"I got the profound sound hitting the underground like my graffiti skrawl infiltrating the subway tunnel walls as fast as hoes raiding malls peeping studs with shaved balls." -mcSQUARED, toronto. ch4x0rz1n3 # 5ive : summer, 1999 - August. - werd up! them federals got my house and my phone tapped - #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 _______________ ._______ _____ _________ ____ ./ D /./ E /. / M /./ O ` S \. / ! /. ./ _______ /./ /. / /_/ /\ \./ /. ./ /. / /./ /______ /..\ X /. .\ \ . \__/./ /_ /. .\ \. .\ \_________/ ___ /./ /. ./ X \. .\ /. / /./ /. ./ /.\ \. .\_______________/. /____/./_____/. ./____/. \_____\. aSCiI by demos #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 #5 - praying that i fall for their mouse trap - I DOUBT THAT - ch4x0rz1n3 number 5.416313372600666-0d4y.txt * The one and only MEGA 'zine from Toronto * /:La table des contents (I dropped French in gr. 11):\ ---------------------------------------------------- 1. IRC Logs, Anyone? 2. Getting even with Bell Canada : korben 3. h0w t3w sp00f y0ur 1p : hackcanada.c0? 4. PERL HTTP server c0d3 : telex 5. Editing Windows NT Registry : coffee 6. GETTING QUARTERS FROM COKE MACHINES : radead 7. DMS 100 and BlueBoxing Prevention : di9ital 8. Conclusion : demos ch4x members that bring you the juarez |------------------------------------------| | demos coffee buz | | faceman telex radead | | korben hexnix di9ital | |------------------------------------------| [ what is ch4x ? ]-------------------------------------------------------- ch4x : canada h4xor, canadian h4xors ; writers of ch4x0rz1ne - an online periodical devoted to spraying the l4x. "spraying the l4x" : A term used in mcSQUARED's rap. Also, the process of talking shit, having fun, and spreading information. Remember, l4xatives cause servere bowel movements. People who host us / where to find us : www.lucidx.com/ch4x www.t00ned.org/ch4x http://ch4x.dhs.org (will be up soon) IRC, EFnet : #ch4x music : "When I make the girls wet, they're like hose" -mcSQUARED, mix mast0r mike, DJ Qbert, circle research, wax manipulatorz, rawkus records, monolith, company-flow, CHIN, CKLN, CIUT, puff daddy 2000, backstreet boys, sonny & cher. beverages : windex, rubbing alcohol, varnish, toronto tap water in the summer time. ladies : > 500 pounds, moustache, beard, smoker, must be manager of an Arbys restaurant, or an employee of Coffee Time working the midnight shift who gives us free donuts. [ w0rd up goes out to ]--------------------------------------------------- hexnix, mojo, neural, majestic_12, jenzza, backardi, packetstorm security, z28-, b4b0, telex, ninex.com homiez, #9x, lucidx.com, CommPort5, substance, gob, dap, shamus the crazy ass bum who helps me sell mustard and relish packets on the street corners, all superficial teenie-bopper bimb0ez who i dont wanna gn0wez, skeptik, badsector, m4x1m, icephreak, kernel (toronto), son-doobi, ninjalicious and the whole infiltration.org team, all #ch4x regulars and supporters, elux, the 8 year old kid i seen at the Canadian National Exhibition wearing an "INTERNET CYBER 2000" shirt, circle research & household insomnia for keeping Toronto hip-hop alive - mondays 12am-5am 100.7 FM. [ uh, fuck you ]---------------------------------------------------------- all #conf fucks who feel that somehow throwing a conference everyday prooves how skilled they are, #toronto morons who feel that they can actually mack these so-called "girls" (who we all know are 13 year old boys whacking off to their cyber sex logs), #toronto fools who think they're elite because they're running Red Hat (which they read about in "Toronto Computes" - the magazine entitled to reviews on Netscape plugins, etc.), suburban kids who think they're all political / intelectual when they discuss issues such as Toronto's homeless when ironically enough, the homeless would tell them to fuck off if they approached them! I hope you get the low down on rather ch4x would like you or not. OK OK, so i dont know all the people I might have listed here, but its the impressions i get from those who ruin it for them which cause me to throw out such a high volume of disrespect. [ Whats New ]------------------------------------------------------------- Welp here I am, masta demos - your new editor/producer/pr0n-king for ch4x0rz1n3 due to phaceman's recent vanishing off the bremeuda triangle. Well, welcome to the long awaited ch4x0rzin3 #5. I have to thank all the new people hanging with us, and making the zine even more possible with their support! I've been really busy, so I have not been able to write any articles, however, I do promise at least two good articles for ch4x #6 - October 1999. Anyways, it is now time to sit back, relax, and get jiggy with IT. "IT" being your hand covered with the KY Jelly you stole from your momma'z yeast infection prevention/remedy kit. [EOF] .--[ IRC Logs, Anyone? ]--------------. | | | ch4x0rzine #5 | ----------------------[ 0-d4y ]- `---------------------------------------' [13-Sep:22:44 fib] why would you tell THE MEDIA? [13-Sep:22:44 demos] because [13-Sep:22:44 BadSect0r] change you i to an e [13-Sep:22:44 demos] we wanna look elite [13-Sep:22:44 BadSect0r] fed [13-Sep:22:44 demos] like 2600 [13-Sep:22:45 fib] (the answer: to be big rock stars) [13-Sep:22:45 fib] which you aren't [13-Sep:22:45 demos] ok [13-Sep:22:45 demos] then why you following us like a horny 14 year old girlie? [13-Sep:22:40 demos] DONT FIGHT [13-Sep:22:40 Z28`-] cause i said [13-Sep:22:40 demos] I PRESUME WE ALL HAVE PUBES [13-Sep:22:41 demos] SO WHY WE ACTING LIKE WE DONT? [13-Sep:22:41 BadSect0r] what are pubes!@#!@#!!!!