,--------. | | __ __ | ,----' |__| ,--. |__| | | | |_ | | ,--. | | ,--.--. ,-----. ,-----. ,--. ,-----. | | | | | ,-' | __, | ,-. | | ,-. | | | | ,---' | `----. | | | | | | | | | | | | | | | | | | | | | | | +--. | | | `-' | | | | | | | | +---. `--------' `--' `-----' `--' `-----' `-' `-' `--' `-----' November '94 JJ JJ LL JJ oOOOOo UU UU R rRR nNNNNn aAAAAAa LL JJ OO OO UU UU RR NN NN AA AA LL jJ OO OO UU UU RR NN NN AA AA LL JJJJJJ OOooOO uUUUUu RR NN NN aAAAAAAa lLLLL Number Three Say NO to Rugs €iÂr0üi› - CiTR0NiC - €iÂr0üi› - CiTR0NiC - €iÂr0üi› - CiTR0NiC - €iÂr0üi› ----> |-|ar|)c0r3 T3cH|\|0pHi11iAcZ <---- Sister 'Zine to WPoS ! +--------------------------Contents-------------------------+ | | | 1) Messages phrom Dah Krew | | 2) Rumourz n' Info | | 3) Laying Seige to Novel *** by Frequency *** | | 4) Security Checklist *** by BooYaa *** | | 5) A .plan Flash Bomb *** by King_Dan *** | | 6) K-Rad Pranks and Tricks *** by Zircon *** | | 7) Physical Site 'Hacking' *** by HarLeQuin *** | | 8) WPoS - 'Its worth every penny' *** by BooYaa *** | | 9) How to make a Drano Bomb *** by Sparhawk *** | | 10) Carding in the Holiday Season *** by Bleach *** | | 11) The last temptation of Zircon *** by Zircon *** | | 12) UK Cellular Billing *** by ><-Phyle *** | | 13) Dah Last Bit | | | +-----------------------------------------------------------+ "'If there's one thing I like', said Alice,' It's a large amount of Marijuana Resin'" €iÂr0üi› - CiTR0NiC - €iÂr0üi› - CiTR0NiC - €iÂr0üi› - CiTR0NiC - €iÂr0üi› an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi |)izc1aim3r ~~~~~~~~~~~ If anyone does any of the stuff mentioned in this file there is a possibility of getting busted and being put in jail forever. If this happens don't come whining to us 'cos we'll deny everything and act real innocent. Also alien abductions and government cover-ups are nothing to do with us. Everything in here is for informational purposes only and anything carried out is entirely at your own risk. M3sS4g3z Fr0m |)ah |<-Phyle and Frequency are slightly less safe - proving insanity was a UK export. Quotes of the month : "Then Zirc tells me to stop and we hear this low pitched 'grrrrrrrrrrrr'" - Sparhawk "Then me and Sparhawk start to run like fuq !" - Zircon ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: We also have a sister 'zine. Worthless Piece of Shit - WPoS. Hardcore h/p satire ! See the shameless plug later in the issue ! It is so funny - it's illegal ! Get a copy now and reserve a day in your calendar for the giggles to wear off :-) See BooYaa's bit later on for more details. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: I am no longer at home, I have left for the great university life. And no, I am not gonna tell you which one 'cos the Sysadmin will shit himself and their will be a major security clampdown, which is really the last thing I could do with :) Anyway, this does mean my personal machine has been relugated to a 286 (yeeeeuuuuuccckkkkk) but the new UNIX net is damn kEwL. This also means I do not have access to a modem/phone line so I am restricted to Internet, which is not a bad thing in itself but I'm gonna lose contact with some people who only call BBSs :( This does mean though I get a 500 quid interest free overdraft !!!! Hmmmm, can't be all that bad. 0K, time for my one tiny gripe for the issue. On IRC I was chatting to this dewd who was saying that h/p is ded because all the holes have been patched and everyone is getting caught, not like in the good 'ole days etc etc etc. Frankly this attitude is for people who can't be bothered to find stuff out for themselves. As technology becomes more complex it *is* becoming more difficult to exploit faults in a system (whatever it may be), however, with increased complexity comes an increased amount of faults. So there are more to find. They may be more difficult to exploit but that's what hacks and phreaks live on - a challenge! H/P is far from ded it's just entering a new age :)))) BTW, anything not attributed in the contents is by me ! HarLeQuin Greetz for Issue 3: (iN n0 pArtIculAr 0rdEr) The people on the right Wop-Bam-Boogie-ing are: BadS - BooYaa - oJ - Meeko - Alfiwalf - Phantasm - Mini-Master Maelstrom - Mocara - iZ0T0NiK - Rotox The people on the left Boogaloo-ing are: Aladar - King_Dan - Xalopp - Ruede - CyntaxEra - cF Frosty - Fisch - Omega - LadyAda - MindScrew - Doc-K-Os and also to the grewps :- Psycho Text Distributers, AoD and Contour ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rumourz n' Info ~~~~~~~~~~~~~~~ This is the section for any rumours or quick info items you may have. Any useful bits of info that aren't big enough to justify an article can be put here. Just mail 'em to me. All submissions will be attributed. o By changing the ethernet address of your machine to that of the supervisors machine on Novel you would recieve his/her data packets, depending of course if the packets physically came past your machine before the genuine supervisors. This was just from a discussion with a government employed TCP/IP 'expert' - just a theory he was playing with, he said the ethernet address could be changed in memory to fool Novel. Hmmmmm..... o 80% of the systems I have been on recently (about 20 or so) have not patched at least one of the security flaws as mentioned in the 8lgm documents... Just thought I'd point it out :) o If you're gonna be bugged by the government - you WONT know. Trust me, if you suspect you're being bugged, you are probably being monitored by a private agency, amateurs, or by police who are unathourised to bug you. I talked to a copper about this ! o BoW are dead. This is completely untrue. From what I have been told by (reliable) sources, Pluvius is just looking for a place to live at the moment, and things are gonna kick off again when stuff has calmed down again. So d0nT Unl0cK y0uR w4r3z !!! Keep Phearing ! :-) o 0K, here is a quick but VERY important tip for the beige boxing fans amongst you ! Before you clip your phone onto the prosective line, check out the site, check for hiding places and escape routes. Whilst beiging down by a local building firm on a Sunday a car pulled up in the drive and a bloke got out (I was behind a porta-cabin at the time). However as I hadn't checked the place out before hand the only escape route I could see would mean I would of had to run thru his line of site. So I had to simply duck under the