West Coast Phreakers Presents | | | | | | /\ | | | | | | | | | | | \| |/ | | | | | | | | | | | \ / | | | | || | | | | | | ------------------------------------------------------------------------------- "The Year of Phear" Issue #5 (August/September 2005) ------------------------------------------------------------------------------- Holy Fuck, its the one year anniversary edition! +_+_+_+_+_+_+_+_+_+_+_+_+_++_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+ .- Introduction -. Opening Words ............................................ Maniak &smes Sweet Numbers to Call ...................................... The Crew Site of The Nite ........................................... Maniak H/P News Board ............................................. Various And So It's Been Said....................................... smes _________________________________________________________________________ .- Documents -. What I did at DEFCON 13..................................... El Jefe Next Generation Phishing.................................... smes A Guide through SchoolVista................................. Lghtngclp The GTD-5 Bug............................................... Maniak Step By Step: A true story of social engineering............ PoT ________________________________________________________________________ .- Conclusion -. Shout Outs .................................................... The WCP Crew Closing Words.................................................. smes __________________________________________________________________________ *********************************************************** *smes's Great Introduction and reflection on the last year* *********************************************************** To tell you the honest truth, I didn't think this crazy 'zine would last a year. But alas, I have been proven wrong. I got the original idea for what is now West Coast Phreakers from browsing around the PLA State group directory. When browsing through the list I noticed that all the Canadian groups were long dead. So then the idea hit me harder then a transit bus would hit a toddler, and I came up with PLVI. PLVI: Phone Losers of Vancouver Island. After getting flamed off of Cal's forums for posting the idea I changed the name to West Coast Phreakers. I then reposted this idea around some other forums. From this posting I got two emails: One from W Ellis (who unfortunatley I have never heard back from) stating his intrest, and the other from some fucker named Maniak who thought this would be a grand idea. I then found EBG hosting who, for a scant $3.15 CDN a month, hosts this site and provides the bandwith. Now I would like to take a look back at the year past and point out three rather interesting somewhat h/p related events: 3) Paris Hilton's Contact List being made public: Much like her infamous (and un-hot) sex tape spread like wildfire around the internet last year, Ms.Hilton's Contact list made its internet debut. This made for one hell of a weekend on the PLA voice bridge, Cal's Forums, and various other web forums. It was celeb prank call mania. Nicky Hilton was wondering why she was on the Walmart intercom, Paris Hilton called Baconstrips a fag, and best of all Late Night with Conan O'Brian did a segment on the whole thing. 2) Various Other Shit: I can't remember everything else, some small some significant, so I will list it here in a jumbeled pile: Google Maps, New host for BinRev Radio, The Art of Intrusion, Snapple's website being taken over by some A-Rab script kiddies,The Kevin Mitnick on Coast to Coast AM, Hope 2004, the end of Default Radio, Hack TV ep 2, Stealing of data by malicious people, Nettwerked Radio, the Demise of Stank Dawg and his DDP empire............. And Blah add your own things here. 1) Teh Ladies: Recently, I was at a party up in Courtney/Comox, BC. I starting chating up this one chick, who was into computers and the like. In this conversation she mentioned this emagazine she really liked called "West Coast Phreakers". Alright enough meddling in the past, lets look now at the future/present. This issue, and all the issues to come will be published simultaneously in a magazine like pdf, as well as txt format. Also, Maniak is thinking of starting up an h/p contest of some sorts with cool prizes. And finally we now have a domain name: www.westcoastphreakers.com. I am going to be giving away @westcoastphreakers.com email addresses in the time to come for the low, low fee of $1. Anyhow, enough from us. Enjoy the issue! ***************************************** *A Not-so-Formal Introduction by Maniak:* ***************************************** Wow, we managed to keep this thing going for whole year, Well we can all just forget that last issue that never came out... why don't we just pretend that all that time was spent making this issue the best ever made. Ok, so obviously we threw this version together in like 3 days instead of 2 days like usual. But fuck you, I don't see you publishing an zine, I don't see you fending off the adoring lady fans with sticks. You're jealous now aren't you? Alright, this is ridiculous... someone punch me. Ok, moving right along, we hope you've enjoyed the WCP zine over the course of the last year. And in honour of the one year birthday, I will blatently rip off David Letterman and present a Top Ten List of things that have severely pissed me off during the last year: 10: Old People (what a waste of space) 9: Homeless People (remind me again why we're suppossed to help these folk?) 8: Telus (Customer Service at its best) 7: Feilds being fertilized with shit (You'd think in all of history, scientific innovation could produce something less offensive than animal poo) 6: People known as Sam and/or smes (Ah just kidding buddy!) 