💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › FK › fk006.txt captured on 2021-12-03 at 14:04:38.

View Raw

More Information

-=-=-=-=-=-=-

::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
::                             ___      _,q$                               ::
::                           ;$$$;.��W$$:$                               ::   
::                         ;$''  "$i,."$$:$           .                   ::   
::                        i$      ;$Si.;$:$           :                   ::   
::                       ;$        I$;::$:$          ;:                   ::   
::                       �$;        ;$ii.$.$         ;


                   ::   
::                     . $:         $iiI$ $       ,$'                    ::   
::                       $          $ii;$:$   _,<$;                      ::   
::                     ; $__            ;$.$  $$P'                       ::   
::                ;;;;;$ $%$$$;       .$ $ ,__                           ::   
::                 ''''$ $<'''          .$ ; "$QQ�                        ::   
::                     $ I$               $      "�$S,                      ::   
::                    ;% ;$              .$ :.      ?$,                     ::   
::                    ii :$               $ ;|       ;$,                    ::   
::                    ::.l                l  $        :$                    ::   
::                                        ;  ^        .;/                   ::   
::                                                      .                   ::   
::                 ..[Forbidden Knowledge Issue Six]..                      ::
::            ..[Smells like chicken, Tastes like borg]..                   ::
::                                                                          ::
:: Forbidden Knowledge is an independant project brought to you by the      ::
:: following team of imbeciles with nothing better to do...                 ::
::                                                                          ::
::--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--::
:: [ Wyzewun ]            [ Chief Loser ]       [ wyze1@g0v.za.org ]        ::
::                                                                          ::
:: [ Pneuma ]             [ Assistant Loser ]   [ satur9@beer.com ]         ::
:: [ Vortexia ]           [ Assistant Loser ]   [ vortexia@psyche.za.org ]  ::
::                                                                          ::
:: [ Moe1 ]               [ General Slut ]      [ moe1@codiez.za.org ]      ::
:: [ Cyberphrk ]          [ Ascii Wh0re ]       [ phuman@icon.co.za ]       ::
::                                                                          ::
:: [ Sniper ]             [ Webpimp ]           [ sniper@h4x0rz.za.org ]    ::
::--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--::
::                                                                          ::
:: Guest Contributors: Cyberware, Corrupt SYN, Terabyte and jus             ::
::                                                                          ::
:: Group Greetz: b4b0, cDc, Darkcyde, EHAP, HNN, L0pht, LoU, Rhino9         ::
:: Individual Greetz: Badspirit, Corrupt SYN, Cache, Crazyguy, Cyberware,   ::
::                    Cyclotron, icesk, jus, kM, kokey, Lothos, m0f0,       ::
::                    Mnemonic, optiklenz, Terabyte, Tattooman, Ultima      ::
::                                                                          ::
:: Disses to: FAT PE0PLE!#@#$ j00 aRe aLL gR0sS!%@#                         ::
:: Disgustingly Obese: JP from AntiOnline, Carolyn Meinel, Roseanne Barr    ::
::                                                                          ::
:: Oh: And Greets to the SAPS Computer Crime Unit. Since you've been kind   ::
::     enough not to laugh while listening to my personal phone calls, I    ::
::     thought I'd be kind enough to send you sh0ut 0utz. You guyz 0wn.     ::
::                                                                          ::
:: Its a Fact: The head of the CCU's daughter has been raped by Pneuma at   ::
::             least nine times, and is finally beginning to enjoy it.      ::
::                                                                          ::
:: Pimp Phat Tunez: NIN, Marilyn Manson, White Zombie, RATM, Korn, Prodigy, ::
::                  Chemical Brothers, Garbage, Eminem, Bloodhound Gang,    ::
::                  Placebo, Offspring, Beastie Boys                        ::
::                                                                          ::
:: Pimp Wack Tunez: Spice Girls, B-Witched, Steps, Faithless, 2Pac, Puff    ::
::                  Daddy, Any South African band                           ::
::                                                                          ::
:: Question: How long are you going to take before you realise that *BSD    ::
::           0wnz Linux's pathetic ass?                                     ::
::                                                                          ::
:: No sense of humour: Sektorgrl - I recall her kicking me at least 9 times ::
::                     for saying I was going to sacrifice the puppy her    ::
::                     parents brought her to Satan. What a weirdo. ;)      ::
::                                                                          ::
:: Other stuff in dis Issue: Uuuh, I can't remember coz it sucks so much.   ::
::                           Just look around at stuff, or something ;P     ::   
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                   .ooO Contents of This Issue Ooo.                       ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: -/- Introduction by The Editor                                           ::
:: -/- Pathetic mail of the month                                           ::
::                                                                          ::
:: -/- Memory and Addressing Protection Part Two                            ::
:: -/- Silly PGPDisk Bug                                                    ::
:: -/- Playing with Nokia and Ericsson Cellphones                           ::
:: -/- Securing RedHat Linux 6.0                                            ::
:: -/- RedHat 6.0 LILO PAM Filter workaround                                ::
:: -/- Java Personal Webserver 0.9 DoS                                      ::
:: -/- Ripping off Arcade Machines                                          ::
:: -/- A guide to Linux/FreeBSD IP Firewalling                              ::
:: -/- Windows backdoor Stupidity                                           ::
:: -/- A Study of the CyberTrade Extranet                                   ::
:: -/- Telkom Identicall Glitches                                           ::
:: -/- Making free calls from Blue Payphones                                ::
::                                                                          ::
:: -/- Laterz and udder Bullsh!t                                            ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                 .ooO Introduction by The Editor Ooo.                     ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: FK are back in action with even more drugs in their bloodstream than     ::
:: ever before and although FK *still* sucks - we've got this leet new      ::
:: layout for the zine! Werd! Mail all women, vodka and article submissions ::
:: to wyze1@g0v.za.org - sorry about the website being down for so long,    ::
:: the 12GB SCSI Apache was on died and Vort chose to just lament over the  ::
:: loss of all of his lame warez instead of reinstalling. Sheesh. ;)        ::
:: I will get Sniper to put it up on his box soon. It kinda pisses me off   ::
:: that they have been too lazy to put the domain up in two months. :(      ::
::                                                                          ::
:: Enjoy the e-zine - its still getting better - but it's developing quite  ::
:: nicely over time. Just pretend that this is the first issue and then it  ::
:: will seem less lame. ;P                                                  ::
::                                                                          ::
:: Seriously though, past issues have been pretty damned awful, and things  ::
:: always went wrong - like me writing an article on trojaning su only to   ::
:: find out that some-one had already thought of the same idea... about 20  ::
:: years ago! (Guess its my fault for not reading all doze uber-ereet       ::
:: old-skool texts, huh?) ;P But I still feel that FK will slowly get       ::
:: better over time and perhaps eventually grow to be quite good. Maybe.    ::
:: I wouldn't put money on it - I know how dumb I am. ;)                    ::
::                                                                          ::
:: Thanks to all the people who have supported us from the beginning even   ::
:: though we suck - we couldn't have gotten this far without you. Although  ::
:: you still suck for thinking it was cool in the first place. ;P           ::
::                                                                          ::
:: Cheers,                                                                  ::
:: Wyzewun                                                                  ::
::                                                                          ::
:: PS. I asked Cyberphrk to draw neato ascii of a goat, which I was going   ::
::     to put here, but he told me that his "g0at r3m3mb3r1ng sk1LLz"       ::
::     aren't what they used to be and asked me to send him a pic of one... ::
::                                                                          ::
::     That's when I decided I didn't want a goat that much.                ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::             .ooO Completely Pathetic Mail of the Month Ooo.              ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: Well, originally I decided not to publish any mail I recieve in FK, but  ::
:: since I have recently gotten a large influx of immensely lame e-mail, I  ::
:: decided to set up this section, where I will publish the most idiotic    ::
:: mail I get every month in a vain effort to cut down on the stupid mail   ::
:: I get. *Ahem* Please note that I am *more* than happy to help with       ::
:: anything vaguely intelligent, and I really like the stuff that many      ::
:: readers have mailed me, just not stuff like... this...                   ::
::                                                                          ::
:: From: the_extremist@iname.com                                            :: 
:: To: wyze1@g0v.za.org                                                     ::
:: Date: Fri, 23 Jul 1999 10:34:55 -0400 (EDT)                              ::           
:: Subject: Unspecified                                                     ::
::                                                                          ::
:: Hi!                                                                      ::
::                                                                          ::
:: I'm working on 194.225.24.65, [as well as wyze1s nerves] and it's my     ::
:: first case of cracking. it's the IP address of "Shahid Beheshti          ::
:: University" in Iran. [sounds like a really secure system, sure you will  ::
:: be able to cut it?]                                                      ::
::                                                                          ::
:: I've tried the PHF technique [elite] but I got no results and I also     ::
:: tried to FTP to their site but that way wasn't possible either. now I    ::
:: don't know what to do, [hmmm. me neither. phf didn't work? ftp'ing in    ::
:: and trying to get /etc/passwd didn't work? fuckit, this system must be   ::
:: sewper dewper locked down. i suggest you just give up and get better at  ::
