===---===---===---===---===---===---===---===---===---===---===---===---===--- : ____ i..?W$$$$$$$ __ ;Q$$P" $$$ ;$$$ .$$$;' $$$ I$$$ I$$. : $$$ $$$; ;$I? . $$$ _..$$$; $$$; $$$y#Q$$$$$P' $$$ $$$P""^^ _____$$$ $$$; $$$$$$$$$$$$$$ `$$$y, ''^""$$$^^"""" ;,"?$$$#, $$$ I$# ^$$$$, $$y, $$$ ?$$$; $$$; $$$ ;$$$I : $$$ $$$$ . $$$$ Forbidden Knowledge Issue Eleven: Released 16th May 2000AD Leet0 Wizdumb's 17th Birfday Ish!@#$% Happy Birfday to Me!@#$%^ ---===---===---===---===---===---===---===---===---===---===---===---===---=== Shout Outz +-======-+ MDMA, Sigma, DrSmoke, TimeWiz, meiso, Coldblood, Rawhed, JungleG, RIFT, {}, Slash, b0f, Most of the hoez from Blabber.Net's #hack (Aragon, Opium, acid, xanex, et al), Pushers who give LSD to Five Year Olds, Cruciphux, Gevil, All the blasphemers from article 0x45, Catholic School Girls that give good head Fuck Youz +-=====-+ Catholic School Girls that DON'T, People who can't see the humour in the abuse of homeless people, Homeless People, All the hoez in the acne remedy commercials with no acne, *!*@dal.net, *!*@under.net, People who wait until the *END* of the answering machine message before they hang up, Defacers, People who think defacers have skillz, People who write e-zines, People who think people who write e-zines have skillz, Loud Annoying Evangelical Churches, kppp users, Broccoli Movies of the Month: American Beauty South Park - Bigger, Longer and Uncut Sites of the Month: Info Regarding Egodeath hv2k.voltage.org My Personal FK Mirror www.mdma.za.net/fk H/P E-Zine Community scene.textfiles.com Narq of the Month: MostHateD (Congradulations!@#$%^&) Windoze 9x command of da month: copy /Y c:\windows\logos.sys c:\logo.sys Short Story of the Month: "The Doom that came to Sarnath" by HP Lovecraft Fun: Walking out the plane in Zimbabwe's airport wearing a T-Shirt that says "Whites rule. The Zimbabwean government is hiding the aliens from us. Gay Rights now." Official FK11 Soundtrack: KoRn, Limp Bizkit, Rage Against the Machine, Bush, Eminem, Red Hot Chilli Peppers, Rammstein, Pixies, Springbok Nude Girls, Radiohead, Bloodhound Gang, Our Lady Peace, Cypress Hill, Blink182, Orgy Scary: Seeing an automatically flushing urinal for the first time ever just after eating Psilocybe Mushrooms Oh: If you have copies of Forbidden Knowledge printed out and lying in your office's waiting room like we have heard several people have - PLEASE PLEASE PLEASE take a photo of them and your waiting room, scan them in, and e-mail them to wizdumb@leet.org ;-) Don't have a scanner? E-mail us for a snail mail addy, but just GET US THOSE PICTURES. =) Amusing: Thabo Mbeki's public statement (and letter to Bill Clinton) saying that it can't be proved that HIV leads to AIDS - especially considering how much goddamn medical experience he has. And lets not even *begin* to consider the amount of damage a statement like that can cause when almost a *third* of the world is HIV positive. Thabo Mbeki, I sincerely hope that you get AIDS and die. I am actually *ashamed* to have such a fucking idiot as a president. ________,,,........... .........______ $$$$$$$$$½½½½½½½^^^^^ '''''"""???zz. $$ ^?$$$ `?; $$ '$$ Contents of Forbidden Knowledge Issue 11 $;$$$ ?; ,,?;I$$$ ,"________________________________________________________..,,##½½½', $$ _.+ +.,; 0x90> Credits 0x90> Editorial 0x90> Mail from the Readers Articlez... 0x30> Byteware of the Month [Wyze1, Jus, DvD] 0x31> Unlocking Cellphones without the Mastercode [Moe1] 0x32> Hacking Reality: An Introduction to Khaos Magick [Wyzewun] REM 0x33> Details of Microsoft's Space Exploration Plan [Pneuma] 0x34> K-Rad Oh-Day Christianity Warez [Various] 0x35> Cisco PIX (and others) Denial of Service Attack [Vortexia] 0x36> An Introduction to Java Servlets [Wyzewun] 0x37> Fixing M-Web Specific Modems [JungleG] 0x38> Miscellaneous IRC Gayness [Various] Other junk... 0x41> The Mysterious blommetjies.jpg (Zoom In :P) [Wyzewun] 0x42> Completely Useless killmod.php3 Warez [Wyzewun] 0x43> Internet Explorer 4/5 Hostile VBScript [Wyzewun] 0x44> Share Password Extractor Version 2 [Sigma] 0x45> Microsoft Access 97 Database Password Remover [Wyzewun] 0x46> Lame Ass Win9x/NT4 Backdoor [Wyzewun] 0x47> Windoze Dialup Account Login Ripper [Sigma] 0x48> B0nus Super-el8 Esteban Warez [Various] 0x49> MDMA Advisories #2 through to #4 [Wyzewun] 0x50> Various Stupid-ass DoS vulnerabilties [Wyzewun] 0x90> Outro ,?' $$; $$$QQQ####,,,,________________________________ _________ ______ _ __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. People who made this Issue possible ._ ,;:;,, _. The Usual Bitchez who contributed... -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Wyzewun Pneuma Vortexia Moe1 Jus Special Thanx to Deeze Guest Bitchez... -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- JungleG Sigma DvD ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; ^^^^^^^^^"""""" __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. Editorial by Wizdumb ._ ,;:;,, _. So last week me and my bitchez... ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. Mail from The Readers ._ ,;:;,, _. Date: Tue, 4 Apr 2000 08:43:39 -0500 (CDT) From: Al Mccain To: wizdumb@leet.org Subject: got a question about someone.. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII sigma, where is he from? think i know him, just not sure. [Ed: I replied with "Huh? Who are you?" and I kinda never heard from him again, HEH! ;-P Still - mail like this worries me.] ------ [Ed: I posted something to scene.textfiles.com to the effect of "Forbidden Knowledge Issue One to Ten released, but we were too dumb to notice" and got the following reply...] X-Authentication-Warning: lala.navpoint.com: mogel owned process doing -bs Date: Fri, 7 Apr 2000 15:55:38 -0500 (EST) From: mogel X-Sender: mogel@lala.navpoint.com To: Wyzewun Subject: FK and scene.textfiles.com In-Reply-To: <200004071104.EAA31560@nak.dreamhost.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII I'm glad you wrote me, I tried to contact you like two months ago, but those addresses bounced back. I added you folks to the site... feel free to shoot me an email whenever you guys release, and I'll announce it on my site. You might consider making a mailing list to announce whenever there's a release to readers, or something. Keep in touch. -Mogel [Ed: More about this at the end of the zine] ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. Byteware ._ ,;:;,, _. Byteware from Wyzewun... When beigeboxing a South African cardphone, you are interested in one of the white wires and the blue wire, okay? ------ Telkom's new boxes look like this... ___________ / () \ ------------- | ___ | | \ \ | | \__\ | | OOO | | OOO | | OOO | | | | | ,,,,,,,,,,|___________|,,,,,,,,,, Okay, so my ascii art sucks (I guess I shoulda gotten Cyberphreak to draw this) but what the fuck. Regardless, they're tall and thin, and are opened at the top using the little hole which I pathetically tried to depict. ;-P It appears that these boxes are Telkom's new preffered system, and they are worth finding ways to break into (That prefferably don't involve kicking the whole thing to pieces) - and if you succeed in breaking into one - write us an article on it!@#$% :-) ------ No-one sends fuck you'z to the FK editorial staff in their e-zines! We feel unimportant! Pleeze Pleeze Pleeeeze - you're not hardk0re if you don't have an el8 rival zine that hates you! :-( Actually, I have a feeling this approach isn't going to work. Hmm... Plan B... Phrack : FUCK YOU!@#$%^& BoW : FUCK YOU!@$%&^&* f41th : FUCK YOU!@#$% FK : FUCK YOU!#$#%^... No... Wait a Minute... b0g : FUCK YOU!#@$^&* b4b0 : FUCK YOU!@#$%&* ch4x : FUCK YOU!@$#%&( ~el8 : FUCK YOU!$#$^*(% HWA.HN : FUCK YOU!@##$%^$& NoU : TAKE 0FF J0R CL0THEZ!#@%%$&&* ------ Here's an *EXTREMELY* simple little patch for tcp_seq.h I wrote for FreeBSD (tested on 3.4-RELEASE, but should work on 2.2 - 4.0) to increase security and to stop nmap from recognizing the OS (which is the real reason I wrote it, the extra security offered is not really necessary :P). This just shows you how simply a TCP/IP fingerprint can be spoofed... Once extracted just run patch tcp_seq.h diff.file in /sys/netinet --- cut diff file here --- 96c96 < #define TCP_ISSINCR (122*1024 + tcp_random18()) --- > #define TCP_ISSINCR (random()) 100c100 < #define TCP_ISSINCR (250*1024) /* increment for tcp_iss each second */ --- > #define TCP_ISSINCR (random()) /* increment for tcp_iss each second */ --- cut diff file here --- ------ Looking through the logs on Pneuma's box I found this... Well, the buffer overflow examples are a little lame ... but, it actually seems okay at second glance. hehhehehehe, it usually is, it grows on you THough, I could see why you might have to try so hard -- it's on Windoze ...... whats on windows? The buffer overflow program example. heh, its aimed at newbies and compiles under *nix neway :P Well, it's also C++ ... cin >> of course checks for buffer overflows. *Sigh* I hate it when idiots try and make it look like *I'm* wrong... C:\temp>type gay.cpp #include void main() { char beer[5]; cin >> beer; } C:\temp>cl gay.cpp Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 80x86 Copyright (C) Microsoft Corp 1984-1998. All rights reserved. gay.cpp Microsoft (R) Incremental Linker Version 6.00.8168 Copyright (C) Microsoft Corp 1992-1998. All rights reserved. /out:gay.exe gay.obj C:\temp>gay AAAAAAAAAAAAAAA GAY caused an invalid page fault in module at 00de:00414141. Registers: EAX=004089a0 CS=015f EIP=00414141 EFLGS=00010246 EBX=00530000 SS=0167 ESP=0063fe00 EBP=41414141 ECX=0000000a DS=0167 ESI=8162c000 FS=1a8f EDX=0076066f ES=0167 EDI=00000000 GS=0000 Gosh, EIP and EBP look a bit weird. *Sigh* Just because texts up to now have not mentioned buffer overflow related problems with cin and ifstream doesn't mean they don't exist. In