5: Gay Marriage Controversey (Honestly, who cares, let them do what they want.) 4: Establishments without debit machines that force you to use ATMs that are "conveniently located" in the place that charge two or more dollars for the transaction on top of what you pay to the bank for the transation. 3: Air Hand Driers in Public Wasrooms (I'm down for killing more trees if it means more paper towels) 2: Seaguls (Nature's garbage compactors) 1: Translink (Don't even get me started....but since I'm already mad just thinking about them..read below) Let's face it, the transit system in the GVRD is terrible unless you live on No. 3 Road in Richmond or in some other uber high density route. Even some people I know in the city hate it for varying reasons. The main reason you hear over and over again is that it takes forever to get anywhere, and driving yourself is much faster. And these facts in themselves are what makes living with Translink so frustrating. a) Most of the taxes and surcharges the Trasit Authority imposes are aimed at drivers. b) People don't take transit because it's terrible. Does this make sense to anyone? Maybe the system is purposely shitty so more people drive, so they can collect more revenue? I I don't know, but I do know something needs to change. People within the GVRD pay 13.75 cents a litre to the government and an additional 12 cents per litre goes to Translink according to the Motor Fuel Tax Act 2005. Say you have 40 litre tank, it works out to nearly 5 bucks a tank. The Transit Authority has also just implimented a tax on parking spaces...yes parking spaces. The tax.. in the long run is paid for by drivers when prices in malls where these parking spots are located go up to cover costs and protect profit. I dont understand who's good idea it was to rape the shit out of commuters who can't take trasit because it blows donkey cock. A good example is the neighbourhood where live, the bus comes twice, 6 in the morning and 6 at night. How convenient is that? They even get a cut of property taxes... like 20 bucks for every 100,000 your piece of land is worth. So whats the answer to the problem? Less taxes on drivers? A better system to suppliment drivers? I dont know what the answer is but a big change needs to occur. Maybe the tax could be a floating tax where areas not as well served by the transit system would have slightly lower gas prices. But designing and implimenting such a system would be very difficult. Anyways, I'm too mad to write any more or make this article make more sense, later. If you have any thoughts, gmail me at maniakwcp@gmail.com. And now that you're all good and pissed off thinking about how Translink is busting your balls... I present to you on behalf of myself, smes, PoT, El Jefe and anyone else contributing to this extravaganza, WCP One Year Anniversary Specail!!!! Enjoy! ********************** *Sweet Number to call* * the -wcp- crew * ********************** 519-846-8786 Dial Tone (press 9, then phone number) 519-895-2255 Please enter your passcode or call to get one call 888-288-5650 Selectcom (Social Engineering Time) 972-889-2852 VOIP CALLER ID 800-666-8061 Siren Tone 403-235-7709 "Hello, Newsroom." 202-456-9431 White House Situation Room 860-563-6571 Elevator...takes a while to pickup 888-309-2538 Advanced Telcom 5.95 per wakeup call 916-445-2864 Office of the Govenator 505-821-9894 CoCot at some casino 909-597-0004 "please enter your personal identification number, folowed by the # sign" 802-660-1642 hmmm 403-235-7796 ifb? ******************** *Site of the Nite * ******************** Leet Site: OMGQ!!!!! LMAO PL4nES AND ROFL COPTERS ATTACKZ0R!!!! http://img40.imageshack.us/img40/28/feuerfreimovie.swf Cool Browser Based Game: http://www.bladesling.com/qs/ Apparently, they also like to phreak teh phones down in Australia: http://www.ausphreak.com Also, you should check out the other West Coast Phreakers at wcp.ausphreak.com Lame Site: www.speedihosting.com I tried to host this site there, but they prompty cannceled by account because they don't allow "phreaking/hacking on their servers" and that I was hosting "illegal files". Note: They did this before I had the chance to upload anything. ******************** *The H/P News Board* ******************** THIS CRAZY 'ZINE GETS A REGULAR PUBLISHING SCHEDULE VICTORIA,BC-After a year of publishing West Coast Phreakers magazine on a highly irregular schedule, editor in chief, smes had decided to publish it regulary. The issue will now be published quarterly on the 29th of October, December, March, June, and August. TELUS WORKERS CROSS THE LINE Some striking Telus employees in Alberta have crossed the picket line -- but exactly how many is in dispute. "We have 50 per cent of our employees [in Alberta] who have chosen to come back to work," Telus vice-president of corporate affairs Drew McArthur