porta-cabin and sit tight, luckily he only stayed 5 mins and then left. Afterwards I had a quick check around and discovered another line that was situated so that if some-one else arrived I would have an easy out-of-sight escape route. Another point is only have out what you need. having some-one arrive whilst you have masking tape, stanley knife, cable and stuff on the floor wastes valuable seconds. After you have used something put it back in your rucksack/pocket/whatever so you only have to declip the phone/computer and run ! Some common sense advice, which most people (including me) usually ignore. o There is a still a way to box global from the UK. This is 100% true, I know people who do it... And no, I don't know how to (whats the point when I don't have my own phone line.....) so don't hassle me ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Laying Seige to Novell ~~~~~~~~~~~~~~~~~~~~~~ by Frequency Okey Dokey then, Novell networks are becoming more and more common and now there are quite a few on dailups not to mention virtually all colleges having them. I take it ya know a fair bit about novell and just wanna hack it so here goez. Right the good thing about Novell iz that if you are actually where the network iz (like skool or college etc..) It is quite easy to hack herez why. --------------------------------Server-------------------------------- I I I I I_______ T1 _________ T2 _____________ T3 ___I This iz an over simplified diagram of the network (I'm talking Netware V3.11 here which is the latest I fink) and as you can see it iz in a daisy chain type setup which ALL Novell networks need to be in. Now the good thing about this iz that there iz only 1 cable going between each computer which loox summit like this:- 00 <<<<<<<<<< Outercable 0 0 0 X <<<0<<<<< Inner cable. 0 0 00 Ok so my ascii art ain't a legend but it gets the point accross. So the cable iz Co-Axial (or very similar) and this means that say the supervisor (who has all priviledge rights) is logged onto Terminal T2 then all the data packets to and from his/her machine will have to travel thru T1 and T3. So (depending on how stupid ya are) you may be thinkin well how da fuck doez that work then, well all the packets are coded for each machine and the IPX driver in Novell instructs the ethernet card in the back of ya PeeCee to only read the packets for the area you are in and so the Supervisor packets go floating past. So the quickest way to get around this "problem" is to recode ya ipx driver?? Well almost but that would be fairly complicated and also the actual long word that contains the password (see l8r in article for more info) may be encrypted. The best thing to do iz to read and record the supervisor packets and then you can re-send them with some alterations, this iz actually quite difficuilt but fortunately some bloke haz already done it and there iz a phile called hack.exe which doez precisely that (included in Phrack 45) so all you have to do iz load it up when the supervisor in logged on and then you can create/delete/alter areas as if you were the supervisor, most people will probably want to set up a new area and grant it with supervisor privs. Thats iz just one way to hack /\/ovell and although it may be the easiest it may now work. The actual logon procedure iz not a millions milez away from UNIX. Once the ipx and netx drivers are loaded you run a program called login.exe (original or what) and the you are prompted for the user id and then the password. As stated the actual password iz actually encrypted (one way) into a 32 bit long word (long wordz do tend to be 32 bit;-)) ) and so if you forget it there iz no way you can get it back and not even the supervisor can find it out although s/he can change your password to a new one. It iz very hard to hack the actual password proggy as a) it doesn't tell if the username/password were right (pretty standard theze dayz) and b) it iz very tricky to call the actual open library to try and crack it. You could for example type C:\NETWARE> logon frequency and then you would simply have to put the password in however you obviously can't go C:\NETWARE> logon frequency password as any twat could write a cracker that just changed ya password. This fact also makes it quite tricky to write a trojan program coz once they have put the real name + password into your trojan there iz no way you can then call the logon program and dump a buffer to it with the userid + password that you grabbed. B4 I knew all this shit I wrote a trojan in C and it just looked like you got the password wrong but the smart people will catch on (some rodent grassed me up and I almost got expelled tut tut). So anyway there iz a programme to hack /\/ovell called netcrack which trys one password after another and thou it doez work (I know I've tried) it takes ages as most password are 6 char + and also it only tries A to Z and 0 to 9, when any half knowledgeable person would put a hash sign or summit in there just to stop this kinda thing. I once saw a patched attach command (say i waz logged into area frequency and I wanted to log into area supervisor I could just type attach and then enter the appropriate password and it would connect me without appearing to logout and back in a again) where by you didn't have to type the password hoiwever it didn't work and I think /\/ovell may have patched in there more recent releases (3.04 to 3.11 are patched I fink). So anyway if you want any of the proggys mentioned just tell me and I'll give em to ya the hack.exe one doez work (I've supervisor privs at my college at the mo;-)) ). Problems Problems Problems Problems Problems Ok now our technician haz tried to stop me and my aquainences hacking the network (fighting a losing battle I might add) by doing some of the following thingz, I've listed them and also put how to get around them. 1) Remap A: drive to back to the network meaning that if I go dir a: I get the directory of the network drive meaning I can't load any proggies or save/copy shit etc... 2) Wipe filez "userlist", "session" and "syscon" from the network (theze utils allow you to see who else is logged on and also look at all the users on the network.) 