💾 Archived View for aphrack.org › issues › phrack67 › 1.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content
View Raw
More Information
-=-=-=-=-=-=-
==Phrack Inc.==
Volume 0x0e, Issue 0x43, Phile #0x01 of 0x10
|=----------------------------------------------------------------------=|
|=--------------------------=[ Introduction ]=--------------------------=|
|=----------------------------------------------------------------------=|
|=----------------------=[ By The Phrack Staff ]=-----------------------=|
|=----------------------------------------------------------------------=|
|=----------------------=[ November 17, 2010 ]=-----------------------=|
|=----------------------------------------------------------------------=|
"The greatest trick the Devil ever pulled was convincing
the world he didn't exist"
--- Verbal Kint
It's 1.00 a.m., nobody hits this secondary road. Heck, I'm almost
sure half of it doesn't have a line to remind you that you should share it
with upcoming cars. It's raining, but not too hard. I'm going home.
It's Tuesday. What the hell am I doing out here, half an hour from
home, slowly driving under the rain? It's 1.05 a.m., I know this road, I
know this feeling, I recognize the shivering. I let it flow. Turn off the
music, I want silence.
It's 2.00 a.m., nobody hits this machine at this time of the day.
Logs track me, but I'll clean them. I know this road, I know this feeling,
I recognize the shivering. Turn on the music, the game is on. I'm sure
someone else is around here, someone else has seen this # before.
"I'll fuck you if you don't fuck me first, sir". Fair enough, this
is the rule. I'll go to sleep afterwards. I'm meeting some friends and I've
to take a train tomorrow. I'll sleep on the couch of someone I've never
seen before, yet I know him well.
It's 1.00 a.m., 10 years later. It's a GPG email from the guy that
once offered me a couch. Then another time. I can count the times I've seen
him in person on two hands, but I would overflow a 'short' counting the
words we exchanged. We meet again, thought you disappeared. Things change,
indeed. Life gave us something to lose and we are holding on it. We lost
people, money, opportunities, that's why we hold on. Once a hacker, forever
a hacker, right? Let's finish this code. Let's visit this city.
It's 2.00 a.m., today. Nothing in this story, in this Intro, is
real. I wasn't there, this is not me. This is just a stream of ASCII
characters. Someone out there pulled a great trick and convinced the world
that security was a cool business. Someone is pulling even greater tricks
and makes money out of his ignorance living on others slightly bigger
ignorance. Somewhere, a crackdown on some kids proves to be necessary to
keep the 'mistery' alive, to keep the bandwagon going. Someone spies on
former fellow friends, 'cause that's worth millions. Everybody is happy and
we slowly fade away. Away, towards a new Underground.
"I'll fuck you if you don't fuck me first, sir".
If you are shivering, if you have been there, if you feel it, you know what
I mean. PHRACK may die. Groups may die. Things as we know today may die.
The great trick might actually seem to work -- goodbye Underground, welcome
Security Industry. Not too fast.
"Once a hacker, forever a hacker, right?"
The Game is on.
-----( Phrack Issue #67 )-----
It's with incredible pleasure that we present you our newly released issue:
______ _ _ ______ _______ _______ _ _ _ _ _______ ______
(_____ \(_) (_|_____ \(_______|_______|_) | | _| U |_(_______|______)
_____) )_______ _____) )_______ _ _____| | (_ _)______ _
| ____/| ___ | __ /| ___ | | | _ _) _| O |_| ___ \ / )
| | | | | | | \ \| | | | |_____| | \ \ (_ _) |___) ) / /
|_| |_| |_|_| |_|_| |_|\______)_| \_) |_n_| |______/ (_/
- By the community, for the community. -
But wait ... the release date ... it sounds familiar ... OMFG!!!
