ch4x0rzine #5 - "canada h4xor" e-zine devoted to hacking/phreaking in Canada. This issue includes: how to spoof your own IP, a perl http server, editing the NT register, DMS 100 and blue boxing prevention, and more.. ch4x web site, thanks to phaceman.
8c97e9e7c0fa29dbd77013790399c44943432970233ec9169479ed4dafcc94cf
"I got the profound sound hitting the underground like my graffiti skrawl
infiltrating the subway tunnel walls as fast as hoes raiding malls peeping
studs with shaved balls." -mcSQUARED, toronto.
ch4x0rz1n3 # 5ive : summer, 1999 - August.
- werd up! them federals got my house and my phone tapped -
#5 #5 #5 #5 #5 #5 #5 #5 #5 #5
#5 #5 #5 #5 #5 #5 #5 #5 #5 #5
_______________ ._______ _____ _________ ____
./ D /./ E /. / M /./ O ` S \. / ! /.
./ _______ /./ /. / /_/ /\ \./ /.
./ /. / /./ /______ /..\ X /.
.\ \ . \__/./ /_ /. .\ \.
.\ \_________/ ___ /./ /. ./ X \.
.\ /. / /./ /. ./ /.\ \.
.\_______________/. /____/./_____/. ./____/. \_____\.
aSCiI by demos
#5 #5 #5 #5 #5 #5 #5 #5 #5 #5
#5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5
- praying that i fall for their mouse trap - I DOUBT THAT -
ch4x0rz1n3 number 5.416313372600666-0d4y.txt
* The one and only MEGA 'zine from Toronto *
/:La table des contents (I dropped French in gr. 11):\
----------------------------------------------------
1. IRC Logs, Anyone?
2. Getting even with Bell Canada : korben
3. h0w t3w sp00f y0ur 1p : hackcanada.c0?
4. PERL HTTP server c0d3 : telex
5. Editing Windows NT Registry : coffee
6. GETTING QUARTERS FROM COKE MACHINES : radead
7. DMS 100 and BlueBoxing Prevention : di9ital
8. Conclusion : demos
ch4x members that bring you the juarez
|------------------------------------------|
| demos coffee buz |
| faceman telex radead |
| korben hexnix di9ital |
|------------------------------------------|
[ what is ch4x ? ]--------------------------------------------------------
ch4x : canada h4xor, canadian h4xors ; writers of ch4x0rz1ne - an online
periodical devoted to spraying the l4x.
"spraying the l4x" : A term used in mcSQUARED's rap. Also, the process of
talking shit, having fun, and spreading information. Remember, l4xatives
cause servere bowel movements.
People who host us / where to find us :
www.lucidx.com/ch4x
www.t00ned.org/ch4x
https://ch4x.dhs.org (will be up soon)
IRC, EFnet : #ch4x
music : "When I make the girls wet, they're like hose" -mcSQUARED, mix
mast0r mike, DJ Qbert, circle research, wax manipulatorz, rawkus records,
monolith, company-flow, CHIN, CKLN, CIUT, puff daddy 2000, backstreet
boys, sonny & cher.
beverages : windex, rubbing alcohol, varnish, toronto tap water in the
summer time.
ladies : > 500 pounds, moustache, beard, smoker, must be manager of an
Arbys restaurant, or an employee of Coffee Time working the midnight shift
who gives us free donuts.
[ w0rd up goes out to ]---------------------------------------------------
hexnix, mojo, neural, majestic_12, jenzza, backardi, packetstorm security,
z28-, b4b0, telex, ninex.com homiez, #9x, lucidx.com, CommPort5,
substance, gob, dap, shamus the crazy ass bum who helps me sell mustard
and relish packets on the street corners, all superficial teenie-bopper
bimb0ez who i dont wanna gn0wez, skeptik, badsector, m4x1m, icephreak,
kernel (toronto), son-doobi, ninjalicious and the whole infiltration.org
team, all #ch4x regulars and supporters, elux, the 8 year old kid i seen
at the Canadian National Exhibition wearing an "INTERNET CYBER 2000"
shirt, circle research & household insomnia for keeping Toronto hip-hop
alive - mondays 12am-5am 100.7 FM.
[ uh, fuck you ]----------------------------------------------------------
all #conf fucks who feel that somehow throwing a conference everyday
prooves how skilled they are, #toronto morons who feel that they can
actually mack these so-called "girls" (who we all know are 13 year old
boys whacking off to their cyber sex logs), #toronto fools who
think they're elite because they're running Red Hat (which they
read about in "Toronto Computes" - the magazine entitled to reviews on
Netscape plugins, etc.), suburban kids who think they're all political /
intelectual when they discuss issues such as Toronto's homeless when
ironically enough, the homeless would tell them to fuck off if they
approached them! I hope you get the low down on rather ch4x would like you
or not.
OK OK, so i dont know all the people I might have listed here, but its the
impressions i get from those who ruin it for them which cause me to throw
out such a high volume of disrespect.
[ Whats New ]-------------------------------------------------------------
Welp here I am, masta demos - your new editor/producer/pr0n-king for
ch4x0rz1n3 due to phaceman's recent vanishing off the bremeuda
triangle.
Well, welcome to the long awaited ch4x0rzin3 #5. I have to thank all the
new people hanging with us, and making the zine even more possible with
their support! I've been really busy, so I have not been able to write
any articles, however, I do promise at least two good articles for ch4x #6
- October 1999.
Anyways, it is now time to sit back, relax, and get jiggy with IT. "IT"
being your hand covered with the KY Jelly you stole from your momma'z
yeast infection prevention/remedy kit.
[EOF]
.--[ IRC Logs, Anyone? ]--------------.
| |
| ch4x0rzine #5 | ----------------------[ 0-d4y ]-
`---------------------------------------'
[13-Sep:22:44 fib] why would you tell THE MEDIA?
[13-Sep:22:44 demos] because
[13-Sep:22:44 BadSect0r] change you i to an e
[13-Sep:22:44 demos] we wanna look elite
[13-Sep:22:44 BadSect0r] fed
[13-Sep:22:44 demos] like 2600
[13-Sep:22:45 fib] (the answer: to be big rock stars)
[13-Sep:22:45 fib] which you aren't
[13-Sep:22:45 demos] ok
[13-Sep:22:45 demos] then why you following us like a horny 14 year old
girlie?