fact, I am willing to *bet* that the buffer overflows in WinAMP's reading of playlists and Netscape Navigator's reading of prefs.js were both caused by improper use of an ifstream. This is also a huge problem because this is how *every* C++ course/tutorial tells programmers to use their ifstreams like that. Anyway, the real moral of the story - Fuck off and check your facts before you whine. ;-P ------ Some extracts from a recent e-mail to me from okby@b4b0.org which may be of interest to some hoez... Indeed we are still putting out the ezine. Sorry, but we've been off for awhile, mainly due to real life problems in everyones schedule. Real life comes before internet. Anyhow, we're back in business, and we're stronger than ever. (ps. if you have anybody else you know that would be interested in submitting anything to the ezine please let them know that we'll look at anything especially if it has something about social antics or programming in it. thnx.) ------ Pneuma and I have decided to chose some completely arbitary race to hate with a passion. We looked in an Atlas and found Andorra, a tiny little country between France and Spain with a population of about 2000, and decided that it would do well. Before we were completely unaware of the great threat of this nation, and now we have made the shocking discovery that They're everywhere! They're taking all our jobs! They're corrupting our way of life! First of all - you must know how to identify Andoranns so as to be able to persecute them at every possible moment. We have decided that they all, without doubt, have hair growing out their ears. You can also always tell an Andorran by their nose. We don't know exactly what *about* it, but we are sure this identification technique is also completely infallable. And boy oh boy, when an Andorran moves into your neighbourhood - you'll know about it! Your children will worship Satan, take drugs, and eat... starchy stuff! Things will go missing everywhere (The Andorrans are *born* thieves, they even steal their currency from France and Spain!) And we're not even going to *begin* talking about their SMELL! So - join the fight against Andorra before it's too late! Besides - it's fun saying "Oh yeah, well at least (X Racial Group) aren't as bad as the fucking ANDORRANS!" and everyone always assumes that comments about Andorrans relate to *their* racial group - whatever that may be. Oh, and if you live in Andorra, please, please, e-mail us. ;-P ------ Interesting fact of the month, as found in issue four of b0g... LONGEST PUBES Maoni Vi of Cape Town has hair measuring 32 inches from the armpits and 28 inches from her minge. Yeah! Gov-Boi's home town! Coincedence? I think not. ;-) Shjeesh, and ppl wonder why I keep on ripping off CT. :-P ------ Real-life quote of the month... Marcel, it says in this magazine that men like being anally fingered during sex. How should I approach Steve about this? ------ Don't want your Java to run on Microsoft VM's? Then instead of using this... public static void main(String[] args) { Use THIS... static void main(String[] args) { And it will work in anything except M$-made stuff. ;-) ------****------ Byteware from Jus... How to impress your lame linux buddies? If you haven't figured this one out yet, congratulations - I'm speechless. 'nix uses a file called /etc/hosts to identify known hosts for domain resolution, to prevent a full DNS lookup everytime that host or IP is used, or if a DNS lookup isn't suitable for that IP. Usually this will contain something like localhost resolving to 127.0.0.1 and your machines (static) IP and its hostname (obviously only if the machine has one) /etc/hosts ovverrides DNS lookups, so you can play cute games with it on your machine. For example, change 127.0.0.1's resolution from "localhost" to "whitehouse.gov". Telnet 127.0.0.1, login and voila - do a "who" and see yourself logged in from the whitehouse :P This can actually be very useful to hide your connections as many people will take what a "who" says at face value and not look any further into it - root a box, change your current IP's resolution in that machines /etc/hosts to your enemy next door, and telnet in and you appear to be connected from idiot.hostname.com's machine... now there's a thought... Obviously you can't use this very seriously - if you're smart enough to get that far you will realise that a netstat -na will show otherwise :P ------ Got any annoying network firewall you wanna sneak around? Well, if you aren't a prize circus clown then you may have already discovered the beauty of some simple code known as datapipe (src on www.security.za.net). Your usual network firewall will have basic things open like http (80) and ftp (21) allowed out, but not your favorite's like telnet (23), ssh (22) or irc (6667) - tsk, shame. Datapipe lets you setup a pipe for data coming in on one port to another port on another host - sounds