ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ Û±±±±±±ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ±±±±±Û Û²²²²²²|\_______________________________________________________________/|²²²²²Û Û²²²²²²||\_____________________________________________________________/||²²²²²Û Û²²²²²²||| __ ____ __ __ |||²²²²²Û Û²²²²²²||| /\ \__/\ _`\ ---The E-Zine--- /\ \/\ \ |||²²²²²Û Û²²²²²²||| ___ __ _\ \ ,_\ \ \L\ \ _ __ __ __ \ \ \/'/' |||²²²²²Û Û²²²²²²||| / __`\/\ \/\ \ \ \/\ \ _ <_/\`'__Y'__`\ /'__`\\ \ , < |||²²²²²Û Û²²²²²²||| /\ \L\ \ \ \_\ \ \ \_\ \ \L\ \ \ \/\ __//\ \L\.\\ \ \\`\ |||²²²²²Û Û²²²²²²||| \ \____/\ \____/\ \__\\ \____/\ \_\ \____\ \__/.\_\ \_\ \_\ |||²²²²²Û Û²²²²²²||| \____/ \/___/ \/__/ \/___/ \/_/\/____/\/__/\/_/\/_/\/_/ |||²²²²²Û Û²²²²²²|||_____________________________________________________________|||²²²²²Û Û²²²²²²||/_____________________________________________________________\||²²²²²Û Û²²²²²²|/_______________________________________________________________\|±±±±±Û Û±±±±±±ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ`amatierÛ ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ Outbreak Issue #1 January 2002 Release "And it's a measly manner of existence. To get on that subway on the hot mornings in the summer. To devote your whole life to keeping stock or making phone calls, or selling or buying. To suffer 50 weeks of the year for the sake of a two week vacation, when all you really desire is to be outdoors, with your shirt off. And always to have to get ahead of the next fella. And still.... that's how you build a future." - taken from 'Death Of A Salesman' by Arthur Miller Editorial: Welcome to Outbreak. I hope you enjoy issue #1. If you want to help us out, please submit an article to us. Send all texts to me at kleptic@grex.org. I really don't have much to say, so I'll rant a little bit. It's easy to get all worked up about a mythical bunch of "cheaters" and "chiselers" out there taking us for a ride. Especially during these times when we're all so scared about making our own house payment, it doesn't seem to take a whole lot of convincing to turn us against the less fortunate in our society. Maybe we should be directing our anger elsewhere-like towards Wall Street. Why is it we never think of Big Business when we think of welfare recipients? Companies take more of our tax dollars, and in much more questionable ways, than do those who are trying to heat their apartments with a kerosene stove. - kleptic Û°°±±±±±²²²²²ÛÛÛÛÛÛÛÛÛ²²²±±°Staff°²²²ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°Û ð ð ð he'll steal your heart : kleptic - kleptic@grex.org ð ð he'll jack your car : fwaggle - root@fwaggle.net ð ð he'll play with your pets : `amatier - amatier@twcny.rr.com ð ð he'll watch you shower : Strykar - strykar@hackerzlair.org ð ð he'll eat your cheetos : skratchnsniff ð ð he'll inspect your bikini : Prodigal|Son - amlouden@home.com ð ð he'll steal your soul : kewlmaniac - kewlmaniac@attbi.com ð ð he'll go narf! : skwert - skwert@cyberspace.org ð ð he'll steal your underwear : Ryan - ryan@insidergaming.net ð ð ð Û°°±±±±±²²²²²ÛÛÛÛÛÛÛÛÛ²²²±±°ððððð°²²²ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°Û Shout Outs: All @ #hackerzlair on irc.dalnet Everyone that helped out with this issue of Outbreak. You all rule! ÜßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßÜ \-Û http://www.fwaggle.net/~outbreak/ Û-/ ßÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜß Vist Us @ IRC.DAL.NET Join #outbreakzine Send all articles for submission to: kleptic@grex.org ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛðÛÛÛÛÛÛðÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ Ý Outbreak Issue #1 Þ Ý ÜÜ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÜÜÜ Þ Ý Ý Þ Þ Ý Ý [ 0] Editorial...............................kleptic Þ Þ Ý [ 1] The Art of War..........................amatier Þ Ý [ 2] How AOL Dides Users IP's................kewlmaniac Þ Ý [ 3] More on FastTrack.......................skratchnsniff Þ Ý [ 4] Synchronize Your Clock With ntp.........fwaggle Þ Ý [ 5] Do Not Pass Go! Do Not Collect $200.....prodigal|son Þ Ý [ 6] Wave Pool Mayhem........................kleptic Þ Ý [ 7] Red Boxing..............................meggito Þ Ý [ 8] Operation of SMS Web Services...........strykar Þ Ý [ 9] The Best Thing About College............skwert Þ Ý [10] Router Password Recovery................ryan Þ Ý [11] Stalking/Harassing an Online Service....kleptic Þ Ý [12] IP Address's in HEX and Decimal.........kewlmaniac Þ Ý [13] Conclusion..............................fwaggle Þ ÜÜ ÜÜ ÜÜÜÝ ÞÜÜÜ ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ -°°°±±±±±²²²²²ÛÛÛÛÛÛÛÛÛ²²²±±°ð-|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛÛÛ²²²±±°- +-+-+-+-+-+-+-+-+ ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij All information provided in official OutBreak Zine, Web sites is provided for information purposes only and does not constitute a legal contract between the Editors or Writers and any person or entity unless otherwise specified Information on official OutBreak Zine web sites is subject to change without prior notice. Although every reasonable effort is made to present current and accurate information, the Editors and Writers make no guarantees of any kind The OutBreak web site may contain information that is created and maintained by a variety of sources both internal and external to the Staff. These sites are unmoderated containing the personal opinions and other expressions of the persons who post the entries. OutBreak does not control, monitor or guarantee the information contained in these sites or information contained in links to other external web sites, and does not endorse any views expressed or products or services offered therein. In no event shall OutBreak be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods, or services available on or through any such site or resource Any links to external Web sites and/or non-OutBreak information provided on OutBreak pages or returned from Any Web search engines are provided as a courtesy. They should not be construed as an endorsement by OutBreak and of the content or views of the linked materials COPYRIGHT AND LIMITATIONS ON USE : OutBreak Contents may not be used without express written permission By the Editor kleptic@grex.org COPYRIGHT©® 2002. ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 1 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij -The ART of WAR- ------War Dialing-For Dummies------ by `das<<<`amatier>>> Ok, Boys, This is a oldie but a goodie. As you can see the title is war dialing. Most of you guys keep on asking "teach me how to hack?" and, getting a kicked in probably every hacking channel on the IRC networks. Well Today is your lucky day. After you have read this you can start you very first hack right away. The key to this hack is having a modem, If you have dsl/cable modem then your beat. What you need is a regular analog modem 9600 baud or better will do doesnt have to be anything fast or fancy.. To start things off , War dialing is a Old Fashion Word for letting your computer dial a list of generated numbers by area code and prefix. it is Probably one of the easiest hacks around. One thing that you need to get started is a War dialer, Im not going to mention any particular one since I always get shit form people saying " that proggie sucks this ones better. anyways you can just do a web search for WarDial or War dialing. Something like that. You should get tons of responding hits. note that you want a War dialer that keeps logs of numbers that it dials and what type of hand shake it receives. You might have to try a couple till you get one that you like. Ok, On a normal war dialer most of the settings are usually all the same what you want to do is generate a list of 10,000 numbers to dial , you can set the area code and the prefix to match your area so you don't get hit with a million dollar phone bill. I like to make sure that I left no number in a prefix uncalled so I set mine to generate every number in a prefix. I think that comes out to be 10,000, if its not 10,000 don't e-mail me and say dude how can a combination of 4 numbers be ten thousand. Do the math work its just a lot. After you have set the setting on your dialer, spark it up and let the numbers dial. Me and a friend of mine used to drink beers and listen to all the people that answers the phones, what a trip that is all by its self. "Hello, Hello, who is this?, Hello, Hello Is that you hun?, Or a FUCK YOU!!! " are the most typical. The very first time I tried this did it for a 1,000 numbers. after it was finished my phone wrung off the hook, people kept on calling my house, I was like WTF is going on here, then I realized that people were *69`ing me. For those that don't know what the *69 is. *69 is a command that will dial the last number to call a phone. So make sure that in you war dialer you set the *67, command in the other or Dail __ number to call out. this saves a lot of hassle of answering *69,ed return calls. Another thing your phone company might not have the*67/*69 command it might be something else. One way to find out, just look in the phone book, in the section were it tells you about area codes and such Ok, Now that you let your War dialer, Dial all night and all day you should get a average around 20+ numbers that the dialer got a handshake from and logged for you. The numbers are logged so it is easy to recall them. Along with the number Depending on what War dialer you have it can also log the baud rate you connected at and what it is on the other end. " Tons of fun, this is". Anyways, you probably will get mostly FAX Machines. And a Few PC-Anywhere Computers, Waiting, set for Hosting. You can have a lot of fun with just the fax machine. Like send it a all Black fax 10 times. make sure you do it late at night so no-one is monitoring the fax`s and stops the transition this usually dirties up the Fax machine or even makes it run out of ink. Also its always good to do this with the *67, feature turned on. The Computers with The PC-Anywhere on , just use PC-Anywhere on them, you will be surprised on how many machines don't have the password set to get into it. the first thing you want to do when you get in a PC-anywhere box is to reconfigure PC-Anywhere., so that they cannot see what you are doing., have the settings to run in background or run minimized. Its always a blast to get into a business PC that has a great connection with like 100+ computers on the network. even one that is logged in as a Administrator. Its like playing the lotto. You never know what you'll get on the other end. For other phone numbers you can try using Hyperterminal< for windows users > or minicom < for Linux users > set terminal settings to ( 9600 8 n 1). and have a blast chances are you'll get into a few of these and have a ton of fun. One thing to always do is try to mach up the phone number to where and what your calling into. Like you don't want to Call your Telephone companies Fax machine or computers. That will get you busted. so make sure you always know what, where and who you are calling . Make sure that you do all the prefixes in your area code, that way you can have a maximum war dialing adventure. Another thing after you have had success with your war dialing adventure, write a little text article on "My War dialing Experiences/good/bad" and submit it to The #outbreakzine E-Zine. That way we can all share your experience that you have. Enjoy `,) `amatier --------------------------------------------------------------------- I have seen the future, and have seen the past, and yes our master is thier.