[13-Sep:22:40 demos] DONT FIGHT
[13-Sep:22:40 Z28`-] cause i said
[13-Sep:22:40 demos] I PRESUME WE ALL HAVE PUBES
[13-Sep:22:41 demos] SO WHY WE ACTING LIKE WE DONT?
[13-Sep:22:41 BadSect0r] what are pubes!@#!@#!!!!@#???
[13-Sep:22:41 demos] doud
[13-Sep:22:41 Z28`-] 'Would the montreal gazette be interested in some
**exclusive* information or interview concerning the recent ******
hacks.'
[13-Sep:22:42 demos] those little white hairs that are growing on our
dinkeys.
[13-Sep:22:42 BadSect0r] hah
(please note that during this time on irc, my nick-name was "cock-girl")
brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* hey whasup?
*brwnguy* hi
*brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* hows it going?
*brwnguy* not bad
*brwnguy* you like white slut girls?
*brwnguy* i love brown cocks.
*brwnguy* they're just like white cocks when they come out my ass.
*brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* yea...well...I've only had nice
white cocks..
*brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* after I've been a nice white cunt...
*brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* so how old are you?
*brwnguy* 15
*brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* wooo...I think it would be
illegal for me to talk with you like that...
*brwnguy* well, you can get me nice and drunk and i wont remember a thing.
*brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* oh yea...you done that before??
*brwnguy* i always do it with older guys. no white guys though, they have
small dinkeys
*brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* yea....you liek the brown
throbbing rods huh? ;)
*brwnguy* yes, i do....can i have your phone number? im getting really
horny here.
[22-Aug:15:50 dr_phace] man i have cray-ZEE greens right now
[22-Aug:15:50 demos] DOOOOOOOOOOD
[22-Aug:15:50 dr_phace] and a whole fux0ring quarter of it too
[22-Aug:15:50 demos] I GOT GREENZ TOO
[22-Aug:15:50 dr_phace] which should last me until friday at least
[22-Aug:15:51 demos] UNDERWEARS THAT IS
[22-Aug:15:51 dr_phace] dude
[22-Aug:15:51 dr_phace] your scarboro cess is no comparison
[22-Aug:15:51 dr_phace] rofl
[22-Aug:15:51 demos] sess
*** [18-Aug:13:48] Joined #teenchat: {Mpty}
[18-Aug:13:48 GreenEyed] .......
[18-Aug:13:48 goodboy] linux you male or female
[18-Aug:13:48 demos] TEENIE BOPPERS - DO YOUR MOMMIES GIVE YOU QUARTERS
TO PLAY VIDEO GAMES, TEENIE BOPPERS?
*** Channel #jews created on Wed Aug 11 03:58:47 1999 EDT
[18-Aug:13:50 demos] Hey guys. whats up?
[18-Aug:13:50 demos] <--Alfred
[18-Aug:13:51 demos] E Neuman, that is.
*** Channel #phrack created on Fri Aug 13 04:28:15 1999 EDT
[18-Aug:13:52 dem0z-] Hey, tell route im going to fucking sandpaper those
gay tatoos of his off
[18-Aug:13:52 dem0z-] for raping my sister
[18-Aug:13:53 dem0z-] fuck that, hes getting the cheese grater.
*** [18-Aug:13:53] Kicked from #phrack by Antietam (Antietam)
*** Channel #phrack created on Fri Aug 13 04:28:15 1999 EDT
*** [18-Aug:13:54] Mode on #phrack by Antietam: +b *!*@*.idirect.com
[18-Aug:13:54 dem0z-] and Juliet, you fat fucking bitch....go fry some KFC
with the grease from your nose
*** [18-Aug:13:54] Kicked from #phrack by Antietam (strike three)
*** #phrack Sorry, cannot join channel. (Banned from channel)
*As we can see, this Antietam cat is quite the mad jokester*
[02-Sep:23:04] * Optel is away: Going to payphone to provision best
friend's phone line ;)
[02-Sep:23:04] -> *hexnix* for the flex on the four 57, yes
[02-Sep:23:04 hexnix] what a loser
[02-Sep:23:04] *hexnix!hexnix@24.66.0.49.on.wave.home.com* wtf?
[02-Sep:23:04 demos] HAHHAHAHAHHA
[02-Sep:23:04] *hexnix!hexnix@24.66.0.49.on.wave.home.com* flex on the
457?
[02-Sep:23:04 demos] thats going in ch4x 5
[02-Sep:23:07 Optel] What did the Bell reject (aka entourage employee) say
to the Bell technician?: That tech across the road sure if a
bitch...but she has nice cocots!
[02-Sep:23:08 demos] "if a guy steps on yer puma, just let it
sliiiiiiiiide"
[02-Sep:23:08 hexnix] entourage?
[02-Sep:23:08] -> *hexnix* wtf is this optel guy saying?
[02-Sep:23:08] *hexnix!hexnix@24.66.0.49.on.wave.home.com* he is quite the
nerd
[02-Sep:23:08 hexnix] WTF did you just say?
[02-Sep:23:08 Optel] anyway, i'm going to a payphone.. I need to service
provision the telephone network (the way I like it =))
[02-Sep:23:08 Optel] and root my friend's line
[02-Sep:23:09 hexnix] you must be quite the cool cat
[05-Sep:01:48 fib] packetstorm is busted
[05-Sep:01:48 demos] busted, eh?
[05-Sep:01:49 demos] is that what you guys call it in #glitterglam?
[05-Sep:01:49 fib] antionline threatened legal action and his archives
were deleted
[05-Sep:01:49 fib] packetstorm.harvard.edu was going to be the new one
[05-Sep:01:49 fib] but that's not working either
[05-Sep:01:49 Hawx] hey >DEMOS< who do you think is the best hacker in
here
[05-Sep:01:49 Hawx] ????????????
[05-Sep:01:49 Hawx] ????????????
[05-Sep:01:49 Hawx] ????????????
[05-Sep:01:49 telex] demos: securify.com/packetstorm
[05-Sep:01:50 demos] hawx : best hacker here = buz
[05-Sep:01:50 demos] buz once moved the location of mars with his skillz
[05-Sep:01:50 demos] telex : thanks.
[05-Sep:01:50 Hawx] cool
[05-Sep:01:50 Hawx] where did he move it?