:: tekken] so I decided to write a mail and request for help from you.      ::
::                                                                          ::
:: if it's possible for you then please tell me how can I hack that page,   ::
:: and if it's not possible for you then tell me that matter too, so that   ::
:: I don't wait too much for your reply, Thanx! ;) [if its possible that    ::
:: you have an IQ above that of my left nipple then i would reply within    ::
:: a few days, but you may have trouble qualifying for this. perhaps you    ::
:: should try for an armpit hair. good luck. ]                              ::
::                                                                          ::
:: John.                                                                    ::
::                                                                          ::
:: [end fantastically dumb e-mail. lets get on with the zine already]       ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::        .ooO Memory and Addressing Protection Part Two by wyze1 Ooo.      ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: In Part One I covered the use of Fence and Bounds Registers, as well as  ::
:: Tagged architecture. In this Issue, I will be covering Segmentation,     ::
:: Paging, and sucessfully combining the two schemes.                       ::
::                                                                          ::
:: Segmentation is simply the idea of dividing a program into seperate      ::
:: pieces in memory. Each piece has a logical unity, a relationship among   ::
:: all of its data or code values and a completely unique name. They are    ::
:: also all different sizes. So our program would be divided into pieces    ::
:: that look something like this...                                         ::
::                                                                          ::
::                   ._______________                                       ::
::                   | MAIN          |                                      ::
::                   |---------------|                                      ::
::                   |               |                                      ::
::                   | SUB_ROUTN_A   |                                      ::
::                   |               |                                      ::
::                   |---------------|                                      ::
::                   | DATA_SEG_B    |                                      ::
::                   |               |                                      ::
::                   `---------------'                                      ::
::                                                                          ::
:: The Operating System maintains a table of segment names and their true   ::
:: addresses in memory. A Program that is trying to access a piece of its   ::
:: data, a code segment, or whatever it's accessing, will look it up not    ::
:: as a real memory address, but as a <Name, Offset> pair. Name, of course, ::
:: being the name of the segment, and Offset being how many bytes whatever  ::
:: we want is from the beginning of the segment. (Eg. SUB_ROUTN_A, 150).    ::
:: For efficiency sake, there is often one address table for each user      ::
:: process in execution.                                                    ::
::                                                                          ::
:: And so, a users program does not know where it *really* is in memory.    ::
:: It is impossible for it to change a <Name, Offset> pair into a real      ::
:: memory address. There are three advantages of this for the OS...         ::
::                                                                          ::
:: 1. A Segment can be removed from main memory and stored somewhere else   ::
::    if it is not currently in use.                                        ::
::                                                                          ::
:: 2. The OS can place any segment in any location, and can move it around  ::
::    as it pleases, even after execution, because all it needs to do is    ::
::    modify the address table after it has moved the memory.               ::
::                                                                          ::
:: 3. Every address reference passes through the Operating System, so we    ::
::    can check for protection. (Eg. Read Only Segment etc)                 ::
::                                                                          ::
:: Let's look a bit at this last point. Because everything goes through the ::
:: OS, it is easy for us to store values of what users may or may not do to ::
:: specific pieces of memory. One user could be able to access a certain    ::
:: segment of another user's memory if deemed necessary, but still not be   ::
:: able to touch anything else of theirs. There is a much greater potential ::
:: for versatile protection using this method than any we have looked at    ::
:: in Part One.                                                             ::
::                                                                          ::
:: BUT... This system has a gaping security flaw (which can be fixed with   ::
:: a bit of extra work) which you may have seen by now. What happens if our ::
:: segment is 200 bytes long and we give a 400 byte offset? Oops. Quick and ::
:: easy access to other people's memory - Not good.                         ::
::                                                                          ::
:: This system also causes memory fragmentation, because segments are of    ::
:: varying sizes and after awhile, unused fragments of space can lead to    ::
:: really shit memory utilization. Ugh. That just about kills it for me,    ::
:: lets move on to Paging.                                                  ::
::                                                                          ::
:: Paging is fairly similar to Segmentation, in that each address is still  ::
:: a two part object, this time consisting of <Page, Offset>. Programs are  ::
:: divided into EQUAL-sized pieces called Pages and memory is divided into  ::
:: units of the same size, called Page Frames. So our program, once divided ::
:: will look like this...                                                   ::
::                                                                          ::
::                   ._______________                                       ::
::                   | PAGE 0        |                                      ::
::                   |---------------|                                      ::
::                   | PAGE 1        |                                      ::
::                   |---------------|                                      ::
::                   | PAGE 2        |                                      ::
::                   |---------------|                                      ::
::                   | PAGE 3        |                                      ::
::                   `---------------'                                      ::
::                                                                          ::
:: Because Pages are the same size, we don't have memory fragmentation      ::
:: problems like we have with Segmentation. Also, we don't have to worry    ::
:: about users setting huge offsets. For example, lets say we have a page   ::
:: size of 1024 bytes. 10 bits are allocated for the offset portion of each ::
:: address. A program cannot generate a offset value larger than 1023 in    ::
:: ten bits! ;)                                                             ::
::                                                                          ::
:: Moving to the the next location after <x, 1023> causes a carry into the  ::
:: page portion, thereby moving translation to the next page. During the    ::
:: translation, there is a check to make sure that this program has not     ::
:: gone over the amount of pages it has been assigned.                      ::
::                                                                          ::
:: BUT... because there is no unity to the items on a page, there is no way ::
:: to flag all values on a page as execute-only or read-only, or whatever   ::
:: we are trying to do. We don't have the sharing and restricting           ::
:: capabilities segmentation offered us. :(                                 ::
::                                                                          ::
:: So, what do we do? We combine the two! The program is divided into       ::
:: logical segments, like in Segmentation, and then each segment is broken  ::
:: down into pages of equal size. Easy as that! And the flaws of each       ::
:: scheme are fixed! This is in fact the exact memory scheme that they used ::
:: in Multics.                                                              ::
::                                                                          ::
:: <Newbie Note: Multics was an early operating system made by AT&T, Bell   ::
::  Labs, and a whole bunch of other really big companies. One programmer   ::
::  was developing a space travel game for Multics which he was very        ::
::  excited about, but ended up not having a OS to run it on when Multics   ::
::  was found to be the slowest, crappest OS on earth. So, he was forced to ::
::  program his OWN OS for his space travel game, and he called it UNIX, a  ::
::  pun on the "Multi" of Multics. The rest is history.>                    ::
::                                                                          ::
:: Well, that's all for now. If anyone found this interesting and bugs me   ::
:: enough I will continue giving more modern examples of memory protection. ::
:: But until then - Adios!                                                  ::
::                                                                          ::
::                               --=====--                                  ::
:: * Bambi (sdfg@ndf53-02-p61.gt.saix.net) has joined #hack                 ::
:: * Bambi was kicked by ugh (Run home - I think some-one shot your mother) ::
::                               --=====--                                  ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                .ooO Creating Trojan PGPDisks by wyze1 Ooo.               ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: Well, Network Associates have gone out and added PGP to their list of    ::
:: products to ruin and commercialize and they made their debut with PGP 6  ::
:: for Windows some time ago - the first PGP made by NAI.                   ::
::                                                                          ::
:: A friends PC of mine had the new PGP on it (PGP 6.0.2i) and I was very   ::
:: impressed with the PGPDisk utility distributed with it... until I found  ::
:: out just how evil it was. Basically, PGPDisk creates a filesystem within ::
:: a filesystem within a file on your HardDrive, then encrypts it with a    ::
:: pretty damn secure algorythym. When you open the file, it decrypts it    ::
:: with the password specified and if it was right, makes the PGPDisk a     ::
:: Virtual Drive on E: or F: or wherever you want to put it.                ::
::                                                                          ::
:: Sounds simple enough, so where's the problem? The problem is not in the  ::
:: creation or encryption of the volumes, it's in the driver that they use  ::
:: to create the virtual drive. It looks like what they're using is a       ::
:: ripped version of Microsoft's own CD drivers, and what do we know about  ::
:: CDs under Windows? They Autorun! Stupid! Stupid! Stupid! Stupid!         ::
::                                                                          ::
:: So, we just create a PGPDisk with some loser's public key, containing    ::