@#??? [13-Sep:22:41 demos] doud [13-Sep:22:41 Z28`-] 'Would the montreal gazette be interested in some **exclusive* information or interview concerning the recent ****** hacks.' [13-Sep:22:42 demos] those little white hairs that are growing on our dinkeys. [13-Sep:22:42 BadSect0r] hah (please note that during this time on irc, my nick-name was "cock-girl") brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* hey whasup? *brwnguy* hi *brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* hows it going? *brwnguy* not bad *brwnguy* you like white slut girls? *brwnguy* i love brown cocks. *brwnguy* they're just like white cocks when they come out my ass. *brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* yea...well...I've only had nice white cocks.. *brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* after I've been a nice white cunt... *brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* so how old are you? *brwnguy* 15 *brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* wooo...I think it would be illegal for me to talk with you like that... *brwnguy* well, you can get me nice and drunk and i wont remember a thing. *brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* oh yea...you done that before?? *brwnguy* i always do it with older guys. no white guys though, they have small dinkeys *brwnguy!hmm___@ppp-001.m2-1.cor.ican.net* yea....you liek the brown throbbing rods huh? ;) *brwnguy* yes, i do....can i have your phone number? im getting really horny here. [22-Aug:15:50 dr_phace] man i have cray-ZEE greens right now [22-Aug:15:50 demos] DOOOOOOOOOOD [22-Aug:15:50 dr_phace] and a whole fux0ring quarter of it too [22-Aug:15:50 demos] I GOT GREENZ TOO [22-Aug:15:50 dr_phace] which should last me until friday at least [22-Aug:15:51 demos] UNDERWEARS THAT IS [22-Aug:15:51 dr_phace] dude [22-Aug:15:51 dr_phace] your scarboro cess is no comparison [22-Aug:15:51 dr_phace] rofl [22-Aug:15:51 demos] sess *** [18-Aug:13:48] Joined #teenchat: {Mpty} [18-Aug:13:48 GreenEyed] ....... [18-Aug:13:48 goodboy] linux you male or female [18-Aug:13:48 demos] TEENIE BOPPERS - DO YOUR MOMMIES GIVE YOU QUARTERS TO PLAY VIDEO GAMES, TEENIE BOPPERS? *** Channel #jews created on Wed Aug 11 03:58:47 1999 EDT [18-Aug:13:50 demos] Hey guys. whats up? [18-Aug:13:50 demos] <--Alfred [18-Aug:13:51 demos] E Neuman, that is. *** Channel #phrack created on Fri Aug 13 04:28:15 1999 EDT [18-Aug:13:52 dem0z-] Hey, tell route im going to fucking sandpaper those gay tatoos of his off [18-Aug:13:52 dem0z-] for raping my sister [18-Aug:13:53 dem0z-] fuck that, hes getting the cheese grater. *** [18-Aug:13:53] Kicked from #phrack by Antietam (Antietam) *** Channel #phrack created on Fri Aug 13 04:28:15 1999 EDT *** [18-Aug:13:54] Mode on #phrack by Antietam: +b *!*@*.idirect.com [18-Aug:13:54 dem0z-] and Juliet, you fat fucking bitch....go fry some KFC with the grease from your nose *** [18-Aug:13:54] Kicked from #phrack by Antietam (strike three) *** #phrack Sorry, cannot join channel. (Banned from channel) *As we can see, this Antietam cat is quite the mad jokester* [02-Sep:23:04] * Optel is away: Going to payphone to provision best friend's phone line ;) [02-Sep:23:04] -> *hexnix* for the flex on the four 57, yes [02-Sep:23:04 hexnix] what a loser [02-Sep:23:04] *hexnix!hexnix@24.66.0.49.on.wave.home.com* wtf? [02-Sep:23:04 demos] HAHHAHAHAHHA [02-Sep:23:04] *hexnix!hexnix@24.66.0.49.on.wave.home.com* flex on the 457? [02-Sep:23:04 demos] thats going in ch4x 5 [02-Sep:23:07 Optel] What did the Bell reject (aka entourage employee) say to the Bell technician?: That tech across the road sure if a bitch...but she has nice cocots! [02-Sep:23:08 demos] "if a guy steps on yer puma, just let it sliiiiiiiiide" [02-Sep:23:08 hexnix] entourage? [02-Sep:23:08] -> *hexnix* wtf is this optel guy saying? [02-Sep:23:08] *hexnix!hexnix@24.66.0.49.on.wave.home.com* he is quite the nerd [02-Sep:23:08 hexnix] WTF did you just say? [02-Sep:23:08 Optel] anyway, i'm going to a payphone.. I need to service provision the telephone network (the way I like it =)) [02-Sep:23:08 Optel] and root my friend's line [02-Sep:23:09 hexnix] you must be quite the cool cat [05-Sep:01:48 fib] packetstorm is busted [05-Sep:01:48 demos] busted, eh? [05-Sep:01:49 demos] is that what you guys call it in #glitterglam? [05-Sep:01:49 fib] antionline threatened legal action and his archives were deleted [05-Sep:01:49 fib] packetstorm.harvard.edu was going to be the new one [05-Sep:01:49 fib] but that's not working either [05-Sep:01:49 Hawx] hey >DEMOS< who do you think is the best hacker in here [05-Sep:01:49 Hawx] ???????????? [05-Sep:01:49 Hawx] ???????????? [05-Sep:01:49 Hawx] ???????????? [05-Sep:01:49 telex] demos: securify.com/packetstorm [05-Sep:01:50 demos] hawx : best hacker here = buz [05-Sep:01:50 demos] buz once moved the location of mars with his skillz [05-Sep:01:50 demos] telex : thanks. [05-Sep:01:50 Hawx] cool [05-Sep:01:50 Hawx] where did he move it? [05-Sep:01:50 demos] Earth. [05-Sep:01:53 fib] does chax release any 0day juarez? [05-Sep:01:54 demos] yes [05-Sep:01:54 demos] #5 is out soon [05-Sep:01:54 demos] so wipe your sisters poon poon [05-Sep:01:54 demos] in the mean time, that is. [06-Sep:04:14 g1r|] if u fucked all satellites [06-Sep:04:14 g1r|] u could make em read that it is [06-Sep:04:14 g1r|] but they would catch ya [06-Sep:04:14 g1r|] cause they all run by diff pewps [06-Sep:04:14 g1r|] and ud have to go all round world [06-Sep:04:15 demos] girl : if you fucked all satellites, you would have many scrapes on yer cockaroo, or a wide pussy hole. [06-Sep:04:18 demos] dude [06-Sep:04:18 demos] when i grow up [06-Sep:04:18 demos] i wanna be into the heavy metal scene [06-Sep:04:18 di9ital] when it is just a green backround [06-Sep:04:18 demos] and have a van [06-Sep:04:18 di9ital] with some ferns [06-Sep:04:18 di9ital] to look like a jungle [06-Sep:04:18 demos] with an airbrused mural of [06-Sep:04:18 demos] naked women with snakes wraped around them [06-Sep:04:18 demos] v-shaped guitars [06-Sep:04:19 demos] viking muscle men with swords [06-Sep:04:19 di9ital] HAHAHH [06-Sep:04:19 di9ital] LOL [06-Sep:04:19 demos] heh [06-Sep:04:19 di9ital] those dogs with chains on their necks [EOF] .