Copy Link
Add to Bookmark
Report
f0rbidden knowledge issue 02
.:==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==:.
:: f0rbidden knowledge issue two ::
`:==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==:'
.:--==--==--==--==--==--==--==-->> Contents of This Issue <<--==--==--==--==:.
:: ::
:: -=>Welcome<=- ::
:: ::
:: (x) Disclaimer ............................................ The Editor ::
:: (x) Introduction .......................................... The Editor ::
:: (x) Weird of the Month .................................... The Editor ::
:: (x) Feedback and Stuff .................................... The Readers ::
:: ::
:: -=>Phreaking Stuff<=- ::
:: ::
:: (x) MTN Voicemail Hacking ................................. Wyzewun ::
:: (x) Microsoft South Africa looses R3500 ................... Wyze1+Satur9 ::
:: (x) South Africa's answer to ANI .......................... Line Noise ::
:: (x) Telkom Voicemail Hacking .............................. Marc Satur9 ::
:: (x) Beigeboxing in South Africa ........................... Wyzewun ::
:: ::
:: -=>Hacking Stuff<=- ::
:: ::
:: (x) Hacking through Windows 95 Plus! Security ............. Wyzewun ::
:: (x) Update on the Nedbank Windoze NT Hack ................. Gevil+Wyze1 ::
:: (x) How to get a unrestricted shell on Nedbank ............ Wyzewun ::
:: (x) Windows 95/98/NT Backdoor ............................. Marc Satur9 ::
:: ::
:: -=>Misc Stuff<=- ::
:: ::
:: (x) Ripping off Arcade Machines ........................... Wyzewun ::
:: (x) Compact Disc Theft .................................... Cyberdave ::
:: ::
:: -=>Parting Words and Credits<=- ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==--==--==--==--==--==--==--==>> Disclaimer <<--==--==--==--==--==--==--:.
:: ::
:: Telkom are solely responsible for this file. This file was at one stage ::
:: an article on the evils of Masturbation that a 10-year old was attempting::
:: 2 upload 2 Christian Network BBS. Due to the bad quality of Telkom's ::
:: lines, the file became corrupted and turned into this. All complaints ::
:: can be addressed to telkom@telkom.co.za :-) ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==--==--==--==--==--==-->> Introduction by the Editor <<--==--==--==--==:.
:: ::
:: Greetings Earthling... ::
:: ::
:: The response to Issue one of f0rbidden knowledge was very encouraging ::
:: and we are glad to say that FK is without doubt, a success. The e-zine ::
:: will be published monthly and distributed at the following sites... ::
:: ::
:: www.posthuman.za.net ::
:: ::
:: I would like to extend my thanks to Coffee, Alcohol, Columbian Cola, ::
:: Marilyn Manson, Beck, Pop Will Eat Itself and vast amounts of sugar for ::
:: helping me so much with the construction of this issue. Oh yes, and I ::
:: almost forgot - Cache asked me to publically thank him for phoning me ::
:: at the most awkward times possible - So Cache, thank you for being such ::
:: a Butthead. :) ::
:: ::
:: Well, that's pretty much it from me. Hope you enjoy the zine - The ::
:: two articles which are this month's highlights are without a doubt our ::
:: new Nedbank exploit which lets you into an unrestricted shell and our ::
:: completely original Windows 95/98/NT backdoor. ::
:: ::
:: All comments, questions, article submissions and subscription requests ::
:: can be mailed to the Editor at wyze1@syrex.co.za ::
:: ::
:: Cheers ::
:: Wyzewun ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==--==--==--==--==--==->> Weird of the Month <<=--==--==--==--==--==--==:.
:: ::
:: We were Neurophobic and Perfect ::
:: The day we lost our souls ::
:: Maybe we weren't so human ::
:: But if we cry, We will rust ::
:: ::
:: And I was a hand grenade ::
:: That never stopped exploding ::
:: You were automatic ::
:: And as hollow as the "O" in God ::
:: - Marilyn Manson, Mechanical Animals ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==--==--==--==--==--==--==--==--==--==-->> Feedback <<--==-==--==--==--=:.
:: ::
:: Bah, we got about 3 megs of mail, so I figured including it all would be ::
:: a bad idea, but please, you are still feel free to mail us any comments, ::
:: questions, suggestions, subscription requests and article submissions. ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
\\..........................................................................//
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
:: Phreaking Stuff ::
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
//..........................................................................\\
.:--==--==--==--==--==--=>> MTN Voicemail Hacking by Wyzewun <<=--==--==--==:.