told 24 hours. But the Telecommunications Workers Union says the numbers are much lower than that. Whatever the percentage, McArthur says Telus is advising B.C. employees not to cross the picket lines because of safety concerns. The two sides appear no closer to solving the three-week-old dispute - 24 Hours (August 11th 2005) FIREFOX HITS 80,000,000: "It's been nine months since the release of Firefox 1.0 and with tens of millions of users we most certainly are taking back the web. Today our Firefox web browser hit the 80,000,000 downloads mark. You can see the live counter over at SpreadFirefox.com." - Slashdot (August 14th 2005) SONY PSP ATTACKED AND HACKED Without success, Sony Corp. made efforts to keep the PSP from getting cracked. The new exploit is now widely spread and not fully safe to run and can only work with version 1.5 "firmware". It enables users to run unauthorized pirated games. Sony is releasing version 1.51 which will prevent the exploit. Although simple, the method for the crack requires two memory cards which need to be changed during PSP operation. Sony officials did not immediately return requests for comment Wednesday on the latest hack. This first time that the PSP was cracked was several months ago during it's early release in Japan. - GameSHOUT (August 11th 2005) HACKERS SET OS X FREE FROM APPLE Hackers have cracked a security feature in the forthcoming x86 OS X operating system that is designed to prevent the software being run on non-Apple hardware. Apple is in the process of swapping out its existing IBM PowerPC processors for Intel's Pentium processors. It has previously said that it will prevent the version of its operating system for so-called Mactel computers from running on non-certified hardware such as a computers made by Dell or HP. While the first Intel-powered Apple computers will not be available until the middle of next year, the computer maker last month started shipping Developer Transition Kits to allow software developers to test their applications for the new hardware platform. Several developers have reported that the kits contain the Trusted Computing Platform (TPM) security chip that prevents the software from running on non- Apple hardware. Apple declined to comment on the existence of the TPM in the kits. The security check in the software has now been circumvented. The method works only on systems with processors that suport the SSE2 or SSE3 instruction sets that are found in processors from Intel since 2001 and AMD since 2003. It requires a fairly advanced installation process that will be hard to understand for regular computer users. There are several legal caveats for using the software. Most importantly, the method relies on pirated copies of the OS X operating system which are widely available through the file sharing networks. T he hack is a moral defeat for Apple, but few users will exploit the hack, predicted Martin Reynolds, research fellow at analyst firm Gartner. "Most PC users aren't interested," he told vnunet.com, adding that they would be unable to get support from Apple if they ran into any problems. - VNUNet (August 15th 2005) *********************** *And So its been Said * *********************** "Dont you have some dick to suck on somewhere?" Nah, I subcontract that shit out to your sister. -DuckWarri0r "Query Eye for the Oracle guy" -Swamii "there was a earthquake in mexico. 10 on the richter scale. 2 million mexicans died. canada sent tons of supplies. the european community send $20 million (except the French of corse). and not to be outdone the US sent 2 million replacement mexicans" - tjenigma1 Ausphreak - where the men are men, and the women are undercover feds. //And Now, on do the Documents!// ************************** *What I did at DEFCON 13 * * by El Jefe * ************************** For a number of years I had heard about a hacker convention and party that took place every year in Las Vegas called DEFCON. Since I do have an interest in hacking and phreaking, I figured sooner or later I would go to one of these conventions. This year I finally decided to go for it. I booked a plane ticket and a hotel room and I declared "I'm going to DEFCON!" My plane arrived very late on Thursday night. It had been delayed by some Las Vegas thunderstorms earlier in the afternoon. Since I had never previously visited the city of Las Vegas, Nevada, I immediately headed to the nearest set of pay phones, and wrote down all their phone numbers. I run a web site called Pay Phone Directory, so this is the sort of thing I always do when I visit someplace I have never been before. I continued gathering numbers for the next 45 minutes, ignoring the weird looks from other people in the airport, eventually covering the entire D terminal. When I finally left the airport, midnight had passed and it was Friday. It was time for DEFCON. Early Friday morning I awakened to see Las Vegas in daylight for the first time. There were hotels, casinos, and palm trees everywhere, as far as the eye could see. It was definitely different from the area near Seattle where I live, but it still looked sort of interesting. However, the weather was starting to get warm already, and I needed to get from my hotel down to the Alexis Park before it got too warm. I walked the long way to the Alexis Park in