--[ Getting Even With Bell.Ca ]------. | | | ch4x0rzine #4 | ----------------------[ 0-d4y ]- `---------------------------------------' Getting even and fux0ring with Bell Canada -Korben. -ch4x #5 @ www.lucidx.com/ch4x Disclaimer: This article deals with Severe terrorist acts. I nor Ch4x agree with such acts and would never do them, nor have ever done this in the past. We cannot be held responsible for any actions you may take after reading this. Nor can we be held responsible for any information in this text. So Be It. Holy fuck man. Wheres the Fucking 10 cents a minute when youre calling from a fucking payphone. I recently visited Collingwood, an area 2 hours away from Toronto and it costs me $3.30 a MINUTE worth of N-ACTS tones to call home. Like WTF? It's 2 hours away. It should be fucking local or some shit. Ok i understand, calling Vanuatu (Island in south Pacific) costs 10.55 a minute from a payphone. I understand it has to go through the satellite and shit like that but a 2-hour drive? 3.30 a minute? Fuck That. Fuckin' Bell Canada thinks they've got it made. They charge way too much money for long-distance calls, three-way calls and regular service. Like fuck that. Im paying 72$ a year (6$ max a month) for three way calls. A service which costs Bell $0.00 to perform. Dont forget the $360 bux0rz per year for regular service. So you say, "What can I do?" Rob a fucking Remote. [ Whats a remote ]-------------------------------------------------------- A remote is a small switch setup in residential areas or commercial areas to switch small areas and alleviate pressure off the DmS-100's. They are little huts about the size of a hotel room. Usually smaller. You'll see them on the sides of roads, in fields, behind houses, basements of skyscrapers, in the back of your local Pizza Pizza. (Really!). They will often have a DMS-1U box or two out front with some heavy duty fone wires connected off a pole. [ What's in a remote ]---------------------------------------------------- Item List Retail Value Street Value 2 Vista 350 Meridian Phones $200-300 each $20-50 maybe 1 Switch (Usually DMS-10 or $5000-20000 $0 RSC systems) Switch Manuals $20-50 $0 -Power Maintenance -System Commands -Hardware Support Switch Configuration Sheets $0 $0 List of other Remotes!@! $0 $1 Robbing a remote does not get you very much profit. Maybe a free fone. Move to next section. [ How much does it cost Bell if I destroy a switch ]---------------------- $ 2 Vista 350 Meridian Phones 500 1 Switch 10000 Wiring from outside into Switch 500 Technicians Pay to repair fone service 2000-3000 $24 per hour * 10 hours day + Bonus for Emergency and middle of night. For 5 Technicians Repairing damages to Internal building 3000 Wasted money in a Security Audit into finding no one responsible 5000+ Days without fone for residents in area 1-2 Damages to company from Suing residents ??? ----- Total- $21,500 Now. Remember. I have never done this and never will do it. Probably. This is just a way to repay Bell for all the great things its done for you. btw.. This is NOTHING in DAMAGES compared to the same thing if you did it at a CO. In a CO. You could create more than 1 million dollars damage. [ What shall I bring? How do I destroy a switch ]------------------------- First, bring along a baseball bat, an axe, boltcutters(Optional), some Gasoline some matches and a lot of nerves to be willing to do this. Enter the Remote. Take the Vista Phone. Use your axe to destroy the pipes and wires by the entrance door which lead to the fire alarm button. Smash it good. Smash through the wires leading to the switch. Now take the baseball bat and hammer away at the switch. Remember, You'll prolly want to cut the power to the switch first. Sometimes there is a backup generator there also. Smash that well. Before you take the gasoline and light the place up. Go to the fence and make sure there is a safe get away hole because that place will light up faster than Cliff Zarudny's cock looking at a naked 5 year old boy. Use the bolt cutters to cut a hole in the fence. Now go into the remote and pour the gasoline all over. Now take the matches. And toss one in and run run run! If you want there to be no evidence, stay in there as well. And let the fire burn the evidence in its entirety. hhahaha. Actually dont do that. One less enemy of Bell Canada is a bad thing. Yeah, make sure you get out quickly or dont light the thing up at all. If youre not gonna light it dont pour gas because even if it would be funny to have a Bell tech get toasted in there. That is not funny. No deaths. Death is not good. Remember that, next time you think you're gonna get on the news because Vandalism for a young offender is one thing. Murder is quite another. Be cautious. [ How do I get into the Remote ]------------------------------------------ Well, there is a barbed wire fence surrounding this small building and there is a simplex(Combination), 5 digit passcode doorlock on the door. Getting that info is up to you. For us K-R4D l337 olsk00l b0yz from ch4x this is no problem. Except the fact that Bell keeps giving out the wrong passcodes accidently they are so unorganized you might get the right code. You might not. If you have no life. Sit across the road for 1 week and watch the techs go in and out the passcode will be 5 digits with 2 numbers being pressed at the same time. [ But Im an 31337 h4x0r. Not a vandal! ]---------------------------------- Fine. H4x0r away then, but you'll need a laptop running special terminal