==Phrack Inc.==
Volume Four, Issue Forty-One, File 1 of 13
Issue 41 Index
___________________
P H R A C K 4 1
December 31, 1992
___________________
~ We've Had A Rest, We're Still The Best ~
You've been waiting for this for a while and it's finally here. A lot has
happened since the last issue. I guess I should start off with the most
important thing as far as the administration of Phrack is concerned: Phrack 41
is the last issue for which I will serve as editor.
Why? Well for one, I was in a motorcycle wreck about a month ago and lost the
use of my right arm for a while and, due to the related financial difficulties,
I was forced to sell my computers and some other stuff.
Secondly, due to my lack of being a rich boy and having access to a nice
machine, I found it necessary to allow others to help me in putting out the
past several issues and that has resulted in some things being released that I
really wasn't happy with.
However, don't get me wrong. I'm not gonna sit here and dis my friends just
because we differ in opinion about some things. I think that the overall
quality of the issues has been pretty good and anyone who says it's not can
basically suck my dick, because I don't give a fuck about your opinion anyway.
Thirdly, and the most important reason why I am resigning as editor of Phrack,
is a general lack of desire on my part. I mean the whole reason I even got
involved with doing this was because of hacking -- partly for curiosity and
partly for being able to thumb my nose at the powers that be and other
intellectual types that say, "You can't do/learn about that because we don't
think blah blah blah." Like I'm supposed to give a fuck what anyone else
thinks. The type of public service that I think hackers provide is not showing
security holes to whomever has denied their existence, but to merely embarrass
the hell out of those so-called computer security experts and other purveyors
of snake oil. This is a service that is truly unappreciated and is what keeps
me motivated. ANYWAY...if you wanna hear me rant some more, maybe I'll get to
do my own Eleeeeet3 Pro-Phile in the future. Heh!
But really, since my acquisition of Phrack, my play time has been hampered and
consequently, I have started to become bored with it. It was great to meet a
lot of cool people and I learned some things. It's now time for me to go back
to doing what I like best. For anyone who's interested in corresponding, I'm
focusing my time on radio communications, HAM radio, scanning, and cellular
telephones. If you are interested in talking about these things to me or
whatever, feel free to write me at dispater@stormking.com.
Aside from all that, I feel that Phrack can be better. That's why issue 42
will have a new editor and administrative staff. I'm not saying who, but you
may be surprised. NO, it's not KL or TK either.
And with that, I'm saying adios and, as Adam Grant said, "Don't get caught."
Now onto the issue:
In this issue's Loopback, Phrack responds to the numerous letters it has
received over the past several months, including the return of Shit Kickin' Jim
and a message from Rop, editor of Hack-Tic.
The Racketeer (Rack of The Hellfire Club) continues his Network Miscellany
column with plenty of new information about fake mail.
Phrack Pro-Phile focuses on one of the hacking community's most mysterious
figures: Supernigger. SN was somewhat involved with the infamous DPAK and has
some words of wisdom to the eleets and other folks who enjoy boasting about
their number of years in "the hacker scene."
DISPATER, Phrack Editor
Editor-In-Chief : Dispater
Eleet Founders : Taran King and Knight Lightning
Technical Consultant : Mind Mage
Network Miscellany : The Racketeer [HFC]
News : Datastream Cowboy
Make-up : Hair Club for Men
Photography : Restricted Data Transmissions
Publicity : AT&T, BellSouth, and the United States Secret Service
Creative Stimulus : Camel Cool, Jolt Cola, and Taco Bell
Other Helpers : Scott Simpson, Zibby, The Weazel, The Fed, El1teZ
Everywhere.
"For the record, we're hackers who believe information should be free. All
information. The world is full of phunky electronic gadgets and networks
and we want to share our information with the hacker community."
-- Restricted Data Transmissions
"They are satisfying their own appetite to know
something that is not theirs to know."
-- Assistant District Attorney, Don Ingraham
"The notion that how things work is a big secret is simply wrong."