<<<`das`amatier>>> hacking into the realm.. --------------------------------------------------------------------- ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 2 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ How AOL hides a users IP address in the hostname. by kewlmaniac This just dawned upon me one day as I was watching chatters enter and leave IRC.. We will use this hostname: AC9A7076.ipt.aol.com Note the first part of the hostname is "AC9A7076". This is hex. Take that hex value and seperate that into four pieces, from left to right, 2 digits apiece. You will get: 1) AC 2) 9A 3) 70 4) 76 Now, take each hex digit and convert it to decimal. You will get: 1) 172 2) 154 3) 112 4) 118 Now, compile those four numbers into a IP address... 172.154.112.118 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 3 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ -------------------------------------------------------------------------------- More on (or "moron") FastTrack Author: Skratchnsniff Well, in Issue #11 Old Scratch posted a small text on Morpheus - which is one of the clients that utilizes the FastTrack network - but he didn't go into much detail about anything. So I decided that I'd write up an article explaining FastTrack in detail. Please note that this isn't going to be in super-detail, it's just my understanding of how the network works. Firstly, FastTrack is a peer-to-peer file sharing network similar to Gnutella. The idea is that Napster got shut down because it had a central office - FastTrack is immune to this because, unlike Napster, it doesn't posess a central office and doesn't require any central servers to operate (although a server does facilitate in extra functions and makes getting on the network easier). FastTrack is arranged in a 2-level network, and I'll try to explain this. There are single nodes (similar to a Napster client) and supernodes. I'll explain more about these later. There are three different "branded" systems which operate on the network. These are networks in themselves, but they do all communicate with one another and in a sense are one network. They are Morpheus (MusicCity), Kazaa, and Grokster. While it's not required to be a member of one of these services, this is the way the majority of users will access the network. When you sign on to one of these servers, you are given a list of "supernodes" by the central server of your chosen network. You connect, and you essentially form a "node" on the network. Once your client has been on the network for a while - and it has enough bandwidth, and the client software supports it - the client may switch to "supernode" mode. This change is usually invisible to the user. A supernode has clients (nodes) which are connected to it (usually it's ip address is kept on a central server and given to new nodes connecting to the network). The supernode can be fed queries, which it then sends to the nodes it posesses - as well as any other supernodes that it knows about. Each node and supernode will try to maintain connections to a decent ammount of supernodes, so as to maintain the network should one supernode go down. So when your client wants to search the network, it simply sends the query to each supernode that it's attatched to. These supernodes check their own lists (assuming they're serving files), as well as forward the queries to other supernodes AND sending the queries to their own nodes. I haven't done much reverse engineering of the protocol, so please bear with me, but i'm not exactly sure how it keeps from sending duplicate queries to a single node via multiple supernodes. anyway ;) If a match is found, each node sends back it's responses, which eventually make their way back to the client. This is why sometimes search results may come back in groups - it's simply responses from each supernode. Oh yeah, i might as well mention that the entire protocol is encrypted - but aparently the encryption is trivial to crack. Once the user finds the file they want, the file is downloaded.. how? Via a simple http like protocol - in fact, (as i believe Old Scratch pointed out) you can use a web browser to download the files from a user. If the user has too many file transfers in progress, then an error message is returned, instructing the client to try again later. As far as i know, there's no actual queue, and the server never contacts the client to tell them that there's an open slot now. I think that the client simply tries repeatedly. As you can see, FastTrack does have it's problems. Sometimes, it can take up to an hour to find a single node without the aid of a logon server. There's also the (somewhat rare) possibility there may actually exist more than one seperate FastTrack network at any one time - but as soon as two of the supernodes contact each other then the network joins, and the number of files available to the network as a whole jumps incredibly. But on the whole, FastTrack is an awesome network. I think personally it's inability to be shut down is what attracts me to it for the most part. There's no big boys that anyone can shut down, and you can't arrest hundreds of thousands of people. So i'd have to say, i think you should download Morpheus (http://www.musiccity.com/), KaZaa (http://www.kazaa.com/), or Grokster (http://www.grokster.com/) and start sharing your files now! More Technical Information: The generic interface to FastTrack (giFT) is aparently a great source of technical information. you can check it out in unix sources here: http://gift.sourceforge.net/ By Dr Skratchnsniff ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 4 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ -------------------------------------------------------------------------------- synchronize your clock with ntp written and produced at fwaggle labs, inc who? ~~~~ i'm fwaggle. i'm sure you know me. if you don't, and you're reading this, you will very soon. why? because i'm like a leech. i get under your skin. this won't be the last time you hear from me. why? because i'm like herpes - i keep coming back. you'll think i'm cool by the time you finish reading this. why? well actually chances are you probably won't. unless you already do. which is doubtful. why? because i keep asking myself these stupid ass fucking questions that's why. you want 31 flavours? baskin robins is where your ass should be at. why? ~~~~ ever told your friend to meet up with you at say 10, and there you are waiting at 10:15, and he/she rocks up and says "nu-huh, it's 10 now!" - when your chronograph (geek word for clock) clearly shows that it's 10:15? well, given that people aren't the most accurate of animals - think of how two computers must feel when they have a difference of opinion over the time. even a difference of a few seconds can screw things up (differences of 30 seconds or more can break an hybrid irc network apart permanently, until an operator intervenes), so it'd be helpful if the clocks would stay accurate. you think that's bad? consider this: you're one of multiple users who are utilizing shared source code on a samba share. your clock is 5 minutes behind another user, who's just compiled the sources. then 2 minutes later you come along, and hit compile. your compiler looks, and the files all look up to date (the executable/object file's date - created by the other user - is later than the updated source code, which you just edited), so it doesn't compile your changes. you're left tearing your hair out trying to figure out why the code you added 2 minutes ago doesn't work. so, we've established that time synchronization is a good idea. let's move on, before someone gets hurt (me?). what? ~~~~~ there are literally gazillions (yep, that's a gazillion) of time clients and servers out there. here's a few of the unix variety: o daytime - returns the date in a plain text format ala: /bin/date o time - returns the seconds from the epoch in a binary format o ntpd (formerly xntpd) - a full featured network time protocol surely there's others out there, but these are the main ones. daytime and time are bot inaccurate (only accurate to a second i believe) and somewhat outdated. they're both incorporated into the internet superserver (inetd) on almost all unix boxen, but most modern distributions disable them by default (they can be used in certain exploits, and let's face it - the less running services, the better). in this article, we're going to be discussing ntpd - or more correctly - the network time protocol system. it's an all-in-one time solution, including time server, time client, as well as a balancing/comparing/averaging/skew detecting time management system. what's so good about it? well basically it does everything a time daemon could ever hope to do. it's the absolute best way to ensure that your clock stays smack on the tick right. where? ~~~~~~ the ntp homepage really has all the information you'll need, as well as a download of the actual package AND as if that wasn't enough - there's links to a bunch of other great time software for windows for example! the url is: http://www.eecis.udel.edu/~ntp/index.html installation is really simple. download, untar/gz, ./configure, then make and make install. simple routine really. now, you can use ntp for a lot more than what i'm going to explain - in fact, i'm only touching the tip of the ice berg. the fact of the matter is that i don't need to make use of all the features ntp has to offer. because of this, and the fact that i'm FAR too lazy to do any actual research, i've decided to just make this a primer - if you want to know more, then read the fucking manual. ;) how? ~~~~ once you have ntp installed, simply edit it's configuration file (usually /etc/ntp.conf). mine simply looks like this: server 127.127.1.0 prefer driftfile /etc/ntp.drift then, start ntpd by typing "ntpd". now, i don't use ntpd to synchronize my timeservers clock, i just use it to provide the ntp service to my other machines. i use a crontab with the following script to keep my timeservers' clock in check: 0 0 * * * /usr/sbin/ntpdate [ip] >/dev/null 2>&1 the ip address is of a public timeserver which is as close to you as possible (in terms of both geographic location and network routing) and in the same timezone as you. now, before you go running off and picking a timeserver - read for a minute. there are two heirachial levels of time servers: stratum 1 and stratum 2. stratum 1 servers are fewer, and feed stratum 2 servers - and they're under an awful ammount of load. NEVER use a stratum 1 server unless your a bigtime public timeserver admin (ie, the admin of a stratum 2 server). stratum 2 servers feed off of stratum 1 servers, and feed other servers. of course, the best solution is to use your ISP's ntp server - IF they offer it. if they don't email them and bug them to - they should. it would cut down on load on the stratum 2 servers. a lot of isp's won't, for whatever reason (the jackasses), so if they don't, then grab a nearby stratum 2 server from this list: http://www.eecis.udel.edu/~mills/ntp/clock2.htm windows? ~~~~~~~~ of course, for unix boxen it would be a simple matter to copy the cron job and change the upstream timeserver's ip to your LAN's timeserver's ip.. but what about windows boxen? well it just so happens that there's a win32 port of ntpdate! yep, and it's great (especially if you want a completely hidden network update daemon). you can download it here: http://home.att.net/~Tom.Horsley/ntptime.exe http://home.att.net/~Tom.Horsley/ntptime.cpl ntptime.exe has no arguments at all, so you might wanna grab ntptime.cpl as well, and copy it to your windows\system directory, then go into control panel and use it to configure ntptime. ntptime in amazingly easy to set up - in fact there's only about four options. because windows lacks crond, you can set ntptime to repeatedly set the clock (i like to make it do it every 24 hours) and an entry in startup, the run registry key, or in the win.ini takes care of starting it up. there's no tray