hopes of finding some pay phones to include in the Pay Phone Directory, and also because I needed to use the ATM at an actual branch of my bank to get cash for DEFCON. I had heard horrible things about the ATM at the Alexis Park so I wasn't going to touch that thing. Throughout my walk to the Alexis Park I didn't actually find that many pay phones, which is strange for such a large city. I did pass by a number of empty lots where old casinos had been torn down to make way for new casinos. When I arrived at the Alexis Park, I found the place full of people ready for DEFCON. I proceeded to the registration room, paid my $80, and received a fluorescent green DEFCON human badge, the official printed DEFCON schedule, a DEFCON sticker, and a DEFCON CD full of notes from most of the talks, some MP3 audio files, and other cool stuff. I then walked around the Alexis Park, seeing all the people who were attending DEFCON. I also found many non-working pay phones, it seems that somebody was hacking on the hotel's PBX, which for some strange reason provides service to the pay phones as well. After walking around the entire Alexis Park, I proceeded to the first talk I planned on seeing, "Hacking NMAP," presented by Fyodor. At the door, I found a very long line that wrapped all the way around the convention center portion of the Alexis Park, past some hotel rooms, and toward pool 1. Luckily I got in to the talk, but all the chairs were filled and I had to stand in the back. The DEFCON goons delayed the start of the talk to repeatedly announce that people must not stand in front of any of the doors. Soon, the talk began. In this talk, Fyodor described all of the wonderful advanced scanning features of his NMAP scanning program. The talk detailed various packet tricks the program can perform to try and get past firewalls, and it also covered a technique that bounces packets off of 3rd party hosts so that the scanning target doesn't find out where the scan truly came from. The talk culminated in an example of trying to locate a hidden development server offering free porn. The NMAP talk was very entertaining a worth the wait in that long line. The next talk I attended was "On the current state of remote active OS fingerprinting" by Ofir Arkin. This talk did have some good information, but it was plagued with one big technical difficulty. The presenter's computer with the slides was out of sync with the projector, causing rapidly flashing black lines to appear all over the screen. Another disappointing talk from Friday was "ATM network vulnerabilities" by Robert Morris. This talk basically consisted of an old man telling stories about using an ATM in Norway, and describing how ATM's are vulnerable to attacks by cutting torches and pickup trucks. No technical information about ATM communication networks was presented. The next talk I attended was much better. This was "Credit Cards: everything you have ever wanted to know" by Robert "hackajar" Imhoff-Dousharm. This talk gave a very informative overview of how credit cards are processed by merchants and banks, and it even included a live demo with a magnetic strip reader, showing all the information stored on most credit cards. After the credit card talk I should have gone to "Hacking Google AdWords" by StankDawg, but instead I tried to go to a talk on social engineering, which was cancelled because the speaker never showed up, so I ended up wasting that hour. After that hour, I made it to "Bypassing authenticated wireless networks" by Dean Pierce, Brandon Edwards, and Anthony Lineberry. This talk was presented by a couple of college students, and it basically came down to one technique, where you sniff the network to find an existing MAC address and IP address pair, and then you spoof as that pair, and you get access as if you were a paying customer. After this talk, the schedule changes were getting very crazy and it was two hours before the next talk I wanted to see. I used this time to visit the bar at Pool 1 to get some dinner and some beers. DEFCON is always more fun when you're slightly intoxicated. While I was eating and enjoying my beer, somebody sat down next to me who turned out to be a speaker who was presenting the following day. We talked briefly and I ended up going to his talk the following day. It is possible to meet people at DEFCON. To finish off Friday at DEFCON, I went to "Hacking Windows CE" by San, which was very technical and didn't really help me to understand any more about buffer overflows. After that talk I saw "Hacking in a foreign language" by Kenneth Geers. This talk was fairly informative and explained the hacker culture of Russia and other foreign countries. The final DEFCON event I went to on Friday night was Hacker Jeopardy. Hacker Jeopardy was hosted by Winn Schwartau, who was accompanied by Vinyl Vanna, who operates the question board. Hacker Jeopardy is like regular Jeopardy, but the teams can also score points by drinking beers. If no team can answer a question, the audience gets to participate, and whoever shouts out the right answer gets a prize thrown to them. Friday night's round of Hacker Jeopardy was briefly interrupted by a power failure caused by somebody sneaking up to the generator and turning it off. Hacker Jeopardy continued anyway, and got more entertaining as