💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › COTNO › cotno04.phk captured on 2022-06-12 at 10:41:28.
-=-=-=-=-=-=-
______ ______ _____________ ____ ___ ______
/ ____|\ / \ /____ ____/\ / | \ / / | / \
/ / ____\| / __ |\ \_/ /\____\/ / | / / / / __ |\
/ / / / /__/ / | / / / / /| |/ / / / /__/ / |
/ /__/______ | / / / / / / / | / / | / /
|____________|\ |\_____ / / /__ / / /___/ / |___/ / |\_____ / /
|_____________\| \|____| / \__\ / |___ |/ |___|/ \|____| /
____
/ \ ---
/ \ \ __
/ /\ \ \ \
_/______|_/ / / / \
| | / / / /
| ---\( |/ / / /
| \|\(/\(/ \(/
| |
/ /
/ \ /
/ \ ___/
/
/
/
Communications of The New Order
Issue #4
Spring/Sumer 1994
"Fuck you I won't do what you tell me!"
-Rage Against The Machine
Special Thanks: Kilslug, Kingpin & RDT Syndicate, Loxsmith,
Erikt, Gatsby, Maelstrom & PHaTe dudes, Phreddy & the 414's,
Dark Tangent, Kryptic Knight, and very special thanks to our
friends at the ACM.
Good Luck To: Deathstar, AntiChrist, Coaxial Mayhem, Maestro,
Lucifer, Grappler, Mystic Ruler, Jimbo, John Falcon, Karb0n,
Nuklear Phusion, Pather Modern, The Public, and any other
victims of Operation SunDevil '94.
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
__/\iNTRo/\__
Welcome to Communications of the New Order issue #4, DefCon II release. This
is being written in the car as we cruise through the Rockies on the way to
Vegas. Agent 866, Remj, and myself are rockin' out to Testament and we just
entered the Eisenhower tunnel. I guess we're really in the 'underground'
now! I will write the conclusion on the way back and give you a report on
the 'Con. With that out of the way, lets get busy.
CoTNo is a 'zine of the computer underground of the 1990's. It is written
for H4Qu3r's and pHR3aCK3r's of intermediate to beginning experience. All
the information published herein is as accurate as possible and pertains to
techniques and devices that actually work. We do not publish any article
that is not of an H/P nature. If you wish to comment on or contribute to
CoTNo, email us at ak687@freenet.hsc.colorado.edu, or catch one of us on
the iRC or try to catch us in your local Telco dumpster.
Ahem...
I have convinced myself that there is a conspiracy at work and we are
all deeply involved. The government, primarily the Secret Service, plays
an active role tracking and eliminating the top phone phreaks in the USA
(as well as other countries). I believe that they have infiltrated the p/h
scene, and are clumsily masquerading as our friends to track our activities.
In short, the feds have formed a war party.
I have come to this conclusion from the facts which are available to us.
Here is a list of the primary indicators as I see it.
1. Over a dozen top phone phreaks have been eliminated by their local
law enforcement in Canada, US, and UK in the last four months.
2. All of these phreaks were aquaintances of each other.
3. All of these phreaks were active on the IRC, especially #phreak.
4. Almost all of them were members of Flatline BBS.
5. Most of them were affiliated with TNo, PHaTe, or other various groups.
6. Although the phreaks were brought down by local law enforcement, the
Secret Service and/or the Air Force OSI participated as consultants.
These facts appear to point rather strongly at a world-wide crack down on
the well known phone phreaks. I believe that it is an organized effort
which is being orchestrated by the U.S. Secret Service and/or other Federal
Agencies.
In short, I believe we are witnessing Operation SunDevil part two.
It seems to me that the only way the Feds could be gathering so much
information is through a well planted enforment. From the available facts,
it would seem that these informants are active on the IRC, are members of
various top H/P BBS's (ie. Flatline and Maestros' board), and were aquainted
with P/H groups such as PHaTe and TNo, at least in passing.
In short, there is a narq running loose among us.
I can personally vouch for all past and current members of TNo, but there
were almost 100 members of Flatline. Likewise, #phreak sees a lot of
activity and the narq is almost certainly active on the IRC.
Now for the questions and my opinions of the most probable answers to
those questions.
Q. If this is an organized bust, why has there been no publicity?
A. The feds are not finished with their investigation and publicity would
cause their targets to go underground. Publicity could also possibly
compromise there infomant.
Q. Why have these particular phreaks been targeted?
A. These phreaks were very well known because of both their high level
of activity and their flagrant publication of phreaking magazines and
information. This group of phreaks was highly organized and were
helping to train younger phreaks. The government may be trying to
make an example out of the top phreaks in order to scare off the up
and coming phreaks and hackers.
Q. Who are the Feds targetting next?
A. I believe they will continue to hunt down the top writers and activists
in the scene. If they can remove the leaders and teachers of the scene
they will be able to effectively destroy it.
Q. What should phreaks do to protect themselves?
A. If you are active in the scene and wish to remain so, I suggest that you
encrypt or destroy all of your notes and P/H material. I suggest you
be very careful about what you say and do on the IRC. If you run a BBS, I
suggest you screen your users very carefully or not take on any new
users for a while. If you are attending any cons this year, I suggest
you be careful of who you associate with. When you phreak or hack, always
use diverters and carefully modify the logs of any machine you visit. In
other words, a little paranoia can go a long away.
In short, be careful.
Table of Contents
~~~~~~~~~~~~~~~~~
1. Introduction.............................................DeadKat
2. Blueboxing in '94........................................Maelstrom
3. Mail and News Daemon Hacking.............................Remj
4. A Guide to Meridian Mail.................................DeadKat
5. UNiX Defaults 2.0........................................TNo
6. The Complete Guide to Trashing Fax Machines..............Coaxial Mayhem
7. Retail Skamming..........................................Disorder
8. The Complete Datapac NUA List............................Deicide
9. Unpaid Advertisement.....................................Corrupt Sysop
10. Elite Music III..........................................John Falcon
11. Conclusion (DefCon2).....................................DeadKat
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
-=- Blueboxing in '94 -=-
- (C5 for the masses) -
-=- by Maelstrom/PHaTE! -=-
Well, I've been promising DeadKat an article since COTNO #1, and was
searching frantically for a subject that I could write a useful/informative
article on...having failed dismally in my quest, I decided to turn my
attention to a beginners guide to present day blueboxing. This article
will only deal with the practical uses of CCITT 5 (C5) signalling systems,
and NOT with the more advanced systems such as R2. Becoming familiar with
C5 signalling will provide you with a good grounding in blueboxing,
therefore making understanding a guide on a future system easier. And so
to the main text...
"You just blast 2600hz right?"
------------------------------
No. All too often when blueboxing is mentioned in the context of actually
doing it today, some dolt pipes up with this. Treasure your old Mark Tabas
files, for they contain some excellent information even today, especially
concerning routing codes, but forget all about the R1 signalling described
within his 'Better Homes and Blueboxing' guide. The system we are
concerned with today is C5, so swiftly clear the limited space available in
your mind. The first point I would like to make is that you will NOT be
siezing trunks within your own country. The focus of your attentions will
be those 1-800 wonders known as 'Country Direct' numbers, which will
connect you to the telephone system of some far-off nation for the princely
sum of $0.00. While these are certainly not the only countries you should
experiment with, South American and Asian countries are usually the best
bet for a C5 connection that you can seize. From nearly all European
locations it is possible to bluebox over Chile for example, and lines to
Columbia, the Philipines, Taiwan and Thailand are also often C5 connections
to your country. While these provide a good starting point for your
adventures with C5, don't restrict your attempts to only the aforementioned
places...You never know what you might find...
"So, uhh, what next?"
---------------------
After dialling a country direct number to a country on C5, you will usually
hear a very audible 'chirp' (some may choose to call it a 'ping' even...)
when the line is picked up. This is the moment to start sending the tones
required to manipulate the line for your purposes. A few countries using
C5 may not give you a 'chirp' when your call is connected, but when the
call is disconnected. Before you can start to signal your call, you will
need to 'sieze a trunk'. To do this you send a compound signal of 2600hz
and 2400hz for approx. 150-450ms. On sending this signal the line should
respond with a sound similar to the one you heard when your call to the
country direct was completed. Next you send a 2400hz signal, usually for
approximately the same length of time as the first compound signal. The
delay between these two tones is often crucial, so experimentation is
essential. There are no concrete rules for siezing a C5 line, although I
usually use 150ms length for both tones as a starting point. If playing
the first tone leads to immediate disconnection then decrease the length of
the tone - if the opposite is the case, and the line ignores your first
signal, then increase its length (personally I use steps of 10ms but feel
free to jump up 50ms if you feel the urge). BillSF of HackTic Holland
informs me that newer C5 systems nearly always require timings of 150ms per
signal +/-20ms, and with an inter-signal delay of 10/20ms, and I have also
found this to be true. When you have successfully gained control of the
line, you will have by this time heard two acknowledgements from the line,
one per signal sent. At this point you are ready to begin signalling your
call. The first digit you must dial is the KP1 or KP2 signal. This
determines that the call is either terminal (local), or transit
(international) respectively. An international call is usually what we
want, so we send the following dialstring: KP2+countrycode+0+acn+ST. For
example, if we wanted to dial the Colorado office of the Secret Service, we
would send KP2+103038661010+ST. If we wanted to place a call to a number
in a European country then the dialing format is identical. This is the
correct dialing format in accordance with all the technical CCITT 5 texts I
have read, but not always the correct method in practice. Macao (country
code 853) was long known to be breakable from the United Kingdom before
anyone figured out that the correct routing was
KP2+00+countrycode+number+ST, so again the key word is experiment. Not all
countries will 'play fair' in terms of their accepted routings.