software. Further info is in a manual you'll find in there. You can't do much shit from a remote. If there is another computer in there it will have access to Bell's intranet but the switch itself is basically garbage and not the good garbage like the SPN CO's dumpsta, if you know CLLI's. The value of the garbage may be slightly higher than the garbage from Holy Chow Chinese food or some shit. btw... never go in a chinese food dumpster ive learned from experience. Worst thing ive ever done. Anyways, It has no links to other switches. Best thing? Maybe making someones fone ring over and over again. Without being traced. I donno. [ If Bell Security chases me what will I do. ]---------------------------- h0h0h0h0. Who cares. Don't just stand there and let your face go whiter than the Masked h4x0r aka. BB elite h4x0r. himself. "Buddy! Buddy! Come back here! I call police. I call police!" Most Techs are fat, arrogant bastards who don't like exercise. If you get caught in a Bell building and try to open the door, but see the bottom of a coat and shoes there. GET those BRASS KNUCKLES ready!!! hahhahahaha. (CO Party '99) Or claim your a DmS Apprentice who just happens to be fixing computers in a CO at 2am. hahahahahahah. Sounds familiar!!! Ok now im just rambling Oh and remember, Vandalism, Computer Crime Fraud, Telecommunications Fraud, Breaking and Entering, Tresspassing, Arson, and any other criminal act I covered in this article is VERY VERY WRONG. DO NOT ATTEMPT ANY. I have never done anything like this nor ever will. If you really want to know I found all my remote switch information in a buried at the bottom of a swamp in Alabama when I went watch di9ital marry his cousin. YEE-HAH! [EOF] .--[ how to spoof yer eye pea ]-------. | | | ch4x0rzine #5 | ----------------------[ 0-d4y ]- `---------------------------------------' h0w t3w sp00f y0ur 1p -members of hackcanada.com -ch4x #5 @ www.lucidx.com/ch4x "We ate diner with Emmanuel Goldstien, then kissed his feet, got really drunk, and had gay sex!" -Hackcanada [ Preliminariez ]--------------------------------------------------------- Yo y0 yo yO y0 yo y0 yo wa$$ up guyz, d1s iz d4 hackcanada.com cl1qu3 r00b1x c00b3 - 1f j00h a1nt part, d3n get d4 fuck 0ut! MUHAHAHA. en-e3e-w4yz, d1s iz 0ur f1l3 4nd 1t w1ll t34ch j00h 0-day techniqu3z w3 l34rned @ defc0n d1s summ4r. p33p it! [ ARE JAY ELEVEN (\/)4N1PUL4TION T3CHNiQUEZ ]----------------------------- 0k4y okay, d1s is by f4r the m0st brut4l m3th0d 0f sp00f1ng j3r EYE-PEA! All y0u g0tta d0 is t4k3 th3 t3l3ph0n3 w1r3 fr0m j00r m0dem, and ch0p it in 3 s3parate placez! Then, mix d4 pi3ces up r4nd0mly, and t4pe them t0g3ther - but m4k3 sur3 d4t th3 r1ng / tip w1r3s d0nt t0uch any 0ther w1res - JOOH DONT NEED EM! 4nyw4yz, wh3n y0u g3t c0nnect3d to d4 n3t, y0ur IP will b3 th4t 0f 0n3 0n bell.c4, or 4ny 0th3r t3lc0 1n th3 st3nt0r 4ll1ance - y0u just g0tta yell it t0 y0ur m0d3m. F0r example, 1f ey3 w4nt3d a BC Tel IP, I w0uld y3ll "j0h t3l3ph0n, br1ng me d4 b33 c33 tell" -cyb0rg/asm [ WHISTLING TECHNIQUEZ ]-------------------------------------------------- EH YO SUP GUY DIS IS NOT AS LEET BUT IT MAKES IT SO YOUR IP IS WHATEVER YOUR LOCAL HOST IS YEH YOU COULD MAKE EVERYONE ON THE NET THINK YOU'RE WIZBONE@ELITEREDHATBOX ALL J00H GOOTA D00 IZ L1KE WH1STL3 DTMF TONES OF THE ISP INTO THE PHONE INSTEAD OF THE MODEM DIALING IT FOR YOU! YOUR LOCAL CO HAS A COMPUTER THAT RECOGNIZES DTMF WHISTLES, AND PROCESSES THEIR CALLS WITH "LOCAL HOST INTERNET IP." NO BULLSHIT GUY - NO BULLSHIT! TRUST ME I PRACTICED THIS IN DA WHITE TRASH RENTAL VAN ON MY WAY TO DEFCON! -W1ZB0N3 [ sprey paynt technikez ]------------------------------------------------- yah yeh yea, yo yo yo guy dis iz da ultimite chit guy, ya nohw, like fuq guy all you gotta dew is like go to dis canadian tyre shit and pik up sum sprey paynt and like colour yer computer cammofl0hge - tis will make your IP appeer as a randem *.mil! -GOOD YEAR aka Fat Fucker in our Defcon photo. [ Peece 0ut ]------------------------------------------------------------- W3ll 4z y0u c4n s33, w3 l34rn3d s0m3 v4luabl3 s3crets 4t d3fc0n, but r3m3mb3r, k33p d33z wh1t3 h0t ju4r3z s3cr3t 0n the p80 s1st3mz 0r 3ls3 d1s f1l3 w1ll b3 us3l3ss 3-nuff s3wn. 00h j34h, w3 als0 w4nn4 fuck1n 1nclud3 4n 4d f0r 0ur bus3yn3z. ____ / / \ "HEEYYYYYYYYYYY KIDDIEZ, YOU CAN CALL ME DICK. HARDEE HAR / \ HAR! ANYWAYZ, ARE YOU A WHEAT FARMING BOY FROM ALBERTA | ) WHO BEATS-NUTS 2 THE eXtReMe?! WELL, KEYBOARD COWBOY, | O O / TIME FOR YOU TO PUT YER SORE JERKING HANDS DOWN AND PUT \_/\__/\ THEM ON THE KEYBOARD (CUM INCLUDED) AND JOIN US AT :" \ \ \ \ WWW.WHACKCANADA.COM _\ \__ /__\ __ ) FOR REAL, 0-DAY PR0N (like these amazing ASCII skills \\ _| // <----) WHICH YOU CAN CONSTANTLY KEEP IN MINT CONDITION. \_) // NOT LIKE THE MAGAZINES YOU HAVE AT HOME STUCK TOGETHER / `-'\ BECAUSE OF YOUR SUPER SPIZZ!" / / \ / | | | | | ONLY $13.37 / YEAR! | \ / \____/ `---' | | | |_ _| | |___) (c) "Self Portrait" by cyb0rg/asm (cYBERoRGASIM?) (___| [E0F] .--[ PERL HTTP Server ]---------------. | | | ch4x0rzine #5 | ----------------------[ 0-d4y ]- `---------------------------------------' Perlerv 2.11 GNU Warez -telex -ch4x #5 @ www.lucidx.com/ch4x * Please download the attatched "perlserv-2.11.tar.gz" in order to have your personal copy of these GNU ju4r3z * [ Contents ]-------------------------------------------------------------- Contained in perlserv-2.11.tar.gz should be the following: perlserv.pl Ssockets.pm index.html README PerlServ 2.11 requires the latest version of Perl. Run with the -d flag for detailed information. ./perlserv.pl -d > http.log [ About PerlServ ]-------------------------------------------------------- The perlserv.pl script supports an extremely simple HTTP service and can be used in various situations where a quick and easy webserver is required. Because it has been written in perl, this server could be used as a portable way of setting up webservers on a variety of platforms. This server does have its limitations. PerlServ only supports GET requests; no CGI or FORM support is currently available. * telex is your friend. [EOF] .