[05-Sep:01:50 demos] Earth.
[05-Sep:01:53 fib] does chax release any 0day juarez?
[05-Sep:01:54 demos] yes
[05-Sep:01:54 demos] #5 is out soon
[05-Sep:01:54 demos] so wipe your sisters poon poon
[05-Sep:01:54 demos] in the mean time, that is.
[06-Sep:04:14 g1r|] if u fucked all satellites
[06-Sep:04:14 g1r|] u could make em read that it is
[06-Sep:04:14 g1r|] but they would catch ya
[06-Sep:04:14 g1r|] cause they all run by diff pewps
[06-Sep:04:14 g1r|] and ud have to go all round world
[06-Sep:04:15 demos] girl : if you fucked all satellites, you would have
many scrapes on yer cockaroo, or a wide pussy hole.
[06-Sep:04:18 demos] dude
[06-Sep:04:18 demos] when i grow up
[06-Sep:04:18 demos] i wanna be into the heavy metal scene
[06-Sep:04:18 di9ital] when it is just a green backround
[06-Sep:04:18 demos] and have a van
[06-Sep:04:18 di9ital] with some ferns
[06-Sep:04:18 di9ital] to look like a jungle
[06-Sep:04:18 demos] with an airbrused mural of
[06-Sep:04:18 demos] naked women with snakes wraped around them
[06-Sep:04:18 demos] v-shaped guitars
[06-Sep:04:19 demos] viking muscle men with swords
[06-Sep:04:19 di9ital] HAHAHH
[06-Sep:04:19 di9ital] LOL
[06-Sep:04:19 demos] heh
[06-Sep:04:19 di9ital] those dogs with chains on their necks
[EOF]
.--[ Getting Even With Bell.Ca ]------.
| |
| ch4x0rzine #4 | ----------------------[ 0-d4y ]-
`---------------------------------------'
Getting even and fux0ring with Bell Canada
-Korben.
-ch4x #5 @ www.lucidx.com/ch4x
Disclaimer: This article deals with Severe terrorist acts. I nor Ch4x
agree with such acts and would never do them, nor have ever done this in
the past. We cannot be held responsible for any actions you may take after
reading this. Nor can we be held responsible for any information in this
text. So Be It.
Holy fuck man. Wheres the Fucking 10 cents a minute when youre calling
from a fucking payphone. I recently visited Collingwood, an area 2 hours
away from Toronto and it costs me $3.30 a MINUTE worth of N-ACTS tones to
call home. Like WTF? It's 2 hours away. It should be fucking local or some
shit. Ok i understand, calling Vanuatu (Island in south Pacific) costs
10.55 a minute from a payphone. I understand it has to go through the
satellite and shit like that but a 2-hour drive? 3.30 a minute? Fuck That.
Fuckin' Bell Canada thinks they've got it made. They charge way too much
money for long-distance calls, three-way calls and regular service.
Like fuck that. Im paying 72$ a year (6$ max a month) for three way calls.
A service which costs Bell $0.00 to perform. Dont forget the $360 bux0rz
per year for regular service. So you say, "What can I do?"
Rob a fucking Remote.
[ Whats a remote ]--------------------------------------------------------
A remote is a small switch setup in residential areas or commercial areas
to switch small areas and alleviate pressure off the DmS-100's.
They are little huts about the size of a hotel room. Usually smaller.
You'll see them on the sides of roads, in fields, behind houses, basements
of skyscrapers, in the back of your local Pizza Pizza. (Really!).
They will often have a DMS-1U box or two out front with some heavy duty
fone wires connected off a pole.
[ What's in a remote ]----------------------------------------------------
Item List Retail Value Street Value
2 Vista 350 Meridian Phones $200-300 each $20-50 maybe
1 Switch (Usually DMS-10 or $5000-20000 $0
RSC systems)
Switch Manuals $20-50 $0
-Power Maintenance
-System Commands
-Hardware Support
Switch Configuration Sheets $0 $0
List of other Remotes!@! $0 $1
Robbing a remote does not get you very much profit. Maybe a free fone.
Move to next section.
[ How much does it cost Bell if I destroy a switch ]----------------------
$
2 Vista 350 Meridian Phones 500
1 Switch 10000
Wiring from outside into Switch 500
Technicians Pay to repair fone service 2000-3000
$24 per hour * 10 hours day
+ Bonus for Emergency and middle of
night. For 5 Technicians
Repairing damages to Internal building 3000
Wasted money in a Security Audit
into finding no one responsible 5000+
Days without fone for residents in area 1-2
Damages to company from Suing residents ???
-----
Total- $21,500
Now. Remember. I have never done this and never will do it. Probably.
This is just a way to repay Bell for all the great things its done for
you. btw.. This is NOTHING in DAMAGES compared to the same thing if you
did it at a CO. In a CO. You could create more than 1 million dollars
damage.
[ What shall I bring? How do I destroy a switch ]-------------------------
First, bring along a baseball bat, an axe, boltcutters(Optional), some
Gasoline some matches and a lot of nerves to be willing to do this.
Enter the Remote. Take the Vista Phone. Use your axe to destroy the pipes
and wires by the entrance door which lead to the fire alarm button. Smash
it good. Smash through the wires leading to the switch. Now take the
baseball bat and hammer away at the switch. Remember, You'll prolly want
to cut the power to the switch first. Sometimes there is a backup
generator there also. Smash that well. Before you take the gasoline and
light the place up. Go to the fence and make sure there is a safe get away
hole because that place will light up faster than Cliff Zarudny's cock
looking at a naked 5 year old boy. Use the bolt cutters to cut a hole in
the fence. Now go into the remote and pour the gasoline all over. Now take
the matches. And toss one in and run run run! If you want there to be no
evidence, stay in there as well. And let the fire burn the evidence in its
entirety. hhahaha. Actually dont do that. One less enemy of Bell Canada is
a bad thing. Yeah, make sure you get out quickly or dont light the thing
up at all. If youre not gonna light it dont pour gas because even if it
would be funny to have a Bell tech get toasted in there. That is not
funny. No deaths. Death is not good. Remember that, next time you think
you're gonna get on the news because Vandalism for a young offender is one
thing. Murder is quite another. Be cautious.