To place a call to within the country you are calling couldn't be
simpler however. The correct format is KP1+0+number+ST, and I have never
found any nation deviating from this template. One interesting route to
note at this point is KP1+2+Code11+ST (see freq. list for Code11), which
will nearly always connect you with the inward operator in the country
whose country direct number you have dialled. Lots of interesting
information may be gleaned from a conversation with these operators, such
as correct routings, and most operators are more than willing to furnish
you with the routings for their technical assistance/engineering
departments, who will further assist you, often to the point of telling you
the exact timings you require. Remember that their equipment is telling
them that you are an operator, so feel free to spin any suitable yarn about
testing international connections etc., and also bear in mind that in 99%
of cases the operator's limited grasp of the english language is in your
favour.
Also, be prepared to try other digits in place of 0 between ccode and
number in the dialstring for a transit call. KP2+ccode+2+number+ST will
usually work for example, and in some cases is the only way to route the
call (the country direct to Taiwan from the UK was a good example of this).
The digits 0,1,2 and 9 are the only ones I have found to be acceptable in
this way, but I wouldn't discount the possibility of being able to use
others over some nations.
"It doesn't work?"
------------------
Then you're doing something wrong. Not all countries will allow you to
place transit calls over their lines so if you really have experimented
with that line and had little or no success then move on, there's no real
shortage of country direct numbers on C5... You might want to try sending
a short burst of 2400hz previous to breaking/siezing the trunk to 'free'
the transit lines. I have found this to be neccessary on the country
directs from the UK to Brazil and French Guiana in order to place a transit
call successfully. Another thing to bear in mind is the fact that the
country you are trying to (ab)use may only call: a) Countries in close
proximity, and/or b) One or two countrycodes. This is true of certain
lines in Canada, and also of most South American C5 links to the UK. Trial
and error is the only way to establish if this is the case on any given
dialup.
"D3Y M0Ni+0R D3 LiN3Z" & "They have 2600hz detectors you know..."
-----------------------------------------------------------------
Well, what can I say? You never make use of a pure 2600hz tone, so even if
it IS filtered/detected you don't have to worry. The most obvious way I
can see of being detected blueboxing is to make 10hrs of international
calls per day over whichever 1-800 direct you're using. Very few telco's
are going to ignore 140 calls/day to Guyana Direct per month. Use your
common sense to avoid detection, that's it.
CCITT 5 Signalling frequencies
------------------------------
Digit Freqs
1 700 & 900 hz
2 700 & 1100 hz
3 900 & 1100 hz
4 700 & 1300 hz
5 900 & 1300 hz
6 1100 & 1300 hz
7 700 & 1500 hz
8 900 & 1500 hz
9 1100 & 1500 hz
0 1300 & 1500 hz
KP1 1100 & 1700 hz
KP2 1300 & 1700 hz
ST 1500 & 1700 hz
C11 700 & 1700 hz
C12 900 & 1700 hz
(These are the C5 signalling frequencies I use nearly every day, so if you
spot an inaccuracy in the above frequency set you are cordially invited to
blend your phallic muscle...)
Now to the timings. All the normal digits (0-9) should be 55ms in length
and have a 55ms delay in accordance with the technical specificiations
laid out in the CCITT manuals. However, in practice these timings may be
decreased to as little as 30ms per digit, perhaps even less in
exceptional cases. The command and operator digits (KP1/2, ST, C11/12)
are usually 100ms in length, with the delay the same as that set for the
normal digits. Certain South-American countries that I have (ab)used have
required that the command digits, more specifically the KeyPulse signals
and the ST, be much shorter than this, although usually still with a length
longer than that of digits 0-9.
End note.
---------
That's all folks. If you don't know how to produce these tones then you
shouldn't really be reading this - go read your SimCity 2k docs...
If anyone has any questions regarding anything contained in the above text,
or indeed any C5 queries, you can mail me at: mael@phantom.com or if you're
lucky you can catch me on IRC in #phreak. If there's any interest I might
even write a sequel to this rather hurried guide...
QUICK NOTE: This author of this article is Scottish, and as such I have
used correct English spellings rather than the American versions...8)...
DEDICATION: This article is dedicated to Coaxial/PHaTE, who has had a
rather torrid time of it lately (legally...). Good luck and I hope
everything works out for you.
-Maelstrom/PHaTE
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
--==[Mail and News Daemon Hacking]==--
| |
| By Remj for CoTNo |
| |
| Fuck The Government! |
| |
--==[ CoTNo CoTNo CoTNo ]==--
FAKENEWS
--------
WHAT THE FUCK IS A MAIL DAEMON?
-------------------------------
A mail daemon is a program that is started up every time a unix
machine boots, which handles all mail. It sits and listens for connections on
port 25.
HOW DOES IT WORK?
-----------------
When you send mail to a site, it gets sent to its destanation by a mail daemon.
Say you were to send mail to root@cert.org. You'd type your message and save
it. The message gets sent over the internet through the mail daemon, running
on port 25. It is received by the mail daemon running on taylor (port 25) and
gets stored in the /usr/spool/mail/root file.
HACKING THE DAMN THING.
-----------------------
When sending fake mail through a daemon, I suggest doing it from a university
or a public place where you can use anonymous telnet. Some newer mail daemons
can be traced, but most can't.
Here is a list of some older untraceable mail daemons:
gold1.tc.umn.edu
gold2.tc.umn.edu
gold3.tc.umn.edu
maroon.tc.umn.edu
bvsd.co.edu
lime.wustl.edu
Ok, time to hack.
-------------------------------------------------------------------------------
Command Breakdown and Reference:
Helo gail@sundevil.arizona.feds.mil - This line will just wake up the
mail daemon. Don't ask me why.
Mail From: president@whitehouse.gov - This line will make the mail from
president@whitehouse.gov
Rcpt To: root@cert.org - This line will send the mail to
what ever you enter.
data - This line will let you enter the
message. End with a "."
quit - Will quit and send the message.
help - Help
-------------------------------------------------------------------------------
Key:
YOU> what you type.
MD> output from the mail daemon.
YOU> log into your unix account.
YOU> telnet to IP address 128.101.131.11 25
MD> Trying 128.101.131.11...
MD> Connected to 128.101.131.11.
MD> Escape character is '^]'.
MD> 220 gold.tc.umn.edu (EP/IX Turbo Sendmail) Service ready
YOU> helo gail@sundevil.arizona.feds.mil
MD> 250 gold.tc.umn.edu G'day gail@sundevil.arizona.feds.mil!
YOU> mail from: president@whitehouse.gov
MD> 250 president@whitehouse.gov... Sender ok
YOU> rcpt to: root@cert.org
MD> 250 root@cert.org... Recipient ok
YOU> data
MD> 354 Enter mail, end with "." on a line by itself
Here you would enter the message..
YOU> fuck you CERT b1tcH!@ I GH0tZ y0 inF0!2
YOU> .
250 Message received and queued
YOU> quit
Now the the "mail from:" line can be changed to anything you wish,
so can the rcpt to line. This is a great way to send out anonymous flames
and/or mail bombs.
WHAT THE RECEIVED MAIL LOOKS LIKE.
----------------------------------
# from
From god@fuck.you.com Mon Jan 24 18:56:10 1994
# mail
Message 1/1 From president@whitehouse.gov Jan 24 '94 at 7:56 pm -360
Date: Mon, 24 Jan 94 19:56:44 -0600
fuck you CERT b1tcH!@ I GH0tZ y0 inF0!2
CONCLUSION.
-----------
That's a breakdown of sending fakemail. There are a dozen or so scripts that
will automatically send fakemail for you, which are relatively easy to find.
Now, on to a CoTNo exclusive...
FAKENEWS
--------
WHAT THE FUCK IS A NEWS DAEMON?
