💾 Archived View for gemini.spam.works › mirrors › textfiles › messages › phoenix1.msg captured on 2020-10-31 at 16:54:01.

View Raw

More Information

-=-=-=-=-=-=-

            *** {Phoenix Project BBS Message Base File 1 of 3} ***
 _____________________________________________________________________________

     Copyright (C) 1993  LOD Communications.  No part of this  Work may be
     distributed or reproduced, electronically or otherwise, in part or in
     whole, without  express written  permission  from  LOD Communications
 _____________________________________________________________________________

             Phoenix Project BBS Message Base File Table of Contents

  I.   General Remarks About the BBS Message Base Files (File 1)
  II.  Phoenix Project BBS Pro-Phile by Erik Bloodaxe (co-sysop) (File 1)
  III. Messages from the First Incarnation of the Phoenix Project:
          100 Messages from the Packet Switched Networks Sub-Board (File 1)
          58 Messages from the General Discussion Sub-Board (File 1)
          39 Messages from the 'Instructor' Sub-Board (File 1)
  IV.  Some G-Philes written by the sysop, The Mentor: (File 1)
       1. The Conscience of a Hacker (aka The Hacker's Manifesto)
       2. A Novice's Guide to Hacking (1989 Edition)
       3. A Multi-User Chat Program for DEC-10's
       4. DCL Utilities for VMS Hackers
  V.   Messages from the Second Incarnation of the Phoenix Project:
          132 Messages from the General Discussion Sub-Board (File 2)
          26 Messages from the 'We the People' Sub-Board (File 2)
          77 Messages from the Basic Telecom Sub-Board (File 2)
          58 Messages from the Hacking Sub-Board (File 2)
          46 Messages from the Phone Company Sub-Board (File 2)
          80 Messages from the SprintNet Packet Network Sub-Board (File 2)
          49 Messages from the BT Tymnet Sub-Board (File 2)

          31 Messages from the Internet Sub-Board (File 3)
          60 Messages from the Other Packet Networks Sub-Board (File 3)
          69 Messages from the UNIX Sub-Board (File 3)
          18 Messages from the VAX/VMS Sub-Board (File 3)
          28 Messages from the Primos Sub-Board (File 3)
          41 Messages from the HP-3000 Sub-Board (File 3)
          42 Messages from the Other Operating Systems Sub-Board (File 3)
          27 Messages from the Programming Sub-Board (File 3)
          27 Messages from the Social Engineering Sub-Board (File 3)
          72 Messages from the Electronic Banking Sub-Board (File 3)
          32 Messages from the Radio & Electronics Sub-Board (File 3)
          11 Messages from the PC's Sub-Board (File 3)
          35 Messages from the Altered States Sub-Board (File 3)
          59 Messages from the Security Personnel Sub-Board (File 3)
          59 Messages from the Phrack Sub-Board (File 3)
          49 Messages from the 'Friends of the Family' PVT Sub-Board (File 3)
  VI.  Directory of Downloadable Files Online (2nd Incarnation) (File 3)

       1325 Messages Total

 _____________________________________________________________________________

          *** {General Remarks About the BBS Message Base Files} ***
   The following paragraphs are contained within each BBS Message Base File.
The information will help those unfamiliar with some of the terminology and
format of the Hack/Phreak BBS's and their message bases to better understand
them and the general organization of this File.

   While perusing through the following messages you may notice that the
message numbers are not always sequential. However, the dates that the
messages posted should be in chronological order. The reason for this is that
during the time that most of these Boards operated, the computer systems had
fractions of the disk drive capacity of those today. Therefore, it became
necessary to delete old messages, usually automatically, when a specified
number of messages were posted or when the disk became full. A renumbering of
the messages would then follow. It is entirely possible for two individuals to
have downloaded the same message with different message numbers if one person
called before a message base renumbering, and one called after. Nevertheless
the post date should be the same.

   Users of these bulletin boards typically called them on an irregular basis
and although every effort has been made to compile a complete set of messages
posted on a specific BBS, there usually are gaps in the collection. Some gaps
in dates are due to the system being offline for various reasons and therefore
no messages are missing and some gaps are due to a lack of availability.
Finding someone who still has bbs messages from years ago (and in some cases a
decade ago) is quite a challenge! Additional messages may materialize in the
future which can be integrated into the current set. The price of this
particular message collection is based on the following factors: number of
years ago the BBS operated, its popularity, whether the bbs or portions
thereof were deemed "Elite" and therefore restricted access to but a small
number of users, the quality of messages, and the total number of messages
compiled. 

   For those BBS's that operated in the period from 1983 to 1985, it should be
noted that the majority of the users were typically in the 15-18 year old age
range. This is sometimes obvious due to the message content. One thing that is
interesting however, is to note the progression of certain individuals over a
length of time with respect to the knowledge they had acquired (and therefore
the quality of their posted messages) and how they became more responsible and
mature in later years.

    One of the difficulties encountered during the organization of the many
small files that went into some message bases was determining which Sub-Board
the messages were from. For those unfamiliar with the term "sub-board" a
description follows. Sub-boards of the main BBS were smaller more specialized
portions of the system. Many hacker BBS's had only a Main board, others had a
number of sub-boards in addition to the main message base. The reasons for
having sub-boards were twofold:

    1) To allow users to focus on certain topics such as Packet Switching
Networks, the Unix Operating System, etc. as opposed to mixing messages about
all these topics together in one 'place' which is confusing.

    2) To allow a smaller sub-set of users to access higher level topics and
discussions.

    Sub-boards allowed the system operator to maintain some level of security
by allowing those "worthy" either in trust, knowledge, or both; access to more
sensitive information which the general user population either was not
interested in, or was not deemed responsible enough to see. For those systems
that had sub-boards for which we have messages from, the sub-boards are
labeled and separated from each other by a line. 

    The purpose of these Underground Bulletin Board Systems was to disseminate
and trade a variety of typically illicit information. Many times the
information was simply of a how-to nature or of some technical aspects of how
a certain technology (typically telephone switching and computer systems)
worked. However out-and-out illegal information such as long distance access
codes and passwords to various computer systems were posted especially on the
BBS's in operation before 1986. Under the advice of the appropriate computer
civil liberties organizations along with actual legal counsel from practicing
attorneys, messages were minimally edited to eliminate the possibility of long
distance access codes, phone numbers, or computer passwords being currently
valid. Except for these specific cases and the few times where text was
garbled during download of the messages (line noise many years ago) and/or
during our recovery operation, the messages were left as is, spelling errors,
offensive language, inaccuracies of various kinds, and ALL.

   A compact listing of users (ie: The Userlist) sometimes accompanies the BBS
Message Base and if present is located near the end of this File. The userlist
of most board's were quite dynamic as users came and went for various reasons.
Some BBS's would automatically delete users who did not log on for a specified
period of time. The listing that may be contained herein was downloaded at an
unspecified date in time. Therefore some users who were on the system either
before or after the list was obtained may not be shown.

   Any comments in squiggly brackets and asterisks: *** {} *** were made by
LODCOM to inform you of any changes within the message base of interest such
as a change in sub-board. Therefore, these comments were not present on the
actual Bulletin Board at the time of download. It is hoped you will enjoy the
following messages which are presented solely for informational, educational,
and historical purposes only. LOD Communications takes no responsibility
whatever for the content or use (abuse) of posted messages nor
hacking/phreaking "G-Philes" (if present these are located at the end of this
file) included in this Work. 

   FINAL NOTE: As shown above, this Work is COPYRIGHTED (C) 1993 by LOD
Communications. A tremendous amount of time and effort has been involved by
many parties to collect, transfer or type from printouts, organize, splice,
etc. the following collection of BBS Message Base, Userlist, and G-philes.
It is sometimes difficult for people today to realize that years ago you could
not call up a hacker BBS using 8MB RAM systems with 14.4 KiloBaud modems and
250 MegaByte hard drives and download everything on said BBS in minutes. Most
of those who donated messages to this effort used systems with 64 KB main
memory, 300 or maybe 1200 baud modems, and 143K disk drives. File sizes were
typically 15 KB or less due to memory constraints among other things.
Therefore one can begin to appreciate the magnitude of this undertaking.
Not to mention the many BBS Pro-Philes (explained next) which were written and
required time and phone calls to track down Sysops and others who were aware
of the various tid-bits of background information for each BBS. The principals
involved in the project are all quite busy in their respective pursuits of
work and/or college and had to make a commitment to donate any spare time they
had (have) to this venture. It has been a long road and we are not at the end
of it yet.

   Not everyone will abide by United States Copyright Law, however it is our
hope that those who agree that Lodcom:

   1) Is providing a service that requires a significant amount of time and
      monetary resources to get to this point and to proceed.

   2) Is helping to provide a better understanding of certain portions of
      Cyberspace and its community.

   3) Is charging reasonable prices for the initial gathering, organization,
      and presentation of the information and to cover the costs for
      diskettes, mailing containers, postage, and time to fill orders.

will 'do the right thing' which will allow Lodcom to continue to document the
History of the Computer Underground. Without your understanding and support,
this effort may not be able to sustain itself long enough to complete the
project. End plea.

   For most files, you will next see, the "BBS Pro-Phile". This is a few
paragraph description providing little known and historical information about
the particular BBS. The BBS Pro-Phile was either written by LODCOM or someone
affiliated with the System itself, usually the SYSOP(s) (System Operator).
Many people helped contribute the very interesting and informative BBS Pro-
Phile specifically for this project. Thus, the following description was not
present on the original BBS System and can only be found in these Files:
 _____________________________________________________________________________

                 *** {The Phoenix Project BBS Pro-Phile} ***

The Phoenix Project

(Excerpt from PHRACK, 1988)

Just what is "The Phoenix Project?"
 
Definition:  Phoenix (fe/niks), n.  A unique mythical bird of great beauty
                     fabled to live 500 or 600 years, to burn itself to death,
                     and to rise from its ashes in the freshness of youth, and
                     live through another life cycle.
 
             Project (proj/ekt), n.  Something that is contemplated, devised,
                     or planned.  A large or major undertaking.  A long term
                     assignment.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Why is "The Phoenix Project?"
 
On June 1, 1987 Metal Shop Private went down seemingly forever with no
possible return in sight, but the ideals and the community that formed the
famous center of learning lived on.  On June 19-21, 1987 the phreak/hack world
experienced SummerCon'87, an event that brought much of the community together
whether physically appearing at the convention or in spirit.  On July 22, 1987
the phreak/hack community was devastated by a nationwide attack from all forms
of security and law enforcement agencies...thus setting in motion the end of
the community as we knew it.  Despite the events of July 22, 1987, PartyCon'87
was held on schedule on July 26-28, 1987 as the apparent final gathering of
the continent's last remaining free hackers, unknown to them the world they
sought to protect was already obliterated.  As of August 1, 1987 all of the
original members and staff of the Metal Shop Triad and Phrack Inc. had decided
to bail out in the hopes that they could return one day when all would be as
before...
 
                             THAT DAY HAS COME...

A new millennium is beginning and it all starts on July 22, 1988.  How fitting
that the One year anniversary of the destruction of the phreak/hack community
should coincidentally serve as the day of its rebirth.

(End Excerpt)
-----------------------------------------------------------------------------

The Phoenix Project was probably one of the most famous hacker bulletin
boards in the history of the underground.

The format of the BBS sparked what would become a trend in future
hacker BBSes.  No illegal information would be tolerated, IE: no codes,
passwords, cards, etc... just general information about items of
interest to computer and telephone enthusiasts.  Even with such a
seemingly large limitation, the board hosted hundreds of users and had
the most active message bases in the world.

Another first for the Phoenix Project was the open invitation to
any and all security officials.  This open door policy provided
the first real forum for hackers and security to freely quiz each other
about why they do the things they do.  Security from many telco-entities
such as NYNEX, AT&T, Bellcore and Sprint as well as Federal Agents
participated openly in discussions with hackers, and through this
interaction, both sides gained a great deal of understanding.

The Phoenix Project went through two basic incarnations, the first
was run solely by The Mentor and followed a move from San Marcos
to Austin, TX.  The second incarnation was also sysoped by The Mentor
and co-sysoped by Erik Bloodaxe.

During the latter part of 1989, several raids directed at members
of the hacker group The Legion of Doom caused a stir in the
computer underground.  After reaching a conclusion that Bill Cook
was indeed focusing his attentions on LOD, The Mentor decided that
a board that was so flagrant about its nature, albeit legal in all
respects, and run by two of the most prominent LOD members would
certainly be caught up in subsequent raids.

The Mentor took down The Phoenix Project after Erik Bloodaxe made a
complete copy of all current messages.  Then for grins he overwrote
every sector of his hard drive with the message "Legion of Doom"
should anyone ever decide to read it.

On the morning of March 1, 1990, the homes of The Mentor and
Erik Bloodaxe, as well the business of Mentor's employer Steve
Jackson Games, were raided by the US Secret Service.  The Mentor
lost all his computer equipment in the raid which still has not
been returned.

The raid on Steve Jackson Games launched an EFF supported lawsuit
against the United States Government which ended with a ruling
for Jackson, et. al., in which the SS agents involved were publicly
reprimanded by the jugde for their negligence in the handling of
the investigation.

The Phoenix Project has been mentioned in "The Hacker Crackdown" by
Bruce Sterling and "Approaching Zero" by Brian Clough and Paul Mungo
and will ultimately be remembered as one of the true landmark
bulletin boards of the computer underground.

 _____________________________________________________________________________

                 *** {Packet Switched Networks Sub-Board} ***


1/100: how
Name: Knightmare #21
Date: 3:12 am  Wed Jul 13, 1988

Just to be curious, how is everyone attaining their NUI's? I mean the 
originals..


Read:(1-100,^1),? :



2/100: Obtaining NUIs
Name: Epsilon #12
Date: 8:27 am  Wed Jul 13, 1988

  Originally, people would make PAD-PAD connections on Telenet and imitate
  the network, so that when they'd enter their NUI, we'd get it.  
  Unfortunately, that method doesn't work anymore, due to some software
  changes on the network.

  Epsilon



Read:(1-100,^2),? :



3/100: engineer
Name: The Mentor #1
Date: 5:48 pm  Wed Jul 13, 1988

Quite a few people engineer them apparently.  For those of you who may be
new, 'engineering' is short for 'social engineering', which is long for 
'bullshitting'.  Epsilon was describing a method involving nothing more 
difficult than leaving mail to another user in the same group as your hacked
account asking to borrow his NUI, yours won't work. 
Mentor


Read:(1-100,^3),? :


4/100: .../\...
Name: Necron 99 #9
Date: 2:17 pm  Fri Jul 15, 1988

engineering is a lost art.  i persanally can't do it worth a damn.
(lords, he admitted he isn't perfect.  what will he do now?)
i recall finding some in mail on a telenet system once, however.
if you're on a system, read all the files that you can get your hands
on.  you never can tell what you can find.
 AT&T


Read:(1-100,^4),? :



5/100: Engineering
Name: Epsilon #12
Date: 9:48 pm  Fri Jul 15, 1988

  Engineering is a great (and powerful if used correctly) way of obtaining
  information.  It is widely practised, and that's what's kinda scary.
  I hope people don't mess it up for the rest of us.



Read:(1-100,^5),? :



6/100: EPSILON
Name: Twisted Sector #51
Date: 12:51 am  Tue Jul 26, 1988

What do you mean when you say PAD to PAD?


Read:(1-100,^6),? :



7/100: ///..\\\
Name: Necron 99 #9
Date: 9:58 am  Tue Jul 26, 1988

a while ago, (as in last christmas, anyway) you could connect to  someone's
pad (packet assembler disassembler) by using judicious use of `stat`.
actually, stat let you find them, then with an id, and a decent `set`, you 
could intercept data that the other person typed, enabling you to get a lot
of shit.  Unfortunatly, this no longer works (on telenet), it printed a
banner saying 'connected from <wherever you are>', and you had to simulate
telenet.not a major problem, but hey.
.
if anyone has any dialups that look like telenet OR tymnet but they aren't,
let me know, we'll be able to work something out.
-n99  ToK, LOD.   so there, nyahh.


Read:(1-100,^7),? :



8/100: PAD/PAD
Name: Epsilon #12
Date: 5:04 pm  Tue Jul 26, 1988

  Yeah, that's basically it.  So in essence, you would just emulate the
  connect/login procedures of the host they were trying to connect to.
  You could actually see what they were typing, so if they typed

  C XXX202

  You would respond with..

  XXX202 CONNECTED (Telenet style..  Bahah..)

  Then you would type..

  User ID: (Now they'd enter their User ID..)

  Password: (Now they'd enter their password..)

  And there you have it.  Intercepting Telenet X.25 calls.  Welp, it's
  defunct now anyway unfortunately, so giving you instructions wouldn't
  help. 

  Epsilon



Read:(1-100,^8),? :



9/100: ?
Name: The Mentor #1
Date: 6:26 pm  Tue Jul 26, 1988

What are all the psn's that have 800 dialups?

Telenet- 1-800-XXX-9494  (1200 7E1)
Tymnet- 1-800-XXX-0555

What else?

Mentor
LOD!


Read:(1-100,^9),? :



10/100: 800 Dialups
Name: Arcane Hierophant #28
Date: 3:29 pm  Wed Jul 27, 1988

Isn't 800-XXX-9478 a Telenet dialup?


Read:(1-100,^10),? :



11/100: Autonet Madness!
Name: Epsilon #12
Date: 9:04 pm  Wed Jul 27, 1988

800/XXX-2255.  Play.  Fun fun fun.


Read:(1-100,^11),? :



12/100: PAD
Name: Knightmare #21
Date: 12:41 am  Thu Jul 28, 1988

I hope this helps.. like everyone was saying before, the pad 
assembles/disassembles data.  A closer look at the structure of the data is
what I'm gonna try to explain.  Now in different networks, the packets of
data are sent in certain sizes, all depending on the network you're on. 
Telenet, 
which is X.25 (CCITT standard), sends data in 128k packets.  Each packet 
(frame) can be broken down into different parts.  There are different 
techniques as to how to configure each packet.  I'll give an example of HDLC 
(higher-level data link control) which is a standard.  A packet using HDLC 
standard consists of a frame header, an address, control field, the data, 
error detection coding, and end the frame flag.  frame header is 8 bits, 
control field is 8 bits, error detection coding is 16 bits and the ending 
frame is 8 bits.  This leaves 88 bits for the data your sending.  As your 
enter data from your terminal the PAD breaks the data down and reassembles it
into a frame(packet) and then it sends it off in shortest path.  The packet
is never disassembled again until it reaches its destination.  Sometimes a
packet doesn't go directly from it sending node to the destination node, and
is rerouted to different nodes but this still doesn't affect the packet.
Shit,I'm confusing myself now.. Well anyways, that's a little closer look at
how it works.

