       ############################################################################
       ############################## LEGIONS OF THE UNDERGROUND ##################
*********************************__ *********************_____ **** ____************
********************************/  /*********========***|___  /****/ ___/***********
*******************************/  /*********/ ___   /******/ /****/ /***************
******************************/  /*********/ /  /  /******/ /****/ /****************
*****************************/  /*********/ /__/  /******/ /****/ /*****************
****************************/  <______** /       /******/ <____> /******************
***************************<__________| /_______/ *****(________/********************
 
                         (http://www.hackersclub.com/lou/)     
                                   by: PLaZma



 Utilizing the NNTP port.  Forging/reading/posting.
 NNTP = Network News Transfer Protocol
 Port 119

 This assumes you have internet access, a telnet client, and about 2  brain
 cells!
 ---------------------------------------------------------------------------
 Newbie Note~

    NNTP specifies a protocol for the distribution, inquiry, retrieval,
    and posting of news articles using a reliable stream-based
    transmission of news among the Internet community.  NNTP is
    designed so that news articles are stored in a central database
    allowing a subscriber to select only those items he wishes to read.
 -------------------------------------------------------------------------------------------------------------------------------------------


 Their are two forms of NNTP, one is mailing lists, and the other is Usenet.  We
 will focus on USENET since forging to a mailing list can be done via port 25.

 Unlike its mailing list companion Usenet is an efficient means of distributing
 information quickly and reliably.  Users view documents that have been
 categorized / cross-referenced / sorted.  Thus allowing the user to quickly
 find the information that they are looking for, rather than going through
 hundreds of emails directly to them searching for the one that pertains to
 their person.  This ends my brainless comparison since I don't really care if
 it is efficient or not.

 The good stuff! ~~

 First off commands are not case sensitive, you don't have to worry about it.  
 Their are two types of responses:  Text, and Status.
 Text responses are preceded by a numeric status response line (We will get into
 that soon).  Simply, text is sent as a series of textual lines.  The text input
 will be terminated with a "." on a line by itself.  To those who don't use
 their brain....Its much like the hack we did on port 25, the SMTP port.
 Now the Status response:  Status response lines begin with a 3 digit numeric
 code which is sufficient to distinguish all responses.  Some of these may also
 respond with a textual message.  The first digit of the response broadly
 indicates the success,  failure, or progress of the previous command.
  
       1xx - Informative message
       2xx - Command ok
       3xx - Command ok so far, send the rest of it.
       4xx - Command was correct, but couldn't be performed for
             some reason.
       5xx - Command unimplemented, or incorrect, or a serious
             program error occurred.

    The next digit in the code indicates the function response category.
  
       x0x - Connection, setup, and miscellaneous messages
       x1x - Newsgroup selection
       x2x - Article selection
       x3x - Distribution functions
       x4x - Posting
       x8x - Nonstandard (private implementation) extensions
       x9x - Debugging output

    In general, 1xx codes may be ignored or displayed as desired;  code
    200 or 201 is sent upon initial connection to the NNTP server
    depending upon posting permission; code 400 will be sent when the
    NNTP server discontinues service (by operator request, for example);
    and 5xx codes indicate that the command could not be performed for
    some unusual reason.


 Now, this is how you get to this.  You can use some sort of windoze or linux or
 whatever that is designed to be a usenet reader and you can read articles with
 a simple point & click interface. Which is nice and easy, but not a good way
 for hacking or a good way to learning about NNTP.  Now, the way to really "Get
 a feel" of the NNTP daemon is to use your favorite Telnet program and Telnet to
 your news server ( e.g. Telnet  News.Pacbell.Net)  This will connect you to the
 pacbell news server.  Basically take your email address and chop off the front
 leaving the last two,  Joyschmoe@foobar.com is chopped to foobar.com .  Then
 you just add the News, so we have news.foobar.com.  Now upon connect you should
 have an idea of which group you would like to post to, if you don't....simply
 give the LIST command and hold on to your hat for a LONG list of groups.  If
 you already have a group in mind Such as alt.warez or alt.2600  ......  in
 which case you would enter the command :  Group <alt.***>
 The response should be something like this:
    211 n f l s group selected
            (n = estimated number of articles in group,
            f = first article number in the group,
            l = last article number in the group,
            s = name of the group.)
    411 no such news group

