💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › MORPHEUS › morp… captured on 2021-12-04 at 18:04:22.
-=-=-=-=-=-=-
<=-------------------------------------------------------------------------=>
,%$+: =++%- -+-
.+##@ H##H, ;@#=
H##- ,##@. ,H#= ISSUE03 OCTOBER 1999
X##/ ;##H +#=
X@#H $H#H /#=
X+##, H+#H ., ,- /#= .
H=##; -%/#@. ./%%= ++:+,:H%:%%; /#=-+%= =%%: -;:. ,;;- -%%+-
@,H#X /;;#M. XH=%M- /M$@#%M#M@M#M: /#+H@#@, =@/%M: =HM= =X#+ .H+:M$
@,/##. H.;#M. +#- @@.-@#M@#=+#$ $#@. /#X, /#; .@X .@@. /#= -#% ;# ;H
@.,##:,H :#M. @M. $#: ;#X-; -#% -##= /#: -#+ :#$==@#= /#= -#% +#= .$
@ @#$;+ :#M. -#@. +#+ =#% -#% H#/ /#= -#% +#@XXH#: /#= -#% +#@+,.
# +##H= :#M. =#H. /#$ -#+ -#% X#+ /#= -#% $#/ /#= -#% -####;
# =##M. :##. =#H. /#$ -#+ -#% $#/ /#= -#% $#% /#= -#% /M##M
# M#$ :##. -#@. +#+ -#+ -#% $#: /#= -#% %#X /#= -#% -.-/##-
# $#/ :##. @#, $#= -#+ -#% HM, /#= -#% =##: -. /#: :#% /+ ;#-
=#= :#- /##= /#: .@H. =#% -#H =#% /#= -#% .@#@//H, :#$,=$#X,;@. ;#.
:@#@: ,M. %M##@: .$@;$M= ,X#M+. -#M%/@H, :@#@-,H#M: :###M; .@#@X:#@=-#X;@+
---=- - =---=- :+/. ,:-=;. -#%:+/. ,:-=..:--- ,++, .+/ .: ,/+=
-#%
-#%
-#% L A U G H I N G
=#%
-H#M;
=;;//
<=-------------------------------------------------------------------------=>
Presented By: ALOC - Australias Legion of Cyberpunkz
,/ =: /%, .+XXX
/#X ,#. %@.XX .@$
HXXX @/ ,M= :# %@.
.M; X+ .// /@ -/, X+ .@/ .// -#, -/,
-#///@/ @#X .#, ;##, /M $@. @#X #/ ;##,
.X. X, %XXXXX% .XX, ,XXX%
Web:/ http://www.aloc.cc
Email:/ phrost_byte@hotmail.com
<=-------------------------------------------------------------------------=>
'visiting time is over, so we walk away'
-= The Cure =-
<=-------------------------------------------------------------------------=>
Contents
--------
1.0 -[ Welcome ]-
1.1 - Introduction......................................Phrost Byte
1.2 - About ALOC
2.0 -[ News ]-
2.1 - Enough is Enough Telstra!.............................^OpTix^
3.0 -[ Hacking ]-
3.1 - .bash_history.......................................anonymous
3.2 - grep..............................................Phrost Byte
4.0 -[ Phreaking ]-
4.1 - Breaking into Telstra Exchanges...................Epic Target
4.2 - Sydney Exchange Locations..........................Lord Hades
4.3 - Superlink.........................................Phrost Byte
5.0 -[ Anarchy ]-
5.1 - Fun With Security Tags..................................Ikari
5.2 - Sending Fake Email.....................................[R]yde
6.0 -[ Challenge ]-
6.1 - JavaScript Password Box Continued.................Phrost Byte
7.0 -[ Conclusion ]-
<=-------------------------------------------------------------------------=>
1.0 -[ Welcome ]-
-----------------
1.1 - Introduction
Issue 3... finally. An issue that I didnt write more than 70% of the
articles.
Morpheus will not be released on a set date, it will be released when I
receive enough info to compile another issue. If you have something you
would like printed please send it in.. or if I have contained something
in a previous issue that you feel you should have credit for, or it is
incorrect, please let me know and i will make the due alterations.