interesting. You could run datapipe on a machine outside of your network to listen on port 80 or 21, and then pipe the connection to your irc server on port 6667, or even to the local machine's telnet or ssh port... gee, that was tough. You could then /server externalmachine.com 21 or telnet externalmachine.com 80, and the network firewall will allow the outgoing data stream, but the external datapipe will change the flow of data to where you really want it to go - deranged.blabber.net (6667) for example :) [Wyzewun: Yeh, BlabberNet is neat, pity about the gay IRCOps there though (Jus, Vortexia, TimeWiz) :P] You will get datapipe, use it and like it. Duh. ------****------ Byteware from DvD... In RedHat 6.0, users with uid 1000 or higher can execute 'shutdown -r now', which will cause the system to reboot and go into single-user mode. Oops. ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. Cellphone Unlocking without the Mastercode by Moe1 ._ ,;:;,, _. This works on Nokia 21xx/31xx/51xx/81xx. This doesnt work on software version (5.04). First of all your PIN code must be on, then press C, arrow down, C, and hold until it clears display then press * and hold until it starts to blink then press * again and hold until it starts to blink then type 04*YOURPIN*YOURPIN*YOURPIN#. It should then say "PIN code changed" or something and the SIM card is now accepted. Note: Each time you turn your phone OFF it resets the lock, so this need to be done each time you'll turn your phone ON. ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. Hacking Reality: An Introduction to Khaos Magick by Wyzewun ._ ,;:;,, _. As a practicing Chaote, I was very interested to have recently seen two articles regarding occult issues in what would strictly be called H/P e-zines. The two e-zines I am reffering to are b4b0 issue 9 and b0g issue 2, and the two schools covered being Khaos Magick and Satanism respectively. Both zines are available @ PSS should you be interested in checking them out some time. (http://packetstorm.securify.com/mag) So why did I see a need for another article on the subject? Well, Synner's article in b4b0, despite being quite good, left out a few very important points as to what Khaos Magick is all about. I will also try and throw as many of my personal opinions about Khaos Magick into this as possible, to make it interesting to people already familiar with the system. And ultimately, it's hard to summarize such a complex system in a single article - so read both anyway. ;-) As for reading the article in b0g on Satanism... well... I have to be honest - I found the entire original content insipid and stupid but the passages quoted directly out of Anton LaVey's Satanic Bible make it worth reading anyway, despite the typos. Especially considering that LaVey was influenced by Aleister Crowley and HP Lovecraft as were many of the early Khaos Magicians like Austin Osman Spare. And more importantly, regardless of that article, b0g has to be one of the funniest zines the H/P community have produced ever. Right. Now Let's get started... The alt.magick.chaos FAQ contains a menagerie of definitions of Khaos Magick, and I suggest you read them all should you be interested. But the one I am going to give you in this article comes from Joseph Max.555, who I think defines it quite well... Chaos Magick is currently the cutting edge of modern Ceremonial Magick. It largely grew out of the work of Austin Osman Spare, though it has been fractalized into many forms over the last 10 or so years. Chaos Magick emphasizes a personal, experimental approach to magickal practice, de-emphasizes "traditional" approaches (ie. GD, OTO, et al) especially as regards "secret knowledge", male/female dichotomies and order hierarchy; what can be learned from Masters or Gurus is far less important or effective than what a dedicated researcher can discover for hirself. As such, shamanism is incorporated more directly than such historical approaches as Kaballa, though most Chaotes are quite adept at examining traditional systems, incorporating what works and discarding that which holds no personal appeal. Chaos Magicians look at Magick as being a _living_ art rather than an _antique_ one. They regard the various belief structures of magick as being the _means_ rather than the _end_, and the most adept can alter their belief-state as easily as they change clothes. Chaos Magick recognizes no particular system of theology as having any more "reality" than any other, and most Chaotes (like Jung) approach dieties as being no more than archtypical constructs of the subconscious mind. Therefore they are far less concerned with having any (in their eyes) arbitrary moral system pounded into their skulls before getting to actually put magickal techniques into practical use than "Old Aeon" systems like the GD's or Abra-Melin. Chaos Magick propounds no particular dogma or moral system, beyond