#################################3444444$44$$44$$44$4$4$4$44$4$$$4PoRPoRPoRPoRPoRPoRPoRPoRPoRP ##33 ###33$4$44$ $44$$RPoRPoR PoRPoRP 3## 334$$$4$ $$$RPoRPoR PoRPoR 33# 3##$4$$4 $44RPoRPoR PoRPoR ##3 3333333 ##3#$4$$ 4$4RPoRPoR PoRPoR PoRPoR ### #33#3#3 3#33$4$4 4$4$4 44$RPoRPoR PoRPoR PoRPoR #3# #####33 ##33$4$4 444444$ $$$RPoRPoR PoRPoR PoRPoR #33 ####333 33##$4$$ $$$$$44 444RPoRPoR PoRPoR PoRPoR 33# ####### ###3$$$4 4$44$$4 $4$RPoRPoR PoRPoR PoRPoRP ##3 3#3##3# #33#$4$4 $44$$4$ $4$RPoRPoR PoRPoRPo 333 ####33# #33#$44$ $44$4$4 4$4RPoRPoR PoRPoRPoR 33# 3#3#333 3###$$4$ 4$$4$44 44$RPoRPoR PoRPoRPo 333 ##334$44 4$$$$$$ $44RPoRPoR PoRPoR PoRPoRP 333 3#333$$44 4$$$444 $$4RPoRPoR PoRPoRPoR PoRPoR ### 33#3#3#3###3##3333##3$4$$ $44$$44 $4$RPoRPoR PoRPoRPoR PoRPoR 333 #3#3#3#3#3333333#333#$4$4 $4$4444 $44RPoRPoR PoRPoRPoR PoRPoR #3# 3#3##33###33#333###33$4$$ $44$$$4 $44RPoRPoR PoRPoRPoR PoRPoR ##3 #3#3#3#333#3#33333333$444 $4$$4 4$$RPoRPoR PoRPoRPoR PoRPoR 333 3#3#33#33##3#33#3##334$44 $$4RPoRPoR PoRPoRPoR PoRPoR 33# #33#3#33###333#33###3$44$ 4$4RPoRPoR PoRPoRPoR PoRPoR 333 #333#333333#3333####3$4$4 444RPoRPoR PoRPoRPoR PoRPoR 333 ##33##333###33####3#33444$44 4$$44RPoRPoR PoRPoRPoR PoRPoR 333333333333333333333333333333333333333#$4444$44444$4444$44$$4444444$444$444PoRPoRPoRPoRPoRPoR ___________________________/-=Current PoR Memebers Are=-\________________________________ * I-baLL - Current PoR webmaster; maintainer of the PoR community; and, currently, the most prolific member of the group. * Judas Iscariot - He, along with Gonzo (see below) are the true founders of PoR. * Gonzo - a longtime veteran of the Underground, started out in the group L.O.S. in 1990. After L.O.S.'s disbanding, he continued to stay active in the hacker community, was published in various publications, and has even been seen in "Freedom Downtime." He is a founding member of P.O.R. * Murd0c - Murd0c likes phones. He also likes to drink alot. One time murd0c drank so much, he social engineered AT&T to send beer through his phoneline. He called his new invention the telebeer. * Enamon - Enamon is. * MikeTV - MikeTV was born a poor little black boy and crawled his way to stardom in a greusom series of gladiator matches. He has since left the arena behind and resigned himself to creating art for POR. No hacking skils. No Nunchuck skills. He is only a Mascot. * Scientist - Resident ham operator and mechanic. * Venadium - Resident Krusher of Emo * Rob T. Firefly - Rob T. Firefly is an amateur hacker, prankster, and comedian from Long Island. Formerly known as Rufus T. Firefly, he has been active in the scene for over a decade. Rob went on to become a staff member and occasional editor of the PLA's spinoff zine, United Phone Losers. Rob's personal site can be found at http://www.robvincent.net. * Sephail - Programmer, magnetic stripe reader, DTMF decoder. His website is located at: http://www.sephail.net _________________________________________________________________________________________ + __________________________________________________________________ PoR Issue #1 | | Table of Contents: | | 1.) Introduction from the temporary editor | | 1.) Logical Web Hacking:Some methods of exploration | | 2.) Accessing T-Mobile VMBs. | | 3.) Getting free web access on TCC Teleplex Web Kiosks. | | 4.) Adventures in trying to dial 10-10-288-0 from Verizon Hybrid | phones (yes, I've finally found a method..) | ----------------------------------------------------------------- + ***************INTRO******************** I-balL writes in: Hey. We're PoR and this is our first premiere issue. I'm not expecting it to blow anybody's mind or the socks off their feet but I'm hoping that it will evolve into something great. As I'm writing this I'm already working on Issue #2. -=I-baLL=- P.S. Please excuse the poor editing. It's late. + + ****************************************************** ***Logical Web Hacking: Some methods of exploration*** ****************************************************** ************** -= By: Scientist =- ******************* When someone sees "WebHack", they immediately jump to SunOS and ISS exploits, how they can hax0r teh gibson, and generally silly and complex things. They forget the true nature of hacking: exploring. By looking around and poking here and there, we find some neat stuff. Handscanning and Wardialing show this nature. You keep constantly pushing a button until something neat comes out of it. Web Hacking is similar to this. You constantly push something as far as it can go, and then you see what happens. However, by thinking about general web design and knowing something about HTTP in general, you can make your life alot easier. I classify all information