-------------------------------
The news daemon is the part of a unix's machine port which handles the UseNet
news. These do not exist on every machine, only news servers. To read news, you
type trn -q from your unix prompt, which telnets to the news server on port 119
and communicates with it using the commands listed below.
WHY ARE YOU TELLING ME THIS? I ALREADY KNOW HOW TO USE NEWS.
-------------------------------------------------------------
There are a variety of useful things you can do with this, such as mail bombing
(post a message on alt.test), posting someone's info or e-mail address on a gay
newsgroup, add an e-mail address to a mailing list, or just post to all the
news groups and make the helpless idiot look like a lamer.
Following below is a capture of the fakenews process.
NOTE: commands that you type are denoted by an asterisk (*) to the right of the
command, with comments in brackets.
bvsd% telnet news.colorado.edu 119 (*) [telnet to the news server on port 119]
Trying 128.138.238.69...
Connected to lace.colorado.edu.
Escape character is '^]'.
200 lace NNTP server version 1.5.11 (10 February 1991) ready at Fri Feb 18 15:31:46 1994 (posting ok).
help (*) [list commands]
100 This server accepts the following commands:
ARTICLE BODY GROUP
HEAD LAST LIST
NEXT POST QUIT
STAT NEWGROUPS HELP
IHAVE NEWNEWS SLAVE
Additionally, the following extention is supported:
XHDR Retrieve a single header line from a range of articles.
Bugs to Stan Barber (Internet: nntp@tmc.edu; UUCP: ...!bcm!nntp)
group alt.test (*) [choose the newsgroup that you want to post to]
211 999 66874 67886 alt.test
post (*)
340 Ok
Newsgroups: alt.test (*) [at least one of the newsgroups that you enter in
here must match the newsgroup that you put in
under the 'group' command. If you want to post
on more than one newsgroup, separate newsgroups by
a comma.]
From: mapostol@bvsd.k12.co.us (*) [the person you want the news to 'come
from'.]
Organization: the #warezz dude. (*) [insert anything here.]
Distribution: world (*) [use 'world' so everyone can see it.]
Subject: did this get to you? (*) [insert anything here.]
Hello all! I've been having some troubles lately with my rn command. Please
write reply privately to root@cert.org if you can see this! Thanks a bunch-
The CERT Team.
. (*) [when you are done type a period.]
SAVE (*) [save the message.]
NOTE: if you pulled this off correctly, it will respond with:
240 Article posted successfully.
500 Command unrecognized.
Now, simply type:
quit (*)
205 lace closing connection. Goodbye.
Connection closed by foreign host.
In 20 or so minutes the post will show up on the newsgroups,
and the bots the continously check the base will respond with an automatically
generated test receipt. The guy will recieve abundant amounts of 'interesting'
mail.
HERE IS WHAT THE MAIL MESSAGES THAT THE BOMBED PARTY WILL SEE:
--------------------------------------------------------------
Mail version 2.18 5/19/83. Type ? for help.
"/usr/spool/mail/root": 2 messages 1 unread
>U 1 lists@ifi.unizh.ch Fri Feb 18 15:35 54/1748 "Automatic reply to your test "
& 1
Message 1:
From: lists@ifi.unizh.ch Fri Feb 18 15:35:20 1994
Received: from josef.ifi.unizh.ch (josef.ifi.unizh.ch [130.60.48.10]) by bvsd.k12.co.us (8.6.5/8.6.5/CNS-3.0) with SMTP id PAA16902 for <jstoerme@bvsd.k12.co.us>; Fri, 18 Feb 1994 15:35:18 -0700
Message-Id: <199402182235.PAA16902@bvsd.k12.co.us>
Received: from ifi.unizh.ch by josef.ifi.unizh.ch
id <12249-0@josef.ifi.unizh.ch>; Fri, 18 Feb 1994 23:35:17 +0100
To: root@cert.org
Subject: Automatic reply to your test post
Date: Fri, 18 Feb 1994 23:35:17 +0100
From: IFI Distribution Lists <lists@ifi.unizh.ch>
Sender: lists@ifi.unizh.ch
Status: RO
Greetings from the University of Zurich, Switzerland!
Your fascinating posting with subject
"did this work?"
showed up over here in newsgroup alt.test on
Feb 18 23:27 MET 1994.
(Replies to this automatically generated e-mail will be discarded.
Direct problems/comments to autoreply@ifi.unizh.ch)
If you would rather not see these automatic responses, please include the
text "ignore" or "no reply" anywhere in future test postings.
Here the first 20 lines of your posting:
==============================================
Newsgroups: alt.test
Path: josef!scsing.switch.ch!swidir.switch.ch!univ-lyon1.fr!jussieu.fr!math.ohio-state.edu!howland.reston.ans.net!agate!boulder!news
From: root@cert.org
Subject: did this work?
Message-ID: <CLFvr1.IB@Colorado.EDU>
Sender: news@Colorado.EDU (USENET News System)
Organization: the #warezz dude.
Date: Fri, 18 Feb 1994 21:30:36 GMT
Lines: 3
did this work?
SAVE
==============================================
BTW: Technical reports from the University of Zurich
are available for anonymous ftp in
ftp.ifi.unizh.ch [130.60.48.8]: pub/techreports.
#! /bin/csh -fB
### This is a simple shell script for easy use of anonymous mail. To run the
### program just save it and delete everything up until the #! /bin/csh -fB
### line. Then just type the name you save it as or the name and whoever
### you will be mailing. e.g. amail bill@some.university.edu or just amail.
###
if ($1 != "") then
set mto=$1
else
echo 'To: '
set mto={body}lt;
endif
echo -n 'From: '
set mfrom={body}lt;
echo -n 'Use which host for smtp (return for '`hostname`') ? '
set usehost={body}lt;
echo -n 'Use which editor (return for vi)? '
set editor={body}lt;
if($editor =="") then
set editor=vi
endif
if ($mfrom == "") then
set mfrom=`whoami`'@'`hostname`
endif
echo 'helo amail' >> tmpamail1
echo 'mail from: '$mfrom >> tmpamail1
echo 'rcpt to: '$mto >> tmpamail1
echo 'data' >> tmpamail1
$editor tmpamail2
clear
echo -n 'Are you sure you want to send this? '
set yorn={body}lt;
if($yorn == 'y') then
echo . >> tmpamail2
echo quit >> tmpamail2
cat tmpamail2 >> tmpamail1
telnet $usehost 25 < tmpamail1 > /dev/null
echo 'Mail has been sent to: '$mto
echo ' From: '$mfrom
endif
rm tmpamail1 tmpamail2
#end script
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)\
(*) (*)\
(*) A Guide to Meridian Mail (*)\
(*) (*)\
(*) by Dead Kat (*)\
(*) (*)\
(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)\
\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\
Meridian Mail, is, in my opinion, the all mighty of the VMB systems.
I thought I would make this one about a certain VMB system that is very special
to phreakers. This voice mail system has proved to be the easiest and most
common way to divert that we have ever discovered. I have the Meridian
Release #5 User Guide so I hope this doesn't sound to technical. I will take
whole paragraphs from it, but i'll try not to bore you with too many details.
I will cover everything from basic options to the advanced features, such as
the all important Thru-Dial option (Diverting).
Also, I will be taking my format from the manual.
Logging On
----------
1. To log in from your own phone
First you need to find whats called the Meridian Mail Access Number.
This number is a direct line into the Meridian's Voice mail system. It is
totally obvious when you find one, because the automated attendent will say
"Meridian Mail. Mailbox?"
These so called "Back-doors" into the system answer on the first ring, so it
should not be too difficult to scan one.
Once you discover a Meridian, you have to first scan yourself a box.
Enter a box number, followed by #. The bitch will then say "Password?", use
the box number as the default password. For example: Box 1234# -
Password 1234#. Use a # after both the box number and the password. Once you
have found a box; be it empty or used, you are now logged on to Meridian Mail.
The first thing that will be heard is a description of new or unsent messages,
or maybe it will say you have no new messages at all. You can press 83 to log
off when you want.
2. To log in after leaving a message
After you have called a Meridian Mail user and have left that person
a message, you can log into your own (hacked) box without calling back the
Meridian Access number.
Just press # to indicate you have finished recording. Then press 81
and you will here "Mailbox?". You can now log into your mailbox as usual.
3. Autologon/Autoplay
The system administrator can enable Autologon and Autoplay.
With Autologon, you can log in by simply dialing the Meridian access number.
The Mailbox and password do not have to be entered. This is for time saving
purposes and can be used when phones are in a secure location. (This can only
be done from that extension in the buisness.. too bad huh?) With autoplay, all
new messages are automatically played, in sequence, after logon. (I have come
across a shitload of boxes that have this option, and it's annoying but not a
problem).