\\\ ,
\ `|
) ( .-""-.
| | /_ { '.
| | (/ `\ } )
| | ^/ ^`} {
\ \ \= ( { )
\ \ '-, { {{
\ \_.' ) } )
\.-' ( (
/'-.'_. ) ( }
\_( { _/\
) '--' `-;\ \
_.-' / / /
<\/>_.' .' / /
<\/></\>/. ' /<\// /
</\> _ |\`- _ . -/|<// (
<\/> - _- ` _.-'`_/- | \
</\> - - - - \\\
}`<\/> <\/>`{
{ </\>-<\/>_<\/>_<\/>-</\> }
} </\> </\> </\> {
<\/>. <\/>
</\> </\>
{`<\/> <\/>`}
} </\>-<\/>_<\/>_<\/>_<\/>-</\> {
{ </\> </\> </\> </\> }
} }
{ H A P P Y {
} }
{ 25th {
<\/> <\/>
</\> B I R T H D A Y </\>
`<\/> <\/>'
jgs </\>-<\/>_<\/>_<\/>_<\/>_<\/>-</\>
</\> </\> </\> </\> </\>
Yes. That's right friends. This 67th issue is the celebration of Phrack's
25th birthday. Happy birthday Phrack!
-----( Coming from the past )-----
Once upon a midnight dreary, while I pondered, weak and weary, over many a
quaint and curious volume of forgotten lore...
Hello Cyberpals. It's your old friend Mike Schiffman AKA route AKA daemon9.
- Cyberhug!* It sure has been a long time! Well I'll be! You guys all look
the same, young and eager and hungry... Me? I'm still here, just older and
grayer and bit less conspicuous. Ok, I'll say it -- I'm downright honored
that you crazy rascals still remember me.
It sure has been many a fortnight that I've been in this business. I mean,
back in 1994, when I started poking around the scene in I was just a little
dork who use to work out a lot and bleach my hair white. Sure I was
probably the first muscle-bound white-haired guy with giant computer chip
tattoo on his back who had this tireless thirst for computers and hacking
and writing all sorts of Usenet posts and papers -- but there would legions
more to come...
Now in 2010 I'm a much bigger and more experienced dork. It's more than 16
years later. I have many more tattoos and the hair is getting white all by
itself. And I reminisce... I look back and reflect on those days. Some of
the stuff I use to do... My comp.security Usenet posts. "The Infinity
Concept" e-zine, the precursor to my Phrack editorial days. My netcom.com
.plan file. The PGP Attack FAQ.
I remember getting owned. I remember the first time my phones got done up
and you miscreants forwarded my calls to bridge and told people I had died
of AIDS. I remember my girlfriend at the time being scared shitless of what
was next. I remember my dox getting dumped to #phrack. I remember u4ea
threatening to insert my SSN into the NCIC. I remember Bane and u4ea
calling my house repeatedly. I also remember pictures of u4ea
cross-dressing. I remember Bane getting backhanded by Synapse at Defcon 4.
I remember Special Agent Peter Trahon and his partner who looked and
sounded like Sargent Slaughter from GI JOE both from the San Francisco FBI
Computer Crime task force picking me in a late model Crown Victoria and
taking me to Max's Opera Cafe in Walnut Creek, CA and shaking me down for
dirt on other cyber-dorks they were investigating... I remember teardrop.
I remember Loki. I remember TQBF telling me that I had better be real
careful in releasing the technique/code of ICMP covert channel tunneling as
I was "stepping on active people's toes"... I remember hooking an old
landline phone up to my neighbor's wiring to call him and discuss it... I
remember Carolyn Meinel... And her daughter Virginia at Defcon 5. I
remember Eric Bloodaxe tapping me to be a Phrack editor a long with Voyager
and Redragon. I remember overshadowing them and bringing my own editorial
team onboard... I remember how awesome it was to be a Phrack Editor.
I remember how awesome Phrack was. How amazing it still is. Kudos to the
current editorial team for keeping it alive, and here's to another 25
years. Come find me then, and prophile me.
XOXO Scene,
MS AKA Route AKA daemon9
-----( What you were waiting for )-----
Telling you that we're proud to release this issue would be an euphemism
for many reasons including, and that is the most important, the pleasure
you will have while reading it. Oh and by the way, we apologize for the
wait ...
08:21 | --->| su [~su@201.6.x.y] #phrack
08:23 | --->| arr[][] [arr@fledge.z.org] #phrack
08:29 | su | halfdead, are you having trouble in man gcc this time? is
that why phrack's issue is so late?
