_________________________________________ .-. _ .-. / \ | _____ | . o O| Ninja Chop This!%@ | ( @ @ ) \________________________________________ / \ / \ --- / | | --- --- | i i | b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! TH4 JULY 1SSU3 û 1SSU3 VII ! 1N Y00R F4C3! PH33RN4T10N! b0g b0g!# !b0 b0 #@! b0g!# #@! b0g !b0g!#@ !b0 b0 #@ @!b0g!#@ #@! b0g @!b0g!#@! !b0 !b0 #@ #@! #@! #@! b0g @! @!b !#@! !b0 #@!b0g!#@!b !#@ 0 @!b #@! b0g #@!b #@!b #@! !#@!b0g! !b0 !#@!b0g!#@!b !# b0g!#@!b #@! b0g!#@!b0 #@!b #@! g!#@!b0g! !b0 !#@!b0g!#@!b g!# !b0g!#@ b0 #@! b0g!#@!b0g #@!b #@! 0g!# b0g! !b0 !b !# g! @!b !#@ b0 #@! b0g !b0g #@!b #@! 0g!# b0g! !b0 @!b !# g! @!b !#@ b0 #@! b0g !b0g #@!b #@! 0g! b0g! !b0 @!b !# g! @!b !#@ b0 #@! b0g !b0g #@!b #@! 0g! b0g! !b0 !#@!b0g!#@! g! @!b !#@ b0 #@! b0g !b0g #@!b #@! 0g! b0g! !b !#@!b0g!#@! g! @!b !#@ b0 #@ b0g !b0g #@!b #@! 0g!# !b0g! @! g! g!# !b0g!#@!b0 b0g!#@!b #@!b0g!#@! g!#@!b0g! !b0 #@! g! !# !b0g!#@!b #@! b0g!#@!b @!b0g!#@ g!#@!b0g! !b0 #@! 0g! !#@ b0 !#@!b #@! 0g!#@! !b0g!# !#@ b0g! !b0 #@ 0g #@! #@! b0g! !b0g!#@! g!#@!b0g b0g!#@ g!#@!b0 g!#@!b b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [ Table of Content! [b0g-7.txt] [ 0:. - [ ] :. ] [ 1:. - [ DefCon review ] [tak] :. ] [ 2:. - [ the joys of root ] [timidu] :. ] [ 3:. - [ how to pick up chicks ] [chris] :. ] [ 4:. - [ Guide to Paytel Canada payphones ] [TheClone] :. ] [ 5:. - [ stoned again! ] [wh0rde] :. ] [ 6:. - [ Hacking Pine ] [timidu] :. ] [ 7:. - [ Taxonomy of Communications Intelligence ] [psyops] :. ] [ 8:. - [ How to own ttysnoop ] [tak] :. ] [ 9:. - [ a guide to daemons ] [psyops] :. ] [10:. - [ Two bombs and some anarchy ] [reaper] :. ] [11:. - [ how to make napalm ] [karbonliphe] :. ] [12:. - [ HACK THE PLANET!#@!] [acidkick] :. ] [13:. - [ There's Nowhere to Hide ] [Aura] :. ] [14:. - [ Fun and Games with RPM ] [phunki] :. ] [15:. - [ The Ultimate Guide To Hacking Hotmail ] [acidkick] :. ] [16:. - [ How to pimp IRC ] [dawgyman] :. ] [17:. - [ Counter-control in school ] doc] :. ] [18:. - [ The internet told me so ] [untoward] :. ] [19:. - [ IRC Quotes ] [k-rad-bob] :. ] [20:. - [ Mailbag ] [b0g@b0g.org] :. ] [21:. - [ CH4NG1NG TH3 W1ND0W5 9X S74R7UP SCR33NS ] [gH] :. ] [21:. - [ Closing words ] [k-rad-bob] :. ] [ ] ____________________________________________________________________ get your b0g at: http://www.b0g.org - official site! http://packetstorm.securify.com/mag/b0g/ send your submissions to b0g@b0g.org ! gibb0r us your articles! send us anything >:/ http://www.ph33nds.org <--- for raver pr0n! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! You're sitting at home on the couch, it's 2am, watching your videotaped reruns of 'Kojack' and leeching Metallica MP3z, just because you can. A knock on the door. It's your friend Sarah, and her girlfriend Beth. They kick back on the sofa and fire up a phatty. The girls get real comforable and start mugging down. Oh yeah. Before you know it, Beth's got her hand up Sarah's skirt and Beth's tank top is on the floor. You're chill, you're observing the scene. Sarah looks up from Beth's nipple to moan, "You got any OpenCOLA?" Of course you do. You're 'l33t. "Then get some. And GET S0ME!!#@$!@!" Get open for OpenCOLA www.opencola.com It's a distributed search engine/agent. And a soft drink. Gee whillikers! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [ 1:. - [ DefCon review ] [tak] :. ] [tak@b0g.org] :. ] ____________________________________________________________________ well hereÆs defcon8 through my eyes.... at 6:00am I ran with my gear over to k-mart, and adept picked me up. we drove to the gas station, then to Dee's...at Dee's we saw almus, grifter, some dod, and Almus's mom HAHA *B00P* everyone accumulated, and we ended up going inside, and eating... then we left, and shit, I rode with Mutilator, Zoob, and that girl..hehzoob and I rode in back of the truck...it got hot...Almus and his furry friend put an FM transmitter in their car, and broadcasted 'the best of san Francisco' over the airwaves... then we threw shit at his car from ours. We made a few stops along the way, and shit, nothing cool, then we got there! boom baa boom. We arrived at the hotel (alexis park) and I was instantly put in fear mode from their ninja-like fountains. Then we saw these nerds, and yelled 'DORKS!' cause they were your urcle looking fucks. We parked, got the dorito, and went to the lobby...hack the planet! in the lobby, I chilled...I met up with J-Man[phreak.org], DTangent[defcon], Serp[phreak.org], and this dood Travis[radio man] then I took a piss, about 3 hours later when I let all teh juice out of my bladder, then we wandered around, and found grifter, and he guided us to the hotel room where we chilled for a bit, and hacked the gibson. after that I cant remember much, I just cruised the hotel and looked at the dorky people, then jumped in the pool fully clothed which is ireet, I stayed in the pool till about 1:00 am, then got out and talked to this dood, and drank beer till about 4:00am or so, then he went clubbin, and me and zoob chilled, then I went to sleep on the lawnchair type thing. At about 6:00 [ 2 fuckign hours of sleep =\ ] fraud woke me up, and I walked with him, and shit..i cant remember, and we went to a couple confs and shit, and stuck HEKTIK stickers all over shit. and blah blah, we chilled, I went to the lobby, and met up with shman again, and we were talking about the nick tak, and vulgar heard me, and like 5 feet away was FoneyOps, Vulgar, Acrylic, SG, and whoever else...HEH, so we then went into capture the flag, and drank beer as foney was gonna hack the gibson [he couldnÆt even get on the network:P ] then I ended up leaving or something, and just wandering around...and I met up with keystroke some time, and sadgirl who gave me a neet picture that said 't4k' from the mall h0h0...blah, we got drunk that night, and I forgot where I slept...The next day was Saturday, and by then people started knowing what hektik was, and I was fearing...and up in the hotel room, everyone said they would give me $10 to run up in the middle of some fed speaking and stick a sticker on his laptop, I did it, expecting loads of money, and I got $5 =\ fuckers...well it was cool, it was broadcasted over every hotel room TV in the place and shit HEH, time went on, and like we stole a few golf carts, and drove to hard rock, then later I think we stole a bunch of alcohol from the hotel, and got drunk again, and high and shit well basically the whole weekend we were drunk =D and like yeah...that night....got drunk that night, and threw people in the pool, and had sex and shit. Then almus pushed me in the pool...oh shit other people can do that cause they own me and shit, but lard ass over here does not have the right to push me in the pool...I will own his fucking DOC wannabe ass. then like there was this guy dressed as a fed standing, and would not talk....we would hit him and he wouldnÆt move, so I stuck a hektik sticker on his forehead, and got a few pictures with him =D then blah, cant remember.... Ok then like we put soap in all the fountains, and shit, and all..they bubbled up, and shit like that, minor havoc. ok, and on Sunday, people were hating us, because the shmoo group, had hektik stickers all over theirs, and the dis.org crew DOC was mad cause we had people handing out hektik stickers at their table, and shit...then the main dood from cDc came to our hotel room cause we had PolaroidÆs posed in the windows, and he feared++ and was talking and adept slammed the door on his face...fears0me and blah blah. god, we did allot of other cool shit, and shit like that, but I have no fucking clue right now as of what time these things happened, and what days etc =D so sorry, but check out mad feared pictures SOON at http://defcon.b0g.org =D --tak b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [ 2:. - [ the joys of root ] [timidu] :. ] [timidu@b0g.org] :. ] ____________________________________________________________________ Ok hackers , so you've been at it all night long .The system looked insecure first but you realized that rooting it it's a real challenge. And yet , you made it. The shiny '#' appeared at last and you are so excited that your hands are frozen and you don't know what to do next. Well , root is fun ! ;] And you can ABUSE it. Yeah , baby , that's it!@#$! I know 5 things to do with a root obtained on another people's box. And since I have a big heart , IÆll share them with you. So .. here we go : 1) Placing a backdoor This is for those script-kiddies that want more&more&more boxes for their own 'unscrutable' purposes ;] Yeah , we have knowledge of their purposes : - packeting innocent people - placing sniffers for NEW shells(accounts) and maybe credit cards - and so on ...... There are plenty of backdoors on the 'black market' ;]]. Obvious ones to the admin , or less obvious .. it's up to you to choose one. Yet , the best combination is a trojaned ssh kit (the ssh distribution patched so that you may log into ANY account using a password you have specified ;]]) and a rootkit that will hide your processes/connections. There arenÆt such things as perfect rootkits. I tend to think that lrk[1-5] is almost perfect but .. heh .. who needs all that functions? Also knark is a neat one , being a kernel module that is truly hidden. You can find applications like wu-ftpd or sendmail already trojaned on the Web ... and that's a good idea. What admin would think that his XXX-important service provides a backdoor to a careful hacker? Heh ... The only bad part about the backdoors (except ssh) is that they can be sniffed. You wouldn't like another hacker using your backdoors , eh? And not only the hackers use sniffers. Admins use them ,too , as they want to know what happens with their boxes in depth. My suggestion : find the most complete rootkit and use ssh as a backdoor. Hide the ssh process from all the process-printing-proggies ( ps , pstree ,top ,etc). And try to trojan the passwd binary so he'll e-mail you when root (or a normal user) changes his password. In case you notice that you don't own anymore that box .. you may try to log in with the most recent root password. Maybe you got lucky and it was just an OS upgrade .. heh I have a couple of things to say. A hacker is a scripter (a person who uses scripts , usually made by HIM) but he shouldn't be lazy. So one must be very careful not to use weak passwords , or the same password many times (cuz you may want to trade the rewts .. heh) , or to use the same ssh port (unless you're trojaning the 22-port ssh) , or to keep his server list someplace unsafe. Clear the logs as Admins really DO check them often. Don't make unnecessary stupid things like vhosts and stuff. Try to work clean .. that's the key 2) Announce your presence Do you want to be famous? Discover a way to travel with light-speed ;] Do you want to be 'locally'-famous? ;]] Announce your presence on a box that you just rewted. You could write something in /etc/motd . MOTD stands for Message Of The Day for those of you who don't know this yet. It takes just a simple `echo "timidu was here .. h0h0h0!!!!" > /etc/motd` to solve the things ... ;] Or you could modify the telnet-banner to show that you have been there (see my article in b0g-6 about changing /etc/issue*) Defacing the web page hosted on that server is also included here. Make your own suggestive index.html and upload it on every server you hack. Place it in /home/httpd ... and your name will be known world-wide. You can send an e-mail to attrition if the page you defaced belonged to an important institution and they'll give you credit .. heh! ;] 3) Play Mr.Nice Guy If you hack for fun or for knowledge .. it is a good idea to inform the admin of the box you entered about the flaw you exploited and . maybe , other obvious unpatched holes. That sounds stupid for some people .. but are you really sure you want a box with a 33Kbps connection at Internet belonging to a 50 year clueless old man? Heh .. fuck you then. Try rooting servers that are well guarded. Those are the treasures... 4) Fuck up the system Yeah .. if you are that demonic , you can try to ruin that poor admin box. `rm -rf /`-ing became lame .. as anyone is able to do it ;] . Try something that will really fuck up his system. Playing with setserial,rdev &co. or fooling around with hardlinks pointing to /dev/null will fuck up his system. There are plenty of ways to do it but IÆm not gonna actually cover them as I hate this kind of hacker >:/ . 5) Making fun of the users ... This is the coolest thing! ;]] I love to be a pain in the ass of the users .. ;]] You could start by choosing a moment when there are many users logged on. First let's bug them a little... bash# wall h0h0h0............... timidu is here and he totally 0wns j00!!!! SUCK COCK, CUNT-FACES!!! ^C bash# If they don't react .. let's play rough!!! : bash# for lOOSER in `users` ; do cat /dev/urandom | write $lOOSER ; done What you did is redirecting /dev/urandom 's content at their terminals. /dev/urandom is a phile that generates random UGLY characters ;]. That will for sure disturb their attention. You can use the same nasty file for mailing the users what we would call .. "not actually a love letter" : You probably think .. "how do I know every user on that box?". Hey dum , remember /home folder? That's where you can find out what are all the usernames. There's only one tiny problem .. when you `ls /home` you'll get the directory name .. like "john/" or "sue_ellen/".But this is where awk comes and helps us. bash# for I in `ls /home/ | awk -F'/' '{print $1}'` ; do head -100 /dev/urandom | mail $I ; done Now everyone will have the pleasure of receiving a cute e-mail ;] If you aren't satisfied with this ... try replacing basic files in /bin with "cute" messages like ... bash# echo "#!/bin/sh" > /bin/ls bash# echo "echo -e "\033[1;31myou aren't allowed to use 'ls' !! Suck timidu's cock and try again .. h0h0h0!" >> /bin/ls That's kind of damaging the server .. and I don't find it very clever as you will need ls too. So my advice is either not to use it .. or to backup whatever files you rewrite. Another fun thing is playing with setleds. For those who don't know what setleds is ... well it turns Caps/Num/Screen Lock on and off. And it also lights those leds on your keyboard. When you're logged on a tty (not a pts .. that's a special terminal) try using it. For example setleds +caps < `tty` will set Caps Lock on for your terminal (yep , tty returns your terminal).So let's say you're on one of your many hacked boxes and see that the real admin is logged on tty1 for example. You can quickly start making fun of him .. bash# setleds +caps < /dev/tty1 That just enables Caps but he'll probably turn it off. That's why I made this cool script .. it just keeps switching caps/num modes .You'll have to tweak it in order to work .. as I made it for educational purposes only ... ;] ---- h0h0.sh ---- #!/bin/sh # Courtesy of timidu .. enjoy ;] tTTY=/dev/tty1 # change this variable to the appropriate one .. using w for example $echo "Watch your keyboard , cutie!" > $tTTY while /bin/true do setleds +caps < $tTTY setleds +num < $tTTY setleds -caps < $tTTY setleds -num < $tTTY done ---- EOF ---- Another thing that'll really drive mad someone logged at an tty[1-8] is playing with his Video Modes. You can use SVGATextMode for this. So .. log on using ssh or whatever your backdoor is and begin changing his modes with `SVGATextMode -x ` . You can find those modes in /etc/TextConfig. If you're too lazy then you should gn0h that important modes are 80x25x9 , 80x28x9 , 80x60x9 , and so on .... If root is logged on but he is running X-Windows you can still make some cool things. I will give you an example ...... suppose that box has wish installed. Wish is part of Tcl/Tk and lets you play within X-Windows environment. Start wish by typing wish at your prompt .. your rootshell , of course ;] bash# wish % You'll have to be quick as a window already popped up on root's screen. Now let's move further. Type exactly what I tell you: % label .label -text "Are you a faggot?" .label % button .button -text "Yes, I am!" .button % button .button1 -text "Nope!" -command halt .button1 % pack .label .button .button1 Now that windows I was talking about earlier will ask root if he's a faggot. If he presses the "Yes, I am!" button nothing will happen. If he presses the "Nope!" button his PC will halt ;] Ain't that just cool? There are plenty of things to be done for bothering the users but you'll have to use your 0wn imagination. If you have something really cool , let me know , puuullleezzeeee!!!!!! It's up to you to choose what to do with a hacked-root.. but always be careful and don't make mistakes that will eventually be crucial. I know this is a lame article and probably bob wont publish it .. but , heh ... I had no fucking time to finish it and place here really cool things. I promise you a better article next time ................ Greetings : Alya , #linuxro , #rohackers , Alya , #pcr , Alya and all my friends on Undernet (they know who they are ;]) b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [ 3:. - [ how to pick up chicks ] [chris] :. ] [chris@b0g.org] :. ] ____________________________________________________________________ Welcome to the first installment (of some odd amount) of my new b0g series. Today, all of you h4x0rs, I will be talking about how to pick up women. Now, if your techniques include Talking H4x0r1sh, reciting UNIX commands or really anything computer related, this course may help you out. Let's get to our first scenario. Hypothetical Situation #1: You see a very attractive female across the room (pub, alley, whichever) and you want to get her attention. Your Initial Reaction: Walk over (stumble, rather), wearing a goofy smile and pretend to "accidentally" bump into her. Let's here a few other answers: - k-rad-bob - I'd just slap her unconscious and then take advantage of her :( - twist - I'd probably get out my penis pump and inflate myself to 4 inches, then walk by her and surprise her with my large member. - GrId - I woUld iMpreSS hER wiTH mY lEeT uNiX SkIllZ! - tress - eugapwierbpofng[inr-q34y9h8awognawlgka?,sf2. - Prae - Why would I want to get a women's attention?! As you can tell, they just don't have a clue. Now, here's what you SHOULD do: Make eye contact with her (while your sitting) and try to keep her attention for at least 3 seconds. Then look away. Don't stare too long, she may call the cops. Wait a couple minutes, then calmly walk over and introduce yourself. Ask her where she's from and act interested. Just try to keep her interest, ask her questions until she wants to know about you. If she asks about you; you're doing good. Remember, the main goal of this conversation is to make yourself appear calm and self-assured. At this point: you have two choices. Either ask her to a movie (or wherever) or ask her for her phone number. I would choose the latter, as it gives her more time to think about you. Only do this if you think you've made a good impression. If you feel your impression wasn't very strong, you may want to ask her out first, so you can have more time to work on her. If you don't want to go elsewhere, just sit down with her wherever you're at and talk to her some more. Tip 1 : There is something you need to know. If your trying to impress a female ages 14 to 20, keep in mind they are often more attracted to guys who are, in a word, pricks. Nice guys don't get the girls here, fellas. If, on the other hand, you're trying to impress an older woman, nice guys = A+. That's a general rule, but of course (as with any rule) there are exceptions. Tip 2 : Pick up lines are fucking lame. The only pick up line you'll be needing is "Hi, my name is xxxxxx." If you feel you have to use a pickup line, choose something that's not offensive and is loose. For example, "I've lost my phone number, do you think I could have yours?" Then smile at her and laugh. Generally, she'll laugh too. If she doesn't, just back away. You're not welcome here. Tip 3 : If you're going someplace with her, and she's riding in your car, open the door for her. It's small, but it's a goody. Remember, if all else fails, crack open the bottles of roofies and slip it in her drink. She'll be all yours for 8 hours! Until next month, kiddies. b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [ 4:. - [ Guide to Paytel Canada payphones ] [TheClone] :. ] [theclone@nettwerked.net] :. ] ____________________________________________________________________ Written by: The Clone On Friday July 14, 2000 ██ __________ ./_CONTENTS_\. ` ` .; Disclaimer .; PayTel Canada offices .; Protel Model Phones .; Intellicall Model Phones .; Resources .; Conclusion .; Contact .; Shouts _,_ Disclaimer -- Within the pages of this document is information pertaining to the technological ins and outs of a huge chunk of the payphone market in Canada. I am by no way responsible for any damage someone or somebody causes by reading this document. If you want to break something and risk a fine or prison time, by all means leave me the hell out of it. In other words, if I in some way AM contributing to that slight increase in Canadian youth crime, I don't take responsibility for it. So please, use this information to learn and grow and not to piss off your phone company, the police department, or national defense. _-_ 'PayTel Canada offices' Several months ago, in my document titled 'The Complete Guide to the Elcotel Payphone' I listed off every Corporation that currently has an account with Elcotel; this included specific account information in alphabetical order. From what I assume, that information was deemed useful by my readers so for that I've taken a similar approach with this section. For now, here is a list of every PayTel office in Canada in order from west to north - just a good resource for Canadian phreakers who may be interested in this company. __ Paytel's national head office is located in Surrey, British Columbia, with the following branch offices in: Alberta (Calgary), Ontario (Toronto, Markham), Quebec (Mirabel), New Brunswick (Moncton) and Nova Scotia (Dartmouth). Western Canada (Head Office) 2428 King George Hwy Surrey, BC V4P 1H5 Tel: (604) 542-2010 Fax: (604) 542-2011 Toll-free: 1-877-542-2010 Ontario Region 6 Adelaide Street East Suite 500 Toronto, ON M5C 1H6 Tel: (416) 504-7400 Fax: (416) 504-7211 Customer Service: 1-800-265-2953 info@paytelcanada.com Quebec Region 17,000, rue Charles bureau 100 Mirabel, PQ J7J 1X9 Tel: (405) 433-0001 Fax: (405) 433-1303 Toll-free: 1-877-433-3553 Eastern Region 201 Brownlow Avenue Unit 57 Dartmouth, NS B3B 1W2 Tel: (902) 468-1716 Fax: (902) 468-1717 Toll-free: 1-877-575-7555 _-_ 'Protel Model Phones' Protel, Inc. of Lakeland, Florida is North Americas leading manufacturer of smart public payphones. In 1984 Protel introduced the first line-powered smart payphone in the USA. Protel were one of the first key-players in the development of the first Customer Owned Customer Operated Telephones (COCOT) in the early 1990's, and have strived to bring quality yet cost effective phones to millions of people around the globe. Protel develops several payphones, though only having slight differences between them, which are unique and interesting to mess around with for a couple of obvious reasons; interaction with the phones' diagnostic - statistical information is possible by using a series of secret codes, and physical/remote security is fairly weak. This is just the type of thing any telephone enthusiast loves to read. Note: I haven't personally found an abundant amount of these payphones within Edmonton in comparison to the Intellicall model phones, but keep in mind, the telecommunications industry is an ever-changing one so who knows what to expect in the next six months or so. Keep your eyes peeled and lemme know if you find any Protel Model payphones in your area. PayTel Canada's Protel Phone ---------------------------- This is one of the few widely distributed Protel phones in Canada: http://home.edmc.net/~theclone/protel.jpg Payphones and Accessories ------------------------- http://www.protelinc.com/PROTELInt/payphone/Fpayph.htm Protel Locations ---------------- Restaurants - Truck Stops - Schools - Service Stations - Churches - Airports - Bowling Alleys - Night Clubs - Bingo Parlors - Resorts - Low-income Housing - Convenience Stores - Apartments - Bars - Lounges - Hotels - Motels Features -------- - When dialing a call on a Protel phone, the phone slowly dials each digit while it waits for you to finish dialing or finish paying. You'll be able to hear this in the background, but it is often quiet so open your damn ears! - Leaving a Protel receiver off the hook for too long will cause the phone to produce an interesting beeping sound. - Credit Card slots; some of these phones DO have credit card slots which accept many major credit cards (ie. Visa, Mastercard, e.t.c). - Internal Alarms; can be disabled by entering *# and the correct two to four digit pin code, most likely in default mode and easily bruteforceable. - Ringers; Protel model phones will most often ring when called. After five rings a modem carrier will pick up which is sometimes followed by an automated voice that reads off how much money is in the phone including the date/time. Special Features ---------------- - A particularly special feature about the Protel model payphones are the unique Protel-only *# options that allow any phreaker to learn about the phones' internal information simply by entering a few codes. Here are the *#6X codes I'm aware of at this present time: ` *#61 should give you ANI information ` *#62 will ID the software version the phone is utilizing ` *#65 sometimes discloses the phones company's HQ modem number - in Canada the modem carrier number would belong to PayTel Canada. ` *#68 disables the phone all together ! Tip: by hand-scanning other *# codes (ie. *#0X, *#1X, *#2X, e.t.c.) you may find more neat options like the ones noted above. Remote Administration Software ------------------------------ * Expressnet - ftp://208.49.251.4/Xv150.exe - (official Protel software) ftp://208.49.251.4/XnetV151.exe - "" * Panorama - http://filexfer.tripod.com * Pronet - http://www.protelinc.com/PROTELInt/pronet/fpronet.htm Security Issues --------------- 'Physical Administration' To my knowledge there are two ways to gain physical administrative powers on a Protel model payphone, the first way is somewhat easier. Here's what you do; ` Enter *# and then the correct four digit admin PIN code which are most likely defaults such as: *#1234, *#5555, *#9999, and so on. Once you enter the correct PIN code you will have total access to all menus, rate tables, and will have the ability to alter restrictions on what phone numbers can be dialed. ` The second way is quite a bit more difficult but is successful nonetheless. After entering the correct two to four digit *# alarm code, and opening the phone with the proper keys, you will notice a 'setup' button on the printed circuit board. Press the button and immediately you'll be prompted for the correct PIN code. ` Enter *#000000 (6 digits) - at this point you will have total access to all menus, rate tables, including the ability to alter restrictions on what phone numbers can be dialed. 'Remote Administration' Remote Administration of the Protel phone can be both enjoyable and profitable, if done correctly. In this section, I'll be explaining step by step on how to successfully take over a payphone or many payphones by using just a computer with a modem and the proper software. The first thing you'll need in order to successfully take over a Protel payphone remotely is the particular payphone's phone number. This can be accomplished by either writing down the phone number listed on the phone, or by entering *#61 with the receiver off the hook. Secondly, you're going to need the right payphone administration software. Remember; some software which might work for administering one COCOT may not necessarily work for another. The reason for this is that some software just isn't compatible with the payphones' chip, making it impossible to even connect to the phone correctly. Another reason may be that the software you're using doesn't allow you to enter the necessary number of digits that would be required of you when prompted for the PIN code. In this case, you'll need software that allows you to enter a 6-8 digit payphone admin PIN. The PIN code; because of the fact that most payphone administration PIN codes (by default) are a series of numbers with only one number and 6-8 digits, and if we remember that the internal physical administration PIN for the Protel is *#000000, I would say that the default PIN for all Protel phones is likely an easy guess. 'Audio File coin return exploit' Many of the Protel payphones throughout eastern Canada and parts of the United States which are owned and operated by Bell (called BOCUT's) are vulnerable to a particularly interesting form of phone fraud. This vulnerability will allow anyone on one of these phones to make a local call and then get their money spit back into the coin return. Now as some of you may already know, as a service provided to ensure customers aren't being ripped off when they insert that 25/35ó for a call, phone companies have what they call a "coin return policy". This policy states that if a customer inserts his/her money for the call but are unable to complete the call due to technical problems on the part of the CO, then the operator must empty out the appropriate change. Now adays with the advent of new telecom based technologies, all an operator would be required to do is play a specific frequency into the receiver to subsequently cause the phone to empty. What I'm getting to is this; if anyone on a regular quality land-line was to be called by someone on a Protel model BOCUT, and then the person on the land-line was to play the coin-return frequency, they could quite possibly automate what any operator has the power to do. This little exploit is known as the 'Green Box', but alt.phreaking's 'Cyber Thief' coined this the 'Protel-Box' for the obvious reason that it only works on Protel model phones. DIY, baby: ==> <== The frequency in '.WAV' format: http://home.edmc.net/~theclone/freecall.wav ==> <== Canadian Distributors --------------------- C. G. Industries Limited 30 Shields Court Markham, Ont. L3R8V2 Phone: 905-475-5093 Fax: 905-475-5389 http://www.cgil.com International Connectors & Cable, Inc. (ICC) 16918 Edwards Rd. Cerritos, CA 90703-2400 Phone: 562-926-0734 Fax: 562-926-5290 Toll Free: 1-800-333-7776 http://www.icc-payphone.com Palco Telecom, Inc. 7825 Flint Road S.E. Calgary, Alberta T2H 1G3 (800) 661-1886 (403) 255-4481 Fax: (403) 259-0101 http://www.palcotel.com Pay Phone Technologies 80D Centurian Drive Unit 8 Markham, ON L3R 8C1 905-947-8216 Fax: 905-947-8209 Toll Free: 1-877-488-0041 http://www.foc-ppt.com -`- 'Intellicall Model Phones' `` Using advanced technology and the experience of over 12 years in the industry, Intellicall produces two payphone models that may both be customized with a variety of options to meet the demands of your locations. The UltraTel payphone is the economical workhorse of the industry for those installations that use AC power. The AstraTel payphone is the proven answer where line power is preferred. Both are highly robust systems that deliver the long term reliability required in any successful payphone network. '' Paytel Canada's Intellicall Phone --------------------------------- Paytel Canada distributes this model of payphone by Intellicall called the AstraTel 2: http://home.edmc.net/~theclone/astraltel2.jpg Intellicall: 'AstraTel & Ultratel' Audio Samples --------------------------------------------------- http://www.payphone-directory.org/sounds/wav/web/intvoice.wav http://www.payphone-directory.org/sounds/wav/web/intavoice.wav http://www.payphone-directory.org/sounds/wav/web/a.wav http://www.payphone-directory.org/sounds/wav/web/intring.wav Payphones and Accessories ------------------------- http://www.universal-comm.net/intell.htm Intellicall Locations --------------------- Restaurants - Truck Stops - Schools - Service Stations - Churches - Airports - Bowling Alleys - Night Clubs - Bingo Parlors - Resorts - Low-income Housing - Convenience Stores - Apartments - Bars - Lounges - Hotels - Motels Features -------- [On UltraTel Models] - After Approximately five rings, a modem carrier will pick up - Some models of this phone have a scrambled keypad, that is, when you dial a number, the tones you hear don't match the numbers you push. After a call is completed, the scrambling ends. - This phone requires an AC power source to function properly. - During a call, it will take your money as soon as it thinks the call is answered. If it is left off the hook too long it will say: "Please hang up and try again." [On AstraTel Models] - After Approximately five rings, a modem carrier will pick up - It has a 14,400 baud modem, which is very fast for a pay phone. It runs only on phone line power. If you don't deposit enough for a call, you will be told to just deposit the difference. - if you leave this phone off hook too long it will generate a fake fast busy signal. Special Features ---------------- Toll Fraud Prevention -- The fraud prevention is this: if you call your friend on an Intellicall phone (UltraTel & AstraTel models) and your friend answers, the phone will automatically dial '111'. If you were to call this phone from either the payphone next to it or from a cellphone; have it ring once, pick it up and then hang up, and pick it up again you'd get an unrestricted dial tone which would allow you to use a tone dialer (since the keypad is temporarly disabled) to make free local calls. The auto-111 DTMF tones override the dialtone, thus preventing toll-fraud. Security Issues --------------- - Internal Alarm Bruteforcing - Internal Alarm Bruteforcing can be done by firstly entering pound then a four digit PIN. Because of previous problems involving the disclosure of alarm codes, I will not be posting it on this article. Too many people were abusing the #CPC code that was mentioned on the 'Complete Guide to the Elcotel Payphone', and because of that Canada Payphone changed the PIN and set up a trap (at least in Edmonton) which automatically caused the phone to dial out for help. If you wish to bruteforce the PIN then all the power to you. 