##################################### + /## T h e W o r d O f G o d ## + |/## A -=MINISTRY=- Production ## +++++ |/## Hotel Chelsea - Rocky Horror ## + |/## Fungus Land - Malignant ## + |/## Growth ## + |/## Ulterior Motives - Rafe Zetter ## + |/##+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+## + |/## ## /#########|/##################################### |/## Issue |///////////////////////////////////// |/## Number ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |/## ------Three (3) ## |/## DECEMBER 1989 ## |/######################### |////////////////////////// ~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THIRD ISSUE!! Merry Christmas everyone! This issue is definitely going to top all the others. I'm going to tell you a bunch of different ways to hack into MANY different types of computers. Plus some Generic, all-around tips for all systems. The annoyance dialer will be out in time for Christmas present (less than 50 shopping days left!) Soon, we'll have a VMB for updates and new information. Always up-to-date, and on the line. HOTEL CHELSEA is back up!! Running TELEGARD 1.8B Standard. Very nice software. I saw a program called USSR. ONe of the best FORUM clones I've seen yet. Please do a community favor though, and drop your Forum clone. I am sure that most people are just sick of them. Did anyone catch the "hacker" that was on MTV a while back? The guy was definitely fake. He was giving this shit about how he was the best around and had gotten into everything, yet, when asked about his tactics, he couldn't "think of the right words." Yeah. Anyways, We also have a bit on cracking safes this month and hacking VMB's. Good luck! Sam Hain -=Ministry=- ---------------------------------------------------------------------- How to crack SENTRY'S "FYRE FYTER" (R) Safes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By : Peter The Great Edited by : Sam Hain ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ a Sentry Fyre-Fyter Safe is a non-complex safe with a combination lock that is used to hold smaller items, documents, wills, contracts, etc... They aren't generally too expensive, but still not the worst-made safes around. Still, like all combination locks, they have a flaw... In the instructions, it says too turn -left to XX, and then right to YY and open the safe up.- Fortunately (for you) you can open it without knowing the entire combination. STEP 1-) After clearing the dial (spin it a few times), turn RIGHT to XX. STEP 2-) At XX, turn LEFT slowly until you hear a LOUD click. The click is very loud, so no amplifying enhancer is needed (like a stethescope or something.) STEP 3-) Turn to the right again until the dial will not turn anymore. Open the safe! It's been cracked! WARNING : The method used here will kill the old combination. Do not shut the safe since you will not be able to open it using the original combination!!! ---------------------------------------------------------------------- A MINI-GUIDE TO HACKING By Sam Hain This is not meant to be an all-purpose guide, but just a collection of tips on getting into MANY different systems, plus some generic techniques. UNIX: ~~~~~ You will find at least one text file on hacking Unix on every system that has any amount of G-Files. However, most only tell you what you can do once you are inside. However, you can get in fairly easily on some systems. These systems would be something like a college, high school, small or large company, or private system that is used by many people. On many of these systems, try an account called 'suggest', 'suggestion', or 'comment'. These are used by the System Operators as a somewhat anonymous feedback with suggestions or complaints. Now, you can write a message that will look normal to the reader, but actually do some internal changing and create an account or whatever you like. Send a Screen Freeze (CTRL-S), Screen Clear (usually a CTRL-L), then about 255 garbage characters (just pound on the keyboard.) and then the command to create a new account. Then Un-Freeze the screen (CTRL-Q, or CTRL-S) and save the message. This is somewhat dependant on if they are using the mail facility that came with the system. PRIME: ~~~~~~ The new Prime systems are very hacker-difficult. Once you connect and get the ER! prompt, try some of these accounts.. Id. PRIME SYSTEM PRIMOS ADMIN RJE DEMO GAMES GUEST REGIST TEST NETMAN PRIRUN TOOLS CMDNCO TELENET (If on the Telenet Network) The Default password is the same for all accounts as the Id. TOPS-20 ~~~~~~~ At the '@' prompt, you can type (only the caps are needed) LOGin and then the first few letters of a common name such as Smith, Jones, Miller, Etc.. then press ESC. This will cause the system to search it's userfile for any matches. If it comes up with a match, it will finish it. If there are more than one match, it will beep. After a while, you should come up with a complete name. Keep doing this (go through the phone book.) until you have a big list of names. Then try the obvious passwords for each name. Such as the name itself, name backwards, nicknames, passwords from Mentor's Frequent Password List, etc... SOME GENERIC TRICKS USED: ~~~~~~~~~~~~~~~~~~~~~~~~~ DECOY: ~~~~~~ If you have managed to get a low-level account, the next few tips will help get a higher level account. Write a small program in whatever language the system uses that will do the following... o Clear the screen and place text into it that makes it look like the system is in charge. o Prompt for, and allow the user to enter, both an account and password. o Save that information in a place that the hacker can access. o Tell the user that an error took place or that the info was verified o Turn control over to the system RAPID-FIRE: ~~~~~~~~~~~ This works on a few systems now a days. First, enter a command that you know will be approved, such as "tell me the time" or "directory".. As soon as the system runs off to verify that your security level will allow you to do this, you change the command in the buffer to something that would not be approved, such as "List all the passwords" or "Give me Super User access"... When the system comes back with an "Ok, command allowed", it will perform the second command instead of the first. Of course, this must be done VERY rapidly, but it will work. TRAPDOOR: ~~~~~~~~~ A trap door is a piece of program inbedded in the main program that will allow the person who opened it to perform whatever action it was written to do, without any security checks. Thease are next to impossible to add yourself, but not hard to find out about if you ask around. TROJAN HORSE: ~~~~~~~~~~~~~ This is a program you write that LOOKS like a neat little thing, but is actually a cover for background operations. When a user runs this program, it will show them something, but in the background, searching the memory or something for their account/password. Then it writes it to a file where the hacker can get to it later. It might also ASK for the account and password as "verification that you can run this program." Then it would say something to the effect of "Program not complete. Please try again later." There are others such as Worms, Logic Bombs, etc... But they are scarce to use anymore. Oh - One more way I read about in THE CUCKOO'S EGG clip in Pc Magazine. The hacker used GNU-EMACS (which doesn't check directories to see if user has access to put files there), a program editor, to write and compile a program that the system ran every 5 minutes. However, he had his program stop to give the accounts he was using high access, since it was in the ROOT directory and didn't need to check it's own actions. T hen it erased itself and put the old program back in. Very ingenius I thought. However, the guy died by match and gasoline, so.... ---------------------------------------------------------------------- The supplement, BITNET.ZIP, is an entire listing of all the BITNET nodes and addresses throught the world. BitNet is the network that is mostly used by colleges, but some small companies use it too. you can always get the current Issue (or back issues) of WORD OF GOD over bitnet if you have a BitNet account (or a friend does), and you send mail to SAMHAIN @ UWACDC. Even if you don't want Word of God, send mail anyways to tell me how you're doing. ---------------------------------------------------------------------- Well, that's all I have to say this month. Check next month's New Year ish with lots of fun new years ideas to try with your neighbors (be sure they're not around when you do it though >=) Sam Hain Bitnet: SAMHAIN @ UWACDC