💾 Archived View for aphrack.org › issues › phrack67 › 1.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

                             ==Phrack Inc.==

		Volume 0x0e, Issue 0x43, Phile #0x01 of 0x10

|=----------------------------------------------------------------------=|
|=--------------------------=[ Introduction ]=--------------------------=|
|=----------------------------------------------------------------------=|
|=----------------------=[ By The Phrack Staff ]=-----------------------=|
|=----------------------------------------------------------------------=|
|=----------------------=[  November 17, 2010  ]=-----------------------=|
|=----------------------------------------------------------------------=|


        "The greatest trick the Devil ever pulled was convincing
         the world he didn't exist"
                                  --- Verbal Kint


        It's 1.00 a.m., nobody hits this secondary road. Heck, I'm almost
sure half of it doesn't have a line to remind you that you should share it
with upcoming cars. It's raining, but not too hard. I'm going home.

        It's Tuesday. What the hell am I doing out here, half an hour from
home, slowly driving under the rain? It's 1.05 a.m., I know this road, I
know this feeling, I recognize the shivering. I let it flow. Turn off the
music, I want silence.

        It's 2.00 a.m., nobody hits this machine at this time of the day.
Logs track me, but I'll clean them. I know this road, I know this feeling, 
I recognize the shivering. Turn on the music, the game is on. I'm sure 
someone else is around here, someone else has seen this # before.

        "I'll fuck you if you don't fuck me first, sir". Fair enough, this
is the rule. I'll go to sleep afterwards. I'm meeting some friends and I've
to take a train tomorrow. I'll sleep on the couch of someone I've never
seen before, yet I know him well.

        It's 1.00 a.m., 10 years later. It's a GPG email from the guy that
once offered me a couch. Then another time. I can count the times I've seen
him in person on two hands, but I would overflow a 'short' counting the
words we exchanged. We meet again, thought you disappeared. Things change,
indeed. Life gave us something to lose and we are holding on it. We lost
people, money, opportunities, that's why we hold on. Once a hacker, forever
a hacker, right? Let's finish this code. Let's visit this city.

        It's 2.00 a.m., today. Nothing in this story, in this Intro, is 
real. I wasn't there, this is not me. This is just a stream of ASCII
characters. Someone out there pulled a great trick and convinced the world
that security was a cool business. Someone is pulling even greater tricks
and makes money out of his ignorance living on others slightly bigger
ignorance. Somewhere, a crackdown on some kids proves to be necessary to
keep the 'mistery' alive, to keep the bandwagon going. Someone spies on
former fellow friends, 'cause that's worth millions. Everybody is happy and
we slowly fade away. Away, towards a new Underground.

        "I'll fuck you if you don't fuck me first, sir".

If you are shivering, if you have been there, if you feel it, you know what
I mean. PHRACK may die. Groups may die. Things as we know today may die.
The great trick might actually seem to work -- goodbye Underground, welcome
Security Industry. Not too fast.

        "Once a hacker, forever a hacker, right?"

        The Game is on.


                      -----( Phrack Issue #67 )-----


It's with incredible pleasure that we present you our newly released issue: 

 ______  _     _ ______  _______ _______ _     _      _ _   _______ ______ 
(_____ \(_)   (_|_____ \(_______|_______|_)   | |   _| U |_(_______|______)
 _____) )_______ _____) )_______ _       _____| |  (_     _)______       _  
|  ____/|  ___  |  __  /|  ___  | |     |  _   _)   _| O |_|  ___ \     / ) 
| |     | |   | | |  \ \| |   | | |_____| |  \ \   (_     _) |___) )   / /  
|_|     |_|   |_|_|   |_|_|   |_|\______)_|   \_)    |_n_| |______/   (_/   

                 - By the community, for the community. -


But wait ... the release date ... it sounds familiar ... OMFG!!! 