'Phone Seizing Problems - will give free phone calls' Well whaddya know, the very same exploit I discovered on the Elcotel 9520C model COCOTS works on the Intellicall model payphones as well. When will these payphone developers and their distributors ever take their security seriously? The answer is; until the specific fraud being committed has reached such prevalent levels that the chance of a yearly revenue is slim to none. Using a twenty dollar Genexxa 33-Number Memory Pocket Tone Dialer from Radio Shack, one can easily take advantage of Paytel's incompetence in relation to call seizing. -- Typical Scenario -- CALL TO PAYTEL CANADA Operator: Paytel Canada, how may I help you? Phantom Phreak: Yes, may I have the number for directory assistance? Operator: Just a moment... Phantom Phreak: Thank-you. Operator: 1-877-542-2010 Phantom Phreak: No no no, thank-you! * Operator Hangs Up * * Phantom Phreak is dropped to an unrestricted line, and then proceeds to play his pre-programmed 7 digit DTMF tones into the receiver allowing him a free local call. * Useful Numbers: The keypad isn't disabled when using these local numbers, meaning you will not need to go through the trouble of using a tone-dialer: ** 0 ** 411 ** 611 ** 811 ** 911 (?) | see: 'SKANNING' at www.nettwerked.net for a listing of thousands of these: | * Blocked From Area - Will eventually drop you to an unrestricted line * Call Cannot Be Completed - Will eventually drop you to an unrestricted line * Disconnected - Will eventually drop you to an unrestricted line * Not In Service - Will eventually drop you to an unrestricted line * Unsuccessful VMB Login Attempts - will usually drop you to an unrestricted line after several unsuccessful login attempts (not recommended) Modem Carrier Numbers (AstraTel 2): 519-576-0354 - Kitchener, Ontario, Canada 780-483-9783 - Edmonton, Alberta, Canada 780-456-9983 - 127St/139Ave: Edmonton, Alberta, Canada 905-453-9794 - Halifax, Nova Scotia, Canada (corner of Robie and Young streets) 'Resources' Resources list - URL's of web-sites that helped me with the R&D for this document: -+ GHU - The Grasshopper Unit: http://internettrash.com/users/mtghu/ -+ Intellicall Inc: http://www.intellicall.com/ -+ Pay Phone Directory: http://www.payphone-directory.org -+ PayTel Canada: http://www.paytelcanada.com/ -+ Protel Inc: http://protelinc.com -+ Protel Inc (ftp): ftp://protelinc.com -+ Tatung Telecom: http://www.tatungtel.com/ 'Conclusion' I'd firstly like to thank some people who helped directly and indirectly with the creation of this document: Cyber Thief, Magma, Miklos, and RT. Secondly: Oh you big scary Telecom companies popping up everywhere trying to make a buck (or should I say 'quarter') off the slowly dying payphone industry in Canada, without ever paying attention to security. I'm not going to chant about how you guys should INCREASE your security. See that's just something honest 'white hat' folks do. The more you make it easier for the Canadian phreakers to exploit you physically and remotely, the better. Although I don't mind a challenge every now and again... or do I? All this STUFF just comes so easily to me... tee-hee. Def Con 8: YES! Hack Canada and several of their Canadian friends will be attending Def Con 8 this year for some good 'ol fashion fun! This will be Hack Canada's second year attending this crazy Las Vegas conference, and we plan on having a few surprises for all you people. Look for a lot more pictures and reviews this year - hell just look for us and share your beer, eh. PeAcE OuT... _ Contact me _ E-mail: theclone@nettwerked.net ICQ: 79198218 IRC: haxordogs.net [#haxordogs, #nettwerked] URL - http://www.nettwerked.net Shouts: Hack Canada & Haxordogs A P R E - D E F C O N 2 0 0 0 R E L E A S E b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [ 5:. - [ stoned again! ] [wh0rde] :. ] [wh0rde@b0g.org] :. ] ____________________________________________________________________ stoned again! the ever-growing guide to my mentor, Mary Jane. by wh0rde Well, lets start out with what it is. Cannabis, weed, pot, ganja, whatever, its a sexy substance that gives you a feeling of being absolutely retarded. There are so many ways to extract "big papa" THC from the plant (which is what makes you stoned) that I will just explain the important ones. For newbies I always recommend a bong. They cant handle the smoke, so you should ice the water to make it cooled down filtered smoke. The basic idea for a bong is a slide, a container, and liquid. / \ | | |_| | | // |~~~~|// | // | // | //| |----| Explanation: This is a simple "ghetto" bong, usually made out of 20 oz pop bottles. What you need to do is make a small hole on the middle of the lower middle part of the bottle (about 3/4 the way down). Make a slide out of an emptied pen, the kind where you can pull off the tip and the endcap are the best, so you have a straight tube. At the point where you stick it in, put about an inch to a half an inch of the tube inside the bottle, and seal it with any kind of semi-nonflammable object, if it is flammable make sure it isnÆt poisonous, I like to use a little bubblegum and some aluminum foil. Now make a cup-shaped thing, you can cut off the top (threaded part of the bottle) of the bottle and use it, but just the very top. Take aluminum foil and line the inside (and outside too) but leave the bottom covered with a two-layer thing. \ / |\ /| || || || || | \_______/ | | \_______/ | |-----------| Now find a small bit of mesh wire, the kind thatÆs really small _|_|_|_|_|_|_ _|_|_|_|_|_|_ _|_|_|_|_|_|_ _|_|_|_|_|_|_ | | | | | | Like so. Bend it in a cup and stick it on the bottom of the aluminum foil, then poke about 10 holes in the bottom of the aluminum foil. Now take another piece of aluminum foil and connect the cup and the pen body so that thereÆs maybe 1/2 an inch of just empty space between the cup and the body, but the whole thing must be airtight. \ / |\ /| || || || _______ || <- new layer is mesh | \_______/ | | \_______/ | |-----------| \ \ \ | \ | \ \ \ \ \ \ <- now connected to pen This is a horrible diagram but you should be able to see it. The trickiest part is to make the connector piece, so you can pull the bowl out and take the last hit in the bottle where its collected. You may not want/need this but I always prefer it, especially if its a big bottle. Just make it slidable, so you can pull the bowl part off, and be sure to figure out how youÆre gonna get it back on. I kind of round the edges of the part that connects to the tube.. but more often I use a *real* bong. Other substitutes are earthbongs, where you dig chambers in the dirt and have the tubes come out of them, which is nasty to me but some like it. Gravity bongs are like Air bongs where it puts the hit in your lungs for you, which is pretty fucked up to me, thatÆs for people who are on life support and cant pull a hit. Some use apples or coke cans or all sorts.. But my favorite is a *real* bong thatÆs sole purpose was made *to smoke weed out of* and not intricately busted up flower pots (like my friend loves making). Other forms of smoking are joints, my favorite, blunts and jujus, which are essentially a sort of "sub-joint," pipes, and roaches, which are also a subclass kind of. Joints are essentially weed, wrapped in paper. You usually make it out of shake, since its hard to roll a big nug.. and you stick the weed in the middle of the paper going one way diagonally, then smooth it by rolling back and forth, then putting it to one side and start rolling, twisting off the ends (in large cases). I've always had to twist off the ends, if you use tiny amounts thereÆs no point :/ a great thing to do is to put the ash/weed combination in a bowl, since you actually sometimes do waste a little weed in joints. Blunts are simply packed blunts, you can leave a little tobacco at the mouth and then pack however much you want. To get the tobacco out get those little 3prong computer tweezers and just pull it out. Jujus are just packed ciggies, make sure when you start smoking it you pull the filter off. Pipes are, well, pipes. ThereÆs a bowl and a stem, and you light it and pull. | | \\_____//______________ \_____________________ ThereÆs a little hole at the bottom of the bowl. Roaches are simply the *really* resinous tips of joints, you can use tweezers or a roach clip to smoke them. ThatÆs all for this installment of "this old stoner," IÆm Bob Villa, goodnight. b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [ 6:. - [ Hacking Pine ] [timidu] :. ] [timidu@b0g.org] :. ] ____________________________________________________________________ Hi guys! I'm back and you'd better pjeer!@#$! Glad for b0g's comeback I wrote another lame article. If you don't like it , don't flame me ; if you like it .. you're weird. Heh.... I noticed from my 0wn experience that there are too many stupid system administrators that think they have sooooo fucking good ideas and secure their Unix boxes in strange ways. One of them is , for those who provide mail accounts , assigning "/usr/bin/pine" as the new user's shell.Wh00z , guess what , you sick shitheads? It's safer to delete the root password cuz pine CAN and WILL ;] use shell commands. If you're one of those unlucky guys that have pine as shell .. send me 50$ and IÆll share you the secret. Heh , forget it. I don't need your dirty money!@#$!I'll tell you how I did it. I know there are many other ways but .. IÆll let you have the pleasure of discovering' em. You need a couple of things for succeeding: - an account .. heh. That's what you want to hack. You should be able to upload/download files in your account as this is very important. - a simple backdoor that doesn't use root privileges to be ran. I used bindshell.c found on www.anticode.com I think. Or was it packetstorm? Anyway , you should find it easily. - ASM and C++ knowledgeÆs are required. As well as a Brainbench degree in Network Administration.... ;] stupid joke , heh. I compiled bindshell.c on my box that has the same OS and architecture as the box I wanted to hack. Afterwards , I took pine's configuration file. It's called .pinerc and it is found in your home directory. The idea is simple. We fool pine to use as external speller a backdoor and we will telnet back on that host .. at THE port specified in the source (check out what's the port , and change if you want!@#$!).In your .pinerc search the line that sets the speller. It starts with the word "speller" (guess why..) and has a "=" after it. Add "~/bindshell" there, without the quota marks. Now upload in that shell account the file .pinerc (it'll overwrite your previous one) and the bindshell binary.Log in that account and start composing a message. Go at the field where you write the cute love sentences and you'll notice an option .. ^T -> Spell ;]]]] . Press it , what are you waiting. Now all you have to do is telnet over that host at the port where your new shell is binded and .. start fooling around ;] One more thing. Suppose you just can't use the bindshell binary cause they have a strange OS. You'll have to upload the source and first to upload a .pinerc file that sets the speller to gcc -o ~/bindshell ~/bindshell.c and then upload a .pinerc that sets the speller to ~/bindshell. I never tried so if it won't work .. try something else. Pine is a very "powerful" tool ;] That's all for now! Greetings for Alexandra (I love you , baby!) , for UnderW (he was the first who asked me how to hack such an account) and to all my friends that read b0g. b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [ 7:. - [ Taxonomy of Communications Intelligence ] [psyops] :. ] [psyops@phault.org] :. ] ____________________________________________________________________ Cryptography is often considered, particularly by those primarily concerned with security, to be the only serious barrier to communications intelligence. Histories of the field have generally fostered this impression by painting a picture of war between codemakers and codebreakers. In practice, spying on communications is a multi-stage activity in which each stage plays an essential role. It is entirely possible that the cryptanalysis of a message, once the message has been identified and captured, may be less difficult than acquiring and filtering the traffic to locate it. On balance, the greatest problem in communications intelligence--as in most efforts to learn things--is sorting out the information you are after from the information you are not. The 'sine qua non' of communications intelligence is acquisition of signals. Without communications in the form of radio waves, electrical currents in wires, written materials, or copied disks and tapes, there can be no work for cryptographic or intelligence analyst. The interception of communications presents both a strategic and a tactical aspect. Strategically, it is crucial to learn as much as one can about an opponent's communications infrastructure. The first step is to come up with the most precise possible description of the target--what the military call the 'order of battle'. If the target is a country, it may have millions of residents who in turn make millions of phone calls every days. Most of these calls are not of interest; the people who make them do not work for the government or in critical industries and say little of intelligence value. Describing the target is one of the many areas where 'collateral intelligence- - information from sources other than covert interception of communicationsù plays a vital role. Most of the information about a country and its government can be learned from open sources, such as phone books, newspapers, histories, and government manuals. Some, however, will come from covert sources such as spies, and some will come from communications intelligence itself. Once the targets have been precisely identified, it is necessary to discover how they communication with one another. Are their communications carried by high-frequency radio, by satellite, or by microwave? How accessible the communications are and how they can be acquired is a function of the means chosen. High-frequency radio and satellite transmissions are the most accessible. At the time of World War II, most radio communications and thus most of what was intercepted was HF. Such signals bounce back and fourth between the ionosphere and the ground and can travel thousands of miles. This property makes intercontinental radio communication possible; at the same time, it makes it essentially impossible to keep HF signals out of the hands of opponents. Today a large fraction of radio communication is carried by satellite. Satellite downlinks typically have 'footprints' thousands of miles across that spread over more than one country. Terrestrial microwave communications are significantly harder to intercept. They travel between towers a few miles or tens of miles apart. Intercept facilities on the ground must generally be located within a few tens of miles of the micro- wave path and often require facilities in the target country. In the 1970s and the 1980s, there was a war of words between US and Soviet diplomats over Soviet microwave interception activities from a residence the Soviet maintained at Glen Cove, New York (Broad 1982). As with the organization structure, a target's communication practices can often be derived from open sources. Since national and international organizations cooperate in allocating the radio spectrum, it is easier to identify the frequencies used for military, police, or air traffic control communications by consulting regulations and standards than by direct spectrum monitoring. The output of the strategic of 'targeting' phase of communications intelligence is a map of the opponent's communications, which will guide the selection of locations, frequencies, and times of day at which monitoring is conducted. Interception can also be conducted from many sorts of platforms; ground stations, aircraft, ships, embassies, covert locations, and orbiting satellites. The United States has several major intercept facilities within its borders and a host of others abroad. Despite attempts to keep these locations secret, many, including Menwith Hill in Britain, Alice Springs in Australia, ALERT in Canada, Osburg in Germany, Misawa in Japan, Yakima in U.S. Washington, Sugar Grove in U.S., Karamⁿrsel in Istanbul, Camp Humphreys in China, Bad Aibling in Austria, Kunia in Marcus Necker Ridge, and Shemaya in Aleutian Islands. The Soviet Union made extensive use of small ships as collection platforms. Usually operating under very thin cover as fishing trawlers, these boats carried large antennas and were thought to be making their biggest catch in the electromagnetic spectrum. The United States has been less successful with this approach. In the 1960s it commissioned two ships described as research vessels, the 'Liberty' and the 'Pueblo', for intercept duty. The 'Liberty' was attacked by the Israelis, for no publicly apparent reason, while supposedly intercepting Arab communications in the Eastern Mediterranean during the Six Day War of 1967. A year later, the 'Pueblo' was captured by the North Koreans. It turned out to have been carrying many top-secret documents for which it had no apparent need, and most of these fell to its captors. As quietly as it has begun, the United States ceased using small ships as collection platforms. Airborne collection, by comparison, has been an important component of US COMINT for decades. Boeing 707s, under the military designation RC-135, are equipped with antennas and signal-processing equipment. These aircraft can loiter off foreign coasts for hours at a time. Flying at altitudes of 30,000 feet or higher, they can pick up radio transmissions from well inland. The use of embassies to do intercept work exemplifies the twilight-zone character of intelligence. Despite widespread 'knowledge' that many embassies are engaging in intelligence collection, such activity is a branch of diplomatic etiquette that could result in diplomat's being asked to leave the host country if discovered. All the equipment used must therefore be smuggled in or constructed on the spot and must be made from components small enough to fit inconspicuously in the "diplomatic bag"--a troublesome limitation of sizes of antennas. Politics and public relations aside, if an embassy is not suspected of interception, it is likely to be more successful. Mike Frost, a Canadian intelligence officer who spent most of his career intercepting host-country communications from Canadian embassies, reported that the Chinese put up a building to block radio reception at the US embassy in Beijing but failed to protect themselves against the Canadian embassy because they did not realize that it too was engaged in interception (Frost 1994). Interception can also be conducted from covert locations that do not enjoy the legal protection of diplomatic immunity. Britain operated a covert direction-finding facility in neutral Norway during World War I (Wight 1987, p. 9). In the early 1950s, the CIA established a group known as "Staff D" to carry out interception from covert locations. One of the most ambitious undertakings in communications intelligence has been the development of intercept satellites, which did not arrive on the scene till roughly a decade after their camera-carrying cousins. Low-altitude satellites are not well suited to intercept work. They are relatively close to the transmitter, which is good, but they are moving quickly relative to the Earth, which is not. No sooner have they acquired a signal than they move on and lose it again, because the source has passed below the horizon. The comparison with communications satellites is interesting. The mainstay of satellite-mediated communications has been satellites in synchronous orbits, 22,500 miles up. Only recently have communications satellites been placed in low orbits. Tens of satellites are required so that as soon as one moves out of range of a transmitter on the ground, another comes close enough to take over. Systems of this kind have the advantage that the satellites and the transmitters are cooperating. A system in which the satellites were attempting continuous coverage of uncooperative targets would be far more complex, and to our knowledge, none has been attempted. Because they are in very high orbits, intercept satellites must carry antennas tens or hundreds of feet across. It is difficult to make an antenna of this size light enough to be lifted into synchronous orbit. In