08:30 | Dreg | wtf
08:30 | @bab00n | hoho
Double. No. Triple private joke. You may have waited a long time but at
least we made it before ZF #06 ;>
$ cat p67/index.txt
<--------------------------( Table of Contents )-------------------------->
0x01 Introduction ....................................... Phrack Staff
0x02 Phrack Prophile on punk ............................ Phrack Staff
0x03 Phrack World News .................................. EL ZILCHO
0x04 Loopback (is back) ................................. Phrack Staff
0x05 How to make it in Prison ........................... TAp
0x06 Kernel instrumentation using kprobes ............... ElfMaster
0x07 ProFTPD with mod_sql pre-authentication ............ FelineMenace
0x08 The House Of Lore: Reloaded ........................ blackngel
0x09 A Eulogy for Format Strings ........................ Captain Planet
0x0a Dynamic Program Analysis and Software Exploitation . BSDaemon
0x0b Exploiting memory corruptions in Fortran programs .. Magma
under UNIX/VMS
0x0c PHRACKERZ: Two Tales ............................... Antipeace
&
The Analog Kid
0x0d Scraps of notes on remote stack overflow ........... pi3
exploitation
0x0e Notes Concerning the Security, Design and .......... The Philosopher
Administration of Siemens DCO-CS Digital
Switching Systems
0x0f Hacking the mind for fun and profit ................ lvxferis
0x10 International Scenes ............................... various
<------------------------------------------------------------------------->
Have you ever noticed how some issues seemed to have a thematic? Consider
for example p66. There are 4 papers dealing with heap exploitation. Now
take p63. 5 papers are about (anti)reverse engineering and binary
manipulation techniques and p62 clearly has a Windows color. Weird, isn't
it? Coincidence? Bias in the uniform distribution of hacking playgrounds?
I'll let you draw your own conclusions.
For this issue, with no doubts, the focus is on userland exploitation. Did
you really think that you had seen everything? Well how about debugging
some heap? While FelineMenace gives you tricks using an usual practical
case (hint: don't miss the source code), blackngel explains in detail the
House Of Lore technique. Having troubles with fortify? Go read Captain
Planet's excellent paper on format bugs as well as pi3's notes about
cookies. It might be handy.
Exploiting bugs is cool but finding them is de facto mandatory. That's when
BSDaemon's paper comes to play. Read it and learn about how to instrument
programs. Now what about a new playground? Discover the joy of Fortran
hacking with Magma. Oh btw he may just have lost it you know...
Missing kernel fun? Why not reading ElfMaster's paper. You'll certainly
learn a bit of useful things, truly. Missing the good old phreaking days?
Thank The Philosopher for his contribution (you made us crazy man !@#) and
go learning about old school DCO-CS hacking.
The best for the end. We have the luck to have no more than 4 non technical
papers for this issue. You don't care? Fucking idiot, go away.
Though we already thanked them, let us highlight EL ZILCHO, TAp, Antipeace,
The Analog Kid, lvxferis & the anonymous contributors of the "International
Scenes" phile. Phrack is without a doubt one of the most technical source
of knowledge of the whole hacking scene thanks to its writers. But the
most important aspect is not the technical one. Nowadays there are lots of
impressive sources of information (blogs, books, conferences) freely
available on Internet. However they all lack a soul. Phrack has a spirit
and that's its true power.
Now as a demonstration of the so-called spirit, we have the brilliant work
of EL ZILCHO. Tired of the crap published on zdnet? Then have a taste of
the Phrack World News. Eager to learn about life experiences? TAp is your
man with one of the most fascinating papers of this issue. You should also
consider alternative literature with lvxferis' paper. Ahah.
Oh and if you're just passing by, attracted by the hacking culture but not
yet ready/able to embrace it then Phrackerz paper is for you. It should
bring you answers.
-- The Phrack Staff
Ps: Oops sorry to forget o_O. It came to our attention after Pipacs'
profile publication in p66 that whitehats profile were the most wanted one.
Unfortunately Theo was already on holidays [1] when we needed to start the
interview. Sorry guyz ;> Have fun anyway with punk!