that can be found out in two ways: visible, and feelable. Visible information is just looking around without prodding. Examples are reading a number off of a payphone, listening to radio activity, and, to a certain extent, taping phonelines. In the case of WebHacking, these are viewing the source of pages you're meant to be on, google-hacking, and other stuff that won't be seen. Feelable is information you can see, but you give away the fact that you're looking. Going to our previous example, feelable information would be wardialing from that payphone, RF data reinterpretation (sending out radio signals to see what response you get), and using that line you just tapped. The reason these are important are because of the risks you take. Visible information is riskless; true visible info is not able to be reasonably tracked. Visible information specifically does not tick off website alarms that tell the site owner to put all the neat stuff away. However, that does not make feelable info completely taboo, just realize that it's most likely a one time information splurge, it won't stay long. Well, I bored you enough didnt I? Lets get to techniques.... -=Techniques=- *Google-Hacking: Google revolutionized webhacking by suddenly adding a searchable keyword database for thousands upon thousands of websites. To be more specific, they added the ability to not only find your search queries in the website text but also in the website URL, title, etc. One of the things this helps alot with is once you find a neat WebHack that works one place (say you figure out that all the passwords for a site are hidden in a directory called /cgi-bin/CreCarServ/), you can search a general website signature and find hundreds of other sites that have the same vunerability. The best example I can give of this is the old PayPal (and probably other credit card brokers) link hack. PayPal was simply a middle man in the whole deal, and clicking a paypal link hooked you into a CGI script that, by parameters in the link, knew how much to charge you, who to send the money to, and what website to forward you to afterward. Thats right, they would just send you to another link, usually on the same site, that would have a form that you could enter in the information you needed to get the service that was "charged" for. Originally the link was plaintext, and you could just copy and paste it, but eventually PayPal caught on. However, searching google for "Thank You" and "Registering" you could find these sites anyhow. Google hacking brings us to another, more directed hack. Google hacking is completely invisible. *Robots.txt Hacking: Well, to solve the google hack, some mediocre web designer decided that if he banned google from searching his directories, they wouldnt be searched. So, he looked at google and found out about robots.txt, something that google looks for before it searches through your site and find out what to update daily, what not to update at all, and what directories to keep clear of. Well, by making robots.txt ban google from looking at the secret directories, he actually tells us exactly what to look for. When we find a site we think might be defended in this way, just look at robots.txt. Thats usually a good hint as to where all the fun stuff is. Robots.txt hacking is VERY visible. *Mental/Logical Webhacking: If you read a safecracking book, they tell you about psychological safecracking: the idea that humans think alike, and thus by getting into the mind of the safeowner you can figure out the safe code. This is a bigger security risk then we think. Considering these sites are also made by people, and not terribly smart people at that (mostly people that use front- page, I am not talking about all you true webmasters out there) we can get into their minds. Sadly, the best example I can think of is porn sites. Most sites have sample sites that allow you to see some pictures of what's in their site. Alot of times, these are actually hosted on what are known as TNG bases (thumb nail galleries) that host galleries for a bunch of sites. Because of their size, the galleries are made with automatic programs that usually name them sequentially. Thus, by looking at the directories they are in, and other such things one can find how large these truly are and find other directories and pictorials. This text is meant to be a taste of something to get you initiated to exploring. Look at my ideas! They are by no means concrete! + ****************************************************** ***************Accessing T-Mobile VMBs**************** ****************************************************** **************** -= By: I-baLL =- ******************** Background info: I've been