:: some or other fake information which we want to pretend to be sending    ::
:: along with Evil.Exe, which lets say is a backdoor of some sort that will ::
:: delete itself and Autorun.inf as soon as it is run on the target machine.::
:: We then put an Autorun.inf file on the PGPDisk that looks something like ::
::                                                                          ::
:: [autorun]                                                                ::
:: OPEN=EVIL.EXE                                                            ::
::                                                                          ::
:: And there we have it - A Nice Trojan PGPDisk just waiting for your local ::
:: Windoze kidlet. Have fun with this one - And be good. ;)                 ::
::                                                                          ::
::                               --=====--                                  ::
::                      * KewtAngel was kicked by wyze1                     ::
::              (Why are all chiqz that come to #hack so DUMB?!)            ::
::                               --=====--                                  ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::          .ooO Playing with the Nokia and the Ericsson by Moe1 Ooo.       ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: The following are useful codes for the Nokia 6110 (and in some cases,    ::
:: other versions as well)                                                  ::
::                                                                          ::
:: *#0000#      -       This gives you the Software Version. The display is ::
::                      something like:                                     ::
::                                                                          ::
::                              V 4.73                                      ::
::                              22-04-98                                    ::
::                              NSE-3                                       ::
::                                                                          ::
:: The top line is the software version. (Check Nokia Software Version Info ::
:: section)                                                                 ::
::                                                                          ::
:: *#war0anty#  -       Gives a Menu which has the following options        ::
::                                                                          ::
:: 1: Displays Serial Number.                                               ::
:: 2: Displays the date of manufacture.                                     ::
:: 3: Displays the date where the phone was purchased (MMYY) you can here   ::
::    set the Purchasing Date.                                              ::
:: 4: Displays the date of the last repairment - if found (0000)            ::
:: 5: Displays the Transfer user data option.                               ::
::                                                                          ::
::                                                                          ::
:: ----------------------------------------                                 ::
:: Nokia Software Version Info                                              ::
:: ----------------------------------------                                 ::
::                                                                          ::
:: Version 3.14                                                             ::
:: 28-11-1997                                                               ::
:: First shipping version of the software.                                  ::
::                                                                          ::
:: Version 4.33                                                             :: 
:: 11-03-1998                                                               ::
:: Improved reception quality                                               ::
:: Renamed 'Long and Loud' SMS alert to 'Ascending'                         :: 
:: Renamed 'Warning Tones' to 'Warning and Game Tones'                      :: 
:: SMS message alert volume now linked to ringing volume                    :: 
:: Time taken to log onto new cell reduced                                  :: 
:: Desktop charger now works correctly when the phone is inserted with the  ::
:: battery connected                                                        ::
:: Minor changes in the profiles menu                                       ::
::                                                                          ::
:: Version 4.73                                                             ::
:: 22-04-1998                                                               ::
:: Half Rate settings can no longer be changed via the keypad               ::
:: Reception of CCH blocks after cell reselection in weak field has been    ::
:: improved.                                                                ::
:: Corrected the problem of the battery indicator bar flickering between    ::
:: one and two bars when using a Li-ion battery Improved the maintenance    ::
:: charging when using the ACP-7 charger                                    ::
:: More frequent battery low warning beeps added during a call made with a  ::
:: Li-ion battery                                                           ::
:: Improved SMS stoage time handling. If the user has not selected a storage::
:: time, the phone uses the maximum storage time set by the network the     ::
:: phone is connected to.                                                   ::
:: Improved audio quality when using the EFR (Enhanced Full Rate) Speech    ::
:: Codec Improved recovery of SIM card in error situations                  ::
:: Fixed bug in SMS editing screen where the cursor is one character to far ::
:: right                                                                    ::
::                                                                          ::
:: Version 5.24                                                             :: 
:: 14-09-1998                                                               ::
:: Implemented code *#746025625# which shows whether the SIM card inserted  ::
:: supports SIM-clock-stop-mode                                             :: 
::                                                                          ::
:: ---------------------------------------                                  ::
:: Nokia Phone Quality Rates                                                ::
:: ---------------------------------------                                  ::
::                                                                          ::
:: Enhanced Full Rate Codec (EFR):                                          ::
:: On: Enter *3370# and EFR will be activated after a reboot of the phone   ::
::     (consumes more power )                                               ::
:: Off: Enter #3370# and EFR will be switched off after a reboot of the     ::
::      phone.                                                              ::
::                                                                          ::
:: Half Rate Codec:                                                         ::
:: On: Enter *4720# and Half Rate coded will be activated after a reboot of ::
:: the phone (better standby time)                                          ::
:: Off: Enter #4720# and Half Rate coded will be de-activated after a       ::
:: reboot of the phone                                                      ::
::                                                                          ::
:: Enhanced Full Rate will give you much better sound quality when you      ::
:: enable it. The new Enhanced Full Rate CODEC adopted by GSM uses the      ::
:: ASELP (AlgebraicCode Excitation Linear Prediction) compression           ::
:: technology. This technology allows for much great voice quality in the   ::
:: same number of bits as the older Full Rate CODEC. The older technology   ::
:: was called LPC-RPE (Linear Prediction Coding with Regular Pulse          ::
:: Excitation). Both operate at 13 kilobits.(but you take up more space on  ::
:: the network, so they can charge you more) - Talk-time is reduced with    ::
:: about 5%                                                                 ::
::                                                                          ::
:: Half Rate will give you bad soundquality, which gives the service        ::
:: provider the opportunity to have more calls on the network, and you      ::
:: might get a lower charge from them. - Will give you 30% longer talk-time.::
::                                                                          ::
:: -------------------------------------------------                        ::
:: Nokia GSM Codes (Most will work on any GSM phone)                        ::
:: -------------------------------------------------                        ::
::                                                                          ::
::     Call Diverting                                                       ::
::     ALL CALLS                                                            :: 
::      To Activate: * * 21 * NUMBER # [SEND]                               ::
::      To Cancel: # # 21 # [SEND]                                          ::
::      To Check: * # 21 # [SEND]                                           ::
::                                                                          ::
::      Time Delay                                                          ::
::      To Activate: * * 002 * NUMBER   * * (Wait 5 to 30 Secs) # [SEND]    ::
::      To Cancel: # # 002 # [SEND]                                         ::
::      To Check: * # 002 # [SEND]                                          :: 
::                                                                          ::
::      Conditional                                                         ::
::      To Activate: * * 004 * NUMBER   * * (Time 5 to 30 Seconds) # [SEND] ::
::      To Cancel: # # 004 # [SEND]                                         ::
::      To Check: * # 004 # [SEND]                                          ::
::                                                                          ::
::      NO ANSWER                                                           ::
::      To Activate: * * 61 * NUMBER * * (Time 5 to 30 Seconds) # [SEND]    ::
::      To Cancel: # # 61 # [SEND]                                          ::
::      To Check: * # 61 # [SEND]                                           ::
::                                                                          ::
::      UNREACHABLE                                                         ::
::      To Activate: * * 62 * NUMBER   # [SEND]                             ::
::      To Cancel: # # 62 # [SEND]                                          :: 
::      To Check: * # 62 # [SEND]                                           ::
::                                                                          ::
::      ENGAGED                                                             ::
::      To Activate: * * 67 * NUMBER   # [SEND]                             ::
::      To Cancel: # # 67 # [SEND]                                          :: 
::      To Check: * # 67 # [SEND]                                           :: 
::                                                                          ::
::      TO CANCEL ALL CALL FORWARDING                                       ::
::      # # 002 # [SEND]                                                    ::
::                                                                          ::
::                                                                          ::
::     Call Barring                                                         ::
::                                                                          ::
