💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › LOLIE › 1lolie.… captured on 2022-03-01 at 17:57:10.

View Raw

More Information

⬅️ Previous capture (2021-12-04)

-=-=-=-=-=-=-




             LLLLLLL           OOOOOOOOOOOOO     LLLLLLL
             LLLLLLL           OOOOOOOOOOOOO     LLLLLLL
             LLLLLLL           OOO       OOO     LLLLLLL
             LLLLLLL           OOO       OOO     LLLLLLL
             LLLLLLL           OOO       OOO     LLLLLLL
             LLLLLLLLLLLLL     OOOOOOOOOOOOO     LLLLLLLLLLLLL
             LLLLLLLLLLLLL     OOOOOOOOOOOOO     LLLLLLLLLLLLL

information exchange

Prez DeadWhorse
Prez Devil Locke

e-mail lolie@freenet.hut.fi

web: http://www.inmind.com/people/therock

irc    channel #lolie
       nick DedWhorse


The Leigon of Lame information Exchange.

The LoLie is a service provided free of charge to anyone with an e-mail
account and an interest in computer security, freedom of information,
and censorship.

The LoLie is a forum where people can submit articles on almost any
topic, as long as it relates to computers.  The LoLie was set up to
cater to people interested in computer security, networking, phone
system security, etc.

If you would like to recieve LoLie at your e-mail address, send a
message to lolie@freenet.hut.fi  LoLie depends on reader submissions.
To keep LoLie the higest quality possible, you, the reader needs to
write and submit articles, on whatever topic you specialize in.  All
supporting authors will be given credit.

In this issue:

Unix mail system security. -DeadWhorse

NUAs revisited             -DeadWhorse

Directly accessing Direct access.   -DeadWhorse

AOL for dummies            -Devil Locke

--------------------------------------------------------------------
Unix Mail Security

        There are many ways to get mail from a unix machine connected to
internet.  Normally you dial in and get your mail from a unix shell of
one type or another.  If you have a SLIP/PPP connection, you can use a
mail client, which uses POP to get your mail, and SMTP to send it.  The
advantages of using a mail client are more than just nice pretty
windows.  If an account has a login, but the mail access is blocked for
sending and recieving mail, i.e. guest accounts, then you can use that
account to recieve and send mail.

        In your mail client, just put all the info for that account, if
the account has no password, then there is no way that I know of to use
it for mail, but most guest accounts have simple passwords, like the
same as the login.  If you are a sysadmin, and would like to block
people from using low access accounts for mail, all you have to do is
have no password.  Most freenets have low access guest accounts of this
type.

        Your mail client can also get mail from accounts which have
"expired", but have not been deleted.  You cannot log on the expired
account, but if you finger it, it is still there.  If you try to su to
the account, it will tell you that the account is expired.  Just use the
account info in your mail client, and through the magic of POP, you can
get to your mail.  I believe you can send mail from the expired account
too, someone e-mail me and tell me if it works.  The most simple way to
prevent this type of access is to change the password on the account
before you expire it.

Misc Mail info
POP port 110
SMTP port 25

I'm sure you all know fakemail, so I won't go into how to do it with a
mail client.
-DW
----------------------------------------------------------------------
NUAs Revisited

        Well I know NUAs are an OLD subject, but there is some little
useful things that I have found.  If you don't know what an NUA is, I
recommend you read the old LOD/H guides. But on to the useful stuff.
If you need the date and time, connect to 2151067, once you get the date
and time, just disconnect, I'm not real sure what the computer is, if
anyone wants to write an article on it, go right ahead.  I have found
the NUA that AOL uses to connect to the host is 83420178.83*windows 0001
after it connects, it just sits there, waiting for the aol client.  If
anyone wants to write their own version of the aol client, one that
doesn't crash every ten minutes, and that takes less than ten minutes to
load, again go right ahead. <G>
-DW

------------------------------------------------------------------------
Directly Accessing Direct Access.

        Direct access 5.1 is a popular DOS shell program, which is often
used to control access to the dos prompt in a stand alone, and a
networking environment. Usually the program is run from autoexec.bat,
and if the person doing security has done his/her job right, then
switches=/n is in config.sys, and floppy booting is disabled in CMOS.
This locks up the computer pretty tight, and Direct Access is usually
passworded on exit to dos, dos commands, maint, etc.  The weakness in
direct access is that when you press F10 and the enter password box pops
up, DA reads the password into memory, in ascii.  So the trick is to get
your handy dandy TSR memory explorer into RAM.  If you ever get a dos
prompt on the computer, even a shell, you can load your memory TSR, and
then load DA.  Then it is a matter of hitting F10 to exit, and when the
dialog box is on the screen, hit the hotkey of your mem explorer, and do
a search for Enter Password.  Once it finds that in ram, the password is
usually not more than 50 bytes or so in either direction, you need to
look a little for a string that looks like a password. You can repeat
and get all the password on the system this way. This info is from the
mem explorer I use.  It is freeware I think.