[1] http://kerneltrap.org/mailarchive/openbsd-misc/2010/8/13/6186
-----( GreetZ for issue #67 )-----
As always and because our staff would have done nothing but shit without
them, we'd like to thank (in no particular order)...
- route/daemon9: still able to make a kickass intro ;)
- The Analog Kid: the spirited kid
- nullcon guyz: nice people, visit their great country!
- EL ZILCHO: fuck1ng great job!
- TAp: peace bro :>
- ElfMaster: yet another kernel hax0r ;)
- lvxferis: who is this guy???
- FelineMenace: the LOLCats team counterattacks ;-)
- spacewalker: supportive & gifted belgian bro
- blackngel: malloc's worse enemy
- Captain Planet: fmt bugs' worse enemy (lake of inspiration
detected)
- argp & huku: kudos for kickass answers in no time
- BSDaemon: oi. Tudo bom?
- punk: the whitehat k1ll3r
- the VX scene: thanks for the support & various exchanges over
past months. Special thanks to izee, herm1t and
EOF writers.
- Magma: take your pills gramps
- The Philosopher: well done
- antipeace: ~_o
- pi3: Hi bulba! (oops wrong one)
- spy: our IRC bot
- halfdead: su said you contributed on IRC ;)
- the circle: kudos for your past work.
...for their contributions and support. Touching isn't it? But so true :-)
-----( Phrack Magazine's policy )-----
phrack:~# head -20 /usr/include/std-disclaimer.h
/*
* All information in Phrack Magazine is, to the best of the ability of
* the editors and contributors, truthful and accurate. When possible,
* all facts are checked, all code is compiled. However, we are not
* omniscient (hell, we don't even get paid). It is entirely possible
* something contained within this publication is incorrect in some way.
* If this is the case, please drop us some email so that we can correct
* it in a future issue.
*
*
* Also, keep in mind that Phrack Magazine accepts no responsibility for
* the entirely stupid (or illegal) things people may do with the
* information contained herein. Phrack is a compendium of knowledge,
* wisdom, wit, and sass. We neither advocate, condone nor participate
* in any sort of illicit behavior. But we will sit back and watch.
*
*
* Lastly, it bears mentioning that the opinions that may be expressed in
* the articles of Phrack Magazine are intellectual property of their
* authors.
* These opinions do not necessarily represent those of the Phrack Staff.
*/
-----( Contact Phrack Magazine )-----
< Editors : staff[at]phrack{dot}org >
> Submissions : staff[at]phrack{dot}org <
< Commentary : loopback[@]phrack{dot}org >