:: ::
:: Despite the MTN Voicemail system now being relatively free of Software ::
:: bugs, it is still ridden with security flaws caused by MTN's lack of ::
:: proper explanation of how exactly the Voicemail system works. The ::
:: following is quoted from an MTN instruction manual... ::
:: ::
:: "You may want to set a password for your mailbox. Make it something easy ::
:: to remember, like the first 4 digits of your phone number." ::
:: ::
:: What they *dont* explain is that anyone who knows this password can axs ::
:: your vmb and that a default password of "1234" will be present if you ::
:: neglect to set one. The general security on the MTN Voicemail system is ::
:: incredibly slack, save the MTN employee VMB's. ::
:: ::
:: There are fewer unused VMB's than on the Vodacom system and the VMB's ::
:: usually have fewer privaleges, but security in general is far inferior ::
:: to the security on Vodacom VMB's and social engineering is easier too, ::
:: these guys don't ask why, they just reset the VMB. ;-) ::
:: ::
:: Oh, and one last thing, try as *hard* as you can to hack the VMB of any ::
:: number that starts with (083) 2121 because these are phones with MTN ::
:: employee privaleges. Find some-one with a really high status and you ::
:: could take over MTN comlpletely. =) ::
:: ::
:: Don't do anything I wouldn't do. (evil fucking grin) ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==-->> Microsoft SA Looses R3500 because of Wyze1 and Marc Satur9 <<==--:.
:: ::
:: Oh dear. Looks like Microsoft South Africa ran into a bit of a problem ::
:: with their phone account. You see, MS are money-grabbing idiots who want ::
:: to earn as much as possible, whilst still spending as little as possible ::
:: ::
:: It is worth noting that they decided to select a cheaper Toll Free ::
:: service from Telkom in which they would pay per call they recieve. It is ::
:: also worth noting that they invested in a cheap, bad PBX system. So, ::
:: what happens when two sick, twisted children (Wyzewun and Marc Satur9) ::
:: find a way to keep ten public phones billing Microsoft every night for ::
:: a week, because their stupid, Microsoft Made Answering machine system ::
:: doesn't know how the fuck to ATH0 ;-) ::
:: ::
:: Unfortunately, Microsoft are abandoning their Toll Free Number for ::
:: reasons which they are not announcing to the public. Ag, yeh, they know ::
:: it was us... we phoned in responsibility (grin) ::
:: ::
:: This article was dedicated to the memory of 0802111104 - Rest in Peace ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:==--==--==--==--==--==--==--==>> Telkom VMB Hackin by Marc Satur9 <<==--==:.
:: ::
:: >Note from the Editor: Due to the sensitivity of this system at present ::
:: it is in our best interests to not release this information until FK3 ::
:: considering that we are already publishing highly sensitive info on ::
:: Nedbank in this issue< ::
:: ::
`:--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--:'
.:==--==--==--==--==-->> South Africa's Answer to ANI by Line Noise <<==--==:.
:: ::
:: Well, yeh, Wyzewun is writing this, but it's info I got from Line Noise. ::
:: Now, if you dial 101999 (Toll Free Call) it will tell you the number of ::
:: the phone you are dialing from! Unfortunately, this number only has one ::
:: line, so it's pretty hard 2 get through during the day, but keeping ::
:: trying coz it is worth it. For those of you with little phreaking ::
:: experience who don't understand what exactly one would use this number ::
:: for, you are free to mail any member of the SoS and ask. =) ::
:: ::
`:--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--:'
.:--==--==--==--==--==>> Beigeboxing in SA according to Wyzewun <<==--==--==:.