3) Attempt to cut thingz off in both the autoexec.bat and the user script which iz executed whenever you log onto an area. 4) Attempted to completely get rid of our DOS access by writting batch filez whereby if you log out or whatever you will simply be returned to the login prompt (thats with BREAK on) 1) Ok now thiz waz quite a sneaky move and it stumped me for a while there are two things you can do a) copy whatever you want onto the c drive B4 you log in. This means that he hasn't had chance to remap the A: drive and they alwayz have drive C open for ppls work etc.. or b) simply access the b: drive, yeah simple init but he didn't realise that if you just have 1 floppy drive drive a and b are mapped to the same physical drive, quite kewl. 2) Hmm not a lot you can do here I have copies of all theze philez and your welcome to them, very useful for seeing if the supervisor iz logged on when using hack.exe. 3) Yep this iz one you should be aware of THE LOGIN SCRIPT CANNOT BE TERMINATED so if he haz put summit in the login script you cannot terminate it (unlike Ctrl-Alt-Del on autoexec.bat). However not all programmez will run from the script and so he may insert the line exit "autoexec.bat" which will quit the script and run the autoexec.bat (for the area not the machinez own) this CAN be terminated. BTW if you need to alter you login script and he haz wiped syscon you can find it located in the P: drive in soime directory like P:\Mail\57000003\ under some name which I forget. 4) Just terminate em (Ctrl-Alt-Del) Okay you should now be able to get supervisor privs and wipe all thoze annoying 1st years work but don't get caught. BTW: you can now get Novell netware client software for the vastly superior Amigaz. this meanz you can hook ya miggy up to a novell server and also run all Netware utils etc ke\/\/l. If ya feel the need (maybe to get some of the programmes) you can contact me thru any member of Citronic or on the following Boardz:- Offshore Urban XTC Welsh Coast Big Top Edge of Chaos Masturbation Station (but I may be nuked there already) Or E-mail me at freq@cyberspace (can't remeber the full address I'll have to find it) C ya some where in CybErSpa[e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ A guide to security for hackers/phreaks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by BooYaa Right this is gonna be the second time I've written, and I'm not pleased about it. Christ being paranoid can have it's limits (i.e. I erased the original once I'd given it to Harl, only to find out the bloody zip file wuz corrupted) Okay, let's get it on. How secure do you think you are? Well you may be mocking the latest send mail bug, or abusing those at&t calling cards till the cows come home, but just how secure are you? Okay, so what if you don't tell everyone in the street that you can make calls to America or that "Wargames" was based on you, you'd be surprise how insecure you are. Put it this way, let's say you favourite organisation e.g. Police, NSA, etc.. comes to your house, could they find anything in your house to insinuate you? Well if I were you I'd check through my checklist first just incase. 1) Firstly it's all well PGPing your mail, but I bet all your h/p philes are laid bare huh? Yeah, yeah so what if you PGP it all I bet you'd prefer a much more easier life right? Well how about a on-the-fly encryptor whose encryption is based on the same technique as PGP. SecureDrive is a sinch to install and set up, and as a bonus a copy will be included in Citro-4 ! [Sorry this is due to space limitations ! Its over 100k long, so Citro-4 may be a little bigger than usual - HarLeQuin] 2) I bet your warez is bare, and can be seen just by doing a dir a:, again SecureDrive comes to the rescue, it can distinguish between encrypted floppies and normal stuff. Plus since I've been using it I don't think it requires any extra filespace. 3) Okay you've installed SecureDrive but what about those other files on the non-encrypted drive. Last month in one of the sections of CiTR0NiC recommended a program called SHRED by S&S, I tested it and found it to be abit insecure, okay maybe it's just me, but I hate file shredding programs that leave the original filename, filesize, date, and time. So what if the file is completely empty... WIPEINFO from nortons does leave it absolutely clear. Heres a test to evaluate your file shredder, first shred the offending file, then undelete. If the now try to restore by giving the 1st character of the file, exam firstly if the filename is the same, i.e. ?ENDMAIL.BUG you got probs. Also I would seriously panic if you managed to restore the file to it's entireity, as that could mean "mirror" or some other backup program is managing to keep a copy of the file, so disable the program. 4) Now start you got to keep copies of those passphrases for floppy and harddisk keys, leave it with someone who you trust completely. This means not direct family i.e. brothers, sisters, etc.., or girlfriends, boyfriends (you'd be surprise how nasty people can get when you split up we them). Why do you have to leave a copy of your passphrases? Simply because you might forget them, and leaving copy anywhere in your house would be like entering the passphrases in front of the cops and letting them view it all. 5) Shred, Burn, eat those print outs, enter in those little info bits you got in your notebook and burn that too. Don't throw it outside, because if you read CiTR0NiC #2 you'll know why. 6) Pat youself on the back for complete the whole checklist, now you did remember to WIPEINFO those files on the unencrypted drive right? SecureDrive will be included in the CiTR0NiC Journal #4, it's freeware which makes it great for all of us. [ This is a *damn* good program I highly recommend its use !! ] +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Flash Bombs in ya .plan ~~~~~~~~~~~~~~~~~~~~~~~ by King_Dan Want to annoy the hell out of those admirers that are *always* bugging you by fingering your account. Well, this'll teach 'em not to install flash protection. Its flash code for your .plan !! Flash code makes the recipients screen go nUtZ !! So have an original .plan and show you care. Just UUdecode and giggle. Remember to change the mode on the .plan file to 444 and the mode on the directory your .plan is in to 755. -------Cut Here------- begin 444 .plan @&V,;*# ;(S@-"AM;,3LS |\__________/| <- Tree | /^String^\ | / \ / <-Street-> \ Gawd i hope that works;) ok now on to the next part. Make a ghost or something out of the sheet/paper or just leave it like it is. Attact it somehow to the middle of the elastic. And there you have it, a FLOATING sheet/piece of paper, well it looks that way to cars in the night;) So now when cars drive by at night, they will slow down or stop (wouldn't you if you saw something hovering in the middle of the road?) this is quite funny to watch, and hey, spice it up, eg the car when it slows down or something, be creative. *Note* Don't use a white string, it'll show up in the cars headlights, also, if it is a two way street, you may want to move the ghost to the left or the right. Also do not use a HUGE sheet, as the elastic will not hold it, i usually use a piece of paper, and then chuck fire crackers;) that wakes em up. Second Prank - Using a variation of the above, a very funny trick can be played! Materials Needed 1] Fishing line, this should be non colored, and not too think. It should be strong enough for you to pull on it with your hands and it not break. 