Recorded Greetings
------------------
For legitimate users of Meridian Mail systems, they give an option to
have one of two greetings: An external greeting for callers outside the
organization, or an internal greeting for callers within the organization.
Oh sure, you can change these greetings if you want, but the only one worth
anything is the external greeting. I would actaully recommend leaveing the
internal greeting either the way it was or have nothing recorded on it at all.
1. To record external and internal greetings
Press 82. (withing the box)
You will here "For your external greeting press 1. For your internal greeting
press 2." Enter the appropriate number. Then you'll here, "(External/Internal)
greeting. To review the greeting, press 2. To re-record it, press 5. To exit,
press 4." Press 5. Wait for the tone, then speak. When you are done recording
press #. "Recording Stopped." To listen to what you have just recorded you can
press 2. "Start of Greeting. (Greeting.) End of greeting." When you feel
satisfied with the greeting, press 4 to go to another activity, or hang up.
2. To delete a greeting
Press 82 "For your external greeting press 1. For internal press 2."
Again, enter the appropriate number, followed by 76. "(External/Internal)
greeting deleted." If your internal greeting has been deleted, your external
greeting will be played to all callers. If you have no external greeting, the
standard greeting will be played.
Changing your Password
----------------------
You can change your password as many times as you like, provided you
don't repeat your most recent ones, since Meridian Mail keeps track of up to
nine of your previuos passwords. But the sysadmin can change this to whatever
number he wishes.
Press 84. "Password change. Please enter your new password followed by
number sign." (Thats a # in case you didn't know). If you decide not to change
your password after you already hit 84, and before entering any new numbers,
just hit #. When you do change your password it will ask you this, "Please
enter your new password again, followed by number sign." ,or, "<BEEP> Your
password must be 4 to 16 digits in length. Leaving password change."
This is pretty straight forward. As always I recommend changing the
password on any box you hack that is empty, because there's always those
moron new wanna-be VMB studs that think they're bad-ass when they hack your
box. But what they also end up doing is hacking the whole system and
eventually changing a password on a valid box, which then tips of the
sysadmin that he's been hacked.. and the whole system goes down. Oh well,
thats life in the lame world of VMB's, as you'll soon come to find out.
Personal Verification
---------------------
The Persoanl Verification is a recording of your name used by the
system inplace of your mailbox number. A Personal Verification is basically
a very short recording of possibly your name and box number. When someone
enters an incorrect mailbox number to address a message, hearing the name
associated with that box can reveal an error if they misdialed the box number.
But as always it's comes down to whether the sysadmin has activated this option
or not. But to do it:
Press 89. "The Personal Verification is (Name)." or "There is no name
for Personal Verification of mailbox (number)." Then press 5, wait for the
tone and speak your name. To stop recording press #. It will repeat what you
have just recorded. When you're done you can hang up or go to another option.
Playing your messages
---------------------
In this section I'm just going to make a diagram of the options that
can be done when you want to play or delete messages.
------------------------------------------------------------------------------
To... Press... You Hear...
------------------------------------------------------------------------------
play the message 2 "Start of message" Message
go to next message 6 (also to scan) "Description of message"
go to previous message 4 "Description of previous"
go to a specific messages 86+Message #+# "Description of message"
pause during playback # "Playback stopped"
to continue from the pause 2 (Message just resume's)
skip backwards 5 seconds 1 (earlier part of message)
skip forward 5 seconds 3 (later part of message)
delete the message 76 "Message (number) deleted"
(description of next msg)
restore deleted message
(within the current session) 76 (go to deleted "Message (number) restored"
message first) (description of next msg)
to get more info about the 72 (detailed description of
specific message message)
------------------------------------------------------------------------------
Attendant assistance
and
Thru-dialing
--------------------
There are two options to the attendant assistance feature. You can
talk to the Meridian Mail attendant if you need assistance of information on
something your having trouble with. I probably wouldn't do this with your
hacked box, because the attendant may recognize that your voice isn't the real
owner of that box. I haven't tried it and probably won't, because after this
submission you shouldn't be having to ask any questions.
Anyway, you can also reach your telephone system attendant (PBX op)
if need be. I probably would not do this either. Again, this option must
be activated by the sysadmin of the Meridian Mail system, unlike the first
one.
1. To speak to the Meridian Mail Attendant
Press 0#. You are the disconnected from Meridian Mail. The Attendant
will answer if he or she is there.
2. To speak to the telephone system attendant
Press 00#. Your call to the Telephone system attendant is then placed.
The reason behind disableing the second feature is this, if the PBX
operator did answer you could place a call wherever you wanted to. It would
be a diverter (which I will get into in a second), so these tend not to be
activated through the box because if the person works there he can just dial
directly from his phone on his desk. Most sysadmin's know of phreakers, so
they disable this, but don't hesitate trying it if all else fails.
The thru-dial, ahh yes, as said before this is the core to this VMB
system for the phreaker and hacker. This is what saves our ass from getting
caught. At any time while using Meridian Mail, you can make an internal or
external call without disconnecting from the system (again the sysadmin has
to activate this feature). And even if it is activated the sysadmin may have
restrictions.
To dial-out. Press 0 followed by the number you want. Do not pause
for more than two seconds after pressing 0, or you will be connected to the
attendant. If a pause is needed (for example, after dialing a digit to get an
external line or for use of a pager), enter a * where the pause is needed,
then enter the rest of the number. To dial someone by name, enter the name
dialing prefix (usually 11), then spell the last name, followed by the first
name. Name dialing will be discussed later on. Anyways, when you have finished
entering the number press #. Your call has been placed. When you're done simply
hang up.
I want to talk about this a little more. I have heard many people say
that there are about "6-10" ways to dial off a Meridian. No, there are only
two, and technically there aren't even two. The manual says only one, but
I'll explain what I mean by two ways to dial out. As most people know, when
dealing with a PBX you typically have to either dial a "9" to get an outside
line before making your normal 7 or 10 digit local or LD number. Well this is
not always the case with Meridian Mail PBX's. Most often you do need to dial
a 9 but at very, very small companies where they have a Meridian PBX, a 9 to
dial out is not needed. So when trying to dial off a Meridian Mail system,
be sure to try a 0+Number+# and a 0+9+Number+#, and to go even further try a
0+8+Number+#, because I know in 303 I have come across many systems that
require an 8 instead of a 9 to get the outside line.
Those are basically the only two ways to dial off a Meridian. Now I
have talked to a few people who said there more than two ways to dial out and
I realized what they meant. I guess I shouldn't say they are wrong but to be
technical there are only two. What they were talking about is that (depending
on the sysadmin) you can use the 0+9+Number+# in many places, not just "IN"
the mail box itself. Try the 0+9 in different places before getting into the
box. Try it when your first call and hear "Meridian Mail, Mailbox?". If the
dial out works there then there is no need to hack a box. If it doesn't, you
still need to try that command inside the box itself. In general, if the dial
out doesn't work inside the box basically it doesn't work at all. So snag a
box for the hell of it.
The Help Service
----------------
You can get help at any time while using Meridian Mail. The help that
you hear tells you which commands you can use, depending on where you are in
the box.
1. To get general help
If you are in the process of addressing or recording, press # to stop
that activity. Then press * "(This is where the help information will be said,
depending on where you are)" Then enter the command you want.
2. To get message command help
If you are in the process of addressing or recording, press # to stop
that activity. Press 7*, "You have started to enter a message command... (list
of available commands)". Then enter the command needed.
3. To get mailbox command help
Same as before just 8*.
Call Sender
-----------
After listening to a message, you can speak immediately with the
person who just left you the message. Unless the message is from a number that
is not part of the Meridian Mail System, that person's number can be
automatically dialed for you by the call sender feature.
After hearing the message, press 9. "Calling (sender's extension
number, room, or name)." Talk to the sender or leave a message, then hang up.
I wasn't going to put this in because it's not really something we can use,
but I figuered if another hacker d00d had a box on the same system you might
use this feature. Obviously you won't be able to talk to the person, but you
could leave a reply message to him.
Replying to messages
--------------------
When another Meridian Mail user sends you a message, you can use the
Call Sender command or you can use the reply command. With the reply command
you don't have to address the message, this is done by Meridian Mail itself.
If you recieve a message that was sent to several people, you can reply to the
message's originator alone, or use Reply All to send a response to the
originator and all other recipients.
1. To reply to the sender of a message
After hearing the message, press 71. "Reply to (sender's mailbox
number or name). To begin recording, press 5. To end recording, press #." When
you are ready to record your reply press 5. Wait for the tone and say you
message. When your done press #, "Recording Stopped." If you want to send the
message then press 79, "Message sent."
2. To reply to the sender and all recipients
Same as above but it will list all people the message is going to in
either Box number or name format. YOu can hear the list of people by hitting
72.