[ How do I get into the Remote ]------------------------------------------
Well, there is a barbed wire fence surrounding this small building and
there is a simplex(Combination), 5 digit passcode doorlock on the door.
Getting that info is up to you.
For us K-R4D l337 olsk00l b0yz from ch4x this is no problem.
Except the fact that Bell keeps giving out the wrong passcodes accidently
they are so unorganized you might get the right code. You might not.
If you have no life. Sit across the road for 1 week and watch the techs go
in and out the passcode will be 5 digits with 2 numbers being pressed at
the same time.
[ But Im an 31337 h4x0r. Not a vandal! ]----------------------------------
Fine. H4x0r away then, but you'll need a laptop running special terminal
software. Further info is in a manual you'll find in there.
You can't do much shit from a remote. If there is another computer in
there it will have access to Bell's intranet but the switch itself is
basically garbage and not the good garbage like the SPN CO's dumpsta, if
you know CLLI's. The value of the garbage may be slightly higher than the
garbage from Holy Chow Chinese food or some shit. btw... never go in a
chinese food dumpster ive learned from experience. Worst thing ive ever
done. Anyways, It has no links to other switches. Best thing? Maybe making
someones fone ring over and over again. Without being traced. I donno.
[ If Bell Security chases me what will I do. ]----------------------------
h0h0h0h0. Who cares. Don't just stand there and let your face go whiter
than the Masked h4x0r aka. BB elite h4x0r. himself.
"Buddy! Buddy! Come back here! I call police. I call police!"
Most Techs are fat, arrogant bastards who don't like exercise.
If you get caught in a Bell building and try to open the door, but see the
bottom of a coat and shoes there. GET those BRASS KNUCKLES ready!!!
hahhahahaha. (CO Party '99) Or claim your a DmS Apprentice who just
happens to be fixing computers in a CO at 2am. hahahahahahah. Sounds
familiar!!! Ok now im just rambling
Oh and remember, Vandalism, Computer Crime Fraud, Telecommunications
Fraud, Breaking and Entering, Tresspassing, Arson, and any other criminal
act I covered in this article is VERY VERY WRONG. DO NOT ATTEMPT ANY. I
have never done anything like this nor ever will. If you really want to
know I found all my remote switch information in a buried at the bottom
of a swamp in Alabama when I went watch di9ital marry his cousin.
YEE-HAH!
[EOF]
.--[ how to spoof yer eye pea ]-------.
| |
| ch4x0rzine #5 | ----------------------[ 0-d4y ]-
`---------------------------------------'
h0w t3w sp00f y0ur 1p
-members of hackcanada.com
-ch4x #5 @ www.lucidx.com/ch4x
"We ate diner with Emmanuel Goldstien, then kissed his feet, got really
drunk, and had gay sex!" -Hackcanada
[ Preliminariez ]---------------------------------------------------------
Yo y0 yo yO y0 yo y0 yo wa$$ up guyz, d1s iz d4 hackcanada.com cl1qu3
r00b1x c00b3 - 1f j00h a1nt part, d3n get d4 fuck 0ut! MUHAHAHA.
en-e3e-w4yz, d1s iz 0ur f1l3 4nd 1t w1ll t34ch j00h 0-day techniqu3z w3
l34rned @ defc0n d1s summ4r. p33p it!
[ ARE JAY ELEVEN (\/)4N1PUL4TION T3CHNiQUEZ ]-----------------------------
0k4y okay, d1s is by f4r the m0st brut4l m3th0d 0f sp00f1ng j3r EYE-PEA!
All y0u g0tta d0 is t4k3 th3 t3l3ph0n3 w1r3 fr0m j00r m0dem, and ch0p it
in 3 s3parate placez! Then, mix d4 pi3ces up r4nd0mly, and t4pe them
t0g3ther - but m4k3 sur3 d4t th3 r1ng / tip w1r3s d0nt t0uch any 0ther
w1res - JOOH DONT NEED EM!
4nyw4yz, wh3n y0u g3t c0nnect3d to d4 n3t, y0ur IP will b3 th4t 0f 0n3 0n
bell.c4, or 4ny 0th3r t3lc0 1n th3 st3nt0r 4ll1ance - y0u just g0tta yell
it t0 y0ur m0d3m. F0r example, 1f ey3 w4nt3d a BC Tel IP, I w0uld y3ll
"j0h t3l3ph0n, br1ng me d4 b33 c33 tell"
-cyb0rg/asm
[ WHISTLING TECHNIQUEZ ]--------------------------------------------------
EH YO SUP GUY DIS IS NOT AS LEET BUT IT MAKES IT SO YOUR IP IS WHATEVER
YOUR LOCAL HOST IS YEH YOU COULD MAKE EVERYONE ON THE NET THINK YOU'RE
WIZBONE@ELITEREDHATBOX ALL J00H GOOTA D00 IZ L1KE WH1STL3 DTMF TONES OF
THE ISP INTO THE PHONE INSTEAD OF THE MODEM DIALING IT FOR YOU! YOUR
LOCAL CO HAS A COMPUTER THAT RECOGNIZES DTMF WHISTLES, AND PROCESSES THEIR
CALLS WITH "LOCAL HOST INTERNET IP." NO BULLSHIT GUY - NO BULLSHIT! TRUST
ME I PRACTICED THIS IN DA WHITE TRASH RENTAL VAN ON MY WAY TO DEFCON!
-W1ZB0N3
[ sprey paynt technikez ]-------------------------------------------------
yah yeh yea, yo yo yo guy dis iz da ultimite chit guy, ya nohw, like fuq
guy all you gotta dew is like go to dis canadian tyre shit and pik up sum
sprey paynt and like colour yer computer cammofl0hge - tis will make your
IP appeer as a randem *.mil!
-GOOD YEAR aka Fat Fucker in our Defcon photo.
[ Peece 0ut ]-------------------------------------------------------------
W3ll 4z y0u c4n s33, w3 l34rn3d s0m3 v4luabl3 s3crets 4t d3fc0n, but
r3m3mb3r, k33p d33z wh1t3 h0t ju4r3z s3cr3t 0n the p80 s1st3mz 0r 3ls3 d1s
f1l3 w1ll b3 us3l3ss 3-nuff s3wn.
00h j34h, w3 als0 w4nn4 fuck1n 1nclud3 4n 4d f0r 0ur bus3yn3z.