2] Some thumb tacks or staple gun. Pulling The Prank - This is a simple prank to set up. Simply find a door (usually a persons front door, or whatever door is used most) and cut a legnth of fishing line, long enough to fit accross the door. Then tack or staple one end of the line to one side of the door frame at the hieght of the average persons chest (do not put it where someones neck may be, although if yer sick like me, go ahead;) ). Then tack or staple the other end of the line to the opposite side. Again for you stupid people, here's a lame drawing. ______ +'s Are Staple's Or Tacks. | | +-|------|-+ Line / | | <- Door |______| *Note* If you are using tacks, make sure they are in GOOD and tight. You may even want to tap them with a hammer or rock. You do NOT want the line to slip out. Well as you can probably guess, this is a modified version, used to scare the shit out of someone! Almost like walking into one of those automatice opening doors, when it doesn't open. Very funny! Third Prank - This is my personal favourite prank, and have seen it done twice, the person that got 'pranked' was so freaked out that they threw up! although this may require some guts, the effore is worht it, believe me! Materials Needed 1] The head of an animal, the two that i have seen used are a shark head, and a pig's head. If you're wondering WHERE DO I GET THAT?! well, we got ours from a chineese restuarant, who just happen to have left overs;) 2] A public, school, or gas station washroom. Anywhere where there's many people flowing through, the two i saw where done in a school. Pulling The Prank - Well this one you should have figured out by now! Simpley carry the animals head into the washroom, using a back pack or such lined with a plastic bad. Then place the animals head, face up inside the toilet. Close the lid, walk away, and get ready for a big scream! Just imagine going to take a piss, and a shark's head peers up at you! Like i said the last victim i saw, was so freaked out, she threw up! Wicked prank! Oh yea sorry, no diagram, i figure you know what a toilet looks like! Fourth Prank - Classroom fun! This is a wicked trick to play when yer so bored you'de rather be fucking the 70 year old teacher! Male or female! This is also great for substitutes/fill ins. Pulling The Prank - no materials are needed at all, just a group that you have filled in on the prank. Ok when the teacher turns their back on the crowed, let out a slow, Mooooooooooo (like a cow). The teacher will usually glance behind him/her and then continue what they were doing. Then signal two more people accross the room, and all three of you let out another Moooooooo. Once again the teacher will turn around, and tell you to shut up or something, just wait untill they turn back around. Signal some more people and keep going untill the teacher gets REALLY mad! We've used this a lot in my class, and had teachers get so IRATE that they've walked outa class! Then of course we proceeded to have a HUGE paper fight;) Anyway that's all the pranks for now, hope they're fun, i tried not to use some of the more common, boring ones. Well cya next time, Zircon Btw - All rights have been fuqed to hell by the meat axe! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Physical Site 'Hacking' ~~~~~~~~~~~~~~~~~~~~~~ by HarLeQuin There have been 100's of philes on hacking this system and that system and so on.... but very few on getting physical access to computerz.... This is almost as good as hacking a site remotely and has many advantages. Basically it requires 3 *essential* things. o Guts o Social Engineering Skills o Guts Smile and be nice ----------------- 0K, lets say you wanted to get to a terminal in a protected building. The building has security guards and swipe card systems. First of all you've got to be able to fool the security guards. Machines are hilariuosly easy to fool compared to humans (hell, if ya didn't know that you wouldn't be a hacker right ???). Basically it boils down to looking convincing and being confident. This is where a little background research helps out. For example whilst waiting around the foyer of a certain UK phone companies large office block pretending to be waiting for a lift home off some-one I noticed that employee's who had forgotten their swipe cards could sign out a guest one for the day. The book that needed to be signed went back some 50 or so pages (nearly a year) and so had employees names and signatures. So, several days later I returned in a nice shirt and tie with a piece of toast in my mouth complaining about what a rush I was in and, oh, dammit, I have forgotten my pass. So I grab the book, look 20 or so pages back. Find an easy signature (not that they probably check) and sign out a guest pass. Easy huh ? I got past the swipe card door, and promptly spent the next 20 minutes shitting myself in case some-one decided a small gray cell was more appropriate for me than a large carpeted office block. The point is though, because I looked confident, I was convincing. This works especially in large corporations and organisations where the security/reception personnel will not reognise individual employees. Looking the part is also extremely important. I relate another example. A computer and some software was stolen from a local computer shop. Hmmm, nothing special, but it was in broad daylight. Some-one walked in with an overall and a phoney ID card and said words to the effect of: 'Hi I'm from FixTek computer maintenance and I've been asked to pick up a PC for hard-drive maintenance' The hapless shop assistant merely agrees and lets him take a computer!! The thief then returned two hours later and said 'Sorry, I forgot I also need to take some software with me to set the machine up. I'll need this this this and this.' And so walked out with another few hundred pounds worth of software. The theft wasn't discovered for two days and it even got in the local paper. Again the moral of the story. Confidence and Acurracy. It is a good idea to have a story prepared, so you know it inside out - even start beleiving it yourself. 