Enjoy the rest of the e-zine.
- Phrost Byte
1.2 - About ALOC / Morpheus
ALOC started off as a group, but it didnt work out. So I went back to my
original idea.. and that was to create a place where australian hackers and
phreakers could meet together, trade information, and learn. So that is
what ALOC has become, a place to get information and talk to others of
similar interests. In general it has become a Network.
Morpheus is part of the above, and it compiles alot of what would be
little texts into one large one, which would otherwise be quite time
consuming to write seperate small files on.
This magazine in its electronic form can not be sold without prior
permission from the authors. It also may not be spread via any sort of
Public Domain, Shareware or CD-ROM package.
<=-------------------------------------------------------------------------=>
2.0 -[ News ]-
--------------
2.1 - Enough Is Enough Telstra by OpTiX^
I am absolutly sick of seeing headlines like this "Telstra denies EasyCall
hard sell." Well of course they're going to deny it. Would you admit that
your employees have been signing up thousands of unsuspecting customers for
easycall options they didn't select. Basiclly Telstra don't give a fuck
what you think so long as they have your hard earned money in their
pockets. Telstra are ripping you off and most of you don't even know it.
For example 8 Number Abbreviated Dialling costs $3 a month. To the best of
my knowledge all it takes to set this up is to send someone down to the
exchange and set that option to enabled on the computer. Or take payphones
for example, I'm not exactly sure how much they cost to produce but the
C4's (Goldphones) used to sell for under $1000. As reported by Phrost last
issue, some X1/X2's ("Smart" Phones) have recorded 1 - 2 million dollars
worth of calls being made since installation. And Telstra throw a big
temper tantrum when they find out they've lost a couple of dollars from
vandals or phreakers (there is a big difference between phreaking and petty
vandalism). That just goes to show how much Telstra wants your money. Well
enough is enough, It's high time that Telstra learned that we're not as
stupid as they think we are. Do anything that you think will help make them
learn that we can not be bullied anymore. One point to consider though is
that the easiest way of being caught by the AFP is bragging about what
you've done to everyone. If you're going to brag then at least brag to
people you trust, that way there's less chance of being caught.
BTW In case anyone is wondering where DataKing found those Phreaking laws
in Neurocactus 7, those laws are listed in the Crimes Act 1914, Part VIIB,
Sections 85ZB to 85ZKB.
This is my version of the article I read (the headline one i was talking
about earlier in this article). Telstra recieved thousands of complaints
when people opened their bills to see that they'd been charged for easycall
options that they did not want. Telstra claims that they've only sacked
one employee (at the time of writing) but the Union (god bless them) claim
30 employees have been given the sack over this incident. The employees of
the Burwood call centre in Melbourne have been told to increase their
productivity by 400% which is an impossible figure to reach. The secretary
of the CEPU's communications division, Len Cooper, said "This is a case of
management scapegoating its workers in the most brutal and blatant
fashion." Telstra, of course, deny this but have said the sales staff have
been told to become "more sales focused" in the tougher, competitive
environment. Well I'd say Telstra has a lot of explaining to do. As the
motto of telstra.is.lame.nu says "Making Life Sleasier." I'd say that's
100% true. So next time you ring Telstra try to remember this, most
employees are actually nice people who are being overworked by their
superiors. The only real assholes in Telstra are the ones sitting upstairs
in the corporate headquarters counting our money or the ones who are trying
to hunt us down (you know who you are).