with T-Mobile for a few months now but only recently did I notice that when I dialed my T-Mobile vmb (by holding down the 1 key) my cell phone dialed some weird number. So I went to my "Dialed calls" log and copied down the number. The NPA (805) proved to be a Californian NPA located in Santa Barbara to be exact. The exact NPA and exchange is 805-637 and is one of the exchanges in the 805 NPA which is owned by T-Mobile. Now T-Mobile itself is located in Bellevue, Washington (the state not the district.) so I'm not sure why it would own blocks of exchanges in a Californian NPA. Anyways, I dialed 805-637-9999 and got the message which I'll paraphrase as: "Please enter the 10-digit number of the T-Mobile customer you're trying to reach now..." Then I dialed the number which my cell phone dials to access my own vmb... *drumroll* 805-637-7243 (805-MESSAGE). I reached my VMB. So then I hung up, dialed 805-637-9999 and entered "805-637-7243" as "the 10-digit number of the T-Mobile customer you're trying to reach..." I was expecting to hear my voicemail greeting. Instead I heard somebody else's voicemail greeting and realized that 805-637-7243 was not a backdoor number to my vmb. "Hmmm.." I wondered to myself, "Could it be that T-Mobile assigned 805-637-7243 to one of their Californian customers?" If that was true then it would mean that I wouldn't be able to reach that person from my own cellphone seeing how, when I dialed that number I instead got into my vmb. So I called up a friend and asked him to dial 805-637-7243. He did and told me that he heard "Please enter the 10-digit number of the T-Mobile customer you're trying to reach now..." That was the exact same message as 805-637-7243. That would mean that I could only access my voicemail box by dialing 805-637-7243 only if I was dialing that number from my cell phone. While all this was happening I went to http://www.bellsmind.net in order to get information on the 805-637 exchange. And what did I see there but, and I quote: "805-637-7243 VMB T-Mobile's Nationwide VMS access number" (with credit given to "Greyarea" for finding this number.) So I called somebody else who had a T-Mobile phone and asked them what number their cell dialed to access their voicemail. Turned out it was the exact same number (805-637-7243.) Alarms were going off in my head. I couldn't believe the possibility that had arisen amidst these pieces of information. I had a concept that had formulated in my mind and all I had to do was prove it to myself. A few hours later I sat down on the bed with a friend's cell phone and spoofed my own cell phone's caller id number. I'm not going to describe how that was done because I still need to have some secrets, don't I? Then I dialed 805-637-7243 (I keep repeating the number so you would remember it. A mind, unlike a notebook, can't be lost. Well, that's not exactly true but that's not the point.) and waited with crossed fingers, baited breath, and a collection of good luck charms that would make the curator of the Smithsonian proud. "...You have 3 new voice messages" said the pre-recorded voice on the other end of the line and I jumped up from my bed in excitement. Well, I didn't jump. It was more of a rolling stand. Anyway, I was excited. Proof of concept has been achieved. So let's run this down into a simple explanation of method: Step 1: Obtain cell phone number of T-Mobile customer whose mailbox you want to access. I used my own. Step 2: Spoof your Caller ID to that of the T-Mobile customer's cell phone number. Step 3: Using that spoofed CID dial "805-637-7243". Step 4: There is no step 4. + ****************************************************** ****Free Web Access on the TCC Teleplex Web Kiosks**** ****************************************************** **************** -= By: I-baLL =- ******************** TCC Teleplex introduced their internet web kiosk payphones sometime in the fall of 2003. The web kiosks themselves are Marconi Interactive Net Neptune 800 Web phones. Marconi Interactive is a UK based telecommunications company that makes all sorts of weird looking payphones. Especially the Neptune 800 model whose "full QWERTY keyboard" doesn't even include quotaiton marks. Anyways, this article isn't about Marconi Interactive though the exploit mentioned here can probably be used anywhere else where you can access Google from the web kiosk for free. Anyways, here's the deal: You want to get free internet access on the kiosk, right? Well, here's the deal: The kiosk allows you to access Google for free. In fact, anything within the Google domain is accessible. That includes Usenet (Google Groups) and GMail. The trick, though, involves Google Images. The thing with Google