addition, the antenna must be launched in a folded configuration, which adds complexity and detracts from reliability. In sum, communications intercept satellites are more complex and expensive than other types. Because of its huge size and the low population density of much of its territory, the Soviet Union made more extensive use of radio communications than the United States or Western Europe. Most of the territory of the Soviet Union was far north and not conveniently served by synchronous satellites, so the Soviets developed a family of communication satellites, called Molniya, that move in polar orbits. A "Molniya orbit" passes over the Northern Hemisphere at very high altitude and thus moves quite slowly during this part of its journey. Its perigee, in contrast is low over the Southern Hemisphere, and that part of the trip goes very quickly. The result is that most of the time the satellite "hangs" above the Northern Hemisphere, where it can be used for high-altitude communications. In order to spy on these communications, the US built satellites, called Jumpseat, that move in Molniya orbits. These satellites are in a position to listen to both radio transmissions from the ground and those from Molniya satellites. Communications intelligence depends for its success on tactical as well as strategic elements. When an intercept station has been put in the right location, operates at the right time of the day, points its antenna in the right direction, and tunes its radio to the right frequencies, it is rewarded with a flood of traffic too large to record, let alone analyze. The process of examining intercepted traffic to determine what is to be retained and what is not may be as "simple" as detecting which channels within a trunk are active or as complex as recognizing the topic of a conversation. Typical selection processes include active channel detection, called and calling number identification, speaker identification, keyword spotting (in either text or voice), fax recognition, and semantic information processing. The difficulty of locating and isolating just the right messages is an intrinsic consequence of the volume of traffic in modern communications. Communications intercept equipment must decide in a faction of a second whether to record a message it has detected or to permit the message to escape. Often it must make the decision to record communications of which it has only one part. If, for example, the two directions of a telephone call are carried on separate facilities, an individual intercept point may have access to only one side of the conversation. Although the entire call may in fact be recorded, so that both sides of the conversation will ultimately be available to an analyst, it wil be recorded by two devices acting independently. Should either fail to detect that the call is of interest, and therefore fail to record it, the utility of the other component will be vastly reduced. The problem of identifying traffic of interest among all possible traffic is the problem of 'search'. Communications are organized at many levels. The entities communicating have addresses--in radio these are called 'call signs' (commonly known in the case of commercial stations as 'call letters'; in the case of telephones they are telephone numbers; in the case of computer networks, they are IP addresses, email addresses, URLs, etc. Messages follow 'routes', which in turn are made up of 'links' or 'hops' on 'trucks'. Within an individual trunk, messages are 'multiplexed' into channels, which make up the trunk much as lanes make up a road. At the lowest level, intercept equipment sits and looks through the space in which messages might be found. At each frequency, or time slot, or code pattern, it listens to see if there is any traffic at all. It may well be the case that most of the channels in a trunk are inactive most of the time. When intercept equipment detects an active channels, it must decide whether to record what it finds here. This depends on the 'diagnosis': characterization of the form and the significance of the signal that has been found. If the channel is a telephone channel, for example, the likely possibilities are voice, fax, and data. The intercept device must try to decide what it is hearing and may then discriminate more carefully depending on the category. The first step will usually be to listen for dial pulses or touch tones and attempt to determine what number is calling and what number is being called. If the call is voice, the device may attempt to determine what language is in use, or even listen for keywords. If the call is fax, it may try to determine whether the transmission is text or pictures. If the call carries data, it will attempt to determine what type of modem is in use and what codes (ASCII, Baudot, EBCDIC) or data formats are present. When text is detected, the equipment may go further and apply semantic processing to determine the subject of the message in much the same way that a search engine tries to locate a topic of interest on the World Wide Web. One strategy followed by many pieces of intercept equipment should be a caution to anyone using cryptography; if an intercepted message is found to be encrypted, it is automatically recorded. This is possible because at present only a small fraction of the world's communications are encrypted. The first lesson to be drawn from this is that if you encrypt something you had better do it well; otherwise you will only succeed in drawing attention to yourself. The second is that as the use of cryptography increases, the privacy of everyone's traffic benefits. Once traffic has been diagnosed as interesting, it will be recorded. This is not as simple as it sounds. Typically a signal can be recorded in several different formats, depending on how well it has been understood. It is always possible to make a recording of the waveform being received, but this may turn out to be much bulkier than the message it encodes. For example, recording a modem signal carrying 2400 bits per second of information (about 240 characters a second), without demodulating it, uses up to 48-kilobyte-per-second capacity of a digital audio tape. A direct recording of the signal is thus 20 times the size of the message it contains. Neither diagnosis, nor recording, nor any form of analysis that may be done on an intercepted signal can be separated from 'signal processing'--study of the signal by mathematical and computational means. Digital signal processing (one of the fastest-growing areas in computing) is revolutionizing communications. The availability of $100 modems is a consequence of the availability of signal- processing chips costing a few dollars apiece. Demodulating modem signals (which accounts for most of the signal processing in data interception) is far harder for an intercept device than for the modems used by the sender and the receiver. Present-day modems go through a period of training at the beginning of a call during which they study the communications path and "discuss" how best to make use of it. Even if the intercept device is listening to this "conversation", it cannot transmit without revealing its presence, and thus it cannot engage in the negotiations. The signal quality available to the intercept device is therefore rarely as good as that available to the communicating modems. Only after traffic has been located, demodulated, and recorded do we finally get to the most famous process in communications intelligence, the process of breaking codes: crypanalysis. This document is not the place for a technical discussion of cryptanalysis (check my other papers for more on cryptanalysis); such discussions now abound in both the technical and the historical literature of cryptography. It is, however, the place for a discussion of the process of cryptanalysis. Most of the public literature, both technical and historical, is devoted to 'research cryptanalysis', the process of breaking codes for the first time. This is naturally an indispensable component of any production cryptanalytic organization, but does not account for most of its budget or most of its personnel. The object of "codebreaking" is the development of 'methods' that can be applied to intercepted traffic to produce plaintext. In modern cryptanalysis, this is often done entirely by computers, without human intervention. The process of converting ciphertext to plaintext is called 'exploitation'. It follows a process of 'diagnosis' closely related to the more general diagnosis of traffic discussed above. The heart of a communications intelligence organization, however, is not cryptanalysis but 'traffic analysis'-- a study of the overall characteristics (length, timing, addressing, frequencies, modulation etc.) of communications. Traffic analysis by itself provides a broad picture of the activities of communicating organizations (Wright 1987). Moreover, it is essential to assessing the signaling plan, the traffic patterns, and the relationships among communicating entities. Elaborate databases of observed traffic (Hersh 1986, pp. 258-259) underlie all comint activities. A last operational point that bedevils communications intelligence is 'retention'--the preservation of intercepted signals for short or long periods of time until they can be processed, cryptanalyzed, interpreted, or used. As we have noted, storing a signal that the holder is unable to restore to its original form typically takes far more memory than storing an understandable signal. This is justified because, enciphered messages can be of value even if they are first read only months or years after they were originally sent. During World War II, Allied cryptanalysts were sometimes weeks or even months behind on some classes of traffic (Welchman 1982). Some signals intercepted during the Cuban missile crisis of 1962 were not read until two years later (Hersh 1987). In what is probably the granddaddy of ciphertext longevity, Soviet messages sent in the 1940s were still being studied in the 1970s (Wright 1987). Managing the storage of intercepted material is thus a major problem in all signals intelligence activities. After all of the technical processes characteristic of communications intelligence, the 'product' enters in to the part of the process common to information from all intelligence sources: interpretation, evaluation, dissemination. One process looms larger over comint than over perhaps any other intelligence material: 'sanitization'--removal from the intelligence product of information that would reveal its sources. Sanitization to greater or lesser degrees produces intelligence of varying levels of classification. Feedback would be nice b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [ 8:. - [ How to own ttysnoop ] [tak] :. ] [tak@b0g.org] :. ] ____________________________________________________________________ Ever on a box you wanna hax0r to the max0r? What if they were running ttysnoop? DOH! do not fear my friend, there are ways around that. First off, lets see if your in windows or linux... Windows telnet: windows telnet is white background, black text by default, and can only change it though preferences, not with a command on the remote machine...BINGO! most likely the person on the other end is running ttysnoops on console, which means black background, so the simple command. echo -e "\033[0;30m" will change their text black, and leave yours normal, you type, and they cant see. Linux Telnet: in linux, you can either try this ninja trick in an xterm with a different bg set, or something, or you can do it from console, with this ninja command... type this command on the remote machine echo -e "\033[0;30m" it will turn black, then go to a different terminal on your LOCAL MACHINE, like tty5 instead of tty6, and type: echo -e "\033[0;0m" > /dev/tty6 that will change your tty6 console to regular colors, and shit, but still leave it fucked up remotely. stand in fear. b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [ 9:. - [ a guide to daemons ] [psyops] :. ] [psyops@phault.org] :. ] ____________________________________________________________________ Introduction. The most secretive, yet most productive, application or service on a Unix system is the daemon process. A daemon, pronounced 'demon,' process is secretive because it runs in the background, and often does not indicate its presence in any significant way. Without it, most Unix systems would cease to function. Programmers write daemons to carry out a function with little or no intervention by users or system administrators. In fact, many daemons require no intervention at all! The services offered by daemon processes are important to understand, because the potential security violation may be through a program that masquerades as a daemon. What is a daemon? A daemon process is a process that is not associated with a user, but performs system-wide functions, such as administration and control, network services, execution of time-dependent activities, and print services. To qualify as a daemon process, several criteria must be met: the process must not be associated with a user's terminal session; and it must continue after the user logs off. From the rudimentary process management knowledge you have read about so far, you know that each process a user starts is terminated by the init program when the user exits. The init program is the most famous of all system daemons. This approach allows for proper management of the process table. Although daemon processes are almost completely invisible, they do provide some level of service to users. Daemon processes accept user requests and process them; they also respond to various events and conditions. They are often inactive, however, and are designed to be called into service only when required. By using a daemon instead of starting a new process for every instance, system load is reduced, and large programs that take time to get started will not slow down the user or the operation. A daemon can be distinguished from other programs on the system by examining the process table--the ps command displays this table. The distinguishing characteristic of a daemon is that the TTY column does not reflect the controlling terminal name. The daemon is the process with a questions mark "?" as the controlling terminal name. The controlling terminal is identified in the "TT" or "TTY" column of the ps output. Whenever this is found in a process entry, the process is a daemon. Daemon processes usually do not accumulate very much CPU in the short run, unless they have a lot of processing to do when they start. It usually takes a tremendous amount of time for these daemons processes to equal the CPU requirements that many other processes accumulate in a minute or two. The daemon processes shown in the ps output were likely started as part of the system's boot process. It is important to consider that the startup procedures of the various Unix flavors often are very different depending upon the heritage. SunOS 4.1.x, for example, is derived from the Berkeley Software Distribution (BSD) code and as such bears little or no resemblance to the startup procedure seen in Solaris 2.x, which is based upon the Unix System Laboratories Unix System V Release 4. The same is true when comparing Unix System V Release 3.2 and 4.0. These differences are important to note, because they make it easier to hide inconspicuous programs for later action. The HP-UX startup sequence makes use of a large number of files, each of which are tightly linked to a given subsystem. For example, the file netlinkrc is used to start network processes. With this type of startup file layout, it is much harder to locate the daemons and to modify the system startup procedure. Regardless of the Unix implementation being considered, the use of the /etc/rc/ file start the system is common. Consider the list of files required to start the daemons on an SCO OpenServer 5.0 system. SCO Unix products use a file system structure that is grouped by the desired run level. Run levels, their meanings, and how to switch between them. Like the HP-UX implementation, a number of SCO Unix startup scripts are used to start daemons. Each script essentially is dedicated to starting the daemons for a specific function group. This is not nessessarily bad design, but it requires a detailed level of understanding of the underlying system structure. Examining the System Daemons. A number of system daemons can exist in a Unix system. Some are only found in a specific version of Unix, but many daemons are common to all versions of Unix. This section discusses many of the common daemons and describes their function on the system. init The init daemon is known as the parent process for all the processes on the system. It performs a broad range of functions that are vital to the operation of a Unix system. The most commonly known purpose of the init process is to boot the system. The method init uses to boot the system differs among Unix versions. The BSD and XENIX init programs, for example, do not work the same way as the System V implementation. The System V init program relies on the file /etc/inittab/ to provide details of how init is to govern the startup and initialization of the various services on the system. The init process is commonly known as "init" because of its role in the initialization of various processes during system operation. The init program considers the system to be in a run level at any given time. Run levels are the operating states of the system. For the purposes of this section, a run level can be viewed as a software configuration; each configuration allows only a selected group of processes to exit. swapper Some Unix system administrators refer to swapper as a daemon, and others do not. The swapper process is responsible for scheduling the use of memory by the various processes on the system. The swapper process is actually part of the kernel, so you could say that it is not a daemon after all. update and bdflush Update and bdflush are similar commands that periodically executes the sync system call to flush disk buffers. These daemons execute every 30 seconds. Users and system administrators rely on these daemons to update the file system in case of a crash. Although two commands are listed, your system will see one or the other, but rarely both. lpd The lpd daemon is part of the BSD print services. It listens for and accepts connections via TCP/IP to submit a print request. The lpd daemon relies on the LPD protocol to accept the job, and submit it to the requested printer. This daemon was almost exclusively found on BSD-based systems until the more popular System V derivatives started adding similar services. lpsched The lpsched daemon is the System V version of the print spooler. It performs the same tasks as the BSD lpd program, but in a much different format. Despite lpsched's inability to communicate directly via the LPD protocol, it is still considered stronger than lpd because of its flexibility with printer interface scripts. cpd and sco_cpd The cpd and sco_cpd daemons are the license managers for SCO products. They are similar to license managers on other implementations of Unix in that they ensure that all products on the local network have unique serial numbers. With the release of SCO OpenServer 5.0, the license managers support shrink-wrapped software and operating system software. cron The cron daemon is the automated task scheduler; it runs scheduled jobs at the requested time. A user may want to execute a number of jobs at regular intervals, for example. To do this, a crontab file is created resembling the following: 0,15,30,45 * * * * /usr/stats/bin/getstats border1.ottowa 0 3 * * 0 /usr/stats/bin/merge border1.ottawa 0 4 * * 0 /usr/stats/bin/ar border1.ottawa This specification identifies when the job is to be executed and what the command to be executed is. The cron daemon builds an internal list of the jobs to be executed, and runs them at the requested time intervals. syslog The syslog daemon is a UDP/IP service that allows information and status messages for different network services to be logged through a central logging mechanism. The syslog daemon is controlled through the file /etc/syslog.conf and can write messages of different types into different log files. A sample syslog.conf file is shown here: user.