--[ Editing WinNT Registry ]---------. | | | ch4x0rzine #5 | ----------------------[ 0-d4y ]- `---------------------------------------' Editing The Windowz NT Registry (c) coffee -coffee -ch4x #5 @ www.lucidx.com/ch4x [ intro ]----------------------------------------------------------------- The Registry is a central database that is created by Windows NT during installation. The entries in that database consist of the hardware, software, users, and preferences data for a single computer, or any computer on a network. Whenever the user makes changes to the Control Panel settings, File Associations, System Policies, or installed software, the changes are reflected in the Registry. Like, back up your Registry, if you fuck shit up you will be sad and you will cry like a baby. Like, NT is a growing force which you need will to school yourself about. Some might say you shoudn't bother, that all you need is to know about UNIX based operating systems, HEH, if hear you someone say that rip off their arms and let them feel real pain. [ registry edit0r ]------------------------------------------------------- You can find the Registry Editor in your system dir. Copy that onto a backup disk if it pleases you to do so. For future reference you need only choose Run|Regedit if you only want to run the program. Once Regedit is open you should see My the six HKEY folders. As your tool of control over your NT environment, you will have to know Regedit intimately. There is no point being in the driving seat if you can't use a steering wheel, and there is no point getting into a car if you don't know how to turn the keys. Fuck sake, just step away from the car!! Err, enough with the confusing metaphors. Below is an extract from a Windows NT help topic. [ Overview Of Registry Editor ]------------------------------------------- Registry Editor is an advanced tool that enables you to change settings in your system Registry, which contains information about how your computer runs. Generally, it is best to use Windows controls to change your system settings. You should not edit your Registry unless it is absolutely necessary. If there is an error in your Registry, your computer may become non functional. If this happens, you can restore the Registry to its state when you last successfully started your computer. For instructions, see Related Topics below." As you can see it is the usual bullshit from the bureaucrats at Microsoft. I think what they are really trying to say is that if you start fucking with the Registry you have passed the point of no return. Warning lame users off from things that might get icky is a sort of Microsoft trademark. They are safe in the knowledge that their half assed assessment of Regedit will frighten most people away. The most key utility to controlling your NT box is hidden away with no shortcuts and a whole nine lines devoted to describing it, most of which fits into the Microsoft play-it-safe agenda. [ hkey structure ]-------------------------------------------------------- [ Hkey_Classes_Root ] -- [ Hkey_Current_User ] -- [ Hkey_Local_Machine ] [ Hkey_Users ] -- [ Hkey_Current_Config ] -- [ Hkey_Dyn_Data ] [ hkey explanations ]----------------------------------------------------- [1] Hkey_Classes_Root This key points to a branch of Hkey_Local_Machine that describes certain software settings. This key contains essential information about OLE and drag and drop operations, shortcuts, and core aspects of the NT GUI which we all think is so pretty =). [2] Hkey_Current_User This key points to a branch of Hkey_Users for the user who is currently logged onto the system. Sort of like the equivalent of the Unix who command but not really. [3[ Hkey_Local_Machine Contains computer specific information about the type of hardware, software, and other preferences on a given PC. This information is used for all users who log onto this computer. The data is stored in machine code. The software side often includes the serial keys for products you have registered and sometimes encrypted passwords. [4] Hkey_Users This key contains information about the users that log onto the computer. Both generic and user-specific information is used, and each user who uses the system has their own Subkey to accompany the .pwl file in your system dir. The .pwl file contains the password data whilst the specified Subkey contains all other information. [5] Hkey_Current_Config This key points to a branch of the Key Hkey_Local_Machine \Config that contains information about the current hardware configuration. It is updated when you use the Add New Hardware program. [6] Hkey_Dyn_Data This key points to a branch of Hkey_Local_Machine that contains various bits of information regarding the System's Plug and Play configuration. This information is DYNAMIC, meaning that it may change as devices are added to or removed from the computer. [ hkey explanationz ]----------------------------------------------------- The thing about the Registry is that although Microsoft lean on it to keep NT sharp, they are more dependant on it than you might realise. I mean that they utilise it the running of other Microsoft products. Internet Explorer for instance. Although it has been said that it is an integral part of Windows. Microsoft were taken to court about it. The insides of IE are stored in the Registry, including their Internet Options. I have read Usenet posts about reg keys that lower the security zone in IE or enable Java and other malicious shizz. Take