'Look Mister-Security Guard, I lost my access card and its the fourth time, if I lose another one I get a right rollicking, so Tommy over in Admin lent me his, just for the afternoon, you know how it is, I mean, you probably get more hassle from them up stairs than we do !' Only as a very last resort do you run like buggery. Doing this automatically confirms your guilt of dodgy goings on. Quietly slipping away is much more effective - 'I just need to nip to the toilet, I'll go now while your sorting this out, won't be a sec'. Deft Hands and More Smiling --------------------------- The best way to get into University labs is in the beggining of term... 'Oh I haven't got an I card yet but I have a residents temporary ID card, will that do ?' - 99% of the time it will do, because 99% of security guards no very little about the actual workings of an organisation. They just 'do the doors'. Also if you are caught on a machine your not supposed to be on, looking embarrased and saying 'I am so sorry, I didn't realise' works very well - 'I was just looking for something to type my project on'. So find out when new employees/students/members arrive and use this to your advantage. Also scamming the newbies works well. 'Could I just check your key number...? Right, ahhh, you seem to have a duplicate key, can I take your details and I'll send you a unique one tomorrow, sorry we had a few like this... always happens, Thanks'. In a computer lab near where I used to live there were rows and rows of computers connected to the big UNIX box by serial cables. So we used to hang around wait to some-one tryed to connect to the server, sit next to them and then pull the cables out the back of the computer with our feet. The terminal emulator would freeze, I would chirp up with a quick 'Oh the technician said that one wasn't working very well you'll want to try another'. Then put a notice of the PC (without switching it off) saying Do Not Touch - Needs Maintenenace. And then simply wait for the person to leave and voila - one UNIX account.... Also niftily 'borrowing' cards, keys and other access devices is quick, easy and useful for that system you need access to for once only. Waiting by a door for someone to go thru (tieing a shoe-lace or adjusting a tie) and then slipping in after them also gets the job done. Darkness, Bolt-Cutters and Crowbars ----------------------------------- Usually the least effective method. Physically breaking in to a site. Clumsy, Barbaric and worthy of no-one but the common-thief. I wouldn't recommend it. This method has no style and can get you free food, accomodation (and an extremely strict curfew) on behalf of your respective law enforcement agencies. k0nClUsi0n ---------- At first site it looks like there is more chance of getting caught than if you dialled up and screwed the system. However, thjis is not always possible. I have also come closer to getting busted by 'remote' hacking than by wandering into buildings. No-one would suspect some-one is gonna hack their system by walking in and sitting down at a terminal in broad daylight. As the world in general wises up to the hacking fraternity and logs, traces and mail reading becomes the norm, perhaps the more direct (and less suspicous) route has to be taken. Bibliography ------------ Physical Security - Readings from Security Management Magazine edited by Shari Mendelson Gallery ISBN 0-409-95105-6 This is an excellent book on the subject and covers *everything* about physical site security, aimed at the Security Manager it is very comprehensive and quite expensive, so go to your local library and get a copy ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Reading material for the toilet written for aych/pee d00dz. Humour and also serious issues (well sometimes) |~~~~| /~~~~~~~/ /~~~~~\ | | / ___/ /' `\ | | __ / / | /~~~\ | | | / \ / / _______ | | | | ______ | |/ \/ / | _ `\ | `\___/' | /' `\ | / \ / | (_) ) \ / | _____| |______/ \____/ | ____/' `\_____/' | (_______ | | `\________ `\ WoRtHLeSS piEcE | | aLL eWe nEEd t0 _________) | oF ShiT (tm) | | kN0w... | | |__/' `\____________/' ____________________________________________________ | .oO [= A zine for the interconnected nation =] Oo. | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comes out (of the closet) once a month, twelve times a year. Back copies of wPoS is available from the following sites : corrupt.sekurity.com /incoming fc.net /???? +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ `'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'` ` HoW To MaKe a DRaNo BoMB ' ' ` ` -SPaRHaWK ' ' ` ` ' ' "What, me worry?" *BOOM* ` `'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'` y0y0y0! Its that Canadian guy! Up for grabs in this article is how to make a Drano bomb! That's right all you little Phuckers! Non-flammable explosive fun! This is perfect for those little country mailboxes, and also those newspaper mailboxes that you always see the pop bottle sticking out of. DISCLAIMER: THIS IS DONE BY NON-EXPERIENCED AMATEURS. PROFESSIONALS SHOULD NOT TRY THIS AT HOME. That done, we'll give you the leet list of neccessary household items: WHAT U N33D N STUPH: ~~~~~~~~~~~~~~~~~~~~ Crystal Drano *PLASTIC* pop or Evian bottle, 500ml-2L Water Brain *slightly* larger than grendel's: NOTE: This can be obtained at your local meat market WHAT U D0 N STUPH: ~~~~~~~~~~~~~~~~~~ 1) Clean out the bottle completely and fill it 2/3 full with water. 2) Take a big piece of aluminum foil and crumple it into little 3/4cm balls. make them moderately loose, or moderately tight, whichever you prefer. 3) Drop them into the bottle. Hopefully they will stay at the surface. 