icons, and once you're done configuring it you can remove the control panel icon to stop people from meddling with it. don't forget to use the ip address of your windows box, to save traffic on the upstream servers! what now? ~~~~~~~~~ well.. if all goes well, you should have a perfectly harmonious working environment, with all clocks set pretty damn close to each other. no more bickering over what time it is! fwaggle http://fwaggle.net/ ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 5 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Microsoft: How bad are they? ---------------------------- Ok guys, here's one of everyone's favorite topic, and everyone's love to hate company (not oracle or apple), but microsoft. with the launch of the xbox in november, and the launch of windows xp in october, microsoft looks to take more and more of the market. you might think this article will be another microsoft bashathon, but this is really in their deffense. not all monopolies are bad, look at the united states postal service, it's the biggest monopoly (it's owned by the United States government, so it's ok) but it's a good monopoly because it's fast, cheap, and efficient. if microsoft was let to do what it wanted, we would have network admins with less stress, not to mention protocols will be the same, and software developers will be able to write programs for just one platform. don't get me wrong, i like to use linux, and have accustomed myself to the ease of use (i wish) and feel of it, but it still has a long way to go if it wants to be used by everybody. lets take an os, um, BeOS, no laughing, please. if BeOS was the most widely used operating system, i would have no problem with them being a monopoly. not all monopolies are good, of course. take AT&T for example, it owned most of the market, but it got to the point where they could raise their prices where you would have have to pay $100 a minute just to make an interstate call. they were broken up into the "baby bells". the standard oil company had a monopoly too. but they were broken up also. if microsoft were broken up, that wouldn't really do anything because the companies would not work against each, but work with each other. i may sound really conservative, but i'm liberal, so liberal that i've been called a socialist, but i enjoy the capitalist lifestyle. i'm not saying all monopolies are good, but there are a few that we need, and microsoft is one of them. Prodigal|son amlouden@home.com ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 6 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The Great Cedar Point Wave Pool Disaster of 2001 ------------------------------------------------ by: kleptic ------------------------------------------------ Back in June of good ol 2001, a group of friends and I took a little vacation to Ohio, to visit the legendary amusement park, Cedar Point. The first night we were there was great. We rode all the old favorite rides all evening, then committed ourselves to the hour-and-a-half long line leading to the Millenium Force. I must say, it was worth the wait. That thing is freakin' fast. We're talking stomach-in-your-throat, bugs-in-your-teeth, cheeks-flappin', throwing-the-horned-hand-of-Satan-in-tribute-to-utter-badassness, hold-onto your-asses-and-hats-and-glasses, pee-in-your-bed fast. Okay, okay, so it's not THAT scary; I just wanted to write "pee-in-your-bed." Pee in your bed. Pee in your bed. Pee in your bed. It IS fun though. Er, the coaster, that is. Not peeing in your bed. Peeing in your bed is probably not quite as fun as it sounds. Sure, it may seem mighty convenient not to have to get up to urinate in the night, but I think most people would rather get up and walk to the bathroom than sleep in their own pee. I don't remember the last time I peed in my bed. I do, however, remember the last time I pooped my pants, but I'll save that story for another day. Anyway, the next day we donned our bathing suits and went to Soak City, Cedar Point's water park division. My day there sucked from the start. I had these new board shorts that I had never actually worn before. They sure looked cool, but they had one little problem. They were just a little too big in the waist, and did not have a drawstring. Why would any company make men's swimwear without a drawstring? It had belt loops. Great. The effect of the manufacturer's poor design decision was this: At any given moment I had to choose between showing just a smidge of my bum to whoever was behind me, or just a centimeter too much of the business to whoever was in front of me. I know, it's my own fault I didn't have the foresight to either wear a belt or not buy the drawstringless board shorts in the first place, but this is my web site, gosh darn it, so it was the company's fault. It didn't help much when they got all wet and heavy, either. After a while I gave up, figuring the only people I knew there were close enough friends that I could deal with their seeing me in my slightly-too-revealed-for-comfort state, and anyone else could either get a good laugh or at least have something to talk about. That out of the way, I decided to go join my friends in the wave pool. We had already been in once, but this time there were a lot more people in it. It started up, and I was immediately bombarded with tubby little kids riding inner tubes. It was some kind of massive army of tubby little kids on inner tubes, trying to take over the whole pool. I composed myself after their brutal surprise attack had subsided, and I quickly nominated myself to be the mystical defender of the wave pool! I lunged into action, hurling tubby little kids on inner tubes further back in the pool, where they could cause no more damage. Left, right, straight back over my head, there were tubby little kids flying everywhere, clinging for dear life to their giant pink inner tubes. Just as the tables began to turn in my favor, a whole new regime of tubby little kids riding inner tubes was dropped in my airlift! I didn't actually see the airlift, but that's the only logical (?) explanation, seeing as all of a sudden I was overwhelmed by the horde of them and got bludgeoned in the back of the head with so many pink tubes and tubby little kid feet and fists I suspect I may have been knocked unconscious. Next thing I knew, I was standing in the shallow part of the pool. I don't remember this next bit too well, probably because I was still in a daze from the beating I had taken, but the next thing I remember is my head hanging down, probably in shame from my humiliating defeat by the army of tubby little kids on inner tubes, and my eyes fell upon a dick. I glanced back toward the battlefied for a moment, then, realizing I had seen something strange, I looked down again. "Hey, that's not just any dick..." I thought. "That's MY dick!" And some dick it was. The chilly pool had it looking all wet, shriveled, pale, and disgusting. It look suspiciously like I had always pictured Gollum from The Hobbit. That's probably not normal, thinking of a fantasy creature as a kind of wet, shriveled penis with arms and legs, but I think that's probably what J.R.R. Tolkien had in mind when he wrote the book. The man WAS a literary genius, after all. Regardless, I certainly would have killed and eaten Bilbo Baggins if it meant I could have had an invisibility ring to slip on my finger at that moment. I dropped to my knees, obscuring my tiny, pathetic package beneath that glorious light-bending shield, the surface of the wave pool. I slowly lifted my eyes to see who could have spotted my poor little buddy. A lifeguard stood on the shore, laughing hard. There's one. Crap. A bikini-clad brunette, not laughing. Probably didn't see. Then, with horror, my eyes were drawn to an extremely disheartening sight. Dead ahead, my girlfriend's mother, facing my direction. I'll say it again, in case it didn't set in. My GIRLFRIEND'S MOTHER, facing my direction. I collapsed face-first into the pool and drowned. The end. ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 7 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Red Boxing Written by Meggito on August 4, 2001 Well, it rained for 5 minutes so my cable's out, and without my internet I've finally decided to write that damn red boxing article I never got around to. This was written for those who either are new to the scene or haven't gotten much out of other texts. I am not going to talk about how to make a red box from scratch in this file, maybe in another, but that's not what this is for. This is for the average newbie phreak who doesn't have a degree in electrical engineering. There may be a small amount of new info here, but not much you couldn't find somewhere else, except maybe on the Verizon area. I've tried to gather together dispersed informationand I like to think this is slightly more detailed than other red boxing texts, but its probably not. I'd be surprised if there weren't mistakes, both grammatical and material wise, just e-mail me (meggito@dcap.com) and I'll fix them. Well, here it is... What Is Red Boxing Red boxing is a method of getting free phone calls that has been around for quite a few years. Many people believe it is a dead art that no longer works but this is far from the truth. Despite the enormous (and by enormous I mean feeble) efforts of Verizon (Bell Atlantic and GTE merger) and other phone companies across the country, there has been no end to red boxing, though they have made it far more difficult. I don't know why they call it red boxing but I'd figure its because the first one was red or some such simple reason, honestly I don^Òt much care. Phreaking is not about making free calls, it is about learning about the phone systems. Making free calls is a means to an end. I have tried very hard to give insight into phones and the phone system in this. Seems odd I should have to go back and put this in but: MAKING OR OWNING A RED BOX IS ILLEGAL. USING ONE IS THEFT. YOU CAN BE PROSECUTED. But if you get caught you're most likely a fucking retard and deserve a few nights in jail and anal rapings. Background On Phones Go ahead and skip this section if you don't care as much why it works as how, because this information isn't vital to red boxing but it would be something good for any phreak to know. Now, we've all picked up a phone and gotten that nice dial tone. When you pick up the receiver on a telephone it completes one of two loops that connects your phone with the phone company exchange. The phone company then sends you a dialtone to tell you it is ready to receive your input. This input comes in the form of pulses or DTMF tones sent to the phone company. DTMF is dual tone multifrequency, which means two tones at different frequencies are played at one. All your phone does when you dial is send those pretty noises to the phone company, and they go 'Hey, he pushed a 5, aren't we smart', this is because phone companies think they are smart. This is why you can sit there with a tone dialer (white box), or other instrument, duplicate the sounds, and dial without touching the keypad on your phone. Now, once you enter the number you want to call, the phone company connects to that address's phone on the ringer line, the other loop on the phone, only this one is always open. If the line is in use they send you back a nice busy signal. If not they send that phone a signal telling the phone to, you guessed it, ring. They also sends you a ringback tone, that^Òs not their phone, that's the smart-alicky phone company. If the called party picks up, completing the circuit, then the phone company closes its end, unless the ops are being nosy, which they do. They then disable both the ringing signal and ringback tone. How Red Boxing Works Well, if you didn't read the last section go back and read it, I changed my mind. When