____
/ / \ "HEEYYYYYYYYYYY KIDDIEZ, YOU CAN CALL ME DICK. HARDEE HAR
/ \ HAR! ANYWAYZ, ARE YOU A WHEAT FARMING BOY FROM ALBERTA
| ) WHO BEATS-NUTS 2 THE eXtReMe?! WELL, KEYBOARD COWBOY,
| O O / TIME FOR YOU TO PUT YER SORE JERKING HANDS DOWN AND PUT
\_/\__/\ THEM ON THE KEYBOARD (CUM INCLUDED) AND JOIN US AT :"
\ \
\ \ WWW.WHACKCANADA.COM
_\ \__
/__\ __ ) FOR REAL, 0-DAY PR0N (like these amazing ASCII skills
\\ _| // <----) WHICH YOU CAN CONSTANTLY KEEP IN MINT CONDITION.
\_) // NOT LIKE THE MAGAZINES YOU HAVE AT HOME STUCK TOGETHER
/ `-'\ BECAUSE OF YOUR SUPER SPIZZ!"
/ / \
/ | |
| | | ONLY $13.37 / YEAR!
| \ /
\____/ `---'
| | | |_
_| | |___) (c) "Self Portrait" by cyb0rg/asm (cYBERoRGASIM?)
(___|
[E0F]
.--[ PERL HTTP Server ]---------------.
| |
| ch4x0rzine #5 | ----------------------[ 0-d4y ]-
`---------------------------------------'
Perlerv 2.11 GNU Warez
-telex
-ch4x #5 @ www.lucidx.com/ch4x
* Please download the attatched "perlserv-2.11.tar.gz" in order to have
your personal copy of these GNU ju4r3z *
[ Contents ]--------------------------------------------------------------
Contained in perlserv-2.11.tar.gz should be the following:
perlserv.pl
Ssockets.pm
index.html
README
PerlServ 2.11 requires the latest version of Perl.
Run with the -d flag for detailed information.
./perlserv.pl -d > http.log
[ About PerlServ ]--------------------------------------------------------
The perlserv.pl script supports an extremely simple HTTP service and can
be used in various situations where a quick and easy webserver is
required. Because it has been written in perl, this server could be used
as a portable way of setting up webservers on a variety of platforms.
This server does have its limitations. PerlServ only supports GET
requests; no CGI or FORM support is currently available.
* telex is your friend.
[EOF]
.--[ Editing WinNT Registry ]---------.
| |
| ch4x0rzine #5 | ----------------------[ 0-d4y ]-
`---------------------------------------'
Editing The Windowz NT Registry (c) coffee
-coffee
-ch4x #5 @ www.lucidx.com/ch4x
[ intro ]-----------------------------------------------------------------
The Registry is a central database that is created by Windows NT during
installation. The entries in that database consist of the hardware,
software, users, and preferences data for a single computer, or any
computer on a network. Whenever the user makes changes to the Control
Panel settings, File Associations, System Policies, or installed software,
the changes are reflected in the Registry. Like, back up your Registry, if
you fuck shit up you will be sad and you will cry like a baby. Like, NT is
a growing force which you need will to school yourself about. Some might
say you shoudn't bother, that all you need is to know about UNIX based
operating systems, HEH, if hear you someone say that rip off their arms
and let them feel real pain.
[ registry edit0r ]-------------------------------------------------------
You can find the Registry Editor in your system dir. Copy that onto a
backup disk if it pleases you to do so. For future reference you need only
choose Run|Regedit if you only want to run the program. Once Regedit is
open you should see My the six HKEY folders.
As your tool of control over your NT environment, you will have to know
Regedit intimately. There is no point being in the driving seat if you
can't use a steering wheel, and there is no point getting into a car if
you don't know how to turn the keys. Fuck sake, just step away from the
car!! Err, enough with the confusing metaphors. Below is an extract from
a Windows NT help topic.
[ Overview Of Registry Editor ]-------------------------------------------
Registry Editor is an advanced tool that enables you to change settings
in your system Registry, which contains information about how your
computer runs. Generally, it is best to use Windows controls to change
your system settings.
You should not edit your Registry unless it is absolutely necessary. If
there is an error in your Registry, your computer may become non
functional. If this happens, you can restore the Registry to its state
when you last successfully started your computer. For instructions, see
Related Topics below."
As you can see it is the usual bullshit from the bureaucrats at
Microsoft. I think what they are really trying to say is that if you
start fucking with the Registry you have passed the point of no
return. Warning lame users off from things that might get icky is a
sort of Microsoft trademark. They are safe in the knowledge that their
half assed assessment of Regedit will frighten most people away. The
most key utility to controlling your NT box is hidden away with no
shortcuts and a whole nine lines devoted to describing it, most of
which fits into the Microsoft play-it-safe agenda.
[ hkey structure ]--------------------------------------------------------
[ Hkey_Classes_Root ] -- [ Hkey_Current_User ] -- [ Hkey_Local_Machine ]
[ Hkey_Users ] -- [ Hkey_Current_Config ] -- [ Hkey_Dyn_Data ]
[ hkey explanations ]-----------------------------------------------------
[1] Hkey_Classes_Root
This key points to a branch of Hkey_Local_Machine that describes certain
software settings. This key contains essential information about OLE and
drag and drop operations, shortcuts, and core aspects of the NT GUI which
we all think is so pretty =).
[2] Hkey_Current_User
This key points to a branch of Hkey_Users for the user who is currently
logged onto the system. Sort of like the equivalent of the Unix who
command but not really.
[3[ Hkey_Local_Machine
Contains computer specific information about the type of hardware,
software, and other preferences on a given PC. This information is used
for all users who log onto this computer. The data is stored in machine
code. The software side often includes the serial keys for products you
have registered and sometimes encrypted passwords.
[4] Hkey_Users
This key contains information about the users that log onto the computer.
Both generic and user-specific information is used, and each user who
uses the system has their own Subkey to accompany the .pwl file in your
system dir. The .pwl file contains the password data whilst the specified
Subkey contains all other information.
[5] Hkey_Current_Config
This key points to a branch of the Key Hkey_Local_Machine \Config that
contains information about the current hardware configuration. It is
updated when you use the Add New Hardware program.
[6] Hkey_Dyn_Data
This key points to a branch of Hkey_Local_Machine that contains various
bits of information regarding the System's Plug and Play configuration.