4) Do enuff so that they completely cover the surface, and then drop in a couple more so it looks like this: { } { } / \ ( ) | | |oooooooooo| <- Dah Aluminum Ballz |±±±±±±±±±±| |±±±±±±±±±±| |±±±±±±±±±±| <- Dah H2O |±±±±±±±±±±| |±±±±±±±±±±| `----------' 5) Take the can of Drano and your bottle and you cap to the site where you want to let it off. 6) Clear the area of any small children and pets. 7) Get a friend to hold the bottle and get ready to cap the top. 6) Pour Drano in until you can feel it getting hot and it starts to bubble. 7) Quickly, put the cap on the bottle TIGHT. 6) Shake it TWICE. These take anywhere from 30 seconds to 2 minutes to go off, so don't sit there shaking it for 3 minutes. 7) Drop/Throw and run about 10/20 metres away so you don't get sprayed. This should blow in anywhere from 30 seconds to 2 1/2 minutes. Some fly into the air, some just make a boom. The way this thing works is that the water reacts with the Drano, but the process is accelerated by the excessive amounts of aluminum foil in there. You'll notice when you use Drano normally, your pipes get really hot. This is essentially the same thing, except the bottle isn't open-ended to let the force out. You'll also notice that when you look into the crystal Drano, you see little bits of metallic stuph. That's aluminum. Hence, if we put more aluminum foil in it, the reaction will be sped up. NOTEZ N STUPH: ~~~~~~~~~~~~~~ Most people say "Drano? I don't have no Drano! Our drains don't clog!". What I say to this is open up your cupboard and check... My house is the only house I have ever been to that doesn't have Drano. Crystal works way better than Liquid, but I SUPPOSE this will do if you have nothing else. The reason I say a plastic pop bottle is kinda obvious... when a Everfresh bottle blows up, it sprays phragments of this little thing called _glass_. The plastic won't phragment, so you can stand where you can see the bomb if you're not using glass. Water: go to your local sink and rotate the right tap thingy counter- clockwise. Collect the substance that comes out. It is possible to do it yourself... I have done this many timez when my friends were too chickenshit. You can also use a 2L bottle, but these take MUCH longer to go off. And about half the time, the plastic melts before it gets a chance to build up enuff pressure to blow. REMEMBER: THIS BOMB IS CORROSIVE. My friend, who didn't know the dangers of corrosive acids, kicked the already blown bomb at me and it burned right through my shirt. If this happens to you, it will start to feel like you have all kinds of needles poking. Run home or to the nearest store and pour milk on the spots. acid+base=neutralized. DO NOT TOUCH THE BOMB AFTER IT HAS GONE OFF. You are liable to burn your skin off. I think that's it... Have phun! [Editors note : Drano is almost entirely made up of lye. An extremely caustic substance that used to be produced as a by product of limestone. I can't remember what the chemical name of it is. But it is easy to find out (check a library). Just so you non-Canadians can have fun aswell ! - HarLeQuin] +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Carding During The Holiday Season ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by "BLEACH" Special Thanx To Weezer For Giving Me This Idea DISCLAIMER: This file is strictly for information purposes. If you are caught for doing anything in this file, then "BLEACH" will not be hold responsible. The information itself is not illegal, but if you do this then you will be commiting a crime. Also, this is how it is in the USA. It may not be like this in any other country. Carding. The thing that holds the worst reputation in the H/P community. Many Hackers and Phreaks believe that it is the Fraudulant use of a Credit Card that makes our cause look bad. Even though many of them say it, many of them do it too. I am not saying that carding is right or wrong. It is stealing, but if it is for your cause then you should do it. The Holiday Season is the best time to do this. There are many reasons that this Holiday season is a great time to card. The first reason for this is the stupidity of the stores during the Holiday Season. Where I live I have a few friends who enjoy trashing for shitloads of things,(I myself do not like trashing because sometimes it is too much trouble for what it is worth). But when my associate, (who shall remain nameless), made a good discovery. He has been trashing for some while and he usually finds ripped up receipts which he tapes together and gets the card information. Well like two weeks ago when the Christmas shopping season started here, he went carding. I received a phone call from him from a payphone. When I talked to him, he told me that the receipts weren't ripped. I ended up thinking this was a fluke, but it has been like this ever since and doesn't show any signs of stopping. The only thing better than not ripped up receipts, is not ripped up receipts during the holiday season. The reason for that statement is that during the Christmas Season, more people purchase things with Credit Cards, so there are even MORE receipts. The second good reason is that stores are busier during the Holiday season. When a store receives many orders at once, and they need to ship them out next day air, or second day air, then they have even less time to check out the Card then they did before. This does not mean you can't get caught, it is just stating that the chances are lower. I would recommend trashing at a store with either a lot of Credit Card orders or a store that you think you would like to card from. The explanation for the first part is self explanatory. The places with more Credit Card orders means more receipts. Now the second part is basically somewhat simple too. When you receive credit card receipts from people who shop at the store that you wish to card from, then it will be easier to receive what you wish. When someone purchases something from a store and pays for the order and does not show that they have bad credit, then the store will let them purchase more from there and deliver it quicker. This is because the store trusts you and wants to keep you as a customer. The final part is probably the most important thing in all of carding, and that is the drop off point. At the drop off point you want to make sure either the house is empty, or the people are at work while the delivery comes. If you decide to use an empty house, don't use a house that anyone would know it was empty from a mile away. Things that give it away are large windows with no shades what so ever, Grass that is very high, and any real bad damages, (broken windows,trashed