we put a quarter into a pay phone it makes 5 tones very quickly. A nickel will make 1, a dime 2 , and a quarter 5(5 cents each guys). This is sent to the phone company and they go 'Hey, he put in a quarter, I'm a genius'. You dial your friend and they decide how much money it should cost. Then, if and only if, I can't emphasize that enough, you've put in enough money they connect your call. Now, let's say that you a some gizmo that made the same sound that the quarter made earlier. You'd then be able to hold that gizmo up to the mouth-piece and make the noise, and ta-da!, the phone company thinks you gave them a shiny quarter. This is because they use ACTS, Automated Coin Toll System, which automatically recognizes coins based on those chirps. So now you can make calls anywhere for however long you want and they're all free! This is getting good! The Standard Tone Dialer Red Box Quite some time ago a phreaker realized that you could take your everyday radio shack tone dialer and make it into a red box by changing one part that controlled the tones. Now of course he was a smart guy and has lots of money. All you have to do is find yourself a radio shack tone dialer open it up and switch the 3.5795 crystal with a 6.5536 crystal and the * button will make the tone! A 6.5 crystal will also work if you have one, these work just fine and they are reasonably smaller. Also a 6.49 is super great if you can find them. Now let's take this one step at a time: First you need a tone dialer (a tone dialer is a white box). Radio Shack is the best place to get them though a few other places such as Digikey (www.digikey.com) sell them also. I'd recommend go down to your local radio shack as quickly as you can and buy all their tone dialers because they have been discontinued, I had to drive my ass all the way down to Fredericksberg last time (30 minutes) and they sell for around $50 on ebay. I'd recommend the #43-146 33-memory model from Radio Shack as that is the one I personally used. They used to run for about $25 but they're liquidating them and I've found them from about $5 to $2.97 and one guy found one for $2.47. This of course kicks some serious ass because I haven't had a spare $25 in a few months. Radio Shack does sell other models but the older ones are ugly and you cant be elite with those now can you? I've heard rumors and seen pictures of a newer model that is smaller, shaped better, has an LCD, more room on the inside, and remembers more numbers, but I'm not sure whether or not this is true. If you do stumble upon one of these send it to me and I'll figure out some cool stuff to do with it, or give you money, or let you have your way with me, whatever, just send it to me. Second you'll need a crystal. These are hard to find commercially because the retards at radio shack don't know what the hell you're talking about. Trust me, I've never been able to get one from them even though they're in the damn catalog with a number and everything. Now once again you can go to Digikey or some other place, but for this I recommend going to the various phreaking sites who'll sell them fairly cheap (yes they charge them up a little, but hey, 49 cents to $2.50 isn't that much is it?). I personally got mine from the Phone Losers of America (www.phonelosers.org) because they give neat-o stickers, but I've found other sites that claim to sell them as well. I've just switched to bulk ordering from digikey and selling them to others for about $2.00 each and will make them available at www.dcap.org (if it still exists) soon. These sites usually sell the 6.5536 crystals or sometimes the 6.5. If you can find a place that sells 6.49s get them. You'll also need a few basic tools. Some mini-screwdrivers, preferably the cool ones with the spinning top (Radio Shack cat #64-1948, remember flatheads work in philips but not the other way around). You'll also need a soldering iron or gun. I personally prefer my $15 Radio Shack 100 watt one (#64-2193, I love Radio Shack), because its 100 watts is way excessive and the gun shape is just bitchin. You can use a relatively low wattage, I'd guess around 15-20, but I'm not sure and since they take forever to heat up I'd say go all out. Also irons, by which I mean the pointy ones, are usually easier to use, but not as bitchin. You'll also need some idea of how to use a soldering gun, they usually come with instructions, the key is simply not to burn the shit out of yourself. You might want some tweezers or long needle nose pliers to use to manipulate things so that you don't have to put your fingers in harm's way. Wire would be good to have for some mods (modifications for those of you like me) like moving the crystal around and removing the light, none of which are necessary. Get magnet wire like Radio Shack #278-1345. I just tear apart phone cords for wire, but then again I have 50 phone cords I stole from military school when I got kicked out(www.rma.edu, they are their own ISP and give service to all of Front Royal and have a fun PBX). If you aren't as lucky just grab some off the phones on display in your local Walmart/K-Mart/Ames, the ones connecting the handsets to the bases or sometimes just chilling on the back. (Of course I don't encourag theft) Well, now that we have all the necessities, open up the tone dialer by removing the 6 screws, 2 on top and 4 under the battery cover. Lift of the top slowly, the wires connecting the speakers and such are likely to come off if you do it to fast or hard, just the way I like it. If they do come off strip them a little and solder them back on good as new. Now locate the crystal. It would normally be a little gray cylinder on the middle of the left side. They've also changed them so that they like capacitors sometimes, to insulate them (I've also heard to disguise them and honestly don't care, the point is that they look like capacitors). The models where they look like capacitors are easier to modify. Nothing to move out of the way or bend. They'll be in the same place, but it looks like all those other damn little brown things lying around (I don't trust capacitors...) and says 'Z3.58M' on it. I^Òve seen both types. Now unsolder that carefully. Next you need to put that new crystal in. The easiest way is to put it to the left of the solder points (or whatever the hell you call them) so that its about a 2 millimeters from the edge. You may need to bend some things or move them somewhere else in the tone dialer. Next cut the leads on the crystal a little if necessary and bend them downward so they touch the solder points. Now just solder it into place and you should be done. You can also run wires so that its in another part of the tone dialer with more room, or bend it somehow to the right or some other unlethargic thing. Once you have it working you can test it by holding the on/off switch in place and seeing if it works. If it does close it up and you're done. If not you've screwed up somewhere along the line. One problem I have is that the switch won't always touch when I close it up, mess with it a little and don't overuse you're 100 watt soldering gun and you'll be fine (I learned that the hard way). Once its working the * button will make the correct tone. Unless you want to hit the button over and over for a nickel just program the speed dial for 5 *s. On the 33 memory tone dialers switch the lower switch to store then hit Memory, followed by * five times, Memory again, and then the button to assign it to. I'd use one of the top 3 easily accessible buttons because I'm lazy. Now, if you're trying to make long distance calls and you don't want to hit the button over and over, or hit it too fast, program in a Pause between sets of 5 *s to separate them. You can use 0 to make it go faster but then if you're on with an op they'll know. Actually, a Pause is a little short for an op anyway so what the hell, hit 0. Personally I program the first button for 25 cents ending with a Pause. Next I program the second button with 4 of the first (yes, it works) to get $1.00. If I could I'd make the last one $5.00 cause all long distance calls seem to cost $4.80 but its too much for one memory slot so I program in 3 of the second button ($3.00) or just some little tune to keep myself entertained. Now, If you want to make a call that's say, $6.50, you push the third button twice, then agian, the the first twice. You can not queue up more than about $4.00 at once, meaning if you hit the $3.00 button twice it won't do the second one unless you've waited for about $2.00 to go in. If this isn't working then put it in by hand, one quarter at a time. Not that it matters to most people, but the * tone is actually both a 1700 Hz and 2200 Hz tone together if I remember right. The tones play at 33 milliseconds on then 33 off for the nickel and dime and 66 for the quarter so the quarter is slightly slowed (actually its really slowed but the phones don't seem to mind). Mods for the Tone Dialer Well, first off I always leave mine on and end up running down the damn batteries, and the most common mod stops this. All you do is take out the bulb. If you're like me and want to do it the fun way, take some giant electrical source (car battery) and just burn out the bulb. This is kinda pointless and stupid (and about as dangerous as putting a wrench across it) but its so much more fun. Once you've done this you can glue the on switch or just break it into its two pieces and just leave the inside part in so that it completes the circuit. Rewire it! The original wires blow, put in better ones. You might also want to make your own cheap switches because these also suck. You can also use a switch so that you can still use standard tones. Since having a tone dialer isn't illegal you can quickly flip your switch and be back to tone dialer so you're safe from the Verizon guy (who won't be able to figure it out of course). Regular tones themselves also come in handy frequently and music sounds better in regular tones. There are two ways of doing this... The easiest way to have both sets of tones is to get a two position switch, Radio Shack #275-407 is a small one that works well, also #900-7597. First you probably want to figure out where you want your switch to be, it should probably be on the outside (so you can switch it). You'll need to run wires connecting the switch to the solder points where the original crystal used to be. You can run these outside through the vents or where the battery cover goes. Then you solder one crystal to each end of the switch. You can cover the new switch and crystals (which will also be on the outside) with electrical tape or some other thing. Personally I think electrical tape fixes everything. Another way to run the switch is to have it down on the bottom of the tone dialer and run the wires around the side. This often involves taking out the board so that you can run the wires easily. You'll need to cut a whole into the bottom, and this is were an excessive soldering iron comes into its own ( they melt plastic quickly and accurately but smell like shit when you do). The hole needs to be big enough for at least the switching part or the whole switch depending on which switch you use. Another problem with this is you'll have to be able to fit both crystals inside the tone dialer which is a bitch. I'll go into this in the next mod in more detail... The harder way is kinda pointless but every good phreak has to have one of these stealth models (I don't anymore and look how unelite I am). The whole idea of this is to make it so that when the tone dialer is right side up it makes the standard tones and when its upside down it makes red box tones. This is accomplished by using a mercury switch instead of a slider switch, Radio Shack #275-040. Now the problem with this is you'll need to put both crystals and the mercury