Images is this: When you google for an image, let's pick Goatse, Google givesdyou back a result. Now when you click on the result Google goes to a frame page. The url in your address bar still says images.google.com/blahblahblah and the top part of the page is a frame which features a thumbnail of the image, a link to the image and some text which I've never bothered to read. The trick, as you might've noticed, is that the url still says that you're inside the Google domain. That's right! The web kiosk allows you to see the site for free as long as you keep that annoying Google frame on top of the screen. But just googling for images is a crapshoot way of going to websites. Instead all you have to do is memorized the url that google uses to display the 2 frames. The main frame (which is a Google frame thus you get to keep the Google domain in the url) and the site frame which has the site on it. The url is: http://images.google.com/imgres?imgurl=http://xxx.com&imgrefurl=http://www.yoursite.com/ The imgurl part is the url of the image you're Googling for. Since you're not googling then just make sure that that part in the url follows the normal url format. You know, http://www.xxx.com. The important part of the url is the imgrefurl part. It's basically the url of the website which has the picture on it. But since we're not looking for a pic we just put in the url of the website that we want to go to in there. So let's say that you want to go to Slashdot. That means you'll type: http://images.google.com/imgres?imgurl=http://www.f.com&imgrefurl=http://www.slashdot.com Ta-da! Oh, and now click on the lower border of the google frame and move it up. That's right! you can resize the Google frame so it's virtually not there! Downsides: If a link opens up a new window then you must look at the new window in the size with which it was open. If you maximize it then the kiosk will ask you to pay. Also, you won't be able to click on the links in the newly opened window. So as long as the links that you click on don't open up any new windows you're a-okay. No cookies! No cookies are saved! That means you can't login into any websites! Which sucks. Other methods: You can always go into Google prefernces are check off the "Open links in new windows" option. But the problem with that is that the sites you go to, by searching for them and clicking on the links, will appear in a small window and you won't have the ability to click on the links on the site. Problems: The big problem with the kiosk is that they have web filtering software. 2600.com is banned. http://www.phonelosers.org is banned. http://www.binrev.com is banned. The stupid thing is that TCC Teleplex never reveals that they ban certain sites. And that's bad. Here's a map of all their web kiosks in NYC: http://www.tccteleplex.com/map.htm + ****************************************************** *****How to Call 10-10-288-0 from Verizon Hybrids***** ****************************************************** **************** -= By: I-baLL =- ******************** So you need to dial that hot new WATS teleconf from your local truckstop but don't want to pass your ANI to whoever runs it. But you realize that you're standing in front of a Verizon Hybrid! Oh, no! Feeling screwed, aren't you? Not to worry! Pull out that dialing finger and start pushing buttons. More specifically push #,C,O,I,N. That's right! #2646. You'll hear the hybrid dialing in the distance background until suddenly you hear: "Thank you for calling the Gemini Calling Center!" (I've no clue whatt his is. Anybody have any ideas?) Then there's a beep and you can record a message. do us all a favour and don't do that. Instead push #. Now you hear the hybrid hang up. Stay on the phone until you hear a dialtone come up. That's a real dialtone! Now you can dial 10-10-288-0! OMG HAX! Other methods that might work on other phones: *67 or 1167. It might drop you to a dialtone or it might not do anything. also try 0+10-10-288-0 as well as 00+10-10-288-0. Good luck! ---------------------------------------------------------------------------------------------- + Well, that's that's about it for the first issue. I'll be going to sleep now. Don't forget to email us with any interesting information. Or with comments/questions. Our email addie is: patternsofrecognition / at \ yahoo.com And our home site is: http://www.thesearentthedroidsyourelook.info/ Good luck in the future world of today! (Is that too cheesy? Maybe I should cut that out....) ______________________________________________________________________________________________ *Insert obit here.* ______________________________________________________________________________________________