Read:(1-100,^12),? :



13/100: Makes sense..but
Name: Twisted Sector #51
Date: 5:00 pm  Thu Jul 28, 1988

How could one benifit from such a device?


Read:(1-100,^13),? :



14/100: Using PADS
Name: Mr. Slippery #5
Date: 4:29 pm  Sat Jul 30, 1988

A PAD is what you connect to when you dial tymenet or telenet. It puts
your conversation together with others and sends it over the network.
Some minicomputers and mainframes have PAD boards built in but PC's
typically don't.  I hope this answers the question about what they are
good for.

Read:(1-100,^14),? :



15/100: MABYE
Name: Twisted Sector #51
Date: 12:56 pm  Sun Jul 31, 1988

I should be asking how such a device can be exploited?


Read:(1-100,^15),? :



16/100: Autonet?
Name: Arcane Hierophant #28
Date: 4:42 pm  Tue Aug 02, 1988

Forgive me for asking, but is the Autonet of any worth?  I live in an area 
with no Telenet/Tymnet and I basicaly pay for my calls unless I get lucky and
some local schmuck gives me something to use.  This can be rather irritating,
and it makes it hard to gain any hacking proficency when you can't make a
local call to a 'puter. 

the Arcane Hierophant

Read:(1-100,^16),? :



17/100: How exactly do I go..
Name: Rockin Dude #18
Date: 5:46 pm  Tue Aug 02, 1988

about hacking at telenet?  I desperatly need some nui's or pcp accounts.
Thank you very much.  I am sort of new to this so give me as much detail as
you can.
 Thanks so much.  Later!
Rockin Dude


Read:(1-100,^17),? :



18/100: ...\/...
Name: <<< Necron 99 #9 >>>
Date: 6:03 pm  Tue Aug 02, 1988

a hint:  hacking telenet as your your first system is not a good idea, 
considering what the nice people at gte are doing.  so be reasonable.
the best way to hack telenet, i must admit, is through prime's
netlink program.  but ask somebody else about that one.


Read:(1-100,^18),? :



19/100: Hacking Telenet
Name: Epsilon #12
Date: 5:41 pm  Wed Aug 03, 1988

  I suppose that's one of the safest methods of hacking the network.
  Either that, or scan when you think network traffic would be at a
  high rate.  Say, in the afternoon on Monday, or any weekday for that
  matter. 

  Hacking Telenet is not such a hard thing to do.  Just scan by area
  codes, and hack what you find interesting. 

  E



Read:(1-100,^19),? :



20/100: What do you mean scan?
Name: Rockin Dude #18
Date: 6:28 pm  Thu Aug 04, 1988

  I won't to find PCP accounts and NUI's however you find them.  Or I'll
never be able to call long-distance again.  Help!!  Please help me..
Rockin Dude


Read:(1-100,^20),? :



21/100: scan
Name: The Mentor #1
Date: 9:19 pm  Thu Aug 04, 1988

You scan by picking an area code, say 301, and checking addresses.

@c 301 XXX
@c XXX 112
@c XXX 113

etc...
mentor
lod

Read:(1-100,^21),? :



22/100: PCP
Name: The Leftist #3
Date: 12:09 pm  Fri Aug 05, 1988

sounds like what he wants is pcp accounts, or a way to hack them.
none known yet.


Read:(1-100,^22),? :



23/100: Once I 've scanned..
Name: Rockin Dude #18
Date: 3:23 pm  Fri Aug 05, 1988

 then what are those #'s for and what do they do?  God I must be really
stupid not to know this stuff, eh?  Well later!
Rockin Dude


Read:(1-100,^23),? :


24/100: Scanning Telenet
Name: Epsilon #12
Date: 3:46 pm  Fri Aug 05, 1988

  Well, you can keep them for reference.  Say you scan a whole area code
  on Telenet, and you record your results.  Now say a month later, you
  suddenly become interested in Prime computers for some reason, then
  you can go look in your notebook or whereve, and find all the Primes
  you scanned, and go connect and try to get into them.

  Just try getting into whatever you think looks like it might be an
  interesting system.

  I mean, that's why you scan, to find neat things.

  E



Read:(1-100,^24),? :



25/100: Various things...
Name: Tales Gallery #74
Date: 1:29 am  Sat Aug 06, 1988
Tommorrow maybe I'll write a quick program that will call your Telenet, and
sequentially scan however you set it up to do it.  And then capture eveything
to a nice little capture buffer, in which you can later look at.  Nothing
special, just something to make life a little easier to you all.

OR is this a stupid idea?.   Hmptht.

Tales Gallery.


Read:(1-100,^25),? :



26/100: !!
Name: Epsilon #12
Date: 8:25 am  Sat Aug 06, 1988

  No.  This is good.  Write the program.  There are already too many code
  hacking programs out there, why not write a Telenet scanner. 

  Sounds great.  Hayes modem, eh?



Read:(1-100,^26),? :


27/100:   Yeah, great idea.
Name: Rockin Dude #18
Date: 12:41 pm  Sat Aug 06, 1988

 So after I've scanned all I want to then those #'s I come up with will be 
connected to computers that I can hack, right?  If that is that's cool.  Well
that's a good idea of writing a program to scan telenet.  Could that program
also scan for PCP's also?  That's what I need, definetly.
 Thanks.  Later.
Rockin Dude


Read:(1-100,^27),? :



28/100: ...
Name: Epsilon #12
Date: 10:18 am  Sun Aug 07, 1988

  Well, you'll be old and gray before you ever hack a PC Pursuit account, so 
don't bothertrying. 

  Rockin Dude - Yeah, when you connect to a computer, just play with it if
                it looks interesting, and if not, just write it down and
                forget about it for the time being.  Just a question..  Have
                you ever done this before?  Because scanning Telenet is not
                a hard concept to grasp.  Thanks.

  Ep



Read:(1-100,^28),? :



29/100: Netlinking for searching
Name: Prime Suspect #70
Date: 2:45 pm  Sun Aug 07, 1988

   Using netlink to scan Telenet is stupid. It's a good way of losing the
Prime account that could be used much better. It's like making toll calls for
data from within a Phone Company computer and that's it. If you're going to
scan just scan from a regular port dialup. Then when you have all of those
refused collect connections (and some illegal address errors work as just
regular destinations) then you may wish to use netlink to give it a shot and
see what you found. But depending on the revision of primos you're
using, and the destination system... you may lose that account just for
trying to get in the other system so many times.

        Prime Suspect
          TOK & LOD/H


Read:(1-100,^29),? :



30/100: Telenet Scanning Programs
Name: Prime Suspect #70
Date: 2:49 pm  Sun Aug 07, 1988

   If you can write a good telenet scanning program, good luck. It's more
than just sending those #'s over sequentially... and even though you plan
on capturing everything which is a great idea, you'll still need to
analyze situations and know when to send a break or an escape such as
"@<cr>@<cr>". BTW: For those of you that hate why you can't backspace
through Telenet because it screws everything up.
Do a: "SET?"  or "PAR?"

You'll notice one setting is set to: 127
I think it's setting 18 or whatever is on the very right side of an 80 col
screen. Just change it with:

SET 18:8

To equal a CTRL-H if 18 is the proper #.

   Prime Suspect

Read:(1-100,^30),? :



31/100: ...
Name: Necron 99 #9
Date: 8:19 pm  Sun Aug 07, 1988

primenet:  i disagree.  some of us don't know prime, eh.  but that is a good
point.  i've never had a problem with backspacing and all.
and calling a port local & staying on there for half an hour is not a 
brilliant idea to just hack addresses, but that may just be my view.
if you can come up with a way to send a hard break to the hayes, that alone 
would be worth seeing.


Read:(1-100,^31),? :



32/100: Hmmm...
Name: Tales Gallery #74
Date: 9:49 pm  Sun Aug 07, 1988

Prime Suspect-

I wasn't expecting it to be "that" easy.  Obviously I'm going to have to 
design a method of interpreting where I am, and what the escape is.  Not to
mention having the system NOT mark numbers that don't have connections.  This
is how I figure it.  Get on TeleNet with a dumb terminal, and then proceed
with various operations.  Simulate my software.  Easy actually.  Of course
their will be initial flaws - but nothing is perfect, and if it were, we
wouldn't have any place in TeleCom, or rather, any special place.

Tales Gallery.


Read:(1-100,^32),? :



33/100: try..203..whoever hasked
Name: Knightmare #21
Date: 10:50 pm  Sun Aug 07, 1988


Whoever was asking about scanning I suggest 203. There are a lot of systems
in there. i think XXX20 is a VM/370 and XXX21 is a VAX..


Read:(1-100,^33),? :


34/100: Necron pnet reply...
Name: Prime Suspect #70
Date: 1:33 am  Mon Aug 08, 1988

  Necron: What do you disagree about Primenet?
Or using netlink I should say I guess. Are you saying that it's better to
use netlink vs a dialup PAD or vice-versa? (confused)

Does anyone know any hard facts about tracing being done from a Telenet
dialup? The 414's was a case of other sorts of abuse that (according to
the press) could have lost lives.
With a case like that known, tracing could have been a thought for things
other than network access.

 I'm not promoting actually using a local dialup for access to a network
port. Because then if there is trouble they know the general area where
you may be from. But is that or using an LD service more dangerous.
Looks like too many possibilities eh?


Read:(1-100,^34),? :



35/100: Scanning
Name: Epsilon #12
Date: 7:55 am  Mon Aug 08, 1988

  Write your program so that it will time out after say, five seconds, then
  send a hard break to return you to the prompt, then send a 'd', and then
  try the next address in its queue (unless it's generating them randomly).

  Yeah, Prime's right, using another computer to scan the network is not a
  smart move at all.  It's not futile, but it will get your account noticed
  and possibly killed (if they're nice.  They may decide to watch you for  
awhile).

  Prime - Thanks for the SET tip.  It really annoys me when I type something,
          then go back, correct it, and then hit return and it gives me that
          damned '?'. 

  Epsilon



Read:(1-100,^35),? :


36/100: Others . . .
Name: Tales Gallery #74
Date: 9:00 pm  Mon Aug 08, 1988

I know exactly how I'm going to be accessing TeleNet.  If others chose other
ways, thats absolutely fine, but personally, I have security completely
figured out.  Just for the record.

I didn't exactly catch that talk about the "other computer"?



Read:(1-100,^36),? :



37/100: .../\...
Name: Necron 99 #9
Date: 6:23 pm  Tue Aug 09, 1988

you have telenet security completely figured out, huh.
i'll be sure to visit you in jail.


Read:(1-100,^37),? :



38/100: Hey, Tales so what are you ..
Name: Rockin Dude #18
Date: 6:42 pm  Wed Aug 10, 1988

  doing to have this all planned out?  I'm sure we would all like to know.
Rockin Dude


Read:(1-100,^38),? :



39/100: WELL
Name: The Leftist #3
Date: 12:36 pm  Thu Aug 11, 1988

yeah,  there are some pretty safe ways to dial into telenet, but its just 
like making any other local <assuming its a local call> and I dont think 
I want to go into ways of avoiding being traced on a local call...


Read:(1-100,^39),? :



40/100: ...
Name: Epsilon #12
Date: 12:57 pm  Thu Aug 11, 1988

  Being traced on a local call (if they really want you) is basically
  inevitable.  You could always use an extender if you want.  This is a
  lame discussion.


Read:(1-100,^40),? :



41/100: Exactly . . .
Name: Tales Gallery #74
Date: 3:10 pm  Thu Aug 11, 1988

. . . Why I said I have it all planned out, and not to worry about.   "See me
in jail"?   Gee, ok.   You must be right, how could anyone be right other
than you?  Oh, I am so sorry "sir".  How could I have ever said something
without your assistance of skill and advancement.  I am so sorry.  No,
really.




Read:(1-100,^41),? :



42/100: Tsk tsk tsk.
Name: Epsilon #12
Date: 5:43 pm  Thu Aug 11, 1988

  If I'm correct, I sense a conflict here.  Take it away Necron..

  Don't get blood on this base.  I happen to like Packet Switching.



Read:(1-100,^42),? :



43/100: ...
Name: The Mentor #1
Date: 6:56 pm  Thu Aug 11, 1988

This is the only warning.  The war stops here.  Take it to email.
Mentor


Read:(1-100,^43),? :



44/100: my gosh.
Name: Necron 99 #9
Date: 7:18 pm  Fri Aug 12, 1988

i don't even get to post a reply. hmm..
bad loyd, bad loyd.


Read:(1-100,^44),? :



45/100: email it...
Name: The Mentor #1
Date: 5:11 pm  Sun Aug 14, 1988

Send it in Email...  remember what MSP started looking like toward the end of
its existance?  I want to avoid that...
Mentor
lod!


Read:(1-100,^45),? :



46/100: ///
Name: Epsilon #12
Date: 8:16 am  Mon Aug 15, 1988

  Doesn't anyone want to know anything about packet switching anymore?

  This is depressing.



Read:(1-100,^46),? :



47/100: Yes.
Name: Dark Sorcerer #79
Date: 10:32 am  Mon Aug 15, 1988

I've heard you can somehow break into the Telenet service node and retrieve
NUI's.  How is this done..?


Read:(1-100,^47),? :



48/100: Telenet Scanning
Name: The Traxster #92
Date: 8:07 pm  Mon Aug 15, 1988

     Dude find someone which is into telenet scanning and they will tell you. 
Now a day I heard it is kind as safe as it used to be.

Read:(1-100,^48),? :



49/100: Dark Sorcerer
Name: Epsilon #12
Date: 9:30 pm  Mon Aug 15, 1988

  Please do not bring up the topic of service nodes at all.

  I would really rather not discuss this, because I know you will find
  out about this information before you're supposed to.  Everyone will.

  I'm not making this statement directly towards you, I'm just trying to
  clarify the fact that I do not wish to discuss this right now.

  Thanks for understanding.



Read:(1-100,^49),? :


50/100: eps, do you..
Name: Knightmare #21
Date: 6:50 pm  Tue Aug 16, 1988

Espsilon, do you have the knowledge to convert packed packets of info. on an
x25 network back to it's original ascii form? I know someone who is working
on it right now but maybe someone else knows??


Read:(1-100,^50),? :



51/100: ....
Name: Necron 99 #9
Date: 8:15 pm  Tue Aug 16, 1988

hey, waihey, wait a minute, eps.  i thought only i had a liscense to act like
this.
has anybody talked to empty promise lately?  i lost his number. he was
<sniff> suppoesed to call me last week.
with telenet, i wouldn't put anything past them.  they haven't
been fucking with their software just to lock out the pad-pad things, eh.


Read:(1-100,^51),? :



52/100: Hey Nec
Name: Epsilon #12
Date: 8:54 am  Wed Aug 17, 1988

  I can be equally as obnoxious as you can, so phhhhtt..

  Knightmare - No, I'm afraid I don't know how the X.25 protocol is converted
to ASCII format..  I should read up on that a bit.
What are you planning to do, build your own PAD?



Read:(1-100,^52),? :



53/100: Oh.. joy.
Name: Dark Sorcerer #79
Date: 11:01 am  Wed Aug 17, 1988

With my luck, by the time i find out, everyone else will be getting NUI's
too.  So, when do you want to discuss this, eps?
.s
.shit <used to gbbs>

Read:(1-100,^53),? :



54/100: ...
Name: Epsilon #12
Date: 6:06 pm  Wed Aug 17, 1988

  Don't worry.  It's not working correctly from what I hear right now, so
  there's really not much of a point in discussing it.



Read:(1-100,^54),? :



55/100: Welp.. okay.
Name: Dark Sorcerer #79
Date: 10:01 am  Sat Aug 20, 1988

Whatever.


Read:(1-100,^55),? :



56/100: X.400 vs X.25
Name: <<< Prime Suspect #70 >>>
Date: 12:09 am  Mon Aug 22, 1988
   Does anyone here even know the workings of a packet net such as the
protocols used to bring things about to the right place?
Overseas they seem to use X.400 and here we're using X.25.


  I don't know this... but what are the differences of X.400 and X.25?
I think there was some documentation on this on several of the network
information centers... if you don't know about those then don't
bother asking.



Read:(1-100,^56),? :



57/100: Hmm.
Name: Epsilon #12
Date: 11:21 am  Mon Aug 22, 1988

  You sure about that?  I was always thinking that the other networks, over- 
seas, also used the same X.25 packet protocol.  Great, now I'm confused.

  Thanks a lot.  :-)



Read:(1-100,^57),? :



58/100: Packet Routing
Name: Epsilon #12
Date: 11:40 am  Mon Aug 22, 1988

  Alright.  Whoever asked about how packets get to the right place..

  All packets sent have some data at the beginning called a header.  Each
  header contains the origination and destination virtual addresses of the
  packet, along with some other information.

  When the packet is sent, the header gets stripped off, interpreted, and
  the data is received in its entirety at the destination host.



Read:(1-100,^58),? :



59/100: x.25 documentation
Name: Knightmare #21
Date: 1:53 pm  Mon Aug 22, 1988

i have some x25 documentation, i have about 75k of it, the other 20 k is lost
in space. But I'm sure I can get the rest of it. (of one of those inofrmation
centers) Epsi, no, i'm not bulding a pad.. it's for something else which you
already know about.


Read:(1-100,^59),? :



60/100: x.400
Name: Mr. Slippery #5
Date: 12:34 pm  Sat Aug 27, 1988

X.400 is a mail transfer protocol. It specifies how to address mail and
such. It is therefore level 7 (I think) of the 7 layer OSI model. X.25
is the lower 3 (4?) layers of the model. Hope this helps.


Read:(1-100,^60),? :


61/100: level 7???
Name: Knightmare #21
Date: 12:45 am  Sun Aug 28, 1988

If i recall correctly I didn't think level 7 was transfer protocals or
anthing 
associatd with transfers. Level 7 is what happens with the information after 
it reaches the user and is stripped. It's been a while since I've updated 
myself to standards so I may be wrong. You can say x.25 is 3 or 4. no wrong
or 
right answer to that one.