::      BARRING ALL OUTGOING CALLS                                          ::
::      To Activate: * 33 * BARRING CODE# [SEND]                            :: 
::      To Cancel: # 33 * BARRING CODE # [SEND]                             ::
::      To Check: * # 33 # [SEND]                                           ::
::                                                                          ::
::      BARRING ALL OUTGOING INTERNATIONAL CALLS                            ::
::      To Activate: * 331 * BARRING CODE# [SEND]                           ::
::      To Cancel: # 331 * BARRING CODE # [SEND]                            ::
::      To Check: * # 331 # [SEND]                                          ::
::                                                                          ::
::      BARRING ALL OUTGOING INTERNATIONAL (except to home country) CALLS   ::
::      To Activate: * 332 * BARRING CODE# [SEND]                           :: 
::      To Cancel: # 332 * BARRING CODE # [SEND]                            :: 
::      To Check: * # 332 # [SEND]                                          ::
::                                                                          ::
::      BARRING ALL INCOMING CALLS                                          ::
::      To Activate: * 35 * BARRING CODE # [SEND]                           :: 
::      To Cancel: # 35 * BARRING CODE # [SEND]                             ::
::      To Check: * # 35 # [SEND]                                           ::
::                                                                          ::
::      BARRING ALL INCOMING CALLS WHILST OUTSIDE HOME COUNTRY              ::
::      To Activate: * 351 * BARRING CODE # [SEND]                          ::
::      To Cancel: # 351 * BARRING CODE # [SEND]                            ::
::      To Check: * # 351 # [SEND]                                          ::
::                                                                          ::
::      BARRING ALL CALLS                                                   ::
::      To Activate: * 330 * BARRING CODE # [SEND]                          ::
::      To Cancel: # 330 * BARRING CODE # [SEND]                            ::
::      To Check: * # 330 # [SEND]                                          ::
::                                                                          ::
::      BARRING ALL OUTGOING CALLS                                          ::
::      To Activate: * 333 * BARRING CODE # [SEND]                          ::
::      To Cancel: # 333 * BARRING CODE # [SEND]                            ::
::      To Check: * # 333 # [SEND]                                          ::
::                                                                          ::
::      BARRING ALL INCOMING CALLS                                          ::
::      To Activate: * 353 * BARRING CODE # [SEND]                          ::
::      To Cancel: # 353 * BARRING CODE # [SEND]                            ::
::      To Check: * # 353 # [SEND]                                          ::
::                                                                          ::
::      CANCELLING ALL CALL BARRING                                         ::
::      # 330 * BARRING CODE # [SEND]                                       ::
::                                                                          ::
::     Call wait/hold                                                       ::
::                                                                          ::
::      To Activate: * 43 # [SEND]                                          ::
::      To Deactivate: # 43 # [SEND]                                        ::
::      To Check: * # 43 # [SEND]                                           ::
::                                                                          ::
::     Call Line Identity (CLI)                                             ::
::      OUTGOING                                                            ::
::      To Activate: * 31 # [SEND]                                          ::
::      To Deactivate: # 31 # [SEND]                                        ::
::      To Check: * # 31 # [SEND]                                           ::
::                                                                          ::
::      INCOMING                                                            ::
::      To Activate: * 30 # [SEND]                                          ::
::      To Deactivate: # 30 # [SEND]                                        ::
::      To Check: * # 30 # [SEND]                                           ::
::                                                                          ::
::     Diverting fax/data calls                                             ::
::     Data Calls                                                           ::
::     No Reply                                                             ::
::     To Activate: * * 61 * NUMBER * 25 # [SEND]                           :: 
::     To Cancel: # # 61 * 25 # [SEND]                                      ::
::     To Check Status: * # 61 # * 25 # [SEND]                              ::
::                                                                          ::
::     Time Delay                                                           ::
::     To Activate: * * 61 * NUMBER * 25 * (Time 5 to 30 seconds) # [SEND]  ::
::     To Cancel: # # 61 # * 25 # [SEND]                                    ::
::     To Check Status: * # 61 # * 25 # [SEND]                              ::
::                                                                          ::
::     Unreachable                                                          ::
::     To Activate: * * 62 * NUMBER * 25 # [SEND]                           ::
::     To Cancel: # # 62 # * 25 # [SEND]                                    ::
::     To Check Status: * # 62 # * 25 # [SEND]                              ::
::                                                                          ::
::     BUSY                                                                 ::
::     To Ativate: * * 67 * NUMBER * 25 # [SEND]                            ::
::     To Cancel: # # 67 # * 25 # [SEND]                                    ::
::     To Check Status: * # 67 # * 24 # [SEND]                              ::
::                                                                          ::
::     Unconditional                                                        ::
::     To Activate: * * 21 * NUMBER * 25 # [SEND]                           ::
::     To Cancel: # # 21 # * 25 [SEND]                                      ::
::     To Check Status: * # 21 # * 25 # [SEND]                              ::
::                                                                          ::
::                                                                          ::
::     FAX                                                                  ::
::     No Reply                                                             ::
::     To Activate: * * 61 * NUMBER * 13 # [SEND]                           ::
::     To Cancel: # # 61 * 13 # [SEND]                                      ::
::     To Check Status: * # 61 # * 13 # [SEND]                              ::
::                                                                          ::
::     Time Delay                                                           ::
::     To Activate: * * 61 * NUMBER * 13 * (5 to 30 seconds) # [SEND]       ::
::     To Cancel: # # 61 # * 13 # [SEND]                                    ::
::     To Check Status: * # 61 # * 13 # [SEND]                              ::
::                                                                          ::
::     Unreachable                                                          ::
::     To Activate: * * 62 * NUMBER * 13 # [SEND]                           ::
::     To Cancel: # # 62 # * 13 # [SEND]                                    ::
::     To Check Status: * # 62 # * 13 # [SEND]                              ::
::                                                                          ::
::     Busy                                                                 ::
::     To Activate: * * 67 * NUMBER * 13 # [SEND]                           ::
::     To Cancel: # # 67 # * 13 # [SEND]                                    ::
::     To Check Status: * # 67 # * 13 #[SEND]                               ::
::                                                                          ::
::     Unconditional                                                        ::
::     To Activate: * * 21 * NUMBER * 13 #[SEND]                            ::
::     To Cancel: # # 21 # * 13 # [SEND]                                    ::
::     To Check Status: * # 21 # * 13 # [SEND]                              ::
::                                                                          ::
::     Retrieve IMEI:                                                       ::
::     *#06#                                                                ::
::                                                                          ::
:: -------------------------------------------------                        ::
:: Nokia Service Provider Fone Lock                                         ::
:: -------------------------------------------------                        ::
:: SP Lock is used by Service Providers who want to lock the cellular phone ::
:: to a specific network .. The reason for doing this is so that the phone  ::
:: will only be used on their network and hence they make more money out of ::
:: you.                                                                     ::
::                                                                          ::
:: How to check for SP Lock and remove it if you know your master code:     ::
:: --------------------------------------------------------------------     ::
:: All Nokia phones (2110 and newer) have four different SIM locks which can::
:: be used to lock the phone for upto 4 different providers. But most phones::
:: with restriction only have one lock activated. ( lock 1)                 ::
::                                                                          ::
:: Note: To get the "p" and "w" symbols, simply push the "*" key 3 and 4    ::
:: times respectively.                                                      ::
::                                                                          ::
:: #pw+(master code)+Y#                                                     ::
::                                                                          ::
:: #pw+1234567890+1# for Provider-Lock status                               ::
:: #pw+1234567890+2# for Network-Lock status                                ::
:: #pw+1234567890+3# for Provider(???)-Lock status                          ::
:: #pw+1234567890+4# for SimCard-Lock status                                :: 
::                                                                          ::
:: (master code) is a 10 digit code, based on the phones IMEI and the       ::
:: service provider number.                                                 ::
::                                                                          ::
:: Warning:  If you use another code other than the mastercode "1234567890" ::
:: the phone will report an error.  If you do this more than 10 times you   ::
:: will get a display reading "Not Allowed"  If you get this there appears  ::
:: to be no way to get rid of it, and you must take your phone to a Nokia   ::
:: repair centre.  Your phone will still work, it just cannot be unlocked   ::
:: from that network provider.                                              ::
::                                                                          ::
:: Allrighty then. Thats enough of the Nokia...                             ::