-- Hacking/Cracking conference on The WELL
-= Phrack 41 =-
Table Of Contents
~~~~~~~~~~~~~~~~~
1. Introduction by Dispater 07K
2. Phrack Loopback by Dispater and Mind Mage 52K
3. Phrack Pro-Phile on Supernigger 10K
4. Network Miscellany by The Racketeer [HFC] 35K
5. Pirates Cove by Rambone 32K
6 Hacking AT&T System 75 by Scott Simpson 20K
7. How To Build a DMS-10 Switch by The Cavalier 23K
8. TTY Spoofing by VaxBuster 20K
9. Security Shortcomings of AppleShare Networks by Bobby Zero 16K
10. Mall Cop Frequencies by Caligula XXI 11K
11. PWN/Part 1 by Datastream Cowboy 46K
12. PWN/Part 2 by Datastream Cowboy 49K
13. PWN/Part 3 by Datastream Cowboy 43K
Total: 364K
There is no America.
There is no democracy.
There is only IBM and ITT and AT&T.
-- Consolidated
_______________________________________________________________________________
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Four, Issue Forty-One, File 2 of 13
[-=:< Phrack Loopback >:=-]
By Dispater & Mind Mage
Phrack Loopback is a forum for you, the reader, to ask questions, air
problems, and talk about what ever topic you would like to discuss. This is
also the place Phrack Staff will make suggestions to you by reviewing various
items of note; books, magazines, software, catalogs, hardware, etc.
In this issue:
Comments on Phrack 40 : Rop Gonggrijp
Fine Art of Telephony (re: Phrack 40) : Inhuman
Question & Comment (BT Tymnet/AS400) : Otto Synch
BT Tymnet article in Phrack 40 : Anonymous
Phrack fraud? : Doctor Pizz
Remarks & Warning! : Synaps/Clone1/Feyd
One Ron Hults (re: Phrack 38 Loopback) : Ken Martin
Hacking In Czecho-Slovakia : Stalker
Phrack 40 is Sexist! : Ground Zero
Phrack 40 is Sexist!? (PC Phrack) : Shit Kickin' Jim
Misunderstood Hackers Get No Respect : The Cruiser
Hackers Should Land In Jail, Not In Press : Alan Falk
Anonymous Usenet Posting? : Anonymous
Anonymous Mail Poster : Sir Hackalot
Phrack On The Move : Andy Panda-Bear
Computer Underground Publications Index : Amadeus
Pirates v. AT&T: Posters : Legacy Irreverent
Ultrix 4.2 Bug : Krynn
PumpCon Hosed : Phil "The Outlander"
2600 Meeting Disrupted by Law Enforcement : Emmanuel Goldstein
Two New Hardcovers : Alan J. Rothman
_______________________________________________________________________________
Letters to the Editors
~~~~~~~~~~~~~~~~~~~~~~
From: rop@hacktic.nl (Rop Gonggrijp) (Editor of Hack-Tic Magazine)
Date: August 14, 1992
Subject: Comments on Phrack 40
My compliments! You've put out one of the best issues to date. If you keep
this up I'll have to get jealous!
Rop Gonggrijp (rop@hacktic.nl) Dangerous and capable of making
fax: +31 20 6900968 considerable trouble.
----------
From: Inhuman (Sysop of Pentavia BBS)
Date: August 18, 1992
Subject: Fine Art of Telephony
I just wanted to let you guys know that the article titled "The Fine Art of
Telephony" was one of the best articles I've seen in Phrack in a long time.
I hope to see more information on switching and general telephony in the
future.
Thanks,
Inhuman
----------
Date: October 22, 1992
From: Otto Synch
Subject: Question & Comment
Hello,
Reading your (huge) Phrack issue #40, and noticing that you were accepting
comments and questions, I decided to post mine. First of all, please forgive
the English. I'm French and can't help it :-)
My comment: When I saw in the index that this issue was dealing with BT
Tymnet, I felt very happy because I was looking for such information. And when
I read it, I felt really disappointed. Toucan Jones could have reduced his
whole article with the following lines:
-> Find any Tymnet number.
-> Dial and wait for the "Please log-in:" prompt.
-> Log as user "help", no password required.
-> Capture everything you want, it's free public information.
I must say I was a bit surprised to find this kind of article in a high-quality
magazine such as yours...