Read:
(1-100,^61),? :


62/100: Way way back
Name: Amadeus #96
Date: 5:00 pm  Mon Aug 29, 1988

This response goes way way way way back:

Autonet from
 Telenet: XXX240XXX09
Other Telenet nums: 1-800-XXX-0631 (2400 baud) 1-800-XXX-6751 (all bauds 2400
and below, pcpid or nui required)
Tymnet from Telenet: XXX31 or XXX249

Later . . . Amadeus


Read:(1-100,^62),? :


63/100: ...
Name: Necron 99 #9
Date: 7:10 pm  Mon Aug 29, 1988

i need a list of all the gateways off telenet (mainly the intl things, the 
ones that you have to do something like XXX051300013 and so on)
any takers?  most of this is fairly public, but i lost my old lists.
please reply in mail if not a pulic gateway.
hm.  that would be "public"


Read:(1-100,^63),? :



64/100: DataPac from Telenet
Name: Amadeus #96
Date: 5:45 pm  Tue Aug 30, 1988
I can't remember who it was that found this, but you can attempt to hack your
way through XXX68 (on Telenet) into Datapac or IPSS.

Also, on Tymnet, you can access Datapac by typing "dpac;".  I would like to 
know if anyone knows how to enter a nui through this gateway.

Later . . . Amadeus


Read:(1-100,^64),? :



65/100: PCP/Canada
Name: The Cutthroat #101
Date: 11:22 pm  Tue Aug 30, 1988

Does anyone out there know how to call 416 (Toronto, Canada) through
PcPursuit 
? Telenet has a port here in town, but I have to call Buffalo to get access
cause Datapack won't let me. I know the routing code for Datapac but It won't
let me on PCP. I think I have to get a DP NUI. The reason I am asking is that
Swashbuckles is going back up and I would like to have a way people could 
reach me if they got a PCP account. I heard it could be done but you had to
go out another area code (216 I think) to get to 416.


Read:(1-100,^65),? :




66/100: not a veiled threat.
Name: Necron 99 #9
Date: 3:43 pm  Wed Aug 31, 1988

final request, on behalf of our generous sysop:
if anybody posts any accounts (or phone numbers, or nua's <!>), the message 
will be deleted, and so will the user <well, i dunno bout that, loyd is kinda
soft on you all>.  so use really vague mentions, and send things through the 
mail, or talk voice, or something.  something YOU may consider to be legal
may not be, and i'm fairly sure mentor doesn't want to pay for your error.
am i getting boring about this?


Read:(1-100,^66),? :



67/100: x.25
Name: The Leftist #3
Date: 1:16 am  Thu Sep 01, 1988

x.25 protocal hiercy

level    definition
7        Application protocal <not defined by x.25
6        presentation protocal <not def by x.25>
5        Session Protocal <not def by x.25>
4        Transport protocal <not def by x.25>
3 x.25 layer 3
2 x.25 layer 2
1 x.25 layer 1


the physical layer defines how 0 and 1's are defined
how contact is established with the network timing aspects etc..
the frame layerjF is the data lin~p layer.
its job is to insure reliable communication with the data terminal equipment 
and the data communications equipment <dte and DCE>
packet layer <network layer> deals with the format and meaning of the data 
field contained wiithineach field
the packet layer provides for routing and  vitual circuit management

I'll go further into the tech side if anyones interested.
The Leftist
Legion of Doom hackers


Read:(1-100,^67),? :



68/100: It looks like..
Name: Dark Sorcerer #79
Date: 8:04 pm  Sun Sep 04, 1988

The C APPLE on telenet doesn't work anymore.  Does anyone have the new 
address?  I'm interested in that system.  (which is, BTW if you're slow,
Apple Computer Corp.'s UNIX mainframe.)



Read:(1-100,^68),? :



69/100: Telenet
Name: The Dictator #115
Date: 8:44 pm  Sat Sep 10, 1988

Hey...are the rumors true???  I have heard people saying that Telenet can
now effectively trace a caller on the system at any given point in time?

This message isnt here to scare anyone...But with all the rumors around,
its always good to ask...

BY THE WAY.....
Using P.C. Pursuit....Take your dial-up and loop through the Seatle port.
Heh heh...your be amazed at the features.

The Dictator



Read:(1-100,^69),? :



70/100: Information on packet netets
Name: Ani Failure #50
Date: 2:54 am  Sun Sep 11, 1988


 I can get tons of info on packet nets, so I think I might start contributing
on this sub....

anif



Read:(1-100,^70),? :



71/100: Telenet and ANI?? Ha!!!
Name: Ground Zero #78
Date: 10:19 pm  Sun Sep 11, 1988

Nah.  As far as I know, if necessary, they can arrnge to have a questionable 
call traced back to the telenet node, then the local company can trace the 
call in progress.  But, as said before by someone else, they don't do it for 
fun. 

There's someone who calls Atger and Althh chat systems in Germany who just 
sits there and asks people what they are using to call there.  He tries to 
nail Americans using Telenet to  call there.  He admitted there are no
feature groups on Telenet dialups, but threatened that Telenet plans to add
FGD to all their dialups.  That'll be the day!!

When he said that, I said "Nah, that would be too difficult and expensive". 
He just said "We can handle it. We're GTE". 

Heh..

-gz


Read:(1-100,^71),? :



72/100: P.S.
Name: Ground Zero #78
Date: 10:22 pm  Sun Sep 11, 1988

For those of you that don't know, the  Telenet security agent who calls the 
chats uses the handle "Mike.P".  Be on the lookout!
Or maybe big, bad GTE will pounce on
you!! :)


Read:(1-100,^72),? :



73/100: Telenet
Name: The Dictator #115
Date: 1:25 am  Mon Sep 12, 1988

I am a big Telenet phreak...I love the system...there are some neat tid
bits about the system....

It is possible to call a local node in your area, and then use that node to
access another Telenet node, and THEN make your call to a company, or use
PC Pursuit.

Now, this does one nice feature....Telenet has a limited ANI...Companies
can now pay Telenet to trace a series of calls to it during a certain
period of time...if you use the multiple node, the ANI traces to the
second node you accessed, and not the first...
Comes in handy....

The Dictator


Read:(1-100,^73),? :


74/100: Telenet.
Name: Epsilon #12
Date: 9:45 am  Mon Sep 12, 1988

 Big shit.  The destination host already knows the virtual address of the PAD
you are calling from in the first place.  Remember what I said about packets? 
In the packet header, there's the network address of the origination, and the
destination.  Besides, I don't think it's quite possible to have Feature
Group D installed on a POTS number (?).  Anyone have any theories on this?



Read:(1-100,^74),? :



75/100: Telenet/FGD
Name: Ground Zero #78
Date: 2:03 am  Tue Sep 13, 1988

Yes, I believe it can be done, however, at great expense.  So I doubt it will
happen.

As far as headers go, Eps, I'm confused!  Now, let's say I call up a Telenet
node and then use it to connect to an outdial. Then I use the outdial to call
the dialup of another Telenet node.  Is what you're saying that the original
NUA I am calling from is on the header of each packet?  I don't understand
how.  Beacuse I am assuming that when I use the outdial to call the second
Telenet node that all the header junk gets taken off, since it's assumed that
I'm using the outdial to call another computer that has no use for the
information contained in the header!  Could you explain this more?

-gz


Read:(1-100,^75),? :



76/100: Ground Zero
Name: The Prophet #91
Date: 4:04 pm  Tue Sep 13, 1988

GZ-
  I believe Epsilon means that the nua of your pad is transmitted to each 
other nua you call -- not over a phone line (as when using pcp).

  -TP
6o1hadoto

Read:(1-100,^76),? :



77/100: PCP
Name: St.Elmos Fire #32
Date: 3:24 pm  Wed Sep 14, 1988

WELL, IF YOUR SO WORRIED ABOUT PCP, THEN CALL THROUGH AN EXTENDER, AND ALSO
CALL A DIAL-UP IN A DIFFERENT AREA THEN YOURSELF...


Read:(1-100,^77),? :



78/100: trick
Name: The Leftist #3
Date: 9:43 pm  Wed Sep 14, 1988
the trick is to seperate the node of the network <telenet> that you are on
from another node of telenet, and do all your dirty work from the second
node..  of course you have to be sure the link between the two nodes is made
in a safe manner..
The Leftist
Legion of Doom Hackers!


Read:(1-100,^78),? :



79/100: PCP
Name: The Prophet #91
Date: 9:58 pm  Thu Sep 15, 1988

If you have a working extender, why use PCP?

  -TP
6o1hadoto


Read:(1-100,^79),? :



80/100: ^good point, prophet!
Name: Ground Zero #78
Date: 10:56 pm  Thu Sep 15, 1988

Heh.  Anyways, I think that clears it up. I think!

-gz (wondering what the significance
     of "6o1hadoto" is!)

Read:(1-100,^80),? :



81/100: WHY USE PCP? 
Name: St.Elmos Fire #32
Date: 10:47 am  Sat Sep 17, 1988

WELL, ONE REASON TO USE PCP IS TO TRY AND FIND DIFFERENT SYSTEMS AND THEIR
CODES(NUMBER YA HAFTA PUT IN TO MAKE IT CALL, DIDNT KNOW THE TERM>. ALSO, IF
YOU DIDNT HAVE AN ACCOUNT, IT WOULD MAKE THINGS ALOT SAFER. ESPECIALLY NOW
THAT SOMEONE MENTIONED THEY COULD TRACE CALLS.


Read:(1-100,^81),? :



82/100: .
Name: Epsilon #12
Date: 6:53 pm  Sat Sep 17, 1988

 Thanks for clarifying my message, Proph.  BTW, what exactly is 6o1hadoto? 
Just curious as always.



Read:(1-100,^82),? :



83/100: DPAC.
Name: The Keeper #135
Date: 8:56 pm  Sat Sep 17, 1988

Greetz...

Well Who Ever Wanted The DPAC info, Leave Me E-Mail And I can Explain DpAC
To You, I Use it every Day, And It was a Real Cool System.

If You Need a NUI for Dpac Then I Guess You Could Leave Me E-Mail To.

The Keeper.
Telcom Canada.

P.S. Right now i am Using The Canadian Goverments Modem Pool Number to
Call Here, Its a Real CooSystem As Fell.



Read:(1-100,^83),? :



84/100: you guys
Name: <<< Ani Failure #50 >>>
Date: 3:02 am  Sun Sep 18, 1988

 you guys are going to get into some shit if you keep posting numbers and 
specific information on the systems you are in....don't you know that
everyone is on this board (s.s, fbi, bell security, sprint, etc. and more,
I'm sure) 
Think about it, this is a perfect place for people to keep tabs on
hackers/and phreaks. so watch what you post



Read:(1-100,^84),? :



85/100: agreed.
Name: Ground Zero #78
Date: 11:56 am  Sun Sep 18, 1988

Can someone delete our friend's post up there?

-gz


Read:(1-100,^85),? :



86/100: aksjgdyr
Name: Necron 99 #9
Date: 1:31 pm  Sun Sep 18, 1988

do not post numbers.  if you disagree with this, please send mentor mail.  or

me mail.


Read:(1-100,^86),? :



87/100: SURE..
Name: St.Elmos Fire #32
Date: 3:27 pm  Sun Sep 18, 1988

I AGREE, A PERSON SHOULDNT POST A CERTAIN NUMBER, BUT THERE IS ABSOULUTLY
NOTHING WRONG WITH TRADING INFORMATION ABOUT THE SYSTEM, IT IN NO WAY COULD
GET YOU IN TROUBLE. UNLESS OF COURSE YOUR {STUPID, AND POST AN ACCOUNT AND 
PASSWORD.

-FIRE

Read:(1-100,^87),? :



88/100: ...
Name: The Mentor #1
Date: 6:02 pm  Sun Sep 18, 1988

The point is, if you post that you are into the IRS's computers (or
whatever), that is probable cause, and reason enough to *minimum* put a DNR
on the line...
The Mentor
LOD/H!


Read:(1-100,^88),? :


89/100: THE KEEPER..
Name: Electric Warrior #134
Date: 6:01 am  Mon Sep 19, 1988


  All Canadian phreaks aren't like that, really..  While Datapac is a
realativly intelligent network, there is just to much diversity for it to be 
considered a good packet switching net.  Different types of datapac ports,
XXX0, XXX1, XXX1, etc, all have their own modem ports.  Most packet sizes are

256 instead of the (I assume) usual telenet 128..   Can't you guys reach 
Datapac address' with reverse charging on them through C XXX20 XXXXXXXX ?
Most of our numbers accept collect calls, but fewer will accept anything from
an international call.. 




Read:(1-100,^89),? :



90/100: Oy Vey.
Name: Master Micro #10
Date: 12:06 pm  Mon Sep 19, 1988

   For the sake of information, let's say, i'm interested how you changed
your set's to 'Pad To Pad' and see the other person's information. I remember
very well when you could connect to someone's NUA and just talk to them, but
i'm unaware of how you went about monitoring their information (without them 
knowing?) For information purposes, i'm interested in how you used to do
this. 
Might come in handy with an x.25/x.29 compatible server I found.

   Mm (Bellcore/Ua)

Read:(1-100,^90),? :



91/100: WANTED
Name: Doc Telecom #71
Date: 12:57 pm  Mon Sep 19, 1988


 I have the NCC's <Network Control Centers> and Accounts on them for a few of
the major PSN's [Packet Switching Networks], allong with the documentation
for creation of links,paths,nuas,ect. I am willing to trade, well since i
don't trade, i will be willing to give this information, <And some added

<Hint:DECLOD>.
Thanx,
           Doc Telecom/BC




 CREATE LINK altos using 5 DCE SP=XXX00 LOCAL=9 REMOTE=11 NUA=XXX2458XXX40004

NOOC PCV=1-48 SVC=49-XXX TRANS=100


Read:(1-100,^91),? :



92/100: ELF
Name: Doc Telecom #71
Date: 5:33 pm  Mon Sep 19, 1988

 I am looking for the source for ELF [Engine Load Facility], Tymnet put it
out in Dec 1987. I have the manuals [ELF Reference Manual, ELF Operators
Guide, and the Engine Pocket Guide] But i Need the source so i can put a
patch in it, 
In my last message I said I was looking for the NCC, I was refering to the 
"main" NCC, not all those little fucking [Can we cuss here to or do those 
messages get deleted to ?] things. [MUX Modifier Ports, or CMF's {a CMF is a 
Configuration Management Facility}], If anyone has this or any info on 
"Uninet" Leave me E-Mail.

 and here is a sprint: DOCI SBRA INDE AD

 Gotcha! Necron99!


Read:(1-100,^92),? :



93/100: ahem?
Name: Master Micro #10
Date: 4:04 pm  Tue Sep 20, 1988

   Hmmm.. thought we weren't going to be posting codes, numbers, passwords, 
etc.? Anyways, my PSN question..? Anybody know?


Read:(1-100,^93),? :



94/100: ...
Name: The Mentor #1
Date: 5:37 pm  Tue Sep 20, 1988

He isn't... that is a bogus code, getting ready to be a deleted code...
Doc, one warning.  You can fuck with Necron all you want in mail.  Posting 
that (yes, I know it isn't valid.)  is risking getting me in a lot of
trouble. 
Capice?
The Mentor
LOD/H!


Read:(1-100,^94),? :



95/100: ANSWERING MACHINES
Name: Tinman #132
Date: 6:10 am  Thu Sep 22, 1988

I know that Rip Shack sold answering machines a few years ago that allowed
you to call the machine, and when IT hung up, you were left with that persons
dial tone, Ergo, all calls were made at the expense of the owne{r{ of the 
machine.  I haven't run into to many lately.  Anybody know if other machines 
do the same thing ?   Also I notice the posting of SERVICES and CODES.  Looks
like bad news to me.  These phone companies are really staarting to w{is{e 
up.  Oh well who the hell cares ?  It just makes life more challenging.   Who
is this "Rockin Dude" anyway ?


Read:(1-100,^95),? :



96/100: or perhaps
Name: Necron 99 #9
Date: 12:34 pm  Thu Sep 22, 1988

we could ask "who is this tinman dude anyway"?


Read:(1-100,^96),? :


97/100: answering machines
Name: Norman Bates #58
Date: 2:49 am  Sat Sep 24, 1988

The only way you could get someones dialtone through their answering machine 
is if they had a call forwarding service on it, or if it handled 
two lines and was made to accomodate that kind of traffic.  It 
is not possible to overide someone who only has one line...  You have to have
a line to come in on, and a line to go out on you know...


                                  ...Norman/619


Read:(1-100,^97),? :



98/100: yep
Name: Brimstone #149
Date: 10:27 am  Sat Sep 24, 1988

    I guess the last message was true..

something related....

voice mail systems...
you could hook up to an extension, you could also hook up to a box...
but call those systems that have both (extensions that hook you up to people,
and a system that has mailboxes also)..

Also after you dial an extension or mailbox, it has to ring...
thos kinds of systems can be used as divertors sometimes..
I have found a few systems like that.

I found one system that all of the extensions that I've tried could've been 
used as a divertor...

but I have other systems which only one or a few boxes could be used..
so these things still exist


Read:(1-100,^98),? :



99/100: DataPac
Name: Creative Chaos #152
Date: 8:26 am  Sun Sep 25, 1988

Isn't DataPac the network that you type CHR$(13)"." to start with?

Well, here I go again, I have this system sitting on my shelf somewhere,
it's only identifing feature is "DataStream" the password is 4 digits to the 
system.  ALL I WANT TO KNOW... is why didn't I cna the bitch already... No,
no
Has anyone ever encountered a system like this ???  (this system required
something like a CHR$(13)"." to get started.)

 Creative Chaos
 The Punk Mafia


Read:(1-100,^99),? :



100/100: ...
Name: The Mentor #1
Date: 11:53 am  Sun Sep 25, 1988

I've run into systems that take '....' to get their attention... strange.
The Mentor
LOD/H!


Read:(1-100,^100),? :

100/100: ...
Name: Lex Luthor #
Date: 3:31 pm  Sun Sep 25, 1988


Doc Telecom, I believe I have access to ELF source along with a lot of other 
information regarding TYMNET.

IE: DECLOD  which was no big deal even though it was against my style to add 
accounts such as that one. However after checking to see that there are
hundreds of accounts similar to DECLOD and entering a somewhat valid
application for an account, I believed it was safe to do so along with it
being a learning experience as far as what could be accomplished by a
non-employee of either TSN or TYMNET 


Lex

Read:(1-100,^100),? :
  

< Electronics Q-scan done >

< Q-scan Packet Switched Nets #4 - 100 msgs >

 _____________________________________________________________________________

                      *** {GENERAL MESSAGE SUB-BOARD} ***

42/100: ANI
Name: Chance #128
Date: 1:00 pm  Tue Sep 20, 1988

Well.. if you are in an ESS area (Identify it by whether you can have custom
calling features) Then US Sprint 800 service CAN obtain your ful phone
number... That's all there is to it..


