1-gw.af.mil
aviano-gw.af.mil
baarksdalenet-gw.af.mil
bergstrom-gw.af.mil
dobbins-gw.af.mil
eglin-gw.af.mil
izmir-gw.af.mil
torrejon-gw.af.mil
plus there is a lot more. (see P.A.L.S. issue
#1 for a more complete list.)
-=[ ]). |\|\. ]=-
(Dementia Meister)
CREDIT(s): Abigail and I (]). |\|\.) found out this
neat little trick about the gateways one
late night, bored off our ass.
_____________________________
l l
l Hacking Extenders l
l By The Beaver l
l___________________________l
Extenders come in all colors shapes and sizes, and are generally
pretty cool hack off of. They are very useful in hacking what would be
direct numbers and sometimes long distance. First off, lets talk a little
bit about extenders and differenet types of them.
A extender is a number that one can call, and by calling this number
you can go to multiple place by entering a extention. This is not to be
confused with VMB's (Voice Mail Boxxes), but actually connect to the desired
extention or fone number. Here is a example....
I commonly call the great little extender (connact me for details),
which is a 1-800 number. Now, when I call it, I get "Welcome To The
(something or other, to soft to tell) Network. Please enter the 4 digit code
to the office you are calling". From here, I enter with ye old touch-tones
"5533" and await a carrier. From there I connect to a DECnet and go to
a varity of places, because I know that this extender servers a certain
prefix, so the 4 digiti code is actually the exchange to where I want to
call, so in effect, it ends up being a free LD call, and the system I am
calling will have a hard time tracing! Caught your interest!
But wait, there is a catch. 800 numbers you can trace off due to
90's equipment switching (ESS shit you know). To get a idea of how fast
this shit can work, dial 811 (ANI for our area) and you will see! Thats
why it is better to do this shit from a pay fone, though I have used
extenders from time to time from home. You just have to watch how you do it.
Now there are other types of extenders, then kind companys use,
that require a access code. These you really have to watch your ass. These
are sometimes better in that you can usually call anywhere in the US and
sometimes outside. The thing is that when your access code you hacked gets
busted, one of two things might happen. They will just kill the code, or
they will attempt to bust you by straping a fake carrier there or a fake
busy signal to keep you calling back so they can Identify easier.
It ends up, or at least the story goes, that a few fone phreaks
out about these niffty guys years ago. They found a number that was in
Florida that was owned by a orange vendor, and his personel would call this
number and enter the number that they wanted to connect to (note:There
where no access codes). Now, at some point in time a few phreaks found this
and though "cool, I'm not even box'in!" and explored.
Well, the orange vendor found out what was happing and killed the
whole thing. Phreaks, like Capt. Crunch, started to check these out. Then
companys who made these devices started to add on access codes, so phreaks
wrote programs for there machines to crack'em. Heres the way they where
based.....
1> Call the extender
2> enter a access code
3> enter the destination fone number
4> was there a carrier?
If there was, this code is good. Remember though, the only place
hack on coded ones now is from a fortress fone. Codes can be 6-12 chars
long.... Maybe longer. Lets discuss some of the differenet types of
extenders
Local-in-Local-out
WATS-in-Local-out
WATS-in-WATS-out
By far the best to get is the last, cause then you can call anywhere.
Usually, these are protected by access codes though. Now believe it or not,
there are still ones that you can use that require no access code, like the
one I talked about that I like to use above, which is a WATS-in-Local-out.
Now one the thatI was talking about, I have used it and found other extenders
though it! Thats right, call on extender that servers one prefix, out to
a seven digit extender though the first!
To hack these, you can use programs like AIO (All In One Hacker), or
Code Thief, or any of the other programs out there that hack on extenders.
Writting on is not that difficult.... All they have to do is the following:
1> call the extender
2> enter a access code followed by....
3> destination number that has a carrier (FIRN, or something that you know
will not be busy)
As I said, It would be good idea to either hack off a fortress
fone or hack though another extender. Extenders like this are easy to find.
Look in your local fone book for stuff like SPRINT extenders and such. Just
keep in mind of the warnings.
Now, what good are Local-in-Local-out extenders? Well, now that
have seen a ANI ("811" automatic number identifier) in action, think about
direct hacks. Lets say you have been wargaming a area and found a nice
system that you would like to attempt to gain access to, but where afraid
of a trace. Well, call a local extender and goto that system. These are
really easy to find, plus if you get trace, that get the extender number and
you know what they where up to but, ha, they ain't got shit.
How to find these? These are easy. Alot of times you will find that
when you call them, the message will usually say something like," this is
(insert name here <company,name,whatnot>). No ones around so please leave
a message or enter the (office/extention) you wish to connect to." The best
places I find these guys in our area is the 599, 488 and 487 prefixes.
The way I scan for them is I wrote a little program that dials
modem sequentally though the numbers I dial. I just grab a glass of milk/
coffee or what not, and dial away, hitting space bar to hand up. I just
listen to what I hit and record numbers I find intresting. Not only is this
a good way of doing this, but you can also record other intresting fone
numbers (beepers/system/fone testing equipment/etc).
Now one note with hacking a carrier with a access code. Do it
random order, this is because it is easy to identify that someone is hacking
there extender. Here are two extenders that will show you the range that
they can go though....
(904)487-7766 - Dial tone (this guy has never been hacked)
(904)487-7762 - Apex Dialup port.
Now, you can scan for WATS-in-Local-out the sameway you did it
local. With the little program I was talking about above. Remember, as with
wargaming, don't over do it. Don't do 4000 numbers. One more thing before
I let you go with extenders, if I get a recording, I hit the touch-touch
tones. Alot of the time, it will be a VMB but you never can tell. Anyrate,
this is all just very basic info, just enough to get one started and its
something to play with. Anyrate.... Chow
---==<Beaver>==---
_______________________________
l l
l Finnal Notes l
l_____________________________l
Welp, thats all folks! You may have noticed that there is no letters
section... The reason is simple. It has been a pretty good while since a
Critical Mass has come out, so I have either not captured my mail or I have
not gotten any mail worth printing here. Anyrate, the next Critical Mass
should be all about VMS. The only things it will contain will be the normal
editorial, letters, finnal notes and hacking VMS. The hacking VMS series
should be pretty big, and might talk up not only Critical Mass #6 but
possibly #7 and #8 as well!
Anyrate, its been real and happy hacking...
---==<Beaver>==---
Special Thanks To: The Shadow Hacker, Section 8 for the place to hang,
Dementia Meister, Abigail, Darth Vaider, anyone I
might have missed, and of course, all members of
the SAOO.
A Special "I hope you die" to: All NFSA sysops.