 If successful this would then switch your "current article pointer", which is
 internally maintained to the first article in the designated news group.  It
 will also return the article numbers of the first and last articles in the
 group, as well as a estimate of the number of articles in that group.  (Note:
 These estimates are not always correct, it must only be the exact number or
 greater than the amount of articles in the group)
 Now we can do two things, Read or write an article.  To read, if you know the
 article number enter this command:  ARTICLE [xxxxxx]
 Where xxxxxx is the number of the article you would like to peruse.  Or you can
 use the message id in this fashion: ARTICLE <aaaaa>
 Where aaaaa is the message id number.  These both will display the header, a
 blank line, followed by the body of the message.  If you have any trouble with
 the commands, simply do a HELP command and the news server will give you a list
 of implemented commands.  When Reading, I prefer to give a NEXT command which
 will set my current article pointer to the next article, and giving me a text
 reply which usually contains a SIX digit message number.  Then I simply give
 the command:  
 Body <xxxxxx>  
 Where the x's are the article number given by the NEXT command.
 The LAST command will set your internally maintained "current article pointer"
 to the last article in the mailing group. 

 Use this command to have the server give you all the news it has obtained since
 your designated date time 
 NEWNEWS newsgroups date time [GMT] [<distribution>]
 Here are two examples of server client conversations:


 Example 1 - relative access with NEXT
  
    S:      (listens at TCP port 119)
    C:      (requests connection on TCP port 119)
    S:      200 wombatvax news server ready - posting ok
  
    (client asks for a current newsgroup list)
    C:      LIST
    S:      215 list of newsgroups follows
    S:      net.wombats 00543 00501 y
    S:      net.unix-wizards 10125 10011 y
            (more information here)
    S:      net.idiots 00100 00001 n
    S:      .
  
    (client selects a newsgroup)
    C:      GROUP net.unix-wizards
    S:      211 104 10011 10125 net.unix-wizards group selected
            (there are 104 articles on file, from 10011 to 10125)
  
    (client selects an article to read)
    C:      STAT 10110
    S:      223 10110 <23445@sdcsvax.ARPA> article retrieved - statistics
            only (article 10110 selected, its message-id is
            <23445@sdcsvax.ARPA>)
  
    (client examines the header)
    C:      HEAD
    S:      221 10110 <23445@sdcsvax.ARPA> article retrieved - head
            follows (text of the header appears here)
    S:      .
  
    (client wants to see the text body of the article)
    C:      BODY
    S:      222 10110 <23445@sdcsvax.ARPA> article retrieved - body
            follows (body text here)
    S:      .
  
    (client selects next article in group)
  
    C:      NEXT
    S:      223 10113 <21495@nudebch.uucp> article retrieved - statistics
            only (article 10113 was next in group)
  
    (client finishes session)
    C:      QUIT
    S:      205 goodbye.


 #2

 Example 2 - absolute article access with ARTICLE
  
    S:      (listens at TCP port 119)
  
    C:      (requests connection on TCP port 119)
    S:      201 UCB-VAX netnews server ready -- no posting allowed
  
    C:      GROUP msgs
    S:      211 103 402 504 msgs Your new group is msgs
            (there are 103 articles, from 402 to 504)
  
    C:      ARTICLE 401
    S:      423 No such article in this newsgroup
  
    C:      ARTICLE 402
    S:      220 402 <4105@ucbvax.ARPA> Article retrieved, text follows
    S:      (article header and body follow)
    S:      .
  