Read:(1-100,^42),? :


43/100: ...
Name: The Mentor #1
Date: 5:36 pm  Tue Sep 20, 1988

ummm... The ANI isn't transmitted unless you're in an equal access area...
ESS 
has nothing to do with it...
The Mentor
LOD/H!


Read:(1-100,^43),? :


44/100: ANI & Sprint
Name: The Cutthroat #101
Date: 6:47 pm  Tue Sep 20, 1988

Well I'm in ess but can't be in equall access, I'm calling from another 
country. Though anything comming from Canada could be routed through an
equall access area. E.G. Sprint owns the entire 800 exchange that they are
in.


Read:(1-100,^44),? :


45/100: RNS
Name: Doc Telecom #71
Date: 12:41 am  Wed Sep 21, 1988


 Hacking CONTELS RNS <Remote Node Switch>

 Have you ever ran accross  dialup that
 says "RNS$#5$New$York$City" that is the Switch that Contel uses for there
 Carlson/Stromberg CPX5,Etc Switches...Most accounts on the network cannot
 be accessed From Remote, but usually there is atlease one or two that give
 You Remote Access. Every RNS I have been in have it so *all* accounts have
 full <System admin> privliges...The defaults set by CS are:
 ADMIN/ADMIN SECURE/SECURE TMRS/TMRS DOC/TELECOM SCAT/SCAT MAINT/MAINT
 STATUS/STATUS NAC/NAC ESPF/ESPF.
 Also if someout drops carrier and doest $logoff there account remains
 active for the next user. Once in you will get a "MON>" Prompt and after
 every thing you type you will always get the MON Prompt. To Execute
 commands you must put a "$" in front of every thing at MON Level, there
 is no help provided by the System at MON level [But everything else is menu 
driven] To learn the Overlays ($) you must do a dir to get everthing, the
 system is devded into hundreds of sub systems (300 Megs).
 Here ara few of the subsystems [Overlays {$}].
 $DBUTL     - DataBase Utility
 $FILSYS    - All disk Access [Dir, Type, Format, Copy, Etc]
 $PASSWM    - List Users/Passwords, and other goodies.
 $ADMIN     - Switch Administration
 $CBUG      - Used to Debug/Patch the Switch
 Zi6/help
iDi


Read:(1-100,^45),? :


46/100: STAR CODES
Name: The Leftist #3
Date: 6:54 am  Wed Sep 21, 1988

Well, if Im not mistaken, there is a standard for the * codes, heres a
partial list

&










Leftist
Legion of Doom Hackers!


Read:(1-100,^46),? :


47/100: Sprint
Name: Sandy Sandquist #85
Date: 9:02 am  Wed Sep 21, 1988

I recently had a meeting with the local FBI SAIC. He mentioned something
that I thought many of you would be interested in or at least should know.
One of the problems that the FBI has in hacker cases is as a case develops
it is very difficult to tell the difference between a hacker and an
individual that is involved in espionage. It seems that those involved in
espionage hacking are following the same patterns that many of you follow.
When an audit trail is created there is no difference. Until they investigate
much deeper they can't tell the "casual hacker" from the professional hacker
involved in espionage. Ergo, if you are into government systems and think
that you are not doing any damage, maybe you should reconsider.
       ================Food For Thought=====================


Read:(1-100,^47),? :


48/100: ...
Name: The Mentor #1
Date: 10:11 am  Wed Sep 21, 1988

I don't know anyone who hacks government computers except by accident...  At 
least none of the people *I* work with are that foolish... 
The Mentor
LOD/H!


Read:(1-100,^48),? :


49/100: ...
Name: The Mentor #1
Date: 1:31 pm  Wed Sep 21, 1988

I'd like to welcome the second acknowledged security person on Phoenix.  Jay 
Stenger is a security manager for NTS (National Telecom Service???  Forgive 
me, I forgot the acronym...).  Anyway, perhaps he will field some questions 
also and take some of the load off of Sandy...

I'll start it off... Jay, what exactly does NTS do, are they regional or 
nationwide, and what does your job consist of for the most part?

The Mentor


Read:(1-100,^49),? :


50/100: Hello Jay
Name: Sandy Sandquist #85
Date: 2:29 pm  Wed Sep 21, 1988

Hello Jay, welcome "above board". For those of you who don't know, Jay was
a US Sprint Security Manager until NTS made him a deal he could not turn
down. You will find that Jay knows this business and will be responsive to
your questions,,,That is if he ever learns to return his calls on time.
(a little inside jab at Jay from an old friend.)


Read:(1-100,^50),? :


51/100: mymym
Name: The Leftist #3
Date: 4:19 pm  Wed Sep 21, 1988

We seem to be geting real popular with the security people all of a sudden..
I guess the word has gotten around that theres good hackers here who DONT
spend all their time obtaining ill gotten phone cards....

Leftist


Read:(1-100,^51),? :


52/100: Bioc Agent 007
Name: The Prophet #91
Date: 5:35 pm  Wed Sep 21, 1988

Sandy-
  Hey, I never question a Special Agent in Charge, but are there really any 
"professional hackers" involved in espionage? To my knowledge, no one has
ever 
been tried and convicted for gaining unauthorized access to a system with 
"espionage" as the motive. Hacker hobbyists aside, the rest of the crimes are

committed by disgruntled employees.

By the way, someone (can't remember the name) wrote a fascinating book on one

such case, called The Great Bank of America Telex Heist.

  -TP
6o1hadoto


Read:(1-100,^52),? :
 
81/100: Hackers....
Name: Doc Telecom #71
Date: 3:51 am  Wed Sep 28, 1988

 I think that the hackers they were talking about were not true hackers but 
just pirates/c0de abusers/ and warez dudes.. Most of the true hackers out 
there don't even abuse codes....And most Phone Phreaks don't have a need to
Shit! The phone company provis so many alternitive ways to place phone calls!
[That reminds me..^C when you called me yesterday and said that you were 
paying for your calls...Well when we were hanging up and the operator said 
"Are you finished with your calls yet?" That seemed like the TSPS Maintence 
trick to me..!] By the way the TSPS trick is legal, except that you must not 
impersinate someone while doing it....If you can just confuse the shit out of

the TSPS operator to place your call...it is considerd legal and the
stupidity of the operator...Also note: That using a diverter is legal just as
well..but it depends on your morals..I mean they do have to pay for that 1000
$$ alience teleconfrencing bill.

 Essential Overload


Read:(1-100,^81),? :




85/100: XMUX
Name: Electric Warrior #134
Date: 6:36 am  Thu Sep 29, 1988


     The system you encountered (The XMUX, also sometimes labeled as VMUX)
are the control modules behind SERVICE ID= prompts.  I've seen several of
these, and unless you know what you're doing, you cannot effect anything
permanently.  As near as I can tell, when you connect to an address that
normally says SERVICE ID= at a certain time of day, you will be dropped into
this system, made for the control of PAD's and the security protection of
certain address's (Closed User Group: 'Access Barred' except to authorized
users). 

   Each XMUX usually has some kind of accounts listed in the Maintenance and
Profile areas, such as CONSOLE or LOGGER.  Like I said, it is hard to really
change anything permanently (ie: access control protection) and they are very
easy to crash.  Do not try to dial into or supervise another address.  This
will cause the system to lock up, and you cannot usually regain control and
most likely, the system will go back to saying SERVICE ID= permanently.  Play
around with it because it will probably not be there the next day. 

With no available help files, a lot of its functions remain a mystry (mabye
because you are connected to the address usually used to outdial to other
NA's, therefore causing a crash when the line is occupied...) and the system
is realativly uninteresting.

                                       - Electric Warrior



Read:(1-100,^85),? : 


88/100: Hacking and Espionage
Name: Lex Luthor #81
Date: 3:30 pm  Sun Sep 25, 1988


I have not heard of anyone doing any hacking primarily for the purpose of 
passing that information on to a foreign nation.
I personally, despise the thought of it, let alone its practice.
However if there were/are those who hack for that purpose, who would hear 
about it anyway?

I have come across information which I believe would be considered valuable
to other nations,  so I know the information (whether classified or non 
classified) is out there accessable to those with the correct access.
When I say other nations, Of course I am speaking about the USSR but don't 
forget there are many other countries out there obtaining information about 
the US. For instance, our pals Isreal, of course they don't like to admit it.

Anyways, for those who are interested, Issue #3 of the LOD/H Technical
Journal 
WILL be out within a month. Period.

Lex


Read:(1-100,^88),? :

99/100: RNS
Name: Doc Telecom #71
Date: 4:04 am  Wed Sep 28, 1988


 I figured I would Explain A bit more on how a Remote Node Switch connects To
the Bell Operating Company (BOC) Maintence Centers. Within the BOC serveral 
interfaces are used to provide information of a individual Stored Program 
Controlled Switching System (SPCS). Which in the cas of RNS is the DCO
system.
 The Remote Node Switch (RNS) uses the EADAS/NAC funtion to ensure that the 
Bell Operating System Switches arproperly equipped for thier network
function.
Each of primary datalinks used for data transfer [From RNS to BOC Sytems ] to
EADAS/NAC has its own protocal.
 The RNS is also compatable with Remoteemory Administration System (RMAS) 
Interface. [The RMAS is an AT&T support system used by BOC's] The RMAS takes 
care of the administration of the database for the Telco Switches connected
to it.

 Essential Overload


Read:(1-100,^99),? :



100/100: They help themselves and us
Name: Lex Luthor #81
Date: 1:53 am  Wed Oct 05, 1988


For those security people who have the forsight to provide technical 
information to us via this bbs I salute you. Why? Because by educating
phreaks on your phone systems, mainly on information pertaining to fraud
detection and such, they are helping themselves and us.

For instance, by telling everyone that their service has ANI on their 800 
dialups and also by saying that they agressively persue all fraudulant cases,
they alert those phreaks who would have unknowningly attempted or succeeded 
at abusing the service in question that the chances of being caught are high.
By giving out this information, the security people reduce potential abuse of
their systems and at the same time save those phreaks who would have 
ignorantly abused the service from the expense, embarrassment, etc. of a
visit or arrest or possible litigation.

Thus, the companies who do provide this information will reduce the amount of
fraud, save money by not spending much needed resouces on chasing after those
who would have abused their service, AND keep phreaks from getting into
trouble.

Now, for those companies who have lame security, well maybe faking that they 
have good security might help...yeah right. Maybe they should stop spending
money on investigators and litigation and instead spend it on preventing the 
abuse in the first place, which of course means spending that money on 
SECURITY for a change.

Lex


Read:(1-100,^100),? :

_________________________________________________________________________


                    *** {"INSTRUCTOR" SUB-BOARD} ***


1/38: this
Name: <<< The Mentor #1 >>>
Date: 11:25 pm  Sat Jul 02, 1988

This is the top level board.  If you are on here, you are one of the people I

expect to be answering questions that the others ask on the lower boards. 
Without your help, this board will go nowhere...
If you have suggestions about new subs, feel free to leave them here or in 
feedback.
The Mentor


Read:(1-38,^1),? :



2/38: Uhh..
Name: Epsilon #12
Date: 8:13 am  Tue Jul 12, 1988
  Well, the conversation is really kickin' in this base.  I'll tell you..



Read:(1-38,^2),? :



3/38: ok
Name: The Mentor #1
Date: 2:00 am  Wed Jul 13, 1988

Ok, I suppose this would be a place to discuss anything that you don't want 
beginners playing with... what are the various forms of outdials from
telenet? 
I've used the unix CU, VMS $set host/dial=dte, and am going to 
try pcp tonight... what others are there?
Mentor


Read:(1-38,^3),? :

4/38: Telenet X.25 Outdials
Name: Epsilon #12
Date: 8:37 am  Wed Jul 13, 1988

  There are modems on Telenet used by PC Pursuit that call locally, and there
  are modems used by PC Pursuit that call long distance (god knows why).

  There are other outdials that you can find sometimes on a corporate LAN
  somewhere, or a terminal server which can be accessed via Telenet.
  For example..  Say the NUA XXX789 brings you to a DECServer.  From that
  DECServer, you'd get a list of hosts to connect to.  One of these choices
  may be a modem.  I've tried 'c outdial', 'c modem', 'c dial', and some
  times it they work.

  Other servers may be used in place of a DEC.  Like Bridge Systems LANs.
  They're all over Telenet, and are usually used in private exchanges.
  122 (GTE) has many of them.

  So that basically covers outdials.  We have..

  1) VAX/VMS
  2) UNIX cu
  3) PC Pursuit
  4) Private Modems on LANs

  Anyone have anything to add?

  Epsilon



Read:(1-38,^4),? :


5/38: Outdials
Name: Phantom Phreaker #37
Date: 2:09 am  Mon Jul 18, 1988

   I have seen a system on Telenet that, when connected to, automatically 
logged into a unix system as 'uucp' and  then dropped the user into an
outdial program. I found out about the unix when I sent a hard break at the
right time, I was dropped into the bourne shell prompt. There were no
unpassworded logins, and uucp had a password too. I raided the L.sys/Systems
file, the etc/password file, and then logged out via the @ sign on Telenet. I
never could get back into the unix though, no matter what I did the
applications program doesn't seem to be exitable to shell. Try it,
XXX293...don't give this out if you can get the pw.

Phantom



Read:(1-38,^5),? :


6/38: That Outdial
Name: Epsilon #12
Date: 10:00 am  Mon Jul 18, 1988

  That's kind of interesting, and fairly unique.  I've never seen an
  address on Telenet that will drop into a host running an 'outdial'
  program.  Fun fun fun.



Read:(1-38,^6),? :



7/38: kind of
Name: The Leftist #3
Date: 1:39 pm  Tue Jul 26, 1988

Reminds me of when I called telenet, and instead of telenet, I found myself 
logged into a privelesged acct on a primos.. that was weird!


Read:(1-38,^7),? :



8/38: ...
Name: Epsilon #12
Date: 5:05 pm  Tue Jul 26, 1988

  Random fluke.  Never happened to me.  It'd be real cool to find out what
  actually happened.

  - LOD Groupie



Read:(1-38,^8),? :



9/38: XXX293
Name: Prime Suspect #70
Date: 11:45 pm  Tue Aug 09, 1988

    I remember that system. It was a major bug
I don't think it was really a Unix though. It's a different system now
altogether though. I used to be able to type anything or a ctrl-c as
a password and it would drop to the outdial. It would only allow
one user at a time. The prompt turned out to be a "$" though.
You say you found those files? That's weird. Was this recent or from the
major past?
Sounds recent to me.


Read:(1-38,^9),? :



10/38: ...
Name: Phiber Optik #86
Date: 10:02 pm  Fri Aug 12, 1988

I'm sure many of you have outdials either on telenet or tymnet, so I
encourage 
that some of you use ALTOS in Munich as a place for conversation. 
XXX2458XXX40004.
Here is a gateway server, if needed:
XXX40 (Caller ID Required)
When connected... (example)
c!128#2XXXXXX0040004

I have already run into Epsilon and Necron 99 many times. It would be nice to

see more of you, as my geek-killing utilities ward off loosers and lamers, 
maybe some topics of interest may be discussed seriously.

Optik



Read:(1-38,^10),? :



11/38: Optik
Name: Epsilon #12
Date: 8:36 am  Sat Aug 13, 1988

  Those utilities are quite nice.  You know, we should create a program to
  run all the zaps simultaneously, so you don't have to kill each account
  individually.

  I don't know how feasible or practical that is, but it might work.



Read:(1-38,^11),? :



12/38: that thiings
Name: <<< Ani Failure #50 >>>
Date: 3:02 am  Sun Aug 14, 1988

 it was last year sometime when I fucked with XXX293, i have the Systems (or
was it L.sys, can't remember) and password files.

ANIF


Read:(1-38,^12),? :



13/38: Telenet internals
Name: The Prophet #91
Date: 6:40 pm  Tue Aug 30, 1988

Anyone have any information on Telenet's internal systems? (Primos, I 
believe.) NUA's would be appreciated. I've seen the innards of a net using
the same software... The control software itself is called TDT or TDT2
(Telenet Diagnostic Tool). Nice, VMS-like online help facility should explain
the capabilities easily. I'd like to have a crack at Telenet's own.

  -TP


Read:(1-38,^13),? :



14/38: um, well
Name: Magic Hasan #64
Date: 6:41 pm  Wed Aug 31, 1988

i hope mentor and necron forgive me ..but here are a few nuas
you should look into for Telents internal primes:
XXX99
XXX101
XXX39
XXX138
XXX10
-MH


Read:(1-38,^14),? :



15/38: ok.
Name: The Mentor #1
Date: 8:34 pm  Wed Aug 31, 1988

This sub is safe for mundane things like NUA's and phone #'s.  Still no 
accounts... Nec, don't whine.
The Mentor


Read:(1-38,^15),? :


16/38: ...
Name: Epsilon #12
Date: 9:30 pm  Wed Aug 31, 1988

  I have a scan that I did of 909, if you want that.  Just ask.



Read:(1-38,^16),? :



17/38: 909
Name: Epsilon #12
Date: 2:14 pm  Thu Sep 01, 1988

  I talked to a Telenet technician today in Seattle, WA.  He said that the
  diagnostic systems in 909 will enable you to "look at anything you
  want".  I assume that means that you are able to modify the network
  and the PADs, and hosts which are connected.

  He said the Prime computers in that exchange are used for network control
  and diags.  Well, there you go.  You now know what the systems do, so
  break out your defaults.



Read:(1-38,^17),? :



18/38: Diagnostic systems
Name: The Prophet #91
Date: 7:47 pm  Thu Sep 01, 1988

You can indeed modify the x25 parameters for pads and hosts. Also routing, 
etc. Just what I always wanted to do...

  -TP
Thanks, Hasan.


Read:(1-38,^18),? :



19/38: ...
Name: Epsilon #12
Date: 12:39 pm  Fri Sep 02, 1988

  Hasan?  I posted that message.  Heh..


