=================================
[> HACKERS DIRECTORY VOLUME 3  <]
[> COMPILED FOR YOU BY,        <]
[> HACKER SUPREME, THE CARTEL  <]
[> And THE 'NIN TEMPLE'.       <]
[> Master - NINJA SQUIRREL /+\ <]
=================================

=======================================
[ Hack Copyright: Hacker Supreme 1986 ]
=======================================

****************************
***  HACKING TECHNIQUES  ***
***     By:  LOGAN-5     ***
***   (Hacker Supreme)   ***
***       From the       ***
***   Inner Circle book  ***
****************************

1) CALLBACK UNITS:

Callback units are a good security device, But with most phone systems,
it is quite possible for the hacker to use the following steps to get
around a callback unit that uses the same phone line for both incomming 
and out going calls:First, he calls he callback unit and enters any 
authorized ID code (this is not hard to get,as you'll see in a moment).
After he enters this ID, the hacker holds the phone line open - he does 
not hang up. When the callback unit picks up the phone to call the user back,
the hacker is there, waiting to meet it.

 The ID code as I said, is simple for a hacker to obtain, because these 
codes are not meant to be security precautions.The callback unit itself 
provides security by keeping incomming calls from reaching the computer.
The ID codes are no more private than most telephone numbers. Some callback 
units refer to the codes as "location identification numbers," and some 
locations are used by several different people,so their IDs are fairly 
well known.I've been told that, in some cases,callback ubits also have 
certain simple codes that are always defined by default. Once the hacker 
has entered an ID code and the callback unit has picked up the phone to 
re-call him,the hacker may or may not decide to provide a dial tone to 
allow the unit to "think" it is calling the correct number. In any event,
the hacker will then turn on his computer, connect with the system - and 
away he goes.If the however, the hacker has trouble holding the line with 
method,he has an option: the intercept.

The Intercept: 
 Holding the line will only work with callback units that use the same 
phone lines to call in and to call out.Some callback units use different
incoming and outgoing lines, numbers 555-3820 through 555-3830 are dedicated 
to users' incoming calls, and lines 555-2020 through 555-2030 are dedicated 
to the computers outgoing calls.The only thing a hacker needs in order to 
get through to these systems is a computer and a little time - he doesn't 
even need an ID code. First,the hacker calls any one of the outgoing phone 
lines, which, of course, will not answer.Sooner or later, though, while the 
hacker has his computer waiting there, listening to the ring, an authorized 
user will call one of the incomming lines and request to be called back.
It will usually be less than an hours wait, but the hacker's computer 
is perfectly capable of waiting for days, if need be.

 The callback unit will take the code of the authorized user, hang up, 
verify the code, and pick up the phone line to call back.If the unit 
tries to call out on the line the hacker has dialed, the hacker has his 
computer play a tone that sounds just like a dial tone.The computer will 
then dial the number given that matches up with the user's authorized ID.
After that,the hacker can just connect his computer as he would in any 
other case.If he is really serious,he will even decode the touch tones 
that the mainframe dialed,figure out the phone number of the user the 
system was calling, call the person, and make a few strange noises that 
sound as though the computer called back but didnt work for some reason.

2) TRAPDOORS AS A POSSIBLILITY

 I haven't heard of this happening, but i think it is possible that a 
callback modem could have a trapdoor built into it.Callback modems are
run by software, which is written by programmers.An unscrupulous programmer 
could find it very easy to slip in an unpublicized routine, such as, 
"if code =_43_%2c/index.html then show all valid codes and phone numbers." And such a 
routine, of course, would leave security wide open to anyone who found the 
trapdoor.The obvious protection here, assuming the situation ever arises,
is simply an ethical manufactorer that checks its software thoroughly before 
releasing it.

 A trapdoor is a set of special instructions embedded in the large 
program that is the operating system of a computer.A permanent, 
hopefully secret "doorway", these special instructions enabe anyone who 
knows about them to bypass normal security procedures and to gain access to 
the computer's files.Although they may sound sinister, trapdoors were not 
invented by hackers, although existing ones are certainly used by hackers 
who find out about them.

3) THE DECOY

 One of the more sophisticated hacking tools is known as the decoy, and it 
comes in three versions.The first version requires that the hacker have an 
account on the system in question. As in my case,the hacker has a 
low-security account,and he tries this method to get higher-security 
account.He will first use his low-security account to write a program that 
will emulate the log-on procedures of the systems in questions. 
This program will do the following:

*- Clear the terminal screen and place text on it that makes everything 
look as if the system is in charge.

*- Prompt for, and allow the user to enter, both an account name and a password.
*- Save that information in a place the hacker can access.

*- Tell the use the account/password entries are not acceptable.