it's most common identifier: "Nothing is True, and Everything is Permitted." I have yet to meet, however, any adept Chaos Magician who doesn't have a strong sense of personal ethics and subscribe to it feverently. And in this one see's many of the points which Synner neglected to mention. But before even beginning to touch on those, I'm going to hop way back and give my personal definition of Magick in general for the benefit of those unfamiliar with such a concept beyond fairy-tale literature... Magick is the art of bending reality to one's will for whatever reason be it personal or so-called "god sent". Magick *has* to exist simply because so many people in so many different places practice it. And even should Magick *not* exist, *because* so many people practice it, it *does*. Why? Because Magick exists. Confused? Good. I have succeeded in wasting your time. Now let's move on... ;-) Now let's begin to look at approaches to Magick. Up to the point where Khaos Magick stepped into the world, Magick was approached largely from a traditional viewpoint. This means that Magick has been performed in manners passed down over generations, the original method of which was probably obtained from some-one who had ingested something hallucinogenic, was mildly insane, or perhaps actually had a very strong affinity with the supernatural. Of course, to a Chaos Magician (reffered to from here on as Chaotes), which one of these it was doesn't really matter in terms of effectivity. :) You see, most chaotes adopt Jung's concept of gods as archetypes of the subconscious mind. Thus the emphasis is not placed on *HOW* Magick should be performed, but on actually *MAKING* it happen. The Chaote acknowledges that an invocation to Homer Simpson can be just as effective and in some cases perhaps even more effective than one to a traditional deity. Also, which represents drunkeness better to you - Dionysus (ancient greek god of wine) or Barney from the Simpsons? I thought so. Now maybe you're whining that Barney isn't a "god", but to some extent, he IS, in that by you *thinking* of him as a god, he becomes so. Nothing needs to "exist" - it works anyway - which is why Chaos Magick is the only school to have Athiest magicians. :) In Conclusion, I would like to recommend that anyone interested in learning more about Magick and particularly Khaos Magick, should read the work of the following people who have written stuff in these fields... Psychology: Jung, Freud, Nietschze Occult: Peter Carrol, Austin Osman Spare, Anton LaVey, Aleister Crowley, Tzimon Yliaster, Phil Hine Fiction: Isaac Asimov (Esp. "The Last Question"), HP Lovecraft, JRR Tolkein Art and Theatre Movements: Surrealism, Constructivism, Dadaism, Absurdism, Existentialism, Expressionism And also check out the following URL'z... www.chaosmatrix.com www.crl.com/~tzimon www.occultsearch.com www.chaosmagic.com www.execpc.com/~discord/iot ds.dial.pipex.com/specularium Later this year, Pneuma and I will publish "Liber Tine" online, the book on our approach to Khaos Magick which we are writing. Until then, Cheers... ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. K-r4d 0h-Day Chr1stian1tY War3z fr0m Var10uz ._ ,;:;,, _. We recieved divine inspiration from the following visitor to #5fm, who has bestowed upon us great wisdom which we shall cherish our entire life... --- BEGIN LOG --- * lee (lee@ABD7AD12.ipt.aol.com) has joined #5fm pn3um4, i h4ck3d n4s4 hello any christians out there??? helllloooooooo lee: I just ate them all, maybe tommorow :P lol keep religion out of this channel çîà€h mî héw çé hà€k BiNg_: YEAH!! huh? lee: I told you already, I Ate them all, try tommorow! no, GOD is everywhere!!!!!!!!!!!!!!!!!! pneuma, t34ch m3 h0w t0 h4ck!! ? Ok, enuff about religion b4 I make u cry what is wrong with you, why cry??? lee : go away to #god or something i worship Pneuma he is my gof he is my god never heard of him Opium: thats understandable i worship money shaim money................. * Pneuma is the god of good sex, beer, and evil computer trix lee : ja ... so leave. i dont bow down before anyone well, some day, when GOD comes, EVERYBODY will bow to me can you prove that bible oh yeah lee : GET THE HINT? # god JESUS MOWS MY LAWN!!!!!!!!!!!!! be carefull what you say!!!!!!!!!!!!!!!!!!!!!!! lee : or what? well, tonight i will pray for you and someday your'e eyes will open aaaaaaaaaaaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaahh MY EEEEEEEEYYYYYEEEEEEEEEESS I'M BLIND Lee : yeah whatever...the aliens built us, or sum such shit why should i trust someone who took away to of my closest friends and then when i ask someone they say "god works in mysterious ways" BiNg_: yeah...explain that.. well, stop being stupid, you know the truth but you are to proud to admit it, why can't you just chat, that is all i want BOOM, (it's the voice of G.O.D) lee: *lick* Lee : isnt it prayer time or sumthing? are all of you from sa Yes, and proud of it, Better than being a dumb hippie american :P YAAAAAAAAAAAAAAAAAAAWN lee: WHO CARES? { sumbody plz kick him!!