::                                                                          ::
:: Ericsson 337/388                                                         ::
:: ----------------                                                         ::
:: Press Right then * then Left Left * and Left * one more time. (This lets ::
:: you view the software version,date etc.)                                 ::
::                                                                          ::
:: Ericsson 628                                                             ::
:: ------------                                                             ::
:: *#0000# (Resets Menu Language to English)                                ::
:: Press Right * Left Left * Left * (This lets you view the Software Ver)   ::
:: Press Right * Left Left * Left * Right (This lets you read all the       ::
::                                         programmed texts)                ::
:: Press  Left * * Left then wait for 3 seconds (This lets you view the     ::
:: phone network lock status)                                               ::
::                                                                          ::
:: Ericsson 688                                                             ::
:: ------------                                                             ::
:: Press Right * Left Left * Left *  CLR (This views the Software Ver)      ::
:: Press Right * Left Left * Left * Right                                   ::
:: (This lets you check the phones 1-row text programming)                  ::
:: Press Right * Left Left * Left * Right Right (This lets you check the    ::
:: phones n-row text programming)                                           ::
::                                                                          ::
:: Ericsson 788                                                             ::
:: ------------                                                             ::
:: Press * Right * Left Left * Left * (This views the Software Version)     ::
:: Press * Left Left * (This gives you the Service Provider Lock)           ::
::                                                                          ::
:: Ericsson 888                                                             ::
:: ------------                                                             ::
:: *#06# (This gives you the IMEI)                                          ::
:: Press * Right * Left Left * Left * (This views the Software Version)     ::
:: Note: This code also shows version of Infrared driver software and text  ::
:: labels)                                                                  ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::          .ooO A Guide to Securing RedHat Linux 6.0 by wyze1 Ooo.         ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: A lot of people out there are raving about RH6, why exactly, I don't     ::
:: know, but they seem to think it's just great. ;P So, for lack of any     ::
:: hope of getting these people to start using *BSD or Solaris, I have      ::
:: designed a guide to securing Red Hat Linux 6.0 which covers all known    ::
:: problems up to date, although it doesn't really tackle other issues.     ::
::                                                                          ::
:: Now, go to ftp://update.redhat.com and download the source for the new   ::
:: kernel supplied by RedHat for RH6 systems (2.2.5-22). Then, go and       ::
:: download the information on the Linux 2.2.x ICMP DoS that causes Kernel  ::
:: Panic - search Geek-Girl's BugTraq archive for it. <http://geek-girl.com>::
:: Apply the patch to fix this vulnerability. Now, recompile the Kernel,    ::
:: look in /usr/doc/HOWTO/Kernel-HOWTO if you don't know how.               ::
::                                                                          ::
:: Now there haven't been any SUID vulnerabilities discovered in RH6 yet,   ::
:: but you probably don't want any just in case. You can nuke the lot of    ::
:: them simply by typing "chmod a-s -R / &". You may find some you want     ::
:: to re-SUID, like mount, but you probably won't need that many.           ::
::                                                                          ::
:: Now, lets play with the Alt+SysRq Kernel hack, one of the nicest things  ::
:: about the new 2.2.x Kernel series. This hack allows you to press Alt,    ::
:: SysRq (Print Screen) and a Hotkey to perform various different tasks     ::
:: even when the system is not responding. You can press Alt+SysRq+K to     ::
:: kill all processes on the vterm you are using, or Alt+SysRq+M to dump    ::
:: memory information onto the screen and a whole bunch of other really     ::
:: neat things - none of which we are looking at in detail now, except for  ::
:: the one that makes the difference for security - Alt+SysRq+1-9. This     ::
:: hack determines how much of the kernel mumblings are logged. Having a    ::
:: lot of mumblings logged is generally quite nice, or, you can keep it at  ::
:: 1 or something and just jack it up when you need to. ;)                  ::
::                                                                          ::
:: Ugh. RedHat 6.0 has a stupid PAM'erized su. If you give the correct      ::
:: password to it, you become superuser immediately, and if you give the    ::
:: wrong password, there is a full one second delay before it tells you the ::
:: attempt failed and logs the attempt. During this period, you can press   ::
:: Ctrl+Break to stop su and nothing will be logged, making it easy for     ::
:: some-one to brute-force the root password. Nuke su. It's a dumb program  ::
:: and I don't like it anywayz. ;)                                          ::
::                                                                          ::
:: I hope you're not running X-Windows, but if you are, be sure to fix a    ::
:: few critical permissions in the UNIX 98 PTYs which could give you        ::
:: trouble by typing chmod 600 /dev/pts/*                                   ::
::                                                                          ::
:: RedHat 6.0 also fucks up the permissions on the CD-ROM drive. A minor    ::
:: problem, but worth fixing anyway - Think of backups. Cat your /etc/fstab ::
:: to see where your cdrom drive is and then chmod 600 /dev/whatever        ::
::                                                                          ::
:: If you use KDE, and more specifically if you use K-Mail, then you are    ::
:: vulnerable to a silly symlink problem. Nuke K-Mail, Don't use K-Mail, or ::
:: if you are a COMPLETE loser and you *really* want it, d/l the fix from   ::
:: ftp.kde.org/pub/kde/security_patches/kmail-security-patch.diff           ::
::                                                                          ::
:: I think the ipop2d on RH6 in vulnerable to a remote buffer overflow      ::
:: exploit that produces a shell as user "nobody". I'm not sure, but if yer ::
:: running an ipop2d yer a loser anyway, so who cares. ;)                   ::
::                                                                          ::
:: Now you should have a quasi-secure lame Linux box that is hopefully a    ::
:: bit less lame than when you started. This text only really covers what   ::
:: silly security problems need to be fixed, not common sense stuff. If     ::
:: you are new to *nix then you should get the Linux Administrators         ::
:: Security Guide from www.seifried.org/lasg - but not even that can        ::
:: completely teach you common sense. Make sure to close unwanted ports by  ::
:: checking your /etc/inetd.conf and preparing user's home directories      ::
:: properly, ie. like this...                                               ::
::                                                                          ::
:: cd /home/redneck                 # Go to the home directory              ::
:: chattr +a .bash_history          # Make history append only              ::
:: chown root.root .bash_profile    # Make profile unmodifiable             ::
:: chown root.root .bash_logout     # Make logout unmodifiable              ::
:: chown root.root .bashrc          # Make bashrc unmodifiable              ::
::                                                                          ::
:: There is a wealth of stuff you can do to make your system much more      ::
:: secure, but I'm not going to go into any of that right now. There are    ::
:: already too many lame guides to generic Linux security, and I don't      ::
:: feel like making another one. Later.                                     ::
::                                                                          ::
::                               --=====--                                  ::
:: * Kat (guy@inside.thematrix.za.net) has joined #hack                     ::
:: <wyze1> Guy... do you want to know... what... the matrix is?             ::
:: <wyze1> WELL I WONT TELL YOU, YA DUMB LITTLE FUCK!#%!$^%! THEY SAID I    ::
:: COULD HAVE A TALK SHOW, BUT NOOOOOOOOO, I HAVE TO BE IN A SCI-FI AND     ::
:: WEAR THIS G00FY TRENCHCOAT!^%$#^$!#%$ I HATE YOU ALL DAMNIT!#%@%^$#      ::
:: <wyze1> *sigh*                                                           ::
:: * wyze1 sets mode: +o Kat                                                ::
::                               --=====--                                  ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::              .ooO RedHat 6.0 LILO PAM Filter Workaround Ooo.             ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: OK well I suppose I've put off writing this for long enough.             ::
::                                                                          ::
:: Background:                                                              ::
:: ===========                                                              ::
::                                                                          ::
:: The most commonly known hack on the planet has just gotten interesting.  ::
:: It seems that Redhat 6.0 has become uncommon in the stability of previous::
:: versions. Please note that this is not a hack in the script kiddy sense  ::
:: of the word. It will not gain you access to your best friends porn       ::
:: files, it will not let you read some girl you likes e-mail, and it will  ::
:: not let you pass school (Thank God, I think you guys should stay off the ::
:: streets, its safer for you.)                                             ::
::                                                                          ::
:: Technical Background:                                                    ::
:: =====================                                                    ::
::                                                                          ::
:: Linux uses a boot loader called Lilo. Lilo, if you read the man page     ::
:: you will notice this, actually has many other options over the regular   ::
:: "boot dos/linux" option. An easy hack on the system could be acomplished ::
:: by having hands on access to the machine you want to break. Reboot the   ::
:: machine and at the lilo prompt type "$linux s" where $linux is your      ::
:: kernel name. This logs you in as a single user, from here you can edit   ::
:: the /etc/passwd file at will, and then log in properly.                  ::
::                                                                          ::
:: PAM Workaround in RH 6.0:                                                ::
:: =========================                                                ::
::                                                                          ::
:: It seems that there is some instabillity in PAM in RH6, either           ::
:: intentionally, or totally stupidly. All attempts to simply remove the    ::
:: root password will fail. To get around this:                             ::
::                                                                          ::