Read:(1-38,^19),? :



20/38: yep
Name: Magic Hasan #64
Date: 4:49 pm  Fri Sep 02, 1988

But I posted the important nuas.
heh.
'welcome
-MH


Read:(1-38,^20),? :



21/38: ..
Name: Epsilon #12
Date: 10:21 pm  Fri Sep 02, 1988

  Well!  Fine!  <stomping off in a huff>



Read:(1-38,^21),? :



22/38: telenet/nasa
Name: Knightmare #21
Date: 3:21 am  Mon Sep 05, 1988

I'm sure you all know of the nua, NASA.  Is it some sort of mail system or 
something useful? I doubt the second.  About dialing Telenet and running into
a system upon connection; it has happened many times to me too. But I keep 
running into database services.  Also, does OKX25OKX25OKX25..etc look 
familiar? I got that tonight when I attempted to call Telenet. btw, hello to 
all..{epsilon,necron,mh,ani-f,prime,etc}


Read:(1-38,^22),? :



23/38: ...
Name: Epsilon #12
Date: 8:44 am  Mon Sep 05, 1988

  It seems like the results of some diagnostics that were being run on that
particular PAD before you called it.  That's kind of neat.  I've never been 
connected to anything when I call the Telenet port.  Leftist - What did you 
say you were connected to?  Was it a Prime?  That's so strange.



Read:(1-38,^23),? :



24/38: gueess..
Name: Knightmare #21
Date: 2:01 am  Tue Sep 06, 1988

..Telenet has that same problem as Cosmos.  Sure most modem do that..kinda 
gives us an edge. It was funny today, I was connected to thee Washington 
outdial for PCP. I bet there is no way to figure out which PCP account 
that the Telenet is using for the call to the outdial modem.



Read:(1-38,^24),? :



25/38: ...
Name: Epsilon #12
Date: 9:32 am  Tue Sep 06, 1988

  Knightmare - Telenet's software connects itself.  It doesn't need any 
accounts.  Heh.

  Also, do you think you guys could possibly post some exchanges that haven't
been scanned (reachable via Telenet) as of yet?  I'm interested in finding
new stuff.  I only have a few private prefixes.  They are..
  122
  223
  224
  422
  909

  That's it I think.  Anyone? Anyone?



Read:(1-38,^25),? :



26/38: Telenet
Name: <<< Ani Failure #50 >>>
Date: 4:51 pm  Tue Sep 06, 1988



 I don't think you can reach the 122xxx exchange on Telenet anymore, at least
not on the dialup the I attempted to connected to one of the GS-1 Gateway 
server systems (XXX55). I (and others, like Epsilon) got into those things , 
and I was able to get medium privs on the thing (when you call normally and 
enter the server, you are in what I call the low level of privs). Anyway, I 
wrote a file about the GS-1 server5a if anyone wants to see it I could u/l
it.

ANI-F
$LOD$

//s


Read:(1-38,^26),? :



27/38: ...
Name: Epsilon #12
Date: 2:15 pm  Wed Sep 07, 1988

  One way of achieving higher privs on a GS/1, CS/200, or any other make of 
Bridge Systams LAN Gateways is to use the command 'SET PR = G' (Set
PRivileges = Global).  In most cases this command will prompt the server to
ask you for a password.  I suppose guessing is the best way to gain full
privs.

  Other neat things.  'SH NM -LONG' gives youa full network map.  'SH CHN' or
'SH N' (on a CS/200) gives you a list of attachable nodes.  'Sh SES' shows
the current session.  'SH GLPAR' shows gloabal parameters.  Use '?' to get a
full list of commands, and parameters.


Read:(1-38,^27),? :



28/38: y
Name: The Mentor #1
Date: 5:20 pm  Thu Sep 08, 1988

Who is No Remorse and why is he recommending that people (Necrovore) ask for 
access to this sub?  Please keep the existance of higher-level than public 
boards a secret, thank you...

No Remorse?  Sounds like another one of Necron's aliases.

Mentor


Read:(1-38,^28),? :


29/38: hey,
Name: Necron 99 #9
Date: 7:14 pm  Thu Sep 08, 1988

wait a sec.  he's a freind of mine.  didn't you just talk to me last night & 
say " do you want this other guy up here..", i just thought it would make 
things simpler this way.
or will i have to come over to your house and skin you alive, hm?


Read:(1-38,^29),? :



30/38: ok
Name: The Mentor #1
Date: 11:30 am  Fri Sep 09, 1988

Ok... Nec, when you recommend people for high access, please leave me a 
note... I get calls regularly from people saying "The Leftist will vouch for 
me" or some such nonsense, then find out Lefty talked to them once on
Altos... 
you know what I mean...
Anyway, welcome to Necrovore, who *finally* has access up here after a long 
and bloody struggle... sorry about the delay, the 'No Remorse' thing threw me

off...

Mentor


Read:(1-38,^30),? :


31/38: ...
Name: Epsilon #12
Date: 1:51 pm  Fri Sep 09, 1988

  Yeah, well, we all know how Necron is.  No remorse whatsoever.



Read:(1-38,^31),? :



32/38: Tymnet
Name: The Prophet #91
Date: 2:54 pm  Fri Sep 09, 1988

If anyone has any information regarding a Tymnet internal system called elf, 
please leave me E-mail.
  -TP


Read:(1-38,^32),? :



33/38: hmmm
Name: The Mentor #1
Date: 8:11 am  Tue Sep 13, 1988

Anyone know anything about Pink Death? 
a) Infrequent caller (1 time every week or so)
b) Reads *everything*.
c) Posts *nothing*.  No email.  No Feedback (except for validation). 
Nothing.

This is a pattern I associate with someone more interested in buffering the 
board than actually learning anything... comments?

The Mentor
LOD/H!


Read:(1-38,^33),? :



34/38: asdf
Name: Necron 99 #9
Date: 9:32 am  Tue Sep 13, 1988

kill him, and see what happens.


Read:(1-38,^34),? :


35/38: urm..
Name: Necrovore #117
Date: 7:12 am  Wed Sep 14, 1988

Yo guys.  glad ta be here.  er, I am pretty much more into teleco shit than 
hacking, but I am an avid PRIMOS enthusiast and have been involved in
learning as much as possible about PRIMOS (down to the machine level, even)..
so I guess I'll deal more with teleco than systems, but will also help out
with the PRIMOS and Telenet questions..

By the way: go find and download Telecom Computer Security Bulletin issue #1 
(TCSB for short).  Concieved last friday night by me and Doctor Cypher and 
released (a little less than 200k, 96 printed pages) 40 hours later with 11 
articles.  A ew tech journal is what it is.. the Bellcore/Xtension tech 
journal.  read.. it's good..
Necrovore
Xtension



Read:(1-38,^35),? :



36/38: yasd
Name: Necron 99 #9
Date: 3:52 pm  Wed Sep 14, 1988

upload it here when you have the time, ok, necrovore?


Read:(1-38,^36),? :



37/38: AAAAAHHHHHHH!!!!!
Name: Agent Steal #123
Date: 3:12 am  Fri Sep 16, 1988

  I'm here! Big deal right? Well some day I'll get busted and you will all 
hear about all the inovative, bold and crazy things I've done and can't talk 
about because most phreaks are narrow minded, bullshiting, inmature, fuck 
heads that would nark on there girlfriend if the shit came down! Present 
company not included of course. Well anyway you can say you knew me when...


Read:(1-38,^37),? :



38/38: hey all
Name: Knightmare #21
Date: 6:07 pm  Tue Sep 20, 1988

..i'm still here.   If you thought I died.  School is keeping me pretty
busy.. gotta go. seeya guys.

Knightmare


Read:(1-38,^38),? :



29/31: underlord...
Name: Doc Cypher #155
Date: 5:09 pm  Fri Sep 30, 1988

   
That little DataPac fiasco was kind of disappointing.   The account no longer
works, and as you may or may not know, packet and frame level configuration
is an important part of a network, and you fucked it up.   You have no
control of billing there by the way, and just to be a nice guy (and return a
favor), im killing COOPNAT for you and all your friends once and for all, and
leaving it in a CUG, something you have no control over.   Enjoy the L/D
calls to the U.S.
  The only reason that we (BC) kept changing it from a CUG to a user-level 
account was for a simple service to the canadian hacking community (we have 
our own accounts there) and out condition? Dont fuck with Datapac NOC
systems. 
 Well, youve ruined it for your friends and the canadian hacking community. 
Enjoy yourself.  Ill be engineering the new gandalf account monday.

Doctor Cypher
%BC%
 


Read:(1-31,^29),? :

 _____________________________________________________________________________

                *** {Files Written by the Sysop, The Mentor} ***



                       \/\The Conscience of a Hacker/\/

                                      by

                               +++The Mentor+++

                          Written on January 8, 1986
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

        Another one got caught today, it's all over the papers.  "Teenager
Arrested in Computer Crime Scandal," "Hacker Arrested after Bank Tampering"...
        Damn kids.  They're all alike.

        But did you, in your three-piece psychology and 1950's technobrain,
ever take a look behind the eyes of the hacker?  Did you ever wonder what
made him tick, what forces shaped him, what may have molded him?
        I am a hacker, enter my world...
        Mine is a world that begins with school... I'm smarter than most of
the other kids, this crap they teach us bores me...
        Damn underachievers.  They're all alike.

        I'm in junior high or high school.  I've listened to teachers explain
for the fifteenth time how to reduce a fraction.  I understand it.  "No, Ms.
Smith, I didn't show my work.  I did it in my head..."
        Damn kid.  Probably copied it.  They're all alike.

        I made a discovery today.  I found a computer.  Wait a second, this is
cool.  It does what I want it to.  If it makes a mistake, it's because I
screwed it up.  Not because it doesn't like me...
                Or feels threatened by me...
                Or thinks I'm a smart ass...
                Or doesn't like teaching and shouldn't be here...
        Damn kid.  All he does is play games.  They're all alike.

        And then it happened... a door opened to a world... rushing through
the phone line like heroin through an addict's veins, an electronic pulse is
sent out, a refuge from the day-to-day incompetencies is sought... a board is
found.
        "This is it... this is where I belong..."
        I know everyone here... even if I've never met them, never talked to
them, may never hear from them again... I know you all...
        Damn kid.  Tying up the phone line again.  They're all alike...

        You bet your ass we're all alike... we've been spoon-fed baby food at
school when we hungered for steak... the bits of meat that you did let slip
through were pre-chewed and tasteless.  We've been dominated by sadists, or
ignored by the apathetic.  The few that had something to teach found us will-
ing pupils, but those few are like drops of water in the desert.

        This is our world now... the world of the electron and the switch, the
beauty of the baud.  We make use of a service already existing without paying
for what could be dirt-cheap if it wasn't run by profiteering gluttons, and
you call us criminals.  We explore... and you call us criminals.  We seek
after knowledge... and you call us criminals.  We exist without skin color,
without nationality, without religious bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us
and try to make us believe it's for our own good, yet we're the criminals.

        Yes, I am a criminal.  My crime is that of curiosity.  My crime is
that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me
for.

        I am a hacker, and this is my manifesto.  You may stop this
individual, but you can't stop us all... after all, we're all alike.

                               +++The Mentor+++

 _____________________________________________________________________________


                                ==Phrack Inc.==

                      Volume Two, Issue 22, File 4 of 12

               +++++++++++++++++++++++++++++++++++++++++++++++++
               |              The LOD/H Presents               |
++++++++++++++++                                               ++++++++++++++++
 \                 A Novice's Guide to Hacking- 1989 edition                 /
  \                =========================================                /
   \                                  by                                   /
    \                             The Mentor                              /
     \                  Legion of Doom/Legion of Hackers                 /
      \                                                                 /
       \                        December, 1988                         /
        \                  Merry Christmas Everyone!                  /
         \+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/


The author hereby grants permission to reproduce, redistribute, or include this
file in your g-file section, electronic or print newletter, or any other form
of transmission that you choose, as long as it is kept intact and whole, with
no ommissions, deletions, or changes.

      (C) The Mentor- Phoenix Project Productions 1988,1989  512/441-3xxx


Introduction:  The State of the Hack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After surveying a rather large g-file collection, my attention was drawn to the
fact that there hasn't been a good introductory file written for absolute
beginners since back when Mark Tabas was cranking them out (and almost

radically since that time, and as the 90's approach, the hack/phreak community
has recovered from the Summer '87 busts (just like it recovered from the Fall
'85 busts, and like it will always recover from attempts to shut it down), and
the progressive media (from Reality Hackers magazine to William Gibson and
Bruce Sterling's cyberpunk fables of hackerdom) is starting to take notice
of us for the first time in recent years in a positive light.

Unfortunately, it has also gotten more dangerous since the early 80's.  Phone
cops have more resources, more awareness, and more intelligence than they
exhibited in the past.  It is becoming more and more difficult to survive as a
hacker long enough to become skilled in the art.  To this end this file is
dedicated.  If it can help someone get started, and help them survive to
discover new systems and new information, it will have served it's purpose, and
served as a partial repayment to all the people who helped me out when was a
beginner.
Contents
~~~~~~~~
This file will be divided into four parts:
     Part 1:  What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety
     Part 2:  Packet Switching Networks: Telenet- How it Works, How to Use it,
              Outdials, Network Servers, Private PADs
     Part 3:  Identifying a Computer, How to Hack In, Operating System Defaults
     Part 4:  Conclusion; Final Thoughts, Books to Read, Boards to Call,
              Acknowledgements

Part One:  The Basics
~~~~~~~~~~~~~~~~~~~~~
As long as there have been computers, there have been hackers.  In the 50's at
the Massachusets Institute of Technology (MIT), students devoted much time and
energy to ingenious exploration of the computers.  Rules and the law were
disregarded in their pursuit for the 'hack.'  Just as they were enthralled with
their pursuit of information, so are we.  The thrill of the hack is not in
breaking the law, it's in the pursuit and capture of knowledge.

To this end, let me contribute my suggestions for guidelines to follow to
ensure that not only you stay out of trouble, but you pursue your craft without
damaging the computers you hack into or the companies who own them.

I.    Do not intentionally damage *any* system.
II.   Do not alter any system files other than ones needed to ensure your
      escape from detection and your future access (Trojan Horses, Altering
      Logs, and the like are all necessary to your survival for as long as
      possible).
III.  Do not leave your (or anyone else's) real name, real handle, or real
      phone number on any system that you access illegally.  They *can* and
      will track you down from your handle!
IV.   Be careful who you share information with.  Feds are getting trickier
      Generally, if you don't know their voice phone number, name, and
      occupation or haven't spoken with them voice on non-info trading
      conversations, be wary.
V.    Do not leave your real phone number to anyone you don't know.  This
      includes logging on boards, no matter how k-rad they seem.  If you don't
      know the sysop, leave a note telling some trustworthy people that will
      validate you.
VI.   Do not hack government computers.  Yes, there are government systems that
      are safe to hack, but they are few and far between.  And the government
      has inifitely more time and resources to track you down than a company
      who has to make a profit and justify expenses.
VII.  Don't use codes unless there is *NO* way around it (you don't have a
      local telenet or tymnet outdial and can't connect to anything 800).  You
      use codes long enough, you will get caught.  Period.
VIII. Don't be afraid to be paranoid.  Remember, you *are* breaking the law.
      It doesn't hurt to store everything encrypted on your hard disk, or
      keep your notes buried in the backyard or in the trunk of your car.  You
      may feel a little funny, but you'll feel a lot funnier when you when you
      meet Bruno, your transvestite cellmate who axed his family to death.
IX.   Watch what you post on boards.  Most of the really great hackers in the
      country post *nothing* about the system they're currently working except
      in the broadest sense (I'm working on a UNIX, or a COSMOS, or something
      generic.  Not "I'm hacking into General Electric's Voice Mail
      System" or something inane and revealing like that).
X.    Don't be afraid to ask questions.  That's what more experienced hackers
      are for.  Don't expect *everything* you ask to be answered, though.
      There are some things (LMOS, for instance) that a begining hacker
      shouldn't mess with.  You'll either get caught, or screw it up for
      others, or both.
XI.   Finally, you have to actually hack.  You can hang out on boards all you
      want, and you can read all the text files in the world, but until you
      actually start doing it, you'll never know what it's all about.  There's
      no thrill quite the same as getting into your first system (well, ok, I
      can thinksavea couple of biggers thrills, but you get the picture).

One of the safest places to start your hacking career is on a computer system
belonging to a college.  University computers have notoriously lax security,
and are more used to hackers, as every college computer department ment has one
or two, so are less likely to press charges if you should be detected.  But the
odds of them detecting you and having the personel to committ to tracking you
down are slim as long as you aren't destructive.

If you are already a college student, this is ideal, as you can legally explore
your computer system to your heart's desire, then go out and look for similar
systems that you can penetrate with confidence, as you're already
familar with them.

So if you just want to get your feet wet, call your local college.  Many of
them will provide accounts for local residents at a nominal (under $20) charge.

Finally, if you get caught, stay quiet until you get a lawyer.  Don't volunteer
any information, no matter what kind of 'deals' they offer you.  Nothing is
binding unless you make the deal through your lawyer, so you might as well shut
up and wait.