Express Messaging
-----------------
Just thought i'd mention this in case you ever stubled on the Express
Messaging number. Like the Meridian Mail access number this to is a way into
the system. When you call it you will hear "Express Messaging. To Mailbox?"
Enter the mailbox number of the person you want. This is meant for mainly only
messages. But if you do find this number then you have a place to start.
Creating Messages
-----------------
Instead of calling someone and waiting for Meridian Mail to take your
message, you can use the Compose command to send messages. The Compose command
is very useful for sending messages to more than one recipient (hacker).
Press 75 "Compose. Enter a list of mailboxes." Enter the first mailbox or
distribution list number followed by the #. "(Name or mailbox/list number.)"
To remove a mailbox or dist. list number from the list, press 0# after you
entered the mailbox number. "Address (mailbox number) cancelled." Enter the
next mailbox, followed by the #, or simply press # to tell Meridiain Mail
that you're done entering all the boxes. "To begin recording, press 5. To end
recording press #. So press 5, wait for the tone the say your message. When
you're done press #. "Recording stopped." When you're done and want to send the
message press 79. "Message Sent." If for any reason Meridian Mail can't send
your message, a message called a Non-Delivery notification is sent to your
mailbox.
Creating and editing messages
-----------------------------
------------------------------------------------------------------------------
To... Press... You hear...
------------------------------------------------------------------------------
Pause during recording # "Playback stopped"
check your message 2 "(message.)"
skip back 5 seconds 1 "(5 sec's backward.)"
Skip forward 5 seconds 3 "(5 sec's forward.)"
erase and re-record 5 (at the beginning Wait for tone, re-record
of themessage)
Add to the end of message 5 (at end of message) Wait for tone, record
Re-record part of message 5 (at the place where Wait for tone, re-record
you want to redo) from that point to end
Delete entire message 76 The message is cancelled
Get more information 72 "Description of message"
about message
Remove last entered mailbox 0+# "Address (mailbox/list
or dist. list number while number) cancelled."
addressing a message
------------------------------------------------------------------------------
Forwarding messages
-------------------
You may receive a message that you want someone else to hear. You can
forward the message exactly as it is, or you can record an introduction that
the recipient hears prior to hearing the forwarded message.
After hearing the message, press 73. "Forwarding message (number).
Enter a list of mailboxes." Enter the first mailbox number followed by the #.
"(Name or mailbox.)" To remove a mailbox press 0#. "Address (mailbox number)
cancelled." Enter the next mailbox number and then a # for your last mailbox.
You then can add an intro by pressing 79. Hit # when your done recording. To
forward the message at this point press 79 again. "Message sent."
Name Addressing
---------------
Name dialing lets you call a person by spelling out the dudes name.
Name dialing is usefull because it lets you place calls without knowing the
telephone extension or number itself, and without asistance from the bitch
attendant. This is also good because when you search for a name and the guy or
girl says "Hi.. joe bob here at extension 866", this kinda gives you a place
to start scanning for boxes. If there is one box in the 866 range you know
there are probably more. So it makes things a little easier. When scanning
for names try shit like "Smith","Jones", etc.. common names.
When Meridian Mail prompts you for a mailbox number, enter the two
digit Name Addressing number instead (which is usually 11). Spell the last
name followed by the first (it will stop you when it has found a match).
For example to reach "The Visionary" dial: visionarythe (for Q use 7). The
system announces a match as soon as it finds one, so stop when it starts
reading of names (if there's more than one it will read all matches). If you
have entered the complete name or you don't even know the complete name press
#. If there five or fewer names, the names are announced and a number is given
to identify each name. To choose one of these persons, enter the number of
the person you want. If more than five names are found, the system pormpts you
for the name again.
Tagging Messages
----------------
You can tag messages after creating the, using the Message Options
command, to indicate that you want a message handled one of these ways:
-Acknowledge- When you tag a message for acknowledgement, you receive
a notification message when each recipient hears your
message. Kinda cool option.
-Urgent- An Urgent message is specifically announced when the
recipient logs on.
-Economy- An Economy message is delivered to the remote site when
it is most economical to do so.
-Private- If a message is confidential, you can tag it as Private.
The recipient of the message tagged Private can't
forward it to anyone.
-Timed Delivery- When you tag a message with this, the message is sent
at the date and time you tell the system to.
1. To tag an unsent message
Press 70, "Message options. For urgent delivery press 1. For standard
delivery press 2. For economy delivery press 3. For private press 4. For
acknowledgement press 5. And for Timed delivery press 6." Press the number
you wish to do. To remove any tagged message just untag it by using the same
number you used to tag it in the first place. So if you did 1 for urgent, and
you change your mind about wanting it tagged that way just hit 1 again. To
send the message prees 79.
To save time by not listening to the whole prompt that the bitch reads
to you just hit the number you want. For example if you want an urgent message
delivered just hit 701. The 70 for message options and 1 for urgent. Thats it.
Now for a timed delivery just basically follow the prompts. So hit 706 and
follow what the bitch is saying, but i'll explain in detail of course. After
pressing 706 enter the month followed by the #. The months are entered by the
number. An example would be September is the 9th month so hit 9#. Then enter
day followed by the #. Then enter the hours and minutes followed by the #.
The time is specified by a number from 1-12 for the hour and 0-59 for the
minutes. So if you want it sent at 1:02 (2 minutes after 1:00) you hit 102.
It will aks a.m. or p.m, 1 for a.m. and 2 for p.m, just hit the number you
want and end with a #, "Your message has been tagged for Timed Delivery (date
and time)..." To send press 79. "Message sent. Your message will be delivered
at (date and time again)."
Distribution lists
------------------
A personal distribution list contains a list of mailbox's that you
frequent often. You can create up to nine personal distribution list, each list
can contain a maximum of 99 mailbox's. This could be helpful if there's a city
of phreaks on the same system as you.
1. To create a personal distribution list
Press 85, "Distribution list. Enter the dist. list number followed by
the #." Enter a number from 1-9 that you haven't already used for another
previous dist. list. followed by the damn #. "Distribution list (number)."
Press 5 "Compose a dist. list." Enter mailbox numbers or dist. list numbers,
and do the # thing. When the list is complete press the # (believe it or not).
"End of list. To review the distribution list, press 2." If changes need to
be made to a list later on dlete the list by pressing 76, then create a new
list.
2. To check the contents of a certain Dist. list
Press 85. "Dist. list. Enter the dist. list number followed by the
#." Enter the number, and end with the #. Enter the dist. list number and
press 2. "Distribution list (number). (The names or mailboxes.) End of dist.
list.". You can update these whenever you want if you ever use them.
Conclusion
----------
Well thats more than the basics for Meridian Mail. Like I said, look
for the dial-out option, because this is the most powerful tool of the system.
Meridian Mail VMB systems aren't hard to find, but one that has the dial out
option activated is hard to find. Once you become very familiar with Meridian
Mail you will find other options that can be used that I did not discuss in
this article. In some systems there are other ways to dial out than what I
wrote in here. I hope you find them. Laters!
_____________________________________________________________________________
(C)opywrong 1994, DeadKat Inc.
All wrongs denied.
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\
*| The TNO Hacking Crew Presents |*
*| |*
*| UNiX Defaults 2.0 |*
\ /
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
INTRO
~~~~~
This is the revised list compiled by the members of The New Order from
frequent visits to UNiX hosts. These are default accounts/passwords
observed in hosts running UNiX variations including System V, SCO, BSD,
Linux, Xenix, and AiX. These defaults are included in standard setup on
various machines so the Sysadmin can log on for the first time. Often
the negligent Sysadmin forgets to delete or password the accounts.
This makes UNiX machines extremely easy to infiltrate. This article
does not go into specifics of hacking but it is highly suggested that
you immediately copy the /etc/passwd file (/etc/security/passwd in AiX
machines!) so you can later run a dictionary hacker and get some other
accounts and insure your access. This is list of default accounts which
are often unpassworded. If the system asks for a password, try the account
name which sometimes works. E.G (bin/bin or adm/adm)
DEFAULTS
~~~~~~~~
root bin adm
makefsys sysadm sys
mountfsys rje sync
umountfsys tty nobody
checkfsys somebody setup
lp powerdown ingres
dptp general guest
daemon gsa user
trouble games help
nuucp public unix
uucp test admin
student standard pub
field demo batch
visitor listen network
uuhelp usenet sysinfo
cron console sysbin
w root2 startup
shutdown ncrm new
sysadm mso backup
vt100 cron field
trouble asg
student network adm
dos uucpom2
lpadm tty01 sso
tty1a xdm tty1b
tty1c tty1d dptp
user menu rroot
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
ooO The Compleat Guide to Trashing Fax Machines Ooo
ooO By Coaxial Mayhem Ooo
iNTRO
~~~~~
Well, here it is: "The Compleat Guide to Trashing Fax Machines" Ok, now
wait. This isn't the same old g-file about trashing fax machines we've all
seen. Although this includes topics discussed in many of those g-files,
this is the ULTiMATE guide. Every possible devious technique I can think
of, and its successful application, will be covered in this file.