:: 1) Adduser r00t                                                          ::
:: 2) Change pid and gid of r00t to 0:0                                     ::
:: 3) Change passwd                                                         ::
::                                                                          ::
:: Exit single user mode, and login as r00t.                                ::
::                                                                          ::
:: Note: You must do it like this, because if you just try to get rid of    ::
:: the root passw, PAM GOES WILD. Its so easy it scares me.                 ::
::                                                                          ::
:: Bitches and gripes:                                                      ::
:: ===================                                                      ::
::                                                                          ::
:: I finally understand the exponential growth in scripties. It struck me   ::
:: the other day. The Old Skool of hacker grew up on DOS/UNIX/etc....       ::
:: playing around with demo's etc... They learnt the hack. Now we have this ::
:: front end Win hanging around 90% of households, and stagnating education.::
:: The front-end will be the death of real hackers....Beware, the next      ::
:: generation will be the HaX0r........I am not a scripty, I just wanted    ::
:: others to understand them.                                               ::
::                                                                          ::
:: <Notes from Wyzewun: Remember that if you setup your /etc/lilo.conf      ::
::  securely, this isn't a problem. To find out how to do this if you don't ::
::  know already, get the LASG from www.seifried.org/lasg>                  ::
::                                                                          ::
::                               --=====--                                  ::
::                  <fred> sektorgrl, no one likes you                      ::
::                             <fred> leave.                                ::
::                             <sektie> no.                                 ::
::                      <sektie> jsbach likes me :(                         ::
::                             <jsbach> brb.                                ::
::                             <sektie> SEE                                 ::
::                      <sektie> that's one person                          ::
::                           <sektie> so nyah                               ::
::                               --=====--                                  ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::     .ooO Java Personal Webserver 0.9 Denial of Service by wyze1 Ooo.     ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: The Java Personal Webserver 0.9 by Clay Lenhart (Available from Tucows)  ::
:: is a freeware webserver written entirely in Java. It features on-screen  ::
:: logging and implements only the GET and HEAD functions. (HTTP 0.9)       ::
::                                                                          ::
:: This bug was tested on a Windows 98 box with JDK 1.1.1 and it worked     ::
:: fine. I was going to test it on another Win98 box with JDK 1.2.1, but    ::
:: the fucking program decided to break - (The author hasn't ported it to   ::
:: Java 1.2 yet). It has not been tested on a Unix box because we refuse to ::
:: run Japan's Secret Weapon, aka. XFree86 on any box we wouldn't want      ::
:: Satan to posses. If some-one else wants to test it and tell us what      ::
:: happens, feel free.                                                      ::
::                                                                          ::
:: Okay, so whats the problem? By connecting and typing GET followed by a   ::
:: couple of thousand characters (3000 for every 32mb of RAM on the system  ::
:: sounds about right) the system will become low on memory and the Java    ::
:: Virtual Machine will start whining about stuff like..                    ::
::                                                                          ::
:: java.lang.OutOfMemoryError: <== Type of error that occurs when           ::
::         at ConnectionThread.readCommands(wyze1.java:521) <== Reading GET ::
::         at ConnectionThread.run(wyze1.java:344) <== And Executing GET    ::
::                                                                          ::
:: Right, so the VM has decided the system is low on memory. Thus the VM    ::
:: Garbage Collector will run on a thread with full priority. Okay, a bit   ::
:: of background for non-Java coders is required: Unlike other languages,   ::
:: you don't have to kill objects once you are finished with them, the      ::
:: Garbage Collector does it for you when there are no further references   ::
:: to the object. The GC can be called manually, and will also run          ::
:: automatically when it feels like it, and with full priority if the       ::
:: system is low on memory - like it is now. ;)                             ::
::                                                                          ::
:: So, the Garbage Collector looks around for threads to kill, and alas, it ::
:: can't find any, so it just stops anything more being written to the      ::
:: editable textbox in the centre of the window, regardless of the fact     ::
:: that thats where our logging would be if it still worked. =P             ::
::                                                                          ::
:: Fixing the error should be fairly simple - the only reason I didn't do   ::
:: it myself is because that would require porting the app to Java 1.2 and  ::
:: that is just TOO much work. ;) However, should the app be ported to Java ::
:: 1.2, the bug could be fixed by using JFC/Swing instead of AWT and        ::
:: making the Textbox a Label. Then, the user input should be limited to    ::
:: a certain number of characters, and errors caused by too many chars in   ::
:: the user input should be catched.                                        ::
::                                                                          ::
:: You will find the exploit for this vulnerability in the lame-java-c0de   ::
:: directory of this issue if you want. Have fun!                           ::
::                                                                          ::
::                               --=====--                                  ::
::                    <wyze1> g1bb0r mE s1bb0rs3ckz                         ::
::                        <Eth`Real> Okay. *uNf*                            ::
::                              <wyze1> ta                                  ::
::                               --=====--                                  ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::            .ooO Ripping off your local Aracde by Terabyte Ooo.           ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: Ever wondered why arcades try and rip you off? Cause they suck thats why.::
:: Well if your lucky enough to have a few pinball machines at the next     ::
:: arcade, try this and yer sure to have loads of fun.                      ::
::                                                                          ::
:: On the right hand side under the pinball machine, there should be a      ::
:: little switch(scratch around for it), next flick the switch, dont be     ::
:: alarmed the machine will turn off but turn it back on again(by flicking  ::
:: the switch again) holding both the flickers and voila a test credit      ::
:: hehe, enjoy!                                                             ::
::                                                                          ::
:: Another bug which came up with some machines is: you remember that ball  ::
:: game where u throw the balls into certain hoop like places and got       ::
:: tickets weeeelllll, here is how you can get those wooden balles without  ::
:: dishing out that cash. First check if any cameras or guards are nearby,  ::
:: if there are any dont do it this is way to risky, on the right hand side ::
:: if you put your hand underneath the machine you should feel some wires,  ::
:: then not long after you should feel a hook like thingy, pull it and keep ::
:: it down and voila bout 6 balls will come down like magic!!               ::
::                                                                          ::
:: One more trick that might come in handy when u have none of those        ::
:: precious tokenz left, First of all find a Ridge Racer type game, Hence   ::
:: it must be a 1 player only, second a gun type game like Time crises,     ::
:: under each of theses machines lies at least 5-10 tokenz per machine as   ::
:: there is sumthing wrong with the design and magic company tokenz tend to ::
:: fall out when it gets full, so scratch around and hopefully be lucky     ::
:: today.                                                                   ::
::                                                                          ::
:: Till next time,                                                          ::           
:: TeRaByTe                                                                 ::
::                                                                          ::
:: Tera Sends Greetz to: Hen-i, Depach and Ukj                              ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::              .ooO Linux/FreeBSD IP Firewalling by jus Ooo.               ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: In FK3 Vortexia described "the poor man's firewall", that is tcp         ::
:: wrappers, and how to set them up and use them as basic protection against::
:: unwanted connections. The next step is to make use of Linux's ipfwadm or ::
:: fBSD's ipfw to setup a proper firewall to automatically block out        ::
:: potential attackers and keep certain services only available to your LAN ::
:: (i.e. SQUID).                                                            ::
::                                                                          ::
:: Most generic or standard *nix kernels should have firewalling compiled,  ::
:: if not you will get errors when trying to use ipfw/ipfwadm. Just rebuild ::
:: your kernel to include firewalling.                                      ::
::                                                                          ::
:: OK, to setup firewall rules under linux "ipfwadm" is used. "man ipfwadm" ::
:: will give some further insight as to what can be done with this tool,    ::
:: we're gunna focus on just keeping incoming connections where we want em  ::
::                                                                          ::
:: Typing ipfwadm -I -l will give you a list of current firewall rules in   ::
:: their order, you will most likely have nothing there. Lets try something ::
:: simple first, like block off your ftpd to all but yourself :)            ::
::                                                                          ::
:: ipfwadm -I -i deny -P tcp -S 0.0.0.0/0 -D yourip 21 will disallow all    ::
:: connections from anywhere to port 21. Even from 127.0.0.1, so if you     ::
:: want to be able to connect to your own ftpd you need to add a rule to    ::
:: allow 127.0.0.1 though. If you are on dialup and get a dynamic IP, fill  ::
:: in 0.0.0.0/0 in place of "yourip".                                       ::
::                                                                          ::
:: Note, if you are working on a machine remotely and firewalling it, you   ::
:: could lock yourself out accidently. Then your screwed, so place a rule   ::
:: in your firewall to allow connections from a trusted host at all times,  ::
:: ie ipfwadm -I -i accept -P ip -S 196.23.2.14 -D yourip. That will allow  ::