the contestants drank more beers. The winners advanced to the final round on Saturday night. That was it for my Friday at DEFCON, and it was probably the best day of DEFCON, as I learned a lot of things very quickly. The following day, I headed back to DEFCON for another day of talks, a couple of which were very good. The first talk I saw was "The hacker's guide to search and arrest" by Steve Dunker. The presenter was previously a policeman and is currently an attorney. He offered advice on dealing with the police and all the legal issues about arrests and searches. The information was good, but the talk did not specifically focus on hackers and computer crimes, just on general crimes and criminal behavior. After this talk I tried to go to "Introduction to lockpicking and physical security" by Deviant Ollam, but that talk was very popular, and it filled up and I was locked out. Instead, I went into the Vendor room and browsed all their fine products, eventually buying a DEFCON T-shirt. The next talk I attended was the "Meet the Fed" panel. This panel quickly degenerated into the same "Come work for us, we're the good guys, we're the feds, we'll pay you lots of money" line coming from multiple federal agencies. I left the talk early to line up for "A safecracking double feature" by Leonard Gallion. This talk demonstrated a couple of safecracking techniques, back-dialing and spiking. The demonstrations were entertaining and may even be useful. The next talk I attended was "Old Skewl Hacking - Infrared" by Major Malfunction. This was a very entertaining and informative talk that revealed the simple nature of most infrared remote controls, and showed that many hotels are trying to do too much through the television. It also demonstrated how to get free porn, which is always a plus. After this talk, I headed to "Countering denial of information attacks" by Greg Conti. This talk covered attacks on intrusion detection systems by overloading them with extraneous data, and it also demonstrated some programs written by the author which visualize network traffic. I went to this talk because I met the speaker the previous day while eating by the pool, and I ended up liking the talk after going to it, even though I didn't originally plan to go to it. After this talk I went straight to the front of the line for "Be your own telephone company with asterisk" by Strom Carlson and Black Ratchet. I wanted to make sure I got a front row seat for this one so I could heckle Strom Carlson. This was the best talk I went to at the entire DEFCON, but maybe that's just because I like telephones. The talk began with a discussion of what Asterisk is and how to connect it to various VoIP networks. There was also a demonstration of the various Codecs, some of which sounded great, and one which absolutely sucked. Since this talk was two hours long, there was an intermission with a speed dialing contest where prizes were given away. The second part of the talk focused on fun applications involving asterisk, such as text-to-speech programs, DEFCON by phone, which was the interactive telephone schedule which never got updated, and NMAP by phone, which lets the caller portscan an IP address of their choosing from their telephone, At the end there was a question and answer period where people in the room had to line up at a telephone and wait for Strom to call them. There was also a call in number for people who were not in the room but were watching the talk on DEFCON TV from their hotel room at the Alexis Park. After that wonderful talk I went to the second night of Hacker Jeopardy. There were no power failures this time, and at the end when a winner was determined, Vinyl Vanna flashed the audience. Saturday was also a very good day at DEFCON. Sunday was the last day of DEFCON. The schedule of talks ended early on this day, so I only saw three talks. The first was "Forensic data acquisition tools" by RS. This talk covered what forensic computer investigators should and should not do when they are trying to preserve evidence from a compromised computer system. This talk was prepared by RS, but the presentation was given by somebody else because the author's employer didn't approve of him doing the presentation. The next talk I attended was "Surgical Recovery from kernel level rootkit installations" by Julian Grizzard. This talk discussed how kernel level rootkits work, and how to get rid of them without erasing the disk and reinstalling the operating system. It was fairly technical, explaining things such as system call pointers in the Linux kernel memory, but I could still understand what was going on, so that made this talk one of the better ones that I saw. This talk also included some demo programs that showed recovery from rootkits in action. The next talk I wanted to attend was "GeoIP blocking" by Tony Howlett, but due to DEFCON's wonderful scheduling system, it got changed to Saturday and they didn't tell anybody. The last talk I saw at DEFCON 13 was "Why tech documentaries are impossible" by Jason Scott. During this talk, Mr. Scott talked about his various filmmaking experiences while showing part of "The BBS Documentary" in the background. This talk was fairly interesting, as it brought back memories of the BBS age, which is largely forgotten now due to the prevalence