***** ******* ** ** ** ** ******* ***** activist times ** incorporated! ** ******** ******** ** ** ** ** ** ** ******** ******** ** ** ... ** ** . . . 53. ... Issue #53 December-5-1990 U.S. Mail: ATI PO Box 2501 Bloomfield, NJ 07003 U.S.A. Our net address: uunet!tronsbox!akcs.groundzero OR: akcs.groundzero@tronsbox.xei.com ATI's Staff: Ground Zero: publisher, editor, writer Prime Anarchist: editor, writer Writing/Research Staff: Sk8 the Skinhead, Fah-Q, MAC???, Happy Harry Hardon, Stormbringer, Geraldo Riviera, The Happy Hacker, and other occasional contributors. Archivist: Llo Hi! Welcome to ATI53. We have a long one in store for you. First, a few quick notes. Our ftp sites are the following: 128.95.136.2 blake.acs.washington.edu /tmp/ftp/ati 192.55.239.132 cs.widener.edu pub/cud/ati (use anonymous to login and your email address as your password). ATI is uploaded to many boards across the world, but we can only assure that ATI is uploaded regularly to the following boards: Ripco...................312-528-5020 Blitzkrieg (TAP)........502-499-8933 Sycamore Elite..........815-895-5573 Cyberspace..............201-916-1943 Atlantis................808-422-2200 You may have noticed Atlantis is back up. Be sure to give it a call and tell em ATI sent you! Also, another interesting BBS is up. It's called Face to Face, and is for hackers and anyone who is interested in them (including security people, academic people, etc, etc). Call it at 713-242-6853. Also, there is another online newsletter devoted to hacking, telecom, and other related items. It's called NIA, Network Information Access. Look for it on the above boards, especially Face to Face, or you may get on their net distribution list by sending mail to the following address. Tell em ATI sent you! elisem@nuchat.sccsi.com Now for a brief column from Prime Anarchist: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! An Open Letter to 2600 Magazine from Prime Anarchist ----------------> I was at a phriend's house and was reading some of your back issues. Something in the Summer '89 issue caught my eye. You mentioned in this issue that Abbie Hoffman "got arrested so many times that nobody could keep track". I like the fact that you don't research it out. Gives the mag that raw edge. I was gonna give you guys the number, but chose to keep it that way. I can tell you though, he holds the record, and that's undisputable among underground people. 2 things I wanna remember about the Abner: He always shared his yo-yo tricks, and always had a working ITT code. Please do not say that he did not reach the younger generation. He reached me. And that's more than enough. Sure, you might see youngsters saying, "who's this Abbie chick?". But for every one of those, you hear a, "yeah, I read 'Steal This Book'. Live by it". "Fuck the System" and "Square Dancing in the Ice Age" are chock full of youthful ideas and great potent thoughts. Not to mention "Steal This Urine Test". Abbie was obnoxious, sometimes annoying. But most of all he was Abbie. If you bet against his Chicago Bears, you never knew whether he'd got pissed at you or give you 20-1. But he always paid on time and never called collect. So nowadays, not only do I "say hello to Abbie" while playing with a computer somewhere, I also give him a quick hello while waiting for a call to go through somewhere. I know he's out there. Skatin' across the fone lines. Abbie reached a lot of people. I just sometimes wish they wouldn't be SO DOGGONED APATHETIC!! Wake up, Amerikkka. Steal this t-phile. -prime -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- * Random Notes from Ground Zero * "ROGER AND ME" REVISTITED Those of you who saw the film "Roger and Me" know how the song "Wouldn't It Be Nice" by the Beach Boys was used in the film. A GM auto worker, knowing the big layoffs were coming soon, got a panic attack while working the assembly line. The man left his post and got into his car to go home. He turned on the radio, and "Wouldn't It Be Nice" was playing, making the attack worse. After the worker gives his account of the incident, the film's soundtrack blasts "Wouldn't It Be Nice" and takes the viewer for a ride down the streets of Flint, showing scores of boarded-up abandoned houses to show the contrast between the ideal life portrayed in the song and the reality of the devastated city of Flint. The other day I got a newspaper, its headline stating that Hudson County (NJ) was to lose hundreds of blue collar jobs due to two closings. As I began to read the article sitting in my car, the song "Wouldn't It Be Nice" began to play on my car radio. What an appropriate tune. COCOTS FROM HELL U.S. Communications in White Plains, New York is the owner of many COCOTs, (customer owned coin operated telephone) which are non-Bell pay phones. The many phones owned by USC in the New York metro area are not regulated by the FCC, thus allowing USC to charge whatever rates they whatever rates they wish. Two examples of USC's heavily inflated prices were given on WCBS-TV news. One woman in Long Island was charged $4.82 for a two-minute customer- dialed calling card call. If she had placed the call on a Bell-owned pay phone, the charge for the same call would have been only 55 cents. A New York man was charged $7.39 for a two-minute local collect call, which would only have cost $1.78 if the call had been placed from a Bell pay phone. The USC phones also provided a number to call for rate information, but this number was only available during business hours. This is a clear case of how COCOTs and AOSs (alternate operator service companies, which are also unregulated and can charge whatever they want) blatantly rip off the public. By the way, USC uses automation to process collect calls. Those making collect calls provide a brief recording of their voice. Then