Now, lets create some technoanarchy!
1. PHiNDiNG A PHAX MACHiNE
~~~~~~~~~~~~~~~~~~~~~~~~~~
Ok, you can get fax numbers from a variety of sources, but probably the
most common are scans and asking. If you do any scanning, you've probably
come across a fax machine. It sounds like a 300 baud modem underwater.
You can use this fax machine but, there are two downsides to this: 1.
You don't get to laugh at the poor bastard because you don't know who
he is. 2. You might inadverently toast your friend or coworkers fax machine,
or worse, your bosses. The other way is asking. If some company has wronged
you, or whatever, you can just call 'em up and say, "Ummm I need to send you
a fax, what's your fax number?" Most of the time the secretary will give it to
you, but some of the time (especially those companies you or your phellow
phreakers have abused) will ask for your name or something. If they do,
play it cool. "What? My names Chester Karma. (hehe) I have to get your
boss this fax by 4:00 (or whatever) otherwise I could lose my job!" That
kinda line will almost guarantee you the fax number.
2. GETTiNG AX-SESS
~~~~~~~~~~~~~~~~~~
Before you can trash the fax machine, you have to figure out what kind
of access you have, witch isn't too hard. There are only two kinds (it is
possible to have both)
1. On-Site Access
This means you have access to the physical fax machine itself. This is
probably the best, because you can: call ANI and get the faxes # (No
asking required), Foward all the calls into the fax machine to Flatline.
(when the faxes don't go thru they'll call the # voice, and when they
hear the carrier connect, they'll assume the fax machine is just out of
paper or somthing :), Or you can use a special attack form (see Section 3)
The immidate downside to this is if someone sees you (The last guy i saw
use it was that Karma guy.. Yeah, Chester Karma, didn't he get fired a
week ago? ...) If you have on-site access when you trash the fax, make
sure you are not seen, and that you wear gloves (fingerprints are WAY
uncool)
2. Remote Access (no, not the bbs software)
So you can't get into the company, maybe its because your doing it
anonymous, maybe they put a restraining order on you, whatever. You
can still totally destroy the fax machine. Phirst, you obviously must
have your victims fax number. (see above) Next, you must have a fax
machine or fax modem. Make double-damn sure you've changed the message
displayed by your fax machine (which usually includes your name and fax
#) otherwise, you may be getting a visit from your friendly neighborhood
police-person. Also don't forget to disable CiD when calling, as many
fax machines have it built-in now.
3. TRASHiNG DA PHAX MACHiNE
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ok, so now you've got access. I congratulate you if you've come this far,
you must be hell-bent on destruction, which is good. In this section I'll
talk about the many methods of fax trashing. Please note that many of them,
if carried out, will totally DESTROY the fax machine. Not only will this
cost the company big bucks to fix. It will cost them big bucks in lost
customers, sales, whatever, because thier fax machine is down. Please be
sure that you know what your doing when you do this, because if you get
in serious trouble, it will be your own fucking fault for not listening to
me. Ok, now that we've got that cleared up, there are two basic kinds of
fax destruction: The "Moebius Fax", and one I've entitled simply the
"IBM Fax"
The Moebius Fax
~~~~~~~~~~~~~~~
The Moebius fax is for people with remote access. If you have a regular
fax machine, set it up so that your banner reads something totally fake
and bogus (maybe the name and fax # of a rival company, etc.) Then get
5 sheets of black contruction paper from a) your kid. b) your school.
c) Your local print shop (or wherever you go to get paper)
Next, tape the paper together, overlapping, so that you have one long
chain of black paper. (the blacker the better, use the blackest side)
Ok now you're all set, put the phirst sheet in the paper feeder, and dial
the victims fax #. Allways block CiD (*67 for the ignorant) and if you've
abused this company before, you should probably route your call. (Operator
divert is probably sufficient) When it connects and starts to receive your
fax from hell, wait untill the phirst 2 sheets have gone through, then
tape the phirst sheet to the last sheet, thus creating an endless loop.
(and creating what mathematicians call a Moebius Band, from where I
derived the name. In case you're wondering, I didn't come up with this
idea, its pretty old. I did think of the name though)
There is only a few problems with this. It will only work on regualar, not
plain-paper fax machines. The reason being that all this black overloads
and wears out the thermal head on regular fax machines, thus rendering
them inoperatable. If the fax machine is plain-paper, then all you can
hope to do is make the machine run out of paper, ink, or both. Still
doing some damage, but it won't leave the impressive effect of the fax
machine smoking. The smell of this is horrible, and if your lucky, the
heat from the thermal head will melt the cheap plastic fax machine, or
blowup, sending sparks everywhere (or if your really lucky, both). Aside
from that, you should probably start sending your fax whenever the store
or office has been closed for a few hours (ie. around 9:00 pm) and stop
around 4:00 am (or whenever the machine shuts down). Texts I've read say
that a fax machine can take anywhere from 30 minutes to 4 hours to burn
out, but all the machines i've done went total meltdown in an hour or
less. One of the heads on one of the machines got so hot it burned
through the paper and started a small fire!
If you don't have a fax machine, but have a fax modem, you can do this
trick too. All you have to do is get an ANSI editor, like TheDraw, and
fill up a few pages with the black background fill color(After you've
filled the maximum page length with The Draw, you can use an editor to cut
and paste the file so it's larger. Now port that file over to your Fax
Modem OCR software and take a look at it. It should be one whole black
screen. Ok. Now follow the steps above, changing your banner, blocking
CiD, etc. Except set up a schedule to send the file over and over again.
(See your Fax Modem docs for info on this) This takes the place of the
endless moebius loop on regular fax machines.
The IBM Fax
~~~~~~~~~~~
This is for people who have On-Site access to their victims fax machine.
IBM has a 800 number that will fax you a 39 page document about thier
services. The number is 800-IBM-4FAX. Other companies have a service
similar to this, but i can't think of thier names/numbers offhand. If
you have such a number, post it on Flatline. Anyway, I think you can see
what's going to happen. But big deal. A 39 page fax isn't going to cause
major damage. No, your probably right, but what if you set up the fax
machine to make, oh I don't know, say a hundred calls to that number a
day, how long do you think the machine will last? Of course, if your
company has a plain-paper fax machine, all that will happen is that
they'll have a couple hundred pages on the floor of thier print room, and
a fax machine that needs ink. This, of course is a cost expense for the
company. This was implemented repeatedly on the hotel managers fax machine
at SummerCon '93.
4. iN ADDiTiON...
~~~~~~~~~~~~~~~~~
This is just a list of other things that i thought about doing to fax
machines that I really didn't have time to test out. Most of them are
just malicious things you can do for revenge, etc.
Send a fax with "Fuck You!" Written on it in big letters to a rival
company of your victims. Make sure you send it at least 30 times.
Also, don't forget to change your banner to your victims banner, so
it looks authentic.
Copy the VISA or AMEX logo onto a piece of paper, and then make up a
bullshit letter under it. "Dear Joe Shmoe, We suspect that your credit
card has been used illegally. To confirm this, we ask you to call our
voice mail system at: <enter your VMB # here> and leave us your card #,
expiration date, and your social security number for verification. We
will send you a fax after we have verified if your card has been stolen,
Thank you for your time, <Sign Fake Name>" Make sure to make it business
like so that they won't suspect a thing. Also, after you've got the
number, you should send a fax confirming thier credit card has not been
stolen. (not yet, at least hahaha)
If you've got a whole bunch of local fax numbers from scanning, prepare
a fake fax to send to them ALL. Recommended: A fax detailing the next
local KKK or Satanist meeting with the appropriate slogans. A very
authentic looking fax that details the exchange of something illegal,
a major drug sale, stolen property, cargo, etc. For this one you may
only want to send to one person because the police will catch on once
they get 20-30 calls about the same fax. A fax with one or two words
written in big letters. Try to avoid "Fuck You" or any other swear.
My favorite oneliners are things like "REPENT!" or "ADULTURER!" or
things like "I KNOW WHERE YOU LIVE" or "BITCH, I'M GONNA KILL YOU"
or the ever popular "The KKK Controls you, Nigger" or something to that
effect. Trust me, these slogans scare people a lot more than "Fuck You"
Most people will call the police. The best was when I sent the local
Catholic Church faxes of pictures copied directly from the Necronominon,
along with slogan's like "Old God, New Devil" and the like.