Part Two:  Networks
~~~~~~~~~~~~~~~~~~~
The best place to begin hacking (other than a college) is on one of the
bigger networks such as Telenet.  Why?  First, there is a wide variety of
computers to choose from, from small Micro-Vaxen to huge Crays.  Second, the
networks are fairly well documented.  It's easier to find someone who can help
you with a problem off of Telenet than it is to find assistance concerning your
local college computer or high school machine.  Third, the networks are safer.
Because of the enormous number of calls that are fielded every day by the big
networks, it is not financially practical to keep track of where every call and
connection are made from.  It is also very easy to disguise your location using
the network, which makes your hobby much more secure.

Telenet has more computers hooked to it than any other system in the world once
you consider that from Telenet you have access to Tymnet, ItaPAC, JANET,
DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other networks, all of
which you can connect to from your terminal.

The first step that you need to take is to identify your local dialup port.
This is done by dialing 1-800-424-9494 (1200 7E1) and connecting.  It will
spout some garbage at you and then you'll get a prompt saying 'TERMINAL= '.
This is your terminal type.  If you have vt100 emulation, type it in now.  Or
just hit return and it will default to dumb terminal mode.

You'll now get a prompt that looks like a @.  From here, type @c mail <cr> and
then it will ask for a Username.  Enter 'phones' for the username.  When it
asks for a password, enter 'phones' again.  From this point, it is menu driven.
Use this to locate your local dialup, and call it back locally.  If you don't
have a local dialup, then use whatever means you wish to connect to one long
distance (more on this later).

When you call your local dialup, you will once again go through the TERMINAL=
stuff, and once again you'll be presented with a @.  This prompt lets you know
you are connected to a Telenet PAD.  PAD stands for either Packet
Assembler/Disassembler (if you talk to an engineer), or Public Access Device
(if you talk to Telenet's marketing people.)  The first description is more
correct.

Telenet works by taking the data you enter in on the PAD you dialed into,
bundling it into a 128 byte chunk (normally... this can be changed), and then
transmitting it at speeds ranging from 9600 to 19,200 baud to another PAD, who
then takes the data and hands it down to whatever computer or system it's
connected to.  Basically, the PAD allows two computers that have different baud
rates or communication protocols to communicate with each other over a long
distance.  Sometimes you'll notice a time lag in the remote machines response.
This is called PAD Delay, and is to be expected when you're sending data
through several different links.

What do you do with this PAD?  You use it to connect to remote computer
systems by typing 'C' for connect and then the Network User Address (NUA) of
the system you want to go to.

An NUA takes the form of   031103130002520
                           ___/___/___/
                             |    |    |
                             |    |    |____ network address
                             |    |_________ area prefix
                             |______________ DNIC


This is a summary of DNIC's (taken from Blade Runner's file on ItaPAC)
according to their country and network name.


DNIC   Network Name    Country          DNIC   Network Name    Country
_______________________________________________________________________________
                                     |
02041   Datanet 1       Netherlands  |  03110   Telenet         USA
02062   DCS             Belgium      |  03340   Telepac         Mexico
02080   Transpac        France       |  03400   UDTS-Curacau    Curacau
02284   Telepac         Switzerland  |  04251   Isranet         Israel
02322   Datex-P         Austria      |  04401   DDX-P           Japan
02329   Radaus          Austria      |  04408   Venus-P         Japan
02342   PSS             UK           |  04501   Dacom-Net       South Korea
02382   Datapak         Denmark      |  04542   Intelpak        Singapore
02402   Datapak         Sweden       |  05052   Austpac         Australia
02405   Telepak         Sweden       |  05053   Midas           Australia
02442   Finpak          Finland      |  05252   Telepac         Hong Kong
02624   Datex-P         West Germany |  05301   Pacnet          New Zealand
02704   Luxpac          Luxembourg   |  06550   Saponet         South Africa
02724   Eirpak          Ireland      |  07240   Interdata       Brazil
03020   Datapac         Canada       |  07241   Renpac          Brazil
03028   Infogram        Canada       |  09000   Dialnet         USA
03103   ITT/UDTS        USA          |  07421   Dompac          French Guiana
03106   Tymnet          USA          |

There are two ways to find interesting addresses to connect to.  The first and
easiest way is to obtain a copy of the LOD/H Telenet Directory from the LOD/H
Technical Journal 4 or 2600 Magazine.  Jester Sluggo also put out a good list
of non-US addresses in Phrack Inc. Newsletter Issue 21.  These files will tell
you the NUA, whether it will accept collect calls or not, what type of computer
system it is (if known) and who it belongs to (also if known.)

The second method of locating interesting addresses is to scan for them
manually.  On Telenet, you do not have to enter the 03110 DNIC to connect to a
Telenet host.  So if you saw that 031104120006140 had a VAX on it you wanted to
look at, you could type @c 412 614 (0's can be ignored most of the time).

If this node allows collect billed connections, it will say 412 614 CONNECTED
and then you'll possibly get an identifying header or just a Username: prompt.
If it doesn't allow collect connections, it will give you a message such as 412
614 REFUSED COLLECT CONNECTION with some error codes out to the right, and
return you to the @ prompt.

There are two primary ways to get around the REFUSED COLLECT message.  The
first is to use a Network User Id (NUI) to connect.  An NUI is a username/pw
combination that acts like a charge account on Telenet.  To collect to node
412 614 with NUI junk4248, password 525332, I'd type the following:
@c 412 614,junk4248,525332  <---- the 525332 will *not* be echoed to the
screen.  The problem with NUI's is that they're hard to come by unless you're a
good social engineer with a thorough knowledge of Telenet (in which case you
probably aren't reading this section), or you have someone who can provide you
with them.

The second way to connect is to use a private PAD, either through an X.25 PAD
or through something like Netlink off of a Prime computer (more on these two
below).

The prefix in a Telenet NUA oftentimes (not always) refers to the phone Area
Code that the computer is located in (i.e. 713 xxx would be a computer in
Houston, Texas).  If there's a particular area you're interested in, (say, New
York City 914), you could begin by typing @c 914 001 <cr>.  If it connects, you
make a note of it and go on to 914 002.  You do this until you've found some
interesting systems to play with.

Not all systems are on a simple xxx yyy address.  Some go out to four or five
digits (914 2354), and some have decimal or numeric extensions (422 121A = 422
121.01).  You have to play with them, and you never know what you're going to
find.  To fully scan out a prefix would take ten million attempts per prefix.
For example, if I want to scan 512 completely, I'd have to start with 512
00000.00 and go through 512 00000.99, then increment the address by 1 and try
512 00001.00 through 512 00001.99.  A lot of scanning.  There are plenty of
neat computers to play with in a 3-digit scan, however, so don't go berserk
with the extensions.

Sometimes you'll attempt to connect and it will just be sitting there after one
or two minutes.  In this case, you want to abort the connect attempt by sending
a hard break (this varies with different term programs, on Procomm, it's
ALT-B), and then when you get the @ prompt back, type 'D' for disconnect.

If you connect to a computer and wish to disconnect, you can type <cr> @ <cr>
and you it should say TELENET and then give you the @ prompt.  From there, type
D to disconnect or CONT to re-connect and continue your session uninterrupted.

Outdials, Network Servers, and PADs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition to computers, an NUA may connect you to several other things. One
of the most useful is the outdial.  An outdial is nothing more than a modem
you can get to over telenet -- similar to the PC Pursuit concept, except that
these don't have passwords on them most of the time.

When you connect, you will get a message like 'Hayes 1200 baud outdial,
Detroit, MI', or 'VEN-TEL 212 Modem', or possibly 'Session 1234 established on
Modem 5588.'  The best way to figure out the commands on these is to type ? or
H or HELP -- this will get you all the information that you need to use one.

Safety tip here -- when you are hacking *any* system through a phone dialup,
always use an outdial or a diverter, especially if it is a local phone number
to you.  More people get popped hacking on local computers than you can
imagine, Intra-LATA calls are the easiest things in the world to trace
inexpensively.

Another nice trick you can do with an outdial is use the redial or macro
function that many of them have.  First thing you do when you connect is to
invoke the 'Redial Last Number' facility.  This will dial the last number used,
which will be the one the person using it before you typed.  Write down the
number, as no one would be calling a number without a computer on it.  This is
a good way to find new systems to hack.  Also, on a VENTEL modem, type 'D' for
Display and it will display the five numbers stored as macros in the modem's
memory.

There are also different types of servers for remote Local Area Networks (LAN)
that have many machine all over the office or the nation connected to them.
I'll discuss identifying these later in the computer ID section.

And finally, you may connect to something that says 'X.25 Communication PAD'
and then some more stuff, followed by a new @ prompt.  This is a PAD just like
the one you are on, except that all attempted connections are billed to the
PAD, allowing you to connect to those nodes who earlier refused collect
connections.

This also has the added bonus of confusing where you are connecting from.  When
a packet is transmitted from PAD to PAD, it contains a header that has the
location you're calling from.  For instance, when you first connected to
Telenet, it might have said 212 44A CONNECTED if you called from the 212 area
code.  This means you were calling PAD number 44A in the 212 area.  That 21244A
will be sent out in the header of all packets leaving the PAD.

Once you connect to a private PAD, however, all the packets going out from *it*
will have it's address on them, not yours.  This can be a valuable buffer
between yourself and detection.

Phone Scanning
~~~~~~~~~~~~~~
Finally, there's the time-honored method of computer hunting that was made
famous among the non-hacker crowd by that Oh-So-Technically-Accurate movie
Wargames.  You pick a three digit phone prefix in your area and dial every
number from 0000 --> 9999 in that prefix, making a note of all the carriers you
find.  There is software available to do this for nearly every computer in the
world, so you don't have to do it by hand.

Part Three:  I've Found a Computer, Now What?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This next section is applicable universally.  It doesn't matter how you found
this computer, it could be through a network, or it could be from carrier
scanning your High School's phone prefix, you've got this prompt this prompt,
what the hell is it?

I'm *NOT* going to attempt to tell you what to do once you're inside of any of
these operating systems.  Each one is worth several G-files in its own right.
I'm going to tell you how to identify and recognize certain OpSystems, how to
approach hacking into them, and how to deal with something that you've never
seen before and have know idea what it is.


VMS -      The VAX computer is made by Digital Equipment Corporation (DEC), and
           runs the VMS (Virtual Memory System) operating system. VMS is
           characterized by the 'Username:' prompt.  It will not tell you if
           you've entered a valid username or not, and will disconnect you
           after three bad login attempts.  It also keeps track of all failed
           login attempts and informs the owner of the account next time s/he
           logs in how many bad login attempts were made on the account.  It is
           one of the most secure operating systems around from the outside,
           but once you're in there are many things that you can do to
           circumvent system security.  The VAX also has the best set of help
           files in the world.  Just type HELP and read to your heart's
           content.

           Common Accounts/Defaults:  [username: password [[,password]]]

           SYSTEM:     OPERATOR or MANAGER or SYSTEM or SYSLIB
           OPERATOR:   OPERATOR
           SYSTEST:    UETP
           SYSMAINT:   SYSMAINT or SERVICE or DIGITAL
           FIELD:      FIELD or SERVICE
           GUEST:      GUEST or unpassworded
           DEMO:       DEMO  or unpassworded
           DECNET:     DECNET


DEC-10 -   An earlier line of DEC computer equipment, running the TOPS-10
           operating system.  These machines are recognized by their '.'
           prompt.  The DEC-10/20 series are remarkably hacker-friendly,
           allowing you to enter several important commands without ever
           logging into the system.  Accounts are in the format [xxx,yyy]
           where xxx and yyy are integers.  You can get a listing of the
           accounts and the process names of everyone on the system before
           logging in with the command .systat (for SYstem STATus).  If you
           seen an account that reads [234,1001]   BOB JONES, it might be wise
           to try BOB or JONES or both for a password on this account.  To
           login, you type .login xxx,yyy  and then type the password when
           prompted for it.

           The system will allow you unlimited tries at an account, and does
           not keep records of bad login attempts.  It will also inform you if
           the UIC you're trying (UIC = User Identification Code, 1,2 for
           example) is bad.

           Common Accounts/Defaults:

           1,2:        SYSLIB or OPERATOR or MANAGER
           2,7:        MAINTAIN
           5,30:       GAMES

UNIX -     There are dozens of different machines out there that run UNIX.
           While some might argue it isn't the best operating system in the
           world, it is certainly the most widely used.  A UNIX system will
           usually have a prompt like 'login:' in lower case.  UNIX also will
           give you unlimited shots at logging in (in most cases), and there is
           usually no log kept of bad attempts.

           Common Accounts/Defaults:  (note that some systems are case
           sensitive, so use lower case as a general rule.  Also, many times
           the accounts will be unpassworded, you'll just drop right in!)

           root:       root
           admin:      admin
           sysadmin:   sysadmin or admin
           unix:       unix
           uucp:       uucp
           rje:        rje
           guest:      guest
           demo:       demo
           daemon:     daemon
           sysbin:     sysbin

Prime -    Prime computer company's mainframe running the Primos operating
           system.  The are easy to spot, as the greet you with 'Primecon
           18.23.05' or the like, depending on the version of the operating
           system you run into.  There will usually be no prompt offered, it
           will just look like it's sitting there.  At this point, type 'login
           <username>'.  If it is a pre-18.00.00 version of Primos, you can hit
           a bunch of ^C's for the password and you'll drop in.  Unfortunately,
           most people are running versions 19+.  Primos also comes with a good
           set of help files.  One of the most useful features of a Prime on
           Telenet is a facility called NETLINK.  Once you're inside, type
           NETLINK and follow the help files.  This allows you to connect to
           NUA's all over the world using the 'nc' command.

           For example, to connect to NUA 026245890040004, you would type
           @nc :26245890040004 at the netlink prompt.

           Common Accounts/Defaults:

           PRIME       PRIME or PRIMOS
           PRIMOS_CS   PRIME or PRIMOS
           PRIMENET    PRIMENET
           SYSTEM      SYSTEM or PRIME
           NETLINK     NETLINK
           TEST        TEST
           GUEST       GUEST
           GUEST1      GUEST

HP-x000 -  This system is made by Hewlett-Packard.  It is characterized by the
           ':' prompt.  The HP has one of the more complicated login sequneces
           around -- you type 'HELLO SESSION NAME,USERNAME,ACCOUNTNAME,GROUP'.
           Fortunately, some of these fields can be left blank in many cases.
           Since any and all of these fields can be passworded, this is not the
           easiest system to get into, except for the fact that there are
           usually some unpassworded accounts around.  In general, if the
           defaults don't work, you'll have to brute force it using the common
           password list (see below.)  The HP-x000 runs the MPE operating
           system, the prompt for it will be a ':', just like the logon prompt.

           Common Accounts/Defaults:

           MGR.TELESUP,PUB                      User: MGR Acct: HPONLYG rp: PUB
           MGR.HPOFFICE,PUB                     unpassworded
           MANAGER.ITF3000,PUB                  unpassworded
           FIELD.SUPPORT,PUB                    user: FLD,  others unpassworded
           MAIL.TELESUP,PUB                     user: MAIL, others unpassworded
           MGR.RJE                              unpassworded
           FIELD.HPPl89 ,HPPl87,HPPl89,HPPl96   unpassworded
           MGR.TELESUP,PUB,HPONLY,HP3           unpassworded

IRIS -     IRIS stands for Interactive Real Time Information System.  It
           originally ran on PDP-11's, but now runs on many other minis.  You
           can spot an IRIS by the 'Welcome to "IRIS" R9.1.4 Timesharing'
           banner, and the ACCOUNT ID? prompt.  IRIS allows unlimited tries at
           hacking in, and keeps no logs of bad attempts.  I don't know any
           default passwords, so just try the common ones from the password
           database below.

           Common Accounts:

           MANAGER
           BOSS
           SOFTWARE
           DEMO
           PDP8
           PDP11
           ACCOUNTING

VM/CMS -   The VM/CMS operating system runs in International Business Machines
           (IBM) mainframes.  When you connect to one of these, you will get
           message similar to 'VM/370 ONLINE', and then give you a '.' prompt,
           just like TOPS-10 does.  To login, you type 'LOGON <username>'.

           Common Accounts/Defaults are:

           AUTOLOG1:            AUTOLOG or AUTOLOG1
           CMS:                 CMS
           CMSBATCH:            CMS or CMSBATCH
           EREP:                EREP
           MAINT:               MAINT or MAINTAIN
           OPERATNS:            OPERATNS or OPERATOR
           OPERATOR:            OPERATOR
           RSCS:                RSCS
           SMART:               SMART
           SNA:                 SNA
           VMTEST:              VMTEST
           VMUTIL:              VMUTIL
           VTAM:                VTAM

NOS -      NOS stands for Networking Operating System, and runs on the Cyber
           computer made by Control Data Corporation.  NOS identifies itself
           quite readily, with a banner of 'WELCOME TO THE NOS SOFTWARE SYSTEM.
           COPYRIGHT CONTROL DATA 1978,1987.'  The first prompt you will get
           will be FAMILY:.  Just hit return here.  Then you'll get a USER
           NAME: prompt.  Usernames are typically 7 alpha-numerics characters
           long, and are *extremely* site dependent.  Operator accounts begin
           with a digit, such as 7ETPDOC.

           Common Accounts/Defaults:

           $SYSTEM              unknown
           SYSTEMV              unknown

Decserver- This is not truly a computer system, but is a network server that
           has many different machines available from it.  A Decserver will say
           'Enter Username>' when you first connect.  This can be anything, it
           doesn't matter, it's just an identifier.  Type 'c', as this is the
           least conspicuous thing to enter.  It will then present you with a
           'Local>' prompt.  From here, you type 'c <systemname>' to connect to
           a system.  To get a list of system names, type 'sh services' or 'sh
           nodes'.  If you have any problems, online help is available with the
           'help' command.  Be sure and look for services named 'MODEM' or
           'DIAL' or something similar, these are often outdial modems and can
           be useful!
GS/1 -     Another type of network server.  Unlike a Decserver, you can't
           predict what prompt a GS/1 gateway is going to give you.  The
           default prompt it 'GS/1>', but this is redifinable by the system
           administrator.  To test for a GS/1, do a 'sh d'.  If that prints out
           a large list of defaults (terminal speed, prompt, parity, etc...),
           you are on a GS/1.  You connect in the same manner as a Decserver,
           typing 'c <systemname>'.  To find out what systems are available, do
           a 'sh n' or a 'sh c'.  Another trick is to do a 'sh m', which will
           sometimes show you a list of macros for logging onto a system.  If
           there is a macro named VAX, for instance, type 'do VAX'.

           The above are the main system types in use today.  There are
           hundreds of minor variants on the above, but this should be enough
           to get you started.

Unresponsive Systems
~~~~~~~~~~~~~~~~~~~~
Occasionally you will connect to a system that will do nothing, but sit there.
This is a frustrating feeling, but a methodical approach to the system will
yield a response if you take your time.  The following list will usually make


1)  Change your parity, data length, and stop bits.  A system that won't
    respond at 8N1 may react at 7E1 or 8E2 or 7S2.  If you don't have a term
    program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE,
    with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one.
    While having a good term program isn't absolutely necessary, it sure is
    helpful.
2)  Change baud rates.  Again, if your term program will let you choose odd
    baud rates such as 600 or 1100, you will occasionally be able to penetrate
    some very interesting systems, as most systems that depend on a strange
    baud rate seem to think that this is all the security they need...
3)  Send a series of <cr>'s.
4)  Send a hard break followed by a <cr>.
5)  Type a series of .'s (periods).  The Canadian network Datapac responds to
    this.
6)  If you're getting garbage, hit an 'i'.  Tymnet responds to this, as does a
    MultiLink II.
7)  Begin sending control characters, starting with ^A --> ^Z.
8)  Change terminal emulations.  What your vt100 emulation thinks is garbage
    may all of a sudden become crystal clear using ADM-5 emulation.  This also
    relates to how good your term program is.
9)  Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO,
    JOIN, HELP, and anything else you can think of.
10) If it's a dialin, call the numbers around it and see if a company answers.
    If they do, try some social engineering.

Brute Force Hacking
~~~~~~~~~~~~~~~~~~~
There will also be many occasions when the default passwords will not work on
an account.  At this point, you can either go onto the next system on your
list, or you can try to 'brute-force' your way in by trying a large database of
passwords on that one account.  Be careful, though!  This works fine on systems
that don't keep track of invalid logins, but on a system like a VMS, someone is
going to have a heart attack if they come back and see '600 Bad Login Attempts
Since Last Session' on their account.  There are also some operating systems
that disconnect after 'x' number of invalid login attempts and refuse to allow
any more attempts for one hour, or ten minutes, or sometimes until the next
day.