} i care also safrican who says it's a him religion is the world's best practical joke lee, are u gay? HEH! no, i am straight and i am a girl oh opium, wanna chat. nah --- END LOG --- So, inspired by the light of Jesus, we decided to 'grep -i' all our IRC logs for 'jesus' and 'christ' - the results of which looked something to the effect of this... In #b4b0 ... cause like christians are against alternate life styles * Topic is 'Let's party like we were at a christian suicide.' jesus christ. jesus h fucking christ jesus christ JESUS CHRIST jesus chr1st. jesus be in heaven I'm so sick of jesus jesus jesus jesus du0d jesus. jesus thats a stupid ploy. In #ch4x ... at a fucking club for christ's sake jesus jesus fuck In Blabber.Net's #hack ... christ Blu_J: CHRIST christ christ almighty hey christ man christ christ all fucking mighty christ.. i mean CHRIST! hmmm... all i want for christmas is my little cray, my little cray GEZUZ FUCKING CHRIST SUPERSTAR my oath to christ christ i wonder how fuqn ugly she was to go for someone lookin like u HOLY CHRIST Sega Dreamcast has 24mb ram!!!!!! for christ sake christ vort ;P teach some people here how tcp/ip works jus :P christ i use fbsd. christ everyone shutup christ i wonder whats going on. christ (: i know ipv4 better than the people who designed it. christ i am smurfing myself now. dood you are as pissed as a coloured on christmas eve jesus christ ack! christians! christ :P * opium was kicked by hotmetal (YOU DO NOT RUN NAMED FOR CHRISTS SAKE) christ jesus christ netscape is a piece of shit. jesus christ wget christ christ christ what a lame topic * Topic is 'Vortexia looks like Jesus' UglyKidJoe: jesus bru at least upgrade to OSR2. jesus c/s: 48867? jesus!@# jesus my modem cant do that Vortexia: hey wanker jesus wannabe jesus holy jesus jesus jesus, 40 sectors bad jesus jesus jesus christ JESUS CHRUST jesus d00ds, so god damn what if we like the bible!!! jesusfuck jesus I'm still rushing In #HWA.hax0r.news ... <_655321_> fucking christ man Told you all Christians were insane :P oh christ christ christ, it wasnt that good christ oh jesus In #Legions ... !fuck Christina Aguilera ahh k, I should start some Christianity questions (hopefully that statement did not offend anyone) Zao == Christian hardcore christianity scares me it's Christian hardcore * techn1cs has quit IRC (he dreamed a god up and called it christianity) christ redhat labs droped 3 1/4. christ almighty. christian rock sucks i dont care if you were jesus fucking christ. but don't use Christ's name in vain christian music blows christian, muslim, buddah, jehova.... all the same christ * Becky- has quit IRC (Jesus may love you, but everyone else thinks you're an asshole.) jesus, people upstairz fuqn sound like they r fuqn killing people by hitting them with baseball bats #Jesus unable to rejoin channel (you're banned!) they do not LIKE JESUS I am in JESUS CHAN * shekk is now known as fukJesuS * fukJesuS is now known as jesusblow hehe Nt im opped in #jesus why is it they do not talk about Jesus in #jesus I bet you I could make them talk about Jesus ;P y0 man, i had dis mad dream dat i had anal sex0r with jesus, what do u think it meanz? i never knew jesus was a nigger jesus jesus jesus oh jesus In the (now deceased) #zahack on EFNet ... christ i am pissed off. christ. and how when it was my turn, santa (satan if you concentrate real hard) asked me what i wanted for christmas, and i replied with a big stupid-ass smile, 'A BEAVER!' jesus christ, have u no shame geeezus christ geeezus christ if this is the way my friends repay me for what I do for christ sake what did i miss now. PhreakAZD yes, I believe in God, I am a Christian, though I do not follow organized religion, my Christianity is derived from how I perceieve the bible, not how others do jesus don't start that ? crap again jesus the chances of the sequencing being right must be one in a million jesus jesus JESUS! jesus JEsus chrsist i hate this town jesus u got a bigg rectum jesus jesus jesus man hahahahahaha jesus what a wanker jesus ignore this guy jesus jesus jesus jesus jesus jesus man vortexia, opium told me you look like jesus, now im thinking all weird of you vortexia, yeah, he's right, you're jesus And THAT, ladies and gentlemen, was the international hacking scene's contribution to the institution of Christianity. We hope you enjoyed it, and if you didn't - We don't care. Just leave us alone for Christ's sake. ;-P ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. Cisco PIX Denial of Service by Vortexia ._ ,;:;,, _. Hi All, just a bit of a security notification. Cisco has been informed of this problem and Im waiting for a fix for the problem, Ive also noted that various other firewalls are effected by this code, though if you wanna know if