My question: I'm currently trying to find out everything about a neat AS/400
I've "found," but I never saw any "hack report" on it. Do you know if there
are any available?
OK - Let's see if you answer. We feel somewhat lonely here in the Old
Continent...but Phrack is here to keep the challenge up!
Regards,
> Otto Sync <
----------
From: Anonymous
Date: August 19, 1992
Subject: BT Tymnet article in Phrack 40
Dear Phrack Staff,
The BT Tymnet article in the 40th issue of Phrack was totally lame. I hate it
when people enter Telenet or Tymnet's information facility and just buffer all
the sh*t that's in there. Then they have the audacity to slap their name on
the data as if they had made a major network discovery. That's so f*ck*ng
lame!
Phrack should make a policy not to accept such lame sh*t for their fine
magazine. Is Phrack *that* desperate for articles? Crap like commercial dial-
up lists is about as lame as posting a few random pages from the front of the
white pages. The information is quickly outdated and easily available at any
time to anyone. You don't hack this sh*t.
Regards,
Anonymous (anonymous because I don't want to hear any lame flames)
[Editor's Response: We agree that buffering some dialup list is not hacking,
however, in this specific case, a decision was made that
not everyone had ready access to the information or even
knew of its existence. Furthermore and more relevant to
why the article appeared in Phrack, an article on Tymnet
was appropriate when considering the recent events with
the MOD case in New York.
In the future, you may ask that your letter be printed
anonymously, but don't send us anonymous mail.]
----------
From: Doctor Pizz
Date: October 12, 1992
Subject: Phrack fraud?
I recently received an ad from someone who was selling the full set of Phrack
back issues for $100.00. I do believe that this is a violation of your rights
to Phrack, as he is obviously selling your work for profit!
The address I received to order these disks was:
R.E. Jones
21067 Jones-Mill
Long Beach, MS 39560
It seems he is also selling the set of NIA files for $50, a set of "Hacking
Programs" for $40, LOD Tech Journals for $25, and lots of viruses. It sounds
like some sort of copyright violation, or fraud, as he is selling public domain
stuff for personal profit. At least you should be aware of this. Anyway, I
look forward to receiving future volumes of Phrack! Keep up the good work.
Good luck in stopping this guy!
Thank you,
--Doctor Pizz--
[Editor's Note: We look forward to hearing what our Phrack readers think about
people selling hardcopies of Phrack for their own personal
profit.]
----------
From: Synaps a/k/a Clone1 a/k/a Feyd
Date: September 2, 1992
Subject: Remarks & Warning!
Hi,
I've been a regular reader of Phrack for two years now and I approve fully the
way you continue Phrack. It's really a wonderful magazine and if I can help
its development in France, I'll do as much as I can! Anyway, this is not
really the goal of my letter and excuse me for my English, which isn't very
good.
My remarks are about the way you distribute Phrack. Sometimes, I don't receive
it fully. I know this is not your fault and I understand that (this net
sometimes has some problems!). But I think you could provide a mail server
like NETSERV where we could get back issues by mail and just by MAIL (no FTP).
Some people (a lot in France) don't have any access to international FTP and
there are no FTP sites in France which have ANY issues of Phrack. I did use
some LISTSERV mailers with the send/get facility. Could you install it on your
LISTSERV?
My warning is about a "group" (I should say a pseudo-group) founded by Jean
Bernard Condat and called CCCF. In fact, the JBC have spread his name through
the net to a lot of people in the Underground. As the Underground place in
France is weak (the D.S.T, anti-hacker staff is very active here and very
efficient), people tend to trust JBC. He seems (I said SEEMS) to have a good
knowledge in computing, looks kind, and has a lot of resources. The only
problem is that he makes some "sting" (as you called it some years ago)
operation and uses the information he spied to track hackers. He organized a
game last year which was "le prix du chaos" (the amount of chaos) where he
asked hackers to prove their capabilities.
It was not the real goal of this challenge. He used all the materials hackers
send him to harass some people and now he "plays" with the normal police and
the secret police (DST) and installs like a trade between himself and them.
It's really scary for the hacking scene in France because a lot of people trust
him (even the television which has no basis to prove if he is really a hacker
as he claims to be or if he is a hacker-tracker as he IS!). Journalists take
him as a serious source for he says he leads a group of computer enthusiasts.