                                 \\\ ,
                                  \ `|
                                   ) (   .-""-.
                                   | |  /_  {  '.
                                   | | (/ `\   } )
                                   | |  ^/ ^`}   {
                                   \  \ \=  ( {   )
                                    \  \ '-, {   {{
                                     \  \_.'  ) }  )
                                      \.-'   (     (
                                      /'-.'_. ) (  }
                                      \_(    {   _/\
                                       ) '--' `-;\  \
                                   _.-'       /  / /
                            <\/>_.'         .'  / /
                        <\/></\>/.  '      /<\// /
                        </\>  _ |\`- _ . -/|<// (
                     <\/>    - _- `  _.-'`_/- |  \
                     </\>        -  - -  -     \\\
                      }`<\/>                <\/>`{
                      { </\>-<\/>_<\/>_<\/>-</\> }
                      }      </\> </\> </\>      {
                   <\/>.                         <\/>
                   </\>                          </\>
                    {`<\/>                     <\/>`}
                    } </\>-<\/>_<\/>_<\/>_<\/>-</\> {
                    {      </\> </\> </\> </\>      }
                    }                               }
                    {           H A P P Y           {
                    }                               }
                    {             25th              {
                 <\/>                               <\/>
                 </\>        B I R T H D A Y        </\>
                   `<\/>                          <\/>'
                jgs </\>-<\/>_<\/>_<\/>_<\/>_<\/>-</\>
                         </\> </\> </\> </\> </\>


Yes. That's right friends. This 67th issue is the celebration of Phrack's 
25th birthday. Happy birthday Phrack!


                    -----( Coming from the past )-----

Once upon a midnight dreary, while I pondered, weak and weary, over many a 
quaint and curious volume of forgotten lore...

Hello Cyberpals. It's your old friend Mike Schiffman AKA route AKA daemon9.

the same, young and eager and hungry... Me? I'm still here, just older and 
grayer and bit less conspicuous. Ok, I'll say it -- I'm downright honored 
that you crazy rascals still remember me.

It sure has been many a fortnight that I've been in this business. I mean, 
back in 1994, when I started poking around the scene in I was just a little
dork who use to work out a lot and bleach my hair white. Sure I was 
probably the first muscle-bound white-haired guy with giant computer chip 
tattoo on his back who had this tireless thirst for computers and hacking 
and writing all sorts of Usenet posts and papers -- but there would legions
more to come...

Now in 2010 I'm a much bigger and more experienced dork. It's more than 16 
years later. I have many more tattoos and the hair is getting white all by 
itself. And I reminisce... I look back and reflect on those days. Some of 
the stuff I use to do... My comp.security Usenet posts. "The Infinity 
Concept" e-zine, the precursor to my Phrack editorial days. My netcom.com 
.plan file. The PGP Attack FAQ.

I remember getting owned. I remember the first time my phones got done up 
and you miscreants forwarded my calls to bridge and told people I had died 
of AIDS. I remember my girlfriend at the time being scared shitless of what
was next. I remember my dox getting dumped to #phrack. I remember u4ea 
threatening to insert my SSN into the NCIC. I remember Bane and u4ea 
calling my house repeatedly. I also remember pictures of u4ea 
cross-dressing. I remember Bane getting backhanded by Synapse at Defcon 4. 
I remember Special Agent Peter Trahon and his partner who looked and 
sounded like Sargent Slaughter from GI JOE both from the San Francisco FBI 
Computer Crime task force picking me in a late model Crown Victoria and 
taking me to Max's Opera Cafe in Walnut Creek, CA and shaking me down for 
dirt on other cyber-dorks they were investigating... I remember teardrop. 
I remember Loki. I remember TQBF telling me that I had better be real 
careful in releasing the technique/code of ICMP covert channel tunneling as
I was "stepping on active people's toes"... I remember hooking an old 
landline phone up to my neighbor's wiring to call him and discuss it... I 
remember Carolyn Meinel... And her daughter Virginia at Defcon 5. I 
remember Eric Bloodaxe tapping me to be a Phrack editor a long with Voyager
and Redragon. I remember overshadowing them and bringing my own editorial 
team onboard... I remember how awesome it was to be a Phrack Editor. 

I remember how awesome Phrack was. How amazing it still is. Kudos to the 
current editorial team for keeping it alive, and here's to another 25 
years. Come find me then, and prophile me.

                                                XOXO Scene, 

                                        MS AKA Route AKA daemon9


                  -----( What you were waiting for )-----

Telling you that we're proud to release this issue would be an euphemism 
for many reasons including, and that is the most important, the pleasure
you will have while reading it. Oh and by the way, we apologize for the 
wait ...