for example the password encoded censor Content Advisor Ratings. If any of you twelve year old code kidz want to disable their censors, stopping you from downloading a shit load of porography, find the below key in HKEY_LOCAL_MACHINE. \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\Key Now just rename Key to something else e.g. KeyFucked. The next time the Content Advisor Ratings are running the system will not be able to find the key it is searching for. Yay. They key actually contains the encrypted password information. I'm sure you can already think of ways that this might be useful. If you are interested in this topic I suggest you do research on algorithms. A very interesting topic. [ hidden sharez ]--------------------------------------------------------- You must have seen the hype concerning all those dumb trojans. Any guy off the street could own a Windows box, am I right? Well anyone who has ever had to remove a nasty proggie will know where the server implants itself, the Registry. For the trojan to function 24/7 it needs to initialise every time NT starts up. Now I don't think Back Orifice would have been quite as popular if it required you to place a shortcut in the Startup folder or a line in win.ini. You can create the lame trojan effect with a Registry key that uses the DOS prompt as the client for controlling the target computer. This works by connecting to shares. Shares are what Windows uses to share resources from computer to computer. The NetNinja Setup trojan creates the C$ admin share in HKEY_LOCAL_MACHINE. \SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan\C$ This will assign the remote shared drive to the next available letter on the user's machine and grants full read/write access. When run, the Setup trojan creates a hidden share of drive C: and it places four entries in that key as follows. "Flags"=dword:00000302 "Path"="C:\\" "Remark"="" "Type"=dword:00000000 Two things cause the share to be invisible. The "$" at the end of the name hides any share from the NET VIEW command and to Net Watcher's shared folder listing. The Setup Trojan can be downloaded from: http://www.netninja.com/files/SetupTrojan.zip [ registry programming ]-------------------------------------------------- Now, before I start I must say that there really is no such thing as Registry programming as such. Well, not for ordinary users. Although we're not about to code Win32 API functions, better to take the messy approach, pacthing code and sticking it in. Similar to patching hex or binary because if you move one space or character out of place then the executable will dysfunction, no questions asked. It is important to understand this. However editing your Registry is easier because it's values are often represented by real words and the more you look at and change keys, the more you will recognise things that repeat. Sort of eqivilant to a higher level programming language. Of course, the reason that actaul reg keys onn their own don't equate to a programming language is because there is only similarities, never defined code. They use all sorts of values as well such as binary, hex, hexadecimal etc. Open up all reg keys in Wordpad and save new ones in Wordpad. It is important you use Wordpad and not any other text editor, because you need the formatting it uses. DOS Edit will fuck your shit up big time. Below is a reg key which opens up all files with an unrecognised file extension with DOS Edit. Instead of opening the Open With dialog box you will be brought straight into DOS Edit to view the files. This is handy for viewing files made in Unix with no extensions. Note the Registry definition "ASCII Viewable Document" which means a text file "Content Type"="text/plain". Of course if you have ever fooled around with DOS Edit before you will notice it doesn't support executables. This means if you use it to open a .exe file it will represent it in text as best as is possible. This key also ties defines .nfo and .diz as plain text file types. This is handy because although they are famous file extensions they were not created with any text editor in mind so this reg key tells the system they are text files without having to reformat them with a fixed text editor. [ dosedit.reg ]----------------------------------------------------------- REGEDIT4 [HKEY_CLASSES_ROOT\asciifile] @="ASCII Viewable Document" "EditFlags"=hex:00,00,01,00 [HKEY_CLASSES_ROOT\asciifile\Shell] @="" [HKEY_CLASSES_ROOT\asciifile\Shell\open] [HKEY_CLASSES_ROOT\asciifile\Shell\open\command] @="edit.com %1" [HKEY_CLASSES_ROOT\asciifile\DefaultIcon] @="C:\\WINDOWS\\SYSTEM\\shell32.dll,64" [HKEY_CLASSES_ROOT\.diz] @="asciifile" "Content Type"="text/plain" [HKEY_CLASSES_ROOT\.nfo] @="asciifile" "Content Type"="text/plain" [ extracting data ]------------------------------------------------------- #! c:\perl\bin\perl.exeuse # now we will take a look at some registry data # here is an example of a perl script Win32::Registry; $p = "SOFTWARE\\Microsoft\\Windows \\CurrentVersion"; $main::HKEY_LOCAL_MACHINE->Open($p, $CurrVer) || die "Open: $!\n"; $CurrVer->GetValues(\%vals); foreach $k (keys %vals) { $key = $vals{$k}; print "$$key[0] = $$key[2]\n"; } [ extracting data ]------------------------------------------------------- As anyone who is experienced in using the Registry will tell you, the Hkey_Local_Machine directory is the key to controlling your Windows box. Its he big cheese so to speak. Here is a brief rundown of its standard Subkeys and their functionality. --> /Config [ A collection of configurations for the local ] [ computer. ] --> /Enum [ Info on the system's installed hardware devices. ] --> /Hardware [ Info on the ports and modems used with ] [ hyperterminal. ] --> /Network [ Info created when a user logs on to a networked ] --> /Security [ Info on network security and remote ] [ administration. ] --> /Software [ Info about software and it's configuration on ] [ the system. ] --> /System [ The database that controls system start-up, ] [ device driver loading, Windows NT services, and ] [ OS behaviour. ] ______ ____ ____ ____ ____ ____ / ____/ / __ \ / __/ / __/ / __/ / __/ / / / / / | / /_ / /_ / /_ / /_ / / / / / / / __/ / __/ / __/ / __/ / /___ / /_/ / / / / / / /__ / /__ \____/ \____/ /_/ /_/ /____/ /____/ shouts to [ch4x] [fr0g] [niscii] [franco] [fungii] [xit] [xinu] [mousey] [winston] [hitman] [zomba] [force] [crypt0genic] [rekcah] [iga] [ego] [freeman] [regan] [zirqaz] [d_l0rd] [adnan_c] [darkcyde] [EOF] .