But we discovered that his group doesn't exist. There is nobody in his group
except his brother and some other weird people (2 or 3) whereas he says there
is 73 people in his club/group. You should spread this warning to everybody in
the underground because we must show that "stings" are not only for USA! I
know he already has a database with a lot of information like addresses and
other stuff like that about hackers and then he "plays" with those hackers.
Be very careful with this guy. Too many trust him. Now it's time to be
"objective" about him and his group!
Thanks a lot and goodbye.
Synaps a/k/a Clone1 a/k/a Feyd
----------
From: Ken Martin <70712.760@compuserve.com>
Date: November 17, 1992
Subject: One Ron Hults...(Phrack 38 Loopback)
Dear Phrack Staff:
This letter is concerning the letter in the Phrack Loopback column (#38, April
20, 1992) written by one Ron Hults. It suggests that all children should be
disallowed access to a computer with a modem.
The news release to which it is attached attempts to put an idea in the
reader's mind that everything out there (on bulletin boards) is bad. Anyone
who can read messages from "satanic cultists, pedophile, and rapists" can also
read a typical disclaimer found on most bulletin boards which have adult
material and communication areas available to their users, and should be able
to tell the SysOp of a BBS how old he/she is.
A child who is intelligent enough to operate a computer and modem should also
be able to decide what is appropriate for him/her to read, and should have the
sense enough to avoid areas of the BBS that could lead to trouble, and not to
give their address and home phone number to the Charles Manson idols. (It is a
fact that all adolescents have thoughts about sex; nothing can change that.
The operator of a BBS also has the moral responsibility to keep little kids out
of the XXX-Rated GIF downloading area.)
One problem with that is BBSes run by the underground type (hack/phreak, these
usually consist of people from 15-30 years of age). The operators of these let
practically anyone into their system, from my experiences. These types of
BBSes often have credit card numbers, telephone calling card numbers, access
codes to credit reporting services, etc., usually along with text-file
documents about mischievous topics. Mr. Hults makes no mention of these in his
letter and press release. It is my belief that these types of systems are the
real problem. The kids are fascinated that, all of a sudden, they know how to
make explosives and can get lots of anything for free.
I believe that the parents of children should have the sense enough to watch
what they are doing. If they don't like the kind of information that they're
getting or the kind of messages that they're sending to other users, then that
is the time to restrict access to the modem.
I am fifteen years old, and I can say that I have gotten into more than my
share of trouble with the law as a result of information that I have obtained
from BBSes and public communications services like CompuServe. The computer is
a tool, and it always will be. Whether it is put to good use or not depends on
its user. I have put my computer/modem to use in positive applications more
than destructive ones.
I would like Mr. Hults to think about his little idea of banning children from
modem use, and to think about the impact it would have on their education.
Many schools use computers/modems in their science and English curriculums for
research purposes.
Banning children from telecommunications is like taking away connection to the
outside world and all forms of publication whatsoever when one takes a look
around a large information service like CompuServe or GEnie, and sees all of
the information that a service like this is capable of providing to this
nation.
Thanks,
Ken Martin (70712.760@compuserve.com)
a.k.a. Scorpion, The Omega Concern, Dr. Scott
----------
From: Stalker
Date: October 14, 1992
Subject: Hacking In Czecho-Slovakia
Hi there!
I'm student from Czecho-Slovakia (for some stupid person who doesn't know, it's
in middle Europe). Call me Stalker (if there is other guy with this name, call
me what you want). If you think that computers, networks, hacking and other
interesting things are not in Eastern Europe, you're WRONG. I won't talk
about politicians. They really make me (and other men from computers) sick!
I'll tell you what is interesting here right now.
Our university campus is based on two main systems, VMS and ULTRIX. There's
VAX 6000, VAX 4000, MicroVAX, VAXStation and some oldtimer machines which run
under VMS. As for hacking, there's nothing interesting. You can't do some
tricks with /etc/passwd, there's no main bug in utilities and commands. But,
as I know, VMS doesn't crypt the packets across the network so you can take
some PC and Netwatch (or any other useful software ) and try to see what
is interesting on the cable. You can grab anything that you want (usernames,
passwords, etc.).