switch in there and that^Òs a royal bitch. There are easier ways to do this if you have smaller crystals, but this is a fairly good method for the more common 6.5536 crystal. You'll connect everything like the switches but you'll have to run wires around. Don't connect any wires yet. First cut down the leads of the crystals pretty short, about half a centimeter long. Put some electrical tape over soldering points for the transistor on the bottom, it will be a brownish thing running up and down a little right of the middle on the bottom. Now take the big yellow thing and flip it horizontally, being careful not to hurt it or its connections. Now, look at the back of the other side. There is a large open space on the bottom left of the speaker. Glue or use a little soldering to put the larger 6.5536 crystal there. This is often when people will use the 6.5, or 6.49 if you can find them, crystal because of lack of room. It is possible to get the 6.5536 crystal in there, but its a real bitch. Now, untape the bronzish circular thing to the bottom right of the speaker. Glue/solder the smaller 3.5795 crystal ( the original one) in the space behind it. Next connect a reasonably sizable wire (you can cut it down in a minute) to each end of the 3.5795 crystal and run them through the slit in the upper right of the circle its within, use thin wire. Then electrical tape the bronzes thing back down where it was. Now connect both of the crystals to the mercury switch and the mercury switch to where the crystal originally was. You might want to cover other connections with electrical tape as well to prevent screw ups. Finally orient the mercury switch so that when the dialer is held right-side up it uses the regular DTMF tones and upside down using the red box tones. If you are not sure which is which you can play with it some or try to use a multimeter. I can't think of a very good way to explain the orientation. Then you close it up carefully and hope it work. If it does DO NOT OPEN IT AGAIN. If you do you're a retard and retards break things. There definately have to be better ways to do this but I managed to get this way to work for a while. Other red boxes There are quite a few other types of red boxes. Most of them involve recording the tones to another device. Favorites seem to be the hand-held recorders or the yakbak types. These work fine just make sure you don't dink with the speed too badly. Another good one is writing it on a CD, or a tape for the poor among us, and just playing through headphones or out of one of those giant shoulder boom boxes that I like to carry around. And now they have these no-fangled MP3 playing devices. And guess what!, use your brand-spanking new PDA and put a nice dialer program and the readily available tones in it. Thats right, your personal digital assistant, or whatever the hell it stands for, makes a perfect redbox. I've also heard a lot about using hallmark recording card things, but since I couldn't find one in the store the other day I'm assuming (I do that) they don't make them anymore, and I don't think that'd impress the chicks much either. Since I first wrote this article I have found some modifications for the hallmark card red box. Basically you can replace the regular switch with an SPST to record an amount on rather having to just hold the button. This is accomplished by just cutting the wires to the original switch and replacing it with the new switch, polarity is unimportant so you don't have to wory about it being backwards. Also, to avoid bad recording quality you can replace the mike with a phono plug. This will allow you to hook this right into your sound card and get a very accurate recording. Just mark both the wires to the mike (both green) and cut them. Now replace this with a phono plug. Make sure that it has the same polarity by taking the wire from the center of the mike and hooking that to the tip. Then you just plug it right into your soundcard. You'll have to screw with the volume some to get it right, the key is to keep it fairly low. As high as you can get it without distortion. Once you've recorded the sounds in you can then remove the phono plug completely from the loop. Both of these mods are nice if you feel like making one of these hallmark cards but their are easier ways to make better red boxes. Other things you can do is create a new, better case for it and/or put in better wires, the ones in there really suck. This is really either a boredom killer or a challenge. There are a couple ways to get the tones. The easiest is to run a search on yahoo or some other search engine for keywords like red, box, and tone. Then you can just record them through your speakers. Biggest problem with this is distortion and what-not. This is also how you'll get the tones for the PDA or if you're using phonoplug technology. Another way to get the tones includes recording them from the phone itself. Just find two pay phones next to each other. Have one call the other. Drop quarters into one and record the sound through the other. You can also call someone's house from a pay phone and have them record the tones. Only problem is this requires friends, and even if you have them they aren't to be trusted. The whistles method is doable but incredibly retarded. The idea behind this is to get two whistles and tune one to 1700 Hz and one to 2200 Hz and blow them at the same time to create the correct tone. This is an extremely pointless waste of time. First you'd have to get the whistles, them tune them with a dowel rod camparing then to known sound, then practice to get the timing right, if you could even do it fast enough. Then tape them together and go blow them into a phone like a fucking dumbass. If you do this you ought to be shot but I've included it anyway. (I'd also figure you could do this with the tuning forks or whatever you use to turn the whistles, but what do I know...) Also you can get another white box (a tone dialer is a white box) or silver boxes (white boxes modified to have the A, B, C, and D tones) and make similar modifications. Sometimes its different, especially with the various homemade white/silver boxes and you'll have to figure out what is what before you can screw with it. Problems With Red Boxing First off, no 900 numbers for us perverts, sorry guys (and girls). Same with other weird pay pay phone numbers and some teleconferencing numbers. This is easily solved by beiging paste the pay phone but I'm not covering that here. It will not work on COCOTs (customer owned coined operated telephone or something along those lines). They do not use ACTS or even connect to the phone company while you're paying. The phone itself generates those dialtones and they're fake. Best thing to do in this situation is rip it apart and steal all the valuable parts that you can use for other things or sell to your phreak friends who know what to do with them. One COCOT can yield like five hundred dollars if you're a good business man. Or just go read a COCOT text file! The biggest problem I run into with red boxing is muted phones. Basically these phones won't let anything into the mouth-piece until you've connected. If you can blow into the mouth-piece and hear it come back through the ear-piece you're fine, if not then its muted (some phones have some weird tone filters, but this is extremely rare). These are a real pain in the ass, and around here comprise about 40% of the pay phones, but in other areas I^Òve been to its much lower. Around here all the Sprint and AT&T phones are muted while the slightly more common Verizon phones (and Bell Atlantic) are almost exclusively not. COCOTS aren't overly common but they're here. Now, if you come to a muted phone you can try putting in a nickel and sometimes it will unmute. You can also try to get around it by having an operator dial for you. Just hit 0 and tell her a button won't work or there's gum all over the phone or there^Òs feces in the phone booth seems to work. This rarely works for me here, but in other areas it can be done more frequently. If you can convince one of the nice ops its an emergency they'll break down and do it for you. Once they dial they'll ask you to put in your money, wait between quarter tones or it'll be pretty damn obvious, I'd also jingle coins and make annoyed comments while I was at it, actually, I wouldn't, but you should. You may have to bullshit an operator to get local calls as well. Local calls don't use the ACTS (Automated Coin Toll System) tones which is what you need the phone to recognize. Now, bullshitting the ops doesn't sound very hard but around here and can take a long time and a lot of patience. The best solution for local calls is 1010288 or the like. I just dial through AT&T, 1010228-1-areacode-prefix-suffix. I've heard you can sometimes drop the 1, the area code, or both if it doesn't work, but I've never needed to waste my precious time trying. A few things will trip you to an operator. Playback devices, like hand-held recorders often play too fast or too slow when you screw with the speed, so don't. You sometimes get the same thing when you have low batteries in any type of red box, whether it be a tone dialer, CD player, or yakbak. A lot of the time the sound on playback devices is too distorted, either from the recording process or just sucking. Some phones in general do trip ops all the time. You will ALWAYS trip to them on occasion from any phone (like 1 in 3 calls). I know one phone that gives you an op even if you pay and lots that does it whenever I try to red box. If there is a phone next to the one not working well TRY IT! Apparently that isn't obvious. Now, sometimes the operators just send you on your merry way when you red box some more money to them and they hear the sound. Others can tell the difference between quarters and tones because they're apparently slightly different (a shitload slower), but this is rare, and the ops who can often just say something clever and send your call through anyway. The ones who don't often say they'll call the cops or phone company goons which is usually bull and they should be shot for lying. I've also heard about the evil Bell guys holding you down until cops arrive. I've never had a cop or Verizon guy or cop come and never talked to someone who has, but there are some stories... The only time you may get in trouble with a red box will be if a cop searches you and happens to be some born again Christian phreak trying to make the world a better place, and actually knows what the hell it is. I've heard of people being arrested for having red boxes and I believe some folks from 2600 did some time for it. This also isn't much to worry about and should be considered extremely rare, and if you are arrested you'll just brag about how elite you are anyway so don't worry, its win-win. Well, that's about all for now. I'll try to revise this as much as possible because I'm sure there are quite a few errors. I'd like to point out that most of the information in this article is NOT original, or at least not completely. I've changed many things and rewritten them to be easily understood. Also I'm fairly sure that some of the things that I think are original won't be, this seems to happen alot. You get an idea and found out someone allready thought. The first article I read on red boxing was the 3rd issue from phonelosers.org. I also got other assorted information from articles off antionline.com (they had a nice box archive) and a lot of the hallmark mods came from a text by Phakier Phreakey (go back and read some of those for newbies articles, you'd be surprised the subtle information buried in a few of them). I do not claim to have create very much of this, but I've written everything in this text from scratch and not plagarized, it does have a fair amount of good, original information, and I think its a damn good file. Please let me know of any errors or things you think should be included, send it meggito@dcap.org. ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 8 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Operation of SMS Web Services by Strykar Short Message Service (SMS) is defined as the transmission of short text messages to and from a mobile phone, fax machine, pair of titties, or an IP address. These plain text messages have a maximum limit of 160 alphanumeric characters and cannot have images or graphics. Some cell phone manufacturers are changing this limit but is not completely model independent as of now. Consider that a message has been sent from a Web site or application that offers SMS services. The message is routed by the service to the users cellular network. The message is routed by the service to the users cellular network. (The bitch behind the Sun Sparc SMS server) It is recieved by a Short Message Service centre (SMSC), which directs the message to the recipent's cell phone. The SMSC sends and SMS request to the Home Location Register (HLR) to find the roaming customer. Once the request is recieved by the HLR, it responds to the SMSC with the subscribers status (active/inactive) and roaming location. If the status is inactive, the SMSC stores the message for a specified period of time. When the device is active, the HLR sends a SMS notification to the SMSC, which then tries to deliver the message. SMSC uses a Short Message Delivery Point to Point format for transmission of the message to the serving system. The system contacts the mobile device and if it responds, SMSC tries to tell it that you're not gonna be home soon and not to stay up. When the message is recieved by the user, it is categorised as sent and not sent again. 'Course, that'd be st00pid. Note that its usually not deleted immdiately as most admins use a weekly 'cleanup' of sent messages. The mobile device then beeps/shakes/cums with the preconfigured effect to indicate a message recieved. Read that message. _______________ ___________________ | | | | | | |Free SMS web sevice| | Your | Internet Link | www.mtnsms.com | | Computer | -------------------->> |___________________| | | |_______________| | | | | V _______ ___________________________________________ | | | | |Mobile| | | |device| Device status | *************** SMS request *********** | | aka | <<--------------->> | *Home Location* <<--------- * * | | | | * (HLR) * * SMSC * | | Cell | | * Register * * * | |______| | *************** *********** | ^ | | | ^ |______________________________________|____| ^ | | | | | |____________________________________________________________________| EOF ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 9 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The Best Thing About College ---------------------------- by: skwert I just finished my first semester of classes. Following my last class of the day, I took a shower. While in the shower, I began thinking about how much I enjoy college. There's a lot of great aspects of college life. It forced me to become an independent entity, like a lone bald eagle, soaring majestically above the other creatures of the wilderness. I can rely only on my own powerful wings to keep me from plummeting to my death. I can rely only on my own razor sharp talons to snatch up little rodents and fish and smallish dogs for me to eat. Oh yeah, sometimes I eat small birds too. I live in a nest high up in a tree. My genus and species is Haliaeetus leucocephalus, meaning "sea eagle with white head." Until 1994, I was on the endangered species list because of stupid humans using pesticides and destroying my habitat, but now I've been downgraded to the threatened list because of environmentalists, bless their souls. But to those of you who would dare destroy my home, know this: I keep my own "threatened" list, and your name's at the top, mutha! College teaches you to how to meet new people. I came not knowing anyone except a girl from my school named Kim, but I haven't seen her once since I got here, so I pretty much started from scratch. I live in a broom closet with two guys named Chris and Paul, and we became friends amazingly easily. For a while I thought there was a fourth roommate too, but it turned out to be one of the brooms someone had turned upside down. I spent two days trying to get it to tell me it's name. Hey, it's freakin' dark in the broom closet, and Paul was really quiet at first too! College has given me lots of time to do all those things I said I would do once I was in college, like update my web page once a week, learn every Weezer song on guitar, beat all those old video games I had saved up, and read all those books I never had time to read. Of course, I have since realized that just because I'm in college and have plenty of time to do all those things, doesn't mean I'm actually motivated enough to get up off my duff and actually do them. But the time is there, unless my mom is reading this, in which case I'm REALLY busy. Definitely way too busy to get a job. College = No more 56k modem. Nuff said. College makes you smarter. For instance, now that I'm in college, I know how to... um... er... Well, now I can... nah, that's not a good one... there's always good ol'... yeah... Ooh, I've got it. Now that I'm in college, I know how to do laundry! And it only costs $10,000 a year! What a bargain! College makes you more articulate, and that's really... good. College food is wonderful for my girlish figure. I don't know how some people manage to gain 15 pounds their freshman year. Never before has it been so easy NOT to take seconds. Sometimes I don't even take firsts! In college, you get to build a loft in your room. Watching our dads excitedly working on what would end up being our loft, I realized something. Little boys never outgrow the desire to build forts. That's all a loft is. It's a fort that you're actually SUPPOSED to sleep in, just like you always wanted to when you were little but your mom would never let you because "you'll catch your death, dear," or "a bear will eat you, honey," or "you little $h!T, get your @!$*in' ass inside before I @!$&in' tear a new hole in it! I don't know why I had you!" Yeah. Gotta love moms. In my college, you have to punch in the top secret passcode to get into the bathroom. You get to feel like a freakin' Area 51 scientist every time you have to take a crap! This has drastically changed my frame of mind about using the restroom. I don't ever feel like I have to poop anymore. Instead, I feel like I have to go check up on the transdimensional hyperspace warp drive we confiscated from Roswell, but when I get inside I realize I just have to poop. College girls go wild! Haven't you seen the commercial for the video!? Yeah, everyone has sex all the time at college! Well, that's what I've heard anyway. I met a girl here at MTU... once. But let me tell you, she was pretty wild! Well, in an "I love math and science and not being wild" sort of way. College gives me a chance to miss my sweet girlfriend, Emily. I can hear you going "Awwwwww..." Shaddap. College gives you a chance to shower mere inches away from other wet, naked men! If you want, you can turn and stare them straight in the eye over the "privacy barrier," and say, "You're naked. You're wet and naked, and I'm wet and naked, and our wet, naked bodies are only one-and-a-half wet, naked feet apart. How does that make you feel!?" Apparently, it makes them feel like punching me in the face over the "privacy barrier," because that's what always happens. Geez, just trying to make conversation... Now that we've come full circle back to the shower, I'll wrap it up with the number one best thing about college. Are you ready? The number one most absolutely awesome, amazingly cool, I can't believe you're still reading this, astoundingly great thing about college is... you don't have to worry about getting little hairs stuck in the bar of soap because dammit, you're THE ONLY ONE USING IT! YES!!! LIFE IS GOOD! I'm dumb. ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 10 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Router Password Recovery ------------------------ by: Ryan This article is on how to recover the passwords on the Cisco 1600 and 2500 router series. Each type has a slightly different way of going about recovering the password, so I will explain both. Although you still have to be in enabled mode on the router to do all that is involved, it shouldn't be that hard to get on the router when its in enable mode. Since most of the time the admin won't log off to save time later when doing more configuration to the router. Or you can always just put a keylogger on the machine that the admin is consoleing from :-). However, if you can get to the routers, just turn them off from the back so that you won't even have to know the enable password. Oh and to console in just hook a rollover cable to the console port on the router to the ethernet port on a computer then hyperterminal in to the router. Anyways, the first thing that you must do on the router is type in "show ver". This command will show you the current configurations register settings. Then restart the router that you are consoled into. After it has been turned off for a few seconds, turn it back on. Within 60 seconds of turning the router back on, press and hold the ctrl key, then press the break key. This will then interupt the routers boot sequence. You will now be at a prompt to change the configuration register. At this prompt you will tell the configuration register to ignore the configuration file in NVRAM on the next startup. However, here is were the 1600 and 2500 series of of cisco routers differ. If you are on the 2500 series router simply type o/r 0x42 and press enter. To reload the router, just type I and press enter. When prompted to enter the initial config, just type N (for no) and press enter to see the router> prompt. On the 1600 series of routers instead of > you will be greeted with rommon 1> whenever you interupt the boot sequence. First thing you do is type confreg at the prompt, and type Y when asked to change the config. Then type N til you get to the "ignore system congif info." question. Here you will type Y (for yes). Now you will be promoted to change the configuration again, just type N amd type reset to reload the router. Then when the router reboots type no when asked to intially configure the router so you will go to the router> prompt. Now you will want to go into EXEC mode, to do this just type in enable at the prompt. You should not be prompted for a password, since that is what you just hax0red. Now you can take a little look at the router configuration by typing in "sh run". That step is mostly for fun, just to see what all you did to the router. Now to modify the routers password type "copy start run". This will load the config file from NVRAM to RAM so that stuff you change will be saved on reload. Now you can take a look at the passwords that are on the machine by typing "sh run" again. They might be encrypted and will look like $5$768548764567988876896, you know, just crap. Now time to change/set a new password. To do this, just go into global configuration mode by typing config t (configure terminal). Now type "enable secret passwordhere", and exit by typing ctrl-z. Now to see what you have done type in "sh run" again. Since the password has been set by using "enable secret" it will be encrypted, but at least you can see if your changes are being done. If you want to change everything back to the way it was you can do that as well. Say you didn't want to let the admin find out someone has been tampering the routers so you can get back on them later and hax0r some more. Then this section is just for you. First, enter global configuration