* /usr/log/user_logs kern.* /usr/log/kernel_logs daemon.* /usr/log/messages mail.debug /usr/log/mail etc. etc. The syslog.conf file lists the facility priority level of the messages, and where that message is to be stored when received. Any message that is received with a priority level of critical, for example, is written to the file /usr/log/critical. sendmail The sendmail daemon is the common Mail Transport Agent included with current versions of Unix. Because this program is a daemon, it listens for and accepts incoming e-mail connections from external systems. This daemon receives and subsequently delivers messages to local or remote users. Sendmail is not intended to function as a user interface, but rather as the processing agent for user mail programs such as elm, pine, mailx, and mush. The sendmail program functions in two modes: incoming and outgoing. It accepts mail from internal and external sources and processes it according to the rules found in the /etc/sendmail.cf configuration file. The format of and options for the /etc/sendmail.cf configuration file are far too complex to cover here. The sendmail program is capable of accepting TCP/IP connections on port 25. The following output illustrates a connection to sendmail on this port. nms% telnet nms 25 Trying 198.53.64.4 ... Connected to nms. Escape character is '^]'. 220 nms.home.org Sendmail 4.1/ch-950121.1 ready at Thu, 18 May 95 11:28:36 CET help 214-Commends: 214- HELO MAIL RCPT DATA RSET 214- NOOP QUIT HELP VRFY EXPN 214.For more info use "HELP ". 214-stmp 214-To report bugs in the implementation contact Sun Microsystems 214-Technical Support. 214-For local information contact postmaster at this site. 214-End of HELP info quit 221 nms.home.org closing connection nms% The system administrator can test his or her configuration from the sendmail command directly. Unfortunately, this capability can also be used by the way the wily hacker to create a false mail message that looks like it came from somewhere else. getty The getty daemon is responsible for providing a login prompt on terminals and on serial devices directly connected to the system; getty is also responsible for providing a login prompt on the console. The getty command is started by the init process, and is part of the login->shell->logout process. It is important to note that when you log in through telnet, getty is not involved in the process. The telnet server, telnetd, displays the login message and collects the user name from the user. rlogind The rlogind daemon is the server side to the client rlogin program. It provides a remote login facility with authentication based on privileged port numbers and hostname-username pairs. rlogind is executed by the Internet daemon, inetd, when it receives a service request at the port indicated in the services database for login using the TCP/IP protocol. deliver The deliver daemon manages all mail delivery in the MMDF mail system. deliver does not only deliver mail directly, but instead calls on MMDF channel programs to handle actual delivery.deliver's actions are guided by the MMDF configuration file, /usr/mmdf/ mmdftailor, and by command-line options. This daemon also maintains a cache of host information on a perchannel basis, so that mail for unavailable hosts can be skipped until the host is available. inetd The inetd daemon listens on multiple ports for incoming connection requests. When it receives a request, inetd spawns the appropriate server. The use of a "super-server" allows other servers to be spawned only when needed and to terminate when they have satisfied a particular request. The following servers are normally started by inetd: fingerd, ftpd, rexecd, rlogind, rshd, talkd, telnetd, and tftpd. inetd can also start several internal services: these are described in inetd.conf, which is typically found in the /etc directory. Do not arrange for inetd to start named, routed, rwhod, sendmail, pppd, or any NFS server. routed The routed daemon is invoked by root at boot time to manage the Internet Routing Tables (usually during init 2). The routed daemon uses a variant of the Xerox NS routing Information Protocol to maintain up-to-date kernel Routing Table entries. If the host is an internetwork router, routed periodically supplies copies of its Routing Tables to hosts and networks that are directly connected. nfsd The nsfd daemon starts the NFS server daemons that hande client file system requests the nsfd daemon is a user application entry point into the kernel- based NFS server. mountd The mountd daemon is an RPC server that responds to file system mount requests. It reads the file /etc/exports to determine which file systems are available to which machines and users. This daemon also provides information regarding clients with mounted file systems. This information can be printed using the showmount command. pcnfsd The pcnfs daemon is an RPC server that supports ONC clients on PC (DOS, OS/2, and MAC) systems. There are two implementations of the PC-NFS protocol: Version 1 and Version 2. Version 2 supports extended printing features. It reads the configuration file /etc/pcnfsd.conf if present, and then services RPC requests directed to program number 150001. Many releases of the pcnfsd daemon support both version 1 and version 2 of the pcnfsd protocol. statd, rpc.statd The statd and rpc.statd daemons are RPC servers that function as the RPC status monitor. It interacts with the lockd server to provide crash and recovery functions for the locking services on NFS. It is common to see either statd or rpc.statd but not both on your system. lockd, rpc.lockd The lockd daemon processes lock requests that are either sent locally by the kernel or remotely by another lock daemon. lockd forwards lock requests for remote data to the server site's lock daemon. lockd then requests the status monitor daemon, statd or rpc.statd, for monitor service. The reply to the lock request will not be sent to the kernel until the status daemon and the server site's lock daemon have replied. b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [10:. - [ Two bombs and some anarchy ] [reaper] :. ] [reaper@b0g.org] :. ] ____________________________________________________________________ ================================================================= ::Volcano Bomb:: :: reaper@b0g.org :: ================================================================= (Firstly, IÆm not sure if this is an international thingy.. but like here, everyone does it) Ingredients for Volcano Bomb: [1]Matchbox [2]Duck Tape [3]Sparklers(Enough to fill the matchbox/container) (You do not necessarily have to use a Matchbox, you could use a container larger as long as you can penetrate a hole in it..) Step 1: You first need to empty the matchbox Step 2: You then rub the sparkler so all the powder in little bits goes in the matchbox, until the sparkler wire is bare(do this until the matchbox is full) + (remember to leave 1 or 2 sparklers untouched outside the matchbox, this will be our fuse) Step 3: Close the matchbox Step 4: Wrap duct tape around the matchbox,(make sure you do this tightly, the more pressure there is) Also wrap it sideways, the more tape again the more pressure. Step 5: Make a hole through the top of the matchbox(It has to be small so the sparkler-fuse can go in it),Place the sparkler in the hole of the match box upside down(meaning the metal piece starting from the top) Step 6: Light the fuse from the top of the sparkler. Step 7: Stand back How it works: When the sparkler fuse fire, gets into the matchbox all the sparklers will light up and from the pressure all the sparks will shoot up into the sky, its really cool. If you did it correctly the volcano thingy's sparks will shoot up to at least a telephone wire. ============================================================ ::Matchbox Bomb:: :: reaper@b0g.org :: ============================================================ Ingredients to Matchbox Bomb [1] Two Matchboxes [2] Duct tape Step 1: Open your first matchbox(1) and empty it out Step 2: Take your second matchbox(2),empty it out and cut the sides(the part where you light the match) Step 3: Put the sides you cut into the matchbox(1), put one on each of the 2 sides of the matchbox. Step 4: Cut the match heads off the matches you have and put them inside your matchbox(1). Step 5: Gently close the match box Step 6: Wrap duct tape around the matchbox very tightly Step 7: Throw the matchbox onto the floor or on a wall with power. The matchbox should light and you should hear a very loud noise. How it works: When throwing the matchbox the match heads rub against the two sides that are in your matchbox, this causes them to light. From the pressure a loud sound is heard. Warning: This may be dangerous if not done correctly, it could explode in your hand if you arenÆt gentle. ========================================================== ::How to phreak your local Arcade:: ::reaper@b0g.org:: ========================================================== Everybody knows that if you want to impress your friends you must either (a) be a totally er33t h4x0r like me or (b) phreak!@#!. In this tutorial I will show you how to phreak your local arcade. First you must find an arcade, then using the method we like to call "walking" (requires both feet) we step into the arcade. You will see a pay phone on one of the corners of the arcade, and if you saw the movie "hackers" everyone knows phreaking pay phones is totally elite!!! Instead of recording the sounds to phreak the payphone we shall use a method far more superior! First you must sit in one of the machines, you have to notice if the big hairy apeman behind the cashier is looking at you. If he isnÆt, pretend you are playing on one of the machines, you must not make yourself noticable ! After 5 mins you go up to the hairy apeman and you tell him "listen yo! your FuQinG machine ate my money, dats right dat FuQing tetris machine". The hairy apeman will then give you money so you can shut up. H0h0! he was owned!!! What he doesnÆt know is that you never put in money! You use th e money he gave you to make your free phone call!!!! HACK DA PLANET!!!! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [11:. - [ how to make napalm ] [karbonliphe] :. ] [karbonliphe@techie.com] :. ] ____________________________________________________________________ Good day up and coming Anarchs. Today you will learn how to make extremely flammable products from less flammable products. Have a good time and remember to be careful. You wouldn't want to burn a bunch of shit that belongs to someone else now, would you? Making napalm is the easiest thing you've ever done aside from lighting raw fuel ablaze. -Ingredients:- Gasoline Styrofoam Peanuts(used for shipping) Metal Can Now that youÆve gathered all these household items and you mouth tastes like the gas that you siphoned from your car you can begin the process of making napalm. All you have to do is pour the gas into the can and put Styrofoam in. The Styrofoam will melt unless you put like little plastic shit from stuffed animals in there, in which case it will not melt and you will have plastic in your gas and have to strain it out. That happened to me once cause IÆm a dumbshit and it didnÆt go up in flames. Now keep putting the peanuts into the napalm. Whats wrong, it wont eat anymore? Stir it and it should keep absorbing em. Okay, now you have absorbed as many peanuts as will mix in. Now drink it! No really drink it! Yeah if you drank it and youÆre still reading this then go to the emergency room and get it pumped...youÆre probably dead by now though. Well anyway, go outside and throw a match into it after you pour it on a mailbox or something. This is the cool part unless youÆre still standing by it or got in on your hand or something. The napalm should go like 5 feet above the trashcan if you made enough (enough=4-8 oz. or 1 cup). WasnÆt that cool? now you know how to make napalm!! Stay awake and alive for more to come anarchist texts. I plan on writing about burning shit in excess of 500* degrees and telling how to make dynamite and plastic explosives. Shout outs to all my friends back in Ohio. IM NOT REALLY AN ANARCHIST BUT MAIL ME CRAZY SHIT FOR KICKS! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [12:. - [ HACK THE PLANET!#@!] [acidkick] :. ] [acidkick@b0g.org] :. ] ____________________________________________________________________ HACK THE PLANET!#@! by acidkick If you look back through film history, undoubtedly one of the best movies was "Hackers". All of us can remember our first experience with Hackers. Maybe you were sitting around with your hax0ring buddies and one of them tells you about this elite movie. Maybe you were flipping around the movie channels at 1am looking for pr0n, but found Hackers instead. You might have been in your local video rental store and noticed this movie Hackers on the shelf, you were intrigued by it, it confused you...yet you wanted more. All of us have different memories of Hackers, but they are no doubt cherished. This article however, is not about Hackers the movie, but about that classic phrase that we got from it..."Hack The Planet". Hack the planet may be the greatest phrase in the history of the hacker underground. It is spoken over and over by the hack community and it really pisses a lot of people off. A lot of people say I'm immature and stupid because I say hack the planet, well to those people I say blow me. Hack the planet is elite. Anybody who cannot fully realize the eliteness of hack the planet, is certainly not somebody I want to be associated with. Here at b0g...we all feel a close bond with hack the planet. Hack the planet changes lives, maybe people don't fully realize their eliteness until they utter the phrase, hack the planet. You form a connection with this phrase that will remain for the rest of your life. One of the greatest pieces of software ever created was hacktheplanet2000.exe, known by most as telnet.exe. With hacktheplanet2000.exe 0day, you can hack gibson's like there's no tomorrow. Below is an example of hacktheplanet2000.exe in use: [lamer@k-rad]$./hacktheplanet2000.exe y4h d00d...0wn th15 [root@k-rad]# As you can see, using hacktheplanet2000.exe is very complicated, but with time it can be mastered and you too can be an elite hax0r. The example shown above is hacktheplanet2000.exe in it's local exploit form...here is the remote form: [lamer@k-rad]$./hacktheplanet2000.exe www.eff-bee-eye.gov Hold on d00d, eye am now owning www.eff-bee-eye.gov, th1s will 0nly t4k3 4 m1nut3#$%^... jaja...eff-bee-eye.gov=owned [lamer@k-rad]$telnet www.fbi.gov 31337 Trying 32.96.111.130... Connected to www.fbi.gov. Escape character is '^]'. [root@fbi.gov]# hacktheplanet2000.exe is a very powerful tool as you can see. The effbeeeye was just haxt0red with it's technique. And to all of you silly hax0rs who think somebody might have already patched the hacktheplanet2000.exe bug...don't worry it is 100% 'unpatchable'. That's right, you can hack the planet in style using hacktheplanet2000.exe. Below...I have 'hack the planet' in some different languages for all of our non-english speaking b0g readers...although if you can't speak english...then you won't be able to read this. I would like to thank rafay for the urdu, k-rad-bob for the norwegian, tak for the binary and other computer crap and system_v for the korean. I've also got logs and shit of people saying hack the planet, because people who say hack the planet are elite. HACK THE PLANET 4 L1F3#%^$&* Also, hi Crystal. ;) CORTE EL PLANETA - Spanish ENTAILLEZ LA PLAN╚TE - French ZERHACKEN SIE DEN PLANETEN - German INCIDERE IL PIANETA - Italian CORTE O PLANETA - Portugese GHOFLE DONYARO VAS KON - Farsi DUNYA KO HACK KARO - Urdu HACK PLANETEN - Norwegian ACKHAY ETHAY ANETPLAY - Pig Latin KUIG JANIEA ORALDIE - Korean 01101000011000010110001101101011001000000101010001001000010001010010 000001010000010011000100000101001110010001010101010000100001 - Binary 12122366193255235253213471747344543521 - Decimal 4841434B - Hex HACK THE PLANET!