--[ COKE MACHINE HACKING 101 ]--------. | | | ch4x0rzine #5 | ----------------------[ 0-d4y ]- `---------------------------------------' HOW TO GET QUARTERS OUT OF COKE MACHINES BY THE ONE AND ONLY RADEAD WELL I KNOW IT'S BEEN 5 MONTHS SINCE I SAID I'D MAKE THIS FILE AND IT'S FINALLY HERE, THE WAIT _IS_ WORTH IT! ON TO THE GOOD STUFF! THIS IS A COKE MACHINE: I--------------------I I I I I I I I I I COKE I I X I I I I I I I I I I -- I I I I____________________I COKE = WHERE IT SAYS COKE X = WHERE YOU STICK THE $$$ IN -- = WHERE YOU GET YOUR $$$ BACK SO NOW YOU KNOW HOW THE MECHANICS BEHIND HOW A COKE MACHINE WORK! SO HOW DO I EXPLOIT IT? WELL, I AM GLAD YOU ASKED! SEE ON ALL MODERN COKE MACHINES (THE ONES WITH THE FLAT FRONT) THERE'S A LITTLE "HOLE" NEAR THE BOTTOM RIGHT CORNER OF THE MACHINE! I--------------------I I I I I I I I I I COKE I I X I I I I I I I I I I -- I I I I____________________I ^ I I I WHERE "HOLE" IS THIS IS WHERE THE MONEY IS KEPT@!! WHAT YOU GOTTA DO TO GET IT OUT, IS TO STICK YOUR LITTLE FINGERS UP THERE AND PULL LIKE THERES NO TOMORROW! IF YOUR FINGERS GET STUCK THAT MEANS THERES LOTS OF MONEY IN THE MACHINE AND YOU GOT A BIGGER SCORE! KEEP PULLING AND EVENTUALLY THE LITTLE BAGGY IN THERE WILL COME OUT AND YOU'VE GOT YOUR CASH! IF THAT FAILS, THERE IS ANOTHER METHOD WHICH MAY BE USED ON A COKE MACHINE THERE ARE SIDES THAT YOU CAN HOLD ONTO TO ROCK IT I--------------------I <-SIDE I I OF I I COKE I I MACHINE I I I COKE I I X I I I I I I I I I I -- I I I I____________________I SIMPLY GRAB BOTH SIDES AND START ROCKING THE COKE MACHINE FORWARD AND BACKWARD! EVENTUALLY COKES AND MONEY WILL START FLYING OUT! THE FURTHUR YOU ROCK IT THE MORE MONEY/COKE COMES OUT. JUST DON'T LET ANYONE CATCH YOU! WELL THATS ALL FOR NOW, YOU'LL ALL PROBABLY GET REALLY RICH FROM THIS INFO, SO HAVE PHUN AND DON'T KILL YOURSELF! I HOLD NO RESPONSIBILITY FOR ANY ACTIONS TAKEN AFTER READING THIS TEXT FILE. DJ RADEADY DownloadeD from the ---------------------- IAnciENT ToMB BBS@!!!I I I I2 nodes! 300 bps! I I I I(416)too-bad-for-u I I____________________I [EOF] .--[ DMS And Bluebox Prevention ]------. | | | ch4x0rzine #5 | ----------------------[ 0-d4y ]- `---------------------------------------' [Son, what?]------------------------------------------------------------- "I bust more guns then a vietnam vet, but im legit. Straight as a board." ./ di9ital@sekurity.net ./ This file is dedicated to my gH crackerjacks - making bootleg liquor on a sunday night [Intro]------------------------------------------------------------------- y0y0y0, l0v3 t0 s1t at h0m3 and talk t0 th3 h0t s3xy paraguay lad1es??? Th1nk aga1n b1gb0y!$! This file describes the Blue Box Fraud Detection feature within the DMS (Digital Multiplex System) family of switches (so y0u sexy b0ys dont cry t00 hard when the police slam s0me cuffs 0n y0u). [Blue?]---------------------------------------------------------------------- A 'blue box' is defined as any device connected to a subscribers phoneline that can prodouce both a 2600 Hz tone and multifrequency(MF)digits. [Description]---------------------------------------------------------------- The Blue Box Fraud Detection feature works by discovering the fraudlent MF signaling over Centralized Automatic Message Accounting (CAMA) and SuperCAMA trunks. It does not detect fraudulent signaling over Traffic Operator Position System (TOPS) trunks. The feature can alert the telco of a fradulent call attempt and either allow billing to be made for the call or disconnect the call (described later). NOTE: The feature detects the fraud MF singaling but does not detect the SF (Single Frequency that is) pulsing The feature allows the DMS-200 to perform fraud detection functions: * test for fraudlent calls * record fraudulent calls (voice/actions) - 0h shugar$!!! * cut or continue the fraudulent call [Process]-------------------------------------------------------------------- To the switch (and telco), a fradulent call is taken place when the perpetrator (yes thats you ace) performs two steps: 1. A normal call is placed to a Single Frequency (SF) trunk beyond his or her billing office. 2. The fraudulnet call is placed. This call uses the SF trunk seized for the original, normal call. -The perpetrators billing office does not detect calls placed with a blue box, hence the term 'blue box fraud' The diagram below describes how a perpetrator -initiates- a fradulent call ____________ _____________ WINK | | | | <--------- [1]----|---->| END OFFICE |----[2]---->| CAMA OFFICE |----------> | |____________| | (DMS-200) | OUTGOING TRUNK ____|___ |_____________| | | |BLUE BOX| |________| [1] - normal call placed (say, 1 800-463-3796) [2] - end office sends dialed digits to the CAMA office CAMA office recieves the data from the End Office and seizes an outgoing trunk. The Office at the far end of the trunk (dialed number) 'winks' in response and the CAMA office sends the called digits for this normal call. NOTE: No fraud has taken place, youve just dialed a number. ***The 'wink' is sometimes audiable, sounding like a little chirp or