Generally, students hate VMS and love UNIX-like systems. Other machines are
based on ULTRIX. We have DECstations (some 3100, some 5000) and one SM 52-12
which is something on VAX-11 :-(. It is a really slow machine, but it has
Internet access! There's many users so you can relatively easily run Crack
(excellent program) since passwd is not shadowed. Another useful thing is tftp
(see some other Crack issues). There was a machine with enabled tftp, but
after one incident, it was disabled.
I would like to tell you more about this incident but sysadmins are still
suspecting (they probably read my mail). Maybe after some months in other
articles. Now I can tell you that I'm not a real UNIX-GURU-HACKER, but the
sysadmins thought that I was. Someone (man or girl, who knows) has hacked one
(or two) machines on our campus. Administrators thought that I was this
mysterious hacker but I am not! He/she is much better than I and my friends.
Today no one knows who the hacker is. The administrator had talked to him/her
and after some weeks, gave him/her an account. He/she probably had root
privileges for some time and maybe has these today. He/she uses a modem to
connect. His/her login name is nemo (Jules Verne is a popular hero). I will
try to send mail to him/her about Phrack and maybe he/she will write
interesting articles about himself.
And some tips. Phrack is very interesting, but there's other interesting
official files on cert.org (192.88.209.9) available via anonymous FTP. This
is the Computer Emergency Response Team (CERT) FTP server. You can find
interesting information here about bugs in actual software, but you will see
only which command or utility has the bug, not how to exploit it. If you are
smart enough, there's nothing to say.
If you are not, you must read Phrack! :-)
Bye,
Stalker
----------
From: Ground Zero
Date: August 25, 1992
Subject: Phrack 40 is Sexist!
Hi, just a quick comment about Phrack's account of SummerCon:
I don't think your readers need to know or are really interested in hearing
about the fact that Doc Holiday was busy trying to pick up girls or that there
were some unbalanced teeny-boppers there offering themselves to some of the
SummerCon participants. Also, as a woman I don't care for your
characterizations of females in that file.
I'm not trying to nitpick or be politically correct (I hate PC), I'm just
writing because I felt strongly enough about it. Ciao.
Ground Zero (Editor of Activist Times, Inc./ATI)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
From: Shit Kickin' Jim
Date: September 11, 1992
Subject: Phrack 40 is Sexist!? (PC Phrack)
Listen here woman. I don't know whut yer big fat butt thinks Phrack wuz tryin'
to insinuate. Lemme tell yew a thang er two. First of all, Phrack ain't run
by some little pip-squeek faggot ass pansies. Ah mean wut are you sum kinda
hOmOsexual? Here's what ah mean. NOW here iz a real story 'bout me and one a
my bestest friends: 4x4 Phreaker.
See 4x4 Phreaker come down to Texas fur a little hackin adventure. Even though
he lives up there in Yankee-land, 4x4 Phreaker iz a pretty good ol' boy.
Whuddya think real manly hackers do when they get together? Go stop by Radio
Shack and buy shrink wrap?
HELL NO! We fuckin' went to Caligula XXI. Fur yew ol' boys that ain't from
'round here er yer a fauygut out there that might be readin this, Caligula XXI
specializes in enertainmunt fer gennelmen.
Now, me and 4x4 Phreaker didn't go to hawk at some fat nasty sluts like you
might see at your typical Ho-Ho Con. We went with the purpose in mind of seein
a real movie star. Yup Christy Canyon was in the house that night. 4x4
Phreaker and me sat down at a table near the front. At that point I decided
that I'd start trollin for babes. Yep that's right I whipped out an American
Express Corporate Gold card. And I'll be damned if it weren't 3 minutes later
me and 4x4 Phreaker had us 2 new found friends for the evening.
So anywayz, yew can see we treated these two fine ladies real nice and they
returned the favor. We even took em to Waffle House the next mornin'. So I
dunno where yew git off by callin us sexist. Yer just some Yankee snob big
city high horse woman who expects to be a takin care of.
God bless George Bush and his mistress Jennifer whutz her name.