:: all types of connection to all ports from host 196.23.2.14. Note that it ::
:: is not always good security practice for your firewall to explicity trust::
:: any box!                                                                 ::
::                                                                          ::
:: Remember that the firewall runs down the list of rules until it meets a  ::
:: match with any connection attempt, so rule 1 will have preference over   ::
:: rule 2, etc. Place your rules accordingly. Lets say you wanted to allow  ::
:: access to SQUID on 3128 to only your LAN (which owns 196.34.23.*) but    ::
:: not to any else out there.                                               ::
::                                                                          ::
:: ipfwadm -I -i deny -P tcp -S 0.0.0.0/0 -D yourip 3128                    ::
:: ipfwadm -I -i accept -P tcp -S 196.34.23.0/24 -D yourip 3128             ::
::                                                                          ::
:: Easy huh? Use -a instead of -i to add a rule at the end of the rules     ::
:: chain instead of at the front.                                           ::
::                                                                          ::
:: Under fBSD its even simpler using ipfw. "ipfw list" will give you a list ::
:: of currently existing rules. More than likely there is nothing except    ::
:: the last rule which allows all traffic through. ipfw allows us to specify::
:: a number for each rule thats created, making it easier to work with      ::
:: rules' order of preference. To add a rule like above for the ftpd, type  ::
:: ipfw add 1000 deny tcp from any to youripgoeshere 21 That will disallow  ::
:: any connections to your ftpd. The "1000" is the rule number, use ipfw    ::
:: list to decide an appropriate number, but remember you have all the      ::
:: numbers available down to approx 65k :)                                  ::
::                                                                          ::
:: Similarily, the SQUID setup as above is done by using a rule to block    ::
:: all access to port 3128, an then a rule before that to allow access from ::
:: our subnet. ipfw add 500 deny tcp from any to youripgoeshere 3128        ::
:: disallows all connections, and ipfw add 450 allow tcp from 196.34.23.0/24::
:: to youripgoeshere 3128 will allow connections from our subnet            ::
:: 196.34.23.0/24.                                                          ::
::                                                                          ::
:: RTFM for more. -jus                                                      ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::               .ooO Windows Backdoor Stupidity by wyze1 Ooo.              ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: In this issue, for humours sake if nothing else, I thought I'd look at   ::
:: some of the hardk0re things we have to do to detect a new wave of ereet  ::
:: Windoze backdoors. Yes, inspired by 'doze kiddie backdoor mentality and  ::
:: fueled by the urge to spread the stupidity even further, there are now a ::
:: whole bunch of really phjeerphull new tr0janZ available! w00p!           ::
::                                                                          ::
:: Let us start by looking at Masters Paradise Trojan by Overlord. As       ::
:: always, like gewd kiddies we view the README first. Comments in <>       ::
::                                                                          ::
:: ----------------------------- shnip ------------------------------------ ::
:: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                           ::
:: MASTERS PARADISE TROJAN v.1.2                                            ::
::     (WIN 95/98)                                                          ::
:: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                           ::
::                                                                          ::
:: (c) Overlord 7/18/1998                                                   ::
::                                                                          ::
:: OVERVIEW: This is an add on for Masters Paradise (MP). MP lets you       ::
:: control someone elses computer when they're on line: see whats on their  ::
:: screen, download their files, get their passwords all secretly. But      ::
:: therez a catch....                                                       ::
::                                                                          ::
:: You gotta know their IP <Phew. I dont gn0 if I iz leet enuf> (easy enuf, ::
:: thru ICQ, IRC, recent emails, etc.). You also gotta have them running a  ::
:: TSR ('the agent') on their computer (more difficult).                    ::
::                                                                          ::
:: This is where Masters Paradise Trojan comes in. This is what it does:    ::
::                                                                          ::
:: WHAT THE TROJAN DOES: Helps you get the agent to their computa, while    ::
:: lookin real innocent. <Really?!!#@#@ I Phj34r!@@#@>                      ::
::                                                                          ::
:: WHAT THEY SEE: You just send them the icqcrk.zip (the trojan) file,      ::
:: saying its a cool ICQ utility. They run it - but it just comes up with a ::
:: heap of errors and drops out. Dang! Isn't it always the way with good    ::
:: games.                                                                   ::
::                                                                          ::
:: WHAT REALLY HAPPENZ: Unknowingly to them, there were no real error - just::
:: looked like that. The trojan has copied the agent over to their          ::
:: /windows/system directory. Executed itself, so it is running. Set its    ::
:: attributes so it can't be found. Set up stealth protections so it can't  ::
:: be deleted. <Woah! Stop right there! I think I saw that "Stealth" when I ::
:: was looking through the strings in the program. I do believe that it was ::
:: something like "attrib +h c:\windows\system\explorer.exe" - Sheesh. Dat  ::
:: iz pretty damn stealthy. I wish I had skillz like that> And last and     ::
:: most importantly, modified win.ini so that it loads whenever they turn   ::
:: on their computa any time in the future. Now, whenever they are on the   ::
:: net, they are YOURS!                                                     ::
::                                                                          ::
:: STEALTHINESS: The trojan will not show up anywhere as loading, not in the::
:: in box, not the startup menu, not anywhere! The only way you can see if  ::
:: it is running is if you go CNTRL-ALT-DEL, you will see two copies of     ::
:: 'Explorer' running. One of these is the backdoor to their computer. The  ::
:: only other way they could find it is by checking through their win.ini   ::
:: file, and seeing 'explorer' getting auto loaded. But that looks innocent ::
:: enuff, i bet???? <Shure, Two expl0rerz iz n0t sushpishus at all!>        ::
::                                                                          ::
:: KNOWN PROBLEMS:                                                          ::
::                                                                          ::
:: 1/ If you got the trojan on your computa, it is VERY hard to get it out. ::
:: You would have to edit win.ini and remove any refs to explorer.exe, then ::
:: reboot and then delete explorer from windows/system. <Huh?! Start again! ::
:: I cant handle thiz uber-eleet unhax0ring method>                         ::
::                                                                          ::
:: 2/ This will only work if they have set up Windows in the default        ::
:: directory (/Windows). <Coz we're too dumb to look in the registry to     ::
:: find out what it is. Pheer us.>                                          ::
::                                                                          ::
:: 3/ Will not work in Win 3.1, etc. Only Win 95 and greater.               ::
::                                                                          ::
:: 4/ I notice sometimez the trojan works real slow (about 10 seconds to do ::
:: its job). But still probably believable enough. <I've been trying to     ::
:: figure out why It's so slow for a while. Could be coz I code like a      ::
:: trained chimpanzee, but... NAAAAH>                                       ::
::                                                                          ::
:: VERSIONS                                                                 ::
:: v.1.2 Now pretends to be an ICQ utility. Works even from floppy drive    ::
:: now, <Because I only learnt how to identify the current path in Pascal   ::
:: once I'd got to version 1.2> and wipes itself out after installing.      ::
::                                                                          ::
:: v.1.1.1                                                                  ::
:: -Now installs to c:\windows\system rather than \windows in drive where   ::
:: go.exe is located.                                                       ::
::                                                                          ::
:: v.1.1                                                                    ::
:: - More Stealthy. Does not just send the agent to startup menu, but       ::
:: modifies win.ini to load itself real invisibly. <OMG! YoU fOuNd a WaY    ::
:: tO LoAd PrOgrAmZ wItHoUt tHe sTarTuP mEnU?! eYe pHjEeR!>                 ::
::                                                                          ::
:: - No longer pretends to be a Tic Tac Toe program. Now, you can send it   ::
:: to someone saying it is anything (you can change the name from gamer.exe ::
:: to hackutil.exe if you want). Just comes up with a fake error anyway.    ::
::                                                                          ::
:: - Have changed the Pascal compiler so Thunderbyte doesn't give warnings  ::
:: any more.                                                                ::
::                                                                          ::
:: OVERLORD - www.cyberarmy.com                                             ::
:: ----------------------------- shnip ------------------------------------ ::
::                                                                          ::
:: Cool! I want a leet ICQ utility too! So, I unzipped icqcrk.zip, and saw  ::
:: icqcrk.exe, verchk.dat, icqcrk.gif and pc.nfo - Let me just extract the  ::
:: EXE into <c:\My Hax0ring Tools> and run it.                              ::
::                                                                          ::
:: ---snip---                                                               ::
:: 3l33t Haxors Suber-Duber-Patcher 1.6                                     ::
:: Copyright (c) Haxor, Inc 1995                                            ::
:: ICQ ANTI-INVISIBLE Patch 1.01                                            ::
:: By Captain America, 7/13/1998.                                           ::
:: Please Wait for version verify .....                                     ::
:: File not found - verchk.dat <== That error shouldnt be there             ::
:: File not found - icqcrk.gif <== Gee, nor should that one                 ::
:: File not found - c:\windows\system\explorer.exe <== *AHEM*               ::
:: Bad command or file name <== This is the Stealth in Action. Ph34r.       ::
:: File not found                                                           ::
:: File not found                                                           ::
:: File not found                                                           ::
:: File not found                                                           ::
:: File not found                                                           ::