    C:      HEAD 403
    S:      221 403 <3108@mcvax.UUCP> Article retrieved, header follows
    S:      (article header follows)
    S:      .
  
    C:      QUIT
    S:      205 UCB-VAX news server closing connection.  Goodbye.



 Now the POST command.   The POST command is subject to some scrutiny in my
 opinion.   The RFC says that their are  headers that are essential and headers
 that are voluntary.  However, upon experimentation I have found that some of
 the ones they say are ESSENTIAL really aren't.  I got away with posting a
 message with only a from/subject/news-group/body line!  Anyway, that's no big
 deal.   I logged on to my news server and gave the POST command.  I will show
 you our conversation.

 S: 200 NNTP blah blah blah ready 
 C: post

 S: post
      OK!

 C: From: plahzma@geocities.com
      Subject: This is kewl.
      NewsGroups: alt.cracks, alt.2600.warez

      This is a test to see if I can negotiate a deal with my news server
 through telnet!

 .

 S:  Article Posted.
 C:  Quit
 S:  Connection closed by host.  Goodbye!


 Okay, that was easy now wasn't it!?  Notice how the server responded with a 200
 stat response, if this had been a 201, that would mean that I could not post!
 So pay attention to the stat responses!  The "From:" line can be whatever email
 address you want! That makes it a lot better for us since a lot of times when
 you post to a news-group and ask a stupid question you get flamed, email
 bombed,  Spammed. And this way any direct replies are sent to that great big
 trash bin in the sky!  Also Notice that on the Newsgroups: line I have put the
 cracks news-group followed by the 2600 warez news-group, separated by a comma.
 This tells the Daemon to post your message to cracks AND warez.  Notice that
 the HEADER section has been separated from the BODY section by a blank line.
 Now, also when I read the RFC it did not mention anything about a "." at the
 end to send the post.  But if theirs something else were supposed to do then
 o-well because the "." at the end worked.  Now I will get into more advanced
 Features!

 The preceding Text was how to post with the BARE minimum!  Their are all sorts
 of other headers to fool around with.  Actually anything  you put in the header
 section will be transferred unchanged to the next server/client unless it
 contains a KEYWORD, the keywords are immediately used by the news host.  The
 following is a list of HEADER KeyWords, and the format that you should use
 them.  I have omitted the boring ones, these are just extras for you.

 Relay-Version  This header line shows  the  version
 of  the  program  responsible for the transmission of this
 article over the immediate link.
 For example, the header line might contain:
    Relay-Version: version B 2.10 2/13/83; site cbosgd.UUCP

 Posting-Version    This   header   identifies   the
 software  responsible  for  entering this message into the
 network.  It has the same format as Relay Version.

 >From   The from line will be an internet address, with a full name (optional)
 following contained in parenthesis.
 For example,  the header line might contain
 From: JoeBlow@Boringisp.com (JoeBlow)

 The date will be given by using this line:
 Date: Weekday, DD-Mon-YY HH:MM:SS TIMEZONE  American Timezones are PST, PDT,
 MST, MDT, CST, CDT, EST, EDT
 (e.g. Fri, 19-Jul-97 05:36:04 PST)

 The Subject line should be some sort of suggestion of the contained text, but
 if it is in reply to something, the subject line should be:
 "Re: (Reference)"
 Where reference is the article subject you are replying too, aduhhhh

 Path            The path command specifies where the  article has been, when
 the HOST computer receives the message, it will add its name to it, and then
 sends it to another host/slave and it ands its anem to the path and the next
 and the next and the next
 The names in the path are separated by punctuation marks.
 For example: cbosgd!mhuxj!mhuxt"
 Means the letter has gone From mhuxt then to mhuxj then to cbosgd where it now
 stays.  However this is not always true, the right most could also be the NAME
 of the sender.

 Reply-To     This line is in the same form as the From line.  All letters
 replied to this post will be sent to this address, not to the specified FROM
 address.

Publication by: PlaZma