:: ::
:: Allright, this wont cover the construction of a Beige Box or any of that ::
:: junk coz f0rbidden knowledge prides itself in its simplicity. This will ::
:: just cover use of a Beigebox in South Africa Now, take a stroll down to ::
:: that nice big blue box that says Telkom on it just down the road from ::
:: your house. yes, the one that looks like this... ::
:: _____________ ::
:: (XXXXXXXXXXXXX) ::
:: |.---------,| ::
:: || (o| >> ascii art stolen from kokey << ::
:: || >| ::
:: ||========(o| ::
:: || >| ::
:: || (o| ::
:: |`---------'| ::
:: ____________`+---------+'______________ ::
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ::
:: ::
:: Right, now there are several methods which Telkom use to keep us out of ::
:: their precious little boxes... ::
:: ::
:: 1) A Handle - Yes, in the rural areas there will be a single handle ::
:: which will open the door. ::
:: ::
:: 2) Three triangular bolts - The most commonly used method, will open ::
:: with the proper tool ::
:: ::
:: 3) Three or One Circular Bolt - This is a wierd system which is also ::
:: common. Saw a little line in a piece of ::
:: hollow pipe and use it 2 open these ::
:: ::
:: 4) A Lock - Bah! Telkom cheats! I've never been good with lock picking ::
:: but I've found that bolt cutters also work :) ::
:: ::
:: Right, now let's say that you are in the box. What will you see, well, ::
:: there are two possibilities. You may see a big mess of black and white ::
:: wires. Find a black and white wire that originate from the same terminal ::
:: and strip them. Then connect your box. I've often found that Telkom have ::
:: already stripped quite a lot of the wires on these boxes, which makes ::
:: things go considerably faster. ::
:: ::
:: Alternatively, you may see little black and white terminals like the ::
:: ones that connect your speakers to your Hi-Fi. Strip your wires, slide ::
:: them in, and press down to make it snap into a secure connection. ::
:: ::
:: Once you've got a line, have fun! Phone your friends overseas, do ::
:: whatever. And if you want data, I would suggest getting your hands on a ::
:: Compaq C-Series PDA, tiny and secure, it's the ultimate hacking tool. ::
:: ::
:: Later... If you have any trouble with this stuff you can mail me at ::
:: wyze1@syrex.co.za for a bit more detail ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
\\..........................................................................//
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
:: Hacking Stuff ::
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
//..........................................................................\\
.:--==--==--==> Win95 Plus! Security package Vulnerability by Wyze1 <<--==--:.
:: ::
:: Wow, I want to make my Windows boxes secure with the 31337 Security ::
:: package by MS for Windows 95 Plus! No-one will be able to get in - look, ::
:: I have no start button, or desktop, they're helpless! Now, what was the ::
:: key to re-login again? Was it Ctrl+R? No, that looks like a RUN menu. ::
:: Damn, What could it have been... ??? ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==->> Update on the SoS Nedbank Windows NT Exploit by Wyze1 & Gevil <<--:.
:: ::
:: Yeh, the code doesn't work anymore. :( And yeh, we cracked root on this ::
:: piece of machinery too now, but we'll share that with you later, or when ::
:: Nedbank fixes the root exploit included in *this* ish. Gevil and I might ::
:: also stop publishing this stuff at one point, because very soon, the SoS ::
:: will have a very bad name with Vodacom, Telkom, MTN and Nedbank ::
:: ::
:: We may find some other victims for next month, (Gevil and myself are kind::
:: of bored of Touch Screen hacking now, and want to try new, but equally ::
:: supposedly impossible things) Or, we may just continue fucking over our ::
:: favourite enemies. Bah, who cares? No-one in the SoS has been arrested ::
:: yet. We're fine... Right?!! =) ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==--==--==->> How to get a Rootshell on Nedbank by Wyzewun <<--==--==--=:.
:: ::
:: Yes, our old Nedbank hack doesn't work anymore. Bah, I was bored of the ::
:: employee menu anyway. Unrestricted shell sounds good to me. Yeh, think ::
:: I'll get myself one of those. =) ::
:: ::
:: Allright, y'know those old Nedbank ATM's with the full keyboards? Well ::
:: go find one! Right, so you found your target - this machine is running ::
:: Windows 3.11 for Workgroups with TCP/IP ::
:: ::
:: Press the second Green Button on the Right and Yes at the same time ::
:: Press the Help/Tab button ::
:: ::
:: Now, you are chucked in2 some lame proggy called Nedshell. It's some ::
:: sort of a taskmanager-type-thing. Bah, it's boring. Press "e" to end all ::
:: current tasks and close all Windows. The Screen will go black and then ::
:: go into a Normal Windows 3.11 Interface for your hacking pleasure. ::
:: ::
:: But please guys, don't change anything, lest you get caught. I don't ::
:: want to be responsible for the arrest of 500 ZA-Hackerz. Just look ::
:: around, explore the system, cruise the net (yip, some of dem have i-net ::
:: access) and tinker intelligently, making sure not to break things ::
:: ::
:: Most importantly, have phun, but don't do *anything* stupid. The less ::
:: stupid everyone is, the longer Nedbank will take to fix this bug, and ::
:: the longer you will all have axs to Nedbank's server and free i-net. ::
:: ::
:: Enjoy Kidzzz... ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==--==--==--==-->> Windows 95/98/NT Backdoor by Marc Satur9 <<==--==--==:.