The following list is taken from my own password database plus the database of
passwords that was used in the Internet UNIX Worm that was running around in
November of 1988.  For a shorter group, try first names, computer terms, and
obvious things like 'secret', 'password', 'open', and the name of the account.
Also try the name of the company that owns the computer system (if known), the
company initials, and things relating to the products the company makes or
deals with.
                              Password List
                              =============

      aaa                daniel             jester             rascal
      academia           danny              johnny             really
      ada                dave               joseph             rebecca
      adrian             deb                joshua             remote
      aerobics           debbie             judith             rick
      airplane           deborah            juggle             reagan
      albany             december           julia              robot
      albatross          desperate          kathleen           robotics
      albert             develop            kermit             rolex
      alex               diet               kernel             ronald
      alexander          digital            knight             rosebud
      algebra            discovery          lambda             rosemary
      alias              disney             larry              roses
      alpha              dog                lazarus            ruben
      alphabet           drought            lee                rules
      ama                duncan             leroy              ruth
      amy                easy               lewis              sal
      analog             eatme              light              saxon
      anchor             edges              lisa               scheme
      andy               erenity
      arrow              elizabeth          maggot             sex
      arthur             ellen              magic              shark
      asshole            emerald            malcolm            sharon
      athena             engine             mark               shit
      atmosphere         engineer           markus             shiva
      bacchus            enterprise         marty              shuttle
      badass             enzyme             marvin             simon
      bailey             euclid             master             simple
      banana             evelyn             maurice            singer
      bandit             extension          merlin             single
      banks              fairway            mets               smile
      bass               felicia            michael            smiles
      batman             fender             michelle           smooch
      beauty             fermat             mike               smother
      beaver             finite             minimum            snatch
      beethoven          flower             minsky             snoopy
      beloved            foolproof          mogul              soap
      benz               football           moose              socrates
      beowulf            format             mozart             spit
      berkeley           forsythe           nancy              spring
      berlin             fourier            napoleon           subway
      beta               fred               network            success
      beverly            friend             newton             summer
      angerine
      bumbling           george             osiris             tape
      cardinal           gertrude           outlaw             target
      carmen             gibson             oxford             taylor
      carolina           ginger             pacific            telephone
      caroline           gnu                painless           temptation
      castle             golf               pam                tiger
      cat                golfer             paper              toggle
      celtics            gorgeous           password           tomato
      change             graham             pat                toyota
      charles            gryphon            patricia           trivial
      charming           guest              penguin            unhappy
      charon             guitar             pete               unicorn
      chester            hacker             peter              unknown
      cigar              harmony            philip             urchin
      classic            harold             phoenix            utility
      coffee             harvey             pierre             vicky
      coke               heinlein           pizza              virginia
      collins            hello              plover             warren
      comrade            help               polynomial         water
      computer           herbert            praise             weenie
      condo              honey              prelude            whatnot
      condom             horse              prince             whitney
      cookie             imperial           protect            will
      cooper             include            pumpkin            william
      create             ingres             puppet             willie
      creation           innocuous          rabbit             winston

I hope this file has been of some help in getting started.  If you're asking
yourself the question 'Why hack?', then you've probably wasted a lot of time
reading this, as you'll never understand.  For those of you who have read this
and found it useful, please send a tax-deductible donation
of $5.00 (or more!) in the name of the Legion of Doom to:

                                       The American Cancer Society
                                       90 Park Avenue
                                       New York, NY  10016




References:

1) Introduction to ItaPAC by Blade Runner
   Telecom Security Bulletin 1

2) The IBM VM/CMS Operating System by Lex Luthor
   The LOD/H Technical Journal 2

3) Hacking the IRIS Operating System by The Leftist
   The LOD/H Technical Journal 3

4) Hacking CDC's Cyber by Phrozen Ghost
   Phrack Inc. Newsletter 18

5) USENET comp.risks digest (various authors, various issues)

6) USENET unix.wizards forum (various authors)

7) USENET info-vax forum (various authors)

Recommended Reading:

1) Hackers by Steven Levy
2) Out of the Inner Circle by Bill Landreth
3) Turing's Man by J. David Bolter
4) Soul of a New Machine by Tracy Kidder
5) Neuromancer, Count Zero, Mona Lisa Overdrive, and Burning Chrome, all by
   William Gibson
6) Reality Hackers Magazine c/o High Frontiers, P.O. Box 40271, Berkeley,
   California, 94704, 415-995-2606
7) Any of the Phrack Inc. Newsletters & LOD/H Technical Journals you can
   find.

Acknowledgements:
   Thanks to my wife for putting up with me.
   Thanks to Lone Wolf for the RSTS & TOPS assistance.
   Thanks to Android Pope for proofreading, suggestions, and beer.
   Thanks to The Urvile/Necron 99 for proofreading & Cyber info.
   Thanks to Eric Bloodaxe for wading through all the trash.
   Thanks to the users of Phoenix Project for their contributions.
   Thanks to Altos Computer Systems, Munich, for the chat system.
   Thanks to the various security personel who were willing to talk to me about
             how they operate.

Boards:

   I can be reached on the following systems with some regularity;

       The Phoenix Project:    512/441-3xxx    300-2400 baud
       Hacker's Den-80:        718/358-9xxx    300-1200 baud
       Smash Palace South:     512/478-6xxx    300-2400 baud
       Smash Palace North:     612/633-0xxx    300-2400 baud





                               ==Phrack Inc.==

                    Volume One, Issue Nine, Phile #7 of 10

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                                (512)-396-1xxx
                            The Shack // presents
                    A Multi-User Chat Program for DEC-10s
                             Original Program by
                                   TTY-Man
                          Modified and Clarified by
                               +++The Mentor+++
                              October 6th, 1986

Intro:  Unlike its more sophisticated older brother, the VAX, the DEC has no
easy-to-use communication system like the VMS PHONE utility.  The following
program makes use of the MIC file type available on most DECs.  Each user that
wishes to be involved in the conference needs to run the program from his area
using the .DO COM command.  The program can be entered with any editor (I
recommend SED if you have VT52 emulation), and should be saved as COM.MIC. The
program does not assume any specific terminal type or emulation.  You will
have to know the TTY number of any person you wish to add to the conference,
but this is available through a .SYSTAT command or .R WHO (see below.)
SYSTAT
This is an example of a SYSTAT to used to determine TTY#...
Status of Saturn 7.03.2 at  7:27:51 on 03-Oct-86
Uptime 40:41:14, 77% Null time = 77% Idle + 0% Lost, 9% Overhead
27 Jobs in use out of 128.  27 logged in (LOGMAX of 127), 16 detached.
       PPN#    TTY#      CURR     SIZE
19    [OPR]       6      OPR      56+39     HB              18
20     7,20       5      OPR      23+39     HB              24 $
21  2501,1007    56      COMPIL   8+8       ^C            1:34 $
22    66,1012    57      TECO     10+12     TI              39
23    66,1011    62      1022     16+55     TI              36 $
24    [SELF]     64      SYSTAT   23+SPY    RN               0 $
26    [OPR]      DET     STOMPR   10+9      SL               2
27 16011,1003    DET     DIRECT   17+32     ^C              30 $
36    [OPR]      DET     FILDAE   17        HB            1:57

        The TTY# is available in the TTY column... DET means that the user is
detached and is unavailable for chatting...
        Below is an example of .R WHO to obtain the same information...

/- jobs in use out of 127.
Job   Who        Line      PPN
20  OPERATOR 20     5      7,20
21  DISPONDENT     56   2501,1007
22  ADP-TBO        57     66,1012
23  ADP-MDL        62     66,1011
24  THE MENTOR     64   XXXX,XXX
27  GEO4440103    Det  16011,1003


        In each case, I am on TTY# 64...

        Anyway, use the following program, it's more convenient that doing a
.SEN <tty> every time you want to send a message.   Also, to shut out an
annoying sender, use .SET TTY GAG.  To remove, .SET TTY NO GAG... pretty
simple, huh?

start::
!
!Now in loop: 'a 'b 'c 'd 'e 'f
!
.mic input A,"Destination Terminal 1:"
.if ($a="") .goto welcome
.mic input B,"Destination Terminal 2:"
.if ($b="") .goto welcome
.mic input C,"Destination Terminal 3:"
.if ($c="") .goto welcome
.mic input D,"Destination Terminal 4:"
.if ($d="") .goto welcome
.mic input E,"Destination Terminal 5:"
.if ($e="") .goto welcome
.mic input F,"Destination Terminal 6:"
.if ($f="") .goto welcome
welcome::
!Sending Hello Message...
sen 'a Conference Forming on TTYs 'b 'c 'd 'e 'f ... DO COM to these to join'
sen 'b Conference Forming on TTYs 'a 'c 'd 'e 'f ... DO COM to these to join'
sen 'c Conference Forming on TTYs 'a 'b 'd 'e 'f ... DO COM to these to join'
sen 'd Conference Forming on TTYs 'a 'b 'c 'e 'f ... DO COM to these to join'
sen 'e Conference Forming on TTYs 'a 'b 'c 'd 'f ... DO COM to these to join'
sen 'f Conference Forming on TTYs 'a 'b 'c 'd 'e ... DO COM to these to join'
!
!Type /h for help
com::
.mic input G,"T>"
!Checking Commands.. Wait..
.if ($g="/h") .goto help
.if ($g="/k") .goto kill
.if ($g="/l") .goto list
.if ($g="/d") .goto drop
.if ($g="/t") .goto time
.if ($g="/w") .goto who
.if ($g="/u") .goto users
.if ($g="/q") .goto quit
.if ($g="/r") .backto start
.if ($g="/ac") .goto ack
!Transmitting..  Wait..
sen 'a 'g
sen 'b 'g
sen 'c 'g
sen 'd 'g
sen 'e 'g
sen 'f 'g
.backto com
help::
!
!        Internal Commands
!
! /H  -> This Menu       /K -> Kill
! /L  -> List Terminals  /U -> Users
! /W  -> R who           /AC-> Alert Caller
! /Q  -> Quit
! /R  -> Restart/Add
! /T  -> Show Date/Time
! /D  -> Drop Caller
!
! All Commands must be in lower case.
!
.backto com
list::
!
!Currently Connected To Terminals: 'a 'b 'c 'd 'e 'f
!
.backto com
who::
.revive
.r who
'<silence>
.backto com
users::
.revive
.r users
'<silence>
.BACKTO COM
QUIT::
!
!Call The Shack... 512-396-1120 300/1200 24 hours
!
.mic cancel
drop::
!
!Send Hangup Message:: Enter Terminal Number To Be Disconnected.
!
.mic input h,"Destination Terminal Number:"
.sen 'h  <=- Communication Terminated at '<time> -=>
.backto start
ack::
.mic input h,"Destination Terminal Number:"
.sen 'h %TMRR -  Timeout Error, Response Required, Please ACKNOWLEDGE!
.backto com
kill::
!
!Send Message To Specific Terminal In A Loop
.mic input n,"Are You Sure (Y/N)?"
.if ($n="y") then .goto k1
!%Function Aborted - Returning To Communication Mode.
.backto com
k1::
.mic input h,"Destination Terminal Number:"
.mic input n,"K>"
dog::
!Transmitting...CTRL-C Aborts!
.sen 'h'n
.backto dog
time::
!
!Current Date : '<date>
!Current Time : '<time>
!
.backto com


        Wasn't that neat?  A feature that you can implement separately to be a
pain in the ass is the recursive MIC that sends an annoying message to a
specified terminal.  It is almost impossible for them to shut you out without
logging out unless they are already gagged.
        Just create a small MIC file called BUG.MIC... to do it in two lines,
simply type...
 .SEN <tty # goes here> Eat hot photons, Vogon slime!
 .DO BUG

        That's it!  I hope this comes in useful to someone out there!  Give us
a call at The Shack... 512-396-1xxx  300/1200 baud, 24 hours a day... And a
special welcome to all the feds who will doubtlessly be calling since the
number appears in here... we have nothing to hide!
                                        +++The Mentor+++

 _____________________________________________________________________________


                               ==Phrack Inc.==

                     Volume Two, Issue 19, Phile #2 of 8

                       DCL Utilities for the VMS Hacker
                       >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
                                      By
                                  The Mentor

                       Special thanks to Silver Spy for
                   turning me onto DCL in the first place!
------------------------------------------------------------------------------

     Anyone who spends time hacking on VAXes (by hacking, I don't just mean
trying to get in... I mean *doing* something once you're in!) notices that the
DCL command language is extremely powerful.  I have put together a selection
of utilities that not only should prove helpful to the hacker, but serve as a
good example of programming in DCL.
     Every attempt has been made to preserve unchanged the user-environment
from the initialization of the file to the exit.  Any session-permanent
changes are documented.

                            Brief Overview of DCL
                            >>>>>>>>>>>>>>>>>>>>>

     There are numerous files out there on DCL (the VMS help files are the
best place to find information), so I'm not going to teach you how to program
in it.  To use the following code, isolate the section of code you want in
your favorite text editor, upload it into a file, and name the file
<progname>.COM.  Anytime you see a file ending with .COM, you know it's a DCL
file.  DCL files are executed by issuing the command
                       $@FILENAME
or, in the case of a file you want to run as a separate process,
                       $SPAWN/NOWAIT @FILENAME

                              Table of Contents
                              >>>>>>>>>>>>>>>>>

     1. CD.DOC     :  This is the documentation for CD.COM (and the only
                      documentation file in the bunch.
     2. CD.COM     :  A change directory utility, much like the PC command
                      CD, except more powerful.  $SET DEFAULT is a pain in
                      the ass!
     3. HUNT.COM   :  Searches a specified node for a given user.  Useful
                      for alerting you to the presence of a sysop.
     4. ALARM.COM  :  An alarm clock.  If they check the logs at 8 a.m., you
                      probably want to be off before then.
     5. CGO.COM    :  Included because it's short.  Allows you to compile,
                      link, and run a C program with a one-line command.


     I have about 300 more pages of COM files.  If you need anything, drop me
a line.  I'll try and help out.  I can be found on Forgotten Realm, or you can
call a non-hacker (local to me) IBM game board if it's an urgent message (The
Bastille-- 512/353-0590  300/1200  24 hrs.  It's not the best hacker board in
the world, but my mail arrives daily...)

     Also, if programming of this type interests you, let me know!  I'm
considering putting up a board for the discussion of programming (compilers,
AI/Expert Systems, Op Systems, etc...).  If I get enough positive response,
I'll go with it.  Leave mail on the aforementioned systems.

                                                The Mentor




       CD.COM   Version 5.0   VMS Change Directory Command


       Sub-directories are a nice feature on many computers, but
       they're not always easy to take advantage of.  The VMS
       commands to access sub-directories are a little obscure,
       even to PC programmers who are used to using directories.

       The solution?  CD.COM, a change directory command that works
       almost the same as the PC-DOS CD and PROMPT commands:

          CD              - Display your home directory, current
                            directory, and node name.  (Similar to, but
                            better than the VMS SHOW DEFAULT command.)

          CD dir_name     - Move you to the [dir_name] directory.
          CD [dir_name]     (Same as the SET DEFAULT [dir_name] command.)

          CD .sub_name    - Move you to the [.sub_name] subdirectory.
          CD [.sub_name]    (Same as the SET DEFAULT [.sub_name] command.)

          CD \            - Move you to your home (root) directory, which
          CD HOME           is the directory you are in when you login.
          CD SYS$LOGIN      (Same as the SET DEFAULT SYS$LOGIN command.)

          CD ..           - Move you to the directory above your
          CD [-]            current directory. (Same as the VMS
                            SET DEFAULT [-] command.)

          CD ..sub_name   - Move you "sideways" from one subdirectory
          CD [-.sub_name]   to another subdirectory. (Same as the
                            SET DEFAULT [-.sub_name] command.)

          CD *            - Select a subdirectory to move to, from a
                            list of subdirectories.

          CD .            - Reset the current directory.

          CD ?            - Display instructions for using CD.

       The VMS SET DEFAULT command has a flaw: you can change
       directories to a directory that doesn't exist.  CD handles this
       more elegantly; you're left in the same directory you were in
       before, and this message appears:

            [dir_name] Directory does not exist!

       PC-DOS lets you display the current directory as part of the
       prompt.  (If you haven't seen this feature, try the PC-DOS
       command PROMPT $P$G.)  CD.COM will change the prompt for you
       each time you change directories if you include this line in
       your LOGIN.COM file:

          DEFINE SYS$PROMPT "ON"

       Without this line, your prompt is not changed from what you
       have it set as.  Instead, your home (root) directory name,
       current directory name, and node name are displayed whenever
       you issue the CD command.

       Since VMS allows prompts to contain no more than 32 characters,
       if you change to a subdirectory that would make your prompt too
       long, CD automatically leaves off some of the higher level
       sub-directories to keep your prompt short, and displays a "*"
       as one of the prompt characters.

       CD lets you use directory names defined with with the DEFINE
       command.  For example, if you're in one of Dr. Smiths' CS3358
       classes, you might want to define his CS3358 assignments
       directory like this:

          DEFINE SMITH "DISK$CS:[CS.SMITH.3358]"

       Then, CD SMITH would move you to this directory.  Try it!
       Also, some directories are already defined by the system.
       The SHOW LOGICAL command will give you clues to some of these
       system directories, if you want to go exploring.  CD also
       supports the use of symbols for directory names.

       Like with PC-DOS, VMS directories and sub-directories are tree
       structured.  The system root directory for your disk has the
       name [000000], and in it are the names of all the sub-directories
       for your disk.  The directories for an imaginary user, CS335825305,
       would be located like this:

  System Root Directory:
                                  [000000]
                               .   .   .   .
  CS3358 Directories:    .        .     .        .
                   .             .      *.             .
       ... [CS3358251]   [CS3358252]   [CS3358253]   [CS3358254] ...
                                      .   .      .
  CS3358253 Directories:        .         .           .
                          .              *.               .
       ... [CS3358253.04HOPE]   [CS3358253.05JONES]   [CS3358253.06KEY] ...
                                       .    .
  CS335825305 Directories:            .      .
                                    *.       *.
                 [CS3358253.05JONES.MAIL]  [CS3358253.05JONES.BULL]


       If you're not using sub-directories, but want to, you can
       create them with the CREATE command:

           CREATE/DIR  [.sub_name]

       VMS allows directories to be seven or eight levels deep, but
       one or two levels is enough for most users.