:Shit Kickin' Jim (Madder than a bramer bull fightin a mess of wet hornets)
_______________________________________________________________________________
Misunderstood Hackers Get No Respect August 10, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by The Cruiser (ComputerWorld)(Page 24)(Letters to the Editor)
I just read the replies to Chris Goggans' "Hackers aren't the real enemy"
[ComputerWorld, June 29], and I thought I'd address a few of the points brought
up. I'm a hacker -- which means that I'm every system administrator's
nightmare.
Hardly. Many hackers are politically aware activists. Besides being fueled by
an obsession for mastering technology (I call it a blatant disregard for such),
true hackers live and obey a strict moral code.
All this talk about the differences between voyeurism and crime: Please, let's
stop comparing information access to breaking into someone's house. The
government can seize computers and equipment from suspected hackers, never to
return it, without even charging a crime. I will not sit back and let Big
Brother control me.
The Cruiser
_______________________________________________________________________________
Hackers Should Land In Jail, Not In Press October 19, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Alan Falk (ComputerWorld)(Page 32)(Letters to the Editor)
The letters you get from avowed hackers seem to glorify the virtues of hacking.
I find this very disturbing for a simple reason: It completely ignores the
issue of private property.
The computer systems they hack into (pun intended) and the databases they try
to access, as well as the data in the databases, are private property.
An analogous argument might be that breaking and entering a jewelry store and
taking off with some valuables is really a way of testing the security controls
at the jeweler's establishment. They're really just doing it for the
excitement and challenge.
Would they promote voyeurism based on the "logic" that "after all, if they
didn't want me to look, they'd have pulled the drapes closer together?"
The fact that there's challenge or excitement involved (or even commitment,
intellect or whatever) does not change the issue.
I suggest that hackers who gain entry to systems against the wishes of the
systems' owners should be treated according to the laws regarding unlawful
entry, theft, etc.
Alan Falk
Cupertino, California
_______________________________________________________________________________
Anonymous Usenet Posting?
~~~~~~~~~~~~~~~~~~~~~~~~~
Date: August 19, 1992
From: Anonymous
I've read in Phrack all about the different ways to send fake mail, but do any
of the readers (or Mind Mage) know anything about anonymous newsgroup posting?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Anonymous Mail Poster August 4, 1992
~~~~~~~~~~~~~~~~~~~~~
by Sir Hackalot
Here is some C source to a simple "anonymous" mail poster that I wrote a LONG
time ago. It's just one of many pieces of code I never gave to anyone before.
You may find it useful. Basically, it will connect to the SMTP port and
automate the sending. It will allow for multiple recipients on the "To:" line,
and multiple "To:" lines.
From: sirh@sirh.com
------ Cut here for fm.c -----
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <signal.h>
#include <fcntl.h>
#include <errno.h>
int openSock(name,port)
char *name;
int port;
{
int mysock,opt=1;
struct sockaddr_in sin;
struct hostent *he;
he = gethostbyname(name);
if (he == NULL) {
printf("No host found..
");
exit(0);
}
memcpy((caddr_t)&sin.sin_addr,he->h_addr_list[0],he->h_length);
sin.sin_port = port;
sin.sin_family = AF_INET;
mysock = socket(AF_INET,SOCK_STREAM,0);
opt = connect(mysock,(struct sockaddr *)&sin,sizeof(sin));
return mysock;
}
/* This allows us to have many people on one TO line, seperated by
commas or spaces. */
process(s,d)
int d;
char *s;
{
char *tmp;
char buf[120];
tmp = strtok(s," ,");
while (tmp != NULL) {
sprintf(buf,"RCPT TO: %s
",tmp);
write(d,buf,strlen(buf));
tmp = strtok(NULL," ,");
}
}
getAndSendFrom(fd)
int fd;
{
char from[100];
char outbound[200];
printf("You must should specify a From address now.
From: ");
gets(from);
sprintf(outbound,"MAIL FROM: %s
",from);
write(fd,outbound,strlen(outbound));
}
getAndSendTo(fd)
int fd;
{
char addrs[100];
printf("Enter Recipients, with a blank line to end.
");
addrs[0] = '_';
while (addrs[0] != '