siding, etc). Stay away from those types of houses. We once sent something to an empty house and the UPS delivery guy would not drop it off because the house seemed too empty. You also want to be positive that the house IS empty. If you assume the house is empty and never look into it then you could be wrong. This is all spoken from experience. One of my associates carding a nice pair of expensive roller blades. He sent it to what he thought was an empty house. He thought they never delivered it. Like two weeks later he found out that some old lady received a pair of brand new, expensive roller blades, and was freaking out because she never ordered them. The more dangerous way of getting caught through a drop off point, but more likely for the product to be delivered is sending it to a house where some- one lives, but does not get home until after all the delivery men are usually through with their routes. This is a good plan because you can simply leave a note on the door for the delivery guy and they will be less suspicious. You can easily get caught doing this though. I mean, fate fucks you over sometimes and the person can be home sick one day. If the person is home one day, then they can just set you up to try to pick up the package. That happened to another associate of mine. He went into their yard to pick up the package. He almost had his hands on it when the guy came running outta the house yelling that he was going to call the cops and shit like that. Thankfully my associate got away without getting caught. Another great thing about carding in the Holidays is the drop off points are easier. If you live in the Northern US, or anywhere else in America where it gets cold, you must know about the wealthy senior citizens who go down south like birds for the winter. This leaves a nice empty house that does not look suspicious. Again, I am not saying that you couldn't be caught, just the chances are lower. Carding should not be looked on as the scourge of hacking. It just should not be over used with greed. Also card smaller things. You definitely do not want to get caught and slapped with a grand theft charge. That's all for now. "Keep the information free." "BLEACH" CiTR0NiC/SOB/HAVOK/KoV +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Last Temptation of Zircon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Zircon [I had to publish this 'cos it was so damn funny ! You'll never be able to look at a pudding again without laughing ! Zircon certainly has a way with words - HarLeQuin] Standing, undressing her with his eyes, Vixen can feel a rush of pleasure rush over her body as Zircon begins to gently corress her earlobe with his tounge. She turns around in a slow and passionate movement and jumps into Zircon's arms as he procedes to the bed. Slowly lowering her to the matress, Zircon begins to peel off the skimpy layer of silk she has covering her body. Starting at her tracia, Zircon slides his steaming tongue down her perfectly smooth body. She begins to heat up and can feel herself panting. She reaches out at Zircons jeans and madly begins to tear them off. Grabbing wildly at his waits, she thrusts him forward and forcefully throwing his meat axe into her love pudding. Rolling around on the matress they fall of as one, and tumble onto the hardwood floor, where they proceed to do the horizontal mombo for hours on end! Zircon '94 (uhhh hhh hhh iii vixxxennn) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ @ @ UK Cellular billing: @ @ Talkland/Talkview info @ @ by @ @ ><-Phyle @ @ @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ --- According to their own promotional material Talkland is the largest independent Service Provider in the UK, and one of the reasons they give is their billing schemes for customers. This little article is designed to give you an insight into how detailed the cellular billing is, and in turn will highlight how they can trace calling patterns etc. on stolen ESN/MIN pairs for example. Talkland will send their monthly bill on floppy disk free of charge (the "Talkview interactive billing system") which can be analysed on their own custom installed s/w to increase ease of accounting. The bill can take many forms, so here we go with a few short examples of how that poor business customer's bill looks once you and your friends have placed all their calls for the month on his/her ESN/MIN pair... The s/w, Talkview, is capable of presenting billing information on 5 hierarchical levels - by company, division, department, cost centre and individual user. Of most interest to cell phreaks is the fact that, to quote, "All calls across all mobile phones can be broken down by date, most frequently dialled number value and so on. As much or as little information as you require." This is NOT good news! If for example you placed 25 calls to Harl from your standard residential line one month, then the next month you called him 0 times on this line, but 80 times using your stolen BT Cellnet ESN/MIN pair...BT can easily spot calling patterns like this and also from identifying the cell stations the calls were placed through they can locate the general area the calls were placed from. This information should at least provide them with a suitable suspect for closer inspection, and that's the last thing we want...be sensible. Here's an example screen from Talkview's billing information:- -*- start -*- 1 Apr. 1994 Talkview 12:40:13 Spooled Reports ------------------------------------------------------------------------- Handset Summary Report from 01/09/94 to 02/10/94 ------------------------------------------------------------------------- Report is detailed at Handset level. Company : Citronic Division : H/P Department : 31337 Account No. : 74283 <----------- Call Costs ------------- Handset | IDD. STD. Special P/W Total ------------------------------------| ------ ------- -------- ----- ----- 0831123456, H. ARL | 1.80 58.93 3.65 0.00 64. 0831234567, C. ITRONIC | 0.00 63.38 13.79 0.00 92. 0831345678, P. ULSE | 0.00 35.18 1.87 0.00 42. 0831456789, A. PHREAK | 0.00 44.85 3.04 0.00 47. 