*- turn control of the terminal back over to the system.

The user will now assume that the account name or password was mistyped 
and will try again...this time (scince the real operating system is in 
control) with more success.You can see a diagram of the way these steps are 
accomplished

 ___________________   
 |   Clear Terminal   |
 |       screen       |
 |____________________|
           ||
  _________||_________
 |  Print Compuserve  |
 |      Computer      |
 |_____ Network ______|
           ||
  _________||_________
 |   Print "ENTER     |
 |     PASSWORD"      |______
 |____________________|      |
          ||                 |
 _________||_________        |
 |  PASSWORD ENTERED? |__NO__|
 |____________________|   
          ||_YES
 _________||_________
 |   SAVE PASSWORD    |
 |    INFORMATION     |
 |____________________|
          ||
 _________||_________
 |   PRINT "LOGIN     |
 |     INCORRECT      |
 |____________________|
          ||
 _________||_________
|   LOG OFF/RETURN   |
|    CONTROL TO      |
|  OPERATING SYSTEM  |
|____________________|

 4) CALL FORWARDING

 Many people use call forwarding by special arrangement with the phone 
company.When a customer requests call forwarding, the phone company uses 
its computer to forward all the customers incomeing calls to another 
number. Lets say, for example, that you want calls that come to your office 
phone to be forwarded to your home phone: A call from you to the phone 
company,some special settings in the phone companys computer, and all 
calls to your office will ring at your home instead.This little bit of help 
from the phone company is another tool used by hackers. Lets say you thought 
that the computer you were hacking into was being watched-because the 
sysop might have seen you and called the fed's and your sort of bugged by 
this nagging feeling that they will trace the next hacker that calls, 
just call the phone company and ask for call forwarding, pick a number, 
(ANY NUMBER) out of the phone book and have your calls forwarded to that 
number,Hea,Hea, the number you picked is the one that will be traced to,
not yours, so you could be hacking away,they think that they have traced you, 
but actually the number you had your calls forwarded too. they enter chat mode
and say (YOUR BUSTED!!!!, WE'VE TRACED YOUR PHONE NUMER THE FEDS ARE ON THE 
WAY!!), You could reply (Hea, SURE YA DID! I'D LIKE TO SEE YA TRY AND GET ME! 
GO AHEAD!) ,that wont seem very important to them at the time, but it will 
sure piss them off when they bust the wrong guy!  

5) RAPID FIRE

 Memory-location manipulation can be helpful, but there is another, more 
powerful,possibility, in some cases: the Rapid-fire method.To understand how 
this methos works, you have to know something about the way operationg 
systems work.When a user enters a command, the operating system first places 
the command in a holding area, a buffer, where it will sit for a few 
millionths of a second.The system looks at the command and say's "Does this 
person really have authorization to do this, or not?" Then, the command 
sits there a few thousandths of a second while the system runs off to 
check the user's authorization.When the system comes back to the command, 
it will have one of two possible answers: "OK, GO AHEAD," or "SORRY, 
GET PERMISSION FIRST."

 Once you are on a system that handles things this way, you can use the 
rapid-fire method to change the command while its sitting in the buffer,
waiting to be executed. If you can do this,you can do anything.You can enter 
a command that you know will be approved, such as "tell me the time." As soon 
as the system runs off to verify your right to know the time,you change 
the command in the buffer to something you know would not be approved-perhaps
"give me a list of all the passwords." When the system comes back with an 
"OK, go ahead," it responds to your second command, not the first. Of course,
this exchange has to be done very rapidly,but most systems existing today 
can be fooled by this trick. The question is,how easy is it to do, and how 
much authority do you need? I know of one system that let this one slip.

These are certainly not all the hacker's little secret tricks and tool's,
You will probably figure out some better, more efficiant,hacking techniques.

GOOD LUCK!!!!!!
L O G A N - 5
------------------------------------------------->

                 How to fight Sprint Security

     Well  friends,  Sprint has declared war on the phone phreaks 
and  is  starting to set traps,  trace lines,  and  question  the 
SYSOPs  of  BBS  systems.   I thank that this has  gone  on  long 
enough!     It  time we start to fight back. What I would  suggest  is 
that  everybody find five or ten access codes and put these on  a 
flyer  with a local access number and instructions on how to  use 
the system and how to find more codes.  Next, make a LARGE number 
of  copies  of  this  flyer  and distribute  them  as  widely  as 
possible.   Put  them on cars in the school parking lot,  in  the 
local phone booths, on bulletin boards around colleges, etc.
     If Sprint starts experiencing a VERY large number of ripoffs 
then a number of things could happen.  The bright boy in security 
who decided to start the crack-down may get fired,  paying custo-
mers may get fed up with the huge  bills,  SPC may make the codes 
longer  and thus lose customers because of the  inconvenience  of 
the  longer  codes.   In any case,  SPC will have so many  people 
using the system for free that the chances of them getting anyone 
of us is so small as to be insignificant.