This information is DYNAMIC, meaning that it may change as devices are
added to or removed from the computer.
[ hkey explanationz ]-----------------------------------------------------
The thing about the Registry is that although Microsoft lean on it to keep
NT sharp, they are more dependant on it than you might realise. I mean
that they utilise it the running of other Microsoft products. Internet
Explorer for instance. Although it has been said that it is an integral
part of Windows. Microsoft were taken to court about it. The insides of IE
are stored in the Registry, including their Internet Options. I have read
Usenet posts about reg keys that lower the security zone in IE or enable
Java and other malicious shizz. Take for example the password encoded
censor Content Advisor Ratings. If any of you twelve year old code kidz
want to disable their censors, stopping you from downloading a shit load
of porography, find the below key in HKEY_LOCAL_MACHINE.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\Key
Now just rename Key to something else e.g. KeyFucked. The next time the
Content Advisor Ratings are running the system will not be able to find
the key it is searching for. Yay. They key actually contains the
encrypted password information. I'm sure you can already think of ways
that this might be useful. If you are interested in this topic I suggest
you do research on algorithms. A very interesting topic.
[ hidden sharez ]---------------------------------------------------------
You must have seen the hype concerning all those dumb trojans. Any guy off
the street could own a Windows box, am I right? Well anyone who has ever
had to remove a nasty proggie will know where the server implants itself,
the Registry. For the trojan to function 24/7 it needs to initialise every
time NT starts up. Now I don't think Back Orifice would have been quite as
popular if it required you to place a shortcut in the Startup folder or a
line in win.ini.
You can create the lame trojan effect with a Registry key that uses the
DOS prompt as the client for controlling the target computer. This works
by connecting to shares. Shares are what Windows uses to share resources
from computer to computer. The NetNinja Setup trojan creates the C$ admin
share in HKEY_LOCAL_MACHINE.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan\C$
This will assign the remote shared drive to the next available letter on
the user's machine and grants full read/write access. When run, the Setup
trojan creates a hidden share of drive C: and it places four entries in
that key as follows.
"Flags"=dword:00000302
"Path"="C:\\"
"Remark"=""
"Type"=dword:00000000
Two things cause the share to be invisible. The "$" at the end of the
name hides any share from the NET VIEW command and to Net Watcher's
shared folder listing. The Setup Trojan can be downloaded from:
https://www.netninja.com/files/SetupTrojan.zip
[ registry programming ]--------------------------------------------------
Now, before I start I must say that there really is no such thing as
Registry programming as such. Well, not for ordinary users. Although we're
not about to code Win32 API functions, better to take the messy approach,
pacthing code and sticking it in. Similar to patching hex or binary
because if you move one space or character out of place then the
executable will dysfunction, no questions asked. It is important to
understand this.
However editing your Registry is easier because it's values are often
represented by real words and the more you look at and change keys, the
more you will recognise things that repeat. Sort of eqivilant to a higher
level programming language. Of course, the reason that actaul reg keys
onn their own don't equate to a programming language is because there is
only similarities, never defined code. They use all sorts of values as
well such as binary, hex, hexadecimal etc. Open up all reg keys in Wordpad
and save new ones in Wordpad. It is important you use Wordpad and not any
other text editor, because you need the formatting it uses. DOS Edit will
fuck your shit up big time.
Below is a reg key which opens up all files with an unrecognised file
extension with DOS Edit. Instead of opening the Open With dialog box
you will be brought straight into DOS Edit to view the files. This is
handy for viewing files made in Unix with no extensions. Note the
Registry definition "ASCII Viewable Document" which means a text file
"Content Type"="text/plain". Of course if you have ever fooled around
with DOS Edit before you will notice it doesn't support executables.
This means if you use it to open a .exe file it will represent it in
text as best as is possible. This key also ties defines .nfo and .diz
as plain text file types. This is handy because although they are
famous file extensions they were not created with any text editor in
mind so this reg key tells the system they are text files without
having to reformat them with a fixed text editor.
[ dosedit.reg ]-----------------------------------------------------------
REGEDIT4
[HKEY_CLASSES_ROOT\asciifile]
@="ASCII Viewable Document"
"EditFlags"=hex:00,00,01,00
[HKEY_CLASSES_ROOT\asciifile\Shell]
@=""
[HKEY_CLASSES_ROOT\asciifile\Shell\open]
[HKEY_CLASSES_ROOT\asciifile\Shell\open\command]
@="edit.com %1"
[HKEY_CLASSES_ROOT\asciifile\DefaultIcon]
@="C:\\WINDOWS\\SYSTEM\\shell32.dll,64"
[HKEY_CLASSES_ROOT\.diz]
@="asciifile"
"Content Type"="text/plain"
[HKEY_CLASSES_ROOT\.nfo]
@="asciifile"
"Content Type"="text/plain"
[ extracting data ]-------------------------------------------------------
#! c:\perl\bin\perl.exeuse
# now we will take a look at some registry data
# here is an example of a perl script
Win32::Registry;
$p = "SOFTWARE\\Microsoft\\Windows
\\CurrentVersion";
$main::HKEY_LOCAL_MACHINE->Open($p, $CurrVer) ||
die "Open: $!\n";
$CurrVer->GetValues(\%vals);
foreach $k (keys %vals) {
$key = $vals{$k};
print "$$key[0] = $$key[2]\n";
}
[ extracting data ]-------------------------------------------------------
As anyone who is experienced in using the Registry will tell you, the
Hkey_Local_Machine directory is the key to controlling your Windows
box. Its he big cheese so to speak. Here is a brief rundown of its
standard Subkeys and their functionality.