0831567891, A. HAQER | 0.00 27.51 0.38 0.00 29. -*- end -*- Now the above method of billing display doesn't present your average cell phreak with any problems, as only the set user (employee)'s calls are shown, but of course this will highlight abnormal use as records are easily compared on a month-to-month basis using the Talkview software. The next screen will show you where the problems arise:- -*- start -*- 1 Apr. 1994 Talkview 12:45:37 Spooled Reports ------------------------------------------------------------------------- Dialled Number Analysis Report from 01/09/94 to 02/10/94 ------------------------------------------------------------------------- Company : Citronic Division : H/P Department : 31337 Account No. : 74283 Handset | Number | Destination | Volume | Cos ----------------------|--------------|---------------|--------------|---- 0831123456 | 0513562145 | Horsham | 13 | | 0464312864 | Broxburn | 6 | | | | | 0831234567 | 0222818234 | Cardiff | 8 | | 0181452877 | Ashtead | 22 | | 010341234567 | *Barcelona,SP | 12 | | 0465611729 | Broxburn | 9 | | 0532692004 | Bromsgrove | 42 | -*- end -*- From this snippet of a screen in this billing presentation mode you can see instantly that each call 'from' (or apparently from!) each single handset is logged, the volume of calls to each number is shown also, so the example given earlier of 80 calls to Harl on (eg) 0123 456789 would stand out like a radioactive kipper, especially when checked against the previous months billing information. It has long been believed amongst cell phreaks that if they are using an ESN/MIN pair from a large company that they will blindly pay their bill and your extra calls will, within reason, be paid and subsequently forgotten about. From the (quick) research I've done it would appear that this is not the case...at the press of a key a manager can check the calling patterns of all the phones registered to his firm, and if you did indeed call your mates several times voice using a pair billed to the aforementioned business he can spot it with great ease and those parties you called illegally can expect to hear from either the manager himself or a representative of Talkland (or whichever service provider you've defrauded). Better hope your mates can keep their mouths' shut! Basically the rules are simple: calls to modems are probably ok (like everything, in moderation) as when checked against no-one will answer voice and be subjected to a modern-day spanish inquisition. Voice calls to a fellow phreak should be kept to a minimum over this medium, unless you're feeling particularly suicidal. Cellular telephone fraud is costing the service providers a great deal of money, and they will go to some considerable length to track and prosecute offenders...bear this in mind and resist the urge to call all your friends 5 times a day to tell them that your new OKI and stolen ESN still works, and that all your calls are FREE!!! Stay safe and free. --- Contact address/numbers:- Talkland International (UK) Limited Registered Office: 37 Old Queen Street, London SW1H 9JA Corporate Marketing, Pembroke House, Banbury Business Park, Aynho Road, Adderbury, Oxon OX17 3NS. Telephone: 0295 815000 Fax: 0295 815082. For your FREE (thanks!) Talkview demonstration diskette (in attractive plastic presentation case...) call: 0800 36 37 38. --- If you would like to contact me, X-Phyle, for any h/p-related reason, you can e-mail me at:- an142445@anon.penet.fi -: Get in touch if you think I could help you out or want to ask a (simple!) question... --- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Dah Last Bit ~~~~~~~~~~~~ For the next issue we'd kinda like submissions on the following subjects:- Hacking Phreaking Comment/Opinion kEwL Koding tricks Amusing Pranks/Gags Things that go KaBoom! Cellular Hacking/Phreaking Interesting ways of Imbibing Dope Errmmmm, same as last time really !!! And remember to check out WPoS as it comes out ! You won't regret it ! You know what we're after, anything will be considered (and probably published) so get tapping. The CiTR0NiC Journal is now uploaded to corrupt.sekurity.com /pub/incoming Also we have a dutch distribution site... Arrested Developement +31.77.547477 Hacking - Phreaking - Virus - Anarchy Sysop: Omega From the land of legal gear, comes a BBS of dopetastic proportions... So get it there ! It is also a bot on IRC called lamerbot usually on the #virus channel has loads of hack/phreak/virus stuff on it aswell. Check us out in the misc-zines directory. /msg lamerbot help gets you started. PLEASE NOTE: Although at the moment the CiTR0NiC Journal is coming out monthly, it is *not* a monthly journal, it is published whenever there is enough material to justify an issue. So instead of nagging me and stuff (although that works as well!) writing an article will get the next issue out sooner ! Drop us a line. Even if ya just wanna say Hi or ask a question. As you may of guessed we're not the sort of ppl who flame others because of our elitist fantasies. H/P is about communicating ! (and writing articles for CiTR0NiC !!!) Mail the address below or catch me as Harl on IRC usually wasting my life hanging around #Phreak, #Virus and #Citro If yer gonna write an article, don't write bullshit. In other words, if you want to write on how to do something, then make sure it works... Personally I have tried and tested everything that I have written about. So if you're gonna write 'How to build a nuclear bomb', get yer toolkit out before hand ! Also, I have written a CiTR0NiC World Wide Web page but... I need an account to put it on. So if anyone can donate me an account I would be eternally grateful. The only problems are that it has to be a legit account (as I don't want it go down after a few weeks) and it must allow WWW access, but apart from that.... It'll only need about 500k - 1Meg quota... Oh, and anyone who can do a decent ASCII banner for the journal (that I can read !) will get a a mention in CiTR0NiC (and therefore memberz of the opposite sex throwing themselves at you for the rest of your life) and a 15m Swimming Certificate. BTW, a female hacker mailed me saying that the boys in her school found out that she had the CiTR0NiC Journal on her hard-drive and can now hardly walk down the corridor without some boy offering her the chance of making love to him in a swimming pool full of jelly (that's jello to the yanks). Also one fatality occured when a man walked into a niteclub with a 'eYe cHiLLeD wItH tHe CiTR0NiC dewdz' T-shirt on and was immediately swamped by scantily clad women trying to rip his T-shirt off with their teeth. eYe LiE n0t !! (mAyBe) For the terminally stupid our e-mail address is once again... an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi [EOF]