<=-------------------------------------------------------------------------=>
3.0 -[ Hacking ]-
-----------------
3.1 - .bash_history by anonymous
A simple way of getting accounts, even though its unpratical and should be
used as a last resort, is to look at users .bash_history and .history files
that are stored in their $HOME. It is suprising how easy it is to access other
people's private information by looking at their logs. By default any file
thats been created by the user is set chmod 744, this lets anyone read the
file if they have the same group privledges as that user. Same goes when a
new user first logs in, the /etc/skel files are copied to their home and
.bash_history will be created when the user logs in next time, assuming its
a bash shell (Bourne Again). Inside the .bash_history you might be lucky
enough to find some typo's of passwords, heres some examples of what you
might want to look for:
aloc:/home/victom# cat .bash_history
tenlet whitehouse.gov /* mis spelt */
telnet whitehouse.gov
:
cat /etc/passwd
ls
cd ..
more /var/log/messages
:
login Lewinsk1 /* login as user Lewinsk1 */
If there are many users on the system you may want to use grep:
aloc:~# grep telnet /home/*/.bash_history | more
/home/victom1/.bash_history:telnet whitehouse.gov
/home/victom2/.bash_history:telnet
/home/victom3/.bash_history:telnet fed.gov.au
If your looking for some 0 GID or even root you look for:
aloc:~# grep su /home/*/.bash_history /root/.bash_history | more
or even:
aloc:~# grep passwd /home/*/.bash_history /root/.bash_history | more
It may be a good choice if you find some that look promising enough then
have a look at the file, it may take a while to find anything but its up to
you if you want to trade time for accounts. It's a good idea to check out
the /etc/passwd to have an idea of where the home directories are located
and what type of shells they use because they may very from system to
system. Also you may need to pissfart round with the login or passwd but
its up to you depending how desperate you need the accounts. To fix this if
your a user then a simple "chmod 000 .bash_history" will do the trick. or
even "ln -s ~/.bash_history /dev/null" does a better job. If your an admin
then do the following:
touch /etc/skel/.bash_history /etc/skel/.history
chmod 700 /etc/skel/.*history
chmod 700 /home/*/.*history
(depending on where your users home is placed) This maybe considered as a
lame method of gaining accounts but I belive its worth a mention. Posted
in by a Spaceman from outer space that wants to stay Anonymous.
3.2 - grep by Phrost Byte
All I will say is that it depends on your definition of 'hacking'. The
following will increase your power in working with a Unix based system.
Grep is from a family of commands: grep, egrep, and fgrep. They all search
the named input files (or standard input if no files are named) for lines
containing a match to the given pattern. Each of the grep commands are
basically the same, the only real difference is that egrep uses a slightly
different syntax for its pattern matching, whereas fgrep uses fixed
strings. There is also another member to the grep family, and that is
zgrep. Zgrep is used to search compressed files and is invoked the same way
as grep. In this text I will be detailing grep, and I feel that it is easier
to learn and understand by seeing examples, so I hope to provide alot of
usefull ones :)
For examples I will be using a list of Bauhaus songs. Just cut and paste
the following to a file and name it bauhaus.txt
----cut here----
The passion of lovers
Bela Lugosi's dead
She's in parties
Ziggy stardust
Wasp
Hope
King Volcano
The sanity assassin
Terror couple hill colonel
----cut here----
The syntax for grep is as follows:
grep [options] pattern [file]
Usefull options:
-c counts number of matching lines
-i ignore caps
-n includes the line number
-s suppress error messages
-v lines NOT mattching the pattern
A simple example:
#grep -c Z bauhaus.txt
1
The above statement counts how many lines contain the letter Z (case
sensitive) and displays the result. If I typed the following, it will
display the lines:
#grep Z bauhaus.txt
Ziggy stardust
With the added option -v, lines NOT matching will be counted:
#grep -vc Z bauhaus.txt
8
and displayed:
#grep -v Z bauhaus.txt
The passion of lovers
Bela Lugosi's dead
She's in parties
Wasp
Hope
King Volcano
The sanity assassin
Terror couple hill colonel
displayed and line numbered:
#grep -vn Z bauhaus.txt
1:The passion of lovers
2:Bela Lugosi's dead
3:She's in parties
5:Wasp
6:Hope
7:King Volcano
8:The sanity assassin
9:Terror couple hill colonel
Options can be mixed like any other command.
Regular expressions are used to provide grep with expressions whcih set
locations of patterns and ranges of characters (all regular expressions
must be quoted). The hat (^) means start of line, and the dollar ($) means
the end of the line.
To display lines ending with 's'
#grep 's