--> /Config [ A collection of configurations for the local ]
[ computer. ]
--> /Enum [ Info on the system's installed hardware devices. ]
--> /Hardware [ Info on the ports and modems used with ]
[ hyperterminal. ]
--> /Network [ Info created when a user logs on to a networked ]
--> /Security [ Info on network security and remote ]
[ administration. ]
--> /Software [ Info about software and it's configuration on ]
[ the system. ]
--> /System [ The database that controls system start-up, ]
[ device driver loading, Windows NT services, and ]
[ OS behaviour. ]
______ ____ ____ ____ ____ ____
/ ____/ / __ \ / __/ / __/ / __/ / __/
/ / / / / | / /_ / /_ / /_ / /_
/ / / / / / / __/ / __/ / __/ / __/
/ /___ / /_/ / / / / / / /__ / /__
\____/ \____/ /_/ /_/ /____/ /____/
shouts to [ch4x] [fr0g] [niscii] [franco] [fungii] [xit] [xinu] [mousey]
[winston] [hitman] [zomba] [force] [crypt0genic] [rekcah] [iga]
[ego] [freeman] [regan] [zirqaz] [d_l0rd] [adnan_c] [darkcyde]
[EOF]
.--[ COKE MACHINE HACKING 101 ]--------.
| |
| ch4x0rzine #5 | ----------------------[ 0-d4y ]-
`---------------------------------------'
HOW TO GET QUARTERS OUT OF COKE MACHINES
BY THE ONE AND ONLY
RADEAD
WELL I KNOW IT'S BEEN 5 MONTHS
SINCE I SAID I'D MAKE THIS FILE
AND IT'S FINALLY HERE, THE WAIT
_IS_ WORTH IT!
ON TO THE GOOD STUFF!
THIS IS A COKE MACHINE:
I--------------------I
I I
I I
I I
I I
I COKE I
I X I
I I
I I
I I
I I
I -- I
I I
I____________________I
COKE = WHERE IT SAYS COKE
X = WHERE YOU STICK THE $$$ IN
-- = WHERE YOU GET YOUR $$$ BACK
SO NOW YOU KNOW HOW THE MECHANICS
BEHIND HOW A COKE MACHINE WORK!
SO HOW DO I EXPLOIT IT?
WELL, I AM GLAD YOU ASKED!
SEE ON ALL MODERN COKE MACHINES
(THE ONES WITH THE FLAT FRONT)
THERE'S A LITTLE "HOLE" NEAR THE
BOTTOM RIGHT CORNER OF THE
MACHINE!
I--------------------I
I I
I I
I I
I I
I COKE I
I X I
I I
I I
I I
I I
I -- I
I I
I____________________I
^
I
I
I
WHERE "HOLE" IS
THIS IS WHERE THE MONEY IS KEPT@!!
WHAT YOU GOTTA DO TO GET IT OUT, IS TO
STICK YOUR LITTLE FINGERS UP THERE
AND PULL LIKE THERES NO TOMORROW!
IF YOUR FINGERS GET STUCK THAT MEANS
THERES LOTS OF MONEY IN THE MACHINE AND YOU
GOT A BIGGER SCORE!
KEEP PULLING AND EVENTUALLY THE LITTLE BAGGY
IN THERE WILL COME OUT AND YOU'VE
GOT YOUR CASH!
IF THAT FAILS, THERE IS ANOTHER METHOD
WHICH MAY BE USED
ON A COKE MACHINE THERE ARE SIDES THAT
YOU CAN HOLD ONTO TO ROCK IT
I--------------------I <-SIDE
I I OF
I I COKE
I I MACHINE
I I
I COKE I
I X I
I I
I I
I I
I I
I -- I
I I
I____________________I
SIMPLY GRAB BOTH SIDES AND START ROCKING
THE COKE MACHINE FORWARD AND BACKWARD!
EVENTUALLY COKES AND MONEY WILL START
FLYING OUT! THE FURTHUR YOU ROCK IT
THE MORE MONEY/COKE COMES OUT. JUST DON'T
LET ANYONE CATCH YOU!
WELL THATS ALL FOR NOW, YOU'LL ALL PROBABLY
GET REALLY RICH FROM THIS INFO,
SO HAVE PHUN AND DON'T KILL YOURSELF!
I HOLD NO RESPONSIBILITY FOR ANY ACTIONS
TAKEN AFTER READING THIS TEXT
FILE.
DJ
RADEADY
DownloadeD from the
----------------------
IAnciENT ToMB BBS@!!!I
I I
I2 nodes! 300 bps! I
I I
I(416)too-bad-for-u I
I____________________I
[EOF]
.--[ DMS And Bluebox Prevention ]------.
| |
| ch4x0rzine #5 | ----------------------[ 0-d4y ]-
`---------------------------------------'
[Son, what?]-------------------------------------------------------------
"I bust more guns then a vietnam vet, but im legit. Straight as a board."
./ di9ital@sekurity.net ./
This file is dedicated to my gH crackerjacks - making bootleg liquor on a
sunday night
[Intro]-------------------------------------------------------------------
y0y0y0, l0v3 t0 s1t at h0m3 and talk t0 th3 h0t s3xy paraguay lad1es???
Th1nk aga1n b1gb0y!$!
This file describes the Blue Box Fraud Detection feature within the DMS
(Digital Multiplex System) family of switches (so y0u sexy b0ys dont cry t00
hard when the police slam s0me cuffs 0n y0u).
[Blue?]----------------------------------------------------------------------
A 'blue box' is defined as any device connected to a subscribers
phoneline that can prodouce both a 2600 Hz tone and
multifrequency(MF)digits.
[Description]----------------------------------------------------------------
The Blue Box Fraud Detection feature works by discovering the fraudlent MF
signaling over Centralized Automatic Message Accounting (CAMA) and
SuperCAMA trunks. It does not detect fraudulent signaling over Traffic
Operator Position System (TOPS) trunks. The feature can alert the telco of
a fradulent call attempt and either allow billing to be made for the call
or disconnect the call (described later).
NOTE: The feature detects the fraud MF singaling but does not detect the
SF (Single Frequency that is) pulsing
The feature allows the DMS-200 to perform fraud detection functions:
* test for fraudlent calls
* record fraudulent calls (voice/actions) - 0h shugar$!!!
* cut or continue the fraudulent call
[Process]--------------------------------------------------------------------
To the switch (and telco), a fradulent call is taken place when the
perpetrator (yes thats you ace) performs two steps:
1. A normal call is placed to a Single Frequency (SF) trunk beyond his or
her billing office.
2. The fraudulnet call is placed. This call uses the SF trunk seized for
the original, normal call.