whatever you are running is effected, you will have to test it. A brief rundown of the problem. If you run routable ips on your internal interface on your pix, and routeable ips on your external interface, so the pix is not running nat, the pix keeps a state table of everything going on. Anything that is not in your state table that attempts to come in from the outside is denied, even if there is a conduit in place to permit anything. Which means that you have to establish a connection from your internal network to your external network before anything external can send data back. This is a really nice feature, unfortunatly there is a big of a bug that I found in this. While testing on in house equipment for possible flaws, as we continually test various products, I found the following. On recieving a RST packet (TCP Reset) from a given host with the correct source and destination port, the PIX will drop the state entry for that particular connection, which means the tcp connection dies due to the fact that no state entry the external box can no longer talk to the internal box. So, if we take a standard raw ip packet, give it a tcp header, and set the source ip as a machine that your internal box is connected to, and the destination ip as your internal machine, set the source port on the spoofed ip as the port the person is connected to, set your destination port on your destination ip cyclically to possible source ports on his side, and send resets, it will drop the persons state table entry, cutting him off from the box he is connected to. Now, the one question I asked when I wrote this, is why does this work, why is there no seq/ack checking on RST packets, this was answered in the TCP RFC, saying that seq/ack numbers are not checked on RST packets, however they are checked on FIN packets, hence using FIN packets for this test is futile without sequence prediction code. There is a simple work around for this problem however, and anyone wishing to know the details of that is free to email me at andrew@cnsec.co.za for details. Below I have posted example code to show the exploit and how it works, and hopefully this will be useful to someone on this list and help fix a fairly nasty denial of service problem. Many Thanks Andrew Alston Citec Network Securities (Director) Phone: (011) 787 4241 Fax: (011) 787 4259 Email: andrew@cnsec.co.za [Ed: Exploit code can be found in ./kodez/CiscoPIX] ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. An Introduction to Java Servlets by Wyzewun ._ ,;:;,, _. Java Servlets are an extremely powerful server side CGI-replacement supported by most major web-servers, and used by very few admins - most notably because they either don't know they exist or don't have the skill needed to write them. Java Servlets have several advantages over Perl and other traditional CGI languages in they are faster to write and to run, infinitely more secure, and have all the advantages of the extremely well furnished Java Servlet API. In this tutorial I will teach you how to write simple Java servlets. Although a knowledge of the Java language is not *completely* necessary to understand this, it will certainly help. What you *will* need is a basic knowledge of the HTTP protocol, of HTML, and of any object-orientated programming language. With that said - let's get going... Servlets are written as if normal programs except they extend the Superclass HttpServlet. We just override the functions doGet(), doPut(), doTrace(), doPost() and doDelete() - the HTTP request each one handles is kinda obvious. =) Right, let's code a simple servlet quick... import javax.servlet.*; // Import the libraries we need to make HTTP import javax.servlet.http.*; // servlets and throw the right exceptions // Here we declare the class and make it extend the HttpServlet Superclass class SimpleExample extends HttpServlet { /* This over-rides doGet() and passes it the user's request (called "req" in this example) and the Servlet's response (called "res" here). Both exceptions thrown are required by the HttpServlet superclass */ void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { // Set HTTP Content Type response.setContentType("text/html"); // Get communicating with the luser PrintWriter out = res.getWriter(); // Send HTML out.println("Servlet Output" + "

FUQ J0O!@#$