Fax bomb threats to your local educational institution, along with local
businesses. Most of the time they will shut down any building that has
a bomb threat sent to it, resulting in a loss of business for the
victim. (and a free day off for the kiddies)
Fax threating letters to residental households. Ie messages like
"I know where you live" and "i'm coming to kill you" will scare the
shit out of most people (I know, I don't scare easy and I was scared
shitless when I got one of these calls) You could follow one of these
letters up with a moebius fax that said "DIE!" Over and over again.
If there is a serial killer roaming your city, fax your local paper
saying that you are the killer and leave riddles and threats and stuff.
(Look at the letters Jack The Ripper sent Scotland Yard if you need
inspiration) Be careful to only do this once. The paper will set up
a trap to catch you if you call again.
ENDTRo
~~~~~~
Well, there you go, the compleat guide to trashing fax machines. Now you
have something to do Friday night instead of beating off on a Conference.
This can be loads of fun, and if can even get you some cards if you find
someone guillible enough. But don't be an idiot. Take safty precautions.
This crime is way to stupid to be caught for. Oh yeah, don't get too
cocky and abuse the same company 30 times. Their more then likely to set
up a trap with the Telco if this happens too often.
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
Retail Skamming
---------------
Hello boys and girls. Time for a small installment of retail
scams that YOU can get away with. The are just little things I have
picked up over the past few months and decided to share with all you
out there in white bread land. All of the following ways of skamming
have worked at one time or another and can be done at least at one
store. The scams covered today are:
- Discounts
- Free Clothes
- Safe Carding
- Free Money
- Free Goods
- Free Hardware
- Free Software
- Other Things
Anyway, as usual, this file is for informational purposes
and may be used by anyone (including security d00ds) for anything
YOU may wish to do.
Discounts
---------
This one is really easy, and you just have to know it exists.
If you are in a mall, at almost any food place, and sometimes other
types of stores, you can get mall discounts. Most food places will
give either a 10 or 15 percent discount to mall employees. All you have
to do is order your food, just ask "Do you give discounts to mall
employees?", and usually they will just say "yes" and give it to you
without asking. If they ask where you work, just tell them some store
at the other end of the mall, and say you are new there. I have never
had anyone question me about this, and I have done this at malls that
I don't work at.
I was surprised to find that Lens Crafters(tm) gave me a
15% discount on my 150 dollar glasses I was having put together. That
is a nice little discount when you think about it. So don't count
on discounts on food only, always ask, it never hurts. The most they
will say is 'no'.
Free Clothes
------------
Ok. Free clothes this time. This scam takes a little more time
but in the long run, can pay off quite nicely. A few chain clothing
stores run specials on buying more than one item. Chess King is well
known for their '2 for 45' deal. A pair of pants and a shirt for
45 dollars. Not bad at all. Anyway, individually, those two items
are about 30-35 dollar range, and just discounted when purchased together.
So, buy the two for 45 and leave the store. Next day, return the one
item with the tags still on it. Since it is a single item, despite the
2 for 45 purchase, they will return it for full credit. Next day, bring
back the second item for full credit. Once again, make sure you aren't
doing this with the same person or they may catch on.
Now you have spent 48.29 (tax) and received back around 65
dollars of credit. When you get the first two items, try to get two
high priced individually for more credit later. Use that credit
to purchase another 2 for 45 deal. Wait a week and return them back
to the store. If you can, go to another location and they should
take it back. Return each on a seperate day and get full credit.
Now you have spent 48.29 and should have around 120 dollars in credit.
You see the pattern. Keep doing this and you can build up a shitload
of credit. Most store credit at clothing retail places is good for
anywhere up to 6 months and sometimes beyond. Take your time with it
so they don't catch on. Eventually, you will have enough credit to
purchase a leather jacket or something, or a shitload of clothes.
That is about it. The critical thing in this scam is making
sure they don't catch on. Just use your head and everything should
be cool.
Safe Carding
------------
First. Obtain a card number, name, and expiration date. If
at all possible, obtain the actual card. If you think that is impossible,
think again. Grocery stores turn up 5-10 cards a week, and they aren't
even looking for them. If you or someone you know works in a place that
gets more credit cards than average then you are set. If you are a cashier
at a grocery store or some other large store, you are in an ideal position.
During the 6:00 rush when everyone is begging to get the hell out of
the store, accidently hold on to the credit card. If they say anything,
just say 'Oops. Heh. Sorry, it's been a long day' and act like nothing
happened. If by chance, the customer walks off without their card, just
hide it under your register, or somewhere else you can get to it should
they come back for it. Either way, you can do what I will discuss. If
you have an actual card, then you are set. If you only have the number,
name, etc, then you need to do this: Write all that info on a small
piece of paper. Tape the paper to some other bullshit card you don't
need, so that it appears you are handing someone your credit card.
Second. Once again, this relies on a friend or you working in the
right place. How many of your friends work in a computer or a software
store? If you have one friend that does, and is willing to help, then you
are both set. Throughout this file, I will use Waldensoft as our example,
because I know it can be done there and places like it. Now, wait one
night when your friend(s) are working there(it is important that
everyone working there is in on the deal) and go to the store. Take the
card or card number and information so you can get your loot. Just go
shopping for whatever you want. Pick up some games, disks, books,
hardware if they sell it, or anything else you might need/want. Now,
take it to the counter where your friend is waiting. Give him the loot,
and after he rings it up, hand him the card. If it is the actual card,
he can scan it through, and if it the card has already been invalidated,
he can just shake his head, and watch as you walk away and get the hell
out. If it goes through, take your stuff, and the card, and split. Done!
If it is your card with someone else's info on it, almost all stores
have a way to punch in the info by hand in case a card is damaged. So
your friend can manually punch in the info and you are set.
Other stuff to watch out for:
- If the card or the card number doesn't go through for some
reason, just calmly walk out the store and if anyone asks
about the incident, your friend can say 'Hmm? This older
lady came in the store, picked up some stuff, came up and
handed me the card. When I told her it wasn't going through
she just grabbed it out of my hand, and walked out.' From
here your friend can make up a description of the lady or
whatnot, and that is about all that will be said.
- If it is an actual card, some places offer rewards to their
employees for hanging on to stolen credit cards. Hell, if you
can't get some new stuff, might as well get a small cash reward!
- Make sure the place you do this at has NO security cameras.
- If possible, talk to your friend and make sure that the store
you are doing all this at, doesn't have it set up so that if a
stolen card goes through, security is automatically alerted.
I have heard of malls with that kind of set up, but don't know
if that is true. I know it isn't true at the mall I work at,
or other malls I have worked at in the past.
- Remember, that for this to work with the actual card, you have
to do it the same day you get it, or chances are that the
person has called the company and cancelled it.
- Make sure there aren't too many other customers around or
watching since they can probably describe if security came
later.
- Don't get too greedy. If the place sells hardware, don't
get too much. Also, avoid getting two of the same things.
If you were to get two soundblasters or two modems, this
looks really suspicious and may cause problems.
- Don't do this more than once at a single store if you can.
If you do, wait at least one month before attempting it
again.
Some larger computer warehouses, no names mentioned (Comp USA,
Computer City) will willingly let you purchase stuff with a credit
card #, exp date, and name. If you use this method, make sure you have
a payphone number handy, and tell the cashier to call and verify
that you are using "dad's card". Just have them call the payphone number,
have a friend answer, and play the role of daddy. Easy enough.
Last thing. This is based on rumor, so if someone tries this, and
it works, or doesn't work, get word out about it. These days, they have
it set up so you can get cash from ATMs using Mastercard or Visa. I have
been told that if the person has a card with that feature, and they have
never used it, then the PIN number for that card is the last four digits
of the card number. If you try this, make sure you aren't standing in
front of a camera at the ATM. In some grocery stores there are ATMs without
cameras, but a lot of people around. You have to weigh the risks on that
one yourself.
Free Money
----------
Free money. The ultimate scam. Ok. First, you need to find
a store that does price matching. Certain computer warehouses do it
like Computer City, Comp USA (i think), and a few others. Find a
high price item at one store, and find another place that price matches
but has it for a higher price. That is pretty easy to do. Good items
to do this on are printers, scanners, monitors, etc. Remember that
they usually won't match on full systems or anything like that.
Purchase the item at the expensive place. Leave, come back the
next day. Walk in to the customer service desk and tell them how you
purchased something there and found it cheaper somewhere else.
When they ask, tell them where you found it so they can call and
verify. Once they do, they can offer the price match, and if
under a certain amount, give you CASH back for the difference. Try
to shoot for about a 70 or 80 dollar difference because most places
have a limit of 100 dollars and the rest is done by checks mailed
to you. When you are doing all this, it is important that you keep
your receipt away from them as much as possible. Hold on to it, fidget
with it, drop it, whatever, just don't let them write on it. Most
places will just write the price on something else and then do some
shit on the register and give you the difference. If they give you
the money, and do NOT write on your receipt, then thank them, walk
out, and wait. Come back a few days later, during a different shift,
and scope out who is working. Make sure there aren't too many
familiar faces, and go up and do the same thing. As long as they
don't mark up your receipt, then you are fine, and they have no proof
that they have given YOU the money back. If for some reason you are in
their computer system, or they suspect it, tell them that you buy things
from them all the time, and that you end up getting prices matched on
a lot of things.