@#@#$$^&#%^&#% HACK THE PLANET! Hack the planet!!! HACK THE PLANET *** Topic changed to "HACK THE PLANET" by sureal on #hackphreak Haq da planet now. Hack the planet so what? HACK THE PLANET *** Topic changed to "HACK THE PLANET" by Wir3d0rb on #hacktech *** Topic changed to "HACK THE PLANET" by W on #hackphreak *** Topic changed to "W sez...HACK THE PLANET*&^%^%$%#$@" by W on #hackphreak HACK THE PLANET LIKE WHOA HACK THE PLANET! HACK ACIDPRICK Hack THE PLANET!! HACK THE UNIVERSE! HAX0R THE PLANET!!!!!!! lets team up and hack the pwanet!!!!!!!!! :( HACK THE PLANET$%&^* YA@#$@#$@#$ ./nick z3r0|c00l *** system_v is now known as HACK_THE * HACK_THE PLANET hack the planet hack the planet ? HACK THE PLANET!!@^$!^ hacktheplanet.exe b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [13:. - [ There's Nowhere to Hide ] [Aura] :. ] [aura@b0g.org] :. ] ____________________________________________________________________ Hello, boys and girls! I'm Aura, the crime-fighting teddy bear, and I'm here to tell you that... CRIME DOESN'T PAY!!! You see, when you commit a crime, there's nowhere you can run, nowhere you can hide. Our law enforcement professionals are totally elite, and they'll find you. Oh, you may think you've gotten away, but you'll slip up some way, because when you break the law, the universe is against you. And the fact that you tried to get away with it will make it much harder on you. You'll be much better off if you turn yourself in now! You get the pic? Now, let me show you why trying to get away with crime is so hopeless. First, let's visit Police Chief Roger Brownell. Aura: Hello, Chief Brownell! I just wanted the boys and girls to know what a consummate professional is in charge of law enforcement in their city so they'll know they can't get away with anything. How did you qualify for this job? Chief: Uh, I dunno. I hired an ad agency to run my election campaign. I'm not sure how they did it. Aura: How many years have you been in law enforcement? Note: Text enclosed in parentheses during dialog represents silent thoughts. Chief: (Oh, Juanita! Last night was heaven!) Uh... what was that? Aura: How... long... have... you... been... a... Cop? Chief: Oh, uh, how long have I... (Wait! That ribbon I took from her hair last night! It wasn't in that stuff! Did I leave it in my pants pocket?! My wife does laundry today! She'll see it!) (It's really not there! Oh, my goodness! I've got to go home!) Sorry! Something urgent just came up! A crime in progress! Lives at stake! I've got to go! So you see, boys and girls? With such a dedicated Police Chief, how could you expect to get away with anything? Let's go meet some policemen on duty. We'll slip up on them so we can see what it's really like to be a policeman. Aura: Children, look away quickly! These policemen are doing special secret police stuff, and you're not supposed to see! Little Girl: But, Aura, why did one cop have a doughnut around the other cop's-- Aura: Shut up!!! Well, boys and girls, we'll take another field trip later, but you can see how crime doesn't pay. No matter how smart you think you are. No matter how careful you are. You can't fool our law enforcement people. They're smart. They're well trained. They're totally dedicated to their jobs. They've got only one thought on their mind. And that's to stop crime! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [14:. - [ Fun and Games with RPM ] [phunki] :. ] [v0idnull@yahoo.com] :. ] ____________________________________________________________________ - What is rpm? - How is it used? - Creating packages - Wtf is the point of reading all this? - Defeating RPM - What does it verify? - Example - good v 0.1.0 spec file - Building and Installing good - Replacing the binary - Pimping packages - Our new package - Our new spec file - Magic warez - General ramblings - Other shit - good.c - evil.c ------------------------------------------------- Ahhhh, apc magazine. What can I say? 1.8 gigs of crap I donÆt need, clueless and moronic opinions from people I have no respect for and only two pages of remotely useful information, endearingly titled "TechnoBabble". All for the bargain price of $8.95. Yes, Australian Personal Computer Magazine has a lot to answer for, especially the new generation of users it has spawned. They are "The Linux Clueless Fucks". More and more of these fucks are popping up all over the place asking questions like "where is the recycle bin in linux?" and "how do I uninstall something/where is my registry?". There are two sub categories of clueless fucks: the genuine clueless fuck, and the wanna-be hax0r clueless fuck. It is the latter we'll be focusing our attention on. A clueless fuck is born ... 07:30 - wake up, clothes on (don't forget, socks THEN shoes) 08:00 - brekky time! (thanks mum) 08:30 - on the bike, off to school (spokey dokes are rad!) 15:00 - schools finished, on the bike again (listen to those spokey dokes !@#!) 15:10 - stops to buy some pokemon cards at the newsagent. "Hang on a moment .. it's the first of the month #@$#%@!" hurries to the computer section ... yes! it's a new apc mag!! pays for the pokemon and apc mag, hurries home 16:00 - successfully signs up for 500 free hours on aol from cd 1 16:30 - successfully installs, plays with and loses interest in all the programs on cd 2 17:00 - sees "Redhat Linux" on cd 3 "Linux is cool!" 21:30 - Finally gets linux to boot (with breaks for dinner, naps, and IRC in #linux) Now, here the sub-categories of clueless fucks come into play: the genuine clueless fuck will wonder why they get "bashed" when they type dos commands, go to bed, then brag at school the next day about how cool they are for running linux. The wanna-be hax0r however, makes a life changing decision, he hax0rs his way to insecure.org and hax0rs in the nmap rpm, no small feat for an apc mag reader. Thus, with no knowledge of linux whatsoever, he begins to portscan the internet. And here we find the wanna-be hax0r clueless fuck, merrily port-scanning away. Generally, they end up port scanning someone with a clue, who ends up looking at something like this: 220 clueless.hax0r.org FTP server (Version wu-2.5.0(1) Tue Jun 8 08:55:12 EST 1999) ready blah, lets get started eh? --- What is RPM? --- RPM stands for Redhat Package Manager. It is, as its name implies, a package management tool created by the good people at RedHat. Distributed under the GPL, it is available for many linux distributions and its use is reasonably widespread. >From the blurb at rpm.org: "[RPM] allows users to take source code for new software and package it into source and binary form such that binaries can be easily installed and tracked and source can be rebuilt easily. It also maintains a database of all packages and their files that can be used for verifying packages and querying for information about files and/or packages." Here we're going to have a look at its verification options, specifically the command "rpm -V" --- How is it used? --- rpm is a powerful/full featured tool. It has many options from the mundane such as installing/uninstalling through to building packages from tarballs and digitally signing them with pgp signatures. I'm not going to go into details about all of these options, if you want more information see the urls at the end of the file. --- Creating rpm's --- At the heart of building rpm's lies the spec file. The spec file contains a description of the program, instructions on building and a list of all the files needed. it's basic structure is like this: Header: Contains information such as program name, author, version/release information and other things in a similar vein (License, description etc etc). Prep: This is used to get for pre-build instructions to prepare for a make. RPM has some macros pre-defined to aid the unpacking and patching of sources, as each section is just basically a place to execute shell commands. Build: Here you place any commands you would use build the software if you were doing things manually (eg: make). Install: Here go the sh commands you would enter to install the software (or make install if your makefile has one). Clean: Get rid of any leftover/no longer necessary files, again, just sh commands. Files: A list of files for the binary package. Be sure to use the absolute path (/bin/blah) instead of directories (/bin). The latter would result in /bin/* being contained in the package :) Changelog: The changelog. Each section and any RPM macros are preceded by a % sign (eg %header, %prep etc etc). There is also an optional step between the clean and files stages for pre and post install/uninstall scripts, with several macros pre-defined by RPM. These are: %pre for pre-install scripts %post for post-install scripts %preun for pre-uninstall scripts %postun for post-uninstall scripts --- The point? --- As I mentioned before, we're going to look at the verification capabilities of rpm, why you should bother with such is this. If you've hax0red a clueless fuck and used your script-kiddie enabled rootkit tekneq, your going to get nailed as soon as they type rpm -V (this is of course assuming they know such an option exists but they'll probably be enlightened to the man command pretty soon by the usual self-righteous assholes you find in any #linux :) So now, lets have a look at defeating rpm's verification. --- Defeating RPM --- There are two main ways that spring to mind. One would be to modify the actual rpm binary itself so that no or limited verification takes place. The other would be to create a hacked rpm so everything appears to be ok when verified. A downside of this is the requirement of forethought. In case you haven't guessed we're going to be looking at the second method, creating our own rpm's. --- What does it verify? --- There are nine attributes it checks. Not all of them will be checked, as some aren't relevant for certain types of files. This is what they are: - Owner - Group - Mode - MD5 Checksum - Size - Major Number - Minor Number - Symbolic link string - Modification time When files are verified, no output is displayed if everything is hunky dory. When something is amiss one line is displayed which has the general form: SM5DLUGT c S - file size M - file mode 5 - MD5 checksum D - major and minor version numbers L - Symbolic link constants U - file's owner G - file's group T - Modification time c - appears if the file is marked as a configuration file - the file that was verified It is unlikely that every test will fail, so when a certain attribute is matches the database a . is displayed instead of the normal flag, giving something like this: [phunki@angst rpm]$ rpm -V netkit-base S.5....T c /etc/inetd.conf [phunki@angst rpm]$ So here we can see the file's size, md5 checksum and modification time do not match with what is stored in the database, and that file that did not match was a configuration file. (inetd and ping are contained in the package netkit-base) --- Example --- Ok, to illustrate the steps needed we're going to replace the binary good with our own binary, evil. These are just lame little "hello world" programs for the purpose of illustration, and are included at the end of this file. --- good v 0.1.0 spec file --- The general format of an rpm's filename is name-version number-release.rpm, so our package, good, will look something like this: good-0.1.0-1.rpm A spec file has the same format as an rpm, with the .rpm being replaced with .spec, eg: good-0.1.0-1.spec So lets have a look at good's spec file. --- begin good-0.1.0-1.spec --- Summary: Says hello world Name: good Version: 0.1.0 Release: 1 Copyright: GPL Group: Development/Tools Source: http://clueless.hax0r.org/good-0.1.0.tar.gz Patch: good-0.1.0-buildroot.patch BuildRoot: /home/phunki/rpmtest/BUILD %description using k-rad printf tekniq, will display "Hello World!" *every* time it is run Install it if you think you're leet enough to handle it %prep #nothing to untar, donÆt need to do anything %build gcc -o good $RPM_BUILD_ROOT/good.c %install mkdir -p $RPM_BUILD_ROOT/home/phunki install -m 755 good $RPM_BUILD_ROOT/home/phunki/good %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-, phunki, phunki) /home/phunki/good %changelog * Thu Jun 17 2000 phun kay - Created possibly the elitest program ever --- end good-0.1.0-1.spec --- A few things to note here. 1) You'll notice IÆm too lame to use tar. Generally in the prep section you'll put something like %setup, which is an RPM macro that untars and cd's into the directory required. (%setup has various options such as cd'ing before untarring and other such action-packed things) 2) The use of $RPM_BUILD_ROOT. This variable holds whatever was specified in the BuildRoot section of the header. It saves a lot of hassle, so use it. 3) Also in the prep section, a comment is placed just as you would in a shell script. Notice all the commands that aren't macros are just normal shell commands. Also notice the lack of #!/bin/sh --- Building and Installing good --- Nothing too special here: (create a binary package) rpm -bb good-0.1.0-1.spec (install it) rpm -I good-0.1.0-1.rpm [phunki@angst rpm]$ /home/phunki/good Hello World! [phunki@angst rpm]$ --- Replacing the binary --- Ok, so good has been built and installed, now what? If we want to replace the binary we can't use mv/cp, or it will fail verification. [phunki@angst rpm]$ cp -f evil /home/phunki/good [phunki@angst rpm]$ rpm -V good SM5....T /home/phunki/good [phunki@angst rpm]$ Definitely bad. So let's try replace good by "upgrading" to use our evil binary with rpm. --- Pimpimg packages --- As you've probably guessed, we're going to build a new rpm, but how can we do this without the original spec file? A neat feature of rpm is that it can be used to query existing packages, and enough information can be gained to create our own spec file. First off, we need to know which package our binary came from. In this case the name of the file was the name of the package, but this is often not the case, especially with "system base" sorts of tools: [phunki@angst rpm]$ rpm -q -f /home/phunki/good good-0.1.0-1 [phunki@angst rpm]$ Now we need the information for the header: [phunki@angst rpm]$ rpm -q -I good Name : good Relocations: (not relocateable) Version : 0.1.0 Vendor: (none) Release : 1 Build Date: Thu Jul 20 02:30:55 2000 Install date: Thu Jul 20 02:33:33 2000 Build Host: angst.blah.com Group : Development/Tools Source RPM: good-0.1.0-1.src.rpm Size : 11702 License: GPL Summary : Says hello world Description : using k-rad printf tekniq, will display "Hello World!" *every* time it is run Install it if you think you're leet enough to handle it [phunki@angst rpm]$ Not everything in the header is displayed, but you can get away with just an increase in version and/or release information (and you donÆt even need that), so this is plenty. Also note the build host, if people are cluey enough, they'll probably realize that angst.blah.com isn't a great redhat networking tool distribution center, but if you're thorough enough to be doing this, and it bothers you, this is easy enough to fix. Now we'll need a list of files that were installed: [phunki@angst rpm]$ rpm -q -l good /home/phunki/good [phunki@angst rpm]$ Finally, we'll include the changelog: [phunki@angst rpm]$ rpm -q --changelog good * Sat Jun 17 2000 phun kay - Created possibly the elitest program ever [phunki@angst rpm]$ Ok, so now we have all the information need for our specfile, as you've noticed rpm gives out info like a cheesy slut. --- Our new package --- The build options are inconsequential enough, as rpm's are distributed in binary form, so basically it's whatever works. As for installing there are a few things you can do if you're paranoid enough to want the original version number. One is to uninstall the original package using rpm -e, then install the new package. Another is to use rpm -I --force to install the new package over the old one. These have a disadvantage of removing/overwriting configuration files, but again this is easy enough to get around, rpm -q -l -c will list only configuration files. Anyway, in this example we're just doing an upgrade :) --- Our new spec file --- This is pretty much the same file, note the addition of evil.c. You could always add something to the changelog like "I trojaned your binary, fucknut" if you were so inclined. --- begin good-0.1.1-1.spec --- Summary: Says hello world Name: good Version: 0.1.1 Release: 1 Copyright: GPL Group: Development/Tools Source: http://clueless.hax0r.org/good-0.1.0.tar.gz Patch: good-0.1.0-buildroot.patch Buildroot: /home/phunki/rpmtest/BUILD %description using k-rad printf tekniq, will display "Hello World!" *every* time it is run Install it if you think you're leet enough to handle it %prep #blah %build gcc -o evil $RPM_BUILD_ROOT/evil.c %install mkdir -p $RPM_BUILD_ROOT/home/phunki install -m 755 evil $RPM_BUILD_ROOT/home/phunki/good %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-, phunki, phunki) /home/phunki/good %changelog * Thu Jun 17 2000 phun kay - Created possibly the elitest program ever --- end good-0.1.1-1.spec --- Build is the same, rpm -bb good-0.1.1-1.spec, when installing we'll use rpm -U. --- Magic warez --- [phunki@angst rpm]$ rpm -U good-0.1.1-1.i386.rpm [phunki@angst rpm]$ /home/phunki/good h4h4h4! 3y3 0wn j00 !@#! [phunki@angst rpm]$ rpm -V good [phunki@angst rpm]$ h0h0! --- General ramblings --- I've spent the last few days poking around rpm, objectively it's a pretty good tool that serves a valid purpose. Security wise it's about as useful as a kick in the tits, but it's worthwhile for it's other features. The only reason I can think of why its not as popular as it should be is it's egotistical name. I'm willing to bet if it's name was some recursive acronym with sexual connotations everyone would be using it. If you have to use it, do it with something like tripwire to back up its piss poor security. On a side note, I noticed the actual database (in /var/lib/rpm), doesn't seem to be owned by any package so you could possibly delete the entire database and rebuild it with rpm --rebuilddb. I donÆt particularly have an overwhelming desire to test this out though. One thing I haven't touched on is the signature checking abilities. To write this I did a "minimal" install of redhat 6.2 which was about 227 megs. If your using redhat type rpm -q -a to see every package installed. Feel like checking all their signatures daily? Admittedly, if you were recovering from a compromise, and couldn't bring the host down, this could be worth the effort, but it would still be a large pain in the ass. So, thatÆs it. Go own some clueless fucks. --- Other Shit --- Spokey Dokes: Brightly colored ball shaped plastic things that go on bike spokes. They slide up and down the spokes as you ride making a rad clanking sound. APC Magazine: For some bizarre reason this is a popular magazine in Australia. The parts of it that aren't ads are generally mindless pap. URLS: www.rpm.org - the rpm howto is worth a read www.rpmdp.org - rpm documentation project contains an entire book on rpm in various formats. Worth it if you uh, want to read a book on rpm. Other: The rpm man page - if your going to be using rpm, read this, its worth it. --- good.c --- #include int main(void) { printf("Hello World!