:: ::
:: Windows 95/98/NT appears to be full of undocumented extras (efg). While ::
:: running my BSD box on a windows' network, i noticed that all the remote ::
:: administration was coming from a "user" called ADMIN$. ::
:: ::
:: I then experimented a little and found that sharing any folder as ADMIN$ ::
:: is the equivalent of enabling remote administration, only it's not that ::
:: easy to find out if the box is "infected". You can share any folder, the ::
:: best results usually come from a subfolder deep within the "windows" ::
:: directory, one that they won't look in. The only way the user is likely ::
:: to detect he is "infected" is to run Netwatcher at the same time that you::
:: are accessing his box. >Editors Comments: Or by using the netstat program::
:: in his Windows Directory< ::
:: ::
:: The only way he can "clean" it off is to enable and then disable remote ::
:: administration. If you hide the shared folder well enough, you should ::
:: not get caught at all - The shared folder will also not show as a share ::
:: in Netwatcher if it is named ADMIN$ and somewhere within the Windows ::
:: directory. ::
:: ::
:: >Editors Comments: If there is any demand for it, the SoS would be happy ::
:: to write a program to install this backdoor on a host. Of course, we ::
:: won't bother if nobody asks< ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
\\..........................................................................//
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
:: Misc. Stuffenhauzen ::
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
//..........................................................................\\
.:--==--==--==--==-->> Ripping off Arcade Machines by Wyzewun <<==--==--==--:.
:: ::
:: This method was originally thought up by Vortexia, but he is too busy to ::
:: write a file like this and probably wouldn't admit to thinking this up ::
:: anyway, having thought up much more amazing stuff than this before, so I ::
:: wrote it myself. ;) ::
:: ::
:: If you've ever been to an arcade that uses a card system, you've ::
:: probably seen the card thats just a piece of cardboard, with a line of ::
:: tape in it, a lot like the tape you'll find on an audio casette. ::
:: ::
:: Get about 20 of these cards, or however many you'll need before you can ::
:: spool them inside an audio casette. Then play this sound to your PC, ::
:: record it in WAV format and loop 90 minutes of this sound onto another ::
:: audio casette. Then, whenever you need a card, cut a piece off this tape,::
:: stick it on a piece of card, and you're fully recharged. If you ever ::
:: play e-nuff games to finish the 90-minute tape, then just make another ::
:: one with the WAV file you still have on your HD. ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==--==--==--==--==--==->> Stealing CD's by Cyberdave <<==--==--==--==--=:.
:: ::
:: Yeh, steal some CD's, why not? They're smaller than buses. :) >Comment ::
:: from Wyze1 - Stealing buses is cool! You can run over ppl who laugh at ::
:: you for writing articles on bus theft :P> K, wait at a CD shop until ::
:: some-one buys the CD that you want. Then, walk out with the same CD in ::
:: your pocket before he does - The alarm won't go off - it only will when ::
:: he goes out. Ag, yeh, I would explain how it works, but that would take ::
:: time and if you can't figure out why this works, you suck :) ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==--==--==--==--==--==--==--==--==> Thanks and Greets <<=--==--==--==--=:.
:: ::
:: Aleph1, Balin, Cache, Caliburn, cDc, Corrupt SYN, CrazyG*y, Cyber Demon ::
:: Cyclotron, daemon9, Emmanuel Goldstien, Hex Acid, HFG, HNN, Informant-X ::
:: kokey, Kool4Katz, L0pht, Line Noise, LOU, Mudge, Pavlov, Pri$m, r00t ::
:: Radix, Sector12, Shaddow Skinhead, Sledge, Snadboy, so1o, Team CodeZero ::
:: THC, The Guild, Vortexia ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
.:--==--==--==--==--==--==--==--==--==--=>> Parting Words <<--==--==--==--==:.
:: ::
:: Well, guess I can safely say that the SoS have done it again - We have ::
:: released more *quality* textware to the public. We were going to wait ::
:: a bit longer and include more in this issue, but we wanted to release ::
:: our new Nedbank hack asap coz the old one stopped working and we had ::
:: told it to a few ppl already anyway. ::
:: ::
:: Whatever we include in FK3, you can rest assured that it will be just as ::
:: groundshattering, if not more so, than FK2. ::
:: ::
:: The Sons of Satan / Saviours of Systems are... ::
:: ::
:: ::-=-=-=-=-=-=-=-=-=-=::=-=-=-=-=-=-=-=-=-=-=-=-:: ::
:: :: Wyzewun :: wyze1@syrex.co.za :: ::
:: :: Marc Satur9 :: satur9@syrex.co.za :: ::
:: :: SN|PeR :: sniper@noise.co.za :: ::
:: :: Gevil :: gevil@hotmail.com :: ::
:: ::=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-:: ::
:: ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--(EOF)--==-:'