08:21 |     --->| su [~su@201.6.x.y] #phrack
08:23 |     --->| arr[][] [arr@fledge.z.org] #phrack
08:29 |      su | halfdead, are you having trouble in man gcc this time? is
                  that why phrack's issue is so late?
08:30 |    Dreg | wtf
08:30 | @bab00n | hoho

Double. No. Triple private joke. You may have waited a long time but at 
least we made it before ZF #06 ;>

$ cat p67/index.txt

<--------------------------( Table of Contents )-------------------------->

 0x01  Introduction ....................................... Phrack Staff
 
 0x02  Phrack Prophile on punk ............................ Phrack Staff
 
 0x03  Phrack World News .................................. EL ZILCHO
 
 0x04  Loopback (is back) ................................. Phrack Staff
 
 0x05  How to make it in Prison ........................... TAp
 
 0x06  Kernel instrumentation using kprobes ............... ElfMaster
 
 0x07  ProFTPD with mod_sql pre-authentication ............ FelineMenace
 
 0x08  The House Of Lore: Reloaded ........................ blackngel
 
 0x09  A Eulogy for Format Strings ........................ Captain Planet
 
 0x0a  Dynamic Program Analysis and Software Exploitation . BSDaemon
 
 0x0b  Exploiting memory corruptions in Fortran programs .. Magma
       under UNIX/VMS
 
 0x0c  PHRACKERZ: Two Tales ............................... Antipeace 
                                                                & 
                                                            The Analog Kid
 
 0x0d  Scraps of notes on remote stack overflow ........... pi3
       exploitation
 
 0x0e  Notes Concerning the Security, Design and .......... The Philosopher
       Administration of Siemens DCO-CS Digital 
       Switching Systems                                                
 
 0x0f  Hacking the mind for fun and profit ................ lvxferis

 0x10  International Scenes ............................... various

<------------------------------------------------------------------------->

Have you ever noticed how some issues seemed to have a thematic? Consider 
for example p66. There are 4 papers dealing with heap exploitation. Now 
take p63. 5 papers are about (anti)reverse engineering and binary 
manipulation techniques and p62 clearly has a Windows color. Weird, isn't 
it? Coincidence? Bias in the uniform distribution of hacking playgrounds? 
I'll let you draw your own conclusions.

For this issue, with no doubts, the focus is on userland exploitation. Did
you really think that you had seen everything? Well how about debugging 
some heap? While FelineMenace gives you tricks using an usual practical 
case (hint: don't miss the source code), blackngel explains in detail the 
House Of Lore technique. Having troubles with fortify? Go read Captain 
Planet's excellent paper on format bugs as well as pi3's notes about 
cookies. It might be handy. 

Exploiting bugs is cool but finding them is de facto mandatory. That's when
BSDaemon's paper comes to play. Read it and learn about how to instrument 
programs. Now what about a new playground? Discover the joy of Fortran 
hacking with Magma. Oh btw he may just have lost it you know... 

Missing kernel fun? Why not reading ElfMaster's paper. You'll certainly 
learn a bit of useful things, truly. Missing the good old phreaking days? 
Thank The Philosopher for his contribution (you made us crazy man !@#) and
go learning about old school DCO-CS hacking.

The best for the end. We have the luck to have no more than 4 non technical
papers for this issue. You don't care? Fucking idiot, go away. 

Though we already thanked them, let us highlight EL ZILCHO, TAp, Antipeace,
The Analog Kid, lvxferis & the anonymous contributors of the "International
Scenes" phile. Phrack is without a doubt one of the most technical source 
of knowledge of the whole hacking scene thanks to its writers. But the 
most important aspect is not the technical one. Nowadays there are lots of 
impressive sources of information (blogs, books, conferences) freely 
available on Internet. However they all lack a soul. Phrack has a spirit 
and that's its true power.

Now as a demonstration of the so-called spirit, we have the brilliant work
of EL ZILCHO. Tired of the crap published on zdnet? Then have a taste of 
the Phrack World News. Eager to learn about life experiences? TAp is your 
man with one of the most fascinating papers of this issue. You should also
consider alternative literature with lvxferis' paper. Ahah.

Oh and if you're just passing by, attracted by the hacking culture but not 
yet ready/able to embrace it then Phrackerz paper is for you. It should 
bring you answers.

                                    -- The Phrack Staff

Ps: Oops sorry to forget o_O. It came to our attention after Pipacs' 
profile publication in p66 that whitehats profile were the most wanted one.
Unfortunately Theo was already on holidays [1] when we needed to start the
interview. Sorry guyz ;> Have fun anyway with punk!