\n"); return 0; } --- evil.c --- #include int main(void) { printf("h4h4h4! 3y3 0wn j00 !@#!\n"); return 0; } If you cant compile these, you're a moron. These are just included for completeness. ---------- y0 too ... #ozsec, #is - IRC is a tool of the devil 2600.org.au mindrape.org - mad archive wiretapped.net - another mad archive phase5 caddis grufl - "g1bb0r me back my IDE controller !@#$!" b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [15:. - [ The Ultimate Guide To Hacking Hotmail ] [acidkick] :. ] [acidkick@b0g.org] :. ] ____________________________________________________________________ Well haxt0rs, one night I was sitting on IRC (Internet Relay Chat) and I was talking to my good friend k-rad-bob. He was like "b0g is an elite e-zine dude%^$#@%$". Then I decided to write this 3133(5+2) article and you will all fjear. The art of "hax0ring hotmail" is one that takes many years to master. Through my time on IRC "How do I hack hotmail?" seems to be the most frequent question in elite channels such as #hackphreak. Most elite hax0rs want to own hotmail to find out if their girlfriend is cheating on them with the next door neighbors gerbil. To hack hotmail, first you must be 3133(5+2) without that technique, you are fucked. If you can't hack the planet, or own a gibson or 2...don't even try to hack hotmail because it will come after you with a vengeance. I have come to learn that hotmail has a mind of it's own...and if you don't straight up own it then hotmail might just hax0r you and that is bad. Second, if you want to hack hotmail for a reason other than finding out if your fat gay lubbor is cheating, turn away now because that's all that it's really good for. If you want to hack hotmail accounts in order to say, get free ascii pr0n or for any other reason...that just won't cut it because it's a waste of time. Now to the actual owning^&%$#& Following each "hax0ring method" I will have examples for the stupid people. If you are at the "victim's" house you can be 3133(5+2) and look over their shoulder while they type in their password! You will get their password and they'll be hacked. Now what if the person is like "dunt look at my password or I'll break your legs"...well, you cover your eyes, but peek through$%^#&* they will never notice and you will have just hacked them. Example 1: (Jebediah): I am going to check my e-mail on Microsoft Hotmail. (You): Ok, good idea Jebediah. (Jebediah): *types in password* (You): *looks at keyboard* Jebediah=Owned Example 2: (Jebediah): I am going to check my e-mail on Microsoft Hotmail. (You): Ok, good idea Jebediah. (Jebediah): Cover your eyes, I don't want you to see my password, it's uber secret. (You): All right. *covers eyes, but leaves a crack between fingers* (Jebediah): *types in password* Jebediah=Owned The second hotmail hacking technique is to be like "I am a hotmail administrator. Tell me your password now." and you get the password and see if the gerbil rumors are true! This is a bit tricky since hotmail has all that "Do not give your password out to anybody." crap on their pages. Lucky for you...if someone is stupid enough to use hotmail, chances are they will be stupid enough to believe that you are actually a hotmail administrator. Example 3: From: Jebediah Johnson - Hotmail Administrator To: Stupid Gimp Dear Mr. Gimp, I am Jebediah Johnson, a Hotmail Administrator. Our system has recently crashed and we therefore need to confirm the existing password of all of our users. Please respond with your password as soon as possible. Thanks. Sincerely, Jebediah Johnson From: Stupid Gimp To: Jebediah Johnson - Hotmail Administrator du0d, my password is "31337h4x0r". it sucks that you got 0wn3d, haha...but like, there is my password for your 'confirmation' -Fucking Idiot ---That's how it works people, owning hotmail accounts is as easy as 1, 2, 7. The third and final method of owning is to be like 'TELL ME YOUR PASSWORD HONEY OR I WILL RIP OUT YOUR EYES WITH AN ICE PICK. THAT'S RIGHT BITCH, DONT MESS WITH ME'. This is also known as the "hostile" method. I take no responsibility if you are sent to jail for making these type of threats. It's a good thing that we all know that won't happen, because the victim will fjear your technique and give up the password on the spot. Example 4: (Big Gay Al): Hi honey, how was your day? (Big Gay Joe): TELL ME YOUR HOTMAIL PASSWORD NOW SLUT! (Big Gay Al): What do you mean tell you my hotmail password? (Big Gay Joe): I SAID TELL ME THE PASSWORD ASSFACE#%$@^& (Big Gay Al): Ok, ok...it's backdoor_bandit. Ok? (Big Gay Joe): IF YOU'RE NOT TELLING ME THE TRUTH...I'M PICKING YOUR EYES OUT WITH AN ICE PICK! (Big Gay Al): It's the truth, I swear. (Big Gay Joe): Thank you. If none of these methods work, then I'm afraid you're shit out of luck, because those are the most elite hax0ring methods around. If anyone has anymore ideas on how to own hotmail ninja style, e-mail me at acidkick@b0g.org and I just might do a "follow up" article. Shouts to bob, #k-rad, #dps, #hacktech, hst, acrylic, messiah, reaxt, vulgar, overfien, tak, electro-, console, t|rant, wh0rde, tidepool, Wir3d0rb and rash. b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [16:. - [ How to pimp IRC ] [dawgyman] :. ] [glcharron@uswest.net] :. ] ____________________________________________________________________ First you gotta social engineer the bitch. And you gotta go soft on her, if you want things. Session Start: Fri Jul 28 11:22:19 2000 Got a picture? i wish i should have one soon im gonna go to kinky kinkos and try to get one if i can get a ride from my mom cuz i dont have a scanner oh =\ heh... Session Close: Fri Jul 28 11:23:07 2000 Then you gotta make the bitch seem like she's ALL THAT, okay? Make the bitch feel special. And then maybe she will start to tell you personal things, really personal things. =) Session Start: Fri Jul 28 11:23:08 2000 Session Ident: LippyCat (o@ip212.tucson14.az.pub-ip.psi.net) you think im not cute? You sound cute. =) Ur wrong iam cute : ) trust me HEHE word i wouldnt have ex boyfreinds stalking me if i wasnt err but thats not a good thing didnt you hear me say my descriptino on the conf? is dawgy dead? ? Sorry I'm watching a movie. hehe oh dear heh No, I didn't hear you say your description on the conf. i have hair down to my waist... its like thick and aubornish blue eyes dark blue 4'8 22 inch waist 90 lb.s heh and umm yah... mmmmmmmmmm * Davvgyman moans heh bageesus seriously thats how i look.. so dont fake moan at it silly kid im little very little ;_( tiny mew Dawg wake up stop watching pornos ? LOL oh You want me to call you up, and then moan at you? ok hehe lol Then secks you up. >=) yah lets get the show on the road well! seks me up fine you dont get to nipple on lippy!!! lol = =( shes so sweet too .. you have to tell me how you set that conf up Are you seriously 4'8"? pwetty pwease lol Well, we carded it. yes ;_( y? Just wondering. =) I still l0b j00. no you dont you dont like short girls i see how it is carded... ? credit card? hey pay attention to me fine mister short girl hater au revoir lol Sorry! =( yes credit card stolen account =P how did you get it? why dun you like short girls.. im thin just petit ... I like short, small girls. Seriously. hah sure.. =( the boobs dont go with the body though = ( Big boobs? im small everywhere except... breasts cool yah err dun tell anyone but 34/DD dun tell umm ron or anything @#$#@!$#@!@ WOW! err i hate them and then i have this tiny waste DONT EVER FORGET TO TALK SMOOTH TO HER! Be cool, play a game or 2 with her. Just let your cawk guide you. Session Start: Sat Jul 29 12:46:06 2000 Session Ident: LippyCat (o@210.220.69.165) purrrr were do you get that translator? lol in a channel i'm in on efnet It's a secret channel. For members only. =P heh what? www.cyberarmy.com has a nice translator. you brat im gonna bite ya mm please do ohhhy yay * Dawgyman licks you mmm were? You know.. * Dawgyman winks ohhhhhy mmmmmm Session Close: Sat Jul 29 12:48:42 2000 here comes to really cool part, when you start getting nasty! =) Session Start: Sat Jul 29 12:50:08 2000 Session Ident: LippyCat (o@210.220.69.165) you should really do that i would like it ? Do what? heh lick me there okay! Lippy Do you love me? yep yep yep I love you too. i lub j0o sooo much dawgy * Dawgyman licks your ********************************************** =) mmmmmmmm purrrrrrrrr Lippy: tonight, lets phone sex0r. =) your silly dawg hmm but i wish you could come here and do that CAn't we just do both? i dun want a bunch of people listening to me get off What? on teh conf hmm We dont need to bring people on it. We can be alone. hah and then i can play with myself and moan and you can tell everyone in the rooms hehe i dun think that woudl be yay no I love you. Anything we do, stays with us. err umm please dont say you love me when we arent joking hmm ill tink about it err dawg your gonna get hit dont say that * Dawgyman bites your finger * LippyCat bites your wrist Talk to her, ask her what she wears sometimes, dont be crude about it! Session Start: Sat Jul 29 13:08:17 2000 lol I'm back. We're outta gas. brat =( you get to not do your chores lol i still have to do dishes hehe Do it naked? yep naw i do it in gee strings they look so nice on my tight ass HEH!%!@^!#@! what are you hehing about? THATS AWSOME =) its even better when you can see it OMG * Dawgyman masturbates =) Session Close: Sat Jul 29 13:17:21 2000 And the rest should tell you how much of a hoe she can turn into. =) Session Start: Sat Jul 29 15:13:01 2000 Whatcha doin secksi? putting my finger in me and moaning i was kidding silly haha Man. I want to say something, but you would get mad. =( what? I love you. err =( Session Close: Sat Jul 29 15:21:56 2000 Here sometimes comes to the phone sex part. =) It gets eRoTiC!#!#$@! h0h0!$#@!$@! Session Start: Sun Jul 30 04:46:59 2000 Session Ident: LippyCat (o@ip117.tucson14.az.pub-ip.psi.net) i lub j0o I loB jOoO tOo! hehehe i wanna talk to you ;_( phone? yah Me too, hehe, brb k ok back Want me to call you? yah ! okay yah yay* hold on okay! So..What're we gonna talk about? =P i dun know well see when you call me =) k call me in like thirty seconds k ! -> [LippyCat] PING Session Close: Sun Jul 30 05:48:20 2000 Here's the part when you know she's a slut... Just read how she treats ya. =) Session Start: Sun Jul 30 05:49:42 2000 God, that was so great! hmm was it? yes well im glad you had fun. hmm Did you? sorta =\ you came pretty fast I know, I was masturbating before you asked me. I'm shy. =P hmm why did you say you loved me when you came or hung up Cause I do. Did that make you mad? =( do you know what love is.. yes sorta hmm.. you dont love me Do you? trust me ok you only lust after me because i sound sexy and can make you cum And if you tell anyone i did that with i swear to god ill find you and kill you im serious.. just keep in mind.. that im psycho No you're not. =( yes i am if you tell anyone you get in trouble and then i will find out wre you live and i will kill you i have your phone number and your listing is Gayle L Charron Yes, I know. and i will slit you like a fish ok? so your not gonna tell anyone right? LOL no, i'm not. Nina, Why would I do that? =( tell me you dont love me Now! .. im waiting tell me you dont love me and mean it I dont love you. I hate you. =) Happy? =p yes.. Session Close: Sun Jul 30 06:02:54 2000 b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [17:. - [ Counter-control in school ] doc] :. ] [doc@b0g.org] :. ] ____________________________________________________________________ I am a former high school teacher and school administrator. While I was in that rancid occupation, I noted a lot of the "tricks" school teachers and Admins use to manipulate and control students. (That's one of several reasons I got out of the field.) In this article, I will cue you in to how to counter these techniques. Most school teachers and administrators chose that occupation simply because they are such little people with so little intelligence and such low self-value (at least credit them with knowing their true worth!) that they want to compensate by dominating and controlling others. Many of them seem to derive sexual pleasure from exerting control. I think it's about time the tables were turned on them! Be forewarned, though... Using these counter-control methods will not endear you to these wannabe dictators. It will, in fact, drive them berserk and ensure their undying hatred. So be sure you're ready for that before you proceed. `Tip #1:` When they summon you into their office to harass you, they may leave you standing. This is to throw you off-balance and to make sure you remember you're in their territory. They expect this to intimidate you and make you nervous. Counter-measure: Seat yourself. Now who's off-balance? (Be ready for instant rage!) (School thug's reaction: "Erg?!") `Tip #2:` From the time you enter their office, they intend to keep strict control of the meeting. Counter-measure: Immediately seize the initiative. Make statements, ask the questions, etc. (School thug's reaction: "Wha--?) `Tip #3:` In any encounter, they are likely to pepper you with questions so they can knock down your answers. This is to keep you intimidated and confused. Counter-measure: Don't play the defensive role they intend for you. Give only brief, mono-syllabic non-answers, immediately followed by pointed questions to keep them off-balance. (School thug's reaction: "Wha--?") `Tip #4:` They want to have the last word. Counter-measure: Be sensitive to when the meeting is about to end and don't let them dismiss you. Instead, rise and with a smile say something like, "Well, this has been a productive session. Thanks for your help! I'll not take up any more of your valuable time." (School thug's reaction: "But at the seminar they said I'M supposed to do the dismissing. And this smart-ass kid is dismissing ME?!") `Tip #5:` Beware "The Voice." This is a psychological technique taught in seminars for tyrants and heavily used by school personnel as well as by cops and other such slime. It simply involves barking commands in a stern tone. Most mundanes are cowered, and many will meekly obey before they even have time to think about it. Counter-measure: Develop a mindset of not being intimidated or controlled by this cheap trick. Display an amused expression for an instant, then respond in a similar barked manner. (School thug's reaction: "Wha--?") `Bonus Tip #1:` If you find yourself nervous during an encounter, imagine the wannabe "authority figure" standing before you in the nude, with all the flabby fat jiggling with every move, etc. Let your facial expression respond naturally to this vision. (School thug's reaction: "Huh? Is my fly unzipped, or what?") `Bonus Tip #2:` Be alert for signs of sexual interest and react in such a manner as to inflict maximum embarrassment. For example, if you're a guy and your harasser keeps glancing at your crotch and licking his/her lips or swallowing, that's a good sign of such interest. If you're a girl and the harasser stares at your breasts, that's an equivalent indication. Whenever he/she looks at your face again, smile knowingly, then look deliberately at the targeted area of your anatomy and casually cover it. (It's time to implement Tip #4.) (School thug's reaction: "N-O-O-O-O-O-O!!! He SAW me looking at his--!") Well, kids, there you have it! As I said, it seems a lot of school thugs get a sexual thrill from control, so this is a sure way to quickly deflate their--uh, egos--and leave them flaccid! \ b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [18:. - [ The internet told me so ] [untoward] :. ] [ford@fop.ns.ca] :. ] ____________________________________________________________________ You can close your windows lock your doors leave me leaning on widows sucking on whores I know that ugly men in beautiful ties can fool you with their business card lives allow your finger into their pies hide you from their wives The internet told me so, and with a silly buffer overflow I know where you were last night that's right You can call it done say you never loved me that we had our fun and that was all it was meant to be and that was all I was meant to be but I've seen your personal emails business men fetish she-males selling you amongst themselves retail I know you in perfect bitmap detail the internet told me so and with a silly buffer overflow I know where you were last night that's right I know who you were last night. b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [19:. - [ IRC Quotes ] [k-rad-bob] :. ] [irc.undernet.org] :. ] ____________________________________________________________________ *** BobsKC changes topic to 'No help for this channel.. BobsKC' *** BobsKC sets mode: +mi *** exit has left #k-rad I'll open it but you do NOT want to bring any more bots there except one which I Prae is brining back bringing just one? one how many is x? okay how many is w? one yeah but x and w are a lot more stable then praes crappy bot lol does there is any tcl scripters here? if yes, i have a question: does there is any way to get a keyboard keypress in a variable in tcl? <__brian> you know that in israel some people trade animals What do you call a drive by in china town? capachino I don't understand it hi all there is someone in our channel steal an op pass and his puting bad topics with W can i get his ip? do u know where i can get a copy of bo2k that works prae, how do you know where to start your record? is there a dot were you put the needle when you start? what fucking record a beatles record no you stupid cunt LOL you put it on the outside wuftp does have any bug because i belive my machibe was hack using some sort of exploit :( what's better than winning gold at the special olmypics? not being retarded who have a scanner for mirc? can somebody tell me how to get get the correct IP of a pc that is online does anybody know how to access a novell netware network with an ip address / username and pass? Q: why cant paki's play football? A: everytime they get a corner they build a shop on it lore PLEASE send me those scripts? write your own man i didn't know you hung with b0g i'm not sending out my scripts to b0g lovers topic Hi... does anybody knows about a new program wich is called zero something and it hacks hotmail and icq and stuff like that? thanks do cows get errections if you like massague their penases? does anyone know how to hack nicknames on IRC? please answer me were can i find WINSCK.OCX I looked under google for Accidental Cleavage can you access their web cam? and see if they're masterbating? what are some commands i can do in telent port 25 how do i read the persons mail i wish russia had ebay so you could buy stuffed tits and stuff i know ASL, but wat does the D in ASDL mean ? can some one nuke me pls ???????? this is a test Argh, anyone know AOL... do they use their own browser? *** eljine has joined #hacktech who can help me to hack a server of fuck... society ?? *** ShadowDog has joined #hacktech huh allo ? allo ? allo ? allo ? *** Pingu2k is now known as PinguAway what's the fuckin men are there here !!? this one is fom icq but i just had to post it: Kr0zKr0niK (ICQ#44006891) Wrote: is there a way i can actually get an e~mail address like: r00t@127.0.0.1 <[Durango]> Is it possible to disconnect a computer from the internet with another computer in another home? Msg me rap = retards attempting poetry [23:15] *** jan20 was kicked by Kim- (Unwanted: members of channels with "#familysex" in the name) big mistake grid, dont you know all my lines are sniffed by the NSA you wanna play, now i am in the game He be wanking to the mens section in Sears mag lol it's a+ material For the longest time... no I thought the prodigy song " smack my bitch up " was really... Smack my picture all those revealing khakis.. SEE MY FREE NAKED PICTURES!!WET P"USSY 4 U!