of the Internet. After this talk, DEFCON was mostly over. The only event left was the closing ceremony. During this ceremony all of the contest winners were announced. Out of all the various contests that were announced, the Wi-Fi shootout winners interested me the most, This team established an unamplified wireless internet connection over a distance of 125 miles, using a pair of old satellite dishes that they had to drive up to two remote mountaintops, one in Nevada, and one in Utah. During the closing ceremony Strom Carlson kept running around offering a $50 reward if somebody found his lost keys. At the end of the DEFCON 13 closing ceremony, it was announced that there will still be another one next year. Since I had such a fun time at DEFCON 13, I am definitely planning to return for DEFCON 14. After DEFCON officially ended, I met up with Strom Carlson, and went back to his hotel room, where he finally found his keys. I spent the rest of Sunday night hanging out with Strom and the other people in his hotel room, which included his co-presenter Black Ratchet, a friend of his called RedNerd, and a fellow called Storm from Los Angeles. We checked out the parties by pool 2 and pool 3, and after hanging out there for a while, we went to the Bellagio hotel and casino on the strip for food, pay phone number gathering, and gambling. Black Ratchet won $3. By the time we returned to the Alexis Park, things were starting to quiet down. There were still people out by the pools, but by this time many people had started to leave Las Vegas. In the early hours of Monday morning, I left the Alexis Park and returned to my hotel room. My first DEFCON had come to a close. On Monday afternoon I headed to the airport to leave Las Vegas after my first DEFCON experience. It was definitely a good experience, I saw many informational hacking talks, and met a few interesting people. It also inspired me to spend more time pursuing hacking activities than I had been doing in the past. Hopefully, I'll have just as good of a time at the next DEFCON. ******************************************** *DOM Hijacking & Next Generation Phishing * * by smes * ******************************************** In this article I will outline what DOM Hijacking is, and how it will create a new generation of phishing and the dangers that lie herein. But before we get started, should define some important key terms: Phishing: the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack. (Source: Wikipedia) Document Object Model:A platform- and language-neutral interface, that provides a standard model of how the objects in an XML object are put together, and a standard interface for accessing and manipulating these objects and their inter-relationships.2) The proposed specification for how objects on a Web page are represented. Microsoft and Netscape each advocate their own DOM. So the question on most people's minds right now is probably: "Just what in the hell is DOM Hijacking, and how does it work?" Well, DOM Hijacking is the implementation of a tag that looks a little something like this: into the body of an HTML document. There is no scripts involved, so a good number of script filters are bypassed. This example of DOM hijacking works by spawning a frame that takes up the full page. In this frame the attacker could create a phishing page to capture the victim's personal information. As soon as the victim enters their personal information or other credentials, they are taken out of frame and back to the referring document or page in what appears to be a seamless event to them. Now the attacker has the information he sought and can proceed in other malicious activities such as identity theft. DOM hijacking was once very popular in the eBay community. The attacker would set up an auction, and use the above tag in the item description where HTML is permitted. This would bring up a frame asking the user for their login id. Most users obliged to this and entered it in, noticing that the URL bar on their browser still reported that this was a page from eBay. Currently phishers rely on look-a-like URLs such as http://www.paypai.com, or http://ebaysignin.com to do their dirty work. The major problems with this approach are glaringly obvious. Instead of this tactic, phishers could simply use this DOM exploit to spoof the URL of a certain site while having the content of the site look legitimate. Phishing site detection programs, or scripts (like the one that Gmail employs) would be oblivious to such an attack. To conclude, I would just like to restate that DOM hijacking could be a very real threat in the time to come when combined with ongoing phishing operations. I hope you have enjoyed reading this article as much as I have enjoyed writing it. ****************************** *A Guide Through SchoolVista * * by Lghtngclp * ****************************** This is basically just a compilation of things that I've discovered while wandering around the computers system at my school. My school runs a program called Schoolvista. It is designed to give a nice GUI that keeps kids out of Windows(bwuahahaha). Well, I must say it doesn't do a very good job of it. So I'll start out with a little bit of info on how to get into the windows explorer and then give you some fun stuff to do there... -the F1 option