"); // Close Stream out.close(); } // end of doGet(); } // end of SimpleExample OK, this issue is being released tomorrow, and a chiq friend of mine bought me a bottle of champagne and a condom for my birthday, so I gotta be honest - I don't have time to finish this article. :) Will make a sequel in future issues if I think anybody cares enough. Cheers... ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. Fixing M-Web Specific Modems by JungleG ._ ,;:;,, _. I don't know anything about what I'm about to tell you - I haven't tried it myself. I don't own any Mweb modems, nor do I condone doing this. If you ever try to turn this against me, in any way, I cannot be held responsible and you must pay me 100 million Rand. So, you're sitting there one day and this advert comes on the TV telling you that you can buy a Mweb Net-Getter (sp?) modem for R99. Great you think, this is awesome, I can get myself a 56K modem for only R99, right? Wrong. The Mweb Net-Getter modem are Mweb specific, ie. they only work when you dial into an Mweb POP. Until now. Here's what you do: 1) Find yourself an EPROM writer. Most universities and some security companies have them too. 2) Go to your favourite electronics suplier and buy a 27c2000 EPROM Chip. 3) Find a friend / uncle / relative / boss / etc who has a Fastlink V.90 modem. 4) Open the Fastlink up. remove the EPROM and copy the EPROM from the Fastlink onto your newly Bought 27c2000 EPROM. 5) Close the Fastlink modem up and return it. 5) Open the Mweb modem up and replace the existing EPROM with the newly bought and programmed 27c2000 EPROM. 6) Close the Mweb modem. 7) Plug and Pray. 8) There is no 8 .. I thought 8 looked good though. Easy as that, you now have a 56K V90 modem for R99. Jungle G ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; __... . . ...__ d$$^^ ^^$$b .?$; ;$$;:;, _. Miscellaneous IRC Gayness ._ ,;:;,, _. heh you a girl? nah, not right now, why? uh somehow that answer strikes me as awkward. hi there lo do u know Back Orifice? never met him It's not a him, it's a program oh ok what is a .tar file? [Ed: She's a #hack netslut - but I s'pose you figured that out already :P] [Ed: More #hack netsluttery...] vans kissing my tits. r u jealous? lol no ive hax0red everyb0dy and now im dealing in pr0n instead ð acid is back!!!!!!!! with PIZZA!!!!!!!!!!!!!!!!!!!! _(@^#^#_!@!@# yay pizza pizza pizza pizza woo hoo omg im gonna order pizza ð jus awaits his pizza [Ed: Cretins :P] if u get someone elses dial up account do u pay telkom? ð GreekGod is pretty good, thnx oh, good do u spit or swallow? excuse me? oh, sorry, wrong window damn right! lol no, only if its really soft wtf! wrong window again! it keeps popping up uhm, just a matter of interest What are you talking about? no, thats too ruff! slower dammit, why does this keep coming? fuck, you are a sick person why the hell does this come in the middle of my conversations? Ugly ... im 17 , hacker dude in training so to speak hacker in training ? this sounds so lame got my good fair share for being spooked the other day pinged www.fbi.gov wow u are so l33t i got to log this port tampering email was send to my isp geez I didnt even connect dumb assies got a warning dumb shit :P some crap about the american embasy being in pretoria and me not being imune to fbi yak yak yak :P hehe harper the unopped ;) hehe *** Harper was kicked by Pneuma (Opped) [Ed: #Darknet elitez...] wtf is gay-boi, he has my STDs!!! rave- : yo there ? shur rave- : can u give me some hints to break in a Apache/1.3.3 (Unix) Debian/GNU on Linux ? [Ed: Have I mentioned how cool #Darknet is, btw?] sup rave send a brotha some more passwd fles [Ed: And while we're at it, have ya seen NXT-Howto.txt by E-Mind of #Darknet?] Section A - What is a DNS? -------------------------- A DNS - Domain Name Server, is used to convert host names to IP addresses and IP addresses to host names. for example: www.infoseek.com = 204.162.96.173 2. What is the theory behind the exploit? The exploit uses a Buffed Overflow in BIND versions 8.2 - 8.2.2 to gain a remote root shell. 6. How do I compile the exploit? As always: $gcc t666.c -o t666 $ 7. How do I run the exploit? $su Password: #./t666 1 Section D - Who should be credited for this HowTo? -------------------------------------------------- 1. who is the person that motivated me into writing this? That person is no other the gov-boi, he operates the great site www.hack.co.za. Without him, this How-To would have never been writen! Thanks Gov-Boi :) [Ed: Needless to say, #darknet are super-fuqn-skilled-kick-yo-azz-hax0rz] ;, ,;;4, ,?;;$;,__________________________________________________________________,,7$; ________,,,........... .........______ $$$$$$$$$½½½½½½½^^^^^ '''''"""???zz. $$ ^?$$$ `?; $$ '$$ Daar is geen meer jy vokking Skaapnaaier!@#$%^ $;$$$ ?; ,,?;I$$$ ,"________________________________________________________..,,##½½½', $$ _.+ +.,; k-r4d 0h-d4y ju4r3z d1ztrh03z... www.mdma.za.net/fk packetstorm.securify.com/mag/fk Send article submissions, hate mail, pictures of your butt, or whatever to wizdumb@leet.org and/or pneuma@mdma.za.net For automatic delivery of FK to your mailbox as it comes out, subscribe to our mailing list by sending mail to minimalist@security.za.net with "subscribe fk" in the subject of the message. Propz to Jus for setting this up for us, and propz to Mogel of scene.textfiles.com for recommending it. < K-Leet Tail Ascii Goez Here - DOH! > JETZT WERDE ICH IN DEIN ARSCHLOCH EINDRINGEN ALS OB ES POLEN WARE !@#$%^&