(NOTE: Direct Access is (c) Fifth Generation Systems, Inc.)

Exerpt from doc file:

{
MEMORY 4.3
Claudio Capiluppi
University of Padova - ITALY
caps@hal.stat.unipd.it


Memory is a resident RAM explorer for DOS environment, which allows to
understand interactively what a host process is doing and how it works, by
means of several analysis functions.
}

Do not flood this guy's box with mail, i can send you a UUencoded
version if you can't find one on the net.  I think AOL has it in their
libraries. Do a search on his last name.
-DW

--------------------------------------------------------------------------
AOL For Dummies
The Slightly Less Moronic Edition

    -by Devil Locke


    Ok, everyone in the entire world has gotten an AOL disk at some
 point in their natural-born life.  Since around a year ago, it has
 become a natural law, much like that of gravity, that you will get a
 free trial disk on an average of once every month or so.  But, AOL is
 useless, right?  It's just a run-of-the-mill overpriced, lamer-ridden,
 online service, much like Prodigy and the rest of it's ilk, right?

    NOT SO!  America Online is useless to anyone who is a moderately
 good "hacker", or anyone with an ounce of self-respect, BUT it's a
 great place where one could learn some of the qualities one needs to
 ever be a "hacker", such as patience, and caffeine/alchohol overloading
 during a night spent with utterly no re- sults.  It's easy to get
 access to, and yet difficult to actually do anything you can brag about
 to your friends on.

    The first step one could use in accessing AOL is to use a fake
 checking-account # (note: the routing # must exist) to create an
 account that wont be connected to you, and then ask people for their
 passwords until the account gets logged off for violating AOL's rules.
 Trust me - there are people that stupid out there!  Then you will have
 an account that will last a minmum of a few weeks, and you can start
 having epilectic seizures waiting for the hourglass to go away, when
 you logoff.  (The log-off procedure has been known to take as long as 8
 minutes and 34 seconds on my DX-4/100, due to cheesy AOL coding)  Log
 back on as one of your phishes, and then you can start having fun.

    If ya want to explore AOL, the first thing you need is a copy of
 Master.aol which ya can find in a 'warez' private room because with
 master.aol, you can invoke places that have no keywords, or anything
 like that.

    The first thing ya have to do, is find a database invoke #.  To get
 one you can either generate number's off of the top of your head until
 you find a place that is there, or you can get a list of cool ones in a
 warez room, and be lazy.

    Once you've found one, just click on everything, and fuck around.
 The won- derful thing about an online service that has billions of bugs
 in the s/w is that some of the shit doesn't work for employees.  That
 means that AOL has to jury-rig links to some of their inner-employee
 shit.  For example, AOL has something called the America Online
 Resource Center, for employees.  You can check out all the betas and
 shit that hasnt been implemented yet, download AOL training class logs,
 and stuff like that. You cant get to it because it has a security flag,
 and you have to have an 'internal' account to access it.  But, at some
 point, their whole 'internal' system wasn't working, because through an
 online-technician-training area that you can access through an employee
 area of their Destination:Florida area, you can get to it, by clicking
 on a link to it that has no access requirements due to the fact that
 their other links to it weren't working.  So you can find little
 backdoors like that all over the place on AOL.  It's a great way to
 pass the time when you're wasted and bored.

    You can also find all kinds of strange things, and interesting
 things, and the 'flavor' of hacking is still there - that's what
 hacking is all about, right?  Getting something you shouldn't be able
 to get to, through use of your intelligence and knowledge...the thrill
 of the hunt sorta thing.  And on AOL, that's still there, it's just
 easier to accomplish.  Hence, AOL is a great training ground for
 aspiring hackers, and bored drug-fiends alike.

    But what else is there to AOL?  Well, guess what - there IS more!
 The AOL users are so absolutely moronic that one can employ that
 'asking for pws technicque' (referred to as 'phishing') to credit
 cards.  Hence, an unlimited supply for carders and their ilk.  Also,
 with a CC from AOL, you can get an acct with a REAL internet provider,
 like, I dunno, NetCom or something, and from there, proceed to more
 enjoyable hacking (that, I might add, doesnt have as much lag <grin>).
 And you can meet new friends in the America Online virtual
 cyber-community! (just kidding).

    I hope this was of slight use to some moronic fucker out there.

    Layder.
    Devil Locke.
------------------------------------------------------------------------

Aol for Dummies addendum

-by Dead Whorse

In case you didn't know, you can download the aol version of winsock in
the winsock forum, and then you can use any winsock client with aol. The
only catch is that Aol blocks access to most connections.  You can use
POP to check mail, but you can't use smtp to send it from Aol, stuff
like that.  One good thing is that you can use a telnet client to connect
to a real ISP.

Note: just put the aol winsock.dll in the client's directory, no need
for tcpman.
-DW

------------------------------------------------------------------------

Well that's all for this issue, submit something, and you can be part
of the next issue.

Fading slowly away.....
LoL information exchange. Issue 1. 03/03/96
-EOF-