This is the first way that I found to get into the "C:\" drive. First you hit the F1 key, while in the main schoolvista "classroom". Then go to File>>Open. The open dialog box will pop open. type C:\ into the text box at the bottom and hit enter. You are now in the C drive. To open an explorer window, right click on any folder and go to either explore or open. This may cause some error thing to pop up click ok and the explorer window will pop up. Have fun! :P -the hyperlink option Another way to get to the C drive is to open any program that lets you make hyperlinks. I like word for this, because it's real easy, but any program should work. Simply type some sort of text, anything you want and then highlight it and right click it(or use CTRL-K if in word). Go to the option that says hyperlink and make a hyperlink to C:\. Now when you click the text it will open up an explorer window. There are lots of other ways into the C drive, but I'll leave those for you to find. Now I want to tell you some cool things that I've found on my schools computers. Some may not be on yours, while others may, so try some. -winpopup If you can get the id of another user at the school, open winpopup and have some fun sending the messages without them having a clue where they're coming from. -logout.exe This program does exactly what it's name is. Logs you out. Why is this cool? Well, although you are logged of the schoolvista server, the schools internet server is still active. You can now download whatever you want without any trace. -DOS Mode for games This program gives you a nice DOS window to have lots of fun with. If you don't know what to do at a DOS prompt, learn! It's lots of fun to play around in. There are lots of other cool things you can do including changing your password, and of course you can use this as a launch point to crack some of your schools password and username files. I do not claim responsibility for any actions taken after reading this. lghtngclp@hotmail.com //TIME FOR SOME MORE KILLER TEXTFILES!!! YAY!!!!// **************** *The GTD-5 Bug * * by Maniak * **************** So Telus operates a few GTD-5 switches round these parts. And there seems to be a little glitch in a few of them. If you call a phone on such a switch that normally does not accept an incoming call with some VOIP services or with some long distance calling cards, your call with go through and that phone will ring. The weird part is that it doesn't always work and it doesn't work on all GTD switches. But try it and let me know. *************************************************** *Step By Step: A Ttrue story of Social Engineering* * by PoT * *************************************************** In the coming issues of WCP I'm going to include some stories of past experiences. Many of them will be works of fiction based loosely on some of my own experiences and experiences that have been related to me by others in the scene. Each of these stories will hopefully be somewhat entertaining and will also have a little bit of a lesson behind it. Hopefully everyone can get something out of these stories and lessons. Todays story happens to be true. Step By Step: A true story of social engineering. By: PoT Background: I used to live in Coquitlam in BC on Smith Street, well, at the end of my street (at Blue Mountain and Smith) was the Port Moody Central Office (which serves parts of Coquitlam and all of Port Moody). I had made countless trips there walking around the building, peering into windows, going through the trash (the bin has since had a lock put on it). I noticed on my many trips there, while peering through a window in the back door, a sign that said "SXS ##" (I can't remember the #). It was something that I always thought about, there's no way I was on an old Step switch, there was no way one was still working anywhere in the Greater Vancouver area. This all happened in 1994, probably around April. I was 18 at the time and Sinner and White Night were 19. The story: One day, Sinner, White Night and myself got it into our head to get a tour of a BC Tel building. We met up near the BC Tel Boot (3777 Kingsway), we wanted mostly to get into a CO but we would be ok getting into an Operations Centre or office even. We decided that the best approach would be to say we were telecomunications students from BCIT. We pulled out our trusty BC Tel Corporate Directory and started calling COs. We figured White Night, who's about the best social engineer I have ever seen, would make the calls. We decided we'd try Hemlock, Mutual and New Westminster first, they are three of the bigger COs and Hemlock was next to us and the other two were only a short drive away, so we figured we could have fun there. Every one of them said to either try back another time, to call BC Tel public relations or flat out no (I don't remember which CO gave which answer). We then decided to try some other COs, we tried Regent, Trinity and Castle (all in Vancouver) same type of responses, except one of them didn't even answer. We were a little down at this point, we were discussing different approaches. Sinner mentioned that if we knew there was something historical or different at any of the COs we may be able to modify our story to incorporate that. Then I remembered Port Moody and how it had that SXS sign, so