beep*** [Testing]-------------------------------------------------------------------- It is this wink (as described above) that triggers the dms-200 to start testing the call. The diagram below shows how the DMS-200 prepares to test for a (suspected) fraudulent call. ________ | | | |BLUE BOX|----->| |________| | | | ____|_____ | | | | |END OFFICE| | | |__________| | CAMA| broadcast ______________ TRUNK|----[1]----| reserved MFR | | connection|______________| _____|_____ | | | | | | | |CAMA OFFICE|<-------------| | DMS 200 | |___________| | OUTGOING| | TRUNK| | | |WINK | | [1] - The DMS-200 establishes a broadcast connection from the suspect CAMA trunk (y0u) to a MF (Multi Frequency smart man) receiver (MFR) as designated in the feature setup (described later). These reserved MFR are not available for standard call processing. After the MFR is attached, the DMS-200 waits for one of the following events: [MFR Timeout] This is the time to detect fraudulent MF digits has expired. Responce: Release the MFR - assume no fraud has taken place [Call Failure] Mutilated digits detected by the MFR. Several things could cause this. Call may have been released The pepetrator may be usuing SF pulsing Responce: Release the MFR - assume no fraud has taken place [Digits] A fraudulent set of called digits has been recieved. Responce: Use Automatic Message Accounting (AMA) Event information. Flag the call as a bluebox call. Release the MFR. If the 'CUT' option has been specified in the feature, disconnect the call (described later). The DMS-200 will preform these functions after detecting a fraudulent call: If the 'CUT' option was not activated, replace the original digits in the buffer with the fraudulent digits (from MFR). !!!- If you place more then one fraudulent call, only the last call appears in the buffer -!!! [Cut? Continue?] As mentioned above, there are two options for kids like us. Either 'CUT' or 'CONTINUTE' the badboy bluebox call. [CUT] To cut the call the DMS-200 will preform these actions: -Release the MFR -Release the conntion between the originating and terminating agents of the call -processes the AMA info - 0hgn0!$! -deallocates the terminator -sets treatment for the originator (thats you ace) [CONTINUE] If the cut option was not specified with the feature (described later) the DMS-200 releases the MFR and the call continues. The perpetrator is billed on the fraudulent digits. When the subscriber disconnectes the call, the system generates a log and turns off the alarm if the ALARM option was specified (described below) [Interface]--------------------------------------------------------------------- **(The following assumes you have atleast a small idea of how to use the MMI coresponding to a DMS switch)** The feature is activated by a CI command. The same command is used to get the status of the feature. The following describes the syntax for the feature. The 'core' command is: BLUEBOX variables with the BLUEBOX command are as follows: ACT - Activates the feature with the specified number of MFR to be set aside CLR - Deactivates the command, returning the MFR to the common pool nmfr - specifies the number of MFR to be reserved (range: 1 though 3) - default number of MFR is 1. timeout - specifies the number of seconds the MFR will wait for fraudulent digi$(range 5 though 35) - default is 30. ALARM - specifies if an audible/visual alarm will be generated when a blue box call is detected. CUT - Specifies that the fraudulent blue box calls will be disconnected. If thisis not specified, the call will continue. Command Format: BLUEBOX ACT/CLR [NMFR] [TIMEOUT] [ALARM] [CUT] [Examples] In order to see if the feature is active on the switch you would simply input the following: > BLUEBOX You will receive some k-rad1cle mumbo jumbo like this: Blue box Fraud Detection Feature Status: Inactive. The smart frame techs didnt finish thier mail-in colledge telecommunications degree when getting bum bum sex from thier cellmate 'magic' in the don jail. -[1]- To activate the Blue Box Fraud Detection Feature with default parameters you would enter the following: > BLUEBOX ACT It best give you this message: Blue Box Fraud Detection Feature Status: Active 1 MFR reserved, timeout set to 30 seconds. Done. You've activated the feature. -[2]- To activiate the feature with 5 MFR reserved, A timeout of 30 seconds, Alarm and cut the call you would input: > BLUEBOX ACT 5 30 ALARM CUT System will give you this responce: Blue Box Fraud Detection Feature Status: Active 5 MFR reserved, timeout set to 30 seconds. Detection will report alarm. Detection will cut off call. -[3]- To disactivate the feature simply input: > BLUEBOX CLR the system responds with: Bluebox Fraud Detection Feature Cleared. [EOF] - di9ital@sekurity.net - [(c)di9ital 1999] .--[ Conclusion ]----------------------. | | | ch4x0rzine #5 | ----------------------[ 0-d4y ]- `---------------------------------------' Well, here we are ; the end of another ch4x0rzin3. I hope you enjoyed reading! Whoa, did #5 ever take a long time! Not really, considering a lot of the shit that has gone down! Unfortunately, I was not able to release any of my articles for this version of ch4x0rzin3, however, I WILL release at least two articles for ch4x #6. Let me warn you, these articles will be 0-day! I would have released them, but my tight schedule restricted my amount of time for my hobbies. Anyways, I hope all you other groups, etc. did not take anything I said towards you seriously. HEH. Its just my style. I'm profound, so I usually say shit which I have no real feelings towards, yet is just said to make people think "Fuck, dr. demos has been smoking too much of crazy J's rasta plant!" Lastly, I think I will release ch4x0rzin3 #6 as of October! Hope to see you then, and quite possibly on our OWN 24/7 connection! -demos