> Phrack World News : pwned[at]phrack{dot}org <
Submissions may be encrypted with the following PGP key:
(Hint: Always use the PGP key from the latest issue)
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PHRACK
mQGiBEucoWIRBACFnpCCYMYBX0ygl3LrH+WWMl/g6WZxxwLM2IT65gXCuvOEbLHR
/OdZ5T7Z6sO4O5b0EWkk5pa1Z8egNp44+Fn+ExI78cv7ML9ffw1WEAS+raQwvN2w
0WUsfztWHZqPf4HMefX92pv+1kVcio/b0aRT5lRbvD7IdYLrtYb0V7RYGwCgi6Or
dJ5iN+YVDMx8lkUICI8kPxcD/1aHZqCzFx7lI//4OtZQN0ndP1OEH+C7GDfYWi4P
DcLNlF812h1qyJf3QCs93PQR+fu7XWAIyyo5rLHpFfuU29ZZH1Oe0VR6pLJTas2Z
zXNdU48Bhj1uf4Xv0NaAYlQ5ffIJ4a37uIKYRn28sOwH/7P8VGD7K7EZn3MMyewo
aPPsA/4ylQtKkaPB9iTKUlimy5ZZorPwzhNliEbIanCGfePgPz02QMG8gnId40/o
luE0YK1GnUbIMOb6LzI2A5EuQxzGrWzDGOM3uLDLzJtBCg8oKFrUoRVu1dnPEqc/
NQzRYjRK8R8DoDa/QZgyn19pXx4oQ3tAldI4dAQ022ajUhEoobQfUGhyYWNrIFN0
YWZmIDxzdGFmZkBwaHJhY2sub3JnPohgBBMRAgAgBQJLnKFiAhsDBgsJCAcDAgQV
AggDBBYCAwECHgECF4AACgkQxgxUfYgthE7RagCeL/XirVrcUzgKBrJGcvo0xjIE
YlkAoIBqC2GuYJrXxPO/KaJtXglJjd7zuQQNBEucoWIQEADrU+2GAZbWbTElblRp
/MyoUNHm0gxOo7afqVdQe8epub/waQD1bnE+VucI7ncmQWUdD0qkkyzaXlFDlvId
LYh/dMu4/h+nTyuCLNqoycqvf1k8Dax6QOADq0BZlM5lGTL6VOBnCitWCvgYCmLO
aPO1bacJlNx0/cpWKe+YELlZss7Q+o4SBvDOyX8B78eEs62dbRAudubFQ/tjQd3z
cXZOSli9Du9DAa2vzk8tq1c6RAs0NY4KxBu+6VW/lxvGt3iNRlFQAdya6Kx3fhog
zVjkt3OOgNDJ6u/9zYbMbtjtoFqSIJDR4DhZ9NbS57nuTkJqh0GDVOtxfKcc8QxH
wyYiH47M9znHFtHHvT0PzGc2Fl8s3EUFvlXZUW3ikcFbkyqTgnseqv5k9YQ8FDHX
IvBVpj8nqLi3CBADy8z2gy5r4TryV3sfOlTT40r0GtiG3Weeb0wuMj5+hr303zgN
/aH+ps8JvL0TeyXjsDMcTCF1fHSIxPJouSWjOkFMrumAg/rikdn3+dPCCowcLKvQ
isYC60yKEhcYvUDiKKzXrGyM/38Kp/73RA9ZLQ3VjCSX550UCU46hF6u6Qzbd5Jk
T8WesPYqz4jpPzlF1MbaVki4+g5myTR8y1IIarX08mk6l+1YZyjjzmlhKyhdaIiI
QY4uv3EYYFDHiyd0/3ZBfkz62wADBQ//bVf698IFhoLHeCG3USyl/rHyjVUatsCx
ZCwPlWEGzR+RP3XdqwoeFZNA4hXYy3Qr1vJSytbCRDYOK2Rp3Eos1Gncqp3KbUhQ
ZRBxGNbhskZ7VHOvBHIIZ7QU3TDnWLDlWs9oha8zv9XWEmaBmCjBtmRwunphwdv2
O7JpqLbW45l/WAas6CuRi+VxXllQPM2nKX9JwzyWlvnU3QayO+JJwH5bfeW0Wz53
wqMBJz9hvVaClfAzwEnPnWQxxgA6j7S9AuEv7NRLZsC6nHyGwB7vFfL4dCKt4cer
gYOk5RjhHVNuLJSLhVWRfcxymPRKg07harb9adrPcjJ7fCKXN1oPCcacG0O6vcTb
k58MTzs3CShJ58iqVczU6ssGiVNFmfnTrYiHXXvo/+36c+TizwoXJD7CNGDc+8C0
IxKsZbxgvpFuyRRwrzr3PpecY0I2cWZ7wN3WtFZkDi5OtsIKTXHOozmddhAwxqGK
eURB/yI/4L7t2Kh2EaVOyRbXNa4hwPbqbFiofihjKQ1fFsYCUUW0CAOaXu14QrrC
IepRMQ2tabrYCfyNuLL3JwUFKinXs6SrFcSiWkr9Cpay7Ozx5QosV8YKpn6ojejE
H3Xc0RNF/wjYczOSA6547AzrnS8jkVTV2WIJ5g1ExvSxIozlHU5Dcyn5faftz++y
ZMHT0Ds1FMGISQQYEQIACQUCS5yhYgIbDAAKCRDGDFR9iC2ETsN0AJ9D3ArYTLnd
lvUoDsu23bN4bf7gHwCfUGDsUSAWE/G7xQaBuB50qXecJPo=
=cK7U
-----END PGP PUBLIC KEY BLOCK-----