we decided to take a slightly different approach. We still went with the telecomunications student theme, but, we said how someone in BC Tel, we gave them a name from our trusty Corporate Directory, had told us about the SXS there and how we were just studying them and how we would love to have a chance to see one. He informed us that it wasn't working and that it was half-dismantled but that also we were welcome to come and take a look at it. He told us to just come by and knock at the back door. So we piled into my car and made our way over to Port Moody CO. We got there knocked on the back door and were let right in. They gave us a brief tour of the upstairs where they had a DMS 100 set up, the switch room was so clean and small, nowhere near what I was expecting. The rack room ended up being what I expected though, cable EVERYWHERE. As I said, the tour of the upstairs was quite brief, so we went downstairs to the old switch room. There was about half of the old stepper there, we played with it a bit, manually moving the components around. It was an experience, but, the best is yet to come. Also down stairs they had a DMS 1, a DMS 1 as we found out that day, is a two piece switch used in remote areas, this particular DMS 1 was for Anmore, a fairly small community adjoining Port Moody. One piece stays at the CO and the other is placed in a small building or a underground vault. We asked the usual questions you would expect us to, such as "How do you perform diagnostics, do you have to go there to do it?" The answer we recieved was much what we expected, it of course had a dial up that you could connect to and play with it's configuration. The three of us then sort of split up (a lot harder for one guy to watch three guys when they're spread out afterall) and walked around looking at whatever we were most interested. I was over by the stepper, White Night was over by a tool bench and Sinner was by the DMS 1. Sinner walked over to me and whispered "Write this down 46X-XXXX, ACCT, PW" I had nothing to write on other than a gum package, but it worked. We wandered around for a little more, but nothing else was really that interesting so we left. Once we got into the car Sinner asked if I had the gum pack handy so I tossed it to him so he wrote it down in another book. White Night had no clue what we had done, so Sinner explained it all. See, the dial up, account and password were written down on a post-it note on the DMS 1 itself. Not the most secure thing to do now is it? Afterward: Now what did we learn from this story? I think there were a few lessons actually: 1) Persistance: If we had given up on getting into a CO that day we never would have had the experiences we did. If we gave up after the first six tries we wouldn't have gotten a dial up with account and password. So, be stubborn, it can come in handy. 2) Use all the information at your disposal: Would we have gotten the tour had we not known about the old stepper in the basement? Possibly, but, it is still very handy to use what you know, always preface it with a believable way that the information came into your posession. If you can't explain how you know it, then don't use it. There's no sense in telling them that you know the guy who answers the phone's employee number. Also, it's not a bad idea to play a little bit dumb on where the building is, they may feel your a bit of a stalker, of course that does depend on how hidden of a location it is. 3) Split up: If there are more of you than "guides" split up a little, who knows what you can find this way. Maybe a piece of paper can go missing, or a corporate directory. At the very least you will likely get a closer look at some things than you would otherwise. 4) Cover story: Make sure to always use a decent cover story we were 18 and 19 at the time. If your 14 nobody's gonna believe you're a university student. Also, if your pushing 30 it may not be that believable either. Some other options are to say your from a radio users group, a telephone enthusiasts group (such as the Telephone Pioneers) or that your doing a high school project on telecomunications. Just use your imagination and common sense. *************************************************************************** .- Conclusion -. *************************************************************************** The Following people Contributes articles or information to this issue: PoT, Maniak, smes, El Jefe, and lghtngclp. Shouts: If you want to shout out at someone leet, shout out at Rey Mesterio. His finisher, 619, is named after his hometown's NPA. His followup finisher, the West Coast Pop shares the initials of this crazy 'zine. Shouts from PoT: The Luddites: Pbang & Psyko The Vancouver 2600 crew: Ambrose, Fuzzylogik, Lazloh, Mock, Vancity Joe The people from far and wide: Corporate Sellout, Lucky225 And of course Sinner & White Night for starring in this escapade with me. Other Shouts: Go Daddy Domain Registery, Hack Canada, Nettwerked Radio, Urine Trouble, theClone, tek, any other h/per from Victoria... ************************* *Closing Words from smes* ************************* Well, another issue, another year come and gone. We hope 2005-2006 will bring an insane amount of leetness and fun like the previous year. As Always: Keep on phearing in the free world! -WCP