the calling number is automatically dialed, and whoever answers the phone is given the recording and instructed to dial 1 if they accept the charges. A PLOT TO KILL BUSH I wonder why this one didn't get main media attention, but a attention, but Jamal Warrayat, 32 of Rutherford, NJ was arrested in a plot to kill President Bush, Secretary of State James Baker III, and members of Congress. Warrayat and his group also planned to attack US military installations, and also to blow up the Lincoln and Holland tunnels, connecting New York city and New Jersey. Warrayat was born in Kuwait and served four years in the US Army after coming to the US. He disclosed his plans to an undercover federal agent, resulting in his arrest. (source: North Jersey Herald & News, 11-30-90) MADONNA, AGAIN. JUSTIFY THIS. Everyone's talking about the video to "Justify My Love", her latest "song". It depicts scenes of sado-masochism, bisexuality, cross-dressing and multiple partners. MTV banned it. As a result, Madonna decided to release the video as a video single for a whipping, er I mean, whopping $10. I saw Madonna on ABC News' "Nightline", in which she stated that she had hoped to bend MTV's rules on videos and that they would show it. This may or may not be true. In my opinion, she made a rather negative portrayal of herself on that show. Her speech was rushed, high pitched, repetitive (kept making the same points over and over again), and chock full of "you-know's" and other items. She seemed rather defensive from the way she spoke. Madonna stated that the video and the song are about two consenting adults talking about their sexual fantasies. That's fine. But when the ABC interviewer asked her about the issue of young teenagers or children watching the video and that the graphic portrayals in the video might confuse them, Madonna responded that it was good because "parents aren't doing their jobs" in explaining sex to children, and suggested that her video might ever spark discussions between chilren and parents. Come on, Madonna. You're grasping at straws in attempts to legitimize this video. The interview asked another question which should also be mentioned. He mentioned Madonna's prior image, which caused her to come under fire from feminists: her "trashy bimbo" image that she used to go by around '84-'87, and especially her "boy toy" belt buckle that went with it. The interviewer also cited other images of Madonna questioned by feminists, including a shot of Madonna seminude and chained to a bed in the video of "Express Yourself". Madonna responded by stating that she put herself in these situations. She decided to dress the way she wanted, and put herself in chains in the video. Since she is not chained by anyone else, and no one put the chains on her, it's ok. Madonna further stated that she alone is in charge of her life, her career and her art, and "isn't that what being a feminist is all about? Taking control of your life?" That may sound fine to the ear, but further examination of the above statements is necessary. No feminist could question whether or not Madonna is in charge of her career. But it's all too easy to sell music by using images that are marketable to men and then state that it's all ok because SHE made the artistic decisions, and not a man. Well, since the trashy "boy toy" image and even the image of a woman chained is marketable to men, it might be fine for her to use these images to make money, but it does nothing to further the cause of womanhood. Selling and perpetuating these images just puts women back in the Dark Ages. And since a lot of young teenage girls listen to Madonna, they imitate her "boy toy" image and think it's the epitome of attractiveness and femininity. These images give young girls the message that their worth is in their physical appearance and sexuality rather than their intelligence, charachter, morals and other personal aspects. Madonna is no different than those big film and TV producers who use sex and exploit women to make a profit. The only difference is that she is using her own body and keeping the profits herself instead of a big producer. And while it may be good for a woman to make money, I heartily disapprove with the way she's doing it. % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % Now for an informative article on UNIX by Midnite Raider. Have phun! A Beginner's Guide To Unix The information contained in this file is by no means new or original. I was simply asked to compile some basic commands and concepts for the access and use of Unix systems. I would like to give credit to the many other files which I have gained this information from, and to the people who have helped me learn what I know today. I will not cover any detailed or complicated features of Unix. I am merely going to provide the means to access low-security systems and navigate the shell. Access: ------- All Unix systems are provided with default accounts. They are used for system administration and such. Many system operators are too lazy or naive to remove them. You may find the following accounts on a system, with no passwords: daemon uucp bin adm sysadm admin sysadmin nuucp sync Others may have been added, such as: user guest demo test public help field system operator You can also try common first or last names (john,fred,smith,etc...). Be sure to use lowercase for the login name. If you enter a capital letter as the first character, the system will assume that your terminal is incapable of displaying lowercase. From then on, in order to enter capital letters you must precede each by a "\". This can become quite annoying, and you will probably never see an account with a capital letter as the first character. Of the above defaults, the uucp or nuucp accounts are often used for Unix to Unix communications (uucp stands for Unix to Unix CoPy). If this is the case, the system will give send the uucp identifier, "Shere". In this case, the account is basically useless unless you can call via another system through the uucp command. The sync account is a self-running Unix management account. If present, it will run a few housekeeping chores and log off. The only reason I included this is that many systems provide a greeting message or something of the sort when you log on as sync. Occasionally you can obtain information which will help you find an account. If you cannot get in via the above methods, try using "who". If present, it will display a list of all accounts currently online. You can try those and hope they have no password. If you are desperate, just hack blindly. Often the login name and password are the same. You can also try initials (as in names...rlb,jhs, etc...). Once you are in: ---------------- If you make it through the front door, you do not necessarily have access to the shell. Often accounts have programs run automatically for specific users, such as system administration programs (useful), accounting programs, etc... In this case, you can try to break out of the program (either through a menu option or a loophole). Try various escape/break related control characters (escape [ascii 27], ctrl-c [ascii 3], etc...). When you are in the shell, you will be greeted by one of two prompts. Either a "$", denoting basic access, or a "#", denoting superuser access. If you have superuser access, most of your work may be done (depending on other security measures that have been taken). Either way, the following will help you get higher access. First, you'll need some basic commands for moving around: stty This command sets your terminal characteristics. Before you attempt anything else, you should set some important ones. First, your delete character. Many systems do not use the common ctrl-h [ascii 8]. Also, the delete on your computer may not be the standard ctrl-h. To set your delete character, type: stty erase (character) Do not use the parentheses. Spacing is important. You can replace (character) by hitting your own delete key, or typing a control key sequence. If you would like to enter something a bit more visual to reassure yourself, you can use: stty erase \^(character) To enter a control character without actually hitting control, replace character with the desired control character. Ex: stty erase \^h The above command sets the erase character to ctrl-h. If you make a mistake doing this, hit return and start over (obviously if the system does not know your erase character, you cannot edit your mistakes). Once your control character is set, you will want to set your break character. This is vital for file editing, which we will cover shortly. To set the break character, type: stty intr (character) The same options as the delete character apply. To view the current setting, simply enter stty by itself. Often, the system will already be configured to your liking. Occasionally, the stty command will not display the erase or break (intr) characters, in which case you should enter them to be sure. All control characters will be displayed in the ^(character) format. ls This is the list-files command. It will show the names of all non- hidden files in the current directory. The display will either be a single list or multi-column display. The command lc toggles between the two. In either case, the files will be sorted alphabetically (numbers first, followed by most punctuation symbols, then capital letters, and finally lowercase letters). ls has many options, which I will cover later. pwd Displays the current directory path from the root directory (/). cd Change directory. Those familiar with the MS-DOS environment will have no trouble with this command. To change directories, simply supply a path from the root directory. To go to the "lib" directory, within the "usr" directory, you would enter: cd /usr/lib cat Displays a file. Often it is difficult to differentiate between text files and data files. If you wish to abort the display, type your break character. Cat requires the full pathname to access files outside the current directory, but for files within the current directory, the filename will suffice. Ex: cat /etc/passwd The above command will display the passwd file within the etc directory. This file is present on all systems. It is immensily useful in gaining higher access (basically, it is necessary to gain any access). These commands will help you for now. After setting your terminal options, enter: cd /etc We will be doing most of our work in there for the time being. You should have had your buffer on long before this on the system, but turn it on before executing the following command if you haven't: cat /etc/passwd Often these files are quite large, so after a while you may want to abort it. Often what you are looking for will be within the first few lines. Each line of the passwd file represents an individual user. There are seven fields to each entry. A typical entry looks like this: user:x:100:100:Elmo:/usr/user:/bin/sh The first field is the login ID. The second is the password field. In newer versions of Unix, it will contain an "x". Older releases may contain the actual encrypted password (a string of seemingly random characters). On new systems the encrypted password are found in the /etc/shadow file. The third field is the user ID number. Fourth is the group ID number (more on groups later). Fifth is merely a comment about this user (often their name, or in an administrative account, its duties). Sixth is the home directory. The system will place you in your home directory when you log on. The final field contains the path and file names for the default shell or program. If this field is empty, the system