-> http://www.hitboss.com/cgi/1/Bikini?10660 BLUE I HAVE AN 8 INCH COCK! hey BITCH I can find out where you live by your IP address? Isn't that cool? THen I can RAPE you and throw your body in a dumpster somewhere. you fucking cunt answer me or I'll hunt you down and ram my cock in your rectum can anyone help me with buffer overflows? ive been experimenting with some code to learn more about them none of them generate a root shell like they should, so i tried a prog with just exec(/bin/sh) and setuid it to root, but it didn't work! why? <_grid> hmmm <_grid> are you stupid by any chance [!] topic for #teen: ATTENTION EVERYBODY: THE INTERNET WILL TURN OFF IN 10 MINUTES --THANKS hey hst. y0o hh wuhjts"s heh up he's drunk imA SM NIOOT haha heh iofm eayer ? wtf WHat ? *** JCS_TX (~JCS_TX@bay1-341.houston.ziplink.net) has joined #lpsg ok,as strightt *** JCS_TX (~JCS_TX@bay1-341.houston.ziplink.net) has left #lpsg [hst!hst@adsl-61-153-28.atl.bellsouth.net]: breer think that means beer? :D heh hst is a drunk! -> *jesus* invite timrocks #satcomm *** acrylic has quit IRC (brb.) *** JESUS (timmy@unix.gci-net.com) has invited you to #satcomm did you give up on #satcomm hst? jush jush huh? you dont chill in #satcomm anymore WHatu\ heh nevermind hahaha you are obviously too drunk to keep up a conversation is satco,bvcn[ i guess I'l ask him to add me tomorrow :D hahah i dont think he could type the command rick *grin* IA YAM THE NRREDWORM no hahaha justin log this HEH hes drunk and listening to dj qbert I YAM THE REDWORM we'll give it to him tomorrow LOL werd. i cant log GMOW ill just copy it to txt damnit k hst: theres naked pictures of your mom on the website now wetrd EI totally i wish i was that smashed *** slickrick changes topic to Drunken hackers, today on Sally HAHAHAHAH WERD*$& im sending this to b0g =p HAckPHRWKA haha hst, is the screen spinning? dude got any leet colored popups? :D lol sorry bbbbbbbeeeeeeeeeeerrrrrrrrrr #HACKPHREAK i was watching people ping out the ops =P hehe IMTM EH AREAL SL:IM SHAYDF PLEASSE DASTAND UP HAHA YES IM THE REAL SHADY ME TOO HST, ME TOO PLEASE STANP YUP *** hst changes topic to M JUUCAHAHAHA BOOOS HH ** YEHAN UHHN UH FSUCVK YOU damn hello AN F YOUR UNCLE YTP hst> HR$y buiddy sdyickl, up ypur ass me? dude, he fuck yer goat ass, dont diss i think he is missing RLoxley Rloxleryuy is a fat hp,psexual; try not to puke on your keyboard ok hst? *** hst has quit IRC (Ping timeout for hst[adsl-61-153-28.atl.bellsouth.net]) HAAH guess the puke seeped into the hard drive =( b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [20:. - [ Mailbag ] [k-rad-bob] :. ] [mail@b0g.org] :. ] ____________________________________________________________________ Fra: AOL Instant Messenger Til: tak@b0g.org Emne: AOL Instant Messenger Confirmation (h9tbXp6b1D rootninjatak) Dato: 25. mars 2000 21:31 Thank you for registering for AOL Instant Messenger(TM)! Your registration for screen name rootninjatak has been received. Please reply to this message within 48 hours to complete the registration process. Simply reply to the present message and type 'OK' as the text of your message. (This is to help us ensure your e-mail address is valid.) Thank you! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! Fra: Th33ph v1ruS Til: k-rad-bob@b0g.org Emne: Boo Ho0o, I see your po0. Dato: 2. juli 2000 00:39 Hey Bob, I just thought I would mail you and tell you that you are like a fatherly figure to me. Your my idol, and always will. When I was a small child growing up on the hard streets of Ireland, I would cradle myself thinking of all the different ways I could be like you. Then I thought "I could shave my nuts and molest some little children" but came to realization that by doing this I would not be like you, and that it was just the voice in the back of my head. Well, Now I have grown up, and Im listening to Mindless Self Induglence. Harrasing single women in #Widows, and packeting small children off of IRC. But I still dont feel like I have completed my mission in being K-Rad like you. What do you suggest I do? Also would you like the story of the little dog I had sex with when I walked my neighbors dog? Th33Ph Ph33nds.Org Lamers Anomoynous (Is that how you speeeeel it? Its a long word) ------------------------------------------------------------ Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com AntiOnline - The Internet's Information Security Super Center! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! Fra: nasty wild style (NWS crew) Til: k-rad-bob@b0g.org Emne: h0h0... Dato: 13. juni 2000 22:13 can u tell me where i can find sow qualiti p0rn pics ? ...i jsut building a site but i dont have much on me xxx section//pls send me some links and pls free XxX sitez Thanks ..S0csUx0il crew rulz bye Get your FREE email @ Cypria.com b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! Fra: brian! Til: bob@b0g.org Emne: HI THERE BOB Dato: 31. juli 2000 22:57 "Dear k-rad-bob, I am writing to you because of a serious problem I am facing, computer related. You see, an aquaintanance of mine ask me for help and I'm not sure I can help him with his serious dilemma. He's a Vietnam-era deserter from the U.S. Marines, and has a cousin who works for Microsoft. His mother peddles Nazi literature to Girl Scouts in Utah, and his father (a former dentist) is in jail for 30 years for raping most of his patients while they were under anesthesia. (nice guy...) My friends family, including himself and his $500-a-week heroin habit, are his uncle (master pick-pocket "Fingers") and his aunt and kid sisters, who are well-known streetwalkers, down there in Utah. Well, here's his problem: He has just gotten engaged to the most beautiful, sweetest girl in the world. She is just sweet sixteen, and they are going to marry as soon as she can escape from reform school in Salt Lake City. To support themselves, they are going to move to Mexico and start a fake Aztec souvenir factory staffed by child labor. They are looking forward to bringing their kids into the family business. But--my friend is concerned and worried that his family will not make a good impression on hers, once she has a chance to meet them. In your opinion, RaveN: should he, or shouldn't he, let her know about his cousin who works for Microsoft?" h0h0h0! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! BRIAN RULES! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! Fra: mike alkav Til: k-rad-bob@b0g.org Emne: m4d sh17 Dato: 22. Juli 2000 00:33 //////////////////////|b0g dr1nks! - malkav|\\\\\\\\\\\\\\\\\\\\\\\\\ [Kermit the Fudge] 1 big ass cup from quicktrip or something Crushed Ice 1/2 Surge 1/4 Sweet and Sour Mix 1/4 Vodka A little bit of Tom Collins You can't taste the alcohol so it's great with ch1x0rz who don't like liquor. You can't smell the alcohol so you can sneak it in class. The caffeine from the Surge keeps you awake. It's a big hit at parties, just make it in massive quantities. It's not too expensive. At a party of 60 people, we went through 8 (8!) gallons of this stuff. &$^&Kermit the Fudge is now the official drink of b0g~@$# mikealkav@hotmail.com ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! Fra: c00kie Til: k-rad-bob <808@c2i.net>; object@undernet.org Emne: Re: [Objection] SV: Your application for #k-rad has been rejected. Dato: 26. juli 2000 19:30 At 08:09 AM 07/26/2000, k-rad-bob wrote: >how's the weather on your planet? Actually the weather here is just fine, thanks for asking. >abuser? Yes. >i have yet to resort to even ping someone >whoever it is over there that for some mysterious reasons has a personal vendetta against me, please back this utterly absurd statment with some evidence, proof, logs, anything. Oh, I guess someone neglected to tell you that we don't really need a reason to refuse our services to *anyone*. There is nothing anywhere that says we have to register any channel. >oh i forgot you cant! >or can you? >i dare you >you guys are starting to look so bad. >first purged X from the channel because someone at your place made a bad judgment call, then, when i sent proof, proving beyond the shadow of your wildest dream that you screwed up and not me or anyone in my channel you didnÆt even have the decency to reply. > >now 6 months later, we applied for X and it got rejected for the most mindless reason ever, its pretty clear that whoever made that decision is on some kind of crusade against me for reasons i have yet do discover. >again this email i received from whoever it is that wrote it is a reply to my objection since the application got rejected. > >hello!??!?! > >you are supposed to answer for your yet again absurd actions, not banning me because you happen to not like someone in my channel. >grow up. Actually, you're the one who needs to grow up and get over it. We are not going to register your channel. Period. End of story. >yes again, i have never abused anything, i have done the right thing all along, but this someone in your department is acting like with such arrogance its starting to scare me. >i demand some answers >and i want this sabotage to end. > >desperately yours > >k-rad-bob >owner of #k-rad > > > > >-----Opprinnelig melding----- >Fra: regproc@cservice.undernet.org >Til: 808@c2i.net <808@c2i.net> >Dato: 26. juli 2000 16:42 >Emne: Your application for #k-rad has been rejected. > > >>I regret to inform you that your application for #k-rad has been rejected >>The reason stated by the Admin reviewing you channel was: >> >>Setting to never-reg. We don't provide services to known abusers. >> >>Please try correcting this problem (if possible) and try again. >> >> b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! -----Opprinnelig melding----- Fra: staff Til: k-rad-bob Dato: 2. april 2000 17:21 Emne: Re: hm http://www.dineatdms.com/stories/eatpussy.html >k-rad-bob wrote: > >> i found a site containing your "A LESSON IN EATING PUSSY" >> and i liked it but i forgot the url >> could you help me out? >> >> :)) > > b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [21:. - [ CH4NG1NG TH3 W1ND0W5 9X S74R7UP SCR33NS ] [gH] :. ] [hax0r@netvision.net.il] :. ] ____________________________________________________________________ 4N 3SS4Y BY gH JULY 31ST, 2OO0 4LL R1GH7S R3S3RV3D T0 ne0h & MoStHaTeD - WHY TW0 K4Y!@$ 1T H4PP3NS V3RY 0FT3N TH4T N3WB1E5 4SK M3 "H0W D0 EY3 CH4NG3 MY ST4RTUP SCR33NS 0N W1ND0WS 9X?!?@#$?@!%$?$@#^#^$%#$%?#$", S0 TH3R3F0R3, 3YE D3C1D3D I SH0ULD WR1T3 A WH1T3 P4P3R AB0U7 TH3 ST4R7UP SCR3EN5 M4N1PUL4T1ON T3QN1Q. L3T'S G37 T3CHN1C4L. WH4T Y0U W1LL N33D 1N 0RD3R T0 D0 S0 1S A GR4PH1C 1M4G3 M4N1PUL4T10N PR0GR4M (MSPAINT.EXE W1LL D0), A 10 OHM R3S1ST0R, 3 FT. 0F W1R3S, 2 AL1G4T0R CL1PS, A S0LD3R, 4ND S0LD3R1NG 1R0N. 0P3N MSPAINT.EXE 4ND S3L3CT "OPEN" FR0M TH3 F1LE M3NU. TH3N BR0WS3 AR0UND T1LL Y0U G3T T0 TH3 C:\WINDOWS\SYSTEM D1R3CT0RY. TH3N M4K3 SUR3 TH4T Y0U H4V3 "ALL FILES" 1N "FILE TYPE". F1ND LOGO.SYS 4ND 0P3N 1T. TH3N 3D1T TH3 P1CTUR3. TH3N S4VE. KN0WN BUGZ: N0T 4LW4YS W0RK1NG. W3 4T gH L4B5 4R3 ST1LL W0RK1NG 0N A W0RK4R0UND UNT1L M1CR0S0F7 R3L34S3S TH3 0FF1C14L P4TCH. 4ND N0W T0 TH3 P4RT 3Y3 L0V3 TH3 M05T!@$ -=:[.^Sh0U70uTz!@$^.]:=- Chaos Merchants, ILF, PTR, Ghost Shirt Factory, AOHP, phait, St0rM, WinDose/LSD, code zero, druhy, LoU, StarFire, fr0lic, P.A.R.A., GALF, Circle of Deception, Chameleon, tmw, toxyn, KNS, CHAD, X-Ploit, enforcers, ei8ht, 777, phoenix, shady invader, Kecoak E., No|d, KaotiK, TBH, br41n c4ndy, NoHuP, Tech Voodoo Crew, b0g, Trix/Vertex, SUiD, Mr Revengario, Lithium Node, Gr Power, Headflux, 74074, |TeDUHOB, raptor666, HFG, d3stro, xenion, MoD, the mach1ne, johnnyd, txe, XHN, Access Denied,freddie & chewie, JiG-SaW, z1pp4h, HackPHR, lyp0x, holt, CHA, Spam, vyrus, Ez|ne, wH^TyC, SHA, BuG^, BTF Team, kpz, snow, rd, khd, special-k, sobber, X-organisation, cha0s, ucl, #pascal crew, Milkil/REKill, rEWTED, ax, gH, null, Sp0rE/Dem0l|sh, VHG, Ble4cH, chc, SpazRat, Viper, HcV, network weakness, mode, doberman, Hackmasters,X-Team, phantom one, hackcity, CmP/NBH, Netguru, Fluxx, maverick, fasti\o, LoRD OaK,Raider-X, covered mine, RazaMexicana, Hi-Tech Hate, Dr acid, rootworm, #gphoe, k-rad-bob, #hacktech, #intercore, #eEye, #rootworm, #kernal, psychic, Chrizome, WaSTeD, Hacktech, sistym ghost, raptor666, Pentaguard, HARP, EazyMoney, HKDD, leprechaun, the israeli ghost, subzero, HiV, analyzer, *.es, *.pt, *.mil, hack.co.za, gov-boi, coolio, mafia- boy, e-mind, #972 - #darknet - #auth - #shells (on EFNET), #hackphreak - #gps - #pi (on UNDERNET) yorkie, rawtaz, ishtar, smoke_, MOD, PAKISTAN HAX0RS, everyone from china, japan, korea,thailand, or from the middle east, all unauthorized people in the usa, russian people. M4D SH0U7Z T0 MY B4BY-G1RL (H3Y CHR1ST1N, WHY D1D Y0U L34V3 M3?@#%$ :( :( :( ) b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@! ____________________________________________________________________ [22:. - [ Closing words ] [k-rad-bob] :. ] [k-rad-bob@b0g.org] :. ] ____________________________________________________________________ Summertime and the living is hax0ry. I'm too tired to write anything. Remember kiddies, send us your money, send us your pr0n and send us your articles. If not weÆll ninja chop you to Korea and back! HiÆs and helloÆs goes out to these peeps: Everyone that has contributed to this b0g issue, anyone that has contributed to any b0g issue, the gimps at packetstorm for mirroring our stuff, mogel and his uber site at http://scene.textfiles.com/ , The guys at hackernews.com, all the guys in FK, cryptic at http://www.digitalaggression.com/ , all our affilates and the b0g belivers, fraggy, acidkick, p0lar, sadarak (for 0wning my ass in unreal) syztrix and the rest of the DH crew, N.A.P, people on #efnet that doesnt suck, redpriest, skywalker, everyone that plays LMS at ukonline and doesnt camp! Spear, the chick I'm inlove with, everyone that puts up with the gayness we display in the official b0g channel #k-rad on undernet, also on undernet: #hacktech, #gaydogsex (HEH), #hackphreak, #phreakhack, #whhs and #gps, cnz, g4wd, the clone and his 0day site at http://nettwerked.net/ , rafay, , anyone that I forgot, anyone that wants to see theyre name here, rfp, wizdumb, c0redump, your m0th3r, cr0bar, pneuma, r3wt, the gimps in irc.blabber.netÆs #hack, people who love us, chicks who will have sex with us, chicks with webcams that are going to write b0g propaganda on theyre naked skin and send us pictures at h0h0@b0g.org, you for reading this, and last but not least all my fellow b0gÆsters! thats it! Fear! :)))))))))))))))))))))))))))))) t1m3 t0 haX0r d@ f3dZ! By: r3wt /* telnet top-secret-server.fbi.gov FedBSD/i386 (top secret!) (ttyp1) # t1m3 t0 mak3 0ur attacK! login: root password: wetwilly Last login: Thu Jun 02 00:29:21 on ttyv1 from ovaloffice.whitehouse.gov # h0t shyT w3r3 1n! $ ls Secret_Investigation pr0n NSA_Files Plans_to_Defeat_Cuba Nuclear_Missle_Launch_Codes # sh1t f1r3 w3 h1t tha jacKp0t! l3tz s33 wh0z 0n tha syst3m f1rsT $ who bill_clinton ttyp2 June 03 18:31 nsa ttyp3 June 03 17:24 root ttyp1 June 03 21:08 # l00kz like w3'r3 c00l ph0r n0w.... l3tz sn00p ar0unD! $ cd pr0n $ ls lewinsky0.jpg littlegirl13.jpg hairyrectum.gif preteen01.jpg preteen02.jpg algorewife.gif hillary.jpg # n0t mUch h3r3! l3tz trY an0th3r d1r... $ cd .. $ cd Nuclear_Missle_Launch_Codes $ ls 222010.missle.code 345324.missle.code 3l33t.missle.code # 0h shYt th3y g0t hax0r wArfAr3! b3tt3r ch3qu3 d1z 0uT... $ cat 3l33t.missle.code 6650234331337sdfsa24asd3rfds3s3sak300134 # wh00p wh00p d3y iz fuX0r3d n0w! Message from bill_clinton on topsecret! (ttyp2) [ Thu Jun 03 21:13:01 ] ... hey baby, wanna cyber? # 0h shYt! fAg b0y kn0wz w3'r3 h3r3! t1m3 t0 c0v3r 0uR trAcKz! # wa1t! alm0st f0rg0t t0 l3av3 a m3ssAg3! $ cat haxx0r > /etc/motd $ cat /etc/motd _____ ph33f / o \ EwE HaZ BeeN ph33f GRRRRR - | v^v^v HaQaSaUrEd ph33f \ _/ By D4 d00dz 4t ph33f , | |___, ph33f | / |---, b0g ph33f \\_/ / ph33f \_/|||| HaVe A ph33f |||| FuQeD Up ph33f |_|_> Day, PhAg! ph33f $ kill -9 -1 Connection closed by foreign host. now.. dont worry.. that killed everything so they will never find me.. remember to steal the free missle launch cod3z in that log!