[1] http://kerneltrap.org/mailarchive/openbsd-misc/2010/8/13/6186


                    -----( GreetZ for issue #67 )-----

As always and because our staff would have done nothing but shit without 
them, we'd like to thank (in no particular order)...

    - route/daemon9:      still able to make a kickass intro ;) 
    - The Analog Kid:     the spirited kid   
    - nullcon guyz:       nice people, visit their great country!
    - EL ZILCHO:          fuck1ng great job!
    - TAp:                peace bro :>
    - ElfMaster:          yet another kernel hax0r ;)
    - lvxferis:           who is this guy???
    - FelineMenace:       the LOLCats team counterattacks ;-)
    - spacewalker:        supportive & gifted belgian bro
    - blackngel:          malloc's worse enemy
    - Captain Planet:     fmt bugs' worse enemy (lake of inspiration 
                                                 detected)
    - argp & huku:        kudos for kickass answers in no time
    - BSDaemon:           oi. Tudo bom?
    - punk:               the whitehat k1ll3r
    - the VX scene:       thanks for the support & various exchanges over
                          past months. Special thanks to izee, herm1t and
                          EOF writers.
    - Magma:              take your pills gramps
    - The Philosopher:    well done
    - antipeace:          ~_o
    - pi3:                Hi bulba! (oops wrong one)
    - spy:                our IRC bot
    - halfdead:           su said you contributed on IRC ;)

    - the circle:         kudos for your past work.

...for their contributions and support. Touching isn't it? But so true :-)


                  -----( Phrack Magazine's policy )-----

phrack:~# head -20 /usr/include/std-disclaimer.h
/*
 *  All information in Phrack Magazine is, to the best of the ability of
 *  the editors and contributors, truthful and accurate.  When possible,
 *  all facts are checked, all code is compiled.  However, we are not
 *  omniscient (hell, we don't even get paid).  It is entirely possible
 *  something contained within this publication is incorrect in some way.
 *  If this is the case, please drop us some email so that we can correct
 *  it in a future issue.
 *
 *
 *  Also, keep in mind that Phrack Magazine accepts no responsibility for
 *  the entirely stupid (or illegal) things people may do with the
 *  information contained herein.  Phrack is a compendium of knowledge,
 *  wisdom, wit, and sass.  We neither advocate, condone nor participate
 *  in any sort of illicit behavior.  But we will sit back and watch.
 *
 *
 *  Lastly, it bears mentioning that the opinions that may be expressed in
 *  the articles of Phrack Magazine are intellectual property of their
 *  authors.
 *  These opinions do not necessarily represent those of the Phrack Staff.
 */

                  -----( Contact Phrack Magazine )-----


            <  Editors           : staff[at]phrack{dot}org   >
            >  Submissions       : staff[at]phrack{dot}org   <
            <  Commentary        : loopback[@]phrack{dot}org >
            >  Phrack World News : pwned[at]phrack{dot}org   <

 
    Submissions may be encrypted with the following PGP key:
    (Hint: Always use the PGP key from the latest issue)