So, you've decided that you'd like to try to down an RSTS system? Well,
here's a beginner's guide: The RSTS system has two parts, the Priviledged
accounts, and the User accounts. The Priviledged accounts start with
a 1 (In the format [1,1], [1,10], etc. To show the Priv.
accounts we'll just use the wildcard [1,*].)
        The priviledged accounts are what every RSTS user would
love to have, because if you have a priviledged account
you have COMPLETE control of the whole system. How can
I get a [1,*] account? you may ask....Well, it takes A LOT
of hard work. Guessing is the general rule. for instance,
when you first log in there will be a # sign:
        # (You type a [1,*] account, like) 1,2 It will then say Password: (You 
then type anything up to 6 letters/numbers Upper Case only) ABCDEF
  If it says ?Invalid Password, try again ' then you've not done it YET
Keep trying.
 
  Ok, we'll assume you've succeeded. You are now in the priviledged account of
an RSTS system. The first thing you should do is kick everyone else off
the system (Well, maybe just the other Priviledged users)....You do this with
the Utility Program.
        UT KILL (here you type the Job # of the user you'd like to get out of
your way). If the system won't let you, you'll have to look for the UTILTY
program. Search for it by typing DIR [1,*]UTILTY.*Now, you've found it and
kicked off all the important people (If you want you can leave the other people
on, but it's important to remove all other [1,*] users, even the Detached ones)
To find out who's who on the system type SYS/P- (That will print out 
all the privileged users). Or type SYS to see Everyone. Next on your agenda is
to get all the passwords (Of course). Do this by run $MONEY (If it isn't there,
search for it with DIR[1,*]MONEY.* and run it using the account where you
found it instead of the $)  There will be a few questions, like Reset? and
Disk? Here's the Important answers.Disk? SY (You want the system password)
Reset? No (You want to leave everything as it is) Passwords? YES (You want the
passwords Printed) There are others, but they aren't important, just hit a C/R.
There is ONE more, it will say something like Output status to? KB: (This is
important, you want to see it, not send it elsewhere).
 
        Ok, now you've got all the passwords in your hands.
Your next step is to make sure the next time you come you can get in again.
This is the hard part.
   First, in order to make sure that no one will disturb you, you use the
UTILTY program to make it so no one can login. Type UT SET NO LOGINS.
(also you can type UT HELP if you need help on the program)
 Next you have to Change the LOGIN program....I'm sorry, but this part is fuzzy
Personnally, I've never gotten this far. Theorectically here's what you do:
Find out where the program is, type DIR [1,*]LOGIN.* If there is LOGIN.BAS
anyplace, get into that account (Using your password list, and typing HELLO
and the account you'd like to enter). On the DIR of the program there is a date
(Like 01-Jan-80). To make it look good you type UT DATE (and the date of the
program). Next, you make it easy for yourself to access the program. You type
PIP (And the account and name of the program you are changeing)
<60>=(again thename of the program).
Now what you do is OLD the program. Type OLD (Name of the program)
Now that is all theoretical. If anyone runs into problems, tell me
about it and I'll see if I can either figure it out or get someoneelse to.
 Next thing you want to do is LIST the program and find out where The
input of the Account # is. To get this far you have to knwo a lot
about programming and what to look for..Here is generally the idea, an idea is
all it is, because I have not been able to field test it yet:
Add a conditional so that if you type in a code word and an account # it will
respond with the password. This will take a while to look for, and
a few minutes to change, but you can do it, you've got that RSTS system
in your back pocket.
 Let's say you've (Somehow) been able to change the program. The next thing
you want to do is replace it, so put it back where you got it
(SAVE Prog-name), and the put it back to the Prot Level (The # in the <###>
signs) by typing PIP (Prog name)<232>=Progname (Note, in all of this, don't
use the ()'s they are just used by me to show you what goeswhere).
Now you've gotten this far, what do you do? I say, experiment! Look at all the
programs, since you have Privilged status you can analyze every
program. Look around forthe LOG program, and
find out what you can do to that. The last thing to do before you
leave is to set the date back to what it was using
the UTILTY program again Up DATE (and the current date).
-----------------------------------------------------------------------------
Another Great Directory from Hacker Supreme. (Ninja Squirrel /+\, Logan - 5,)
                  (Zaphod Breeblebox, Silicon Rat, Lord Vision, Crazy Horse.)
-----------------------------------------------------------------------------