::                                                                          ::
:: ICQ version verified OK                                                  ::
:: Patching ICQ...                                                          ::
:: Patch was successful... <== Patching WHAT? I dont *have* ICQ. ;)         ::
:: ---snip---                                                               ::
::                                                                          ::
:: Ummmm... Ummm... I'm confused. This Trojan is too Hardk0re for me. I     ::
:: think its best that we move onto the next trojan - Frenzy! The uberelite ::
:: new backdoor available from The Trojans Lair <www.multimania.com/cdc>    ::
::                                                                          ::
:: WoAH! DiS GuY DCC'd mE xXx-WaReZ.eXe, bUt eYe hAvE mAd RiGhT-CliCK SkiLLz::
:: dAt hE wILL Ph34r!@#@#@$#$                                               ::
::                                                                          ::
:: Company Name:-                                                           ::
:: Internal Name: Server                                                    ::
:: Product Name: Server                                                     ::
:: Original Name: Server.exe                                                ::
::                                                                          ::
:: Nope. Nothing that looks at all suspicious there. Damn. This guy is damn ::
:: good. But Wait! I Know! I will run it through strings!                   ::
::                                                                          ::
:: -= drew@kung-fusion =- strings xXx-WaReZ.eXe                             ::
::                                                                          ::
:: Hmmm... still nothing suspicious. Only Twenty-Something stamps that say  ::
:: "Server", but that sounds normal enough. Then there was that other one   ::
:: that was stamped in there about 15 times that said...                    ::
::                                                                          ::
:: C : \ W I N D O W S \ D E S K T O P \ M Y F O L D ~ 1 \ P R O J E C T S  ::
:: \ T R O J A N \ T R O J A N . V B P                                      ::
::                                                                          ::
:: But there is nothing suspicious about that either. Fuckit. This guy is   ::
:: too good for me. I give up.                                              ::
::                                                                          ::
:: *SiGH* I weep for the lost generation of VB Backdoor Coders.             ::
::                                                                          ::
::                            --=====--                                     ::
::            <ph1x> sektie: word has it, you give good head.               ::
::                  <ph1x> Was I informed incorrectly?                      ::
::              <sektie> ph1x: word has it, youre a homo :\                 ::
::                          <ph1x> du0d                                     ::
::                           <_ad> HEH                                      ::
::                  <sektie> DO NOT SEXUALLY HARASS ME                      ::
::              <jsbach> yah no sexual harassment in here                   ::
::                          <jsbach> ok?                                    ::
::                            --=====--                                     ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::           .ooO A Study of the CyberTrade Extranet by wyze1 Ooo.          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: Beltel, a place very much alive with hacker activity, has been shutdown  ::
:: by Telkom because of supposed Y2K compliancy problems. Banking info is   ::
:: now sent through a system dubbed "CyberTrade", of which two of the four  ::
:: major banks in ZA have joined. CyberTrade is simply an Extranet, which   ::
:: gives banks facilities to do electronic money transfers etc, should      ::
:: they be too lazy (or stupid) to create their own.                        ::
::                                                                          ::
:: The fact that only 50% of the major South African banks have joined      ::
:: shows that there will be a great deal of fragmentation in the online     ::
:: banking scene fom now on, and that not everyone is about to fork out the ::
:: cash to CyberTrade for something they can do themselves. By taking a     ::
:: closer look into the architecture of the CyberTrade Extranet, I          ::
:: concluded that it appears that the banks who aren't joining have the     ::
:: right idea.                                                              ::
::                                                                          ::
:: Beltel, despite being commonly exploited, it had the advantage that a    ::
:: third party could not retrieve any information by sniffing on a legit.   ::
:: user in any way other than physically tapping their phone. Because CT    ::
:: is just a simple extranet, a minor security flaw in one host could lead  ::
:: to a compromise on the entire South African banking industry due to CT's ::
:: feeble at most attempts at encryption.                                   ::
::                                                                          ::
:: The moral of the story: Online banking thru CyberTrade == Stupid         ::
::                                                                          ::
::                            --=====--                                     ::
::  <Pneuma> Woah! It says that L0phtcrack will let me Sniff Crack Faster   ::
::        <Pneuma> I wonder how much crack I can sniff with that?           ::
::                            --=====--                                     ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::               .ooO Telkom Identicall Glitches by wyze1 Ooo.              ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: Telkom's new Identicall system has been the bane of hackers and fone     ::
:: phreaks everywhere since its release, and has been a huge leap in terms  ::
:: of new developments for Telkom and its subsidiaries. Last issue, we      ::
:: covered a system which allows partial anonymity through dialing *31*     ::
:: before the number you want to call, but after the release of Issue Six,  ::
:: Telkom decided to make this a pay-for service. =(                        ::
::                                                                          ::
:: This for me was the final straw in a chain of events between our         ::
:: good friends at Telkom and the members of Posthuman. It started with     ::
:: them importing Six TEMPESTs for monitoring the Jhb 2600/Posthuman meets  ::
:: as well as the editors of Forbidden Knowledge, and now has moved on to   ::
:: things like making Caller-ID restriction a pay-for service just because  ::
:: it was published in a HPA e-zine. So, Here it is - how one can           ::
:: completely work around not only Identicall, but all conventional tracing ::
:: methods implemented by Telkom. Oh, and get this, it's for FREE! And to   ::
:: our friends at Telkom and the SAPS CCU - Get a life! We are just writing ::
:: a fucking E-ZINE for god's sake!                                         ::
::                                                                          ::
:: Telkom bought their IdentiCall technology from some or other German      ::
:: Telecommunications Giant, I'm not sure exactly which one, perhaps a few  ::
:: of our German readers will be able to find out, but never-the-less, this ::
:: system had only been tested out on the newer exchanges supplied by this  ::
:: company, and the South African telephone network is largely a hybrid of  ::
:: old and new exchanges.                                                   ::
::                                                                          ::
:: As a result, unknown to Telkom, (Relatively speaking of course, if you   ::
:: are reading this anything after 3 days after it's release, they will be  ::
:: aware of this) Identicall on all Pulse (Non-DTMF) exchanges does not     ::
:: function properly. It works to an extent, in that if your number is      ::
:: +27116848012 it will show as +2711684 - but that is it. Furthermore,     ::
:: dialing 101999 on these telephones will not produce any results, proving ::
:: that ALL conventional tracing methods are shot to hell. For Telskum to   ::
:: trace you, some-one physically has to go through pages and pages of      ::
:: information trying to manually find you, and this method is both too     ::
:: expensive and tiresome for Telkom to actually pursue it lest they have   ::
:: a *really* good reason to do so.                                         ::
::                                                                          ::
:: So, if you've been complaining about being on a pulse exchange for your  ::
:: entire life, whining about how slow data transfers are, and begging      ::
:: Telkom to upgrade you to a digital exchange - now is the time to stop.   ::
:: It may just be a resource worth keeping. ;)                              ::
::                                                                          ::
::                               --=====--                                  ::
::                   <dem0n> how do you telnet to a ssh?                    ::
::                               --=====--                                  ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::       .ooO Making Free Calls from Blue Payphones by Cyberware Ooo.       ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: Well, I got this article in BMP format from Cyberware, and I was too     ::
:: lazy/dumb to report this in something resembling english, so I just      ::
:: chucked it in this issue as phreak.jpg - apologies for the slight image  ::
:: deterioation, but as a BMP it was just too damn huge. Oh yeh, not to     ::
:: mention apologies for not fixing Cyberware's spelling and grammar - he's ::
:: Afrikaans and all. ;) Regardless, it's quite a neat trick, and hopefully ::
:: it will be useful to you -- Enjoy!                                       ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::


::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                          .ooO Next Issue Ooo.                            ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
::                                                                          ::
:: The next Issue will be released Approximately whenever-I-feel-like-it.   ::
:: That should be some time in October - Just watch HNN for details. The    ::
:: official Forbidden Knowledge mirrors are listed below.                   ::
::                                                                          ::
:: Posthuman Systems cc         -=-     www.posthuman.za.net <back soon>    ::
:: PacketStorm Security         -=-     Down - Thanks JP you Fucking Idiot  ::
:: The E-Text Archives          -=-     ftp.etext.org/pub/Zines             ::
:: The HackerZ Hideout          -=-     www.hackersclub.com/km              ::
::                                                                          ::
:: Well, thanks to all of the people who helped make this issue better by   ::
:: contributing articles or otherwise showing their support - And to the    ::
:: people who could write stuff for us but haven't - WHY NOT?! Hurry the    ::
:: fsck up already! ;-P                                                     ::
::                                                                          ::
::   How Now Brown Cow /-=-/ Now Brown How Cow /-=-/ Who Then Now Bitchez   ::
::                                                                          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::