defaults to /bin/sh. You cannot gain a user's password via this file. You may be able to obtain access through a higher account, however. When looking for high-level accounts, you will want to examine the fourth field. The lower numbers often denote administrative accounts. The group "root" belongs to is most likely what you will want. To discover more about the groups, view the /etc/group file. This contains the group names, the encrypted password required to change into/out of this group (almost always "NONE"), the group ID number (to compare to the passwd file), and a list of the group's members. You will want to scan the passwd and group files to find any accounts that belong to the same group as root, or a group which root is in. Often root will be the only member of its group, so you will have to look for other administrative account groups (those containing such accounts as adm,admin, sysadm,sysadmin and so on). Once you have found these accounts, you can attempt to gain their access. The command: su (login ID) allows you to essentially "become" that user. Replace (login ID), of course, with the account you want to assume. If the account has no password, the process is automatic. Otherwise, you will be prompted for a password. You can try the login ID as a password, but this may not work. If it does, make a note of it. Otherwise, you can try other methods, or go on to another account. Hopefully, you will find an account with no password. If you have found an older system, without the /etc/shadow file, an empty password field (::) will tell you immediately which accounts do not have passwords. If it is a newer system, it will contain an "x" regardless of the presence of the password status. If you find yourself in this dilemna, you may still be able to find a list of those accounts without passwords. If you have the superuser ("#") prompt, you may be able to read the /etc/shadow file. The format for this file is: login ID:(encoded pw):6480:14:28 The first field is the same as the login ID found in the /etc/passwd file. Each entry in /etc/passwd should have a corresponding one in /etc/shadow. The second field will be blank, denoting no password, or contain the afformentioned "random" characters. Third is a numeric code describing when the password was last changed. Fourth and fifth are the minimum and maximum number of days between mandatory password changes. Often the last two fields are empty, which means users are not required to change their passwords. Here, again, you should look for any accounts without passwords, and examine the group file as mentioned. Now, hopefully, you will have some decent access. Many of the accounts with no password are that way for a reason - they do not allow shell access; but that never stopped anyone. If you discover an account that runs a program and then logs off, or runs a program which allows you to interact in a boring way, you can use this to your advantage. Look in the seventh field of this account's passwd information. It will contain the path and filename of the program being run. At this point, security on most systems is extremely low. Many system operators are sure that by stopping you from directly getting access, they have stopped you totally. By "tricking" the system, you can get access indirectly. If you find a program being run, go back to the account which gave you shell access. Then enter the directory where the program was (do not include the file "/" and the filename). You want to change the filename of the program. To do this, type: mv (filename) (backup filename) To change /usr/prog to /usr/prog.b, you would enter: mv /usr/prog /usr/prog.b Make sure you remember the filename you give it. It is also a good idea to keep it in the same directory. Now, you have to create a dummy file to replace it. We will have to use the "ed" file editor to do this. MAKE SURE YOU HAVE SET YOU BREAK CHARACTER. You cannot use ed without having a break character. To make the file, type: ed (filename) Where (filename) is the name of the file you just renamed. Use the OLD name (the one in the passwd file)! ed will respond with: ?(filename) meaning the file does not exist yet. Some basic ed commands are: q Quit. If you attempt to quit after making changes, ed will not quit until you hit "q" again (this is to remind you to save changes). w Write file (saves all the changes you make). ,p Displays all lines. /(string) Searches the buffer for (string), and displays that line. a Add lines (starting at the current line). i Insert lines at the current line d Delete the current line. h Turns help on (shows verbose error messages). Entering a line number will bring you to that line. When editting a file which already exists, ed will show you the current number of bytes in the file rather than "?(filename)". If you attempt to write a file, and ed replies with "?(filename)", you do not have access to write that file. Now, back to the dummy file. Type "a" to add lines. Enter: echo "Blah" /bin/sh Then, after pressing return on the /bin/sh line, type your break character. Write the file and quit the editor. You now have your dummy program set up. The command "echo" is a simple print command. You can enter as many as you like, or none at all. They are merely to reassure you that your program is running. The important part of this is the "/bin/sh", which runs the shell program. You must now give all users access to your program, so the account will be able to use your newly created program. Type: chmod +rwx This will give read, write, and execute permissions to all users (more on permissions some other day). You should now logon again as the account which uses this program. If you did everything right, you should now have control of the shell, hopefully with superuser access ("#" prompt). If you still do