-The perpetrators billing office does not detect calls placed with a blue
box, hence the term 'blue box fraud'
The diagram below describes how a perpetrator -initiates- a fradulent call
____________ _____________ WINK
| | | | <---------
[1]----|---->| END OFFICE |----[2]---->| CAMA OFFICE |---------->
| |____________| | (DMS-200) | OUTGOING TRUNK
____|___ |_____________|
| |
|BLUE BOX|
|________|
[1] - normal call placed (say, 1 800-463-3796)
[2] - end office sends dialed digits to the CAMA office
CAMA office recieves the data from the End Office and seizes an outgoing
trunk. The Office at the far end of the trunk (dialed number) 'winks' in
response and the CAMA office sends the called digits for this normal call.
NOTE: No fraud has taken place, youve just dialed a number.
***The 'wink' is sometimes audiable, sounding like a little chirp or beep***
[Testing]--------------------------------------------------------------------
It is this wink (as described above) that triggers the dms-200 to start
testing the call. The diagram below shows how the DMS-200 prepares to test
for a (suspected) fraudulent call.
________
| | |
|BLUE BOX|----->|
|________| |
|
|
____|_____
| |
| |
|END OFFICE|
| |
|__________|
|
CAMA| broadcast ______________
TRUNK|----[1]----| reserved MFR |
| connection|______________|
_____|_____ |
| | |
| | |
|CAMA OFFICE|<-------------|
| DMS 200 |
|___________|
|
OUTGOING| |
TRUNK| |
| |WINK
| |
[1] - The DMS-200 establishes a broadcast connection from the suspect CAMA
trunk (y0u) to a MF (Multi Frequency smart man) receiver (MFR) as
designated in the feature setup (described later). These reserved MFR are
not available for standard call processing.
After the MFR is attached, the DMS-200 waits for one of the following
events:
[MFR Timeout]
This is the time to detect fraudulent MF digits has expired.
Responce: Release the MFR - assume no fraud has taken place
[Call Failure]
Mutilated digits detected by the MFR. Several things could cause this.
Call may have been released
The pepetrator may be usuing SF pulsing
Responce: Release the MFR - assume no fraud has taken place
[Digits]
A fraudulent set of called digits has been recieved.
Responce: Use Automatic Message Accounting (AMA) Event information.
Flag the call as a bluebox call. Release the MFR. If the 'CUT' option
has been specified in the feature, disconnect the call (described later).
The DMS-200 will preform these functions after detecting a fraudulent
call:
If the 'CUT' option was not activated, replace the original digits in the
buffer with the fraudulent digits (from MFR).
!!!- If you place more then one fraudulent call, only the last call
appears in the buffer -!!!
[Cut? Continue?]
As mentioned above, there are two options for kids like us.
Either 'CUT' or 'CONTINUTE' the badboy bluebox call.
[CUT]
To cut the call the DMS-200 will preform these actions:
-Release the MFR
-Release the conntion between the originating and terminating agents of the call
-processes the AMA info - 0hgn0!$!
-deallocates the terminator
-sets treatment for the originator (thats you ace)
[CONTINUE]
If the cut option was not specified with the feature (described later) the
DMS-200 releases the MFR and the call continues. The perpetrator is billed
on the fraudulent digits.
When the subscriber disconnectes the call, the system generates a log and
turns off the alarm if the ALARM option was specified (described below)
[Interface]---------------------------------------------------------------------
**(The following assumes you have atleast a small idea of how to use the
MMI coresponding to a DMS switch)**
The feature is activated by a CI command. The same command is used to get
the status of the feature. The following describes the syntax for the
feature.
The 'core' command is: BLUEBOX
variables with the BLUEBOX command are as follows:
ACT - Activates the feature with the specified number of MFR to be set
aside
CLR - Deactivates the command, returning the MFR to the common pool
nmfr - specifies the number of MFR to be reserved (range: 1 though 3) -
default
number of MFR is 1.
timeout - specifies the number of seconds the MFR will wait for fraudulent
digi$(range 5 though 35) - default is 30.
ALARM - specifies if an audible/visual alarm will be generated when a blue
box
call is detected.
CUT - Specifies that the fraudulent blue box calls will be disconnected.
If thisis not specified, the call will continue.
Command Format:
BLUEBOX ACT/CLR [NMFR] [TIMEOUT] [ALARM] [CUT]
[Examples]
In order to see if the feature is active on the switch you would simply
input
the following:
> BLUEBOX
You will receive some k-rad1cle mumbo jumbo like this:
Blue box Fraud Detection Feature Status:
Inactive.
The smart frame techs didnt finish thier mail-in colledge
telecommunications degree when getting bum bum sex from thier cellmate
'magic' in the don jail.
-[1]-
To activate the Blue Box Fraud Detection Feature with default parameters
you would enter the following:
> BLUEBOX ACT
It best give you this message:
Blue Box Fraud Detection Feature Status:
Active
1 MFR reserved, timeout set to 30 seconds.
Done. You've activated the feature.
-[2]-
To activiate the feature with 5 MFR reserved, A timeout of 30 seconds,
Alarm and cut the call you would input:
> BLUEBOX ACT 5 30 ALARM CUT
System will give you this responce:
Blue Box Fraud Detection Feature Status:
Active
5 MFR reserved, timeout set to 30 seconds.
Detection will report alarm.
Detection will cut off call.
-[3]-
To disactivate the feature simply input:
> BLUEBOX CLR
the system responds with:
Bluebox Fraud Detection Feature Cleared.
[EOF] - di9ital@sekurity.net - [(c)di9ital 1999]
.--[ Conclusion ]----------------------.
| |
| ch4x0rzine #5 | ----------------------[ 0-d4y ]-
`---------------------------------------'
Well, here we are ; the end of another ch4x0rzin3. I hope you enjoyed
reading! Whoa, did #5 ever take a long time! Not really, considering a
lot of the shit that has gone down! Unfortunately, I was not able to
release any of my articles for this version of ch4x0rzin3, however, I WILL
release at least two articles for ch4x #6. Let me warn you, these
articles will be 0-day! I would have released them, but my tight schedule
restricted my amount of time for my hobbies.
Anyways, I hope all you other groups, etc. did not take anything I said
towards you seriously. HEH. Its just my style. I'm profound, so I
usually say shit which I have no real feelings towards, yet is just said
to make people think "Fuck, dr. demos has been smoking too much of crazy
J's rasta plant!"
Lastly, I think I will release ch4x0rzin3 #6 as of October! Hope to see
you then, and quite possibly on our OWN 24/7 connection!
-demos