       VMS also allows the symbols < and > to be used instead of
       [ and ], to specify directory names. CD fully supports this.

                               Code for CD.COM
                               >>>>>>>>>>>>>>>

$! CD.COM v6.09
$! The Ultimate Change Directory Command.
$!
$  hdir     = f$trnlnm("SYS$LOGIN")                 ! Home Directory
$  ndir     = f$edit(p1,"UPCASE")                   ! New  Directory
$  odir     = f$environment("DEFAULT")              ! Old  Directory
$  prompton = (f$edit(f$trnlnm("SYS$PROMPT"),"UPCASE") .eqs. "ON")
$!
$  if (ndir .eqs. "")           then goto DISPLAY   ! No Dir
$  if (ndir .eqs. "*")          then goto DIRSEARCH ! Search for Dirs
$  if (ndir .eqs. "?")          then goto HELP      ! Instructions
$!
$  PARSE:
$  length   = f$length(ndir)                        ! Fix up ndir
$  if (f$location("@",ndir) .eq. 0) .or. -
      (f$location("$",ndir) .eq. 0) then ndir = f$extract(1, length - 1, ndir)
$  right    = f$location("]",ndir) + 1
$  if (right .gt. length) then right = f$location(">", ndir)
$  if (right .le. length) then ndir  = f$extract(0, right, ndir)
$!
$  if (f$trnlnm(ndir) .eqs. "") then goto CASESYM   ! Not Logical Name
$     ndir   = f$trnlnm(ndir)                       ! Logical Name
$     goto PARSE
$!
$  CASESYM:
$  if ("''&ndir'" .eqs. "")     then goto CASE0     ! Not Symbol
$     ndir = 'ndir'                                 ! Symbol
$     goto PARSE
$!
$  CASE0:
$  len_ndir = f$length(ndir)                        ! Regular Dir
$  if (f$location("[", ndir) .lt. len_ndir) .or. -
      (f$location("<", ndir) .lt. len_ndir) then goto SETDIR
$!
$  CASE1:                                           ! Home Dir
$  if ((ndir .nes. "HOME") .and. (ndir .nes. "\")) then goto CASE2
$     ndir = hdir
$     goto SETDIR
$!
$  CASE2:                                           ! . .. .dir
$  if (f$location(".", ndir) .nes. 0) then goto CASE3
$     if (ndir .eqs. "..") then ndir = "-"
$     if (f$extract(0, 2, ndir) .eqs. "..") -
         then ndir = "-" + f$extract(1, len_ndir - 1, ndir)
$     ndir = "[" + ndir + "]"
$     if (ndir .eqs. "[.]") then ndir = odir
$     goto SETDIR
$!
$  CASE3:                                           ! :
$  if (f$location(":", ndir) .ge. len_ndir) then goto CASE4
$     left    = f$location(":", ndir) + 1
$     symbol  = f$extract(left, 1, ndir)
$     if (symbol .eqs. ":")  then goto CASE3B       ! :: Node
$     if ((symbol .eqs. "[") .or. (symbol .eqs. "<")) then goto SETDIR
$        ndir = f$extract(0, left, ndir) + "[" -
              + f$extract(left, len_ndir - left+1, ndir) + "]"
$     goto SETDIR
$!
$  CASE3B:                                          ! NODE::nothing
$  if (f$length(ndir)-1 .gt. left) then goto CASE3C
$     ndir = ndir + "[000000]"
$     goto SETDIR
$!
$  CASE3C:                                          ! NODE::directory
$  if ((f$location("[", ndir) - f$location("<", ndir)) .ne. 0) -
      then goto SETDIR
$
$     ndir = f$parse(ndir,,,"NODE") + "[" + f$parse(ndir,,,"NAME") + "]"
$     goto SETDIR
$!
$  CASE4:                                           ! dir
$  ndir = "[" + ndir + "]"
$!
$  SETDIR:
$  set default 'ndir'
$  if (f$parse("") .eqs. "") then goto DIRERROR
$!
$  DISPLAY:
$  if ((ndir .nes. "") .and. prompton) then goto NODISPLAY
$     hnode = f$getsyi("NODENAME")
$     cnode = f$parse(f$trnlnm("SYS$DISK"),,,"NODE") - "::"
$     if (cnode .eqs. "") then cnode = hnode
$     cdir  = f$environment("DEFAULT")
$     write sys$output " "
$     write sys$output "          Home Node: ", hnode
$     write sys$output "     Home Directory: ", hdir
$     if (cdir .eqs. hdir) .and. (cnode .eqs. hnode) then goto DISPSKIP
$     write sys$output "       Current Node: ", cnode
$     write sys$output "  Current Directory: ", cdir
$  DISPSKIP:
$     write sys$output " "
$!
$  NODISPLAY:
$  ndir = f$environment("DEFAULT")
$  if .not. prompton then goto END
$!
$  if (f$length(ndir) .ge. 32) then goto TOOLONG
$!
$  SETPROMPT:
$  set prompt = 'ndir'" "
$!
$  END:
$  exit
$!
$  DIRERROR:
$  write sys$output " "
$  write sys$output "          ", ndir, " Directory does not exist!"
$  write sys$output " "
$  set default 'odir'
$  ndir = odir
$  goto NODISPLAY
$!
$! Prompt Problems------------------------------------------------------------
$!
$  TOOLONG:
$! Prompt is too long. Get rid of everything to the left of [ or <. If that
$! doesn't work, get rid of a subdirectory at a time.  As a last resort,
$! set the prompt back to $.
$!
$  left     = f$location("[", ndir)
$  len_ndir = f$length(ndir)
$  if (left .ge. len_ndir) then left = f$location("<",ndir)
$  if (left .gt. 0) .and. (left .lt. len_ndir) -
      then ndir = f$extract(left, len_ndir - left, ndir)
$!
$  STILLTOOLONG:
$    if (f$length(ndir) .lt. 32) then goto SETPROMPT
$    left     = f$location(".", ndir) + 1
$    len_ndir = f$length(ndir)
$    if left .ge. len_ndir then ndir = "$ "
$    if left .ne. len_ndir -
        then ndir = "[*" + f$extract(left, len_ndir - left, ndir)
$    goto STILLTOOLONG
$!
$! Wildcard Directory---------------------------------------------------------
$!
$  DIRSEARCH:
$  error_message = f$environment("MESSAGE")
$  on control_y then goto DIREND
$  on control_c then goto DIREND
$  set message/nosev/nofac/noid/notext
$  write sys$output " "
$  dispct = 1
$  dirct  = 0
$  pauseflag = 1
$!
$  DIRLOOP:
$    userfile = f$search("*.dir")
$    if (userfile .eqs. "") .and. (dirct .ne. 0) then goto DIRMENU
$    if (userfile .eqs. "") then goto DIRNONE
$    dispct = dispct + 1
$    dirct  = dirct  + 1
$    on severe then $ userprot = "No Priv"
$    userprot = f$file_attributes(userfile,"PRO")
$    if userprot .nes. "No Priv" then userprot = " "
$    userfile'dirct' = "[." + f$parse(userfile,,,"NAME") + "]"
$    userprot'dirct' = userprot
$    lengthflag = (f$length(userfile'dirct') .gt. 18)
$    if lengthflag then write sys$output -
        f$fao("  !3SL   !34AS  ", dirct, userfile'dirct'), userprot'dirct'
$    if (.not. lengthflag) then write sys$output -
        f$fao("  !3SL   !20AS  ", dirct, userfile'dirct'), userprot'dirct'
$    if (dispct .lt. 8) then goto DIRLOOP
$    dirct  = dirct  + 1
$    userfile'dirct' = ""
$    dirct  = dirct  + 1
$    userfile'dirct' = ""
$    if pauseflag then goto DIRMENU
$    dispct = 0
$    goto DIRLOOP
$!
$  DIRMENU:
$  write sys$output " "
$  if (userfile .eqs. "") then goto DIRMENU2
$     write sys$output "    M   More subdirectories"
$  if pauseflag then -
$     write sys$output "    N   More subdirectories/No pause"
$!
$  DIRMENU2:
$     write sys$output "    R   Re-Display subdirectories"
$     write sys$output "    Q   Quit (default)"
$
$  DIRINQUIRE:
$  write sys$output " "
$  inquire dirchoice "  Select One"
$  write sys$output " "
$!
$  if (dirchoice .gt. 0)    .and. -
      (dirchoice .le. dirct) then goto DIRCASEDIGIT
$  dirchoice = f$edit(dirchoice,"UPCASE")
$  if (dirchoice .eqs. "")  .or. -
      (dirchoice .eqs. "Q")  then goto DIRCASEBLANK
$  if (dirchoice .eqs. "M") .or. -
      (dirchoice .eqs. "N")  then goto DIRCASEMORE
$  if (dirchoice .eqs. "R")  then goto DIRCASERED
$!
$  DIRCASERROR:
$  if (dirct .eq. 1)   then write sys$output -
      "  Select 1 to change to the ", userfile1, " subdirectory. "
$  revdirct = dirct
$  if (dispct .eq. 8) then revdirct = revdirct - 2
$  if (dirct .gt. 1)   then write sys$output -
      "  Valid subdirectory selections are 1 through ", revdirct, " (Octal)."
$  goto DIRINQUIRE
$!
$  DIRCASEDIGIT:
$  if (userfile'dirchoice' .eqs. "") then goto DIRCASERROR
$  ndir = userfile'dirchoice'
$  goto DIREND
$!
$  DIRCASEBLANK:
$  write sys$output "  Subdirectory not changed."
$  write sys$output " "
$  goto DIREND
$!
$  DIRCASEMORE:
$  dispct = 0
$  if (dirchoice .eqs. "N") then pauseflag = 0
$  if (userfile .nes. "")   then goto DIRLOOP
$  write sys$output "  No more subdirectories to display."
$  goto DIRINQUIRE
$!
$  DIRCASERED:
$  dispct = 1
$  DISPLOOP:
$     if (userfile'dispct' .eqs "") then goto DISPDONT
$     lengthflag = (f$length(userfile'dispct') .gt. 18)
$     if lengthflag then write sys$output -
         f$fao("  !3SL   !34AS  ", dispct, userfile'dispct'), userprot'dispct'
$     if (.not. lengthflag) then write sys$output -
         f$fao("  !3SL   !20AS  ", dispct, userfile'dispct'), userprot'dispct'
$     DISPDONT:
$     dispct = dispct + 1
$     if (dispct .le. dirct) then goto DISPLOOP
$  goto DIRMENU
$!
$  DIRNONE:
$  write sys$output "No subdirectories to choose, or no directory privileges."
$  write sys$output " "
$  goto DIREND
$!
$  DIREND:
$  set message 'error_message'
$  on control_y then exit
$  on control_c then exit
$  if (ndir .eqs. "*") then goto DISPLAY
$  goto PARSE
$!
$!-Help-----------------------------------------------------------------------
$!
$  HELP:
$  type sys$input

               CD.COM  Version 6  VMS Change Directory Command

                         Usage:  CD command/directory

CD         Display home directory,       CD ..       Change directory to the
           current directory, node.      CD [-]      dir above current dir.

CD \       Change directory to your      CD ..sub    Change directory to a
CD HOME    SYS$LOGIN directory.          CD [-.sub]  "sideways" subdirectory.

CD dir     Change directory to the       CD *        Display/select the
CD [dir]   [dir] directory.                          available subdirectories.

CD .sub    Change directory to the       CD .        Reset current directory.
CD [.sub]  [.sub] subdirectory.          CD ?        Display CD instructions.

     CD :== @SYS$LOGIN:CD.COM                 DEFINE SYS$PROMPT "ON"
     To make CD available from                To have the VMS $ prompt
     any directory you change to.             display the current directory.

                              By The Mentor
$  goto END


                              Code for HUNT.COM
                              >>>>>>>>>>>>>>>>>


$ ! HUNT.COM
$ ! By The Mentor
$ ! Updated by: The Mad Mexican
$ ! Usage: SPAWN/NOWAIT @HUNT
$ !
$ !Searches SHOW USER output for a specified user,  strobes at given
$ !intervals considering the severity of the hunt at which time output
$ !is generated and process terminates. If user loggs in then output
$ !is generated and process terminates. May check both nodes if a set
$ !host is called.  Also supports a file with the names to be hunted for.
$ !
$ !  *** NOTE ***   This is set up for a two-node system with NYSSA
$ !                 being the default node and TEGAN being the alternate
$ !                 node (Circuit Breaker and some others will recognize
$ !                 the nodes as my 'home' ones.)  You will need to
$ !                 slightly modify the code to reflect the nodename(s)
$ !                 of whatever system you are using...
$ !
$ !
$ !
$ say="write sys$output"
$ on control then goto door
$ monitored_node = "''NODE'"
$ say "Monitoring node ''monitored_node'.  <HIT RETURN>"
$ severity_of_hunt:
$ inquire selection "Severity of HUNT, 1 being the most urgent: 1-2-3"
$ if selection.ge.2 then goto selection_2
$ delay="wait 00:00:20"
$ loop_count=40
$ goto begin_process
$ selection_2:
$ if selection.eq.3 then goto selection_3
$ delay="wait 00:01:00"
$ loop_count=8
$ goto begin_process
$ if selection.gt.3 then goto severity_of_hunt
$ delay="wait 00:02:30"
$ loop_count=20
$ begin_process:
$ if monitored_node.eqs."TEGAN" then goto search_file_tegan
$ if f$search("nyssa.dat9") .nes. "" then goto file_exist
$ goto continue
$ search_file_tegan:
$ if f$search("tegan.dat9") .nes. "" then goto file_exist
$ continue:
$ say "hit <RETURN>"
$ inquire/nopunctuate choice9 "Who are we hunting for? "
$ if choice9 .eqs. "" then exit
$ count = 0
$ bell_sound[0,8]=%X07
$ top:
$ sho user/output='monitored_node'.dat9
$ purge 'monitored_node'.dat9
$ set message/nofac/noid/notext/nosev
$ search 'monitored_node'.dat9 'choice9'
$ a=$severity
$ if a .eqs. "1" then goto found_user
$ set message 'temp_msg9'
$ count = count + 1
$ if count .ge. 'loop_count' then goto give_up
$ delay
$ goto top
$ file_exist:
$ say "ERROR - Could not create temporary data file."
$ say "Please delete or rename ''NODE'.DAT9"
$ exit
$ found_user:
$ say bell_sound
$ say "''choice9' is now online on node ''monitored_node'."
$ say bell_sound
$ goto door
$ give_up:
$ say " "
$ say "''choice9' has not yet logged in on ''monitored_node'."
$ door:
$ say bell_sound
$ say "HUNT routine has terminated on node ''monitored_node'."
$ delete/noconfirm/nolog 'monitored_node'.dat9;*
$ set message 'temp_msg9'
$ exit

                              Code for ALARM.COM
                              >>>>>>>>>>>>>>>>>>

$ ! ALARM.COM
$ ! By The Mentor
$ ! Usage: SPAWN/NOWAIT @ALARM
$ ! Strobes f$time() every 5 seconds until specified time
$ ! is met at which time output is generated and process terminates.
$ CLR = " "
$ count = 0
$ PID           = F$PID(CONTEXT)
$ TERMINAL      = F$GETJPI(''PID',"TERMINAL")
$ DEVICE        = F$GETDVI(TERMINAL,"DEVTYPE")
$ IF DEVICE .EQS. 110 THEN CLR = "[H[2J"  ! VT220
$ IF DEVICE .EQS.  98 THEN CLR = "[H[2J"  ! VT102
$ IF DEVICE .EQS.  96 THEN CLR = "[H[2J"  ! VT100
$ IF DEVICE .EQS.  64 THEN CLR = "HJ"     ! VT52
$ CLS = "WRITE SYS$OUTPUT CLR"
$ DATE       = F$CVTIME(F$TIME())
$ NODE       = F$GETSYI("NODENAME")
$ bell[0,8]=%X07
$ ON CONTROL THEN GOTO DOOR
$ say = "write sys$output"
$ say f$cvtime(,,"TIME")
$ say " "
$ say "Hit (RETURN)"
$ say " "
$ inquire/nopunctuate alarm "What time shall I ring you - "
$ a_hour = f$element(0,":",alarm)
$ a_minute = f$element(1,":",alarm)
$ a_second = f$element(2,":",alarm)
$ time_check:
$ hour = f$element(0,":",f$cvtime(,,"TIME"))
$ minute = f$element(1,":",f$cvtime(,,"TIME"))
$ second = f$element(2,":",f$element(0,".",f$cvtime(,,"TIME")))
$ if hour .ge. a_hour .and. minute .ge. a_minute .and. second .ge.
  a_second then goto top
$ if hour .ge. a_hour .and. minute .ge. a_minute then goto top
$ wait 00:00:05
$ goto time_check
$ top:
$ count = count + 1
$ cls
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say "                              A L A R M   O N"
$ say bell
$ say "                                 ",f$element(0,".",f$cvtime(,,"TIME"))
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ say " "
$ wait 00:00:01.50
$ if count .le. "6" then goto top
$ door:
$ say "ALARM OFF"
$ say f$element(0,".",f$cvtime(,,"TIME"))
$ say bell
$ exit


                               Code for CGO.COM
                               >>>>>>>>>>>>>>>>

$! CGO.COM
$! By The Mentor
$! One-Line compile/link/execute of C programs
$! Usage: CGO :== @CGO.COM
$!        CGO filename
$!
$if p1 .nes. "" then c_filename :== 'p1
$ write sys$output "Compiling:"
$ cc 'c_filename/list='c_filename.lst
$ write sys$output "Linking:"
$ link 'c_filename ,options_file/opt
$ write sys$output "Running:"
$ assign/user sys$command sys$input
$ run 'c_filename
$ exit
------------------------------------------------------------------------------

     Well, that's it.  I hope to be back in the next issue with some other
programs.  And remember, any programmers out there, get in touch with me!
                                  The Mentor
                              Thanksgiving 1987

 ______________________________________________________________________________

     Copyright (C) 1993  LOD Communications.  No part of this  Work may be
     distributed or reproduced, electronically or otherwise, in part or in
     whole, without  express written  permission  from  LOD Communications
 ______________________________________________________________________________

          *** {End of Phoenix Project BBS Message Base File 1 of 3} ***