mode again by typing "config t" at the prompt. Then use the command config-register 0x2101 and ctrl-z to exit. Now reload the router by typing none other than "reload". Amazing eh? You will now be prompted to save your config, just type Y and hit enter. Now you are all set to hax0r up some Cisco routers. Why Cisco gave this option I will never know, but if your a router admin, I suggest buying some good locks ahead of anything else, since this is just a local hack. - Ryan (ryan@insidergaming.net) ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 11 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Stalking/Harassing an Online Service ------------------------------------ by kleptic Nearly everyone has heard horror stories about the internet. Pornography abounds, mentally deranged perverts stalk innocent victims while posing as women or children, hax0rs lie in wait to steal your credit card numbers. Sounds scary, right? That's why so many families flock to online services instead. Unlike the freewheeling Wild West spirit of the internet, online services are more like private clubs. Although nearly anyone can get in, the online service enforces its own rules about what you can and cannot do. Break the rules and you risk being thrown out! If you detest censorship (like I do), avoid the online services. If you think that an online service's restrictions are great ways to protect your children, think again. -------------------------------- CENSORSHIP AND PEDOPHILES ON AOL -------------------------------- America Online, the most popular online service, prohibits its members from using obscenity or transferring pronography through its services. In theory, this sounds perfect for families with children. in practice, these rules are enforced as often as politicians take pay cuts. And it's precisely because AOL seems safe for unsupervised children that it has become the perfect online stalking ground for pedophiles. ----------------------------- HOW PEDOPHILES STALK CHILDREN ----------------------------- If you're horrified at the thought of a pedophile contacting your child on AOL, pull out your modem and cancel your membership now. Doing so will guarantee that no pedophile will find your child on AOL, but it will also deny your kid access to "AOL's many useful resources." You have other options. AOL offers a parental control feature that allows you to selectively block portions of the service from your child. However, unless you know what portions to block, this feature won't be of much use. Chat rooms, where members can type messages to one another in real-time, are AOL's most popular stalking round for pedophiles. Because talk in chat rooms happens instantaneously, without supervision, as soon as one kid in Boston types a message, children in Seattle, Houston, and Chicago can read that message and respond to it. But chat rooms are like costume parties-people often mask their identities, including age and sex, which means that the kid from Boston might be a middle-aged man. Typically, a pedophile will enter a chat room geared toward children, such as a homework helping chat, a teen chat, or even a teen sex chat room. After watching the conversations and perhaps typing a few messages of his own, he looks for a victim to target. At this point, the pedophile has no idea whether a particular nickname belongs to a real child or an adult pretending to be a child (wouldn't that be funny?). To find a suitable target, the pedophile directs a few innocent remarks toward several other chat room members. The responses can help identify which nicknames belong to adults and which belong to children (misspellings and simple language are the most common giveaways). After focusing on nicknames belonging to actual children, the pedophile is ready for the next step. Chat rooms offer two ways to communicate with others: public and private messages. Public messages appear on the screen for everyone in the chat room to read. Private messages can only be read by the person they are addressed to (for those idiots that dont already know that). Once a pedophile has identified nicknames belonging to children, he sends a private message to one or more of his chosen targets. Usually these private messages ask more personal questions, such as age, location, favorite foods, hobbies, stuff like that. During this stage, the pedophile tries to gain the child's trust and friendship. Eventually, the child may have to leave the chat, so the pedophile arranges another time when they can meet in the room again. Because many children think they have found a new friend, they often readily agree. As the pedophile gains the trust of the child, he'll start asking more personal questions to determine where the child lives, what his or her parents do for a living, and when they might be out of the house. After several weeks or months, the pedophile may suggest meeting in person, even if it means that the pedophile has to fly to another city to meet his victim. Because the child may still be unaware of his new "friend's" true intentions, he or she may give otu personal information such as a home address or phone number. Because pedophiles don't want to meet their potential victims parents, they'll play off a child's desire for secrecy. When arranging a place and a time to meet, they tell the child, "Don't tell your parents where you're going." Depending on the child's relationship with his or her parents, thie child may balk and tell his parents anyway, or he may go along with the pedophile's suggestions as a way to rebel against his parents. After all, the idea of a secret meeting with a new friend can be exciting. Of course, pedophiles rarely meet most of their intended targets. Either the child stops using AOL, gets bored with his new "friend," or becomes suspicious and breaks off the relationship. But pedophiles can be patient, and whether it takes one or one hundred tries, they're willing to continue stalking chat rooms for children-because they know that eventually they'll find one kid gullible enough to believe their sweet promises. ------------------------------------ PROTECTING YOUR KIDS FROM PEDOPHILES ------------------------------------ The best way to protect your child from pedophiles online is to supervise their online activities and turn on AOL's parental controls to block access to chat rooms. To help friends find one another online, AOL offers a "Buddy List." You list your friends in your list and the moment any of them come on AOL you're notified. Of course, online stalkers can also use this feature too. Once a pedophile has visited a few chat rooms, he can put all the names of his chosen victims in his own buddy list. That way if your child connects to AOL at the same time the ped is online, the pedophile's buddy list notifies him so he can send a message to your kid. By using a buddy list , a pedophile can stalk fresh victims in chat rooms while lying in wait for previously targeted victims as well. To further protect your kid from pedophiles, turn off the buddy list feature to prevent your child's nick name from being put on anyones list. Although this effectively prevents your kids friends from using the buddy list to contact each other, it also prevents any pedophiles from knowing when your kid is connected to AOL. (Just make sure that if you turn off the feature, your kid doesn't turn it back on. Kids are smarter then adults when it comes to computers.) ------------------- TRADING PORN ON AOL ------------------- AOL's rules state that you cannot transmit obscene or pornographic material through its services. Theoretically, this makes AOL safe for kids and familes to use. Realistically, expecting AOL to enforce its rule is hopeless. Connect to AOL 24 hours a day, seven days a week, and you'll be able to find chat rooms where people are engaging in cybersex or swapping porn files. Don't be fooled by AOL's public image as a family-oriented online service. People trade pron over AOL by visiting a chat room and asking "if anyone would like to swap pics." Once 2 members agree to trade, they simply e-mail the pictures to the other user. --------------------------- HARASSING AN ONLINE SERVICE --------------------------- AOL, and Prodigy have all made their share of blunders over the years. Besides AOL's history of censoring e-mail, CompuServe once pulled the plug on an entire internet newsgroup because the German government considered them obscene. In their earlier history, Prodigy censored e-mail as rigorously as AOL, causing widespread dissatisfaction among it's members. Given the constand, clumsy, and often unnecessary actions of online services in the interest of protecting their services from pron, obscenity, or just plain naughty words, it's no surprise that many people have lashed out against them. Here are a few examples. ----------------------------------- GENERATING FAKE CREDIT CARD NUMBERS ----------------------------------- One of the most popular ways to harass an online service is to create a bogus account using a fake credit card number. Because online services want members to sign up as soon as possible, the moment you type in a valid credit card number, you can start using the entire online service right away. One legal way to get a free account on an online service is to sign up with one credit card, cancel your account when your free trial period is over (typically one month or a fixed amount of usage, such as 50 hours), then sign back on to the same service with a different credit card number. This method works as long as you have different credit card numbers. Because most people don't have multiple credit cards, they do the next best thing and create their own credit card numbers instead. Credit card companies, such as Visa or American Express, create their credit card numbers using a mathematical formula. You'll note that credit card numbers are rarely similar, and you'll never find two people with credit card numbers that differ by only one number because of the possibility of erroneously charging one person for another persons purchases. Rather than try to gues the mathematical formula used to create valid credit card numbers, just use a special credit card-generating program. These programs create credit card numbers using the same mathematical formula used by your own credit card company. When you sign on to an online service with a credit card number created by a card generating program, the online service just checks to make sure the number is valid according to the credit card's mathematical formula. If the number is valid, the service lets you create an account. The service won't verify that the credit card number is valid for a day or two, so until the service catches on to yoru fake credit card number, you'll have rein-absolutely free! And, if you use a fake name address, and phone number, the service will never catch you-unless they trace your call. The moment the online service finds out that you're using a fake credit card number, they can ask the phone company to trace your call from their dial-up connection phone number to your home. As long as you use fake credit card numbers sparingly, the service probably won't take the time to follow up. ------------------------- CAUSING CHAOS WITH AOHELL ------------------------- Using an account created by a fake credit card number allows you to break the online service's rules with little risk of getting caught. As a result, many people who create fake accounts also use special harassment programs as well. Perhaps the most famous harassment program is one named AOHell. Written by ex-aoler member who calls himself Da Chronic, AOHell is designed to wreck havoc on AOL. AOHell works with AOL's software. Once you're connected to AOL, you load AOHell and up pops a floating window that lists its features in a simple push-button