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PHRACK

mQGiBEucoWIRBACFnpCCYMYBX0ygl3LrH+WWMl/g6WZxxwLM2IT65gXCuvOEbLHR
/OdZ5T7Z6sO4O5b0EWkk5pa1Z8egNp44+Fn+ExI78cv7ML9ffw1WEAS+raQwvN2w
0WUsfztWHZqPf4HMefX92pv+1kVcio/b0aRT5lRbvD7IdYLrtYb0V7RYGwCgi6Or
dJ5iN+YVDMx8lkUICI8kPxcD/1aHZqCzFx7lI//4OtZQN0ndP1OEH+C7GDfYWi4P
DcLNlF812h1qyJf3QCs93PQR+fu7XWAIyyo5rLHpFfuU29ZZH1Oe0VR6pLJTas2Z
zXNdU48Bhj1uf4Xv0NaAYlQ5ffIJ4a37uIKYRn28sOwH/7P8VGD7K7EZn3MMyewo
aPPsA/4ylQtKkaPB9iTKUlimy5ZZorPwzhNliEbIanCGfePgPz02QMG8gnId40/o
luE0YK1GnUbIMOb6LzI2A5EuQxzGrWzDGOM3uLDLzJtBCg8oKFrUoRVu1dnPEqc/
NQzRYjRK8R8DoDa/QZgyn19pXx4oQ3tAldI4dAQ022ajUhEoobQfUGhyYWNrIFN0
YWZmIDxzdGFmZkBwaHJhY2sub3JnPohgBBMRAgAgBQJLnKFiAhsDBgsJCAcDAgQV
AggDBBYCAwECHgECF4AACgkQxgxUfYgthE7RagCeL/XirVrcUzgKBrJGcvo0xjIE
YlkAoIBqC2GuYJrXxPO/KaJtXglJjd7zuQQNBEucoWIQEADrU+2GAZbWbTElblRp
/MyoUNHm0gxOo7afqVdQe8epub/waQD1bnE+VucI7ncmQWUdD0qkkyzaXlFDlvId
LYh/dMu4/h+nTyuCLNqoycqvf1k8Dax6QOADq0BZlM5lGTL6VOBnCitWCvgYCmLO
aPO1bacJlNx0/cpWKe+YELlZss7Q+o4SBvDOyX8B78eEs62dbRAudubFQ/tjQd3z
cXZOSli9Du9DAa2vzk8tq1c6RAs0NY4KxBu+6VW/lxvGt3iNRlFQAdya6Kx3fhog
zVjkt3OOgNDJ6u/9zYbMbtjtoFqSIJDR4DhZ9NbS57nuTkJqh0GDVOtxfKcc8QxH
wyYiH47M9znHFtHHvT0PzGc2Fl8s3EUFvlXZUW3ikcFbkyqTgnseqv5k9YQ8FDHX
IvBVpj8nqLi3CBADy8z2gy5r4TryV3sfOlTT40r0GtiG3Weeb0wuMj5+hr303zgN
/aH+ps8JvL0TeyXjsDMcTCF1fHSIxPJouSWjOkFMrumAg/rikdn3+dPCCowcLKvQ
isYC60yKEhcYvUDiKKzXrGyM/38Kp/73RA9ZLQ3VjCSX550UCU46hF6u6Qzbd5Jk
T8WesPYqz4jpPzlF1MbaVki4+g5myTR8y1IIarX08mk6l+1YZyjjzmlhKyhdaIiI
QY4uv3EYYFDHiyd0/3ZBfkz62wADBQ//bVf698IFhoLHeCG3USyl/rHyjVUatsCx
ZCwPlWEGzR+RP3XdqwoeFZNA4hXYy3Qr1vJSytbCRDYOK2Rp3Eos1Gncqp3KbUhQ
ZRBxGNbhskZ7VHOvBHIIZ7QU3TDnWLDlWs9oha8zv9XWEmaBmCjBtmRwunphwdv2
O7JpqLbW45l/WAas6CuRi+VxXllQPM2nKX9JwzyWlvnU3QayO+JJwH5bfeW0Wz53
wqMBJz9hvVaClfAzwEnPnWQxxgA6j7S9AuEv7NRLZsC6nHyGwB7vFfL4dCKt4cer
gYOk5RjhHVNuLJSLhVWRfcxymPRKg07harb9adrPcjJ7fCKXN1oPCcacG0O6vcTb
k58MTzs3CShJ58iqVczU6ssGiVNFmfnTrYiHXXvo/+36c+TizwoXJD7CNGDc+8C0
IxKsZbxgvpFuyRRwrzr3PpecY0I2cWZ7wN3WtFZkDi5OtsIKTXHOozmddhAwxqGK
eURB/yI/4L7t2Kh2EaVOyRbXNa4hwPbqbFiofihjKQ1fFsYCUUW0CAOaXu14QrrC
IepRMQ2tabrYCfyNuLL3JwUFKinXs6SrFcSiWkr9Cpay7Ozx5QosV8YKpn6ojejE
H3Xc0RNF/wjYczOSA6547AzrnS8jkVTV2WIJ5g1ExvSxIozlHU5Dcyn5faftz++y
ZMHT0Ds1FMGISQQYEQIACQUCS5yhYgIbDAAKCRDGDFR9iC2ETsN0AJ9D3ArYTLnd
lvUoDsu23bN4bf7gHwCfUGDsUSAWE/G7xQaBuB50qXecJPo=
=cK7U
-----END PGP PUBLIC KEY BLOCK-----