After you do this a few times, return the item (within 30 days
usually) and get your money back. They key is no marks on your receipt.
Free Goods
----------
Once again, this works great at busy computer warehouses etc.
Go in and buy a pretty high price item. Once again, printers, scanners,
memory if it isn't locked up, or anything else. Purchase one item while
the store is real busy, and people aren't paying attention to a lot.
Go through the line, buy the item, and stall afterwards. Say something
like "I need to look for my friend" or "Can I go look at something else?".
Either way, say this while your receipt is in your hand, and the cashier
can see it. Odds are, s/he will tell you no prob, as long as you have
your receipt. Walk back in for about 5 to 10 minutes, WHILE IT IS BUSY!
That is the most important part of this whole thing. If they let you
take the item back in the store, that is fine, if they keep it there,
that is still cool.
After you have walked around a bit, go back up and talk to a
different person, and show them the receipt and the merchandise. Walk
out with it, since you payed for it, drop it in a friends car and let
him drive off. Walk back in while it is still busy, go through the store
and pick up a second item. If they original cashier made you leave it
at the register or something, you might have some problems, just depends
on if you see the oportunity. Anyway, if you were allowed to carry
it back in the store, wait until you see the person you talked to leave
the area. Go back to your original cashier, show the item, and the
receipt, and walk out with a second one. Wait a couple of days and
come back with one of them, and tell them you want to return it for
your money. They shouldn't have a problem with that if it is unopened.
Now you have a high dollar item, and your money back. Use the
item, sell it, or whatever. It was free.
The other way: Many places make you check in your bag from
another store when you enter. If they do, and don't give you a ticket,
yes, some places do that, then go in, walk around, and as you exit,
walk up to the counter and ask for your bag. You can usually see what
kind of bags are there, and half the time see what is in it in case they
ask you. You don't get to select your stuff that way, but it is free
and hell, if the receipt is in the bag you can return it for someone else's
money. :)
Free Hardware
-------------
Free hardware. Run to your local computer warehouse and purchase
a complete system. Hell, get a 486/66 with a 450 meg hard drive, 8 meg
of ram, and some other shit. Pay with cash or check and take your item
home. Don't worry, you will get the money back. As soon as you are home
rip open the machine and take out the motherboard, hard drive, memory,
and anything else you need. Put all your old shit in it and box it back
up identically. Take the whole thing right back to the store and
return it for your money. Just tell them that you aren't ready to
make such a large purchase, can't afford it after all, or anything
else. If the place doesn't give cash back, then don't pay by cash.
Ideally, use a check, and just ask the place to get the check back out
and let you rip it up. That way, there is little or no record of who
did it. You don't want your name, or address, or anything else left
with them if at all possible.
If you hesitate doing that, then do everything, but call back
in and tell them that when you got home, it wasn't what you bought,
and that apparently, the box had been opened. Despite what you may
think, when stuff is returned to warehouses, they often re-shrink wrap
a box or retape it for resale.
Free Software
-------------
Free software without being a warez kiddie. You ever need
some free software. Don't want to pay? Don't wanna get on a warez
board? Want the docs and everything else? Go to Egghead! If you
live in a town with Egghead Software, then you are set. As this
file is being written, Egghead will allow you to purchase software,
install it, use it, copy it, whatever, and then let you return it
without a hassle!
I work at a competitor of Egghead and am constantly beaten
over the head with that fact since we don't allow software to be
returned after it has been opened. Anyway, take your time with
the software, copy the docs, manuals, or whatever else, and then
return it for another piece. If they ask why you are returning it,
just say one of the following:
- I didn't have the system requirements. (HD, RAM, etc)
- I have Macintosh/IBM and this won't work on my computer.
- The box said it did this and this, and it doesn't quite
do what I need.
- I wanted it in CD Rom
- Or any other excuse like that.
Now you have access to high dollar software, access to copy
the documentation, and you didn't have to become a warez kiddie to
do so!
Other Things
------------
If you have access to a shrink wrapping machine, you have
almost unlimited access to free stuff. Easy as this:
1) Purchase something kinda small.
2) Take it home, immediately open and take out the
goodies.
3) Put something in the box that weighs the same, and
close the box up.
4) Re-shrink wrap the box.
5) Take it back almost right away and ask for your money back.
Since they will no doubt look at the time and date it was
purchased, and the fact that it is 'unopened' they will no doubt
give you your money back. Only thing to watch out for is that when
you replace the goods, make sure it doesn't 'shake' differently.
Notice how things were packed, and make sure the weight is about
the same.
By the same token you can do this: Buy an item, take out the
goods, replace it with a few decks of cards or something, and then
return it to the store claiming that was all that was in it. Just
be pushy and no doubt a manager will let you get a new one by "customer
satisfaction". Wait a few days, and then take it back for your money.
Afterword
---------
With those ideas, I think you can start to see the possibilites
of retail scams. Working for retail will open you up to most of the
ways, and keeping an eye out for customers that do it to you is the
other good way. Always remember to not get greedy. That will put a
quick end to scamming most of the time. If you are not the best
at social engineering (which a lot of this is in one way or another)
then go for the old fashioned way of shoplifting. For a good guide to
shoplifting, check out FUCK0016.TXT by Max Headroom. If you wonder
what that file is, it is the 16th file released by F.U.C.K. (Fucked
Up College Kids) and is a good guide on how not to get caught. Yes,
a shameless plug never hurts.
DisordeR
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
THE COMPLETE DATAPAC NUA LIST
Release 1.0
05/21/93
Release 1.1
08/19/93
Release 1.2
09/07/93
Release 1.3
10/23/93
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
*****
Written, scanned & compliled by:
((((((((( Deicide ))))))))))
-----------------------------------------------------------
PREFACE:
Well, after all the wait, it is finally out. The largest and most
comprehensive Datapac NUA list ever. This is for all the people who wish to
have a relatively safe place to ply their trade, and Datapac contains NUA's
for ALL skill levels. The Telenet/Sprintnet NUA lists by the LOD/H was a great
source of hackable systems for most people, and i hope that this list will
help people out(and save months of scanning) as well, but for the ever popular
, ever insecure PSN called Datapac.
This is the first release ever of this list, and it will probably not
be the last. NUA's go up and down every day, so this list will never really
be complete, but it is as complete as it can get. Keep in mind that I have
scanned each and every NUA prefix from 200 to 999(pre-200 i have never found
a NUA..) at least a small amount, so if i do not include a NUA prefix, it was
probably not active at the time i compiled the list. New prefixes will and do
go up, so help keep me on top of these changes. Also, when a NUA dies, and new
ones come up, let me know and we will correct these and release the next
version, and you will even get a mention in the 'Contributors' spot! K-rad or
what <g>??
This list does NOT contain accounts, something which a few people
falsely advertised by error. If you need help with a system, contact me and
i'll help you out.
This list does not contain connect information.If you do not know how
to access Datapac/Tymnet/Sprintnet then ask a local H/P user for help, or
consult my guide to hacking.
I did NOT list any system that was not obviously hackable..if the
system consisted of a blank screen, or random garbage, i left it. This
is because of space & pointlessness. Why contain NUA's that no one will use,
because they are unuseable? If for any reason you want these NUA's, contact
me.
I have also included a header for each NUA prefix where NUA's were
found. This header will be in this format:
- 200 - ONTARIO - Up to 9999
Where 200 : Is the NUA prefix.
ONTARIO : Is the province the NUA prefix is located in.
Up to 999: Tells how far i have scanned. Feel free to scan further,
there might be more farther than this, but i didn't think
there would be.
The NUA format is :
XXXXXXXXXX,XXXXXXX $ SSSSSSSS DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Where X: Is the NUA. Enter exactly as shown INCLUDING the comma, if needed.
Datapac NUAs are standardly 8 digits, but can be 9 or 10 if
subaddressing is used.
The data behind the comma is what is known as a mnemonic extension,
used either by the system as an external password or a port selector.
I discovered mnemonics on my own, and seem to be the only one around
who knows how to use them properly.
$: Designates a reverse charging system. If this symbol is not present,
the system will accept reverse charging.
S: Is the system type, if known.
D: Is the description. Extra info/notes.
NUA's with System types but not Descriptions are simply the standard prompt
for that system, without additional data.
Also, i didn't include double/triple NUA's, if the system backed-up
or hunted, i listed the original NUA(the NUA that DID NOT back-up or hunt.)