interface-features that range from the extremely useful to the downright illegal. You can use AOHell to encrypt your e-mail; send a mass e-mailing; e-mail bomb an account by flooding someone's mailbox; or automatically deliver a canned reply to instant messages. You can even use AOHell to block instant messages from particular individuals. If a particular person grates on your nerves in a chat room, yo ucan fight back with AOHell. Click one button and AOHell draws a gun pointing at a stick figure with the name of the person publicly displayed for all in the chat room to see. Click another button and AOHell scrolls an ASCII drawing of a raised middle finger. For another type of prank that borders on the illegal, AOHell offers a fake "forward message to" feature, specifically designed to let you send e-mail to AOL administrators, falsely claiming that someone is writing e-mail to you that violates AOL's rules. To give you an idea of this feature's capabilities, AOHell provides an example fake forwarding message that purports to be from AOL's president soliciting a user for shameful acts involving bodily fluids. Although users are repeatedly warned that they should never give out passwords or credit card numbers to anyone online, many people stil don't realize the danger. AOHell offers a password/credit card fisher that lets you take advantage of them. Just enter a chat room, click on the fisher button, and AOHell sends an official looking message to the person of your choice, claiming that AOL's billing department needs that person's password or credit card number. Obviously, this AOHell feature can be exploited for illegal use; but now that you know it exists, it should remind you never to give out important information like passwords and credit card numbers while online. Although AOHell was one of the first and most popular online harassment programs, copycat programs have popped up with names like AOIce, CompuDaze, ProdigyKiller, Apocalypse Now, AOTurkey, LameProd, CISHack, RIPPClaw, and America Flatline. Most of these programs offer similar features, although some require a password to use them. ------------------------------------------------------------- FINDING CREDIT CARD GENERATORS AND ONLINE HARASSMENT PROGRAMS ------------------------------------------------------------- Credit card generators and onlien harassment programs can be found on a hacker web site; but because AOL and other online services frown on their distribution, these hack sites tend to disappear with alarming regularity. Most manage to last for a while before AOL (or another online service) threatens the web site with legal action. To read and write messages to others interested in using, harassing, or criticizing an online service, browse through one of these Usenet newsgroups: alt.aol alt.aol-sucks alt.oneline-service prodigy.classic ------------------------------------------ WRITING YOUR OWN ONLINE HARASSMENT PROGRAM ------------------------------------------ Rather than use an online harassment program written by someone else, many hackers prefer to write their own. The most popular programming language used to write online harassment programs is Microsoft Visual Basic. Not only is VB inexpensive, but it allows ANYONE with little programming experience to write a Windows program quickly and easily. Once you have a copy of VB, you need to know how onlien harassment programs work. Most online harassment programs use two special VB Commands called AppActivate and SendKeys. The AppActivate command loads and runs another program. In the case of an online harassment program, the AppActivate command is used to load the communication program for AOL or Prodigy. The SendKeys command mimics a person typing at the keyboard. For example, the SendKeys command can type a phrase, press CTRL-X, or choose menu commands from any program defined by the AppActivate command. The combination of the AppActivate and the SendKeys command lets you write a VB program that can type keystrokes into another program as if you were typing them yourself. At the simplest level, an online harassment program is nothing more than a fast, automated typist that lets you raise havoc on the online service of your choice. If you were a fast typist, you could harass an online service just by typing insults or commands yourself; but because most people can't type at the speed of light, they let an online harassment program do the typing instead. That way they can quickly pop in and out of various forums or chat rooms on the online service, cause havoc, and disappear just as quickly as they arrived. As a result, online services can never defend themselves against an online harassment program. The only way to prevent an online harassment program from working is to prevent legitimate users from typing on their keyboard while using an online service. Many companies sell commercial and shareware add-on programs designed for AOL. These add-on programs use the same features as online harassment programs, but instead of letting you type insults or e-mail bomb another member, add-on programs automate other features for your convenience, such as deleting e-mail quickly or responding in a chat room with a prewritten response. If AOL implemented a way to prevent online harassment programs from working, it would also keep these AOL add-on programs from working. Once you understand that an online harassment program is nothing more then a program that automates typing in another program for you, you're ready to write your own online harassment program. But rather than create something from scrath, programming (like homework) is always easier when you copy and modify somebody else's work instead. Of course, online harassment programs rarely offer their source code. If you find a particular online harassment program that you want to emulate, your best bet is to decompile the program, wich can recover the actual VB source code. To decompile a VB program, you can by a program called the VB Decompiler. This program dissects any program created by VB and generates the source code for you to examine. By using the VB Decompiler, you can decompile your favorite online service harassment programs, such as AOHell, to see how the program works. Once you ahve generated the VB source code, you can copy or modify the source code and create your own online harassment program for your own use. (But if anyone asks, you didn't hear that from me.) -------------------------------------------- PROS AND CONS OF HARASSING AN ONLINE SERVICE -------------------------------------------- If an online service catches you harassing its members, their reaction can be as simple as cutting off yoru real (or fake) online service account, or as drastic as having you arrested for credit card fraud, illegal computer use, and whatever else. But don't think that harassing an online service is just for bad guys trying to spoil other people's fun. Many self-proclaimed online vigilantes haunt online services specifically to stalk online stalkers such as pedophiles. The moment they find a pedophile trying to recruit a child in a public chat room, they use an online harassment program to send a warning to the offender, send a mail bomb to flood the offender's e-mail box, or just boot the offender in the ass. An online harassment program is a tool. Abuse it and you can make the lives of legitimate online service members miserable. But use it to defend children against pedophiles, and you may be considered a hero. The End ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 12 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ IP address's in HEX and Decimal By kewlmaniac Have you ever seen a web address that just didn't seem right? A bunch of numbers that really didn't make any sence? (I.e. http://3507157333/) I will show you what they mean and how to decipher them. To start off, I am assuming you have a knowledge of the internet in general and how IP structers work. All computers on the internet have an IP address. Basically just a long number telling other computers where to locate it. An example of an IP address is: 216.115.108.243. (DNS: yahoo.com) Instructions: Have an IP address.. Any will do. We will use 216.115.108.243 as an example. There are four parts to an IP address, seperated by decimals. Step one: Convert the first part of the IP address (216) into hex. You will get "D8". Write this down, as you will need to merge all of the four parts! Step two: Convert the second part of the IP address (115) into hex. You will get "73". Write this down! Step three and four: Do the same for the 3rd and 4th parts of the IP address.. You should get "F9" for the 3rd and "55" for the 4th. Decimal | Hex 216 = D8 115 = 73 108 = 6C 243 = F3 Step five: Now, combine ALL hex values, starting with the first and going to the last.. You should get "D8736CF3" Step six: convert the hex value you just got (D8736CF3) to decimal. You will get: 3507157333 Done! Decimal: 216.115.108.243 HEX: D8736CF3 Decimal: 3631443187 Meaning: http://3631443187 is the same as http://www.yahoo.com and http://216.115.108.243 NOTE: Now, in order for this to work, the hex value, for each seperate part of the IP address MUST have two digits. Therefore, whenever you get only one digit, put a zero "0" infront of it. Example: x.x.x.10 (10 = A) That would equal "0A" _______________________________________________________________ |______________________________________________________________ | || || || ___ _ ____ _ || || / _ \ _ _| |_| __ ) _ __ ___ __ _| | _ || || | | | | | | | __| _ \| '__/ _ \/ _` | |/ / || || | |_| | |_| | |_| |_) | | | __/ (_| | < || || \___/ \__,_|\__|____/|_| \___|\__,_|_|\_\ || || || ||_____--------------------------------------------------______|| |_______/-----------------------------------------------\_______| ___ _ _ | __(_)_ _ __ _| | | _|| | ' \/ _` | | __ |_| |_|_||_\__,_|_| \ \ / /__ _ _ __| |___ \ \/\/ / _ \ '_/ _` (_-< \_/\_/\___/_| \__,_/__/ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PUT THE WORDS IN HERE: well.. here i am - helping kleptic out with another zine. we'll keep the hows and whys out of this, suffice to say i'm here for this issue and we'll see how things go, and how the public reacts to this zine. i feel that the most diplomatic approach is to start a new zine, and klep is basically doing the right thing so! i think the new zine is looking quite gnarly. if it progresses well, then imagine what it's going to look like in a year's time. it'd be nice if we can keep this thing going and release it once a month, so send your texts to kleptic now if you feel like bugging someone, expressing an opinion too short to be called an article, or just like seeing your name up in ascii text - then feel free to email me (root@fwaggle.net) and i'll be including a mailbag file whenever i recieve enough email to make it worthwhile. so feel free to stalk me ;) remember that we are a free speech magazine - so don't write us saying about blah blah blah so-and-so should be shot for saying that. that's not what free speech is about. free speech is about this: "i disagree with what you're saying, but i respect your right to say it" if you're not prepared to use that approach, then don't even bother emailing us. other than that, i hope you enjoy the zine. and i really hope that i'll have enough time to actually write texts for two zines ;) - fwaggle ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ++++++++++++++++++++++++++WATCH THIS SPACE++++++++++++++++++++++ ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ -°°°±±±±±²²²²²ÛÛÛÛÛÛÛÛÛ²²²±±°ð-|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛÛÛ²²²±±°- +-+-+-+-+-+-+-+-+ ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij OutBreak Contents may not be used with out express written permission By the Editor kleptic@grex.org COPYRIGHT©® 2002.