not have superuser access, go back and try something else. Be sure to do the next few steps whether it works or not, to insure your continued use of the system. Delete your dummy program by typing: rm (filename) Be sure to include the directory path in the filename, as before. Now, rename the old file back to its original name (just reverse the filenames in the previous rename command). Now everything is back to normal. If you did not get access, you will have to go back to your old account to set the files back to normal. Make sure you do this, or you may cause damage to the system. This will result in higher security. Also, real hackers never damage systems for without cause. Laziness is not an excuse. If you are still without decent access, you will have to consult another file. I may write another soon on more ways to gain access, but for now, this should help enough people. >From now on, I will assume you have achieved superuser access within an administrative group. You will most likely want an account of your own now. Use the ed command to edit the /etc/passwd file. Somewhere in the mid-beginning section (within the first 4-12 lines), add an account using one of the default account not already present (from the first list, if possible), or commandeer an unused (be sure it is unused) default account already there. Set you ID number and group to those of the root account (usually 0:3). Set your directory wherever you like, and set the shell filename to either /bin/sh, or leave it blank. In the password (second) field, what you enter depends on the system. If it is an older system where the encrypted passwords are stored in the passwd file, just enter whatever password you like there. The system will encrypt it for you when you save it. If it is the newer "x" system, put an "x" there, and do the following, otherwise skip this. New system users will have to enter the command: /etc/pwconv This command will recreate the /etc/shadow file based on the information in the passwd file. Just to be sure, ed the shadow file, and leave the password field blank for your newly created account (use the /(string) command within ed to jump directly to your login ID). Now, you can call back as your new account. You should enter: passwd to create a password for your account if it doesn't already have one. If all has gone well, you now have an account of your own. I will now give a list of other commands which you can play around with. Unix commands: -------------- banner (string) This is a "fun" command, which will take (string) and expand it into block letters on your display. write (user) Will send a message to another user. After entering the command, the system will wait for you to type a message and terminate it with your eof character. Change your eof character by entering: stty eof (character) wall Like write, but sends to all users. who Displays a list of everyone online. mail (user) Send email to any user in the passwd file. To read your mail, just type mail. exit Logout of the system. I should have mentioned this before, but I forgot. You can also use your eof character at the shell prompt to logout. echo Prints text or variables, as shown before. env Display all variables in your environment. More on shell variables soon. rmdir (directory) Delete a directory. mkdir (directory) Make a directory. cp (original) (backup) Copy a file. grep (string) (filename) Searches through (filename) until it finds (string), and then displays the entire line (string) was found on. date (time & date) Alone, date displays the time and date. It can also be used to set it. cal (date) Alone, cal displays a calendar of the current month. With optional month and year, it will display any year from 1 to 9999. There are many more commands, but to explain them all could take forever. Most systems contain online help files which you can access by typing either: man (command) or: help (command) For a list of commands, look in the various "bin" directories. They contain the actual programs. Variables: ---------- The shell allows the use of variables. All variables are represented by capital letters. You can create your own, or view/change standard system variables. Some standard variables are: PATH This will show the order the shell searches in to find commands. You will most likely find a number of directories ending in "bin". An example could be: :/bin:/usr/bin:/usr/lib/bin:/etc This means that when you type a command, the system checks to directories in that order before finally giving up and reporting an error if the command is not found (All commands are files). PS1 This is the main shell prompt, usually "$" or "#", depending on your access. You can change this to whatever you like. TERM Some systems keep track of what type of terminal you are using, for use in formatting output (usually through other programs). LOGNAME The login ID you are using. HOME Your home directory. TZ Timezone. MAIL The file your mail is sent to. There are others, but they tend to vary with the account. Enter the env command to display the variables in use. Variables you create within shell programs (such as the dummy program that was discussed before) retain their values for the life of the program only (they do not affect the other shell variables). You can change a variable like this: TERM=ansi Whenever you want to view a variable, or use it for another purpose, precede it with a "$". Ex: echo $LOGNAME will display your login ID. I seem to have run out of memory, so that's all for now. Hopefully I'll write more soon... - Midnite Raider " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " WOW!! That was a long one, eh? Look for ATI54 soon. Take it easy, and stay out of trouble. ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ATI: part of George Bush's thousand points of light.